2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
80 ci->vendor = session->input->id.vendor;
81 ci->product = session->input->id.product;
82 ci->version = session->input->id.version;
83 if (session->input->name)
84 strlcpy(ci->name, session->input->name, 128);
86 strlcpy(ci->name, "HID Boot Device", 128);
87 } else if (session->hid) {
88 ci->vendor = session->hid->vendor;
89 ci->product = session->hid->product;
90 ci->version = session->hid->version;
91 strlcpy(ci->name, session->hid->name, 128);
95 /* assemble skb, queue message on @transmit and wake up the session thread */
96 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
97 struct sk_buff_head *transmit, unsigned char hdr,
98 const unsigned char *data, int size)
101 struct sock *sk = sock->sk;
103 BT_DBG("session %p data %p size %d", session, data, size);
105 if (atomic_read(&session->terminate))
108 skb = alloc_skb(size + 1, GFP_ATOMIC);
110 BT_ERR("Can't allocate memory for new frame");
114 *skb_put(skb, 1) = hdr;
115 if (data && size > 0)
116 memcpy(skb_put(skb, size), data, size);
118 skb_queue_tail(transmit, skb);
119 wake_up_interruptible(sk_sleep(sk));
124 static int hidp_send_ctrl_message(struct hidp_session *session,
125 unsigned char hdr, const unsigned char *data,
128 return hidp_send_message(session, session->ctrl_sock,
129 &session->ctrl_transmit, hdr, data, size);
132 static int hidp_send_intr_message(struct hidp_session *session,
133 unsigned char hdr, const unsigned char *data,
136 return hidp_send_message(session, session->intr_sock,
137 &session->intr_transmit, hdr, data, size);
140 static int hidp_input_event(struct input_dev *dev, unsigned int type,
141 unsigned int code, int value)
143 struct hidp_session *session = input_get_drvdata(dev);
144 unsigned char newleds;
145 unsigned char hdr, data[2];
147 BT_DBG("session %p type %d code %d value %d",
148 session, type, code, value);
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
159 if (session->leds == newleds)
162 session->leds = newleds;
164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
168 return hidp_send_intr_message(session, hdr, data, 2);
171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 struct input_dev *dev = session->input;
174 unsigned char *keys = session->keys;
175 unsigned char *udata = skb->data + 1;
176 signed char *sdata = skb->data + 1;
177 int i, size = skb->len - 1;
179 switch (skb->data[0]) {
180 case 0x01: /* Keyboard report */
181 for (i = 0; i < 8; i++)
182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 /* If all the key codes have been set to 0x01, it means
185 * too many keys were pressed at the same time. */
186 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
189 for (i = 2; i < 8; i++) {
190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191 if (hidp_keycode[keys[i]])
192 input_report_key(dev, hidp_keycode[keys[i]], 0);
194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198 if (hidp_keycode[udata[i]])
199 input_report_key(dev, hidp_keycode[udata[i]], 1);
201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
205 memcpy(keys, udata, 8);
208 case 0x02: /* Mouse report */
209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215 input_report_rel(dev, REL_X, sdata[1]);
216 input_report_rel(dev, REL_Y, sdata[2]);
219 input_report_rel(dev, REL_WHEEL, sdata[3]);
226 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
232 buf = hid_alloc_report_buf(report, GFP_ATOMIC);
236 hid_output_report(report, buf);
237 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
239 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
240 ret = hidp_send_intr_message(session, hdr, buf, rsize);
246 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type,
247 unsigned int code, int value)
249 struct hid_device *hid = input_get_drvdata(dev);
250 struct hidp_session *session = hid->driver_data;
251 struct hid_field *field;
254 BT_DBG("session %p type %d code %d value %d",
255 session, type, code, value);
260 offset = hidinput_find_field(hid, type, code, &field);
262 hid_warn(dev, "event field not found\n");
266 hid_set_field(field, offset, value);
268 return hidp_send_report(session, field->report);
271 static int hidp_get_raw_report(struct hid_device *hid,
272 unsigned char report_number,
273 unsigned char *data, size_t count,
274 unsigned char report_type)
276 struct hidp_session *session = hid->driver_data;
279 int numbered_reports = hid->report_enum[report_type].numbered;
282 if (atomic_read(&session->terminate))
285 switch (report_type) {
286 case HID_FEATURE_REPORT:
287 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
289 case HID_INPUT_REPORT:
290 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
292 case HID_OUTPUT_REPORT:
293 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
299 if (mutex_lock_interruptible(&session->report_mutex))
302 /* Set up our wait, and send the report request to the device. */
303 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
304 session->waiting_report_number = numbered_reports ? report_number : -1;
305 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
306 data[0] = report_number;
307 ret = hidp_send_ctrl_message(session, report_type, data, 1);
311 /* Wait for the return of the report. The returned report
312 gets put in session->report_return. */
313 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
314 !atomic_read(&session->terminate)) {
317 res = wait_event_interruptible_timeout(session->report_queue,
318 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
319 || atomic_read(&session->terminate),
333 skb = session->report_return;
335 len = skb->len < count ? skb->len : count;
336 memcpy(data, skb->data, len);
339 session->report_return = NULL;
341 /* Device returned a HANDSHAKE, indicating protocol error. */
345 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
346 mutex_unlock(&session->report_mutex);
351 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
352 mutex_unlock(&session->report_mutex);
356 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
357 unsigned char report_type)
359 struct hidp_session *session = hid->driver_data;
362 if (report_type == HID_OUTPUT_REPORT) {
363 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
364 return hidp_send_intr_message(session, report_type,
366 } else if (report_type != HID_FEATURE_REPORT) {
370 if (mutex_lock_interruptible(&session->report_mutex))
373 /* Set up our wait, and send the report request to the device. */
374 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
375 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
376 ret = hidp_send_ctrl_message(session, report_type, data, count);
380 /* Wait for the ACK from the device. */
381 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
382 !atomic_read(&session->terminate)) {
385 res = wait_event_interruptible_timeout(session->report_queue,
386 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
387 || atomic_read(&session->terminate),
401 if (!session->output_report_success) {
409 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
410 mutex_unlock(&session->report_mutex);
414 static void hidp_idle_timeout(unsigned long arg)
416 struct hidp_session *session = (struct hidp_session *) arg;
418 hidp_session_terminate(session);
421 static void hidp_set_timer(struct hidp_session *session)
423 if (session->idle_to > 0)
424 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
427 static void hidp_del_timer(struct hidp_session *session)
429 if (session->idle_to > 0)
430 del_timer(&session->timer);
433 static void hidp_process_report(struct hidp_session *session,
434 int type, const u8 *data, int len, int intr)
436 if (len > HID_MAX_BUFFER_SIZE)
437 len = HID_MAX_BUFFER_SIZE;
439 memcpy(session->input_buf, data, len);
440 hid_input_report(session->hid, type, session->input_buf, len, intr);
443 static void hidp_process_handshake(struct hidp_session *session,
446 BT_DBG("session %p param 0x%02x", session, param);
447 session->output_report_success = 0; /* default condition */
450 case HIDP_HSHK_SUCCESSFUL:
451 /* FIXME: Call into SET_ GET_ handlers here */
452 session->output_report_success = 1;
455 case HIDP_HSHK_NOT_READY:
456 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
457 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
458 case HIDP_HSHK_ERR_INVALID_PARAMETER:
459 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
460 wake_up_interruptible(&session->report_queue);
462 /* FIXME: Call into SET_ GET_ handlers here */
465 case HIDP_HSHK_ERR_UNKNOWN:
468 case HIDP_HSHK_ERR_FATAL:
469 /* Device requests a reboot, as this is the only way this error
470 * can be recovered. */
471 hidp_send_ctrl_message(session,
472 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
476 hidp_send_ctrl_message(session,
477 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
481 /* Wake up the waiting thread. */
482 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
483 wake_up_interruptible(&session->report_queue);
486 static void hidp_process_hid_control(struct hidp_session *session,
489 BT_DBG("session %p param 0x%02x", session, param);
491 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
492 /* Flush the transmit queues */
493 skb_queue_purge(&session->ctrl_transmit);
494 skb_queue_purge(&session->intr_transmit);
496 hidp_session_terminate(session);
500 /* Returns true if the passed-in skb should be freed by the caller. */
501 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
504 int done_with_skb = 1;
505 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
508 case HIDP_DATA_RTYPE_INPUT:
509 hidp_set_timer(session);
512 hidp_input_report(session, skb);
515 hidp_process_report(session, HID_INPUT_REPORT,
516 skb->data, skb->len, 0);
519 case HIDP_DATA_RTYPE_OTHER:
520 case HIDP_DATA_RTYPE_OUPUT:
521 case HIDP_DATA_RTYPE_FEATURE:
525 hidp_send_ctrl_message(session,
526 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
529 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
530 param == session->waiting_report_type) {
531 if (session->waiting_report_number < 0 ||
532 session->waiting_report_number == skb->data[0]) {
533 /* hidp_get_raw_report() is waiting on this report. */
534 session->report_return = skb;
536 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
537 wake_up_interruptible(&session->report_queue);
541 return done_with_skb;
544 static void hidp_recv_ctrl_frame(struct hidp_session *session,
547 unsigned char hdr, type, param;
550 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
555 type = hdr & HIDP_HEADER_TRANS_MASK;
556 param = hdr & HIDP_HEADER_PARAM_MASK;
559 case HIDP_TRANS_HANDSHAKE:
560 hidp_process_handshake(session, param);
563 case HIDP_TRANS_HID_CONTROL:
564 hidp_process_hid_control(session, param);
567 case HIDP_TRANS_DATA:
568 free_skb = hidp_process_data(session, skb, param);
572 hidp_send_ctrl_message(session,
573 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
581 static void hidp_recv_intr_frame(struct hidp_session *session,
586 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
591 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
592 hidp_set_timer(session);
595 hidp_input_report(session, skb);
598 hidp_process_report(session, HID_INPUT_REPORT,
599 skb->data, skb->len, 1);
600 BT_DBG("report len %d", skb->len);
603 BT_DBG("Unsupported protocol header 0x%02x", hdr);
609 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
611 struct kvec iv = { data, len };
614 BT_DBG("sock %p data %p len %d", sock, data, len);
619 memset(&msg, 0, sizeof(msg));
621 return kernel_sendmsg(sock, &msg, &iv, 1, len);
624 /* dequeue message from @transmit and send via @sock */
625 static void hidp_process_transmit(struct hidp_session *session,
626 struct sk_buff_head *transmit,
632 BT_DBG("session %p", session);
634 while ((skb = skb_dequeue(transmit))) {
635 ret = hidp_send_frame(sock, skb->data, skb->len);
636 if (ret == -EAGAIN) {
637 skb_queue_head(transmit, skb);
639 } else if (ret < 0) {
640 hidp_session_terminate(session);
645 hidp_set_timer(session);
650 static int hidp_setup_input(struct hidp_session *session,
651 struct hidp_connadd_req *req)
653 struct input_dev *input;
656 input = input_allocate_device();
660 session->input = input;
662 input_set_drvdata(input, session);
664 input->name = "Bluetooth HID Boot Protocol Device";
666 input->id.bustype = BUS_BLUETOOTH;
667 input->id.vendor = req->vendor;
668 input->id.product = req->product;
669 input->id.version = req->version;
671 if (req->subclass & 0x40) {
672 set_bit(EV_KEY, input->evbit);
673 set_bit(EV_LED, input->evbit);
674 set_bit(EV_REP, input->evbit);
676 set_bit(LED_NUML, input->ledbit);
677 set_bit(LED_CAPSL, input->ledbit);
678 set_bit(LED_SCROLLL, input->ledbit);
679 set_bit(LED_COMPOSE, input->ledbit);
680 set_bit(LED_KANA, input->ledbit);
682 for (i = 0; i < sizeof(hidp_keycode); i++)
683 set_bit(hidp_keycode[i], input->keybit);
684 clear_bit(0, input->keybit);
687 if (req->subclass & 0x80) {
688 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
689 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
690 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
691 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
692 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
694 input->relbit[0] |= BIT_MASK(REL_WHEEL);
697 input->dev.parent = &session->conn->hcon->dev;
699 input->event = hidp_input_event;
704 static int hidp_open(struct hid_device *hid)
709 static void hidp_close(struct hid_device *hid)
713 static int hidp_parse(struct hid_device *hid)
715 struct hidp_session *session = hid->driver_data;
717 return hid_parse_report(session->hid, session->rd_data,
721 static int hidp_start(struct hid_device *hid)
726 static void hidp_stop(struct hid_device *hid)
728 struct hidp_session *session = hid->driver_data;
730 skb_queue_purge(&session->ctrl_transmit);
731 skb_queue_purge(&session->intr_transmit);
736 static struct hid_ll_driver hidp_hid_driver = {
742 .hidinput_input_event = hidp_hidinput_event,
745 /* This function sets up the hid device. It does not add it
746 to the HID system. That is done in hidp_add_connection(). */
747 static int hidp_setup_hid(struct hidp_session *session,
748 struct hidp_connadd_req *req)
750 struct hid_device *hid;
753 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
754 if (!session->rd_data)
757 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
761 session->rd_size = req->rd_size;
763 hid = hid_allocate_device();
771 hid->driver_data = session;
773 hid->bus = BUS_BLUETOOTH;
774 hid->vendor = req->vendor;
775 hid->product = req->product;
776 hid->version = req->version;
777 hid->country = req->country;
779 strncpy(hid->name, req->name, sizeof(req->name) - 1);
781 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
782 &l2cap_pi(session->ctrl_sock->sk)->chan->src);
784 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
785 &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
787 hid->dev.parent = &session->conn->hcon->dev;
788 hid->ll_driver = &hidp_hid_driver;
790 hid->hid_get_raw_report = hidp_get_raw_report;
791 hid->hid_output_raw_report = hidp_output_raw_report;
793 /* True if device is blacklisted in drivers/hid/hid-core.c */
794 if (hid_ignore(hid)) {
795 hid_destroy_device(session->hid);
803 kfree(session->rd_data);
804 session->rd_data = NULL;
809 /* initialize session devices */
810 static int hidp_session_dev_init(struct hidp_session *session,
811 struct hidp_connadd_req *req)
815 if (req->rd_size > 0) {
816 ret = hidp_setup_hid(session, req);
817 if (ret && ret != -ENODEV)
822 ret = hidp_setup_input(session, req);
830 /* destroy session devices */
831 static void hidp_session_dev_destroy(struct hidp_session *session)
834 put_device(&session->hid->dev);
835 else if (session->input)
836 input_put_device(session->input);
838 kfree(session->rd_data);
839 session->rd_data = NULL;
842 /* add HID/input devices to their underlying bus systems */
843 static int hidp_session_dev_add(struct hidp_session *session)
847 /* Both HID and input systems drop a ref-count when unregistering the
848 * device but they don't take a ref-count when registering them. Work
849 * around this by explicitly taking a refcount during registration
850 * which is dropped automatically by unregistering the devices. */
853 ret = hid_add_device(session->hid);
856 get_device(&session->hid->dev);
857 } else if (session->input) {
858 ret = input_register_device(session->input);
861 input_get_device(session->input);
867 /* remove HID/input devices from their bus systems */
868 static void hidp_session_dev_del(struct hidp_session *session)
871 hid_destroy_device(session->hid);
872 else if (session->input)
873 input_unregister_device(session->input);
877 * Asynchronous device registration
878 * HID device drivers might want to perform I/O during initialization to
879 * detect device types. Therefore, call device registration in a separate
880 * worker so the HIDP thread can schedule I/O operations.
881 * Note that this must be called after the worker thread was initialized
882 * successfully. This will then add the devices and increase session state
883 * on success, otherwise it will terminate the session thread.
885 static void hidp_session_dev_work(struct work_struct *work)
887 struct hidp_session *session = container_of(work,
892 ret = hidp_session_dev_add(session);
894 atomic_inc(&session->state);
896 hidp_session_terminate(session);
900 * Create new session object
901 * Allocate session object, initialize static fields, copy input data into the
902 * object and take a reference to all sub-objects.
903 * This returns 0 on success and puts a pointer to the new session object in
904 * \out. Otherwise, an error code is returned.
905 * The new session object has an initial ref-count of 1.
907 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
908 struct socket *ctrl_sock,
909 struct socket *intr_sock,
910 struct hidp_connadd_req *req,
911 struct l2cap_conn *conn)
913 struct hidp_session *session;
915 struct bt_sock *ctrl, *intr;
917 ctrl = bt_sk(ctrl_sock->sk);
918 intr = bt_sk(intr_sock->sk);
920 session = kzalloc(sizeof(*session), GFP_KERNEL);
924 /* object and runtime management */
925 kref_init(&session->ref);
926 atomic_set(&session->state, HIDP_SESSION_IDLING);
927 init_waitqueue_head(&session->state_queue);
928 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
930 /* connection management */
931 bacpy(&session->bdaddr, bdaddr);
932 session->conn = conn;
933 session->user.probe = hidp_session_probe;
934 session->user.remove = hidp_session_remove;
935 session->ctrl_sock = ctrl_sock;
936 session->intr_sock = intr_sock;
937 skb_queue_head_init(&session->ctrl_transmit);
938 skb_queue_head_init(&session->intr_transmit);
939 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
940 l2cap_pi(ctrl)->chan->imtu);
941 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
942 l2cap_pi(intr)->chan->imtu);
943 session->idle_to = req->idle_to;
945 /* device management */
946 INIT_WORK(&session->dev_init, hidp_session_dev_work);
947 setup_timer(&session->timer, hidp_idle_timeout,
948 (unsigned long)session);
951 mutex_init(&session->report_mutex);
952 init_waitqueue_head(&session->report_queue);
954 ret = hidp_session_dev_init(session, req);
958 l2cap_conn_get(session->conn);
959 get_file(session->intr_sock->file);
960 get_file(session->ctrl_sock->file);
969 /* increase ref-count of the given session by one */
970 static void hidp_session_get(struct hidp_session *session)
972 kref_get(&session->ref);
975 /* release callback */
976 static void session_free(struct kref *ref)
978 struct hidp_session *session = container_of(ref, struct hidp_session,
981 hidp_session_dev_destroy(session);
982 skb_queue_purge(&session->ctrl_transmit);
983 skb_queue_purge(&session->intr_transmit);
984 fput(session->intr_sock->file);
985 fput(session->ctrl_sock->file);
986 l2cap_conn_put(session->conn);
990 /* decrease ref-count of the given session by one */
991 static void hidp_session_put(struct hidp_session *session)
993 kref_put(&session->ref, session_free);
997 * Search the list of active sessions for a session with target address
998 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
999 * you do not release this lock, the session objects cannot vanish and you can
1000 * safely take a reference to the session yourself.
1002 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
1004 struct hidp_session *session;
1006 list_for_each_entry(session, &hidp_session_list, list) {
1007 if (!bacmp(bdaddr, &session->bdaddr))
1015 * Same as __hidp_session_find() but no locks must be held. This also takes a
1016 * reference of the returned session (if non-NULL) so you must drop this
1017 * reference if you no longer use the object.
1019 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1021 struct hidp_session *session;
1023 down_read(&hidp_session_sem);
1025 session = __hidp_session_find(bdaddr);
1027 hidp_session_get(session);
1029 up_read(&hidp_session_sem);
1035 * Start session synchronously
1036 * This starts a session thread and waits until initialization
1037 * is done or returns an error if it couldn't be started.
1038 * If this returns 0 the session thread is up and running. You must call
1039 * hipd_session_stop_sync() before deleting any runtime resources.
1041 static int hidp_session_start_sync(struct hidp_session *session)
1043 unsigned int vendor, product;
1046 vendor = session->hid->vendor;
1047 product = session->hid->product;
1048 } else if (session->input) {
1049 vendor = session->input->id.vendor;
1050 product = session->input->id.product;
1056 session->task = kthread_run(hidp_session_thread, session,
1057 "khidpd_%04x%04x", vendor, product);
1058 if (IS_ERR(session->task))
1059 return PTR_ERR(session->task);
1061 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1062 wait_event(session->state_queue,
1063 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1069 * Terminate session thread
1070 * Wake up session thread and notify it to stop. This is asynchronous and
1071 * returns immediately. Call this whenever a runtime error occurs and you want
1072 * the session to stop.
1073 * Note: wake_up_process() performs any necessary memory-barriers for us.
1075 static void hidp_session_terminate(struct hidp_session *session)
1077 atomic_inc(&session->terminate);
1078 wake_up_process(session->task);
1082 * Probe HIDP session
1083 * This is called from the l2cap_conn core when our l2cap_user object is bound
1084 * to the hci-connection. We get the session via the \user object and can now
1085 * start the session thread, link it into the global session list and
1086 * schedule HID/input device registration.
1087 * The global session-list owns its own reference to the session object so you
1088 * can drop your own reference after registering the l2cap_user object.
1090 static int hidp_session_probe(struct l2cap_conn *conn,
1091 struct l2cap_user *user)
1093 struct hidp_session *session = container_of(user,
1094 struct hidp_session,
1096 struct hidp_session *s;
1099 down_write(&hidp_session_sem);
1101 /* check that no other session for this device exists */
1102 s = __hidp_session_find(&session->bdaddr);
1108 if (session->input) {
1109 ret = hidp_session_dev_add(session);
1114 ret = hidp_session_start_sync(session);
1118 /* HID device registration is async to allow I/O during probe */
1120 atomic_inc(&session->state);
1122 schedule_work(&session->dev_init);
1124 hidp_session_get(session);
1125 list_add(&session->list, &hidp_session_list);
1131 hidp_session_dev_del(session);
1133 up_write(&hidp_session_sem);
1138 * Remove HIDP session
1139 * Called from the l2cap_conn core when either we explicitly unregistered
1140 * the l2cap_user object or if the underlying connection is shut down.
1141 * We signal the hidp-session thread to shut down, unregister the HID/input
1142 * devices and unlink the session from the global list.
1143 * This drops the reference to the session that is owned by the global
1145 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1146 * This is, because the session-thread might be waiting for an HCI lock that is
1147 * held while we are called. Therefore, we only unregister the devices and
1148 * notify the session-thread to terminate. The thread itself owns a reference
1149 * to the session object so it can safely shut down.
1151 static void hidp_session_remove(struct l2cap_conn *conn,
1152 struct l2cap_user *user)
1154 struct hidp_session *session = container_of(user,
1155 struct hidp_session,
1158 down_write(&hidp_session_sem);
1160 hidp_session_terminate(session);
1162 cancel_work_sync(&session->dev_init);
1163 if (session->input ||
1164 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1165 hidp_session_dev_del(session);
1167 list_del(&session->list);
1169 up_write(&hidp_session_sem);
1171 hidp_session_put(session);
1176 * This performs the actual main-loop of the HIDP worker. We first check
1177 * whether the underlying connection is still alive, then parse all pending
1178 * messages and finally send all outstanding messages.
1180 static void hidp_session_run(struct hidp_session *session)
1182 struct sock *ctrl_sk = session->ctrl_sock->sk;
1183 struct sock *intr_sk = session->intr_sock->sk;
1184 struct sk_buff *skb;
1188 * This thread can be woken up two ways:
1189 * - You call hidp_session_terminate() which sets the
1190 * session->terminate flag and wakes this thread up.
1191 * - Via modifying the socket state of ctrl/intr_sock. This
1192 * thread is woken up by ->sk_state_changed().
1194 * Note: set_current_state() performs any necessary
1195 * memory-barriers for us.
1197 set_current_state(TASK_INTERRUPTIBLE);
1199 if (atomic_read(&session->terminate))
1202 if (ctrl_sk->sk_state != BT_CONNECTED ||
1203 intr_sk->sk_state != BT_CONNECTED)
1206 /* parse incoming intr-skbs */
1207 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1209 if (!skb_linearize(skb))
1210 hidp_recv_intr_frame(session, skb);
1215 /* send pending intr-skbs */
1216 hidp_process_transmit(session, &session->intr_transmit,
1217 session->intr_sock);
1219 /* parse incoming ctrl-skbs */
1220 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1222 if (!skb_linearize(skb))
1223 hidp_recv_ctrl_frame(session, skb);
1228 /* send pending ctrl-skbs */
1229 hidp_process_transmit(session, &session->ctrl_transmit,
1230 session->ctrl_sock);
1235 atomic_inc(&session->terminate);
1236 set_current_state(TASK_RUNNING);
1240 * HIDP session thread
1241 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1242 * which allows us to take references to ourself here instead of doing that in
1244 * When we are ready to run we notify the caller and call hidp_session_run().
1246 static int hidp_session_thread(void *arg)
1248 struct hidp_session *session = arg;
1249 wait_queue_t ctrl_wait, intr_wait;
1251 BT_DBG("session %p", session);
1253 /* initialize runtime environment */
1254 hidp_session_get(session);
1255 __module_get(THIS_MODULE);
1256 set_user_nice(current, -15);
1257 hidp_set_timer(session);
1259 init_waitqueue_entry(&ctrl_wait, current);
1260 init_waitqueue_entry(&intr_wait, current);
1261 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1262 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1263 /* This memory barrier is paired with wq_has_sleeper(). See
1264 * sock_poll_wait() for more information why this is needed. */
1267 /* notify synchronous startup that we're ready */
1268 atomic_inc(&session->state);
1269 wake_up(&session->state_queue);
1272 hidp_session_run(session);
1274 /* cleanup runtime environment */
1275 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1276 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1277 wake_up_interruptible(&session->report_queue);
1278 hidp_del_timer(session);
1281 * If we stopped ourself due to any internal signal, we should try to
1282 * unregister our own session here to avoid having it linger until the
1283 * parent l2cap_conn dies or user-space cleans it up.
1284 * This does not deadlock as we don't do any synchronous shutdown.
1285 * Instead, this call has the same semantics as if user-space tried to
1286 * delete the session.
1288 l2cap_unregister_user(session->conn, &session->user);
1289 hidp_session_put(session);
1291 module_put_and_exit(0);
1295 static int hidp_verify_sockets(struct socket *ctrl_sock,
1296 struct socket *intr_sock)
1298 struct l2cap_chan *ctrl_chan, *intr_chan;
1299 struct bt_sock *ctrl, *intr;
1300 struct hidp_session *session;
1302 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1305 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1306 intr_chan = l2cap_pi(intr_sock->sk)->chan;
1308 if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1309 bacmp(&ctrl_chan->dst, &intr_chan->dst))
1312 ctrl = bt_sk(ctrl_sock->sk);
1313 intr = bt_sk(intr_sock->sk);
1315 if (ctrl->sk.sk_state != BT_CONNECTED ||
1316 intr->sk.sk_state != BT_CONNECTED)
1319 /* early session check, we check again during session registration */
1320 session = hidp_session_find(&ctrl_chan->dst);
1322 hidp_session_put(session);
1329 int hidp_connection_add(struct hidp_connadd_req *req,
1330 struct socket *ctrl_sock,
1331 struct socket *intr_sock)
1333 struct hidp_session *session;
1334 struct l2cap_conn *conn;
1335 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1338 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1343 l2cap_chan_lock(chan);
1345 l2cap_conn_get(chan->conn);
1348 l2cap_chan_unlock(chan);
1353 ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1354 intr_sock, req, conn);
1358 ret = l2cap_register_user(conn, &session->user);
1365 hidp_session_put(session);
1367 l2cap_conn_put(conn);
1371 int hidp_connection_del(struct hidp_conndel_req *req)
1373 struct hidp_session *session;
1375 session = hidp_session_find(&req->bdaddr);
1379 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1380 hidp_send_ctrl_message(session,
1381 HIDP_TRANS_HID_CONTROL |
1382 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1385 l2cap_unregister_user(session->conn, &session->user);
1387 hidp_session_put(session);
1392 int hidp_get_connlist(struct hidp_connlist_req *req)
1394 struct hidp_session *session;
1399 down_read(&hidp_session_sem);
1401 list_for_each_entry(session, &hidp_session_list, list) {
1402 struct hidp_conninfo ci;
1404 hidp_copy_session(session, &ci);
1406 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1411 if (++n >= req->cnum)
1418 up_read(&hidp_session_sem);
1422 int hidp_get_conninfo(struct hidp_conninfo *ci)
1424 struct hidp_session *session;
1426 session = hidp_session_find(&ci->bdaddr);
1428 hidp_copy_session(session, ci);
1429 hidp_session_put(session);
1432 return session ? 0 : -ENOENT;
1435 static int __init hidp_init(void)
1437 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1439 return hidp_init_sockets();
1442 static void __exit hidp_exit(void)
1444 hidp_cleanup_sockets();
1447 module_init(hidp_init);
1448 module_exit(hidp_exit);
1450 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1451 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1452 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1453 MODULE_VERSION(VERSION);
1454 MODULE_LICENSE("GPL");
1455 MODULE_ALIAS("bt-proto-6");
projects / cascardo / linux.git / blob