2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
84 ci->vendor = session->input->id.vendor;
85 ci->product = session->input->id.product;
86 ci->version = session->input->id.version;
87 if (session->input->name)
88 strncpy(ci->name, session->input->name, 128);
90 strncpy(ci->name, "HID Boot Device", 128);
94 ci->vendor = session->hid->vendor;
95 ci->product = session->hid->product;
96 ci->version = session->hid->version;
97 strncpy(ci->name, session->hid->name, 128);
101 /* assemble skb, queue message on @transmit and wake up the session thread */
102 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
103 struct sk_buff_head *transmit, unsigned char hdr,
104 const unsigned char *data, int size)
107 struct sock *sk = sock->sk;
109 BT_DBG("session %p data %p size %d", session, data, size);
111 if (atomic_read(&session->terminate))
114 skb = alloc_skb(size + 1, GFP_ATOMIC);
116 BT_ERR("Can't allocate memory for new frame");
120 *skb_put(skb, 1) = hdr;
121 if (data && size > 0)
122 memcpy(skb_put(skb, size), data, size);
124 skb_queue_tail(transmit, skb);
125 wake_up_interruptible(sk_sleep(sk));
130 static int hidp_send_ctrl_message(struct hidp_session *session,
131 unsigned char hdr, const unsigned char *data,
134 return hidp_send_message(session, session->ctrl_sock,
135 &session->ctrl_transmit, hdr, data, size);
138 static int hidp_send_intr_message(struct hidp_session *session,
139 unsigned char hdr, const unsigned char *data,
142 return hidp_send_message(session, session->intr_sock,
143 &session->intr_transmit, hdr, data, size);
146 static int hidp_input_event(struct input_dev *dev, unsigned int type,
147 unsigned int code, int value)
149 struct hidp_session *session = input_get_drvdata(dev);
150 unsigned char newleds;
151 unsigned char hdr, data[2];
153 BT_DBG("session %p type %d code %d value %d",
154 session, type, code, value);
159 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
160 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
161 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
162 (!!test_bit(LED_CAPSL, dev->led) << 1) |
163 (!!test_bit(LED_NUML, dev->led));
165 if (session->leds == newleds)
168 session->leds = newleds;
170 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
174 return hidp_send_intr_message(session, hdr, data, 2);
177 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
179 struct input_dev *dev = session->input;
180 unsigned char *keys = session->keys;
181 unsigned char *udata = skb->data + 1;
182 signed char *sdata = skb->data + 1;
183 int i, size = skb->len - 1;
185 switch (skb->data[0]) {
186 case 0x01: /* Keyboard report */
187 for (i = 0; i < 8; i++)
188 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
190 /* If all the key codes have been set to 0x01, it means
191 * too many keys were pressed at the same time. */
192 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
195 for (i = 2; i < 8; i++) {
196 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
197 if (hidp_keycode[keys[i]])
198 input_report_key(dev, hidp_keycode[keys[i]], 0);
200 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
203 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
204 if (hidp_keycode[udata[i]])
205 input_report_key(dev, hidp_keycode[udata[i]], 1);
207 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
211 memcpy(keys, udata, 8);
214 case 0x02: /* Mouse report */
215 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
216 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
217 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
218 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
219 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
221 input_report_rel(dev, REL_X, sdata[1]);
222 input_report_rel(dev, REL_Y, sdata[2]);
225 input_report_rel(dev, REL_WHEEL, sdata[3]);
232 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
234 unsigned char buf[32], hdr;
237 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
238 if (rsize > sizeof(buf))
241 hid_output_report(report, buf);
242 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
244 return hidp_send_intr_message(session, hdr, buf, rsize);
247 static int hidp_get_raw_report(struct hid_device *hid,
248 unsigned char report_number,
249 unsigned char *data, size_t count,
250 unsigned char report_type)
252 struct hidp_session *session = hid->driver_data;
255 int numbered_reports = hid->report_enum[report_type].numbered;
258 if (atomic_read(&session->terminate))
261 switch (report_type) {
262 case HID_FEATURE_REPORT:
263 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
265 case HID_INPUT_REPORT:
266 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
268 case HID_OUTPUT_REPORT:
269 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
275 if (mutex_lock_interruptible(&session->report_mutex))
278 /* Set up our wait, and send the report request to the device. */
279 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
280 session->waiting_report_number = numbered_reports ? report_number : -1;
281 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
282 data[0] = report_number;
283 ret = hidp_send_ctrl_message(session, report_type, data, 1);
287 /* Wait for the return of the report. The returned report
288 gets put in session->report_return. */
289 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
290 !atomic_read(&session->terminate)) {
293 res = wait_event_interruptible_timeout(session->report_queue,
294 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
295 || atomic_read(&session->terminate),
309 skb = session->report_return;
311 len = skb->len < count ? skb->len : count;
312 memcpy(data, skb->data, len);
315 session->report_return = NULL;
317 /* Device returned a HANDSHAKE, indicating protocol error. */
321 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
322 mutex_unlock(&session->report_mutex);
327 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
328 mutex_unlock(&session->report_mutex);
332 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
333 unsigned char report_type)
335 struct hidp_session *session = hid->driver_data;
338 if (report_type == HID_OUTPUT_REPORT) {
339 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
340 return hidp_send_intr_message(session, report_type,
342 } else if (report_type != HID_FEATURE_REPORT) {
346 if (mutex_lock_interruptible(&session->report_mutex))
349 /* Set up our wait, and send the report request to the device. */
350 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
351 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
352 ret = hidp_send_ctrl_message(session, report_type, data, count);
356 /* Wait for the ACK from the device. */
357 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
358 !atomic_read(&session->terminate)) {
361 res = wait_event_interruptible_timeout(session->report_queue,
362 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
363 || atomic_read(&session->terminate),
377 if (!session->output_report_success) {
385 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
386 mutex_unlock(&session->report_mutex);
390 static void hidp_idle_timeout(unsigned long arg)
392 struct hidp_session *session = (struct hidp_session *) arg;
394 hidp_session_terminate(session);
397 static void hidp_set_timer(struct hidp_session *session)
399 if (session->idle_to > 0)
400 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
403 static void hidp_del_timer(struct hidp_session *session)
405 if (session->idle_to > 0)
406 del_timer(&session->timer);
409 static void hidp_process_handshake(struct hidp_session *session,
412 BT_DBG("session %p param 0x%02x", session, param);
413 session->output_report_success = 0; /* default condition */
416 case HIDP_HSHK_SUCCESSFUL:
417 /* FIXME: Call into SET_ GET_ handlers here */
418 session->output_report_success = 1;
421 case HIDP_HSHK_NOT_READY:
422 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
423 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
424 case HIDP_HSHK_ERR_INVALID_PARAMETER:
425 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
426 wake_up_interruptible(&session->report_queue);
428 /* FIXME: Call into SET_ GET_ handlers here */
431 case HIDP_HSHK_ERR_UNKNOWN:
434 case HIDP_HSHK_ERR_FATAL:
435 /* Device requests a reboot, as this is the only way this error
436 * can be recovered. */
437 hidp_send_ctrl_message(session,
438 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
442 hidp_send_ctrl_message(session,
443 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
447 /* Wake up the waiting thread. */
448 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
449 wake_up_interruptible(&session->report_queue);
452 static void hidp_process_hid_control(struct hidp_session *session,
455 BT_DBG("session %p param 0x%02x", session, param);
457 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
458 /* Flush the transmit queues */
459 skb_queue_purge(&session->ctrl_transmit);
460 skb_queue_purge(&session->intr_transmit);
462 hidp_session_terminate(session);
466 /* Returns true if the passed-in skb should be freed by the caller. */
467 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
470 int done_with_skb = 1;
471 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
474 case HIDP_DATA_RTYPE_INPUT:
475 hidp_set_timer(session);
478 hidp_input_report(session, skb);
481 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
484 case HIDP_DATA_RTYPE_OTHER:
485 case HIDP_DATA_RTYPE_OUPUT:
486 case HIDP_DATA_RTYPE_FEATURE:
490 hidp_send_ctrl_message(session,
491 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
494 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
495 param == session->waiting_report_type) {
496 if (session->waiting_report_number < 0 ||
497 session->waiting_report_number == skb->data[0]) {
498 /* hidp_get_raw_report() is waiting on this report. */
499 session->report_return = skb;
501 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
502 wake_up_interruptible(&session->report_queue);
506 return done_with_skb;
509 static void hidp_recv_ctrl_frame(struct hidp_session *session,
512 unsigned char hdr, type, param;
515 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
520 type = hdr & HIDP_HEADER_TRANS_MASK;
521 param = hdr & HIDP_HEADER_PARAM_MASK;
524 case HIDP_TRANS_HANDSHAKE:
525 hidp_process_handshake(session, param);
528 case HIDP_TRANS_HID_CONTROL:
529 hidp_process_hid_control(session, param);
532 case HIDP_TRANS_DATA:
533 free_skb = hidp_process_data(session, skb, param);
537 hidp_send_ctrl_message(session,
538 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
546 static void hidp_recv_intr_frame(struct hidp_session *session,
551 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
556 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
557 hidp_set_timer(session);
560 hidp_input_report(session, skb);
563 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
564 BT_DBG("report len %d", skb->len);
567 BT_DBG("Unsupported protocol header 0x%02x", hdr);
573 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
575 struct kvec iv = { data, len };
578 BT_DBG("sock %p data %p len %d", sock, data, len);
583 memset(&msg, 0, sizeof(msg));
585 return kernel_sendmsg(sock, &msg, &iv, 1, len);
588 /* dequeue message from @transmit and send via @sock */
589 static void hidp_process_transmit(struct hidp_session *session,
590 struct sk_buff_head *transmit,
596 BT_DBG("session %p", session);
598 while ((skb = skb_dequeue(transmit))) {
599 ret = hidp_send_frame(sock, skb->data, skb->len);
600 if (ret == -EAGAIN) {
601 skb_queue_head(transmit, skb);
603 } else if (ret < 0) {
604 hidp_session_terminate(session);
609 hidp_set_timer(session);
614 static int hidp_setup_input(struct hidp_session *session,
615 struct hidp_connadd_req *req)
617 struct input_dev *input;
620 input = input_allocate_device();
624 session->input = input;
626 input_set_drvdata(input, session);
628 input->name = "Bluetooth HID Boot Protocol Device";
630 input->id.bustype = BUS_BLUETOOTH;
631 input->id.vendor = req->vendor;
632 input->id.product = req->product;
633 input->id.version = req->version;
635 if (req->subclass & 0x40) {
636 set_bit(EV_KEY, input->evbit);
637 set_bit(EV_LED, input->evbit);
638 set_bit(EV_REP, input->evbit);
640 set_bit(LED_NUML, input->ledbit);
641 set_bit(LED_CAPSL, input->ledbit);
642 set_bit(LED_SCROLLL, input->ledbit);
643 set_bit(LED_COMPOSE, input->ledbit);
644 set_bit(LED_KANA, input->ledbit);
646 for (i = 0; i < sizeof(hidp_keycode); i++)
647 set_bit(hidp_keycode[i], input->keybit);
648 clear_bit(0, input->keybit);
651 if (req->subclass & 0x80) {
652 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
653 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
654 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
655 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
656 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
658 input->relbit[0] |= BIT_MASK(REL_WHEEL);
661 input->dev.parent = &session->conn->hcon->dev;
663 input->event = hidp_input_event;
668 static int hidp_open(struct hid_device *hid)
673 static void hidp_close(struct hid_device *hid)
677 static int hidp_parse(struct hid_device *hid)
679 struct hidp_session *session = hid->driver_data;
681 return hid_parse_report(session->hid, session->rd_data,
685 static int hidp_start(struct hid_device *hid)
687 struct hidp_session *session = hid->driver_data;
688 struct hid_report *report;
690 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
693 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
695 hidp_send_report(session, report);
697 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
699 hidp_send_report(session, report);
704 static void hidp_stop(struct hid_device *hid)
706 struct hidp_session *session = hid->driver_data;
708 skb_queue_purge(&session->ctrl_transmit);
709 skb_queue_purge(&session->intr_transmit);
714 static struct hid_ll_driver hidp_hid_driver = {
722 /* This function sets up the hid device. It does not add it
723 to the HID system. That is done in hidp_add_connection(). */
724 static int hidp_setup_hid(struct hidp_session *session,
725 struct hidp_connadd_req *req)
727 struct hid_device *hid;
730 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
731 if (!session->rd_data)
734 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
738 session->rd_size = req->rd_size;
740 hid = hid_allocate_device();
748 hid->driver_data = session;
750 hid->bus = BUS_BLUETOOTH;
751 hid->vendor = req->vendor;
752 hid->product = req->product;
753 hid->version = req->version;
754 hid->country = req->country;
756 strncpy(hid->name, req->name, sizeof(req->name) - 1);
758 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
759 &bt_sk(session->ctrl_sock->sk)->src);
761 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
762 &bt_sk(session->ctrl_sock->sk)->dst);
764 hid->dev.parent = &session->conn->hcon->dev;
765 hid->ll_driver = &hidp_hid_driver;
767 hid->hid_get_raw_report = hidp_get_raw_report;
768 hid->hid_output_raw_report = hidp_output_raw_report;
770 /* True if device is blacklisted in drivers/hid/hid-core.c */
771 if (hid_ignore(hid)) {
772 hid_destroy_device(session->hid);
780 kfree(session->rd_data);
781 session->rd_data = NULL;
786 /* initialize session devices */
787 static int hidp_session_dev_init(struct hidp_session *session,
788 struct hidp_connadd_req *req)
792 if (req->rd_size > 0) {
793 ret = hidp_setup_hid(session, req);
794 if (ret && ret != -ENODEV)
799 ret = hidp_setup_input(session, req);
807 /* destroy session devices */
808 static void hidp_session_dev_destroy(struct hidp_session *session)
811 put_device(&session->hid->dev);
812 else if (session->input)
813 input_put_device(session->input);
815 kfree(session->rd_data);
816 session->rd_data = NULL;
819 /* add HID/input devices to their underlying bus systems */
820 static int hidp_session_dev_add(struct hidp_session *session)
824 /* Both HID and input systems drop a ref-count when unregistering the
825 * device but they don't take a ref-count when registering them. Work
826 * around this by explicitly taking a refcount during registration
827 * which is dropped automatically by unregistering the devices. */
830 ret = hid_add_device(session->hid);
833 get_device(&session->hid->dev);
834 } else if (session->input) {
835 ret = input_register_device(session->input);
838 input_get_device(session->input);
844 /* remove HID/input devices from their bus systems */
845 static void hidp_session_dev_del(struct hidp_session *session)
848 hid_destroy_device(session->hid);
849 else if (session->input)
850 input_unregister_device(session->input);
854 * Asynchronous device registration
855 * HID device drivers might want to perform I/O during initialization to
856 * detect device types. Therefore, call device registration in a separate
857 * worker so the HIDP thread can schedule I/O operations.
858 * Note that this must be called after the worker thread was initialized
859 * successfully. This will then add the devices and increase session state
860 * on success, otherwise it will terminate the session thread.
862 static void hidp_session_dev_work(struct work_struct *work)
864 struct hidp_session *session = container_of(work,
869 ret = hidp_session_dev_add(session);
871 atomic_inc(&session->state);
873 hidp_session_terminate(session);
877 * Create new session object
878 * Allocate session object, initialize static fields, copy input data into the
879 * object and take a reference to all sub-objects.
880 * This returns 0 on success and puts a pointer to the new session object in
881 * \out. Otherwise, an error code is returned.
882 * The new session object has an initial ref-count of 1.
884 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
885 struct socket *ctrl_sock,
886 struct socket *intr_sock,
887 struct hidp_connadd_req *req,
888 struct l2cap_conn *conn)
890 struct hidp_session *session;
892 struct bt_sock *ctrl, *intr;
894 ctrl = bt_sk(ctrl_sock->sk);
895 intr = bt_sk(intr_sock->sk);
897 session = kzalloc(sizeof(*session), GFP_KERNEL);
901 /* object and runtime management */
902 kref_init(&session->ref);
903 atomic_set(&session->state, HIDP_SESSION_IDLING);
904 init_waitqueue_head(&session->state_queue);
905 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
907 /* connection management */
908 bacpy(&session->bdaddr, bdaddr);
909 session->conn = conn;
910 session->user.probe = hidp_session_probe;
911 session->user.remove = hidp_session_remove;
912 session->ctrl_sock = ctrl_sock;
913 session->intr_sock = intr_sock;
914 skb_queue_head_init(&session->ctrl_transmit);
915 skb_queue_head_init(&session->intr_transmit);
916 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
917 l2cap_pi(ctrl)->chan->imtu);
918 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
919 l2cap_pi(intr)->chan->imtu);
920 session->idle_to = req->idle_to;
922 /* device management */
923 INIT_WORK(&session->dev_init, hidp_session_dev_work);
924 setup_timer(&session->timer, hidp_idle_timeout,
925 (unsigned long)session);
928 mutex_init(&session->report_mutex);
929 init_waitqueue_head(&session->report_queue);
931 ret = hidp_session_dev_init(session, req);
935 l2cap_conn_get(session->conn);
936 get_file(session->intr_sock->file);
937 get_file(session->ctrl_sock->file);
946 /* increase ref-count of the given session by one */
947 static void hidp_session_get(struct hidp_session *session)
949 kref_get(&session->ref);
952 /* release callback */
953 static void session_free(struct kref *ref)
955 struct hidp_session *session = container_of(ref, struct hidp_session,
958 hidp_session_dev_destroy(session);
959 skb_queue_purge(&session->ctrl_transmit);
960 skb_queue_purge(&session->intr_transmit);
961 fput(session->intr_sock->file);
962 fput(session->ctrl_sock->file);
963 l2cap_conn_put(session->conn);
967 /* decrease ref-count of the given session by one */
968 static void hidp_session_put(struct hidp_session *session)
970 kref_put(&session->ref, session_free);
974 * Search the list of active sessions for a session with target address
975 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
976 * you do not release this lock, the session objects cannot vanish and you can
977 * safely take a reference to the session yourself.
979 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
981 struct hidp_session *session;
983 list_for_each_entry(session, &hidp_session_list, list) {
984 if (!bacmp(bdaddr, &session->bdaddr))
992 * Same as __hidp_session_find() but no locks must be held. This also takes a
993 * reference of the returned session (if non-NULL) so you must drop this
994 * reference if you no longer use the object.
996 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
998 struct hidp_session *session;
1000 down_read(&hidp_session_sem);
1002 session = __hidp_session_find(bdaddr);
1004 hidp_session_get(session);
1006 up_read(&hidp_session_sem);
1012 * Start session synchronously
1013 * This starts a session thread and waits until initialization
1014 * is done or returns an error if it couldn't be started.
1015 * If this returns 0 the session thread is up and running. You must call
1016 * hipd_session_stop_sync() before deleting any runtime resources.
1018 static int hidp_session_start_sync(struct hidp_session *session)
1020 unsigned int vendor, product;
1023 vendor = session->hid->vendor;
1024 product = session->hid->product;
1025 } else if (session->input) {
1026 vendor = session->input->id.vendor;
1027 product = session->input->id.product;
1033 session->task = kthread_run(hidp_session_thread, session,
1034 "khidpd_%04x%04x", vendor, product);
1035 if (IS_ERR(session->task))
1036 return PTR_ERR(session->task);
1038 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1039 wait_event(session->state_queue,
1040 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1046 * Terminate session thread
1047 * Wake up session thread and notify it to stop. This is asynchronous and
1048 * returns immediately. Call this whenever a runtime error occurs and you want
1049 * the session to stop.
1050 * Note: wake_up_process() performs any necessary memory-barriers for us.
1052 static void hidp_session_terminate(struct hidp_session *session)
1054 atomic_inc(&session->terminate);
1055 wake_up_process(session->task);
1059 * Probe HIDP session
1060 * This is called from the l2cap_conn core when our l2cap_user object is bound
1061 * to the hci-connection. We get the session via the \user object and can now
1062 * start the session thread, link it into the global session list and
1063 * schedule HID/input device registration.
1064 * The global session-list owns its own reference to the session object so you
1065 * can drop your own reference after registering the l2cap_user object.
1067 static int hidp_session_probe(struct l2cap_conn *conn,
1068 struct l2cap_user *user)
1070 struct hidp_session *session = container_of(user,
1071 struct hidp_session,
1073 struct hidp_session *s;
1076 down_write(&hidp_session_sem);
1078 /* check that no other session for this device exists */
1079 s = __hidp_session_find(&session->bdaddr);
1085 if (session->input) {
1086 ret = hidp_session_dev_add(session);
1091 ret = hidp_session_start_sync(session);
1095 /* HID device registration is async to allow I/O during probe */
1097 atomic_inc(&session->state);
1099 schedule_work(&session->dev_init);
1101 hidp_session_get(session);
1102 list_add(&session->list, &hidp_session_list);
1108 hidp_session_dev_del(session);
1110 up_write(&hidp_session_sem);
1115 * Remove HIDP session
1116 * Called from the l2cap_conn core when either we explicitly unregistered
1117 * the l2cap_user object or if the underlying connection is shut down.
1118 * We signal the hidp-session thread to shut down, unregister the HID/input
1119 * devices and unlink the session from the global list.
1120 * This drops the reference to the session that is owned by the global
1122 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1123 * This is, because the session-thread might be waiting for an HCI lock that is
1124 * held while we are called. Therefore, we only unregister the devices and
1125 * notify the session-thread to terminate. The thread itself owns a reference
1126 * to the session object so it can safely shut down.
1128 static void hidp_session_remove(struct l2cap_conn *conn,
1129 struct l2cap_user *user)
1131 struct hidp_session *session = container_of(user,
1132 struct hidp_session,
1135 down_write(&hidp_session_sem);
1137 hidp_session_terminate(session);
1139 cancel_work_sync(&session->dev_init);
1140 if (session->input ||
1141 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1142 hidp_session_dev_del(session);
1144 list_del(&session->list);
1146 up_write(&hidp_session_sem);
1148 hidp_session_put(session);
1153 * This performs the actual main-loop of the HIDP worker. We first check
1154 * whether the underlying connection is still alive, then parse all pending
1155 * messages and finally send all outstanding messages.
1157 static void hidp_session_run(struct hidp_session *session)
1159 struct sock *ctrl_sk = session->ctrl_sock->sk;
1160 struct sock *intr_sk = session->intr_sock->sk;
1161 struct sk_buff *skb;
1165 * This thread can be woken up two ways:
1166 * - You call hidp_session_terminate() which sets the
1167 * session->terminate flag and wakes this thread up.
1168 * - Via modifying the socket state of ctrl/intr_sock. This
1169 * thread is woken up by ->sk_state_changed().
1171 * Note: set_current_state() performs any necessary
1172 * memory-barriers for us.
1174 set_current_state(TASK_INTERRUPTIBLE);
1176 if (atomic_read(&session->terminate))
1179 if (ctrl_sk->sk_state != BT_CONNECTED ||
1180 intr_sk->sk_state != BT_CONNECTED)
1183 /* parse incoming intr-skbs */
1184 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1186 if (!skb_linearize(skb))
1187 hidp_recv_intr_frame(session, skb);
1192 /* send pending intr-skbs */
1193 hidp_process_transmit(session, &session->intr_transmit,
1194 session->intr_sock);
1196 /* parse incoming ctrl-skbs */
1197 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1199 if (!skb_linearize(skb))
1200 hidp_recv_ctrl_frame(session, skb);
1205 /* send pending ctrl-skbs */
1206 hidp_process_transmit(session, &session->ctrl_transmit,
1207 session->ctrl_sock);
1212 atomic_inc(&session->terminate);
1213 set_current_state(TASK_RUNNING);
1217 * HIDP session thread
1218 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1219 * which allows us to take references to ourself here instead of doing that in
1221 * When we are ready to run we notify the caller and call hidp_session_run().
1223 static int hidp_session_thread(void *arg)
1225 struct hidp_session *session = arg;
1226 wait_queue_t ctrl_wait, intr_wait;
1228 BT_DBG("session %p", session);
1230 /* initialize runtime environment */
1231 hidp_session_get(session);
1232 __module_get(THIS_MODULE);
1233 set_user_nice(current, -15);
1234 hidp_set_timer(session);
1236 init_waitqueue_entry(&ctrl_wait, current);
1237 init_waitqueue_entry(&intr_wait, current);
1238 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1239 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1240 /* This memory barrier is paired with wq_has_sleeper(). See
1241 * sock_poll_wait() for more information why this is needed. */
1244 /* notify synchronous startup that we're ready */
1245 atomic_inc(&session->state);
1246 wake_up(&session->state_queue);
1249 hidp_session_run(session);
1251 /* cleanup runtime environment */
1252 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1253 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1254 wake_up_interruptible(&session->report_queue);
1255 hidp_del_timer(session);
1258 * If we stopped ourself due to any internal signal, we should try to
1259 * unregister our own session here to avoid having it linger until the
1260 * parent l2cap_conn dies or user-space cleans it up.
1261 * This does not deadlock as we don't do any synchronous shutdown.
1262 * Instead, this call has the same semantics as if user-space tried to
1263 * delete the session.
1265 l2cap_unregister_user(session->conn, &session->user);
1266 hidp_session_put(session);
1268 module_put_and_exit(0);
1272 static int hidp_verify_sockets(struct socket *ctrl_sock,
1273 struct socket *intr_sock)
1275 struct bt_sock *ctrl, *intr;
1276 struct hidp_session *session;
1278 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1281 ctrl = bt_sk(ctrl_sock->sk);
1282 intr = bt_sk(intr_sock->sk);
1284 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1286 if (ctrl->sk.sk_state != BT_CONNECTED ||
1287 intr->sk.sk_state != BT_CONNECTED)
1290 /* early session check, we check again during session registration */
1291 session = hidp_session_find(&ctrl->dst);
1293 hidp_session_put(session);
1300 int hidp_connection_add(struct hidp_connadd_req *req,
1301 struct socket *ctrl_sock,
1302 struct socket *intr_sock)
1304 struct hidp_session *session;
1305 struct l2cap_conn *conn;
1306 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1309 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1314 l2cap_chan_lock(chan);
1316 l2cap_conn_get(chan->conn);
1319 l2cap_chan_unlock(chan);
1324 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1325 intr_sock, req, conn);
1329 ret = l2cap_register_user(conn, &session->user);
1336 hidp_session_put(session);
1338 l2cap_conn_put(conn);
1342 int hidp_connection_del(struct hidp_conndel_req *req)
1344 struct hidp_session *session;
1346 session = hidp_session_find(&req->bdaddr);
1350 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1351 hidp_send_ctrl_message(session,
1352 HIDP_TRANS_HID_CONTROL |
1353 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1356 l2cap_unregister_user(session->conn, &session->user);
1358 hidp_session_put(session);
1363 int hidp_get_connlist(struct hidp_connlist_req *req)
1365 struct hidp_session *session;
1370 down_read(&hidp_session_sem);
1372 list_for_each_entry(session, &hidp_session_list, list) {
1373 struct hidp_conninfo ci;
1375 hidp_copy_session(session, &ci);
1377 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1382 if (++n >= req->cnum)
1389 up_read(&hidp_session_sem);
1393 int hidp_get_conninfo(struct hidp_conninfo *ci)
1395 struct hidp_session *session;
1397 session = hidp_session_find(&ci->bdaddr);
1399 hidp_copy_session(session, ci);
1400 hidp_session_put(session);
1403 return session ? 0 : -ENOENT;
1406 static int __init hidp_init(void)
1408 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1410 return hidp_init_sockets();
1413 static void __exit hidp_exit(void)
1415 hidp_cleanup_sockets();
1418 module_init(hidp_init);
1419 module_exit(hidp_exit);
1421 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1422 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1423 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1424 MODULE_VERSION(VERSION);
1425 MODULE_LICENSE("GPL");
1426 MODULE_ALIAS("bt-proto-6");
projects / cascardo / linux.git / blob