projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove wrong error check
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4
LT		 23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
1da177e4
LT		 28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
83144186 31#include <linux/freezer.h>
1da177e4
LT		 32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
0ff1731a 39#include <linux/mutex.h>
aabf6f89 40#include <linux/kthread.h>
1da177e4
LT		 41#include <net/sock.h>
42
43#include <linux/input.h>
e1aaadd4 44#include <linux/hid.h>
364f6351 45#include <linux/hidraw.h>
1da177e4
LT		 46
47#include <net/bluetooth/bluetooth.h>
0a85b964 48#include <net/bluetooth/hci_core.h>
1da177e4
LT		 49#include <net/bluetooth/l2cap.h>
50
51#include "hidp.h"
52
e1aaadd4 53#define VERSION "1.2"
1da177e4
LT		 54
55static DECLARE_RWSEM(hidp_session_sem);
56static LIST_HEAD(hidp_session_list);
57
58static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 77};
78
79static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82{
83 struct hidp_session *session;
1da177e4
LT		 84
85 BT_DBG("");
86
cd11cdd2 87 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 88 if (!bacmp(bdaddr, &session->bdaddr))
89 return session;
90 }
91 return NULL;
92}
93
94static void __hidp_link_session(struct hidp_session *session)
95{
96 __module_get(THIS_MODULE);
97 list_add(&session->list, &hidp_session_list);
edad6388
MH		 98
99 hci_conn_hold_device(session->conn);
1da177e4
LT		 100}
101
102static void __hidp_unlink_session(struct hidp_session *session)
103{
edad6388
MH		 104 hci_conn_put_device(session->conn);
105
1da177e4
LT		 106 list_del(&session->list);
107 module_put(THIS_MODULE);
108}
109
110static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
111{
d31dbf6e 112 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 113 bacpy(&ci->bdaddr, &session->bdaddr);
114
115 ci->flags = session->flags;
116 ci->state = session->state;
117
118 ci->vendor = 0x0000;
119 ci->product = 0x0000;
120 ci->version = 0x0000;
1da177e4
LT		 121
122 if (session->input) {
123 ci->vendor = session->input->id.vendor;
124 ci->product = session->input->id.product;
125 ci->version = session->input->id.version;
126 if (session->input->name)
127 strncpy(ci->name, session->input->name, 128);
128 else
129 strncpy(ci->name, "HID Boot Device", 128);
130 }
e1aaadd4
MH		 131
132 if (session->hid) {
133 ci->vendor = session->hid->vendor;
134 ci->product = session->hid->product;
135 ci->version = session->hid->version;
136 strncpy(ci->name, session->hid->name, 128);
137 }
1da177e4
LT		 138}
139
91f5cca3
AM		 140static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
141 unsigned int type, unsigned int code, int value)
1da177e4 142{
1da177e4 143 unsigned char newleds;
e1aaadd4 144 struct sk_buff *skb;
1da177e4 145
e1aaadd4 146 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 147
148 if (type != EV_LED)
149 return -1;
150
151 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
152 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
153 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
154 (!!test_bit(LED_CAPSL, dev->led) << 1) |
155 (!!test_bit(LED_NUML, dev->led));
156
157 if (session->leds == newleds)
158 return 0;
159
160 session->leds = newleds;
161
5a08ecce
AE		 162 skb = alloc_skb(3, GFP_ATOMIC);
163 if (!skb) {
1da177e4
LT		 164 BT_ERR("Can't allocate memory for new frame");
165 return -ENOMEM;
166 }
167
168 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
169 *skb_put(skb, 1) = 0x01;
170 *skb_put(skb, 1) = newleds;
171
172 skb_queue_tail(&session->intr_transmit, skb);
173
174 hidp_schedule(session);
175
176 return 0;
177}
178
e1aaadd4
MH		 179static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
180{
5be39466 181 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 182 struct hidp_session *session = hid->driver_data;
183
184 return hidp_queue_event(session, dev, type, code, value);
185}
186
187static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
188{
5be39466 189 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 190
191 return hidp_queue_event(session, dev, type, code, value);
192}
193
1da177e4
LT		 194static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
195{
196 struct input_dev *dev = session->input;
197 unsigned char *keys = session->keys;
198 unsigned char *udata = skb->data + 1;
199 signed char *sdata = skb->data + 1;
200 int i, size = skb->len - 1;
201
202 switch (skb->data[0]) {
203 case 0x01: /* Keyboard report */
204 for (i = 0; i < 8; i++)
205 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
206
207 /* If all the key codes have been set to 0x01, it means
208 * too many keys were pressed at the same time. */
209 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
210 break;
211
212 for (i = 2; i < 8; i++) {
213 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
214 if (hidp_keycode[keys[i]])
215 input_report_key(dev, hidp_keycode[keys[i]], 0);
216 else
217 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
218 }
219
220 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
221 if (hidp_keycode[udata[i]])
222 input_report_key(dev, hidp_keycode[udata[i]], 1);
223 else
224 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
225 }
226 }
227
228 memcpy(keys, udata, 8);
229 break;
230
231 case 0x02: /* Mouse report */
232 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
233 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
234 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
235 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
236 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
237
238 input_report_rel(dev, REL_X, sdata[1]);
239 input_report_rel(dev, REL_Y, sdata[2]);
240
241 if (size > 3)
242 input_report_rel(dev, REL_WHEEL, sdata[3]);
243 break;
244 }
245
246 input_sync(dev);
247}
248
6bf8268f
BN		 249static int __hidp_send_ctrl_message(struct hidp_session *session,
250 unsigned char hdr, unsigned char *data, int size)
251{
252 struct sk_buff *skb;
253
254 BT_DBG("session %p data %p size %d", session, data, size);
255
794d1756
DH		 256 if (atomic_read(&session->terminate))
257 return -EIO;
258
5a08ecce
AE		 259 skb = alloc_skb(size + 1, GFP_ATOMIC);
260 if (!skb) {
6bf8268f
BN		 261 BT_ERR("Can't allocate memory for new frame");
262 return -ENOMEM;
263 }
264
265 *skb_put(skb, 1) = hdr;
266 if (data && size > 0)
267 memcpy(skb_put(skb, size), data, size);
268
269 skb_queue_tail(&session->ctrl_transmit, skb);
270
271 return 0;
272}
273
274static inline int hidp_send_ctrl_message(struct hidp_session *session,
275 unsigned char hdr, unsigned char *data, int size)
276{
277 int err;
278
279 err = __hidp_send_ctrl_message(session, hdr, data, size);
280
281 hidp_schedule(session);
282
283 return err;
284}
285
91f5cca3
AM		 286static int hidp_queue_report(struct hidp_session *session,
287 unsigned char *data, int size)
e1aaadd4
MH		 288{
289 struct sk_buff *skb;
290
6792b5ec 291 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4 292
5a08ecce
AE		 293 skb = alloc_skb(size + 1, GFP_ATOMIC);
294 if (!skb) {
e1aaadd4
MH		 295 BT_ERR("Can't allocate memory for new frame");
296 return -ENOMEM;
297 }
298
299 *skb_put(skb, 1) = 0xa2;
300 if (size > 0)
301 memcpy(skb_put(skb, size), data, size);
302
303 skb_queue_tail(&session->intr_transmit, skb);
304
305 hidp_schedule(session);
306
307 return 0;
308}
309
310static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
311{
312 unsigned char buf[32];
313 int rsize;
314
315 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
316 if (rsize > sizeof(buf))
317 return -EIO;
318
319 hid_output_report(report, buf);
320
321 return hidp_queue_report(session, buf, rsize);
322}
323
0ff1731a
AO		 324static int hidp_get_raw_report(struct hid_device *hid,
325 unsigned char report_number,
326 unsigned char *data, size_t count,
327 unsigned char report_type)
328{
329 struct hidp_session *session = hid->driver_data;
330 struct sk_buff *skb;
331 size_t len;
332 int numbered_reports = hid->report_enum[report_type].numbered;
794d1756 333 int ret;
0ff1731a
AO		 334
335 switch (report_type) {
336 case HID_FEATURE_REPORT:
337 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
338 break;
339 case HID_INPUT_REPORT:
340 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
341 break;
342 case HID_OUTPUT_REPORT:
343 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
344 break;
345 default:
346 return -EINVAL;
347 }
348
349 if (mutex_lock_interruptible(&session->report_mutex))
350 return -ERESTARTSYS;
351
352 /* Set up our wait, and send the report request to the device. */
353 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
354 session->waiting_report_number = numbered_reports ? report_number : -1;
355 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
356 data[0] = report_number;
794d1756
DH		 357 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
358 if (ret)
359 goto err;
0ff1731a
AO		 360
361 /* Wait for the return of the report. The returned report
362 gets put in session->report_return. */
363 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
364 int res;
365
366 res = wait_event_interruptible_timeout(session->report_queue,
367 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
368 5*HZ);
369 if (res == 0) {
370 /* timeout */
794d1756
DH		 371 ret = -EIO;
372 goto err;
0ff1731a
AO		 373 }
374 if (res < 0) {
375 /* signal */
794d1756
DH		 376 ret = -ERESTARTSYS;
377 goto err;
0ff1731a
AO		 378 }
379 }
380
381 skb = session->report_return;
382 if (skb) {
383 len = skb->len < count ? skb->len : count;
384 memcpy(data, skb->data, len);
385
386 kfree_skb(skb);
387 session->report_return = NULL;
388 } else {
389 /* Device returned a HANDSHAKE, indicating protocol error. */
390 len = -EIO;
391 }
392
393 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
394 mutex_unlock(&session->report_mutex);
395
396 return len;
397
794d1756 398err:
0ff1731a
AO		 399 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
400 mutex_unlock(&session->report_mutex);
794d1756 401 return ret;
0ff1731a
AO		 402}
403
d4bfa033
JK		 404static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
405 unsigned char report_type)
2da31939 406{
0825411a
AO		 407 struct hidp_session *session = hid->driver_data;
408 int ret;
409
d4bfa033
JK		 410 switch (report_type) {
411 case HID_FEATURE_REPORT:
412 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
413 break;
414 case HID_OUTPUT_REPORT:
97e1efbb 415 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 416 break;
417 default:
418 return -EINVAL;
419 }
420
0825411a
AO		 421 if (mutex_lock_interruptible(&session->report_mutex))
422 return -ERESTARTSYS;
423
424 /* Set up our wait, and send the report request to the device. */
425 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
794d1756
DH		 426 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
427 count);
428 if (ret)
0825411a 429 goto err;
0825411a
AO		 430
431 /* Wait for the ACK from the device. */
432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
433 int res;
434
435 res = wait_event_interruptible_timeout(session->report_queue,
436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
437 10*HZ);
438 if (res == 0) {
439 /* timeout */
440 ret = -EIO;
441 goto err;
442 }
443 if (res < 0) {
444 /* signal */
445 ret = -ERESTARTSYS;
446 goto err;
447 }
448 }
449
450 if (!session->output_report_success) {
451 ret = -EIO;
452 goto err;
453 }
454
455 ret = count;
456
457err:
458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
459 mutex_unlock(&session->report_mutex);
460 return ret;
2da31939
JK		 461}
462
1da177e4
LT		 463static void hidp_idle_timeout(unsigned long arg)
464{
465 struct hidp_session *session = (struct hidp_session *) arg;
466
7bb59df8
PH		 467 atomic_inc(&session->terminate);
468 wake_up_process(session->task);
1da177e4
LT		 469}
470
91f5cca3 471static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 472{
473 if (session->idle_to > 0)
474 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
475}
476
477static inline void hidp_del_timer(struct hidp_session *session)
478{
479 if (session->idle_to > 0)
480 del_timer(&session->timer);
481}
482
91f5cca3
AM		 483static void hidp_process_handshake(struct hidp_session *session,
484 unsigned char param)
1da177e4
LT		 485{
486 BT_DBG("session %p param 0x%02x", session, param);
0825411a 487 session->output_report_success = 0; /* default condition */
1da177e4
LT		 488
489 switch (param) {
490 case HIDP_HSHK_SUCCESSFUL:
491 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 492 session->output_report_success = 1;
1da177e4
LT		 493 break;
494
495 case HIDP_HSHK_NOT_READY:
496 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
497 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
498 case HIDP_HSHK_ERR_INVALID_PARAMETER:
0ff1731a
AO		 499 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
500 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
501 wake_up_interruptible(&session->report_queue);
502 }
1da177e4
LT		 503 /* FIXME: Call into SET_ GET_ handlers here */
504 break;
505
506 case HIDP_HSHK_ERR_UNKNOWN:
507 break;
508
509 case HIDP_HSHK_ERR_FATAL:
510 /* Device requests a reboot, as this is the only way this error
8e87d142 511 * can be recovered. */
1da177e4
LT		 512 __hidp_send_ctrl_message(session,
513 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
514 break;
515
516 default:
517 __hidp_send_ctrl_message(session,
518 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
519 break;
520 }
0825411a
AO		 521
522 /* Wake up the waiting thread. */
523 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
524 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
525 wake_up_interruptible(&session->report_queue);
526 }
1da177e4
LT		 527}
528
91f5cca3
AM		 529static void hidp_process_hid_control(struct hidp_session *session,
530 unsigned char param)
1da177e4
LT		 531{
532 BT_DBG("session %p param 0x%02x", session, param);
533
eff001e3 534 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 535 /* Flush the transmit queues */
536 skb_queue_purge(&session->ctrl_transmit);
537 skb_queue_purge(&session->intr_transmit);
538
7bb59df8
PH		 539 atomic_inc(&session->terminate);
540 wake_up_process(current);
1da177e4
LT		 541 }
542}
543
0ff1731a
AO		 544/* Returns true if the passed-in skb should be freed by the caller. */
545static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 546 unsigned char param)
1da177e4 547{
0ff1731a 548 int done_with_skb = 1;
1da177e4
LT		 549 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
550
551 switch (param) {
552 case HIDP_DATA_RTYPE_INPUT:
553 hidp_set_timer(session);
554
555 if (session->input)
556 hidp_input_report(session, skb);
e1aaadd4
MH		 557
558 if (session->hid)
559 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 560 break;
561
562 case HIDP_DATA_RTYPE_OTHER:
563 case HIDP_DATA_RTYPE_OUPUT:
564 case HIDP_DATA_RTYPE_FEATURE:
565 break;
566
567 default:
568 __hidp_send_ctrl_message(session,
569 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
570 }
0ff1731a
AO		 571
572 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
573 param == session->waiting_report_type) {
574 if (session->waiting_report_number < 0 ||
575 session->waiting_report_number == skb->data[0]) {
576 /* hidp_get_raw_report() is waiting on this report. */
577 session->report_return = skb;
578 done_with_skb = 0;
579 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
580 wake_up_interruptible(&session->report_queue);
581 }
582 }
583
584 return done_with_skb;
1da177e4
LT		 585}
586
91f5cca3
AM		 587static void hidp_recv_ctrl_frame(struct hidp_session *session,
588 struct sk_buff *skb)
1da177e4
LT		 589{
590 unsigned char hdr, type, param;
0ff1731a 591 int free_skb = 1;
1da177e4
LT		 592
593 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
594
595 hdr = skb->data[0];
596 skb_pull(skb, 1);
597
598 type = hdr & HIDP_HEADER_TRANS_MASK;
599 param = hdr & HIDP_HEADER_PARAM_MASK;
600
601 switch (type) {
602 case HIDP_TRANS_HANDSHAKE:
603 hidp_process_handshake(session, param);
604 break;
605
606 case HIDP_TRANS_HID_CONTROL:
607 hidp_process_hid_control(session, param);
608 break;
609
610 case HIDP_TRANS_DATA:
0ff1731a 611 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 612 break;
613
614 default:
615 __hidp_send_ctrl_message(session,
616 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
617 break;
618 }
619
0ff1731a
AO		 620 if (free_skb)
621 kfree_skb(skb);
1da177e4
LT		 622}
623
91f5cca3
AM		 624static void hidp_recv_intr_frame(struct hidp_session *session,
625 struct sk_buff *skb)
1da177e4
LT		 626{
627 unsigned char hdr;
628
629 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
630
631 hdr = skb->data[0];
632 skb_pull(skb, 1);
633
634 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
635 hidp_set_timer(session);
e1aaadd4 636
1da177e4
LT		 637 if (session->input)
638 hidp_input_report(session, skb);
e1aaadd4
MH		 639
640 if (session->hid) {
641 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
642 BT_DBG("report len %d", skb->len);
643 }
1da177e4
LT		 644 } else {
645 BT_DBG("Unsupported protocol header 0x%02x", hdr);
646 }
647
648 kfree_skb(skb);
649}
650
651static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
652{
653 struct kvec iv = { data, len };
654 struct msghdr msg;
655
656 BT_DBG("sock %p data %p len %d", sock, data, len);
657
658 if (!len)
659 return 0;
660
661 memset(&msg, 0, sizeof(msg));
662
663 return kernel_sendmsg(sock, &msg, &iv, 1, len);
664}
665
679344e4 666static void hidp_process_intr_transmit(struct hidp_session *session)
1da177e4
LT		 667{
668 struct sk_buff *skb;
669
670 BT_DBG("session %p", session);
671
679344e4
GP		 672 while ((skb = skb_dequeue(&session->intr_transmit))) {
673 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
674 skb_queue_head(&session->intr_transmit, skb);
1da177e4
LT		 675 break;
676 }
677
678 hidp_set_timer(session);
679 kfree_skb(skb);
680 }
679344e4 681}
1da177e4 682
679344e4
GP		 683static void hidp_process_ctrl_transmit(struct hidp_session *session)
684{
685 struct sk_buff *skb;
686
687 BT_DBG("session %p", session);
688
689 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
690 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
691 skb_queue_head(&session->ctrl_transmit, skb);
1da177e4
LT		 692 break;
693 }
694
695 hidp_set_timer(session);
696 kfree_skb(skb);
697 }
1da177e4
LT		 698}
699
700static int hidp_session(void *arg)
701{
702 struct hidp_session *session = arg;
703 struct sock *ctrl_sk = session->ctrl_sock->sk;
704 struct sock *intr_sk = session->intr_sock->sk;
705 struct sk_buff *skb;
1da177e4
LT		 706 wait_queue_t ctrl_wait, intr_wait;
707
708 BT_DBG("session %p", session);
709
1da177e4 710 set_user_nice(current, -15);
1da177e4
LT		 711
712 init_waitqueue_entry(&ctrl_wait, current);
713 init_waitqueue_entry(&intr_wait, current);
aa395145
ED		 714 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
715 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
0f69dca2
AO		 716 session->waiting_for_startup = 0;
717 wake_up_interruptible(&session->startup_queue);
7bb59df8
PH		 718 set_current_state(TASK_INTERRUPTIBLE);
719 while (!atomic_read(&session->terminate)) {
17f09a7e
SJ		 720 if (ctrl_sk->sk_state != BT_CONNECTED ||
721 intr_sk->sk_state != BT_CONNECTED)
1da177e4
LT		 722 break;
723
dc0da5cd 724 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1da177e4 725 skb_orphan(skb);
44935720 726 if (!skb_linearize(skb))
dc0da5cd 727 hidp_recv_intr_frame(session, skb);
44935720
MM		 728 else
729 kfree_skb(skb);
1da177e4
LT		 730 }
731
679344e4
GP		 732 hidp_process_intr_transmit(session);
733
dc0da5cd 734 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1da177e4 735 skb_orphan(skb);
44935720 736 if (!skb_linearize(skb))
dc0da5cd 737 hidp_recv_ctrl_frame(session, skb);
44935720
MM		 738 else
739 kfree_skb(skb);
1da177e4
LT		 740 }
741
679344e4 742 hidp_process_ctrl_transmit(session);
1da177e4
LT		 743
744 schedule();
7bb59df8 745 set_current_state(TASK_INTERRUPTIBLE);
1da177e4
LT		 746 }
747 set_current_state(TASK_RUNNING);
aa395145
ED		 748 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
749 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
1da177e4 750
794d1756
DH		 751 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
752 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
753 wake_up_interruptible(&session->report_queue);
754
1da177e4
LT		 755 down_write(&hidp_session_sem);
756
757 hidp_del_timer(session);
758
1da177e4
LT		 759 if (session->input) {
760 input_unregister_device(session->input);
34abf91f 761 session->input = NULL;
1da177e4
LT		 762 }
763
e1aaadd4 764 if (session->hid) {
85cdaf52 765 hid_destroy_device(session->hid);
edad6388 766 session->hid = NULL;
e1aaadd4
MH		 767 }
768
ec8dab36
MH		 769 /* Wakeup user-space polling for socket errors */
770 session->intr_sock->sk->sk_err = EUNATCH;
771 session->ctrl_sock->sk->sk_err = EUNATCH;
772
773 hidp_schedule(session);
774
1c39858b
DW		 775 fput(session->intr_sock->file);
776
aa395145 777 wait_event_timeout(*(sk_sleep(ctrl_sk)),
1c39858b
DW		 778 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
779
780 fput(session->ctrl_sock->file);
781
782 __hidp_unlink_session(session);
783
1da177e4
LT		 784 up_write(&hidp_session_sem);
785
1c97e94c 786 kfree(session->rd_data);
1da177e4
LT		 787 kfree(session);
788 return 0;
789}
790
0a85b964
MH		 791static struct device *hidp_get_device(struct hidp_session *session)
792{
793 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
794 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
edad6388 795 struct device *device = NULL;
0a85b964 796 struct hci_dev *hdev;
0a85b964
MH		 797
798 hdev = hci_get_route(dst, src);
799 if (!hdev)
800 return NULL;
801
edad6388
MH		 802 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
803 if (session->conn)
804 device = &session->conn->dev;
0a85b964
MH		 805
806 hci_dev_put(hdev);
807
edad6388 808 return device;
0a85b964
MH		 809}
810
91f5cca3
AM		 811static int hidp_setup_input(struct hidp_session *session,
812 struct hidp_connadd_req *req)
1da177e4 813{
c500c971 814 struct input_dev *input;
3415a5fd 815 int i;
1da177e4 816
c500c971
JS		 817 input = input_allocate_device();
818 if (!input)
819 return -ENOMEM;
820
821 session->input = input;
822
5be39466 823 input_set_drvdata(input, session);
1da177e4 824
34abf91f
DT		 825 input->name = "Bluetooth HID Boot Protocol Device";
826
1da177e4
LT		 827 input->id.bustype = BUS_BLUETOOTH;
828 input->id.vendor = req->vendor;
829 input->id.product = req->product;
830 input->id.version = req->version;
831
832 if (req->subclass & 0x40) {
833 set_bit(EV_KEY, input->evbit);
834 set_bit(EV_LED, input->evbit);
835 set_bit(EV_REP, input->evbit);
836
837 set_bit(LED_NUML, input->ledbit);
838 set_bit(LED_CAPSL, input->ledbit);
839 set_bit(LED_SCROLLL, input->ledbit);
840 set_bit(LED_COMPOSE, input->ledbit);
841 set_bit(LED_KANA, input->ledbit);
842
843 for (i = 0; i < sizeof(hidp_keycode); i++)
844 set_bit(hidp_keycode[i], input->keybit);
845 clear_bit(0, input->keybit);
846 }
847
848 if (req->subclass & 0x80) {
7b19ada2
JS		 849 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
850 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
851 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
852 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
853 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
854 BIT_MASK(BTN_EXTRA);
855 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 856 }
857
5be39466 858 input->dev.parent = hidp_get_device(session);
0a85b964 859
1da177e4
LT		 860 input->event = hidp_input_event;
861
edad6388 862 return 0;
1da177e4
LT		 863}
864
f5ffd462
MH		 865static int hidp_open(struct hid_device *hid)
866{
867 return 0;
868}
869
870static void hidp_close(struct hid_device *hid)
871{
872}
873
c500c971
JS		 874static int hidp_parse(struct hid_device *hid)
875{
876 struct hidp_session *session = hid->driver_data;
c500c971 877
15c697ce
MP		 878 return hid_parse_report(session->hid, session->rd_data,
879 session->rd_size);
c500c971
JS		 880}
881
882static int hidp_start(struct hid_device *hid)
883{
884 struct hidp_session *session = hid->driver_data;
885 struct hid_report *report;
886
142c69c6
DH		 887 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
888 return 0;
889
c500c971
JS		 890 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
891 report_list, list)
892 hidp_send_report(session, report);
893
894 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
895 report_list, list)
896 hidp_send_report(session, report);
897
c500c971
JS		 898 return 0;
899}
900
901static void hidp_stop(struct hid_device *hid)
902{
903 struct hidp_session *session = hid->driver_data;
904
905 skb_queue_purge(&session->ctrl_transmit);
906 skb_queue_purge(&session->intr_transmit);
907
c500c971
JS		 908 hid->claimed = 0;
909}
910
911static struct hid_ll_driver hidp_hid_driver = {
912 .parse = hidp_parse,
913 .start = hidp_start,
914 .stop = hidp_stop,
915 .open = hidp_open,
916 .close = hidp_close,
917 .hidinput_input_event = hidp_hidinput_event,
918};
919
0f69dca2
AO		 920/* This function sets up the hid device. It does not add it
921 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 922static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 923 struct hidp_connadd_req *req)
e1aaadd4 924{
c500c971 925 struct hid_device *hid;
edad6388 926 int err;
e1aaadd4 927
15c697ce
MP		 928 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
929 if (!session->rd_data)
930 return -ENOMEM;
931
932 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
933 err = -EFAULT;
934 goto fault;
935 }
936 session->rd_size = req->rd_size;
937
c500c971 938 hid = hid_allocate_device();
15c697ce
MP		 939 if (IS_ERR(hid)) {
940 err = PTR_ERR(hid);
941 goto fault;
942 }
e1aaadd4 943
c500c971 944 session->hid = hid;
15c697ce 945
e1aaadd4
MH		 946 hid->driver_data = session;
947
e1aaadd4
MH		 948 hid->bus = BUS_BLUETOOTH;
949 hid->vendor = req->vendor;
950 hid->product = req->product;
951 hid->version = req->version;
c500c971 952 hid->country = req->country;
e1aaadd4
MH		 953
954 strncpy(hid->name, req->name, 128);
d6b2eb2f
GP		 955 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
956 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
e1aaadd4 957
85cdaf52 958 hid->dev.parent = hidp_get_device(session);
c500c971 959 hid->ll_driver = &hidp_hid_driver;
85cdaf52 960
0ff1731a 961 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 962 hid->hid_output_raw_report = hidp_output_raw_report;
963
c500c971 964 return 0;
edad6388 965
15c697ce
MP		 966fault:
967 kfree(session->rd_data);
968 session->rd_data = NULL;
969
edad6388 970 return err;
e1aaadd4
MH		 971}
972
1da177e4
LT		 973int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
974{
975 struct hidp_session *session, *s;
aabf6f89 976 int vendor, product;
1da177e4
LT		 977 int err;
978
979 BT_DBG("");
980
981 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
982 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
983 return -ENOTUNIQ;
984
25ea6db0 985 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
34abf91f 986 if (!session)
1da177e4 987 return -ENOMEM;
1da177e4 988
e1aaadd4
MH		 989 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
990
1da177e4
LT		 991 down_write(&hidp_session_sem);
992
993 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
994 if (s && s->state == BT_CONNECTED) {
995 err = -EEXIST;
996 goto failed;
997 }
998
999 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
1000
0c1bc5c6
GP		 1001 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
1002 l2cap_pi(ctrl_sock->sk)->chan->imtu);
1003 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
1004 l2cap_pi(intr_sock->sk)->chan->imtu);
1da177e4
LT		 1005
1006 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1007
1008 session->ctrl_sock = ctrl_sock;
1009 session->intr_sock = intr_sock;
1010 session->state = BT_CONNECTED;
1011
b24b8a24 1012 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 1013
1014 skb_queue_head_init(&session->ctrl_transmit);
1015 skb_queue_head_init(&session->intr_transmit);
1016
0ff1731a
AO		 1017 mutex_init(&session->report_mutex);
1018 init_waitqueue_head(&session->report_queue);
0f69dca2
AO		 1019 init_waitqueue_head(&session->startup_queue);
1020 session->waiting_for_startup = 1;
1da177e4
LT		 1021 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1022 session->idle_to = req->idle_to;
1023
c500c971 1024 if (req->rd_size > 0) {
85cdaf52 1025 err = hidp_setup_hid(session, req);
192893c7 1026 if (err)
edad6388 1027 goto purge;
c500c971
JS		 1028 }
1029
1030 if (!session->hid) {
1031 err = hidp_setup_input(session, req);
1032 if (err < 0)
edad6388 1033 goto purge;
85cdaf52 1034 }
e1aaadd4 1035
1da177e4
LT		 1036 __hidp_link_session(session);
1037
1038 hidp_set_timer(session);
1039
aabf6f89
SJ		 1040 if (session->hid) {
1041 vendor = session->hid->vendor;
1042 product = session->hid->product;
1043 } else if (session->input) {
1044 vendor = session->input->id.vendor;
1045 product = session->input->id.product;
1046 } else {
1047 vendor = 0x0000;
1048 product = 0x0000;
1049 }
1050
1051 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1052 vendor, product);
1053 if (IS_ERR(session->task)) {
1054 err = PTR_ERR(session->task);
1da177e4 1055 goto unlink;
aabf6f89
SJ		 1056 }
1057
0f69dca2
AO		 1058 while (session->waiting_for_startup) {
1059 wait_event_interruptible(session->startup_queue,
1060 !session->waiting_for_startup);
1061 }
1062
3415a5fd
GP		 1063 if (session->hid)
1064 err = hid_add_device(session->hid);
1065 else
1066 err = input_register_device(session->input);
1067
e9d5cb54
PH		 1068 if (err < 0) {
1069 atomic_inc(&session->terminate);
1070 wake_up_process(session->task);
1071 up_write(&hidp_session_sem);
1072 return err;
1073 }
1da177e4
LT		 1074
1075 if (session->input) {
1076 hidp_send_ctrl_message(session,
1077 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1078 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1079
1080 session->leds = 0xff;
1081 hidp_input_event(session->input, EV_LED, 0, 0);
1082 }
1083
1084 up_write(&hidp_session_sem);
1085 return 0;
1086
1087unlink:
1088 hidp_del_timer(session);
1089
1090 __hidp_unlink_session(session);
1091
edad6388 1092 if (session->input) {
1da177e4 1093 input_unregister_device(session->input);
edad6388
MH		 1094 session->input = NULL;
1095 }
1096
1097 if (session->hid) {
85cdaf52 1098 hid_destroy_device(session->hid);
edad6388
MH		 1099 session->hid = NULL;
1100 }
1101
15c697ce
MP		 1102 kfree(session->rd_data);
1103 session->rd_data = NULL;
1104
edad6388 1105purge:
c500c971
JS		 1106 skb_queue_purge(&session->ctrl_transmit);
1107 skb_queue_purge(&session->intr_transmit);
edad6388 1108
c500c971
JS		 1109failed:
1110 up_write(&hidp_session_sem);
e1aaadd4 1111
1da177e4
LT		 1112 kfree(session);
1113 return err;
1114}
1115
1116int hidp_del_connection(struct hidp_conndel_req *req)
1117{
1118 struct hidp_session *session;
1119 int err = 0;
1120
1121 BT_DBG("");
1122
1123 down_read(&hidp_session_sem);
1124
1125 session = __hidp_get_session(&req->bdaddr);
1126 if (session) {
1127 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1128 hidp_send_ctrl_message(session,
1129 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1130 } else {
1131 /* Flush the transmit queues */
1132 skb_queue_purge(&session->ctrl_transmit);
1133 skb_queue_purge(&session->intr_transmit);
1134
7bb59df8
PH		 1135 atomic_inc(&session->terminate);
1136 wake_up_process(session->task);
1da177e4
LT		 1137 }
1138 } else
1139 err = -ENOENT;
1140
1141 up_read(&hidp_session_sem);
1142 return err;
1143}
1144
1145int hidp_get_connlist(struct hidp_connlist_req *req)
1146{
cd11cdd2 1147 struct hidp_session *session;
1da177e4
LT		 1148 int err = 0, n = 0;
1149
1150 BT_DBG("");
1151
1152 down_read(&hidp_session_sem);
1153
cd11cdd2 1154 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 1155 struct hidp_conninfo ci;
1156
1da177e4
LT		 1157 __hidp_copy_session(session, &ci);
1158
1159 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1160 err = -EFAULT;
1161 break;
1162 }
1163
1164 if (++n >= req->cnum)
1165 break;
1166
1167 req->ci++;
1168 }
1169 req->cnum = n;
1170
1171 up_read(&hidp_session_sem);
1172 return err;
1173}
1174
1175int hidp_get_conninfo(struct hidp_conninfo *ci)
1176{
1177 struct hidp_session *session;
1178 int err = 0;
1179
1180 down_read(&hidp_session_sem);
1181
1182 session = __hidp_get_session(&ci->bdaddr);
1183 if (session)
1184 __hidp_copy_session(session, ci);
1185 else
1186 err = -ENOENT;
1187
1188 up_read(&hidp_session_sem);
1189 return err;
1190}
1191
85cdaf52
JS		 1192static const struct hid_device_id hidp_table[] = {
1193 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1194 { }
1195};
1196
1197static struct hid_driver hidp_driver = {
1198 .name = "generic-bluetooth",
1199 .id_table = hidp_table,
1200};
1201
1da177e4
LT		 1202static int __init hidp_init(void)
1203{
85cdaf52
JS		 1204 int ret;
1205
1da177e4
LT		 1206 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1207
85cdaf52
JS		 1208 ret = hid_register_driver(&hidp_driver);
1209 if (ret)
1210 goto err;
1211
1212 ret = hidp_init_sockets();
1213 if (ret)
1214 goto err_drv;
1215
1216 return 0;
1217err_drv:
1218 hid_unregister_driver(&hidp_driver);
1219err:
1220 return ret;
1da177e4
LT		 1221}
1222
1223static void __exit hidp_exit(void)
1224{
1225 hidp_cleanup_sockets();
85cdaf52 1226 hid_unregister_driver(&hidp_driver);
1da177e4
LT		 1227}
1228
1229module_init(hidp_init);
1230module_exit(hidp_exit);
1231
1232MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1233MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1234MODULE_VERSION(VERSION);
1235MODULE_LICENSE("GPL");
1236MODULE_ALIAS("bt-proto-6");
kernel source for telekom puls (alcatel/mediatek)