projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: cmtp: fix information leak to userland
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4
LT		 23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
1da177e4
LT		 28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
83144186 31#include <linux/freezer.h>
1da177e4
LT		 32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
39#include <net/sock.h>
40
41#include <linux/input.h>
e1aaadd4 42#include <linux/hid.h>
364f6351 43#include <linux/hidraw.h>
1da177e4
LT		 44
45#include <net/bluetooth/bluetooth.h>
0a85b964 46#include <net/bluetooth/hci_core.h>
1da177e4
LT		 47#include <net/bluetooth/l2cap.h>
48
49#include "hidp.h"
50
e1aaadd4 51#define VERSION "1.2"
1da177e4
LT		 52
53static DECLARE_RWSEM(hidp_session_sem);
54static LIST_HEAD(hidp_session_list);
55
56static unsigned char hidp_keycode[256] = {
57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
72 150,158,159,128,136,177,178,176,142,152,173,140
73};
74
75static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
76
77static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
78{
79 struct hidp_session *session;
80 struct list_head *p;
81
82 BT_DBG("");
83
84 list_for_each(p, &hidp_session_list) {
85 session = list_entry(p, struct hidp_session, list);
86 if (!bacmp(bdaddr, &session->bdaddr))
87 return session;
88 }
89 return NULL;
90}
91
92static void __hidp_link_session(struct hidp_session *session)
93{
94 __module_get(THIS_MODULE);
95 list_add(&session->list, &hidp_session_list);
edad6388
MH		 96
97 hci_conn_hold_device(session->conn);
1da177e4
LT		 98}
99
100static void __hidp_unlink_session(struct hidp_session *session)
101{
edad6388
MH		 102 hci_conn_put_device(session->conn);
103
1da177e4
LT		 104 list_del(&session->list);
105 module_put(THIS_MODULE);
106}
107
108static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109{
110 bacpy(&ci->bdaddr, &session->bdaddr);
111
112 ci->flags = session->flags;
113 ci->state = session->state;
114
115 ci->vendor = 0x0000;
116 ci->product = 0x0000;
117 ci->version = 0x0000;
118 memset(ci->name, 0, 128);
119
120 if (session->input) {
121 ci->vendor = session->input->id.vendor;
122 ci->product = session->input->id.product;
123 ci->version = session->input->id.version;
124 if (session->input->name)
125 strncpy(ci->name, session->input->name, 128);
126 else
127 strncpy(ci->name, "HID Boot Device", 128);
128 }
e1aaadd4
MH		 129
130 if (session->hid) {
131 ci->vendor = session->hid->vendor;
132 ci->product = session->hid->product;
133 ci->version = session->hid->version;
134 strncpy(ci->name, session->hid->name, 128);
135 }
1da177e4
LT		 136}
137
91f5cca3
AM		 138static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139 unsigned int type, unsigned int code, int value)
1da177e4 140{
1da177e4 141 unsigned char newleds;
e1aaadd4 142 struct sk_buff *skb;
1da177e4 143
e1aaadd4 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 145
146 if (type != EV_LED)
147 return -1;
148
149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
150 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152 (!!test_bit(LED_CAPSL, dev->led) << 1) |
153 (!!test_bit(LED_NUML, dev->led));
154
155 if (session->leds == newleds)
156 return 0;
157
158 session->leds = newleds;
159
160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161 BT_ERR("Can't allocate memory for new frame");
162 return -ENOMEM;
163 }
164
165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166 *skb_put(skb, 1) = 0x01;
167 *skb_put(skb, 1) = newleds;
168
169 skb_queue_tail(&session->intr_transmit, skb);
170
171 hidp_schedule(session);
172
173 return 0;
174}
175
e1aaadd4
MH		 176static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177{
5be39466 178 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 179 struct hidp_session *session = hid->driver_data;
180
181 return hidp_queue_event(session, dev, type, code, value);
182}
183
184static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185{
5be39466 186 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 187
188 return hidp_queue_event(session, dev, type, code, value);
189}
190
1da177e4
LT		 191static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192{
193 struct input_dev *dev = session->input;
194 unsigned char *keys = session->keys;
195 unsigned char *udata = skb->data + 1;
196 signed char *sdata = skb->data + 1;
197 int i, size = skb->len - 1;
198
199 switch (skb->data[0]) {
200 case 0x01: /* Keyboard report */
201 for (i = 0; i < 8; i++)
202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204 /* If all the key codes have been set to 0x01, it means
205 * too many keys were pressed at the same time. */
206 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207 break;
208
209 for (i = 2; i < 8; i++) {
210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211 if (hidp_keycode[keys[i]])
212 input_report_key(dev, hidp_keycode[keys[i]], 0);
213 else
214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215 }
216
217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218 if (hidp_keycode[udata[i]])
219 input_report_key(dev, hidp_keycode[udata[i]], 1);
220 else
221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222 }
223 }
224
225 memcpy(keys, udata, 8);
226 break;
227
228 case 0x02: /* Mouse report */
229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
234
235 input_report_rel(dev, REL_X, sdata[1]);
236 input_report_rel(dev, REL_Y, sdata[2]);
237
238 if (size > 3)
239 input_report_rel(dev, REL_WHEEL, sdata[3]);
240 break;
241 }
242
243 input_sync(dev);
244}
245
6bf8268f
BN		 246static int __hidp_send_ctrl_message(struct hidp_session *session,
247 unsigned char hdr, unsigned char *data, int size)
248{
249 struct sk_buff *skb;
250
251 BT_DBG("session %p data %p size %d", session, data, size);
252
253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 BT_ERR("Can't allocate memory for new frame");
255 return -ENOMEM;
256 }
257
258 *skb_put(skb, 1) = hdr;
259 if (data && size > 0)
260 memcpy(skb_put(skb, size), data, size);
261
262 skb_queue_tail(&session->ctrl_transmit, skb);
263
264 return 0;
265}
266
267static inline int hidp_send_ctrl_message(struct hidp_session *session,
268 unsigned char hdr, unsigned char *data, int size)
269{
270 int err;
271
272 err = __hidp_send_ctrl_message(session, hdr, data, size);
273
274 hidp_schedule(session);
275
276 return err;
277}
278
91f5cca3
AM		 279static int hidp_queue_report(struct hidp_session *session,
280 unsigned char *data, int size)
e1aaadd4
MH		 281{
282 struct sk_buff *skb;
283
6792b5ec 284 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4
MH		 285
286 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
287 BT_ERR("Can't allocate memory for new frame");
288 return -ENOMEM;
289 }
290
291 *skb_put(skb, 1) = 0xa2;
292 if (size > 0)
293 memcpy(skb_put(skb, size), data, size);
294
295 skb_queue_tail(&session->intr_transmit, skb);
296
297 hidp_schedule(session);
298
299 return 0;
300}
301
302static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
303{
304 unsigned char buf[32];
305 int rsize;
306
307 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
308 if (rsize > sizeof(buf))
309 return -EIO;
310
311 hid_output_report(report, buf);
312
313 return hidp_queue_report(session, buf, rsize);
314}
315
d4bfa033
JK		 316static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
317 unsigned char report_type)
2da31939 318{
d4bfa033
JK		 319 switch (report_type) {
320 case HID_FEATURE_REPORT:
321 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
322 break;
323 case HID_OUTPUT_REPORT:
324 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
325 break;
326 default:
327 return -EINVAL;
328 }
329
330 if (hidp_send_ctrl_message(hid->driver_data, report_type,
6bf8268f 331 data, count))
2da31939
JK		 332 return -ENOMEM;
333 return count;
334}
335
1da177e4
LT		 336static void hidp_idle_timeout(unsigned long arg)
337{
338 struct hidp_session *session = (struct hidp_session *) arg;
339
340 atomic_inc(&session->terminate);
341 hidp_schedule(session);
342}
343
91f5cca3 344static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 345{
346 if (session->idle_to > 0)
347 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
348}
349
350static inline void hidp_del_timer(struct hidp_session *session)
351{
352 if (session->idle_to > 0)
353 del_timer(&session->timer);
354}
355
91f5cca3
AM		 356static void hidp_process_handshake(struct hidp_session *session,
357 unsigned char param)
1da177e4
LT		 358{
359 BT_DBG("session %p param 0x%02x", session, param);
360
361 switch (param) {
362 case HIDP_HSHK_SUCCESSFUL:
363 /* FIXME: Call into SET_ GET_ handlers here */
364 break;
365
366 case HIDP_HSHK_NOT_READY:
367 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
368 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
369 case HIDP_HSHK_ERR_INVALID_PARAMETER:
370 /* FIXME: Call into SET_ GET_ handlers here */
371 break;
372
373 case HIDP_HSHK_ERR_UNKNOWN:
374 break;
375
376 case HIDP_HSHK_ERR_FATAL:
377 /* Device requests a reboot, as this is the only way this error
8e87d142 378 * can be recovered. */
1da177e4
LT		 379 __hidp_send_ctrl_message(session,
380 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
381 break;
382
383 default:
384 __hidp_send_ctrl_message(session,
385 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
386 break;
387 }
388}
389
91f5cca3
AM		 390static void hidp_process_hid_control(struct hidp_session *session,
391 unsigned char param)
1da177e4
LT		 392{
393 BT_DBG("session %p param 0x%02x", session, param);
394
eff001e3 395 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 396 /* Flush the transmit queues */
397 skb_queue_purge(&session->ctrl_transmit);
398 skb_queue_purge(&session->intr_transmit);
399
400 /* Kill session thread */
401 atomic_inc(&session->terminate);
981b1414 402 hidp_schedule(session);
1da177e4
LT		 403 }
404}
405
91f5cca3
AM		 406static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
407 unsigned char param)
1da177e4
LT		 408{
409 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
410
411 switch (param) {
412 case HIDP_DATA_RTYPE_INPUT:
413 hidp_set_timer(session);
414
415 if (session->input)
416 hidp_input_report(session, skb);
e1aaadd4
MH		 417
418 if (session->hid)
419 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
420
1da177e4
LT		 421 break;
422
423 case HIDP_DATA_RTYPE_OTHER:
424 case HIDP_DATA_RTYPE_OUPUT:
425 case HIDP_DATA_RTYPE_FEATURE:
426 break;
427
428 default:
429 __hidp_send_ctrl_message(session,
430 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
431 }
432}
433
91f5cca3
AM		 434static void hidp_recv_ctrl_frame(struct hidp_session *session,
435 struct sk_buff *skb)
1da177e4
LT		 436{
437 unsigned char hdr, type, param;
438
439 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
440
441 hdr = skb->data[0];
442 skb_pull(skb, 1);
443
444 type = hdr & HIDP_HEADER_TRANS_MASK;
445 param = hdr & HIDP_HEADER_PARAM_MASK;
446
447 switch (type) {
448 case HIDP_TRANS_HANDSHAKE:
449 hidp_process_handshake(session, param);
450 break;
451
452 case HIDP_TRANS_HID_CONTROL:
453 hidp_process_hid_control(session, param);
454 break;
455
456 case HIDP_TRANS_DATA:
457 hidp_process_data(session, skb, param);
458 break;
459
460 default:
461 __hidp_send_ctrl_message(session,
462 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
463 break;
464 }
465
466 kfree_skb(skb);
467}
468
91f5cca3
AM		 469static void hidp_recv_intr_frame(struct hidp_session *session,
470 struct sk_buff *skb)
1da177e4
LT		 471{
472 unsigned char hdr;
473
474 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
475
476 hdr = skb->data[0];
477 skb_pull(skb, 1);
478
479 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
480 hidp_set_timer(session);
e1aaadd4 481
1da177e4
LT		 482 if (session->input)
483 hidp_input_report(session, skb);
e1aaadd4
MH		 484
485 if (session->hid) {
486 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
487 BT_DBG("report len %d", skb->len);
488 }
1da177e4
LT		 489 } else {
490 BT_DBG("Unsupported protocol header 0x%02x", hdr);
491 }
492
493 kfree_skb(skb);
494}
495
496static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
497{
498 struct kvec iv = { data, len };
499 struct msghdr msg;
500
501 BT_DBG("sock %p data %p len %d", sock, data, len);
502
503 if (!len)
504 return 0;
505
506 memset(&msg, 0, sizeof(msg));
507
508 return kernel_sendmsg(sock, &msg, &iv, 1, len);
509}
510
b03efcfb 511static void hidp_process_transmit(struct hidp_session *session)
1da177e4
LT		 512{
513 struct sk_buff *skb;
514
515 BT_DBG("session %p", session);
516
517 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
518 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
519 skb_queue_head(&session->ctrl_transmit, skb);
520 break;
521 }
522
523 hidp_set_timer(session);
524 kfree_skb(skb);
525 }
526
527 while ((skb = skb_dequeue(&session->intr_transmit))) {
528 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
529 skb_queue_head(&session->intr_transmit, skb);
530 break;
531 }
532
533 hidp_set_timer(session);
534 kfree_skb(skb);
535 }
1da177e4
LT		 536}
537
538static int hidp_session(void *arg)
539{
540 struct hidp_session *session = arg;
541 struct sock *ctrl_sk = session->ctrl_sock->sk;
542 struct sock *intr_sk = session->intr_sock->sk;
543 struct sk_buff *skb;
544 int vendor = 0x0000, product = 0x0000;
545 wait_queue_t ctrl_wait, intr_wait;
546
547 BT_DBG("session %p", session);
548
549 if (session->input) {
550 vendor = session->input->id.vendor;
551 product = session->input->id.product;
552 }
553
e1aaadd4
MH		 554 if (session->hid) {
555 vendor = session->hid->vendor;
556 product = session->hid->product;
557 }
558
1da177e4
LT		 559 daemonize("khidpd_%04x%04x", vendor, product);
560 set_user_nice(current, -15);
1da177e4
LT		 561
562 init_waitqueue_entry(&ctrl_wait, current);
563 init_waitqueue_entry(&intr_wait, current);
aa395145
ED		 564 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
565 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
1da177e4
LT		 566 while (!atomic_read(&session->terminate)) {
567 set_current_state(TASK_INTERRUPTIBLE);
568
569 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
570 break;
571
572 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
573 skb_orphan(skb);
574 hidp_recv_ctrl_frame(session, skb);
575 }
576
577 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
578 skb_orphan(skb);
579 hidp_recv_intr_frame(session, skb);
580 }
581
582 hidp_process_transmit(session);
583
584 schedule();
585 }
586 set_current_state(TASK_RUNNING);
aa395145
ED		 587 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
588 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
1da177e4
LT		 589
590 down_write(&hidp_session_sem);
591
592 hidp_del_timer(session);
593
1da177e4
LT		 594 if (session->input) {
595 input_unregister_device(session->input);
34abf91f 596 session->input = NULL;
1da177e4
LT		 597 }
598
e1aaadd4 599 if (session->hid) {
85cdaf52 600 hid_destroy_device(session->hid);
edad6388 601 session->hid = NULL;
e1aaadd4
MH		 602 }
603
ec8dab36
MH		 604 /* Wakeup user-space polling for socket errors */
605 session->intr_sock->sk->sk_err = EUNATCH;
606 session->ctrl_sock->sk->sk_err = EUNATCH;
607
608 hidp_schedule(session);
609
1c39858b
DW		 610 fput(session->intr_sock->file);
611
aa395145 612 wait_event_timeout(*(sk_sleep(ctrl_sk)),
1c39858b
DW		 613 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
614
615 fput(session->ctrl_sock->file);
616
617 __hidp_unlink_session(session);
618
1da177e4
LT		 619 up_write(&hidp_session_sem);
620
621 kfree(session);
622 return 0;
623}
624
0a85b964
MH		 625static struct device *hidp_get_device(struct hidp_session *session)
626{
627 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
628 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
edad6388 629 struct device *device = NULL;
0a85b964 630 struct hci_dev *hdev;
0a85b964
MH		 631
632 hdev = hci_get_route(dst, src);
633 if (!hdev)
634 return NULL;
635
edad6388
MH		 636 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
637 if (session->conn)
638 device = &session->conn->dev;
0a85b964
MH		 639
640 hci_dev_put(hdev);
641
edad6388 642 return device;
0a85b964
MH		 643}
644
91f5cca3
AM		 645static int hidp_setup_input(struct hidp_session *session,
646 struct hidp_connadd_req *req)
1da177e4 647{
c500c971 648 struct input_dev *input;
edad6388 649 int err, i;
1da177e4 650
c500c971
JS		 651 input = input_allocate_device();
652 if (!input)
653 return -ENOMEM;
654
655 session->input = input;
656
5be39466 657 input_set_drvdata(input, session);
1da177e4 658
34abf91f
DT		 659 input->name = "Bluetooth HID Boot Protocol Device";
660
1da177e4
LT		 661 input->id.bustype = BUS_BLUETOOTH;
662 input->id.vendor = req->vendor;
663 input->id.product = req->product;
664 input->id.version = req->version;
665
666 if (req->subclass & 0x40) {
667 set_bit(EV_KEY, input->evbit);
668 set_bit(EV_LED, input->evbit);
669 set_bit(EV_REP, input->evbit);
670
671 set_bit(LED_NUML, input->ledbit);
672 set_bit(LED_CAPSL, input->ledbit);
673 set_bit(LED_SCROLLL, input->ledbit);
674 set_bit(LED_COMPOSE, input->ledbit);
675 set_bit(LED_KANA, input->ledbit);
676
677 for (i = 0; i < sizeof(hidp_keycode); i++)
678 set_bit(hidp_keycode[i], input->keybit);
679 clear_bit(0, input->keybit);
680 }
681
682 if (req->subclass & 0x80) {
7b19ada2
JS		 683 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
684 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
685 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
686 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
687 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
688 BIT_MASK(BTN_EXTRA);
689 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 690 }
691
5be39466 692 input->dev.parent = hidp_get_device(session);
0a85b964 693
1da177e4
LT		 694 input->event = hidp_input_event;
695
edad6388
MH		 696 err = input_register_device(input);
697 if (err < 0) {
698 hci_conn_put_device(session->conn);
699 return err;
700 }
701
702 return 0;
1da177e4
LT		 703}
704
f5ffd462
MH		 705static int hidp_open(struct hid_device *hid)
706{
707 return 0;
708}
709
710static void hidp_close(struct hid_device *hid)
711{
712}
713
c500c971
JS		 714static int hidp_parse(struct hid_device *hid)
715{
716 struct hidp_session *session = hid->driver_data;
c500c971 717
15c697ce
MP		 718 return hid_parse_report(session->hid, session->rd_data,
719 session->rd_size);
c500c971
JS		 720}
721
722static int hidp_start(struct hid_device *hid)
723{
724 struct hidp_session *session = hid->driver_data;
725 struct hid_report *report;
726
727 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
728 report_list, list)
729 hidp_send_report(session, report);
730
731 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
732 report_list, list)
733 hidp_send_report(session, report);
734
c500c971
JS		 735 return 0;
736}
737
738static void hidp_stop(struct hid_device *hid)
739{
740 struct hidp_session *session = hid->driver_data;
741
742 skb_queue_purge(&session->ctrl_transmit);
743 skb_queue_purge(&session->intr_transmit);
744
c500c971
JS		 745 hid->claimed = 0;
746}
747
748static struct hid_ll_driver hidp_hid_driver = {
749 .parse = hidp_parse,
750 .start = hidp_start,
751 .stop = hidp_stop,
752 .open = hidp_open,
753 .close = hidp_close,
754 .hidinput_input_event = hidp_hidinput_event,
755};
756
85cdaf52 757static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 758 struct hidp_connadd_req *req)
e1aaadd4 759{
c500c971 760 struct hid_device *hid;
edad6388 761 int err;
e1aaadd4 762
15c697ce
MP		 763 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
764 if (!session->rd_data)
765 return -ENOMEM;
766
767 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
768 err = -EFAULT;
769 goto fault;
770 }
771 session->rd_size = req->rd_size;
772
c500c971 773 hid = hid_allocate_device();
15c697ce
MP		 774 if (IS_ERR(hid)) {
775 err = PTR_ERR(hid);
776 goto fault;
777 }
e1aaadd4 778
c500c971 779 session->hid = hid;
15c697ce 780
e1aaadd4
MH		 781 hid->driver_data = session;
782
e1aaadd4
MH		 783 hid->bus = BUS_BLUETOOTH;
784 hid->vendor = req->vendor;
785 hid->product = req->product;
786 hid->version = req->version;
c500c971 787 hid->country = req->country;
e1aaadd4
MH		 788
789 strncpy(hid->name, req->name, 128);
d6b2eb2f
GP		 790 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
791 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
e1aaadd4 792
85cdaf52 793 hid->dev.parent = hidp_get_device(session);
c500c971 794 hid->ll_driver = &hidp_hid_driver;
85cdaf52 795
2da31939
JK		 796 hid->hid_output_raw_report = hidp_output_raw_report;
797
edad6388
MH		 798 err = hid_add_device(hid);
799 if (err < 0)
800 goto failed;
85cdaf52 801
c500c971 802 return 0;
edad6388
MH		 803
804failed:
c500c971
JS		 805 hid_destroy_device(hid);
806 session->hid = NULL;
edad6388 807
15c697ce
MP		 808fault:
809 kfree(session->rd_data);
810 session->rd_data = NULL;
811
edad6388 812 return err;
e1aaadd4
MH		 813}
814
1da177e4
LT		 815int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
816{
817 struct hidp_session *session, *s;
818 int err;
819
820 BT_DBG("");
821
822 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
823 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
824 return -ENOTUNIQ;
825
25ea6db0 826 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
34abf91f 827 if (!session)
1da177e4 828 return -ENOMEM;
1da177e4 829
e1aaadd4
MH		 830 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
831
1da177e4
LT		 832 down_write(&hidp_session_sem);
833
834 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
835 if (s && s->state == BT_CONNECTED) {
836 err = -EEXIST;
837 goto failed;
838 }
839
840 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
841
842 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
843 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
844
845 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
846
847 session->ctrl_sock = ctrl_sock;
848 session->intr_sock = intr_sock;
849 session->state = BT_CONNECTED;
850
b24b8a24 851 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 852
853 skb_queue_head_init(&session->ctrl_transmit);
854 skb_queue_head_init(&session->intr_transmit);
855
856 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
857 session->idle_to = req->idle_to;
858
c500c971 859 if (req->rd_size > 0) {
85cdaf52 860 err = hidp_setup_hid(session, req);
d458a9df 861 if (err && err != -ENODEV)
edad6388 862 goto purge;
c500c971
JS		 863 }
864
865 if (!session->hid) {
866 err = hidp_setup_input(session, req);
867 if (err < 0)
edad6388 868 goto purge;
85cdaf52 869 }
e1aaadd4 870
1da177e4
LT		 871 __hidp_link_session(session);
872
873 hidp_set_timer(session);
874
875 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
876 if (err < 0)
877 goto unlink;
878
879 if (session->input) {
880 hidp_send_ctrl_message(session,
881 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
882 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
883
884 session->leds = 0xff;
885 hidp_input_event(session->input, EV_LED, 0, 0);
886 }
887
888 up_write(&hidp_session_sem);
889 return 0;
890
891unlink:
892 hidp_del_timer(session);
893
894 __hidp_unlink_session(session);
895
edad6388 896 if (session->input) {
1da177e4 897 input_unregister_device(session->input);
edad6388
MH		 898 session->input = NULL;
899 }
900
901 if (session->hid) {
85cdaf52 902 hid_destroy_device(session->hid);
edad6388
MH		 903 session->hid = NULL;
904 }
905
15c697ce
MP		 906 kfree(session->rd_data);
907 session->rd_data = NULL;
908
edad6388 909purge:
c500c971
JS		 910 skb_queue_purge(&session->ctrl_transmit);
911 skb_queue_purge(&session->intr_transmit);
edad6388 912
c500c971
JS		 913failed:
914 up_write(&hidp_session_sem);
e1aaadd4 915
5be39466 916 input_free_device(session->input);
1da177e4
LT		 917 kfree(session);
918 return err;
919}
920
921int hidp_del_connection(struct hidp_conndel_req *req)
922{
923 struct hidp_session *session;
924 int err = 0;
925
926 BT_DBG("");
927
928 down_read(&hidp_session_sem);
929
930 session = __hidp_get_session(&req->bdaddr);
931 if (session) {
932 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
933 hidp_send_ctrl_message(session,
934 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
935 } else {
936 /* Flush the transmit queues */
937 skb_queue_purge(&session->ctrl_transmit);
938 skb_queue_purge(&session->intr_transmit);
939
ec8dab36
MH		 940 /* Wakeup user-space polling for socket errors */
941 session->intr_sock->sk->sk_err = EUNATCH;
942 session->ctrl_sock->sk->sk_err = EUNATCH;
943
1da177e4
LT		 944 /* Kill session thread */
945 atomic_inc(&session->terminate);
946 hidp_schedule(session);
947 }
948 } else
949 err = -ENOENT;
950
951 up_read(&hidp_session_sem);
952 return err;
953}
954
955int hidp_get_connlist(struct hidp_connlist_req *req)
956{
957 struct list_head *p;
958 int err = 0, n = 0;
959
960 BT_DBG("");
961
962 down_read(&hidp_session_sem);
963
964 list_for_each(p, &hidp_session_list) {
965 struct hidp_session *session;
966 struct hidp_conninfo ci;
967
968 session = list_entry(p, struct hidp_session, list);
969
970 __hidp_copy_session(session, &ci);
971
972 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
973 err = -EFAULT;
974 break;
975 }
976
977 if (++n >= req->cnum)
978 break;
979
980 req->ci++;
981 }
982 req->cnum = n;
983
984 up_read(&hidp_session_sem);
985 return err;
986}
987
988int hidp_get_conninfo(struct hidp_conninfo *ci)
989{
990 struct hidp_session *session;
991 int err = 0;
992
993 down_read(&hidp_session_sem);
994
995 session = __hidp_get_session(&ci->bdaddr);
996 if (session)
997 __hidp_copy_session(session, ci);
998 else
999 err = -ENOENT;
1000
1001 up_read(&hidp_session_sem);
1002 return err;
1003}
1004
85cdaf52
JS		 1005static const struct hid_device_id hidp_table[] = {
1006 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1007 { }
1008};
1009
1010static struct hid_driver hidp_driver = {
1011 .name = "generic-bluetooth",
1012 .id_table = hidp_table,
1013};
1014
1da177e4
LT		 1015static int __init hidp_init(void)
1016{
85cdaf52
JS		 1017 int ret;
1018
1da177e4
LT		 1019 l2cap_load();
1020
1021 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1022
85cdaf52
JS		 1023 ret = hid_register_driver(&hidp_driver);
1024 if (ret)
1025 goto err;
1026
1027 ret = hidp_init_sockets();
1028 if (ret)
1029 goto err_drv;
1030
1031 return 0;
1032err_drv:
1033 hid_unregister_driver(&hidp_driver);
1034err:
1035 return ret;
1da177e4
LT		 1036}
1037
1038static void __exit hidp_exit(void)
1039{
1040 hidp_cleanup_sockets();
85cdaf52 1041 hid_unregister_driver(&hidp_driver);
1da177e4
LT		 1042}
1043
1044module_init(hidp_init);
1045module_exit(hidp_exit);
1046
1047MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1048MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1049MODULE_VERSION(VERSION);
1050MODULE_LICENSE("GPL");
1051MODULE_ALIAS("bt-proto-6");
kernel source for telekom puls (alcatel/mediatek)