2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
80 ci->vendor = session->input->id.vendor;
81 ci->product = session->input->id.product;
82 ci->version = session->input->id.version;
83 if (session->input->name)
84 strlcpy(ci->name, session->input->name, 128);
86 strlcpy(ci->name, "HID Boot Device", 128);
87 } else if (session->hid) {
88 ci->vendor = session->hid->vendor;
89 ci->product = session->hid->product;
90 ci->version = session->hid->version;
91 strlcpy(ci->name, session->hid->name, 128);
95 /* assemble skb, queue message on @transmit and wake up the session thread */
96 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
97 struct sk_buff_head *transmit, unsigned char hdr,
98 const unsigned char *data, int size)
101 struct sock *sk = sock->sk;
103 BT_DBG("session %p data %p size %d", session, data, size);
105 if (atomic_read(&session->terminate))
108 skb = alloc_skb(size + 1, GFP_ATOMIC);
110 BT_ERR("Can't allocate memory for new frame");
114 *skb_put(skb, 1) = hdr;
115 if (data && size > 0)
116 memcpy(skb_put(skb, size), data, size);
118 skb_queue_tail(transmit, skb);
119 wake_up_interruptible(sk_sleep(sk));
124 static int hidp_send_ctrl_message(struct hidp_session *session,
125 unsigned char hdr, const unsigned char *data,
128 return hidp_send_message(session, session->ctrl_sock,
129 &session->ctrl_transmit, hdr, data, size);
132 static int hidp_send_intr_message(struct hidp_session *session,
133 unsigned char hdr, const unsigned char *data,
136 return hidp_send_message(session, session->intr_sock,
137 &session->intr_transmit, hdr, data, size);
140 static int hidp_input_event(struct input_dev *dev, unsigned int type,
141 unsigned int code, int value)
143 struct hidp_session *session = input_get_drvdata(dev);
144 unsigned char newleds;
145 unsigned char hdr, data[2];
147 BT_DBG("session %p type %d code %d value %d",
148 session, type, code, value);
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
159 if (session->leds == newleds)
162 session->leds = newleds;
164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
168 return hidp_send_intr_message(session, hdr, data, 2);
171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 struct input_dev *dev = session->input;
174 unsigned char *keys = session->keys;
175 unsigned char *udata = skb->data + 1;
176 signed char *sdata = skb->data + 1;
177 int i, size = skb->len - 1;
179 switch (skb->data[0]) {
180 case 0x01: /* Keyboard report */
181 for (i = 0; i < 8; i++)
182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 /* If all the key codes have been set to 0x01, it means
185 * too many keys were pressed at the same time. */
186 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
189 for (i = 2; i < 8; i++) {
190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191 if (hidp_keycode[keys[i]])
192 input_report_key(dev, hidp_keycode[keys[i]], 0);
194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198 if (hidp_keycode[udata[i]])
199 input_report_key(dev, hidp_keycode[udata[i]], 1);
201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
205 memcpy(keys, udata, 8);
208 case 0x02: /* Mouse report */
209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215 input_report_rel(dev, REL_X, sdata[1]);
216 input_report_rel(dev, REL_Y, sdata[2]);
219 input_report_rel(dev, REL_WHEEL, sdata[3]);
226 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
228 unsigned char buf[32], hdr;
231 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
232 if (rsize > sizeof(buf))
235 hid_output_report(report, buf);
236 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
238 return hidp_send_intr_message(session, hdr, buf, rsize);
241 static int hidp_get_raw_report(struct hid_device *hid,
242 unsigned char report_number,
243 unsigned char *data, size_t count,
244 unsigned char report_type)
246 struct hidp_session *session = hid->driver_data;
249 int numbered_reports = hid->report_enum[report_type].numbered;
252 if (atomic_read(&session->terminate))
255 switch (report_type) {
256 case HID_FEATURE_REPORT:
257 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
259 case HID_INPUT_REPORT:
260 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
262 case HID_OUTPUT_REPORT:
263 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
269 if (mutex_lock_interruptible(&session->report_mutex))
272 /* Set up our wait, and send the report request to the device. */
273 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
274 session->waiting_report_number = numbered_reports ? report_number : -1;
275 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
276 data[0] = report_number;
277 ret = hidp_send_ctrl_message(session, report_type, data, 1);
281 /* Wait for the return of the report. The returned report
282 gets put in session->report_return. */
283 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
284 !atomic_read(&session->terminate)) {
287 res = wait_event_interruptible_timeout(session->report_queue,
288 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
289 || atomic_read(&session->terminate),
303 skb = session->report_return;
305 len = skb->len < count ? skb->len : count;
306 memcpy(data, skb->data, len);
309 session->report_return = NULL;
311 /* Device returned a HANDSHAKE, indicating protocol error. */
315 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
316 mutex_unlock(&session->report_mutex);
321 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
322 mutex_unlock(&session->report_mutex);
326 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
327 unsigned char report_type)
329 struct hidp_session *session = hid->driver_data;
332 if (report_type == HID_OUTPUT_REPORT) {
333 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
334 return hidp_send_intr_message(session, report_type,
336 } else if (report_type != HID_FEATURE_REPORT) {
340 if (mutex_lock_interruptible(&session->report_mutex))
343 /* Set up our wait, and send the report request to the device. */
344 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
345 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
346 ret = hidp_send_ctrl_message(session, report_type, data, count);
350 /* Wait for the ACK from the device. */
351 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
352 !atomic_read(&session->terminate)) {
355 res = wait_event_interruptible_timeout(session->report_queue,
356 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
357 || atomic_read(&session->terminate),
371 if (!session->output_report_success) {
379 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
380 mutex_unlock(&session->report_mutex);
384 static void hidp_idle_timeout(unsigned long arg)
386 struct hidp_session *session = (struct hidp_session *) arg;
388 hidp_session_terminate(session);
391 static void hidp_set_timer(struct hidp_session *session)
393 if (session->idle_to > 0)
394 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
397 static void hidp_del_timer(struct hidp_session *session)
399 if (session->idle_to > 0)
400 del_timer(&session->timer);
403 static void hidp_process_handshake(struct hidp_session *session,
406 BT_DBG("session %p param 0x%02x", session, param);
407 session->output_report_success = 0; /* default condition */
410 case HIDP_HSHK_SUCCESSFUL:
411 /* FIXME: Call into SET_ GET_ handlers here */
412 session->output_report_success = 1;
415 case HIDP_HSHK_NOT_READY:
416 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
417 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
418 case HIDP_HSHK_ERR_INVALID_PARAMETER:
419 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
420 wake_up_interruptible(&session->report_queue);
422 /* FIXME: Call into SET_ GET_ handlers here */
425 case HIDP_HSHK_ERR_UNKNOWN:
428 case HIDP_HSHK_ERR_FATAL:
429 /* Device requests a reboot, as this is the only way this error
430 * can be recovered. */
431 hidp_send_ctrl_message(session,
432 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
436 hidp_send_ctrl_message(session,
437 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
441 /* Wake up the waiting thread. */
442 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
443 wake_up_interruptible(&session->report_queue);
446 static void hidp_process_hid_control(struct hidp_session *session,
449 BT_DBG("session %p param 0x%02x", session, param);
451 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
452 /* Flush the transmit queues */
453 skb_queue_purge(&session->ctrl_transmit);
454 skb_queue_purge(&session->intr_transmit);
456 hidp_session_terminate(session);
460 /* Returns true if the passed-in skb should be freed by the caller. */
461 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
464 int done_with_skb = 1;
465 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
468 case HIDP_DATA_RTYPE_INPUT:
469 hidp_set_timer(session);
472 hidp_input_report(session, skb);
475 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
478 case HIDP_DATA_RTYPE_OTHER:
479 case HIDP_DATA_RTYPE_OUPUT:
480 case HIDP_DATA_RTYPE_FEATURE:
484 hidp_send_ctrl_message(session,
485 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
488 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
489 param == session->waiting_report_type) {
490 if (session->waiting_report_number < 0 ||
491 session->waiting_report_number == skb->data[0]) {
492 /* hidp_get_raw_report() is waiting on this report. */
493 session->report_return = skb;
495 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
496 wake_up_interruptible(&session->report_queue);
500 return done_with_skb;
503 static void hidp_recv_ctrl_frame(struct hidp_session *session,
506 unsigned char hdr, type, param;
509 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
514 type = hdr & HIDP_HEADER_TRANS_MASK;
515 param = hdr & HIDP_HEADER_PARAM_MASK;
518 case HIDP_TRANS_HANDSHAKE:
519 hidp_process_handshake(session, param);
522 case HIDP_TRANS_HID_CONTROL:
523 hidp_process_hid_control(session, param);
526 case HIDP_TRANS_DATA:
527 free_skb = hidp_process_data(session, skb, param);
531 hidp_send_ctrl_message(session,
532 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
540 static void hidp_recv_intr_frame(struct hidp_session *session,
545 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
550 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
551 hidp_set_timer(session);
554 hidp_input_report(session, skb);
557 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
558 BT_DBG("report len %d", skb->len);
561 BT_DBG("Unsupported protocol header 0x%02x", hdr);
567 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
569 struct kvec iv = { data, len };
572 BT_DBG("sock %p data %p len %d", sock, data, len);
577 memset(&msg, 0, sizeof(msg));
579 return kernel_sendmsg(sock, &msg, &iv, 1, len);
582 /* dequeue message from @transmit and send via @sock */
583 static void hidp_process_transmit(struct hidp_session *session,
584 struct sk_buff_head *transmit,
590 BT_DBG("session %p", session);
592 while ((skb = skb_dequeue(transmit))) {
593 ret = hidp_send_frame(sock, skb->data, skb->len);
594 if (ret == -EAGAIN) {
595 skb_queue_head(transmit, skb);
597 } else if (ret < 0) {
598 hidp_session_terminate(session);
603 hidp_set_timer(session);
608 static int hidp_setup_input(struct hidp_session *session,
609 struct hidp_connadd_req *req)
611 struct input_dev *input;
614 input = input_allocate_device();
618 session->input = input;
620 input_set_drvdata(input, session);
622 input->name = "Bluetooth HID Boot Protocol Device";
624 input->id.bustype = BUS_BLUETOOTH;
625 input->id.vendor = req->vendor;
626 input->id.product = req->product;
627 input->id.version = req->version;
629 if (req->subclass & 0x40) {
630 set_bit(EV_KEY, input->evbit);
631 set_bit(EV_LED, input->evbit);
632 set_bit(EV_REP, input->evbit);
634 set_bit(LED_NUML, input->ledbit);
635 set_bit(LED_CAPSL, input->ledbit);
636 set_bit(LED_SCROLLL, input->ledbit);
637 set_bit(LED_COMPOSE, input->ledbit);
638 set_bit(LED_KANA, input->ledbit);
640 for (i = 0; i < sizeof(hidp_keycode); i++)
641 set_bit(hidp_keycode[i], input->keybit);
642 clear_bit(0, input->keybit);
645 if (req->subclass & 0x80) {
646 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
647 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
648 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
649 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
650 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
652 input->relbit[0] |= BIT_MASK(REL_WHEEL);
655 input->dev.parent = &session->conn->hcon->dev;
657 input->event = hidp_input_event;
662 static int hidp_open(struct hid_device *hid)
667 static void hidp_close(struct hid_device *hid)
671 static int hidp_parse(struct hid_device *hid)
673 struct hidp_session *session = hid->driver_data;
675 return hid_parse_report(session->hid, session->rd_data,
679 static int hidp_start(struct hid_device *hid)
681 struct hidp_session *session = hid->driver_data;
682 struct hid_report *report;
684 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
687 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
689 hidp_send_report(session, report);
691 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
693 hidp_send_report(session, report);
698 static void hidp_stop(struct hid_device *hid)
700 struct hidp_session *session = hid->driver_data;
702 skb_queue_purge(&session->ctrl_transmit);
703 skb_queue_purge(&session->intr_transmit);
708 static struct hid_ll_driver hidp_hid_driver = {
716 /* This function sets up the hid device. It does not add it
717 to the HID system. That is done in hidp_add_connection(). */
718 static int hidp_setup_hid(struct hidp_session *session,
719 struct hidp_connadd_req *req)
721 struct hid_device *hid;
724 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
725 if (!session->rd_data)
728 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
732 session->rd_size = req->rd_size;
734 hid = hid_allocate_device();
742 hid->driver_data = session;
744 hid->bus = BUS_BLUETOOTH;
745 hid->vendor = req->vendor;
746 hid->product = req->product;
747 hid->version = req->version;
748 hid->country = req->country;
750 strncpy(hid->name, req->name, sizeof(req->name) - 1);
752 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
753 &bt_sk(session->ctrl_sock->sk)->src);
755 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
756 &bt_sk(session->ctrl_sock->sk)->dst);
758 hid->dev.parent = &session->conn->hcon->dev;
759 hid->ll_driver = &hidp_hid_driver;
761 hid->hid_get_raw_report = hidp_get_raw_report;
762 hid->hid_output_raw_report = hidp_output_raw_report;
764 /* True if device is blacklisted in drivers/hid/hid-core.c */
765 if (hid_ignore(hid)) {
766 hid_destroy_device(session->hid);
774 kfree(session->rd_data);
775 session->rd_data = NULL;
780 /* initialize session devices */
781 static int hidp_session_dev_init(struct hidp_session *session,
782 struct hidp_connadd_req *req)
786 if (req->rd_size > 0) {
787 ret = hidp_setup_hid(session, req);
788 if (ret && ret != -ENODEV)
793 ret = hidp_setup_input(session, req);
801 /* destroy session devices */
802 static void hidp_session_dev_destroy(struct hidp_session *session)
805 put_device(&session->hid->dev);
806 else if (session->input)
807 input_put_device(session->input);
809 kfree(session->rd_data);
810 session->rd_data = NULL;
813 /* add HID/input devices to their underlying bus systems */
814 static int hidp_session_dev_add(struct hidp_session *session)
818 /* Both HID and input systems drop a ref-count when unregistering the
819 * device but they don't take a ref-count when registering them. Work
820 * around this by explicitly taking a refcount during registration
821 * which is dropped automatically by unregistering the devices. */
824 ret = hid_add_device(session->hid);
827 get_device(&session->hid->dev);
828 } else if (session->input) {
829 ret = input_register_device(session->input);
832 input_get_device(session->input);
838 /* remove HID/input devices from their bus systems */
839 static void hidp_session_dev_del(struct hidp_session *session)
842 hid_destroy_device(session->hid);
843 else if (session->input)
844 input_unregister_device(session->input);
848 * Asynchronous device registration
849 * HID device drivers might want to perform I/O during initialization to
850 * detect device types. Therefore, call device registration in a separate
851 * worker so the HIDP thread can schedule I/O operations.
852 * Note that this must be called after the worker thread was initialized
853 * successfully. This will then add the devices and increase session state
854 * on success, otherwise it will terminate the session thread.
856 static void hidp_session_dev_work(struct work_struct *work)
858 struct hidp_session *session = container_of(work,
863 ret = hidp_session_dev_add(session);
865 atomic_inc(&session->state);
867 hidp_session_terminate(session);
871 * Create new session object
872 * Allocate session object, initialize static fields, copy input data into the
873 * object and take a reference to all sub-objects.
874 * This returns 0 on success and puts a pointer to the new session object in
875 * \out. Otherwise, an error code is returned.
876 * The new session object has an initial ref-count of 1.
878 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
879 struct socket *ctrl_sock,
880 struct socket *intr_sock,
881 struct hidp_connadd_req *req,
882 struct l2cap_conn *conn)
884 struct hidp_session *session;
886 struct bt_sock *ctrl, *intr;
888 ctrl = bt_sk(ctrl_sock->sk);
889 intr = bt_sk(intr_sock->sk);
891 session = kzalloc(sizeof(*session), GFP_KERNEL);
895 /* object and runtime management */
896 kref_init(&session->ref);
897 atomic_set(&session->state, HIDP_SESSION_IDLING);
898 init_waitqueue_head(&session->state_queue);
899 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
901 /* connection management */
902 bacpy(&session->bdaddr, bdaddr);
903 session->conn = conn;
904 session->user.probe = hidp_session_probe;
905 session->user.remove = hidp_session_remove;
906 session->ctrl_sock = ctrl_sock;
907 session->intr_sock = intr_sock;
908 skb_queue_head_init(&session->ctrl_transmit);
909 skb_queue_head_init(&session->intr_transmit);
910 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
911 l2cap_pi(ctrl)->chan->imtu);
912 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
913 l2cap_pi(intr)->chan->imtu);
914 session->idle_to = req->idle_to;
916 /* device management */
917 INIT_WORK(&session->dev_init, hidp_session_dev_work);
918 setup_timer(&session->timer, hidp_idle_timeout,
919 (unsigned long)session);
922 mutex_init(&session->report_mutex);
923 init_waitqueue_head(&session->report_queue);
925 ret = hidp_session_dev_init(session, req);
929 l2cap_conn_get(session->conn);
930 get_file(session->intr_sock->file);
931 get_file(session->ctrl_sock->file);
940 /* increase ref-count of the given session by one */
941 static void hidp_session_get(struct hidp_session *session)
943 kref_get(&session->ref);
946 /* release callback */
947 static void session_free(struct kref *ref)
949 struct hidp_session *session = container_of(ref, struct hidp_session,
952 hidp_session_dev_destroy(session);
953 skb_queue_purge(&session->ctrl_transmit);
954 skb_queue_purge(&session->intr_transmit);
955 fput(session->intr_sock->file);
956 fput(session->ctrl_sock->file);
957 l2cap_conn_put(session->conn);
961 /* decrease ref-count of the given session by one */
962 static void hidp_session_put(struct hidp_session *session)
964 kref_put(&session->ref, session_free);
968 * Search the list of active sessions for a session with target address
969 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
970 * you do not release this lock, the session objects cannot vanish and you can
971 * safely take a reference to the session yourself.
973 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
975 struct hidp_session *session;
977 list_for_each_entry(session, &hidp_session_list, list) {
978 if (!bacmp(bdaddr, &session->bdaddr))
986 * Same as __hidp_session_find() but no locks must be held. This also takes a
987 * reference of the returned session (if non-NULL) so you must drop this
988 * reference if you no longer use the object.
990 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
992 struct hidp_session *session;
994 down_read(&hidp_session_sem);
996 session = __hidp_session_find(bdaddr);
998 hidp_session_get(session);
1000 up_read(&hidp_session_sem);
1006 * Start session synchronously
1007 * This starts a session thread and waits until initialization
1008 * is done or returns an error if it couldn't be started.
1009 * If this returns 0 the session thread is up and running. You must call
1010 * hipd_session_stop_sync() before deleting any runtime resources.
1012 static int hidp_session_start_sync(struct hidp_session *session)
1014 unsigned int vendor, product;
1017 vendor = session->hid->vendor;
1018 product = session->hid->product;
1019 } else if (session->input) {
1020 vendor = session->input->id.vendor;
1021 product = session->input->id.product;
1027 session->task = kthread_run(hidp_session_thread, session,
1028 "khidpd_%04x%04x", vendor, product);
1029 if (IS_ERR(session->task))
1030 return PTR_ERR(session->task);
1032 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1033 wait_event(session->state_queue,
1034 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1040 * Terminate session thread
1041 * Wake up session thread and notify it to stop. This is asynchronous and
1042 * returns immediately. Call this whenever a runtime error occurs and you want
1043 * the session to stop.
1044 * Note: wake_up_process() performs any necessary memory-barriers for us.
1046 static void hidp_session_terminate(struct hidp_session *session)
1048 atomic_inc(&session->terminate);
1049 wake_up_process(session->task);
1053 * Probe HIDP session
1054 * This is called from the l2cap_conn core when our l2cap_user object is bound
1055 * to the hci-connection. We get the session via the \user object and can now
1056 * start the session thread, link it into the global session list and
1057 * schedule HID/input device registration.
1058 * The global session-list owns its own reference to the session object so you
1059 * can drop your own reference after registering the l2cap_user object.
1061 static int hidp_session_probe(struct l2cap_conn *conn,
1062 struct l2cap_user *user)
1064 struct hidp_session *session = container_of(user,
1065 struct hidp_session,
1067 struct hidp_session *s;
1070 down_write(&hidp_session_sem);
1072 /* check that no other session for this device exists */
1073 s = __hidp_session_find(&session->bdaddr);
1079 if (session->input) {
1080 ret = hidp_session_dev_add(session);
1085 ret = hidp_session_start_sync(session);
1089 /* HID device registration is async to allow I/O during probe */
1091 atomic_inc(&session->state);
1093 schedule_work(&session->dev_init);
1095 hidp_session_get(session);
1096 list_add(&session->list, &hidp_session_list);
1102 hidp_session_dev_del(session);
1104 up_write(&hidp_session_sem);
1109 * Remove HIDP session
1110 * Called from the l2cap_conn core when either we explicitly unregistered
1111 * the l2cap_user object or if the underlying connection is shut down.
1112 * We signal the hidp-session thread to shut down, unregister the HID/input
1113 * devices and unlink the session from the global list.
1114 * This drops the reference to the session that is owned by the global
1116 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1117 * This is, because the session-thread might be waiting for an HCI lock that is
1118 * held while we are called. Therefore, we only unregister the devices and
1119 * notify the session-thread to terminate. The thread itself owns a reference
1120 * to the session object so it can safely shut down.
1122 static void hidp_session_remove(struct l2cap_conn *conn,
1123 struct l2cap_user *user)
1125 struct hidp_session *session = container_of(user,
1126 struct hidp_session,
1129 down_write(&hidp_session_sem);
1131 hidp_session_terminate(session);
1133 cancel_work_sync(&session->dev_init);
1134 if (session->input ||
1135 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1136 hidp_session_dev_del(session);
1138 list_del(&session->list);
1140 up_write(&hidp_session_sem);
1142 hidp_session_put(session);
1147 * This performs the actual main-loop of the HIDP worker. We first check
1148 * whether the underlying connection is still alive, then parse all pending
1149 * messages and finally send all outstanding messages.
1151 static void hidp_session_run(struct hidp_session *session)
1153 struct sock *ctrl_sk = session->ctrl_sock->sk;
1154 struct sock *intr_sk = session->intr_sock->sk;
1155 struct sk_buff *skb;
1159 * This thread can be woken up two ways:
1160 * - You call hidp_session_terminate() which sets the
1161 * session->terminate flag and wakes this thread up.
1162 * - Via modifying the socket state of ctrl/intr_sock. This
1163 * thread is woken up by ->sk_state_changed().
1165 * Note: set_current_state() performs any necessary
1166 * memory-barriers for us.
1168 set_current_state(TASK_INTERRUPTIBLE);
1170 if (atomic_read(&session->terminate))
1173 if (ctrl_sk->sk_state != BT_CONNECTED ||
1174 intr_sk->sk_state != BT_CONNECTED)
1177 /* parse incoming intr-skbs */
1178 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1180 if (!skb_linearize(skb))
1181 hidp_recv_intr_frame(session, skb);
1186 /* send pending intr-skbs */
1187 hidp_process_transmit(session, &session->intr_transmit,
1188 session->intr_sock);
1190 /* parse incoming ctrl-skbs */
1191 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1193 if (!skb_linearize(skb))
1194 hidp_recv_ctrl_frame(session, skb);
1199 /* send pending ctrl-skbs */
1200 hidp_process_transmit(session, &session->ctrl_transmit,
1201 session->ctrl_sock);
1206 atomic_inc(&session->terminate);
1207 set_current_state(TASK_RUNNING);
1211 * HIDP session thread
1212 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1213 * which allows us to take references to ourself here instead of doing that in
1215 * When we are ready to run we notify the caller and call hidp_session_run().
1217 static int hidp_session_thread(void *arg)
1219 struct hidp_session *session = arg;
1220 wait_queue_t ctrl_wait, intr_wait;
1222 BT_DBG("session %p", session);
1224 /* initialize runtime environment */
1225 hidp_session_get(session);
1226 __module_get(THIS_MODULE);
1227 set_user_nice(current, -15);
1228 hidp_set_timer(session);
1230 init_waitqueue_entry(&ctrl_wait, current);
1231 init_waitqueue_entry(&intr_wait, current);
1232 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1233 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1234 /* This memory barrier is paired with wq_has_sleeper(). See
1235 * sock_poll_wait() for more information why this is needed. */
1238 /* notify synchronous startup that we're ready */
1239 atomic_inc(&session->state);
1240 wake_up(&session->state_queue);
1243 hidp_session_run(session);
1245 /* cleanup runtime environment */
1246 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1247 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1248 wake_up_interruptible(&session->report_queue);
1249 hidp_del_timer(session);
1252 * If we stopped ourself due to any internal signal, we should try to
1253 * unregister our own session here to avoid having it linger until the
1254 * parent l2cap_conn dies or user-space cleans it up.
1255 * This does not deadlock as we don't do any synchronous shutdown.
1256 * Instead, this call has the same semantics as if user-space tried to
1257 * delete the session.
1259 l2cap_unregister_user(session->conn, &session->user);
1260 hidp_session_put(session);
1262 module_put_and_exit(0);
1266 static int hidp_verify_sockets(struct socket *ctrl_sock,
1267 struct socket *intr_sock)
1269 struct bt_sock *ctrl, *intr;
1270 struct hidp_session *session;
1272 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1275 ctrl = bt_sk(ctrl_sock->sk);
1276 intr = bt_sk(intr_sock->sk);
1278 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1280 if (ctrl->sk.sk_state != BT_CONNECTED ||
1281 intr->sk.sk_state != BT_CONNECTED)
1284 /* early session check, we check again during session registration */
1285 session = hidp_session_find(&ctrl->dst);
1287 hidp_session_put(session);
1294 int hidp_connection_add(struct hidp_connadd_req *req,
1295 struct socket *ctrl_sock,
1296 struct socket *intr_sock)
1298 struct hidp_session *session;
1299 struct l2cap_conn *conn;
1300 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1303 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1308 l2cap_chan_lock(chan);
1310 l2cap_conn_get(chan->conn);
1313 l2cap_chan_unlock(chan);
1318 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1319 intr_sock, req, conn);
1323 ret = l2cap_register_user(conn, &session->user);
1330 hidp_session_put(session);
1332 l2cap_conn_put(conn);
1336 int hidp_connection_del(struct hidp_conndel_req *req)
1338 struct hidp_session *session;
1340 session = hidp_session_find(&req->bdaddr);
1344 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1345 hidp_send_ctrl_message(session,
1346 HIDP_TRANS_HID_CONTROL |
1347 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1350 l2cap_unregister_user(session->conn, &session->user);
1352 hidp_session_put(session);
1357 int hidp_get_connlist(struct hidp_connlist_req *req)
1359 struct hidp_session *session;
1364 down_read(&hidp_session_sem);
1366 list_for_each_entry(session, &hidp_session_list, list) {
1367 struct hidp_conninfo ci;
1369 hidp_copy_session(session, &ci);
1371 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1376 if (++n >= req->cnum)
1383 up_read(&hidp_session_sem);
1387 int hidp_get_conninfo(struct hidp_conninfo *ci)
1389 struct hidp_session *session;
1391 session = hidp_session_find(&ci->bdaddr);
1393 hidp_copy_session(session, ci);
1394 hidp_session_put(session);
1397 return session ? 0 : -ENOENT;
1400 static int __init hidp_init(void)
1402 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1404 return hidp_init_sockets();
1407 static void __exit hidp_exit(void)
1409 hidp_cleanup_sockets();
1412 module_init(hidp_init);
1413 module_exit(hidp_exit);
1415 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1416 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1417 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1418 MODULE_VERSION(VERSION);
1419 MODULE_LICENSE("GPL");
1420 MODULE_ALIAS("bt-proto-6");
projects / cascardo / linux.git / blob