Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
[~shefty/rdma-dev.git] / net / bluetooth / hidp / core.c
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24 #include <linux/file.h>
25 #include <linux/kthread.h>
26 #include <linux/hidraw.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
31
32 #include "hidp.h"
33
34 #define VERSION "1.2"
35
36 static DECLARE_RWSEM(hidp_session_sem);
37 static LIST_HEAD(hidp_session_list);
38
39 static unsigned char hidp_keycode[256] = {
40           0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,
41          37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,
42          21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,
43          14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,
44          53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,
45          99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,
46          98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,
47          82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48         191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49         136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,
50          95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,
51           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
52           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
53           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
54           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
55           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
56          29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,
57         114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
58 };
59
60 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61
62 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
63 {
64         struct hidp_session *session;
65
66         BT_DBG("");
67
68         list_for_each_entry(session, &hidp_session_list, list) {
69                 if (!bacmp(bdaddr, &session->bdaddr))
70                         return session;
71         }
72
73         return NULL;
74 }
75
76 static void __hidp_link_session(struct hidp_session *session)
77 {
78         list_add(&session->list, &hidp_session_list);
79 }
80
81 static void __hidp_unlink_session(struct hidp_session *session)
82 {
83         hci_conn_put_device(session->conn);
84
85         list_del(&session->list);
86 }
87
88 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
89 {
90         memset(ci, 0, sizeof(*ci));
91         bacpy(&ci->bdaddr, &session->bdaddr);
92
93         ci->flags = session->flags;
94         ci->state = session->state;
95
96         ci->vendor  = 0x0000;
97         ci->product = 0x0000;
98         ci->version = 0x0000;
99
100         if (session->input) {
101                 ci->vendor  = session->input->id.vendor;
102                 ci->product = session->input->id.product;
103                 ci->version = session->input->id.version;
104                 if (session->input->name)
105                         strncpy(ci->name, session->input->name, 128);
106                 else
107                         strncpy(ci->name, "HID Boot Device", 128);
108         }
109
110         if (session->hid) {
111                 ci->vendor  = session->hid->vendor;
112                 ci->product = session->hid->product;
113                 ci->version = session->hid->version;
114                 strncpy(ci->name, session->hid->name, 128);
115         }
116 }
117
118 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
119                                 unsigned int type, unsigned int code, int value)
120 {
121         unsigned char newleds;
122         struct sk_buff *skb;
123
124         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
125
126         if (type != EV_LED)
127                 return -1;
128
129         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
130                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
133                   (!!test_bit(LED_NUML,    dev->led));
134
135         if (session->leds == newleds)
136                 return 0;
137
138         session->leds = newleds;
139
140         skb = alloc_skb(3, GFP_ATOMIC);
141         if (!skb) {
142                 BT_ERR("Can't allocate memory for new frame");
143                 return -ENOMEM;
144         }
145
146         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
147         *skb_put(skb, 1) = 0x01;
148         *skb_put(skb, 1) = newleds;
149
150         skb_queue_tail(&session->intr_transmit, skb);
151
152         hidp_schedule(session);
153
154         return 0;
155 }
156
157 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
158 {
159         struct hid_device *hid = input_get_drvdata(dev);
160         struct hidp_session *session = hid->driver_data;
161
162         return hidp_queue_event(session, dev, type, code, value);
163 }
164
165 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
166 {
167         struct hidp_session *session = input_get_drvdata(dev);
168
169         return hidp_queue_event(session, dev, type, code, value);
170 }
171
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 {
174         struct input_dev *dev = session->input;
175         unsigned char *keys = session->keys;
176         unsigned char *udata = skb->data + 1;
177         signed char *sdata = skb->data + 1;
178         int i, size = skb->len - 1;
179
180         switch (skb->data[0]) {
181         case 0x01:      /* Keyboard report */
182                 for (i = 0; i < 8; i++)
183                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184
185                 /* If all the key codes have been set to 0x01, it means
186                  * too many keys were pressed at the same time. */
187                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
188                         break;
189
190                 for (i = 2; i < 8; i++) {
191                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192                                 if (hidp_keycode[keys[i]])
193                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
194                                 else
195                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
196                         }
197
198                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199                                 if (hidp_keycode[udata[i]])
200                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
201                                 else
202                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203                         }
204                 }
205
206                 memcpy(keys, udata, 8);
207                 break;
208
209         case 0x02:      /* Mouse report */
210                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
211                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
212                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
214                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
215
216                 input_report_rel(dev, REL_X, sdata[1]);
217                 input_report_rel(dev, REL_Y, sdata[2]);
218
219                 if (size > 3)
220                         input_report_rel(dev, REL_WHEEL, sdata[3]);
221                 break;
222         }
223
224         input_sync(dev);
225 }
226
227 static int __hidp_send_ctrl_message(struct hidp_session *session,
228                                     unsigned char hdr, unsigned char *data,
229                                     int size)
230 {
231         struct sk_buff *skb;
232
233         BT_DBG("session %p data %p size %d", session, data, size);
234
235         if (atomic_read(&session->terminate))
236                 return -EIO;
237
238         skb = alloc_skb(size + 1, GFP_ATOMIC);
239         if (!skb) {
240                 BT_ERR("Can't allocate memory for new frame");
241                 return -ENOMEM;
242         }
243
244         *skb_put(skb, 1) = hdr;
245         if (data && size > 0)
246                 memcpy(skb_put(skb, size), data, size);
247
248         skb_queue_tail(&session->ctrl_transmit, skb);
249
250         return 0;
251 }
252
253 static int hidp_send_ctrl_message(struct hidp_session *session,
254                         unsigned char hdr, unsigned char *data, int size)
255 {
256         int err;
257
258         err = __hidp_send_ctrl_message(session, hdr, data, size);
259
260         hidp_schedule(session);
261
262         return err;
263 }
264
265 static int hidp_queue_report(struct hidp_session *session,
266                                 unsigned char *data, int size)
267 {
268         struct sk_buff *skb;
269
270         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
271
272         skb = alloc_skb(size + 1, GFP_ATOMIC);
273         if (!skb) {
274                 BT_ERR("Can't allocate memory for new frame");
275                 return -ENOMEM;
276         }
277
278         *skb_put(skb, 1) = 0xa2;
279         if (size > 0)
280                 memcpy(skb_put(skb, size), data, size);
281
282         skb_queue_tail(&session->intr_transmit, skb);
283
284         hidp_schedule(session);
285
286         return 0;
287 }
288
289 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290 {
291         unsigned char buf[32];
292         int rsize;
293
294         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
295         if (rsize > sizeof(buf))
296                 return -EIO;
297
298         hid_output_report(report, buf);
299
300         return hidp_queue_report(session, buf, rsize);
301 }
302
303 static int hidp_get_raw_report(struct hid_device *hid,
304                 unsigned char report_number,
305                 unsigned char *data, size_t count,
306                 unsigned char report_type)
307 {
308         struct hidp_session *session = hid->driver_data;
309         struct sk_buff *skb;
310         size_t len;
311         int numbered_reports = hid->report_enum[report_type].numbered;
312         int ret;
313
314         switch (report_type) {
315         case HID_FEATURE_REPORT:
316                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
317                 break;
318         case HID_INPUT_REPORT:
319                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
320                 break;
321         case HID_OUTPUT_REPORT:
322                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
323                 break;
324         default:
325                 return -EINVAL;
326         }
327
328         if (mutex_lock_interruptible(&session->report_mutex))
329                 return -ERESTARTSYS;
330
331         /* Set up our wait, and send the report request to the device. */
332         session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
333         session->waiting_report_number = numbered_reports ? report_number : -1;
334         set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
335         data[0] = report_number;
336         ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
337         if (ret)
338                 goto err;
339
340         /* Wait for the return of the report. The returned report
341            gets put in session->report_return.  */
342         while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
343                 int res;
344
345                 res = wait_event_interruptible_timeout(session->report_queue,
346                         !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
347                         5*HZ);
348                 if (res == 0) {
349                         /* timeout */
350                         ret = -EIO;
351                         goto err;
352                 }
353                 if (res < 0) {
354                         /* signal */
355                         ret = -ERESTARTSYS;
356                         goto err;
357                 }
358         }
359
360         skb = session->report_return;
361         if (skb) {
362                 len = skb->len < count ? skb->len : count;
363                 memcpy(data, skb->data, len);
364
365                 kfree_skb(skb);
366                 session->report_return = NULL;
367         } else {
368                 /* Device returned a HANDSHAKE, indicating  protocol error. */
369                 len = -EIO;
370         }
371
372         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
373         mutex_unlock(&session->report_mutex);
374
375         return len;
376
377 err:
378         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
379         mutex_unlock(&session->report_mutex);
380         return ret;
381 }
382
383 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
384                 unsigned char report_type)
385 {
386         struct hidp_session *session = hid->driver_data;
387         int ret;
388
389         switch (report_type) {
390         case HID_FEATURE_REPORT:
391                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
392                 break;
393         case HID_OUTPUT_REPORT:
394                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
395                 break;
396         default:
397                 return -EINVAL;
398         }
399
400         if (mutex_lock_interruptible(&session->report_mutex))
401                 return -ERESTARTSYS;
402
403         /* Set up our wait, and send the report request to the device. */
404         set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
405         ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
406                                                                         count);
407         if (ret)
408                 goto err;
409
410         /* Wait for the ACK from the device. */
411         while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
412                 int res;
413
414                 res = wait_event_interruptible_timeout(session->report_queue,
415                         !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
416                         10*HZ);
417                 if (res == 0) {
418                         /* timeout */
419                         ret = -EIO;
420                         goto err;
421                 }
422                 if (res < 0) {
423                         /* signal */
424                         ret = -ERESTARTSYS;
425                         goto err;
426                 }
427         }
428
429         if (!session->output_report_success) {
430                 ret = -EIO;
431                 goto err;
432         }
433
434         ret = count;
435
436 err:
437         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
438         mutex_unlock(&session->report_mutex);
439         return ret;
440 }
441
442 static void hidp_idle_timeout(unsigned long arg)
443 {
444         struct hidp_session *session = (struct hidp_session *) arg;
445
446         atomic_inc(&session->terminate);
447         wake_up_process(session->task);
448 }
449
450 static void hidp_set_timer(struct hidp_session *session)
451 {
452         if (session->idle_to > 0)
453                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
454 }
455
456 static void hidp_del_timer(struct hidp_session *session)
457 {
458         if (session->idle_to > 0)
459                 del_timer(&session->timer);
460 }
461
462 static void hidp_process_handshake(struct hidp_session *session,
463                                         unsigned char param)
464 {
465         BT_DBG("session %p param 0x%02x", session, param);
466         session->output_report_success = 0; /* default condition */
467
468         switch (param) {
469         case HIDP_HSHK_SUCCESSFUL:
470                 /* FIXME: Call into SET_ GET_ handlers here */
471                 session->output_report_success = 1;
472                 break;
473
474         case HIDP_HSHK_NOT_READY:
475         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
476         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
477         case HIDP_HSHK_ERR_INVALID_PARAMETER:
478                 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
479                         wake_up_interruptible(&session->report_queue);
480
481                 /* FIXME: Call into SET_ GET_ handlers here */
482                 break;
483
484         case HIDP_HSHK_ERR_UNKNOWN:
485                 break;
486
487         case HIDP_HSHK_ERR_FATAL:
488                 /* Device requests a reboot, as this is the only way this error
489                  * can be recovered. */
490                 __hidp_send_ctrl_message(session,
491                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
492                 break;
493
494         default:
495                 __hidp_send_ctrl_message(session,
496                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
497                 break;
498         }
499
500         /* Wake up the waiting thread. */
501         if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
502                 wake_up_interruptible(&session->report_queue);
503 }
504
505 static void hidp_process_hid_control(struct hidp_session *session,
506                                         unsigned char param)
507 {
508         BT_DBG("session %p param 0x%02x", session, param);
509
510         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
511                 /* Flush the transmit queues */
512                 skb_queue_purge(&session->ctrl_transmit);
513                 skb_queue_purge(&session->intr_transmit);
514
515                 atomic_inc(&session->terminate);
516                 wake_up_process(current);
517         }
518 }
519
520 /* Returns true if the passed-in skb should be freed by the caller. */
521 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
522                                 unsigned char param)
523 {
524         int done_with_skb = 1;
525         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
526
527         switch (param) {
528         case HIDP_DATA_RTYPE_INPUT:
529                 hidp_set_timer(session);
530
531                 if (session->input)
532                         hidp_input_report(session, skb);
533
534                 if (session->hid)
535                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
536                 break;
537
538         case HIDP_DATA_RTYPE_OTHER:
539         case HIDP_DATA_RTYPE_OUPUT:
540         case HIDP_DATA_RTYPE_FEATURE:
541                 break;
542
543         default:
544                 __hidp_send_ctrl_message(session,
545                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
546         }
547
548         if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
549                                 param == session->waiting_report_type) {
550                 if (session->waiting_report_number < 0 ||
551                     session->waiting_report_number == skb->data[0]) {
552                         /* hidp_get_raw_report() is waiting on this report. */
553                         session->report_return = skb;
554                         done_with_skb = 0;
555                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
556                         wake_up_interruptible(&session->report_queue);
557                 }
558         }
559
560         return done_with_skb;
561 }
562
563 static void hidp_recv_ctrl_frame(struct hidp_session *session,
564                                         struct sk_buff *skb)
565 {
566         unsigned char hdr, type, param;
567         int free_skb = 1;
568
569         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
570
571         hdr = skb->data[0];
572         skb_pull(skb, 1);
573
574         type = hdr & HIDP_HEADER_TRANS_MASK;
575         param = hdr & HIDP_HEADER_PARAM_MASK;
576
577         switch (type) {
578         case HIDP_TRANS_HANDSHAKE:
579                 hidp_process_handshake(session, param);
580                 break;
581
582         case HIDP_TRANS_HID_CONTROL:
583                 hidp_process_hid_control(session, param);
584                 break;
585
586         case HIDP_TRANS_DATA:
587                 free_skb = hidp_process_data(session, skb, param);
588                 break;
589
590         default:
591                 __hidp_send_ctrl_message(session,
592                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
593                 break;
594         }
595
596         if (free_skb)
597                 kfree_skb(skb);
598 }
599
600 static void hidp_recv_intr_frame(struct hidp_session *session,
601                                 struct sk_buff *skb)
602 {
603         unsigned char hdr;
604
605         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
606
607         hdr = skb->data[0];
608         skb_pull(skb, 1);
609
610         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
611                 hidp_set_timer(session);
612
613                 if (session->input)
614                         hidp_input_report(session, skb);
615
616                 if (session->hid) {
617                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
618                         BT_DBG("report len %d", skb->len);
619                 }
620         } else {
621                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
622         }
623
624         kfree_skb(skb);
625 }
626
627 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
628 {
629         struct kvec iv = { data, len };
630         struct msghdr msg;
631
632         BT_DBG("sock %p data %p len %d", sock, data, len);
633
634         if (!len)
635                 return 0;
636
637         memset(&msg, 0, sizeof(msg));
638
639         return kernel_sendmsg(sock, &msg, &iv, 1, len);
640 }
641
642 static void hidp_process_intr_transmit(struct hidp_session *session)
643 {
644         struct sk_buff *skb;
645
646         BT_DBG("session %p", session);
647
648         while ((skb = skb_dequeue(&session->intr_transmit))) {
649                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
650                         skb_queue_head(&session->intr_transmit, skb);
651                         break;
652                 }
653
654                 hidp_set_timer(session);
655                 kfree_skb(skb);
656         }
657 }
658
659 static void hidp_process_ctrl_transmit(struct hidp_session *session)
660 {
661         struct sk_buff *skb;
662
663         BT_DBG("session %p", session);
664
665         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
666                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
667                         skb_queue_head(&session->ctrl_transmit, skb);
668                         break;
669                 }
670
671                 hidp_set_timer(session);
672                 kfree_skb(skb);
673         }
674 }
675
676 static int hidp_session(void *arg)
677 {
678         struct hidp_session *session = arg;
679         struct sock *ctrl_sk = session->ctrl_sock->sk;
680         struct sock *intr_sk = session->intr_sock->sk;
681         struct sk_buff *skb;
682         wait_queue_t ctrl_wait, intr_wait;
683
684         BT_DBG("session %p", session);
685
686         __module_get(THIS_MODULE);
687         set_user_nice(current, -15);
688
689         init_waitqueue_entry(&ctrl_wait, current);
690         init_waitqueue_entry(&intr_wait, current);
691         add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
692         add_wait_queue(sk_sleep(intr_sk), &intr_wait);
693         session->waiting_for_startup = 0;
694         wake_up_interruptible(&session->startup_queue);
695         set_current_state(TASK_INTERRUPTIBLE);
696         while (!atomic_read(&session->terminate)) {
697                 if (ctrl_sk->sk_state != BT_CONNECTED ||
698                                 intr_sk->sk_state != BT_CONNECTED)
699                         break;
700
701                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
702                         skb_orphan(skb);
703                         if (!skb_linearize(skb))
704                                 hidp_recv_intr_frame(session, skb);
705                         else
706                                 kfree_skb(skb);
707                 }
708
709                 hidp_process_intr_transmit(session);
710
711                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
712                         skb_orphan(skb);
713                         if (!skb_linearize(skb))
714                                 hidp_recv_ctrl_frame(session, skb);
715                         else
716                                 kfree_skb(skb);
717                 }
718
719                 hidp_process_ctrl_transmit(session);
720
721                 schedule();
722                 set_current_state(TASK_INTERRUPTIBLE);
723         }
724         set_current_state(TASK_RUNNING);
725         remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
726         remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
727
728         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
729         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
730         wake_up_interruptible(&session->report_queue);
731
732         down_write(&hidp_session_sem);
733
734         hidp_del_timer(session);
735
736         if (session->input) {
737                 input_unregister_device(session->input);
738                 session->input = NULL;
739         }
740
741         if (session->hid) {
742                 hid_destroy_device(session->hid);
743                 session->hid = NULL;
744         }
745
746         /* Wakeup user-space polling for socket errors */
747         session->intr_sock->sk->sk_err = EUNATCH;
748         session->ctrl_sock->sk->sk_err = EUNATCH;
749
750         hidp_schedule(session);
751
752         fput(session->intr_sock->file);
753
754         wait_event_timeout(*(sk_sleep(ctrl_sk)),
755                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
756
757         fput(session->ctrl_sock->file);
758
759         __hidp_unlink_session(session);
760
761         up_write(&hidp_session_sem);
762
763         kfree(session->rd_data);
764         kfree(session);
765         module_put_and_exit(0);
766         return 0;
767 }
768
769 static struct hci_conn *hidp_get_connection(struct hidp_session *session)
770 {
771         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
772         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
773         struct hci_conn *conn;
774         struct hci_dev *hdev;
775
776         hdev = hci_get_route(dst, src);
777         if (!hdev)
778                 return NULL;
779
780         hci_dev_lock(hdev);
781         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
782         if (conn)
783                 hci_conn_hold_device(conn);
784         hci_dev_unlock(hdev);
785
786         hci_dev_put(hdev);
787
788         return conn;
789 }
790
791 static int hidp_setup_input(struct hidp_session *session,
792                                 struct hidp_connadd_req *req)
793 {
794         struct input_dev *input;
795         int i;
796
797         input = input_allocate_device();
798         if (!input)
799                 return -ENOMEM;
800
801         session->input = input;
802
803         input_set_drvdata(input, session);
804
805         input->name = "Bluetooth HID Boot Protocol Device";
806
807         input->id.bustype = BUS_BLUETOOTH;
808         input->id.vendor  = req->vendor;
809         input->id.product = req->product;
810         input->id.version = req->version;
811
812         if (req->subclass & 0x40) {
813                 set_bit(EV_KEY, input->evbit);
814                 set_bit(EV_LED, input->evbit);
815                 set_bit(EV_REP, input->evbit);
816
817                 set_bit(LED_NUML,    input->ledbit);
818                 set_bit(LED_CAPSL,   input->ledbit);
819                 set_bit(LED_SCROLLL, input->ledbit);
820                 set_bit(LED_COMPOSE, input->ledbit);
821                 set_bit(LED_KANA,    input->ledbit);
822
823                 for (i = 0; i < sizeof(hidp_keycode); i++)
824                         set_bit(hidp_keycode[i], input->keybit);
825                 clear_bit(0, input->keybit);
826         }
827
828         if (req->subclass & 0x80) {
829                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
830                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
831                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
832                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
833                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
834                         BIT_MASK(BTN_EXTRA);
835                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
836         }
837
838         input->dev.parent = &session->conn->dev;
839
840         input->event = hidp_input_event;
841
842         return 0;
843 }
844
845 static int hidp_open(struct hid_device *hid)
846 {
847         return 0;
848 }
849
850 static void hidp_close(struct hid_device *hid)
851 {
852 }
853
854 static int hidp_parse(struct hid_device *hid)
855 {
856         struct hidp_session *session = hid->driver_data;
857
858         return hid_parse_report(session->hid, session->rd_data,
859                         session->rd_size);
860 }
861
862 static int hidp_start(struct hid_device *hid)
863 {
864         struct hidp_session *session = hid->driver_data;
865         struct hid_report *report;
866
867         if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
868                 return 0;
869
870         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
871                         report_list, list)
872                 hidp_send_report(session, report);
873
874         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
875                         report_list, list)
876                 hidp_send_report(session, report);
877
878         return 0;
879 }
880
881 static void hidp_stop(struct hid_device *hid)
882 {
883         struct hidp_session *session = hid->driver_data;
884
885         skb_queue_purge(&session->ctrl_transmit);
886         skb_queue_purge(&session->intr_transmit);
887
888         hid->claimed = 0;
889 }
890
891 static struct hid_ll_driver hidp_hid_driver = {
892         .parse = hidp_parse,
893         .start = hidp_start,
894         .stop = hidp_stop,
895         .open  = hidp_open,
896         .close = hidp_close,
897         .hidinput_input_event = hidp_hidinput_event,
898 };
899
900 /* This function sets up the hid device. It does not add it
901    to the HID system. That is done in hidp_add_connection(). */
902 static int hidp_setup_hid(struct hidp_session *session,
903                                 struct hidp_connadd_req *req)
904 {
905         struct hid_device *hid;
906         int err;
907
908         session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
909         if (!session->rd_data)
910                 return -ENOMEM;
911
912         if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
913                 err = -EFAULT;
914                 goto fault;
915         }
916         session->rd_size = req->rd_size;
917
918         hid = hid_allocate_device();
919         if (IS_ERR(hid)) {
920                 err = PTR_ERR(hid);
921                 goto fault;
922         }
923
924         session->hid = hid;
925
926         hid->driver_data = session;
927
928         hid->bus     = BUS_BLUETOOTH;
929         hid->vendor  = req->vendor;
930         hid->product = req->product;
931         hid->version = req->version;
932         hid->country = req->country;
933
934         strncpy(hid->name, req->name, 128);
935
936         snprintf(hid->phys, sizeof(hid->phys), "%pMR",
937                  &bt_sk(session->ctrl_sock->sk)->src);
938
939         snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
940                  &bt_sk(session->ctrl_sock->sk)->dst);
941
942         hid->dev.parent = &session->conn->dev;
943         hid->ll_driver = &hidp_hid_driver;
944
945         hid->hid_get_raw_report = hidp_get_raw_report;
946         hid->hid_output_raw_report = hidp_output_raw_report;
947
948         /* True if device is blacklisted in drivers/hid/hid-core.c */
949         if (hid_ignore(hid)) {
950                 hid_destroy_device(session->hid);
951                 session->hid = NULL;
952                 return -ENODEV;
953         }
954
955         return 0;
956
957 fault:
958         kfree(session->rd_data);
959         session->rd_data = NULL;
960
961         return err;
962 }
963
964 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
965 {
966         struct hidp_session *session, *s;
967         int vendor, product;
968         int err;
969
970         BT_DBG("");
971
972         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
973                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
974                 return -ENOTUNIQ;
975
976         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
977
978         down_write(&hidp_session_sem);
979
980         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
981         if (s && s->state == BT_CONNECTED) {
982                 up_write(&hidp_session_sem);
983                 return -EEXIST;
984         }
985
986         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
987         if (!session) {
988                 up_write(&hidp_session_sem);
989                 return -ENOMEM;
990         }
991
992         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
993
994         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
995                                         l2cap_pi(ctrl_sock->sk)->chan->imtu);
996         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
997                                         l2cap_pi(intr_sock->sk)->chan->imtu);
998
999         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1000
1001         session->ctrl_sock = ctrl_sock;
1002         session->intr_sock = intr_sock;
1003         session->state     = BT_CONNECTED;
1004
1005         session->conn = hidp_get_connection(session);
1006         if (!session->conn) {
1007                 err = -ENOTCONN;
1008                 goto failed;
1009         }
1010
1011         setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1012
1013         skb_queue_head_init(&session->ctrl_transmit);
1014         skb_queue_head_init(&session->intr_transmit);
1015
1016         mutex_init(&session->report_mutex);
1017         init_waitqueue_head(&session->report_queue);
1018         init_waitqueue_head(&session->startup_queue);
1019         session->waiting_for_startup = 1;
1020         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1021         session->idle_to = req->idle_to;
1022
1023         __hidp_link_session(session);
1024
1025         if (req->rd_size > 0) {
1026                 err = hidp_setup_hid(session, req);
1027                 if (err && err != -ENODEV)
1028                         goto purge;
1029         }
1030
1031         if (!session->hid) {
1032                 err = hidp_setup_input(session, req);
1033                 if (err < 0)
1034                         goto purge;
1035         }
1036
1037         hidp_set_timer(session);
1038
1039         if (session->hid) {
1040                 vendor  = session->hid->vendor;
1041                 product = session->hid->product;
1042         } else if (session->input) {
1043                 vendor  = session->input->id.vendor;
1044                 product = session->input->id.product;
1045         } else {
1046                 vendor = 0x0000;
1047                 product = 0x0000;
1048         }
1049
1050         session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1051                                                         vendor, product);
1052         if (IS_ERR(session->task)) {
1053                 err = PTR_ERR(session->task);
1054                 goto unlink;
1055         }
1056
1057         while (session->waiting_for_startup) {
1058                 wait_event_interruptible(session->startup_queue,
1059                         !session->waiting_for_startup);
1060         }
1061
1062         if (session->hid)
1063                 err = hid_add_device(session->hid);
1064         else
1065                 err = input_register_device(session->input);
1066
1067         if (err < 0) {
1068                 atomic_inc(&session->terminate);
1069                 wake_up_process(session->task);
1070                 up_write(&hidp_session_sem);
1071                 return err;
1072         }
1073
1074         if (session->input) {
1075                 hidp_send_ctrl_message(session,
1076                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1077                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1078
1079                 session->leds = 0xff;
1080                 hidp_input_event(session->input, EV_LED, 0, 0);
1081         }
1082
1083         up_write(&hidp_session_sem);
1084         return 0;
1085
1086 unlink:
1087         hidp_del_timer(session);
1088
1089         if (session->input) {
1090                 input_unregister_device(session->input);
1091                 session->input = NULL;
1092         }
1093
1094         if (session->hid) {
1095                 hid_destroy_device(session->hid);
1096                 session->hid = NULL;
1097         }
1098
1099         kfree(session->rd_data);
1100         session->rd_data = NULL;
1101
1102 purge:
1103         __hidp_unlink_session(session);
1104
1105         skb_queue_purge(&session->ctrl_transmit);
1106         skb_queue_purge(&session->intr_transmit);
1107
1108 failed:
1109         up_write(&hidp_session_sem);
1110
1111         kfree(session);
1112         return err;
1113 }
1114
1115 int hidp_del_connection(struct hidp_conndel_req *req)
1116 {
1117         struct hidp_session *session;
1118         int err = 0;
1119
1120         BT_DBG("");
1121
1122         down_read(&hidp_session_sem);
1123
1124         session = __hidp_get_session(&req->bdaddr);
1125         if (session) {
1126                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1127                         hidp_send_ctrl_message(session,
1128                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1129                 } else {
1130                         /* Flush the transmit queues */
1131                         skb_queue_purge(&session->ctrl_transmit);
1132                         skb_queue_purge(&session->intr_transmit);
1133
1134                         atomic_inc(&session->terminate);
1135                         wake_up_process(session->task);
1136                 }
1137         } else
1138                 err = -ENOENT;
1139
1140         up_read(&hidp_session_sem);
1141         return err;
1142 }
1143
1144 int hidp_get_connlist(struct hidp_connlist_req *req)
1145 {
1146         struct hidp_session *session;
1147         int err = 0, n = 0;
1148
1149         BT_DBG("");
1150
1151         down_read(&hidp_session_sem);
1152
1153         list_for_each_entry(session, &hidp_session_list, list) {
1154                 struct hidp_conninfo ci;
1155
1156                 __hidp_copy_session(session, &ci);
1157
1158                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1159                         err = -EFAULT;
1160                         break;
1161                 }
1162
1163                 if (++n >= req->cnum)
1164                         break;
1165
1166                 req->ci++;
1167         }
1168         req->cnum = n;
1169
1170         up_read(&hidp_session_sem);
1171         return err;
1172 }
1173
1174 int hidp_get_conninfo(struct hidp_conninfo *ci)
1175 {
1176         struct hidp_session *session;
1177         int err = 0;
1178
1179         down_read(&hidp_session_sem);
1180
1181         session = __hidp_get_session(&ci->bdaddr);
1182         if (session)
1183                 __hidp_copy_session(session, ci);
1184         else
1185                 err = -ENOENT;
1186
1187         up_read(&hidp_session_sem);
1188         return err;
1189 }
1190
1191 static int __init hidp_init(void)
1192 {
1193         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1194
1195         return hidp_init_sockets();
1196 }
1197
1198 static void __exit hidp_exit(void)
1199 {
1200         hidp_cleanup_sockets();
1201 }
1202
1203 module_init(hidp_init);
1204 module_exit(hidp_exit);
1205
1206 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1207 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1208 MODULE_VERSION(VERSION);
1209 MODULE_LICENSE("GPL");
1210 MODULE_ALIAS("bt-proto-6");