2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/module.h>
24 #include <linux/file.h>
25 #include <linux/kthread.h>
26 #include <linux/hidraw.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
36 static DECLARE_RWSEM(hidp_session_sem);
37 static LIST_HEAD(hidp_session_list);
39 static unsigned char hidp_keycode[256] = {
40 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
60 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
62 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
64 struct hidp_session *session;
68 list_for_each_entry(session, &hidp_session_list, list) {
69 if (!bacmp(bdaddr, &session->bdaddr))
76 static void __hidp_link_session(struct hidp_session *session)
78 list_add(&session->list, &hidp_session_list);
81 static void __hidp_unlink_session(struct hidp_session *session)
83 hci_conn_put_device(session->conn);
85 list_del(&session->list);
88 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
90 memset(ci, 0, sizeof(*ci));
91 bacpy(&ci->bdaddr, &session->bdaddr);
93 ci->flags = session->flags;
94 ci->state = session->state;
100 if (session->input) {
101 ci->vendor = session->input->id.vendor;
102 ci->product = session->input->id.product;
103 ci->version = session->input->id.version;
104 if (session->input->name)
105 strncpy(ci->name, session->input->name, 128);
107 strncpy(ci->name, "HID Boot Device", 128);
111 ci->vendor = session->hid->vendor;
112 ci->product = session->hid->product;
113 ci->version = session->hid->version;
114 strncpy(ci->name, session->hid->name, 128);
118 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
119 unsigned int type, unsigned int code, int value)
121 unsigned char newleds;
124 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
129 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132 (!!test_bit(LED_CAPSL, dev->led) << 1) |
133 (!!test_bit(LED_NUML, dev->led));
135 if (session->leds == newleds)
138 session->leds = newleds;
140 skb = alloc_skb(3, GFP_ATOMIC);
142 BT_ERR("Can't allocate memory for new frame");
146 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
147 *skb_put(skb, 1) = 0x01;
148 *skb_put(skb, 1) = newleds;
150 skb_queue_tail(&session->intr_transmit, skb);
152 hidp_schedule(session);
157 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
159 struct hid_device *hid = input_get_drvdata(dev);
160 struct hidp_session *session = hid->driver_data;
162 return hidp_queue_event(session, dev, type, code, value);
165 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
167 struct hidp_session *session = input_get_drvdata(dev);
169 return hidp_queue_event(session, dev, type, code, value);
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
174 struct input_dev *dev = session->input;
175 unsigned char *keys = session->keys;
176 unsigned char *udata = skb->data + 1;
177 signed char *sdata = skb->data + 1;
178 int i, size = skb->len - 1;
180 switch (skb->data[0]) {
181 case 0x01: /* Keyboard report */
182 for (i = 0; i < 8; i++)
183 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
185 /* If all the key codes have been set to 0x01, it means
186 * too many keys were pressed at the same time. */
187 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
190 for (i = 2; i < 8; i++) {
191 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192 if (hidp_keycode[keys[i]])
193 input_report_key(dev, hidp_keycode[keys[i]], 0);
195 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
198 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199 if (hidp_keycode[udata[i]])
200 input_report_key(dev, hidp_keycode[udata[i]], 1);
202 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
206 memcpy(keys, udata, 8);
209 case 0x02: /* Mouse report */
210 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
211 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
212 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
214 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
216 input_report_rel(dev, REL_X, sdata[1]);
217 input_report_rel(dev, REL_Y, sdata[2]);
220 input_report_rel(dev, REL_WHEEL, sdata[3]);
227 static int __hidp_send_ctrl_message(struct hidp_session *session,
228 unsigned char hdr, unsigned char *data,
233 BT_DBG("session %p data %p size %d", session, data, size);
235 if (atomic_read(&session->terminate))
238 skb = alloc_skb(size + 1, GFP_ATOMIC);
240 BT_ERR("Can't allocate memory for new frame");
244 *skb_put(skb, 1) = hdr;
245 if (data && size > 0)
246 memcpy(skb_put(skb, size), data, size);
248 skb_queue_tail(&session->ctrl_transmit, skb);
253 static int hidp_send_ctrl_message(struct hidp_session *session,
254 unsigned char hdr, unsigned char *data, int size)
258 err = __hidp_send_ctrl_message(session, hdr, data, size);
260 hidp_schedule(session);
265 static int hidp_queue_report(struct hidp_session *session,
266 unsigned char *data, int size)
270 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
272 skb = alloc_skb(size + 1, GFP_ATOMIC);
274 BT_ERR("Can't allocate memory for new frame");
278 *skb_put(skb, 1) = 0xa2;
280 memcpy(skb_put(skb, size), data, size);
282 skb_queue_tail(&session->intr_transmit, skb);
284 hidp_schedule(session);
289 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
291 unsigned char buf[32];
294 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
295 if (rsize > sizeof(buf))
298 hid_output_report(report, buf);
300 return hidp_queue_report(session, buf, rsize);
303 static int hidp_get_raw_report(struct hid_device *hid,
304 unsigned char report_number,
305 unsigned char *data, size_t count,
306 unsigned char report_type)
308 struct hidp_session *session = hid->driver_data;
311 int numbered_reports = hid->report_enum[report_type].numbered;
314 if (atomic_read(&session->terminate))
317 switch (report_type) {
318 case HID_FEATURE_REPORT:
319 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
321 case HID_INPUT_REPORT:
322 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
324 case HID_OUTPUT_REPORT:
325 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
331 if (mutex_lock_interruptible(&session->report_mutex))
334 /* Set up our wait, and send the report request to the device. */
335 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
336 session->waiting_report_number = numbered_reports ? report_number : -1;
337 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
338 data[0] = report_number;
339 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
343 /* Wait for the return of the report. The returned report
344 gets put in session->report_return. */
345 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
348 res = wait_event_interruptible_timeout(session->report_queue,
349 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
363 skb = session->report_return;
365 len = skb->len < count ? skb->len : count;
366 memcpy(data, skb->data, len);
369 session->report_return = NULL;
371 /* Device returned a HANDSHAKE, indicating protocol error. */
375 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
376 mutex_unlock(&session->report_mutex);
381 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
382 mutex_unlock(&session->report_mutex);
386 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
387 unsigned char report_type)
389 struct hidp_session *session = hid->driver_data;
392 switch (report_type) {
393 case HID_FEATURE_REPORT:
394 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
396 case HID_OUTPUT_REPORT:
397 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
403 if (mutex_lock_interruptible(&session->report_mutex))
406 /* Set up our wait, and send the report request to the device. */
407 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
408 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
413 /* Wait for the ACK from the device. */
414 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
417 res = wait_event_interruptible_timeout(session->report_queue,
418 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
432 if (!session->output_report_success) {
440 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
441 mutex_unlock(&session->report_mutex);
445 static void hidp_idle_timeout(unsigned long arg)
447 struct hidp_session *session = (struct hidp_session *) arg;
449 atomic_inc(&session->terminate);
450 wake_up_process(session->task);
453 static void hidp_set_timer(struct hidp_session *session)
455 if (session->idle_to > 0)
456 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
459 static void hidp_del_timer(struct hidp_session *session)
461 if (session->idle_to > 0)
462 del_timer(&session->timer);
465 static void hidp_process_handshake(struct hidp_session *session,
468 BT_DBG("session %p param 0x%02x", session, param);
469 session->output_report_success = 0; /* default condition */
472 case HIDP_HSHK_SUCCESSFUL:
473 /* FIXME: Call into SET_ GET_ handlers here */
474 session->output_report_success = 1;
477 case HIDP_HSHK_NOT_READY:
478 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
479 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
480 case HIDP_HSHK_ERR_INVALID_PARAMETER:
481 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
482 wake_up_interruptible(&session->report_queue);
484 /* FIXME: Call into SET_ GET_ handlers here */
487 case HIDP_HSHK_ERR_UNKNOWN:
490 case HIDP_HSHK_ERR_FATAL:
491 /* Device requests a reboot, as this is the only way this error
492 * can be recovered. */
493 __hidp_send_ctrl_message(session,
494 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
498 __hidp_send_ctrl_message(session,
499 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
503 /* Wake up the waiting thread. */
504 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
505 wake_up_interruptible(&session->report_queue);
508 static void hidp_process_hid_control(struct hidp_session *session,
511 BT_DBG("session %p param 0x%02x", session, param);
513 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
514 /* Flush the transmit queues */
515 skb_queue_purge(&session->ctrl_transmit);
516 skb_queue_purge(&session->intr_transmit);
518 atomic_inc(&session->terminate);
519 wake_up_process(current);
523 /* Returns true if the passed-in skb should be freed by the caller. */
524 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
527 int done_with_skb = 1;
528 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
531 case HIDP_DATA_RTYPE_INPUT:
532 hidp_set_timer(session);
535 hidp_input_report(session, skb);
538 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
541 case HIDP_DATA_RTYPE_OTHER:
542 case HIDP_DATA_RTYPE_OUPUT:
543 case HIDP_DATA_RTYPE_FEATURE:
547 __hidp_send_ctrl_message(session,
548 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
551 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
552 param == session->waiting_report_type) {
553 if (session->waiting_report_number < 0 ||
554 session->waiting_report_number == skb->data[0]) {
555 /* hidp_get_raw_report() is waiting on this report. */
556 session->report_return = skb;
558 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
559 wake_up_interruptible(&session->report_queue);
563 return done_with_skb;
566 static void hidp_recv_ctrl_frame(struct hidp_session *session,
569 unsigned char hdr, type, param;
572 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
577 type = hdr & HIDP_HEADER_TRANS_MASK;
578 param = hdr & HIDP_HEADER_PARAM_MASK;
581 case HIDP_TRANS_HANDSHAKE:
582 hidp_process_handshake(session, param);
585 case HIDP_TRANS_HID_CONTROL:
586 hidp_process_hid_control(session, param);
589 case HIDP_TRANS_DATA:
590 free_skb = hidp_process_data(session, skb, param);
594 __hidp_send_ctrl_message(session,
595 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
603 static void hidp_recv_intr_frame(struct hidp_session *session,
608 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
613 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
614 hidp_set_timer(session);
617 hidp_input_report(session, skb);
620 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
621 BT_DBG("report len %d", skb->len);
624 BT_DBG("Unsupported protocol header 0x%02x", hdr);
630 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
632 struct kvec iv = { data, len };
635 BT_DBG("sock %p data %p len %d", sock, data, len);
640 memset(&msg, 0, sizeof(msg));
642 return kernel_sendmsg(sock, &msg, &iv, 1, len);
645 static void hidp_process_intr_transmit(struct hidp_session *session)
649 BT_DBG("session %p", session);
651 while ((skb = skb_dequeue(&session->intr_transmit))) {
652 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
653 skb_queue_head(&session->intr_transmit, skb);
657 hidp_set_timer(session);
662 static void hidp_process_ctrl_transmit(struct hidp_session *session)
666 BT_DBG("session %p", session);
668 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
669 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
670 skb_queue_head(&session->ctrl_transmit, skb);
674 hidp_set_timer(session);
679 static int hidp_session(void *arg)
681 struct hidp_session *session = arg;
682 struct sock *ctrl_sk = session->ctrl_sock->sk;
683 struct sock *intr_sk = session->intr_sock->sk;
685 wait_queue_t ctrl_wait, intr_wait;
687 BT_DBG("session %p", session);
689 __module_get(THIS_MODULE);
690 set_user_nice(current, -15);
692 init_waitqueue_entry(&ctrl_wait, current);
693 init_waitqueue_entry(&intr_wait, current);
694 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
695 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
696 session->waiting_for_startup = 0;
697 wake_up_interruptible(&session->startup_queue);
698 set_current_state(TASK_INTERRUPTIBLE);
699 while (!atomic_read(&session->terminate)) {
700 if (ctrl_sk->sk_state != BT_CONNECTED ||
701 intr_sk->sk_state != BT_CONNECTED)
704 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
706 if (!skb_linearize(skb))
707 hidp_recv_intr_frame(session, skb);
712 hidp_process_intr_transmit(session);
714 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
716 if (!skb_linearize(skb))
717 hidp_recv_ctrl_frame(session, skb);
722 hidp_process_ctrl_transmit(session);
725 set_current_state(TASK_INTERRUPTIBLE);
727 set_current_state(TASK_RUNNING);
728 atomic_inc(&session->terminate);
729 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
730 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
732 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
733 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
734 wake_up_interruptible(&session->report_queue);
736 down_write(&hidp_session_sem);
738 hidp_del_timer(session);
740 if (session->input) {
741 input_unregister_device(session->input);
742 session->input = NULL;
746 hid_destroy_device(session->hid);
750 /* Wakeup user-space polling for socket errors */
751 session->intr_sock->sk->sk_err = EUNATCH;
752 session->ctrl_sock->sk->sk_err = EUNATCH;
754 hidp_schedule(session);
756 fput(session->intr_sock->file);
758 wait_event_timeout(*(sk_sleep(ctrl_sk)),
759 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
761 fput(session->ctrl_sock->file);
763 __hidp_unlink_session(session);
765 up_write(&hidp_session_sem);
767 kfree(session->rd_data);
769 module_put_and_exit(0);
773 static struct hci_conn *hidp_get_connection(struct hidp_session *session)
775 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
776 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
777 struct hci_conn *conn;
778 struct hci_dev *hdev;
780 hdev = hci_get_route(dst, src);
785 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
787 hci_conn_hold_device(conn);
788 hci_dev_unlock(hdev);
795 static int hidp_setup_input(struct hidp_session *session,
796 struct hidp_connadd_req *req)
798 struct input_dev *input;
801 input = input_allocate_device();
805 session->input = input;
807 input_set_drvdata(input, session);
809 input->name = "Bluetooth HID Boot Protocol Device";
811 input->id.bustype = BUS_BLUETOOTH;
812 input->id.vendor = req->vendor;
813 input->id.product = req->product;
814 input->id.version = req->version;
816 if (req->subclass & 0x40) {
817 set_bit(EV_KEY, input->evbit);
818 set_bit(EV_LED, input->evbit);
819 set_bit(EV_REP, input->evbit);
821 set_bit(LED_NUML, input->ledbit);
822 set_bit(LED_CAPSL, input->ledbit);
823 set_bit(LED_SCROLLL, input->ledbit);
824 set_bit(LED_COMPOSE, input->ledbit);
825 set_bit(LED_KANA, input->ledbit);
827 for (i = 0; i < sizeof(hidp_keycode); i++)
828 set_bit(hidp_keycode[i], input->keybit);
829 clear_bit(0, input->keybit);
832 if (req->subclass & 0x80) {
833 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
834 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
835 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
836 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
837 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
839 input->relbit[0] |= BIT_MASK(REL_WHEEL);
842 input->dev.parent = &session->conn->dev;
844 input->event = hidp_input_event;
849 static int hidp_open(struct hid_device *hid)
854 static void hidp_close(struct hid_device *hid)
858 static int hidp_parse(struct hid_device *hid)
860 struct hidp_session *session = hid->driver_data;
862 return hid_parse_report(session->hid, session->rd_data,
866 static int hidp_start(struct hid_device *hid)
868 struct hidp_session *session = hid->driver_data;
869 struct hid_report *report;
871 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
874 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
876 hidp_send_report(session, report);
878 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
880 hidp_send_report(session, report);
885 static void hidp_stop(struct hid_device *hid)
887 struct hidp_session *session = hid->driver_data;
889 skb_queue_purge(&session->ctrl_transmit);
890 skb_queue_purge(&session->intr_transmit);
895 static struct hid_ll_driver hidp_hid_driver = {
901 .hidinput_input_event = hidp_hidinput_event,
904 /* This function sets up the hid device. It does not add it
905 to the HID system. That is done in hidp_add_connection(). */
906 static int hidp_setup_hid(struct hidp_session *session,
907 struct hidp_connadd_req *req)
909 struct hid_device *hid;
912 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
913 if (!session->rd_data)
916 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
920 session->rd_size = req->rd_size;
922 hid = hid_allocate_device();
930 hid->driver_data = session;
932 hid->bus = BUS_BLUETOOTH;
933 hid->vendor = req->vendor;
934 hid->product = req->product;
935 hid->version = req->version;
936 hid->country = req->country;
938 strncpy(hid->name, req->name, sizeof(req->name) - 1);
940 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
941 &bt_sk(session->ctrl_sock->sk)->src);
943 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
944 &bt_sk(session->ctrl_sock->sk)->dst);
946 hid->dev.parent = &session->conn->dev;
947 hid->ll_driver = &hidp_hid_driver;
949 hid->hid_get_raw_report = hidp_get_raw_report;
950 hid->hid_output_raw_report = hidp_output_raw_report;
952 /* True if device is blacklisted in drivers/hid/hid-core.c */
953 if (hid_ignore(hid)) {
954 hid_destroy_device(session->hid);
962 kfree(session->rd_data);
963 session->rd_data = NULL;
968 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
970 struct hidp_session *session, *s;
976 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
977 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
980 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
982 down_write(&hidp_session_sem);
984 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
985 if (s && s->state == BT_CONNECTED) {
986 up_write(&hidp_session_sem);
990 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
992 up_write(&hidp_session_sem);
996 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
998 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
999 l2cap_pi(ctrl_sock->sk)->chan->imtu);
1000 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
1001 l2cap_pi(intr_sock->sk)->chan->imtu);
1003 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1005 session->ctrl_sock = ctrl_sock;
1006 session->intr_sock = intr_sock;
1007 session->state = BT_CONNECTED;
1009 session->conn = hidp_get_connection(session);
1010 if (!session->conn) {
1015 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1017 skb_queue_head_init(&session->ctrl_transmit);
1018 skb_queue_head_init(&session->intr_transmit);
1020 mutex_init(&session->report_mutex);
1021 init_waitqueue_head(&session->report_queue);
1022 init_waitqueue_head(&session->startup_queue);
1023 session->waiting_for_startup = 1;
1024 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1025 session->idle_to = req->idle_to;
1027 __hidp_link_session(session);
1029 if (req->rd_size > 0) {
1030 err = hidp_setup_hid(session, req);
1031 if (err && err != -ENODEV)
1035 if (!session->hid) {
1036 err = hidp_setup_input(session, req);
1041 hidp_set_timer(session);
1044 vendor = session->hid->vendor;
1045 product = session->hid->product;
1046 } else if (session->input) {
1047 vendor = session->input->id.vendor;
1048 product = session->input->id.product;
1054 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1056 if (IS_ERR(session->task)) {
1057 err = PTR_ERR(session->task);
1061 while (session->waiting_for_startup) {
1062 wait_event_interruptible(session->startup_queue,
1063 !session->waiting_for_startup);
1067 err = hid_add_device(session->hid);
1069 err = input_register_device(session->input);
1072 atomic_inc(&session->terminate);
1073 wake_up_process(session->task);
1074 up_write(&hidp_session_sem);
1078 if (session->input) {
1079 hidp_send_ctrl_message(session,
1080 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1081 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1083 session->leds = 0xff;
1084 hidp_input_event(session->input, EV_LED, 0, 0);
1087 up_write(&hidp_session_sem);
1091 hidp_del_timer(session);
1093 if (session->input) {
1094 input_unregister_device(session->input);
1095 session->input = NULL;
1099 hid_destroy_device(session->hid);
1100 session->hid = NULL;
1103 kfree(session->rd_data);
1104 session->rd_data = NULL;
1107 __hidp_unlink_session(session);
1109 skb_queue_purge(&session->ctrl_transmit);
1110 skb_queue_purge(&session->intr_transmit);
1113 up_write(&hidp_session_sem);
1119 int hidp_del_connection(struct hidp_conndel_req *req)
1121 struct hidp_session *session;
1126 down_read(&hidp_session_sem);
1128 session = __hidp_get_session(&req->bdaddr);
1130 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1131 hidp_send_ctrl_message(session,
1132 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1134 /* Flush the transmit queues */
1135 skb_queue_purge(&session->ctrl_transmit);
1136 skb_queue_purge(&session->intr_transmit);
1138 atomic_inc(&session->terminate);
1139 wake_up_process(session->task);
1144 up_read(&hidp_session_sem);
1148 int hidp_get_connlist(struct hidp_connlist_req *req)
1150 struct hidp_session *session;
1155 down_read(&hidp_session_sem);
1157 list_for_each_entry(session, &hidp_session_list, list) {
1158 struct hidp_conninfo ci;
1160 __hidp_copy_session(session, &ci);
1162 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1167 if (++n >= req->cnum)
1174 up_read(&hidp_session_sem);
1178 int hidp_get_conninfo(struct hidp_conninfo *ci)
1180 struct hidp_session *session;
1183 down_read(&hidp_session_sem);
1185 session = __hidp_get_session(&ci->bdaddr);
1187 __hidp_copy_session(session, ci);
1191 up_read(&hidp_session_sem);
1195 static int __init hidp_init(void)
1197 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1199 return hidp_init_sockets();
1202 static void __exit hidp_exit(void)
1204 hidp_cleanup_sockets();
1207 module_init(hidp_init);
1208 module_exit(hidp_exit);
1210 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1211 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1212 MODULE_VERSION(VERSION);
1213 MODULE_LICENSE("GPL");
1214 MODULE_ALIAS("bt-proto-6");