projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move more vars to struct l2cap_chan
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4
LT		 23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
1da177e4
LT		 28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
83144186 31#include <linux/freezer.h>
1da177e4
LT		 32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
0ff1731a 39#include <linux/mutex.h>
aabf6f89 40#include <linux/kthread.h>
1da177e4
LT		 41#include <net/sock.h>
42
43#include <linux/input.h>
e1aaadd4 44#include <linux/hid.h>
364f6351 45#include <linux/hidraw.h>
1da177e4
LT		 46
47#include <net/bluetooth/bluetooth.h>
0a85b964 48#include <net/bluetooth/hci_core.h>
1da177e4
LT		 49#include <net/bluetooth/l2cap.h>
50
51#include "hidp.h"
52
e1aaadd4 53#define VERSION "1.2"
1da177e4
LT		 54
55static DECLARE_RWSEM(hidp_session_sem);
56static LIST_HEAD(hidp_session_list);
57
58static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 77};
78
79static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82{
83 struct hidp_session *session;
84 struct list_head *p;
85
86 BT_DBG("");
87
88 list_for_each(p, &hidp_session_list) {
89 session = list_entry(p, struct hidp_session, list);
90 if (!bacmp(bdaddr, &session->bdaddr))
91 return session;
92 }
93 return NULL;
94}
95
96static void __hidp_link_session(struct hidp_session *session)
97{
98 __module_get(THIS_MODULE);
99 list_add(&session->list, &hidp_session_list);
edad6388
MH		 100
101 hci_conn_hold_device(session->conn);
1da177e4
LT		 102}
103
104static void __hidp_unlink_session(struct hidp_session *session)
105{
edad6388
MH		 106 hci_conn_put_device(session->conn);
107
1da177e4
LT		 108 list_del(&session->list);
109 module_put(THIS_MODULE);
110}
111
112static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
113{
d31dbf6e 114 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 115 bacpy(&ci->bdaddr, &session->bdaddr);
116
117 ci->flags = session->flags;
118 ci->state = session->state;
119
120 ci->vendor = 0x0000;
121 ci->product = 0x0000;
122 ci->version = 0x0000;
1da177e4
LT		 123
124 if (session->input) {
125 ci->vendor = session->input->id.vendor;
126 ci->product = session->input->id.product;
127 ci->version = session->input->id.version;
128 if (session->input->name)
129 strncpy(ci->name, session->input->name, 128);
130 else
131 strncpy(ci->name, "HID Boot Device", 128);
132 }
e1aaadd4
MH		 133
134 if (session->hid) {
135 ci->vendor = session->hid->vendor;
136 ci->product = session->hid->product;
137 ci->version = session->hid->version;
138 strncpy(ci->name, session->hid->name, 128);
139 }
1da177e4
LT		 140}
141
91f5cca3
AM		 142static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
143 unsigned int type, unsigned int code, int value)
1da177e4 144{
1da177e4 145 unsigned char newleds;
e1aaadd4 146 struct sk_buff *skb;
1da177e4 147
e1aaadd4 148 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 149
150 if (type != EV_LED)
151 return -1;
152
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
158
159 if (session->leds == newleds)
160 return 0;
161
162 session->leds = newleds;
163
5a08ecce
AE		 164 skb = alloc_skb(3, GFP_ATOMIC);
165 if (!skb) {
1da177e4
LT		 166 BT_ERR("Can't allocate memory for new frame");
167 return -ENOMEM;
168 }
169
170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 *skb_put(skb, 1) = 0x01;
172 *skb_put(skb, 1) = newleds;
173
174 skb_queue_tail(&session->intr_transmit, skb);
175
176 hidp_schedule(session);
177
178 return 0;
179}
180
e1aaadd4
MH		 181static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
182{
5be39466 183 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 184 struct hidp_session *session = hid->driver_data;
185
186 return hidp_queue_event(session, dev, type, code, value);
187}
188
189static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
190{
5be39466 191 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 192
193 return hidp_queue_event(session, dev, type, code, value);
194}
195
1da177e4
LT		 196static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
197{
198 struct input_dev *dev = session->input;
199 unsigned char *keys = session->keys;
200 unsigned char *udata = skb->data + 1;
201 signed char *sdata = skb->data + 1;
202 int i, size = skb->len - 1;
203
204 switch (skb->data[0]) {
205 case 0x01: /* Keyboard report */
206 for (i = 0; i < 8; i++)
207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
208
209 /* If all the key codes have been set to 0x01, it means
210 * too many keys were pressed at the same time. */
211 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
212 break;
213
214 for (i = 2; i < 8; i++) {
215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
216 if (hidp_keycode[keys[i]])
217 input_report_key(dev, hidp_keycode[keys[i]], 0);
218 else
219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
220 }
221
222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
223 if (hidp_keycode[udata[i]])
224 input_report_key(dev, hidp_keycode[udata[i]], 1);
225 else
226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
227 }
228 }
229
230 memcpy(keys, udata, 8);
231 break;
232
233 case 0x02: /* Mouse report */
234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
239
240 input_report_rel(dev, REL_X, sdata[1]);
241 input_report_rel(dev, REL_Y, sdata[2]);
242
243 if (size > 3)
244 input_report_rel(dev, REL_WHEEL, sdata[3]);
245 break;
246 }
247
248 input_sync(dev);
249}
250
6bf8268f
BN		 251static int __hidp_send_ctrl_message(struct hidp_session *session,
252 unsigned char hdr, unsigned char *data, int size)
253{
254 struct sk_buff *skb;
255
256 BT_DBG("session %p data %p size %d", session, data, size);
257
5a08ecce
AE		 258 skb = alloc_skb(size + 1, GFP_ATOMIC);
259 if (!skb) {
6bf8268f
BN		 260 BT_ERR("Can't allocate memory for new frame");
261 return -ENOMEM;
262 }
263
264 *skb_put(skb, 1) = hdr;
265 if (data && size > 0)
266 memcpy(skb_put(skb, size), data, size);
267
268 skb_queue_tail(&session->ctrl_transmit, skb);
269
270 return 0;
271}
272
273static inline int hidp_send_ctrl_message(struct hidp_session *session,
274 unsigned char hdr, unsigned char *data, int size)
275{
276 int err;
277
278 err = __hidp_send_ctrl_message(session, hdr, data, size);
279
280 hidp_schedule(session);
281
282 return err;
283}
284
91f5cca3
AM		 285static int hidp_queue_report(struct hidp_session *session,
286 unsigned char *data, int size)
e1aaadd4
MH		 287{
288 struct sk_buff *skb;
289
6792b5ec 290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4 291
5a08ecce
AE		 292 skb = alloc_skb(size + 1, GFP_ATOMIC);
293 if (!skb) {
e1aaadd4
MH		 294 BT_ERR("Can't allocate memory for new frame");
295 return -ENOMEM;
296 }
297
298 *skb_put(skb, 1) = 0xa2;
299 if (size > 0)
300 memcpy(skb_put(skb, size), data, size);
301
302 skb_queue_tail(&session->intr_transmit, skb);
303
304 hidp_schedule(session);
305
306 return 0;
307}
308
309static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
310{
311 unsigned char buf[32];
312 int rsize;
313
314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
315 if (rsize > sizeof(buf))
316 return -EIO;
317
318 hid_output_report(report, buf);
319
320 return hidp_queue_report(session, buf, rsize);
321}
322
0ff1731a
AO		 323static int hidp_get_raw_report(struct hid_device *hid,
324 unsigned char report_number,
325 unsigned char *data, size_t count,
326 unsigned char report_type)
327{
328 struct hidp_session *session = hid->driver_data;
329 struct sk_buff *skb;
330 size_t len;
331 int numbered_reports = hid->report_enum[report_type].numbered;
332
333 switch (report_type) {
334 case HID_FEATURE_REPORT:
335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
336 break;
337 case HID_INPUT_REPORT:
338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
339 break;
340 case HID_OUTPUT_REPORT:
341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
342 break;
343 default:
344 return -EINVAL;
345 }
346
347 if (mutex_lock_interruptible(&session->report_mutex))
348 return -ERESTARTSYS;
349
350 /* Set up our wait, and send the report request to the device. */
351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
352 session->waiting_report_number = numbered_reports ? report_number : -1;
353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
354 data[0] = report_number;
355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1))
356 goto err_eio;
357
358 /* Wait for the return of the report. The returned report
359 gets put in session->report_return. */
360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
361 int res;
362
363 res = wait_event_interruptible_timeout(session->report_queue,
364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
365 5*HZ);
366 if (res == 0) {
367 /* timeout */
368 goto err_eio;
369 }
370 if (res < 0) {
371 /* signal */
372 goto err_restartsys;
373 }
374 }
375
376 skb = session->report_return;
377 if (skb) {
378 len = skb->len < count ? skb->len : count;
379 memcpy(data, skb->data, len);
380
381 kfree_skb(skb);
382 session->report_return = NULL;
383 } else {
384 /* Device returned a HANDSHAKE, indicating protocol error. */
385 len = -EIO;
386 }
387
388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
389 mutex_unlock(&session->report_mutex);
390
391 return len;
392
393err_restartsys:
394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
395 mutex_unlock(&session->report_mutex);
396 return -ERESTARTSYS;
397err_eio:
398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
399 mutex_unlock(&session->report_mutex);
400 return -EIO;
401}
402
d4bfa033
JK		 403static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
404 unsigned char report_type)
2da31939 405{
0825411a
AO		 406 struct hidp_session *session = hid->driver_data;
407 int ret;
408
d4bfa033
JK		 409 switch (report_type) {
410 case HID_FEATURE_REPORT:
411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
412 break;
413 case HID_OUTPUT_REPORT:
97e1efbb 414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 415 break;
416 default:
417 return -EINVAL;
418 }
419
0825411a
AO		 420 if (mutex_lock_interruptible(&session->report_mutex))
421 return -ERESTARTSYS;
422
423 /* Set up our wait, and send the report request to the device. */
424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
d4bfa033 425 if (hidp_send_ctrl_message(hid->driver_data, report_type,
0825411a
AO		 426 data, count)) {
427 ret = -ENOMEM;
428 goto err;
429 }
430
431 /* Wait for the ACK from the device. */
432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
433 int res;
434
435 res = wait_event_interruptible_timeout(session->report_queue,
436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
437 10*HZ);
438 if (res == 0) {
439 /* timeout */
440 ret = -EIO;
441 goto err;
442 }
443 if (res < 0) {
444 /* signal */
445 ret = -ERESTARTSYS;
446 goto err;
447 }
448 }
449
450 if (!session->output_report_success) {
451 ret = -EIO;
452 goto err;
453 }
454
455 ret = count;
456
457err:
458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
459 mutex_unlock(&session->report_mutex);
460 return ret;
2da31939
JK		 461}
462
1da177e4
LT		 463static void hidp_idle_timeout(unsigned long arg)
464{
465 struct hidp_session *session = (struct hidp_session *) arg;
466
aabf6f89 467 kthread_stop(session->task);
1da177e4
LT		 468}
469
91f5cca3 470static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 471{
472 if (session->idle_to > 0)
473 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
474}
475
476static inline void hidp_del_timer(struct hidp_session *session)
477{
478 if (session->idle_to > 0)
479 del_timer(&session->timer);
480}
481
91f5cca3
AM		 482static void hidp_process_handshake(struct hidp_session *session,
483 unsigned char param)
1da177e4
LT		 484{
485 BT_DBG("session %p param 0x%02x", session, param);
0825411a 486 session->output_report_success = 0; /* default condition */
1da177e4
LT		 487
488 switch (param) {
489 case HIDP_HSHK_SUCCESSFUL:
490 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 491 session->output_report_success = 1;
1da177e4
LT		 492 break;
493
494 case HIDP_HSHK_NOT_READY:
495 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
496 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
497 case HIDP_HSHK_ERR_INVALID_PARAMETER:
0ff1731a
AO		 498 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
499 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
500 wake_up_interruptible(&session->report_queue);
501 }
1da177e4
LT		 502 /* FIXME: Call into SET_ GET_ handlers here */
503 break;
504
505 case HIDP_HSHK_ERR_UNKNOWN:
506 break;
507
508 case HIDP_HSHK_ERR_FATAL:
509 /* Device requests a reboot, as this is the only way this error
8e87d142 510 * can be recovered. */
1da177e4
LT		 511 __hidp_send_ctrl_message(session,
512 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
513 break;
514
515 default:
516 __hidp_send_ctrl_message(session,
517 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
518 break;
519 }
0825411a
AO		 520
521 /* Wake up the waiting thread. */
522 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
523 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
524 wake_up_interruptible(&session->report_queue);
525 }
1da177e4
LT		 526}
527
91f5cca3
AM		 528static void hidp_process_hid_control(struct hidp_session *session,
529 unsigned char param)
1da177e4
LT		 530{
531 BT_DBG("session %p param 0x%02x", session, param);
532
eff001e3 533 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 534 /* Flush the transmit queues */
535 skb_queue_purge(&session->ctrl_transmit);
536 skb_queue_purge(&session->intr_transmit);
537
aabf6f89 538 kthread_stop(session->task);
1da177e4
LT		 539 }
540}
541
0ff1731a
AO		 542/* Returns true if the passed-in skb should be freed by the caller. */
543static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 544 unsigned char param)
1da177e4 545{
0ff1731a 546 int done_with_skb = 1;
1da177e4
LT		 547 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
548
549 switch (param) {
550 case HIDP_DATA_RTYPE_INPUT:
551 hidp_set_timer(session);
552
553 if (session->input)
554 hidp_input_report(session, skb);
e1aaadd4
MH		 555
556 if (session->hid)
557 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 558 break;
559
560 case HIDP_DATA_RTYPE_OTHER:
561 case HIDP_DATA_RTYPE_OUPUT:
562 case HIDP_DATA_RTYPE_FEATURE:
563 break;
564
565 default:
566 __hidp_send_ctrl_message(session,
567 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
568 }
0ff1731a
AO		 569
570 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
571 param == session->waiting_report_type) {
572 if (session->waiting_report_number < 0 ||
573 session->waiting_report_number == skb->data[0]) {
574 /* hidp_get_raw_report() is waiting on this report. */
575 session->report_return = skb;
576 done_with_skb = 0;
577 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
578 wake_up_interruptible(&session->report_queue);
579 }
580 }
581
582 return done_with_skb;
1da177e4
LT		 583}
584
91f5cca3
AM		 585static void hidp_recv_ctrl_frame(struct hidp_session *session,
586 struct sk_buff *skb)
1da177e4
LT		 587{
588 unsigned char hdr, type, param;
0ff1731a 589 int free_skb = 1;
1da177e4
LT		 590
591 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
592
593 hdr = skb->data[0];
594 skb_pull(skb, 1);
595
596 type = hdr & HIDP_HEADER_TRANS_MASK;
597 param = hdr & HIDP_HEADER_PARAM_MASK;
598
599 switch (type) {
600 case HIDP_TRANS_HANDSHAKE:
601 hidp_process_handshake(session, param);
602 break;
603
604 case HIDP_TRANS_HID_CONTROL:
605 hidp_process_hid_control(session, param);
606 break;
607
608 case HIDP_TRANS_DATA:
0ff1731a 609 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 610 break;
611
612 default:
613 __hidp_send_ctrl_message(session,
614 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
615 break;
616 }
617
0ff1731a
AO		 618 if (free_skb)
619 kfree_skb(skb);
1da177e4
LT		 620}
621
91f5cca3
AM		 622static void hidp_recv_intr_frame(struct hidp_session *session,
623 struct sk_buff *skb)
1da177e4
LT		 624{
625 unsigned char hdr;
626
627 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
628
629 hdr = skb->data[0];
630 skb_pull(skb, 1);
631
632 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
633 hidp_set_timer(session);
e1aaadd4 634
1da177e4
LT		 635 if (session->input)
636 hidp_input_report(session, skb);
e1aaadd4
MH		 637
638 if (session->hid) {
639 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
640 BT_DBG("report len %d", skb->len);
641 }
1da177e4
LT		 642 } else {
643 BT_DBG("Unsupported protocol header 0x%02x", hdr);
644 }
645
646 kfree_skb(skb);
647}
648
649static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
650{
651 struct kvec iv = { data, len };
652 struct msghdr msg;
653
654 BT_DBG("sock %p data %p len %d", sock, data, len);
655
656 if (!len)
657 return 0;
658
659 memset(&msg, 0, sizeof(msg));
660
661 return kernel_sendmsg(sock, &msg, &iv, 1, len);
662}
663
b03efcfb 664static void hidp_process_transmit(struct hidp_session *session)
1da177e4
LT		 665{
666 struct sk_buff *skb;
667
668 BT_DBG("session %p", session);
669
670 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
671 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
672 skb_queue_head(&session->ctrl_transmit, skb);
673 break;
674 }
675
676 hidp_set_timer(session);
677 kfree_skb(skb);
678 }
679
680 while ((skb = skb_dequeue(&session->intr_transmit))) {
681 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
682 skb_queue_head(&session->intr_transmit, skb);
683 break;
684 }
685
686 hidp_set_timer(session);
687 kfree_skb(skb);
688 }
1da177e4
LT		 689}
690
691static int hidp_session(void *arg)
692{
693 struct hidp_session *session = arg;
694 struct sock *ctrl_sk = session->ctrl_sock->sk;
695 struct sock *intr_sk = session->intr_sock->sk;
696 struct sk_buff *skb;
1da177e4
LT		 697 wait_queue_t ctrl_wait, intr_wait;
698
699 BT_DBG("session %p", session);
700
1da177e4 701 set_user_nice(current, -15);
1da177e4
LT		 702
703 init_waitqueue_entry(&ctrl_wait, current);
704 init_waitqueue_entry(&intr_wait, current);
aa395145
ED		 705 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
706 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
0f69dca2
AO		 707 session->waiting_for_startup = 0;
708 wake_up_interruptible(&session->startup_queue);
aabf6f89 709 while (!kthread_should_stop()) {
1da177e4
LT		 710 set_current_state(TASK_INTERRUPTIBLE);
711
17f09a7e
SJ		 712 if (ctrl_sk->sk_state != BT_CONNECTED ||
713 intr_sk->sk_state != BT_CONNECTED)
1da177e4
LT		 714 break;
715
716 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
717 skb_orphan(skb);
718 hidp_recv_ctrl_frame(session, skb);
719 }
720
721 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
722 skb_orphan(skb);
723 hidp_recv_intr_frame(session, skb);
724 }
725
726 hidp_process_transmit(session);
727
728 schedule();
729 }
730 set_current_state(TASK_RUNNING);
aa395145
ED		 731 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
732 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
1da177e4
LT		 733
734 down_write(&hidp_session_sem);
735
736 hidp_del_timer(session);
737
1da177e4
LT		 738 if (session->input) {
739 input_unregister_device(session->input);
34abf91f 740 session->input = NULL;
1da177e4
LT		 741 }
742
e1aaadd4 743 if (session->hid) {
85cdaf52 744 hid_destroy_device(session->hid);
edad6388 745 session->hid = NULL;
e1aaadd4
MH		 746 }
747
ec8dab36
MH		 748 /* Wakeup user-space polling for socket errors */
749 session->intr_sock->sk->sk_err = EUNATCH;
750 session->ctrl_sock->sk->sk_err = EUNATCH;
751
752 hidp_schedule(session);
753
1c39858b
DW		 754 fput(session->intr_sock->file);
755
aa395145 756 wait_event_timeout(*(sk_sleep(ctrl_sk)),
1c39858b
DW		 757 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
758
759 fput(session->ctrl_sock->file);
760
761 __hidp_unlink_session(session);
762
1da177e4
LT		 763 up_write(&hidp_session_sem);
764
765 kfree(session);
766 return 0;
767}
768
0a85b964
MH		 769static struct device *hidp_get_device(struct hidp_session *session)
770{
771 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
772 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
edad6388 773 struct device *device = NULL;
0a85b964 774 struct hci_dev *hdev;
0a85b964
MH		 775
776 hdev = hci_get_route(dst, src);
777 if (!hdev)
778 return NULL;
779
edad6388
MH		 780 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
781 if (session->conn)
782 device = &session->conn->dev;
0a85b964
MH		 783
784 hci_dev_put(hdev);
785
edad6388 786 return device;
0a85b964
MH		 787}
788
91f5cca3
AM		 789static int hidp_setup_input(struct hidp_session *session,
790 struct hidp_connadd_req *req)
1da177e4 791{
c500c971 792 struct input_dev *input;
edad6388 793 int err, i;
1da177e4 794
c500c971
JS		 795 input = input_allocate_device();
796 if (!input)
797 return -ENOMEM;
798
799 session->input = input;
800
5be39466 801 input_set_drvdata(input, session);
1da177e4 802
34abf91f
DT		 803 input->name = "Bluetooth HID Boot Protocol Device";
804
1da177e4
LT		 805 input->id.bustype = BUS_BLUETOOTH;
806 input->id.vendor = req->vendor;
807 input->id.product = req->product;
808 input->id.version = req->version;
809
810 if (req->subclass & 0x40) {
811 set_bit(EV_KEY, input->evbit);
812 set_bit(EV_LED, input->evbit);
813 set_bit(EV_REP, input->evbit);
814
815 set_bit(LED_NUML, input->ledbit);
816 set_bit(LED_CAPSL, input->ledbit);
817 set_bit(LED_SCROLLL, input->ledbit);
818 set_bit(LED_COMPOSE, input->ledbit);
819 set_bit(LED_KANA, input->ledbit);
820
821 for (i = 0; i < sizeof(hidp_keycode); i++)
822 set_bit(hidp_keycode[i], input->keybit);
823 clear_bit(0, input->keybit);
824 }
825
826 if (req->subclass & 0x80) {
7b19ada2
JS		 827 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
828 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
829 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
830 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
831 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
832 BIT_MASK(BTN_EXTRA);
833 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 834 }
835
5be39466 836 input->dev.parent = hidp_get_device(session);
0a85b964 837
1da177e4
LT		 838 input->event = hidp_input_event;
839
edad6388
MH		 840 err = input_register_device(input);
841 if (err < 0) {
842 hci_conn_put_device(session->conn);
843 return err;
844 }
845
846 return 0;
1da177e4
LT		 847}
848
f5ffd462
MH		 849static int hidp_open(struct hid_device *hid)
850{
851 return 0;
852}
853
854static void hidp_close(struct hid_device *hid)
855{
856}
857
c500c971
JS		 858static int hidp_parse(struct hid_device *hid)
859{
860 struct hidp_session *session = hid->driver_data;
c500c971 861
15c697ce
MP		 862 return hid_parse_report(session->hid, session->rd_data,
863 session->rd_size);
c500c971
JS		 864}
865
866static int hidp_start(struct hid_device *hid)
867{
868 struct hidp_session *session = hid->driver_data;
869 struct hid_report *report;
870
871 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
872 report_list, list)
873 hidp_send_report(session, report);
874
875 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
876 report_list, list)
877 hidp_send_report(session, report);
878
c500c971
JS		 879 return 0;
880}
881
882static void hidp_stop(struct hid_device *hid)
883{
884 struct hidp_session *session = hid->driver_data;
885
886 skb_queue_purge(&session->ctrl_transmit);
887 skb_queue_purge(&session->intr_transmit);
888
c500c971
JS		 889 hid->claimed = 0;
890}
891
892static struct hid_ll_driver hidp_hid_driver = {
893 .parse = hidp_parse,
894 .start = hidp_start,
895 .stop = hidp_stop,
896 .open = hidp_open,
897 .close = hidp_close,
898 .hidinput_input_event = hidp_hidinput_event,
899};
900
0f69dca2
AO		 901/* This function sets up the hid device. It does not add it
902 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 903static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 904 struct hidp_connadd_req *req)
e1aaadd4 905{
c500c971 906 struct hid_device *hid;
edad6388 907 int err;
e1aaadd4 908
15c697ce
MP		 909 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
910 if (!session->rd_data)
911 return -ENOMEM;
912
913 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
914 err = -EFAULT;
915 goto fault;
916 }
917 session->rd_size = req->rd_size;
918
c500c971 919 hid = hid_allocate_device();
15c697ce
MP		 920 if (IS_ERR(hid)) {
921 err = PTR_ERR(hid);
922 goto fault;
923 }
e1aaadd4 924
c500c971 925 session->hid = hid;
15c697ce 926
e1aaadd4
MH		 927 hid->driver_data = session;
928
e1aaadd4
MH		 929 hid->bus = BUS_BLUETOOTH;
930 hid->vendor = req->vendor;
931 hid->product = req->product;
932 hid->version = req->version;
c500c971 933 hid->country = req->country;
e1aaadd4
MH		 934
935 strncpy(hid->name, req->name, 128);
d6b2eb2f
GP		 936 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
937 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
e1aaadd4 938
85cdaf52 939 hid->dev.parent = hidp_get_device(session);
c500c971 940 hid->ll_driver = &hidp_hid_driver;
85cdaf52 941
0ff1731a 942 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 943 hid->hid_output_raw_report = hidp_output_raw_report;
944
c500c971 945 return 0;
edad6388 946
15c697ce
MP		 947fault:
948 kfree(session->rd_data);
949 session->rd_data = NULL;
950
edad6388 951 return err;
e1aaadd4
MH		 952}
953
1da177e4
LT		 954int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
955{
956 struct hidp_session *session, *s;
aabf6f89 957 int vendor, product;
1da177e4
LT		 958 int err;
959
960 BT_DBG("");
961
962 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
963 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
964 return -ENOTUNIQ;
965
25ea6db0 966 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
34abf91f 967 if (!session)
1da177e4 968 return -ENOMEM;
1da177e4 969
e1aaadd4
MH		 970 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
971
1da177e4
LT		 972 down_write(&hidp_session_sem);
973
974 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
975 if (s && s->state == BT_CONNECTED) {
976 err = -EEXIST;
977 goto failed;
978 }
979
980 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
981
982 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
983 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
984
985 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
986
987 session->ctrl_sock = ctrl_sock;
988 session->intr_sock = intr_sock;
989 session->state = BT_CONNECTED;
990
b24b8a24 991 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 992
993 skb_queue_head_init(&session->ctrl_transmit);
994 skb_queue_head_init(&session->intr_transmit);
995
0ff1731a
AO		 996 mutex_init(&session->report_mutex);
997 init_waitqueue_head(&session->report_queue);
0f69dca2
AO		 998 init_waitqueue_head(&session->startup_queue);
999 session->waiting_for_startup = 1;
1da177e4
LT		 1000 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1001 session->idle_to = req->idle_to;
1002
c500c971 1003 if (req->rd_size > 0) {
85cdaf52 1004 err = hidp_setup_hid(session, req);
d458a9df 1005 if (err && err != -ENODEV)
edad6388 1006 goto purge;
c500c971
JS		 1007 }
1008
1009 if (!session->hid) {
1010 err = hidp_setup_input(session, req);
1011 if (err < 0)
edad6388 1012 goto purge;
85cdaf52 1013 }
e1aaadd4 1014
1da177e4
LT		 1015 __hidp_link_session(session);
1016
1017 hidp_set_timer(session);
1018
aabf6f89
SJ		 1019 if (session->hid) {
1020 vendor = session->hid->vendor;
1021 product = session->hid->product;
1022 } else if (session->input) {
1023 vendor = session->input->id.vendor;
1024 product = session->input->id.product;
1025 } else {
1026 vendor = 0x0000;
1027 product = 0x0000;
1028 }
1029
1030 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1031 vendor, product);
1032 if (IS_ERR(session->task)) {
1033 err = PTR_ERR(session->task);
1da177e4 1034 goto unlink;
aabf6f89
SJ		 1035 }
1036
0f69dca2
AO		 1037 while (session->waiting_for_startup) {
1038 wait_event_interruptible(session->startup_queue,
1039 !session->waiting_for_startup);
1040 }
1041
1042 err = hid_add_device(session->hid);
1043 if (err < 0)
1044 goto err_add_device;
1da177e4
LT		 1045
1046 if (session->input) {
1047 hidp_send_ctrl_message(session,
1048 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1049 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1050
1051 session->leds = 0xff;
1052 hidp_input_event(session->input, EV_LED, 0, 0);
1053 }
1054
1055 up_write(&hidp_session_sem);
1056 return 0;
1057
0f69dca2
AO		 1058err_add_device:
1059 hid_destroy_device(session->hid);
1060 session->hid = NULL;
aabf6f89 1061 kthread_stop(session->task);
0f69dca2 1062
1da177e4
LT		 1063unlink:
1064 hidp_del_timer(session);
1065
1066 __hidp_unlink_session(session);
1067
edad6388 1068 if (session->input) {
1da177e4 1069 input_unregister_device(session->input);
edad6388
MH		 1070 session->input = NULL;
1071 }
1072
1073 if (session->hid) {
85cdaf52 1074 hid_destroy_device(session->hid);
edad6388
MH		 1075 session->hid = NULL;
1076 }
1077
15c697ce
MP		 1078 kfree(session->rd_data);
1079 session->rd_data = NULL;
1080
edad6388 1081purge:
c500c971
JS		 1082 skb_queue_purge(&session->ctrl_transmit);
1083 skb_queue_purge(&session->intr_transmit);
edad6388 1084
c500c971
JS		 1085failed:
1086 up_write(&hidp_session_sem);
e1aaadd4 1087
5be39466 1088 input_free_device(session->input);
1da177e4
LT		 1089 kfree(session);
1090 return err;
1091}
1092
1093int hidp_del_connection(struct hidp_conndel_req *req)
1094{
1095 struct hidp_session *session;
1096 int err = 0;
1097
1098 BT_DBG("");
1099
1100 down_read(&hidp_session_sem);
1101
1102 session = __hidp_get_session(&req->bdaddr);
1103 if (session) {
1104 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1105 hidp_send_ctrl_message(session,
1106 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1107 } else {
1108 /* Flush the transmit queues */
1109 skb_queue_purge(&session->ctrl_transmit);
1110 skb_queue_purge(&session->intr_transmit);
1111
aabf6f89 1112 kthread_stop(session->task);
1da177e4
LT		 1113 }
1114 } else
1115 err = -ENOENT;
1116
1117 up_read(&hidp_session_sem);
1118 return err;
1119}
1120
1121int hidp_get_connlist(struct hidp_connlist_req *req)
1122{
1123 struct list_head *p;
1124 int err = 0, n = 0;
1125
1126 BT_DBG("");
1127
1128 down_read(&hidp_session_sem);
1129
1130 list_for_each(p, &hidp_session_list) {
1131 struct hidp_session *session;
1132 struct hidp_conninfo ci;
1133
1134 session = list_entry(p, struct hidp_session, list);
1135
1136 __hidp_copy_session(session, &ci);
1137
1138 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1139 err = -EFAULT;
1140 break;
1141 }
1142
1143 if (++n >= req->cnum)
1144 break;
1145
1146 req->ci++;
1147 }
1148 req->cnum = n;
1149
1150 up_read(&hidp_session_sem);
1151 return err;
1152}
1153
1154int hidp_get_conninfo(struct hidp_conninfo *ci)
1155{
1156 struct hidp_session *session;
1157 int err = 0;
1158
1159 down_read(&hidp_session_sem);
1160
1161 session = __hidp_get_session(&ci->bdaddr);
1162 if (session)
1163 __hidp_copy_session(session, ci);
1164 else
1165 err = -ENOENT;
1166
1167 up_read(&hidp_session_sem);
1168 return err;
1169}
1170
85cdaf52
JS		 1171static const struct hid_device_id hidp_table[] = {
1172 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1173 { }
1174};
1175
1176static struct hid_driver hidp_driver = {
1177 .name = "generic-bluetooth",
1178 .id_table = hidp_table,
1179};
1180
1da177e4
LT		 1181static int __init hidp_init(void)
1182{
85cdaf52
JS		 1183 int ret;
1184
1da177e4
LT		 1185 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1186
85cdaf52
JS		 1187 ret = hid_register_driver(&hidp_driver);
1188 if (ret)
1189 goto err;
1190
1191 ret = hidp_init_sockets();
1192 if (ret)
1193 goto err_drv;
1194
1195 return 0;
1196err_drv:
1197 hid_unregister_driver(&hidp_driver);
1198err:
1199 return ret;
1da177e4
LT		 1200}
1201
1202static void __exit hidp_exit(void)
1203{
1204 hidp_cleanup_sockets();
85cdaf52 1205 hid_unregister_driver(&hidp_driver);
1da177e4
LT		 1206}
1207
1208module_init(hidp_init);
1209module_exit(hidp_exit);
1210
1211MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1212MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1213MODULE_VERSION(VERSION);
1214MODULE_LICENSE("GPL");
1215MODULE_ALIAS("bt-proto-6");
kernel source for telekom puls (alcatel/mediatek)