2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
80 ci->vendor = session->input->id.vendor;
81 ci->product = session->input->id.product;
82 ci->version = session->input->id.version;
83 if (session->input->name)
84 strlcpy(ci->name, session->input->name, 128);
86 strlcpy(ci->name, "HID Boot Device", 128);
87 } else if (session->hid) {
88 ci->vendor = session->hid->vendor;
89 ci->product = session->hid->product;
90 ci->version = session->hid->version;
91 strlcpy(ci->name, session->hid->name, 128);
95 /* assemble skb, queue message on @transmit and wake up the session thread */
96 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
97 struct sk_buff_head *transmit, unsigned char hdr,
98 const unsigned char *data, int size)
101 struct sock *sk = sock->sk;
103 BT_DBG("session %p data %p size %d", session, data, size);
105 if (atomic_read(&session->terminate))
108 skb = alloc_skb(size + 1, GFP_ATOMIC);
110 BT_ERR("Can't allocate memory for new frame");
114 *skb_put(skb, 1) = hdr;
115 if (data && size > 0)
116 memcpy(skb_put(skb, size), data, size);
118 skb_queue_tail(transmit, skb);
119 wake_up_interruptible(sk_sleep(sk));
124 static int hidp_send_ctrl_message(struct hidp_session *session,
125 unsigned char hdr, const unsigned char *data,
128 return hidp_send_message(session, session->ctrl_sock,
129 &session->ctrl_transmit, hdr, data, size);
132 static int hidp_send_intr_message(struct hidp_session *session,
133 unsigned char hdr, const unsigned char *data,
136 return hidp_send_message(session, session->intr_sock,
137 &session->intr_transmit, hdr, data, size);
140 static int hidp_input_event(struct input_dev *dev, unsigned int type,
141 unsigned int code, int value)
143 struct hidp_session *session = input_get_drvdata(dev);
144 unsigned char newleds;
145 unsigned char hdr, data[2];
147 BT_DBG("session %p type %d code %d value %d",
148 session, type, code, value);
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led) << 0);
159 if (session->leds == newleds)
162 session->leds = newleds;
164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
168 return hidp_send_intr_message(session, hdr, data, 2);
171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 struct input_dev *dev = session->input;
174 unsigned char *keys = session->keys;
175 unsigned char *udata = skb->data + 1;
176 signed char *sdata = skb->data + 1;
177 int i, size = skb->len - 1;
179 switch (skb->data[0]) {
180 case 0x01: /* Keyboard report */
181 for (i = 0; i < 8; i++)
182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 /* If all the key codes have been set to 0x01, it means
185 * too many keys were pressed at the same time. */
186 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
189 for (i = 2; i < 8; i++) {
190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191 if (hidp_keycode[keys[i]])
192 input_report_key(dev, hidp_keycode[keys[i]], 0);
194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198 if (hidp_keycode[udata[i]])
199 input_report_key(dev, hidp_keycode[udata[i]], 1);
201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
205 memcpy(keys, udata, 8);
208 case 0x02: /* Mouse report */
209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215 input_report_rel(dev, REL_X, sdata[1]);
216 input_report_rel(dev, REL_Y, sdata[2]);
219 input_report_rel(dev, REL_WHEEL, sdata[3]);
226 static int hidp_get_raw_report(struct hid_device *hid,
227 unsigned char report_number,
228 unsigned char *data, size_t count,
229 unsigned char report_type)
231 struct hidp_session *session = hid->driver_data;
234 int numbered_reports = hid->report_enum[report_type].numbered;
237 if (atomic_read(&session->terminate))
240 switch (report_type) {
241 case HID_FEATURE_REPORT:
242 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
244 case HID_INPUT_REPORT:
245 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
247 case HID_OUTPUT_REPORT:
248 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
254 if (mutex_lock_interruptible(&session->report_mutex))
257 /* Set up our wait, and send the report request to the device. */
258 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
259 session->waiting_report_number = numbered_reports ? report_number : -1;
260 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
261 data[0] = report_number;
262 ret = hidp_send_ctrl_message(session, report_type, data, 1);
266 /* Wait for the return of the report. The returned report
267 gets put in session->report_return. */
268 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
269 !atomic_read(&session->terminate)) {
272 res = wait_event_interruptible_timeout(session->report_queue,
273 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
274 || atomic_read(&session->terminate),
288 skb = session->report_return;
290 len = skb->len < count ? skb->len : count;
291 memcpy(data, skb->data, len);
294 session->report_return = NULL;
296 /* Device returned a HANDSHAKE, indicating protocol error. */
300 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
301 mutex_unlock(&session->report_mutex);
306 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
307 mutex_unlock(&session->report_mutex);
311 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum,
312 unsigned char *data, size_t count,
313 unsigned char report_type)
315 struct hidp_session *session = hid->driver_data;
318 switch (report_type) {
319 case HID_FEATURE_REPORT:
320 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
322 case HID_INPUT_REPORT:
323 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT;
325 case HID_OUTPUT_REPORT:
326 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
332 if (mutex_lock_interruptible(&session->report_mutex))
335 /* Set up our wait, and send the report request to the device. */
337 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
338 ret = hidp_send_ctrl_message(session, report_type, data, count);
342 /* Wait for the ACK from the device. */
343 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
344 !atomic_read(&session->terminate)) {
347 res = wait_event_interruptible_timeout(session->report_queue,
348 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
349 || atomic_read(&session->terminate),
363 if (!session->output_report_success) {
371 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
372 mutex_unlock(&session->report_mutex);
376 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count)
378 struct hidp_session *session = hid->driver_data;
380 return hidp_send_intr_message(session,
381 HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT,
385 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum,
386 __u8 *buf, size_t len, unsigned char rtype,
390 case HID_REQ_GET_REPORT:
391 return hidp_get_raw_report(hid, reportnum, buf, len, rtype);
392 case HID_REQ_SET_REPORT:
393 return hidp_set_raw_report(hid, reportnum, buf, len, rtype);
399 static void hidp_idle_timeout(unsigned long arg)
401 struct hidp_session *session = (struct hidp_session *) arg;
403 hidp_session_terminate(session);
406 static void hidp_set_timer(struct hidp_session *session)
408 if (session->idle_to > 0)
409 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
412 static void hidp_del_timer(struct hidp_session *session)
414 if (session->idle_to > 0)
415 del_timer(&session->timer);
418 static void hidp_process_report(struct hidp_session *session,
419 int type, const u8 *data, int len, int intr)
421 if (len > HID_MAX_BUFFER_SIZE)
422 len = HID_MAX_BUFFER_SIZE;
424 memcpy(session->input_buf, data, len);
425 hid_input_report(session->hid, type, session->input_buf, len, intr);
428 static void hidp_process_handshake(struct hidp_session *session,
431 BT_DBG("session %p param 0x%02x", session, param);
432 session->output_report_success = 0; /* default condition */
435 case HIDP_HSHK_SUCCESSFUL:
436 /* FIXME: Call into SET_ GET_ handlers here */
437 session->output_report_success = 1;
440 case HIDP_HSHK_NOT_READY:
441 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
442 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
443 case HIDP_HSHK_ERR_INVALID_PARAMETER:
444 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
445 wake_up_interruptible(&session->report_queue);
447 /* FIXME: Call into SET_ GET_ handlers here */
450 case HIDP_HSHK_ERR_UNKNOWN:
453 case HIDP_HSHK_ERR_FATAL:
454 /* Device requests a reboot, as this is the only way this error
455 * can be recovered. */
456 hidp_send_ctrl_message(session,
457 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
461 hidp_send_ctrl_message(session,
462 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
466 /* Wake up the waiting thread. */
467 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
468 wake_up_interruptible(&session->report_queue);
471 static void hidp_process_hid_control(struct hidp_session *session,
474 BT_DBG("session %p param 0x%02x", session, param);
476 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
477 /* Flush the transmit queues */
478 skb_queue_purge(&session->ctrl_transmit);
479 skb_queue_purge(&session->intr_transmit);
481 hidp_session_terminate(session);
485 /* Returns true if the passed-in skb should be freed by the caller. */
486 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
489 int done_with_skb = 1;
490 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
493 case HIDP_DATA_RTYPE_INPUT:
494 hidp_set_timer(session);
497 hidp_input_report(session, skb);
500 hidp_process_report(session, HID_INPUT_REPORT,
501 skb->data, skb->len, 0);
504 case HIDP_DATA_RTYPE_OTHER:
505 case HIDP_DATA_RTYPE_OUPUT:
506 case HIDP_DATA_RTYPE_FEATURE:
510 hidp_send_ctrl_message(session,
511 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
514 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
515 param == session->waiting_report_type) {
516 if (session->waiting_report_number < 0 ||
517 session->waiting_report_number == skb->data[0]) {
518 /* hidp_get_raw_report() is waiting on this report. */
519 session->report_return = skb;
521 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
522 wake_up_interruptible(&session->report_queue);
526 return done_with_skb;
529 static void hidp_recv_ctrl_frame(struct hidp_session *session,
532 unsigned char hdr, type, param;
535 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
540 type = hdr & HIDP_HEADER_TRANS_MASK;
541 param = hdr & HIDP_HEADER_PARAM_MASK;
544 case HIDP_TRANS_HANDSHAKE:
545 hidp_process_handshake(session, param);
548 case HIDP_TRANS_HID_CONTROL:
549 hidp_process_hid_control(session, param);
552 case HIDP_TRANS_DATA:
553 free_skb = hidp_process_data(session, skb, param);
557 hidp_send_ctrl_message(session,
558 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
566 static void hidp_recv_intr_frame(struct hidp_session *session,
571 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
576 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
577 hidp_set_timer(session);
580 hidp_input_report(session, skb);
583 hidp_process_report(session, HID_INPUT_REPORT,
584 skb->data, skb->len, 1);
585 BT_DBG("report len %d", skb->len);
588 BT_DBG("Unsupported protocol header 0x%02x", hdr);
594 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
596 struct kvec iv = { data, len };
599 BT_DBG("sock %p data %p len %d", sock, data, len);
604 memset(&msg, 0, sizeof(msg));
606 return kernel_sendmsg(sock, &msg, &iv, 1, len);
609 /* dequeue message from @transmit and send via @sock */
610 static void hidp_process_transmit(struct hidp_session *session,
611 struct sk_buff_head *transmit,
617 BT_DBG("session %p", session);
619 while ((skb = skb_dequeue(transmit))) {
620 ret = hidp_send_frame(sock, skb->data, skb->len);
621 if (ret == -EAGAIN) {
622 skb_queue_head(transmit, skb);
624 } else if (ret < 0) {
625 hidp_session_terminate(session);
630 hidp_set_timer(session);
635 static int hidp_setup_input(struct hidp_session *session,
636 struct hidp_connadd_req *req)
638 struct input_dev *input;
641 input = input_allocate_device();
645 session->input = input;
647 input_set_drvdata(input, session);
649 input->name = "Bluetooth HID Boot Protocol Device";
651 input->id.bustype = BUS_BLUETOOTH;
652 input->id.vendor = req->vendor;
653 input->id.product = req->product;
654 input->id.version = req->version;
656 if (req->subclass & 0x40) {
657 set_bit(EV_KEY, input->evbit);
658 set_bit(EV_LED, input->evbit);
659 set_bit(EV_REP, input->evbit);
661 set_bit(LED_NUML, input->ledbit);
662 set_bit(LED_CAPSL, input->ledbit);
663 set_bit(LED_SCROLLL, input->ledbit);
664 set_bit(LED_COMPOSE, input->ledbit);
665 set_bit(LED_KANA, input->ledbit);
667 for (i = 0; i < sizeof(hidp_keycode); i++)
668 set_bit(hidp_keycode[i], input->keybit);
669 clear_bit(0, input->keybit);
672 if (req->subclass & 0x80) {
673 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
674 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
675 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
676 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
677 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
679 input->relbit[0] |= BIT_MASK(REL_WHEEL);
682 input->dev.parent = &session->conn->hcon->dev;
684 input->event = hidp_input_event;
689 static int hidp_open(struct hid_device *hid)
694 static void hidp_close(struct hid_device *hid)
698 static int hidp_parse(struct hid_device *hid)
700 struct hidp_session *session = hid->driver_data;
702 return hid_parse_report(session->hid, session->rd_data,
706 static int hidp_start(struct hid_device *hid)
711 static void hidp_stop(struct hid_device *hid)
713 struct hidp_session *session = hid->driver_data;
715 skb_queue_purge(&session->ctrl_transmit);
716 skb_queue_purge(&session->intr_transmit);
721 static struct hid_ll_driver hidp_hid_driver = {
727 .raw_request = hidp_raw_request,
728 .output_report = hidp_output_report,
731 /* This function sets up the hid device. It does not add it
732 to the HID system. That is done in hidp_add_connection(). */
733 static int hidp_setup_hid(struct hidp_session *session,
734 struct hidp_connadd_req *req)
736 struct hid_device *hid;
739 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
740 if (!session->rd_data)
743 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
747 session->rd_size = req->rd_size;
749 hid = hid_allocate_device();
757 hid->driver_data = session;
759 hid->bus = BUS_BLUETOOTH;
760 hid->vendor = req->vendor;
761 hid->product = req->product;
762 hid->version = req->version;
763 hid->country = req->country;
765 strncpy(hid->name, req->name, sizeof(req->name) - 1);
767 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
768 &l2cap_pi(session->ctrl_sock->sk)->chan->src);
770 /* NOTE: Some device modules depend on the dst address being stored in
771 * uniq. Please be aware of this before making changes to this behavior.
773 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
774 &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
776 hid->dev.parent = &session->conn->hcon->dev;
777 hid->ll_driver = &hidp_hid_driver;
779 /* True if device is blacklisted in drivers/hid/hid-core.c */
780 if (hid_ignore(hid)) {
781 hid_destroy_device(session->hid);
789 kfree(session->rd_data);
790 session->rd_data = NULL;
795 /* initialize session devices */
796 static int hidp_session_dev_init(struct hidp_session *session,
797 struct hidp_connadd_req *req)
801 if (req->rd_size > 0) {
802 ret = hidp_setup_hid(session, req);
803 if (ret && ret != -ENODEV)
808 ret = hidp_setup_input(session, req);
816 /* destroy session devices */
817 static void hidp_session_dev_destroy(struct hidp_session *session)
820 put_device(&session->hid->dev);
821 else if (session->input)
822 input_put_device(session->input);
824 kfree(session->rd_data);
825 session->rd_data = NULL;
828 /* add HID/input devices to their underlying bus systems */
829 static int hidp_session_dev_add(struct hidp_session *session)
833 /* Both HID and input systems drop a ref-count when unregistering the
834 * device but they don't take a ref-count when registering them. Work
835 * around this by explicitly taking a refcount during registration
836 * which is dropped automatically by unregistering the devices. */
839 ret = hid_add_device(session->hid);
842 get_device(&session->hid->dev);
843 } else if (session->input) {
844 ret = input_register_device(session->input);
847 input_get_device(session->input);
853 /* remove HID/input devices from their bus systems */
854 static void hidp_session_dev_del(struct hidp_session *session)
857 hid_destroy_device(session->hid);
858 else if (session->input)
859 input_unregister_device(session->input);
863 * Asynchronous device registration
864 * HID device drivers might want to perform I/O during initialization to
865 * detect device types. Therefore, call device registration in a separate
866 * worker so the HIDP thread can schedule I/O operations.
867 * Note that this must be called after the worker thread was initialized
868 * successfully. This will then add the devices and increase session state
869 * on success, otherwise it will terminate the session thread.
871 static void hidp_session_dev_work(struct work_struct *work)
873 struct hidp_session *session = container_of(work,
878 ret = hidp_session_dev_add(session);
880 atomic_inc(&session->state);
882 hidp_session_terminate(session);
886 * Create new session object
887 * Allocate session object, initialize static fields, copy input data into the
888 * object and take a reference to all sub-objects.
889 * This returns 0 on success and puts a pointer to the new session object in
890 * \out. Otherwise, an error code is returned.
891 * The new session object has an initial ref-count of 1.
893 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
894 struct socket *ctrl_sock,
895 struct socket *intr_sock,
896 struct hidp_connadd_req *req,
897 struct l2cap_conn *conn)
899 struct hidp_session *session;
901 struct bt_sock *ctrl, *intr;
903 ctrl = bt_sk(ctrl_sock->sk);
904 intr = bt_sk(intr_sock->sk);
906 session = kzalloc(sizeof(*session), GFP_KERNEL);
910 /* object and runtime management */
911 kref_init(&session->ref);
912 atomic_set(&session->state, HIDP_SESSION_IDLING);
913 init_waitqueue_head(&session->state_queue);
914 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
916 /* connection management */
917 bacpy(&session->bdaddr, bdaddr);
918 session->conn = l2cap_conn_get(conn);
919 session->user.probe = hidp_session_probe;
920 session->user.remove = hidp_session_remove;
921 session->ctrl_sock = ctrl_sock;
922 session->intr_sock = intr_sock;
923 skb_queue_head_init(&session->ctrl_transmit);
924 skb_queue_head_init(&session->intr_transmit);
925 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
926 l2cap_pi(ctrl)->chan->imtu);
927 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
928 l2cap_pi(intr)->chan->imtu);
929 session->idle_to = req->idle_to;
931 /* device management */
932 INIT_WORK(&session->dev_init, hidp_session_dev_work);
933 setup_timer(&session->timer, hidp_idle_timeout,
934 (unsigned long)session);
937 mutex_init(&session->report_mutex);
938 init_waitqueue_head(&session->report_queue);
940 ret = hidp_session_dev_init(session, req);
944 get_file(session->intr_sock->file);
945 get_file(session->ctrl_sock->file);
950 l2cap_conn_put(session->conn);
955 /* increase ref-count of the given session by one */
956 static void hidp_session_get(struct hidp_session *session)
958 kref_get(&session->ref);
961 /* release callback */
962 static void session_free(struct kref *ref)
964 struct hidp_session *session = container_of(ref, struct hidp_session,
967 hidp_session_dev_destroy(session);
968 skb_queue_purge(&session->ctrl_transmit);
969 skb_queue_purge(&session->intr_transmit);
970 fput(session->intr_sock->file);
971 fput(session->ctrl_sock->file);
972 l2cap_conn_put(session->conn);
976 /* decrease ref-count of the given session by one */
977 static void hidp_session_put(struct hidp_session *session)
979 kref_put(&session->ref, session_free);
983 * Search the list of active sessions for a session with target address
984 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
985 * you do not release this lock, the session objects cannot vanish and you can
986 * safely take a reference to the session yourself.
988 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
990 struct hidp_session *session;
992 list_for_each_entry(session, &hidp_session_list, list) {
993 if (!bacmp(bdaddr, &session->bdaddr))
1001 * Same as __hidp_session_find() but no locks must be held. This also takes a
1002 * reference of the returned session (if non-NULL) so you must drop this
1003 * reference if you no longer use the object.
1005 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1007 struct hidp_session *session;
1009 down_read(&hidp_session_sem);
1011 session = __hidp_session_find(bdaddr);
1013 hidp_session_get(session);
1015 up_read(&hidp_session_sem);
1021 * Start session synchronously
1022 * This starts a session thread and waits until initialization
1023 * is done or returns an error if it couldn't be started.
1024 * If this returns 0 the session thread is up and running. You must call
1025 * hipd_session_stop_sync() before deleting any runtime resources.
1027 static int hidp_session_start_sync(struct hidp_session *session)
1029 unsigned int vendor, product;
1032 vendor = session->hid->vendor;
1033 product = session->hid->product;
1034 } else if (session->input) {
1035 vendor = session->input->id.vendor;
1036 product = session->input->id.product;
1042 session->task = kthread_run(hidp_session_thread, session,
1043 "khidpd_%04x%04x", vendor, product);
1044 if (IS_ERR(session->task))
1045 return PTR_ERR(session->task);
1047 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1048 wait_event(session->state_queue,
1049 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1055 * Terminate session thread
1056 * Wake up session thread and notify it to stop. This is asynchronous and
1057 * returns immediately. Call this whenever a runtime error occurs and you want
1058 * the session to stop.
1059 * Note: wake_up_process() performs any necessary memory-barriers for us.
1061 static void hidp_session_terminate(struct hidp_session *session)
1063 atomic_inc(&session->terminate);
1064 wake_up_process(session->task);
1068 * Probe HIDP session
1069 * This is called from the l2cap_conn core when our l2cap_user object is bound
1070 * to the hci-connection. We get the session via the \user object and can now
1071 * start the session thread, link it into the global session list and
1072 * schedule HID/input device registration.
1073 * The global session-list owns its own reference to the session object so you
1074 * can drop your own reference after registering the l2cap_user object.
1076 static int hidp_session_probe(struct l2cap_conn *conn,
1077 struct l2cap_user *user)
1079 struct hidp_session *session = container_of(user,
1080 struct hidp_session,
1082 struct hidp_session *s;
1085 down_write(&hidp_session_sem);
1087 /* check that no other session for this device exists */
1088 s = __hidp_session_find(&session->bdaddr);
1094 if (session->input) {
1095 ret = hidp_session_dev_add(session);
1100 ret = hidp_session_start_sync(session);
1104 /* HID device registration is async to allow I/O during probe */
1106 atomic_inc(&session->state);
1108 schedule_work(&session->dev_init);
1110 hidp_session_get(session);
1111 list_add(&session->list, &hidp_session_list);
1117 hidp_session_dev_del(session);
1119 up_write(&hidp_session_sem);
1124 * Remove HIDP session
1125 * Called from the l2cap_conn core when either we explicitly unregistered
1126 * the l2cap_user object or if the underlying connection is shut down.
1127 * We signal the hidp-session thread to shut down, unregister the HID/input
1128 * devices and unlink the session from the global list.
1129 * This drops the reference to the session that is owned by the global
1131 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1132 * This is, because the session-thread might be waiting for an HCI lock that is
1133 * held while we are called. Therefore, we only unregister the devices and
1134 * notify the session-thread to terminate. The thread itself owns a reference
1135 * to the session object so it can safely shut down.
1137 static void hidp_session_remove(struct l2cap_conn *conn,
1138 struct l2cap_user *user)
1140 struct hidp_session *session = container_of(user,
1141 struct hidp_session,
1144 down_write(&hidp_session_sem);
1146 hidp_session_terminate(session);
1148 cancel_work_sync(&session->dev_init);
1149 if (session->input ||
1150 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1151 hidp_session_dev_del(session);
1153 list_del(&session->list);
1155 up_write(&hidp_session_sem);
1157 hidp_session_put(session);
1162 * This performs the actual main-loop of the HIDP worker. We first check
1163 * whether the underlying connection is still alive, then parse all pending
1164 * messages and finally send all outstanding messages.
1166 static void hidp_session_run(struct hidp_session *session)
1168 struct sock *ctrl_sk = session->ctrl_sock->sk;
1169 struct sock *intr_sk = session->intr_sock->sk;
1170 struct sk_buff *skb;
1174 * This thread can be woken up two ways:
1175 * - You call hidp_session_terminate() which sets the
1176 * session->terminate flag and wakes this thread up.
1177 * - Via modifying the socket state of ctrl/intr_sock. This
1178 * thread is woken up by ->sk_state_changed().
1180 * Note: set_current_state() performs any necessary
1181 * memory-barriers for us.
1183 set_current_state(TASK_INTERRUPTIBLE);
1185 if (atomic_read(&session->terminate))
1188 if (ctrl_sk->sk_state != BT_CONNECTED ||
1189 intr_sk->sk_state != BT_CONNECTED)
1192 /* parse incoming intr-skbs */
1193 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1195 if (!skb_linearize(skb))
1196 hidp_recv_intr_frame(session, skb);
1201 /* send pending intr-skbs */
1202 hidp_process_transmit(session, &session->intr_transmit,
1203 session->intr_sock);
1205 /* parse incoming ctrl-skbs */
1206 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1208 if (!skb_linearize(skb))
1209 hidp_recv_ctrl_frame(session, skb);
1214 /* send pending ctrl-skbs */
1215 hidp_process_transmit(session, &session->ctrl_transmit,
1216 session->ctrl_sock);
1221 atomic_inc(&session->terminate);
1222 set_current_state(TASK_RUNNING);
1226 * HIDP session thread
1227 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1228 * which allows us to take references to ourself here instead of doing that in
1230 * When we are ready to run we notify the caller and call hidp_session_run().
1232 static int hidp_session_thread(void *arg)
1234 struct hidp_session *session = arg;
1235 wait_queue_t ctrl_wait, intr_wait;
1237 BT_DBG("session %p", session);
1239 /* initialize runtime environment */
1240 hidp_session_get(session);
1241 __module_get(THIS_MODULE);
1242 set_user_nice(current, -15);
1243 hidp_set_timer(session);
1245 init_waitqueue_entry(&ctrl_wait, current);
1246 init_waitqueue_entry(&intr_wait, current);
1247 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1248 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1249 /* This memory barrier is paired with wq_has_sleeper(). See
1250 * sock_poll_wait() for more information why this is needed. */
1253 /* notify synchronous startup that we're ready */
1254 atomic_inc(&session->state);
1255 wake_up(&session->state_queue);
1258 hidp_session_run(session);
1260 /* cleanup runtime environment */
1261 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1262 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1263 wake_up_interruptible(&session->report_queue);
1264 hidp_del_timer(session);
1267 * If we stopped ourself due to any internal signal, we should try to
1268 * unregister our own session here to avoid having it linger until the
1269 * parent l2cap_conn dies or user-space cleans it up.
1270 * This does not deadlock as we don't do any synchronous shutdown.
1271 * Instead, this call has the same semantics as if user-space tried to
1272 * delete the session.
1274 l2cap_unregister_user(session->conn, &session->user);
1275 hidp_session_put(session);
1277 module_put_and_exit(0);
1281 static int hidp_verify_sockets(struct socket *ctrl_sock,
1282 struct socket *intr_sock)
1284 struct l2cap_chan *ctrl_chan, *intr_chan;
1285 struct bt_sock *ctrl, *intr;
1286 struct hidp_session *session;
1288 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1291 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1292 intr_chan = l2cap_pi(intr_sock->sk)->chan;
1294 if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1295 bacmp(&ctrl_chan->dst, &intr_chan->dst))
1298 ctrl = bt_sk(ctrl_sock->sk);
1299 intr = bt_sk(intr_sock->sk);
1301 if (ctrl->sk.sk_state != BT_CONNECTED ||
1302 intr->sk.sk_state != BT_CONNECTED)
1305 /* early session check, we check again during session registration */
1306 session = hidp_session_find(&ctrl_chan->dst);
1308 hidp_session_put(session);
1315 int hidp_connection_add(struct hidp_connadd_req *req,
1316 struct socket *ctrl_sock,
1317 struct socket *intr_sock)
1319 struct hidp_session *session;
1320 struct l2cap_conn *conn;
1321 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1324 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1329 l2cap_chan_lock(chan);
1331 conn = l2cap_conn_get(chan->conn);
1332 l2cap_chan_unlock(chan);
1337 ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1338 intr_sock, req, conn);
1342 ret = l2cap_register_user(conn, &session->user);
1349 hidp_session_put(session);
1351 l2cap_conn_put(conn);
1355 int hidp_connection_del(struct hidp_conndel_req *req)
1357 struct hidp_session *session;
1359 session = hidp_session_find(&req->bdaddr);
1363 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1364 hidp_send_ctrl_message(session,
1365 HIDP_TRANS_HID_CONTROL |
1366 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1369 l2cap_unregister_user(session->conn, &session->user);
1371 hidp_session_put(session);
1376 int hidp_get_connlist(struct hidp_connlist_req *req)
1378 struct hidp_session *session;
1383 down_read(&hidp_session_sem);
1385 list_for_each_entry(session, &hidp_session_list, list) {
1386 struct hidp_conninfo ci;
1388 hidp_copy_session(session, &ci);
1390 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1395 if (++n >= req->cnum)
1402 up_read(&hidp_session_sem);
1406 int hidp_get_conninfo(struct hidp_conninfo *ci)
1408 struct hidp_session *session;
1410 session = hidp_session_find(&ci->bdaddr);
1412 hidp_copy_session(session, ci);
1413 hidp_session_put(session);
1416 return session ? 0 : -ENOENT;
1419 static int __init hidp_init(void)
1421 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1423 return hidp_init_sockets();
1426 static void __exit hidp_exit(void)
1428 hidp_cleanup_sockets();
1431 module_init(hidp_init);
1432 module_exit(hidp_exit);
1434 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1435 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1436 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1437 MODULE_VERSION(VERSION);
1438 MODULE_LICENSE("GPL");
1439 MODULE_ALIAS("bt-proto-6");
projects / firefly-linux-kernel-4.4.55.git / blob