projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'timer/cleanup' into late/mvebu2
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4 23#include <linux/module.h>
1da177e4 24#include <linux/file.h>
aabf6f89 25#include <linux/kthread.h>
364f6351 26#include <linux/hidraw.h>
1da177e4
LT		 27
28#include <net/bluetooth/bluetooth.h>
0a85b964 29#include <net/bluetooth/hci_core.h>
1da177e4
LT		 30#include <net/bluetooth/l2cap.h>
31
32#include "hidp.h"
33
e1aaadd4 34#define VERSION "1.2"
1da177e4
LT		 35
36static DECLARE_RWSEM(hidp_session_sem);
37static LIST_HEAD(hidp_session_list);
38
39static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 40 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 58};
59
60static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61
62static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
63{
64 struct hidp_session *session;
1da177e4
LT		 65
66 BT_DBG("");
67
cd11cdd2 68 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 69 if (!bacmp(bdaddr, &session->bdaddr))
70 return session;
71 }
8035ded4 72
1da177e4
LT		 73 return NULL;
74}
75
76static void __hidp_link_session(struct hidp_session *session)
77{
1da177e4
LT		 78 list_add(&session->list, &hidp_session_list);
79}
80
81static void __hidp_unlink_session(struct hidp_session *session)
82{
edad6388
MH		 83 hci_conn_put_device(session->conn);
84
1da177e4 85 list_del(&session->list);
1da177e4
LT		 86}
87
88static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
89{
d31dbf6e 90 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 91 bacpy(&ci->bdaddr, &session->bdaddr);
92
93 ci->flags = session->flags;
94 ci->state = session->state;
95
96 ci->vendor = 0x0000;
97 ci->product = 0x0000;
98 ci->version = 0x0000;
1da177e4
LT		 99
100 if (session->input) {
101 ci->vendor = session->input->id.vendor;
102 ci->product = session->input->id.product;
103 ci->version = session->input->id.version;
104 if (session->input->name)
105 strncpy(ci->name, session->input->name, 128);
106 else
107 strncpy(ci->name, "HID Boot Device", 128);
108 }
e1aaadd4
MH		 109
110 if (session->hid) {
111 ci->vendor = session->hid->vendor;
112 ci->product = session->hid->product;
113 ci->version = session->hid->version;
114 strncpy(ci->name, session->hid->name, 128);
115 }
1da177e4
LT		 116}
117
91f5cca3
AM		 118static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
119 unsigned int type, unsigned int code, int value)
1da177e4 120{
1da177e4 121 unsigned char newleds;
e1aaadd4 122 struct sk_buff *skb;
1da177e4 123
e1aaadd4 124 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 125
126 if (type != EV_LED)
127 return -1;
128
129 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132 (!!test_bit(LED_CAPSL, dev->led) << 1) |
133 (!!test_bit(LED_NUML, dev->led));
134
135 if (session->leds == newleds)
136 return 0;
137
138 session->leds = newleds;
139
5a08ecce
AE		 140 skb = alloc_skb(3, GFP_ATOMIC);
141 if (!skb) {
1da177e4
LT		 142 BT_ERR("Can't allocate memory for new frame");
143 return -ENOMEM;
144 }
145
146 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
147 *skb_put(skb, 1) = 0x01;
148 *skb_put(skb, 1) = newleds;
149
150 skb_queue_tail(&session->intr_transmit, skb);
151
152 hidp_schedule(session);
153
154 return 0;
155}
156
e1aaadd4
MH		 157static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
158{
5be39466 159 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 160 struct hidp_session *session = hid->driver_data;
161
162 return hidp_queue_event(session, dev, type, code, value);
163}
164
165static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
166{
5be39466 167 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 168
169 return hidp_queue_event(session, dev, type, code, value);
170}
171
1da177e4
LT		 172static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173{
174 struct input_dev *dev = session->input;
175 unsigned char *keys = session->keys;
176 unsigned char *udata = skb->data + 1;
177 signed char *sdata = skb->data + 1;
178 int i, size = skb->len - 1;
179
180 switch (skb->data[0]) {
181 case 0x01: /* Keyboard report */
182 for (i = 0; i < 8; i++)
183 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184
185 /* If all the key codes have been set to 0x01, it means
186 * too many keys were pressed at the same time. */
187 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
188 break;
189
190 for (i = 2; i < 8; i++) {
191 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192 if (hidp_keycode[keys[i]])
193 input_report_key(dev, hidp_keycode[keys[i]], 0);
194 else
195 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
196 }
197
198 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199 if (hidp_keycode[udata[i]])
200 input_report_key(dev, hidp_keycode[udata[i]], 1);
201 else
202 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203 }
204 }
205
206 memcpy(keys, udata, 8);
207 break;
208
209 case 0x02: /* Mouse report */
210 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
211 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
212 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
214 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215
216 input_report_rel(dev, REL_X, sdata[1]);
217 input_report_rel(dev, REL_Y, sdata[2]);
218
219 if (size > 3)
220 input_report_rel(dev, REL_WHEEL, sdata[3]);
221 break;
222 }
223
224 input_sync(dev);
225}
226
6bf8268f 227static int __hidp_send_ctrl_message(struct hidp_session *session,
1d0c4da8
GP		 228 unsigned char hdr, unsigned char *data,
229 int size)
6bf8268f
BN		 230{
231 struct sk_buff *skb;
232
233 BT_DBG("session %p data %p size %d", session, data, size);
234
794d1756
DH		 235 if (atomic_read(&session->terminate))
236 return -EIO;
237
5a08ecce
AE		 238 skb = alloc_skb(size + 1, GFP_ATOMIC);
239 if (!skb) {
6bf8268f
BN		 240 BT_ERR("Can't allocate memory for new frame");
241 return -ENOMEM;
242 }
243
244 *skb_put(skb, 1) = hdr;
245 if (data && size > 0)
246 memcpy(skb_put(skb, size), data, size);
247
248 skb_queue_tail(&session->ctrl_transmit, skb);
249
250 return 0;
251}
252
6039aa73 253static int hidp_send_ctrl_message(struct hidp_session *session,
6bf8268f
BN		 254 unsigned char hdr, unsigned char *data, int size)
255{
256 int err;
257
258 err = __hidp_send_ctrl_message(session, hdr, data, size);
259
260 hidp_schedule(session);
261
262 return err;
263}
264
91f5cca3
AM		 265static int hidp_queue_report(struct hidp_session *session,
266 unsigned char *data, int size)
e1aaadd4
MH		 267{
268 struct sk_buff *skb;
269
6792b5ec 270 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4 271
5a08ecce
AE		 272 skb = alloc_skb(size + 1, GFP_ATOMIC);
273 if (!skb) {
e1aaadd4
MH		 274 BT_ERR("Can't allocate memory for new frame");
275 return -ENOMEM;
276 }
277
278 *skb_put(skb, 1) = 0xa2;
279 if (size > 0)
280 memcpy(skb_put(skb, size), data, size);
281
282 skb_queue_tail(&session->intr_transmit, skb);
283
284 hidp_schedule(session);
285
286 return 0;
287}
288
289static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290{
291 unsigned char buf[32];
292 int rsize;
293
294 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
295 if (rsize > sizeof(buf))
296 return -EIO;
297
298 hid_output_report(report, buf);
299
300 return hidp_queue_report(session, buf, rsize);
301}
302
0ff1731a
AO		 303static int hidp_get_raw_report(struct hid_device *hid,
304 unsigned char report_number,
305 unsigned char *data, size_t count,
306 unsigned char report_type)
307{
308 struct hidp_session *session = hid->driver_data;
309 struct sk_buff *skb;
310 size_t len;
311 int numbered_reports = hid->report_enum[report_type].numbered;
794d1756 312 int ret;
0ff1731a
AO		 313
314 switch (report_type) {
315 case HID_FEATURE_REPORT:
316 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
317 break;
318 case HID_INPUT_REPORT:
319 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
320 break;
321 case HID_OUTPUT_REPORT:
322 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
323 break;
324 default:
325 return -EINVAL;
326 }
327
328 if (mutex_lock_interruptible(&session->report_mutex))
329 return -ERESTARTSYS;
330
331 /* Set up our wait, and send the report request to the device. */
332 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
333 session->waiting_report_number = numbered_reports ? report_number : -1;
334 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
335 data[0] = report_number;
794d1756
DH		 336 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
337 if (ret)
338 goto err;
0ff1731a
AO		 339
340 /* Wait for the return of the report. The returned report
341 gets put in session->report_return. */
342 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
343 int res;
344
345 res = wait_event_interruptible_timeout(session->report_queue,
346 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
347 5*HZ);
348 if (res == 0) {
349 /* timeout */
794d1756
DH		 350 ret = -EIO;
351 goto err;
0ff1731a
AO		 352 }
353 if (res < 0) {
354 /* signal */
794d1756
DH		 355 ret = -ERESTARTSYS;
356 goto err;
0ff1731a
AO		 357 }
358 }
359
360 skb = session->report_return;
361 if (skb) {
362 len = skb->len < count ? skb->len : count;
363 memcpy(data, skb->data, len);
364
365 kfree_skb(skb);
366 session->report_return = NULL;
367 } else {
368 /* Device returned a HANDSHAKE, indicating protocol error. */
369 len = -EIO;
370 }
371
372 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
373 mutex_unlock(&session->report_mutex);
374
375 return len;
376
794d1756 377err:
0ff1731a
AO		 378 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
379 mutex_unlock(&session->report_mutex);
794d1756 380 return ret;
0ff1731a
AO		 381}
382
d4bfa033
JK		 383static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
384 unsigned char report_type)
2da31939 385{
0825411a
AO		 386 struct hidp_session *session = hid->driver_data;
387 int ret;
388
d4bfa033
JK		 389 switch (report_type) {
390 case HID_FEATURE_REPORT:
391 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
392 break;
393 case HID_OUTPUT_REPORT:
97e1efbb 394 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 395 break;
396 default:
397 return -EINVAL;
398 }
399
0825411a
AO		 400 if (mutex_lock_interruptible(&session->report_mutex))
401 return -ERESTARTSYS;
402
403 /* Set up our wait, and send the report request to the device. */
404 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
794d1756
DH		 405 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
406 count);
407 if (ret)
0825411a 408 goto err;
0825411a
AO		 409
410 /* Wait for the ACK from the device. */
411 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
412 int res;
413
414 res = wait_event_interruptible_timeout(session->report_queue,
415 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
416 10*HZ);
417 if (res == 0) {
418 /* timeout */
419 ret = -EIO;
420 goto err;
421 }
422 if (res < 0) {
423 /* signal */
424 ret = -ERESTARTSYS;
425 goto err;
426 }
427 }
428
429 if (!session->output_report_success) {
430 ret = -EIO;
431 goto err;
432 }
433
434 ret = count;
435
436err:
437 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
438 mutex_unlock(&session->report_mutex);
439 return ret;
2da31939
JK		 440}
441
1da177e4
LT		 442static void hidp_idle_timeout(unsigned long arg)
443{
444 struct hidp_session *session = (struct hidp_session *) arg;
445
7bb59df8
PH		 446 atomic_inc(&session->terminate);
447 wake_up_process(session->task);
1da177e4
LT		 448}
449
91f5cca3 450static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 451{
452 if (session->idle_to > 0)
453 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
454}
455
6039aa73 456static void hidp_del_timer(struct hidp_session *session)
1da177e4
LT		 457{
458 if (session->idle_to > 0)
459 del_timer(&session->timer);
460}
461
91f5cca3
AM		 462static void hidp_process_handshake(struct hidp_session *session,
463 unsigned char param)
1da177e4
LT		 464{
465 BT_DBG("session %p param 0x%02x", session, param);
0825411a 466 session->output_report_success = 0; /* default condition */
1da177e4
LT		 467
468 switch (param) {
469 case HIDP_HSHK_SUCCESSFUL:
470 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 471 session->output_report_success = 1;
1da177e4
LT		 472 break;
473
474 case HIDP_HSHK_NOT_READY:
475 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
476 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
477 case HIDP_HSHK_ERR_INVALID_PARAMETER:
ab88f714 478 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
0ff1731a 479 wake_up_interruptible(&session->report_queue);
ab88f714 480
1da177e4
LT		 481 /* FIXME: Call into SET_ GET_ handlers here */
482 break;
483
484 case HIDP_HSHK_ERR_UNKNOWN:
485 break;
486
487 case HIDP_HSHK_ERR_FATAL:
488 /* Device requests a reboot, as this is the only way this error
8e87d142 489 * can be recovered. */
1da177e4
LT		 490 __hidp_send_ctrl_message(session,
491 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
492 break;
493
494 default:
495 __hidp_send_ctrl_message(session,
496 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
497 break;
498 }
0825411a
AO		 499
500 /* Wake up the waiting thread. */
ab88f714 501 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
0825411a 502 wake_up_interruptible(&session->report_queue);
1da177e4
LT		 503}
504
91f5cca3
AM		 505static void hidp_process_hid_control(struct hidp_session *session,
506 unsigned char param)
1da177e4
LT		 507{
508 BT_DBG("session %p param 0x%02x", session, param);
509
eff001e3 510 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 511 /* Flush the transmit queues */
512 skb_queue_purge(&session->ctrl_transmit);
513 skb_queue_purge(&session->intr_transmit);
514
7bb59df8
PH		 515 atomic_inc(&session->terminate);
516 wake_up_process(current);
1da177e4
LT		 517 }
518}
519
0ff1731a
AO		 520/* Returns true if the passed-in skb should be freed by the caller. */
521static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 522 unsigned char param)
1da177e4 523{
0ff1731a 524 int done_with_skb = 1;
1da177e4
LT		 525 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
526
527 switch (param) {
528 case HIDP_DATA_RTYPE_INPUT:
529 hidp_set_timer(session);
530
531 if (session->input)
532 hidp_input_report(session, skb);
e1aaadd4
MH		 533
534 if (session->hid)
535 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 536 break;
537
538 case HIDP_DATA_RTYPE_OTHER:
539 case HIDP_DATA_RTYPE_OUPUT:
540 case HIDP_DATA_RTYPE_FEATURE:
541 break;
542
543 default:
544 __hidp_send_ctrl_message(session,
545 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
546 }
0ff1731a
AO		 547
548 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
549 param == session->waiting_report_type) {
550 if (session->waiting_report_number < 0 ||
551 session->waiting_report_number == skb->data[0]) {
552 /* hidp_get_raw_report() is waiting on this report. */
553 session->report_return = skb;
554 done_with_skb = 0;
555 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
556 wake_up_interruptible(&session->report_queue);
557 }
558 }
559
560 return done_with_skb;
1da177e4
LT		 561}
562
91f5cca3
AM		 563static void hidp_recv_ctrl_frame(struct hidp_session *session,
564 struct sk_buff *skb)
1da177e4
LT		 565{
566 unsigned char hdr, type, param;
0ff1731a 567 int free_skb = 1;
1da177e4
LT		 568
569 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
570
571 hdr = skb->data[0];
572 skb_pull(skb, 1);
573
574 type = hdr & HIDP_HEADER_TRANS_MASK;
575 param = hdr & HIDP_HEADER_PARAM_MASK;
576
577 switch (type) {
578 case HIDP_TRANS_HANDSHAKE:
579 hidp_process_handshake(session, param);
580 break;
581
582 case HIDP_TRANS_HID_CONTROL:
583 hidp_process_hid_control(session, param);
584 break;
585
586 case HIDP_TRANS_DATA:
0ff1731a 587 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 588 break;
589
590 default:
591 __hidp_send_ctrl_message(session,
592 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
593 break;
594 }
595
0ff1731a
AO		 596 if (free_skb)
597 kfree_skb(skb);
1da177e4
LT		 598}
599
91f5cca3
AM		 600static void hidp_recv_intr_frame(struct hidp_session *session,
601 struct sk_buff *skb)
1da177e4
LT		 602{
603 unsigned char hdr;
604
605 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
606
607 hdr = skb->data[0];
608 skb_pull(skb, 1);
609
610 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
611 hidp_set_timer(session);
e1aaadd4 612
1da177e4
LT		 613 if (session->input)
614 hidp_input_report(session, skb);
e1aaadd4
MH		 615
616 if (session->hid) {
617 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
618 BT_DBG("report len %d", skb->len);
619 }
1da177e4
LT		 620 } else {
621 BT_DBG("Unsupported protocol header 0x%02x", hdr);
622 }
623
624 kfree_skb(skb);
625}
626
627static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
628{
629 struct kvec iv = { data, len };
630 struct msghdr msg;
631
632 BT_DBG("sock %p data %p len %d", sock, data, len);
633
634 if (!len)
635 return 0;
636
637 memset(&msg, 0, sizeof(msg));
638
639 return kernel_sendmsg(sock, &msg, &iv, 1, len);
640}
641
679344e4 642static void hidp_process_intr_transmit(struct hidp_session *session)
1da177e4
LT		 643{
644 struct sk_buff *skb;
645
646 BT_DBG("session %p", session);
647
679344e4
GP		 648 while ((skb = skb_dequeue(&session->intr_transmit))) {
649 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
650 skb_queue_head(&session->intr_transmit, skb);
1da177e4
LT		 651 break;
652 }
653
654 hidp_set_timer(session);
655 kfree_skb(skb);
656 }
679344e4 657}
1da177e4 658
679344e4
GP		 659static void hidp_process_ctrl_transmit(struct hidp_session *session)
660{
661 struct sk_buff *skb;
662
663 BT_DBG("session %p", session);
664
665 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
666 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
667 skb_queue_head(&session->ctrl_transmit, skb);
1da177e4
LT		 668 break;
669 }
670
671 hidp_set_timer(session);
672 kfree_skb(skb);
673 }
1da177e4
LT		 674}
675
676static int hidp_session(void *arg)
677{
678 struct hidp_session *session = arg;
679 struct sock *ctrl_sk = session->ctrl_sock->sk;
680 struct sock *intr_sk = session->intr_sock->sk;
681 struct sk_buff *skb;
1da177e4
LT		 682 wait_queue_t ctrl_wait, intr_wait;
683
684 BT_DBG("session %p", session);
685
25df0845 686 __module_get(THIS_MODULE);
1da177e4 687 set_user_nice(current, -15);
1da177e4
LT		 688
689 init_waitqueue_entry(&ctrl_wait, current);
690 init_waitqueue_entry(&intr_wait, current);
aa395145
ED		 691 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
692 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
0f69dca2
AO		 693 session->waiting_for_startup = 0;
694 wake_up_interruptible(&session->startup_queue);
7bb59df8
PH		 695 set_current_state(TASK_INTERRUPTIBLE);
696 while (!atomic_read(&session->terminate)) {
17f09a7e
SJ		 697 if (ctrl_sk->sk_state != BT_CONNECTED ||
698 intr_sk->sk_state != BT_CONNECTED)
1da177e4
LT		 699 break;
700
dc0da5cd 701 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1da177e4 702 skb_orphan(skb);
44935720 703 if (!skb_linearize(skb))
dc0da5cd 704 hidp_recv_intr_frame(session, skb);
44935720
MM		 705 else
706 kfree_skb(skb);
1da177e4
LT		 707 }
708
679344e4
GP		 709 hidp_process_intr_transmit(session);
710
dc0da5cd 711 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1da177e4 712 skb_orphan(skb);
44935720 713 if (!skb_linearize(skb))
dc0da5cd 714 hidp_recv_ctrl_frame(session, skb);
44935720
MM		 715 else
716 kfree_skb(skb);
1da177e4
LT		 717 }
718
679344e4 719 hidp_process_ctrl_transmit(session);
1da177e4
LT		 720
721 schedule();
7bb59df8 722 set_current_state(TASK_INTERRUPTIBLE);
1da177e4
LT		 723 }
724 set_current_state(TASK_RUNNING);
aa395145
ED		 725 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
726 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
1da177e4 727
794d1756
DH		 728 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
729 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
730 wake_up_interruptible(&session->report_queue);
731
1da177e4
LT		 732 down_write(&hidp_session_sem);
733
734 hidp_del_timer(session);
735
1da177e4
LT		 736 if (session->input) {
737 input_unregister_device(session->input);
34abf91f 738 session->input = NULL;
1da177e4
LT		 739 }
740
e1aaadd4 741 if (session->hid) {
85cdaf52 742 hid_destroy_device(session->hid);
edad6388 743 session->hid = NULL;
e1aaadd4
MH		 744 }
745
ec8dab36
MH		 746 /* Wakeup user-space polling for socket errors */
747 session->intr_sock->sk->sk_err = EUNATCH;
748 session->ctrl_sock->sk->sk_err = EUNATCH;
749
750 hidp_schedule(session);
751
1c39858b
DW		 752 fput(session->intr_sock->file);
753
aa395145 754 wait_event_timeout(*(sk_sleep(ctrl_sk)),
1c39858b
DW		 755 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
756
757 fput(session->ctrl_sock->file);
758
759 __hidp_unlink_session(session);
760
1da177e4
LT		 761 up_write(&hidp_session_sem);
762
1c97e94c 763 kfree(session->rd_data);
1da177e4 764 kfree(session);
25df0845 765 module_put_and_exit(0);
1da177e4
LT		 766 return 0;
767}
768
3e90dc86 769static struct hci_conn *hidp_get_connection(struct hidp_session *session)
0a85b964
MH		 770{
771 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
772 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
1785dbf9 773 struct hci_conn *conn;
0a85b964 774 struct hci_dev *hdev;
0a85b964
MH		 775
776 hdev = hci_get_route(dst, src);
777 if (!hdev)
778 return NULL;
779
09fd0de5 780 hci_dev_lock(hdev);
1785dbf9
PH		 781 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
782 if (conn)
783 hci_conn_hold_device(conn);
09fd0de5 784 hci_dev_unlock(hdev);
0a85b964
MH		 785
786 hci_dev_put(hdev);
787
1785dbf9 788 return conn;
0a85b964
MH		 789}
790
91f5cca3
AM		 791static int hidp_setup_input(struct hidp_session *session,
792 struct hidp_connadd_req *req)
1da177e4 793{
c500c971 794 struct input_dev *input;
3415a5fd 795 int i;
1da177e4 796
c500c971
JS		 797 input = input_allocate_device();
798 if (!input)
799 return -ENOMEM;
800
801 session->input = input;
802
5be39466 803 input_set_drvdata(input, session);
1da177e4 804
34abf91f
DT		 805 input->name = "Bluetooth HID Boot Protocol Device";
806
1da177e4
LT		 807 input->id.bustype = BUS_BLUETOOTH;
808 input->id.vendor = req->vendor;
809 input->id.product = req->product;
810 input->id.version = req->version;
811
812 if (req->subclass & 0x40) {
813 set_bit(EV_KEY, input->evbit);
814 set_bit(EV_LED, input->evbit);
815 set_bit(EV_REP, input->evbit);
816
817 set_bit(LED_NUML, input->ledbit);
818 set_bit(LED_CAPSL, input->ledbit);
819 set_bit(LED_SCROLLL, input->ledbit);
820 set_bit(LED_COMPOSE, input->ledbit);
821 set_bit(LED_KANA, input->ledbit);
822
823 for (i = 0; i < sizeof(hidp_keycode); i++)
824 set_bit(hidp_keycode[i], input->keybit);
825 clear_bit(0, input->keybit);
826 }
827
828 if (req->subclass & 0x80) {
7b19ada2
JS		 829 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
830 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
831 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
832 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
833 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
834 BIT_MASK(BTN_EXTRA);
835 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 836 }
837
1785dbf9 838 input->dev.parent = &session->conn->dev;
0a85b964 839
1da177e4
LT		 840 input->event = hidp_input_event;
841
edad6388 842 return 0;
1da177e4
LT		 843}
844
f5ffd462
MH		 845static int hidp_open(struct hid_device *hid)
846{
847 return 0;
848}
849
850static void hidp_close(struct hid_device *hid)
851{
852}
853
c500c971
JS		 854static int hidp_parse(struct hid_device *hid)
855{
856 struct hidp_session *session = hid->driver_data;
c500c971 857
15c697ce
MP		 858 return hid_parse_report(session->hid, session->rd_data,
859 session->rd_size);
c500c971
JS		 860}
861
862static int hidp_start(struct hid_device *hid)
863{
864 struct hidp_session *session = hid->driver_data;
865 struct hid_report *report;
866
142c69c6
DH		 867 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
868 return 0;
869
c500c971
JS		 870 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
871 report_list, list)
872 hidp_send_report(session, report);
873
874 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
875 report_list, list)
876 hidp_send_report(session, report);
877
c500c971
JS		 878 return 0;
879}
880
881static void hidp_stop(struct hid_device *hid)
882{
883 struct hidp_session *session = hid->driver_data;
884
885 skb_queue_purge(&session->ctrl_transmit);
886 skb_queue_purge(&session->intr_transmit);
887
c500c971
JS		 888 hid->claimed = 0;
889}
890
891static struct hid_ll_driver hidp_hid_driver = {
892 .parse = hidp_parse,
893 .start = hidp_start,
894 .stop = hidp_stop,
895 .open = hidp_open,
896 .close = hidp_close,
897 .hidinput_input_event = hidp_hidinput_event,
898};
899
0f69dca2
AO		 900/* This function sets up the hid device. It does not add it
901 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 902static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 903 struct hidp_connadd_req *req)
e1aaadd4 904{
c500c971 905 struct hid_device *hid;
edad6388 906 int err;
e1aaadd4 907
15c697ce
MP		 908 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
909 if (!session->rd_data)
910 return -ENOMEM;
911
912 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
913 err = -EFAULT;
914 goto fault;
915 }
916 session->rd_size = req->rd_size;
917
c500c971 918 hid = hid_allocate_device();
15c697ce
MP		 919 if (IS_ERR(hid)) {
920 err = PTR_ERR(hid);
921 goto fault;
922 }
e1aaadd4 923
c500c971 924 session->hid = hid;
15c697ce 925
e1aaadd4
MH		 926 hid->driver_data = session;
927
e1aaadd4
MH		 928 hid->bus = BUS_BLUETOOTH;
929 hid->vendor = req->vendor;
930 hid->product = req->product;
931 hid->version = req->version;
c500c971 932 hid->country = req->country;
e1aaadd4 933
0a9ab9bd 934 strncpy(hid->name, req->name, sizeof(req->name) - 1);
fcb73338
AE		 935
936 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
937 &bt_sk(session->ctrl_sock->sk)->src);
938
939 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
940 &bt_sk(session->ctrl_sock->sk)->dst);
e1aaadd4 941
1785dbf9 942 hid->dev.parent = &session->conn->dev;
c500c971 943 hid->ll_driver = &hidp_hid_driver;
85cdaf52 944
0ff1731a 945 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 946 hid->hid_output_raw_report = hidp_output_raw_report;
947
4529eefa
LS		 948 /* True if device is blacklisted in drivers/hid/hid-core.c */
949 if (hid_ignore(hid)) {
950 hid_destroy_device(session->hid);
951 session->hid = NULL;
952 return -ENODEV;
953 }
954
c500c971 955 return 0;
edad6388 956
15c697ce
MP		 957fault:
958 kfree(session->rd_data);
959 session->rd_data = NULL;
960
edad6388 961 return err;
e1aaadd4
MH		 962}
963
1da177e4
LT		 964int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
965{
966 struct hidp_session *session, *s;
aabf6f89 967 int vendor, product;
1da177e4
LT		 968 int err;
969
970 BT_DBG("");
971
972 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
973 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
974 return -ENOTUNIQ;
975
e1aaadd4
MH		 976 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
977
1da177e4
LT		 978 down_write(&hidp_session_sem);
979
980 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
981 if (s && s->state == BT_CONNECTED) {
81b25cd0
GP		 982 up_write(&hidp_session_sem);
983 return -EEXIST;
984 }
985
986 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
987 if (!session) {
988 up_write(&hidp_session_sem);
989 return -ENOMEM;
1da177e4
LT		 990 }
991
992 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
993
0c1bc5c6
GP		 994 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
995 l2cap_pi(ctrl_sock->sk)->chan->imtu);
996 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
997 l2cap_pi(intr_sock->sk)->chan->imtu);
1da177e4
LT		 998
999 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1000
1001 session->ctrl_sock = ctrl_sock;
1002 session->intr_sock = intr_sock;
1003 session->state = BT_CONNECTED;
1004
3c32fa93
GP		 1005 session->conn = hidp_get_connection(session);
1006 if (!session->conn) {
1007 err = -ENOTCONN;
1008 goto failed;
1009 }
1010
b24b8a24 1011 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 1012
1013 skb_queue_head_init(&session->ctrl_transmit);
1014 skb_queue_head_init(&session->intr_transmit);
1015
0ff1731a
AO		 1016 mutex_init(&session->report_mutex);
1017 init_waitqueue_head(&session->report_queue);
0f69dca2
AO		 1018 init_waitqueue_head(&session->startup_queue);
1019 session->waiting_for_startup = 1;
1da177e4
LT		 1020 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1021 session->idle_to = req->idle_to;
1022
1785dbf9
PH		 1023 __hidp_link_session(session);
1024
c500c971 1025 if (req->rd_size > 0) {
85cdaf52 1026 err = hidp_setup_hid(session, req);
4529eefa 1027 if (err && err != -ENODEV)
edad6388 1028 goto purge;
c500c971
JS		 1029 }
1030
1031 if (!session->hid) {
1032 err = hidp_setup_input(session, req);
1033 if (err < 0)
edad6388 1034 goto purge;
85cdaf52 1035 }
e1aaadd4 1036
1da177e4
LT		 1037 hidp_set_timer(session);
1038
aabf6f89
SJ		 1039 if (session->hid) {
1040 vendor = session->hid->vendor;
1041 product = session->hid->product;
1042 } else if (session->input) {
1043 vendor = session->input->id.vendor;
1044 product = session->input->id.product;
1045 } else {
1046 vendor = 0x0000;
1047 product = 0x0000;
1048 }
1049
1050 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1051 vendor, product);
1052 if (IS_ERR(session->task)) {
1053 err = PTR_ERR(session->task);
1da177e4 1054 goto unlink;
aabf6f89
SJ		 1055 }
1056
0f69dca2
AO		 1057 while (session->waiting_for_startup) {
1058 wait_event_interruptible(session->startup_queue,
1059 !session->waiting_for_startup);
1060 }
1061
3415a5fd
GP		 1062 if (session->hid)
1063 err = hid_add_device(session->hid);
1064 else
1065 err = input_register_device(session->input);
1066
e9d5cb54
PH		 1067 if (err < 0) {
1068 atomic_inc(&session->terminate);
1069 wake_up_process(session->task);
1070 up_write(&hidp_session_sem);
1071 return err;
1072 }
1da177e4
LT		 1073
1074 if (session->input) {
1075 hidp_send_ctrl_message(session,
1076 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1077 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1078
1079 session->leds = 0xff;
1080 hidp_input_event(session->input, EV_LED, 0, 0);
1081 }
1082
1083 up_write(&hidp_session_sem);
1084 return 0;
1085
1086unlink:
1087 hidp_del_timer(session);
1088
edad6388 1089 if (session->input) {
1da177e4 1090 input_unregister_device(session->input);
edad6388
MH		 1091 session->input = NULL;
1092 }
1093
1094 if (session->hid) {
85cdaf52 1095 hid_destroy_device(session->hid);
edad6388
MH		 1096 session->hid = NULL;
1097 }
1098
15c697ce
MP		 1099 kfree(session->rd_data);
1100 session->rd_data = NULL;
1101
edad6388 1102purge:
1785dbf9
PH		 1103 __hidp_unlink_session(session);
1104
c500c971
JS		 1105 skb_queue_purge(&session->ctrl_transmit);
1106 skb_queue_purge(&session->intr_transmit);
edad6388 1107
c500c971
JS		 1108failed:
1109 up_write(&hidp_session_sem);
e1aaadd4 1110
1da177e4
LT		 1111 kfree(session);
1112 return err;
1113}
1114
1115int hidp_del_connection(struct hidp_conndel_req *req)
1116{
1117 struct hidp_session *session;
1118 int err = 0;
1119
1120 BT_DBG("");
1121
1122 down_read(&hidp_session_sem);
1123
1124 session = __hidp_get_session(&req->bdaddr);
1125 if (session) {
1126 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1127 hidp_send_ctrl_message(session,
1128 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1129 } else {
1130 /* Flush the transmit queues */
1131 skb_queue_purge(&session->ctrl_transmit);
1132 skb_queue_purge(&session->intr_transmit);
1133
7bb59df8
PH		 1134 atomic_inc(&session->terminate);
1135 wake_up_process(session->task);
1da177e4
LT		 1136 }
1137 } else
1138 err = -ENOENT;
1139
1140 up_read(&hidp_session_sem);
1141 return err;
1142}
1143
1144int hidp_get_connlist(struct hidp_connlist_req *req)
1145{
cd11cdd2 1146 struct hidp_session *session;
1da177e4
LT		 1147 int err = 0, n = 0;
1148
1149 BT_DBG("");
1150
1151 down_read(&hidp_session_sem);
1152
cd11cdd2 1153 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 1154 struct hidp_conninfo ci;
1155
1da177e4
LT		 1156 __hidp_copy_session(session, &ci);
1157
1158 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1159 err = -EFAULT;
1160 break;
1161 }
1162
1163 if (++n >= req->cnum)
1164 break;
1165
1166 req->ci++;
1167 }
1168 req->cnum = n;
1169
1170 up_read(&hidp_session_sem);
1171 return err;
1172}
1173
1174int hidp_get_conninfo(struct hidp_conninfo *ci)
1175{
1176 struct hidp_session *session;
1177 int err = 0;
1178
1179 down_read(&hidp_session_sem);
1180
1181 session = __hidp_get_session(&ci->bdaddr);
1182 if (session)
1183 __hidp_copy_session(session, ci);
1184 else
1185 err = -ENOENT;
1186
1187 up_read(&hidp_session_sem);
1188 return err;
1189}
1190
1191static int __init hidp_init(void)
1192{
1da177e4
LT		 1193 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1194
8215d557 1195 return hidp_init_sockets();
1da177e4
LT		 1196}
1197
1198static void __exit hidp_exit(void)
1199{
1200 hidp_cleanup_sockets();
1201}
1202
1203module_init(hidp_init);
1204module_exit(hidp_exit);
1205
1206MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1207MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1208MODULE_VERSION(VERSION);
1209MODULE_LICENSE("GPL");
1210MODULE_ALIAS("bt-proto-6");
kernel source for telekom puls (alcatel/mediatek)