2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/module.h>
24 #include <linux/file.h>
25 #include <linux/kthread.h>
26 #include <linux/hidraw.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
36 static DECLARE_RWSEM(hidp_session_sem);
37 static LIST_HEAD(hidp_session_list);
39 static unsigned char hidp_keycode[256] = {
40 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
60 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
62 static inline void hidp_schedule(struct hidp_session *session)
64 struct sock *ctrl_sk = session->ctrl_sock->sk;
65 struct sock *intr_sk = session->intr_sock->sk;
67 wake_up_interruptible(sk_sleep(ctrl_sk));
68 wake_up_interruptible(sk_sleep(intr_sk));
71 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
73 struct hidp_session *session;
77 list_for_each_entry(session, &hidp_session_list, list) {
78 if (!bacmp(bdaddr, &session->bdaddr))
85 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
87 memset(ci, 0, sizeof(*ci));
88 bacpy(&ci->bdaddr, &session->bdaddr);
90 ci->flags = session->flags;
91 ci->state = BT_CONNECTED;
98 ci->vendor = session->input->id.vendor;
99 ci->product = session->input->id.product;
100 ci->version = session->input->id.version;
101 if (session->input->name)
102 strncpy(ci->name, session->input->name, 128);
104 strncpy(ci->name, "HID Boot Device", 128);
108 ci->vendor = session->hid->vendor;
109 ci->product = session->hid->product;
110 ci->version = session->hid->version;
111 strncpy(ci->name, session->hid->name, 128);
115 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
116 unsigned int type, unsigned int code, int value)
118 unsigned char newleds;
121 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
126 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
127 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
128 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
129 (!!test_bit(LED_CAPSL, dev->led) << 1) |
130 (!!test_bit(LED_NUML, dev->led));
132 if (session->leds == newleds)
135 session->leds = newleds;
137 skb = alloc_skb(3, GFP_ATOMIC);
139 BT_ERR("Can't allocate memory for new frame");
143 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
144 *skb_put(skb, 1) = 0x01;
145 *skb_put(skb, 1) = newleds;
147 skb_queue_tail(&session->intr_transmit, skb);
149 hidp_schedule(session);
154 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
156 struct hid_device *hid = input_get_drvdata(dev);
157 struct hidp_session *session = hid->driver_data;
159 return hidp_queue_event(session, dev, type, code, value);
162 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
164 struct hidp_session *session = input_get_drvdata(dev);
166 return hidp_queue_event(session, dev, type, code, value);
169 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
171 struct input_dev *dev = session->input;
172 unsigned char *keys = session->keys;
173 unsigned char *udata = skb->data + 1;
174 signed char *sdata = skb->data + 1;
175 int i, size = skb->len - 1;
177 switch (skb->data[0]) {
178 case 0x01: /* Keyboard report */
179 for (i = 0; i < 8; i++)
180 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
182 /* If all the key codes have been set to 0x01, it means
183 * too many keys were pressed at the same time. */
184 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
187 for (i = 2; i < 8; i++) {
188 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
189 if (hidp_keycode[keys[i]])
190 input_report_key(dev, hidp_keycode[keys[i]], 0);
192 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
195 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
196 if (hidp_keycode[udata[i]])
197 input_report_key(dev, hidp_keycode[udata[i]], 1);
199 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203 memcpy(keys, udata, 8);
206 case 0x02: /* Mouse report */
207 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
208 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
209 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
210 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
211 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
213 input_report_rel(dev, REL_X, sdata[1]);
214 input_report_rel(dev, REL_Y, sdata[2]);
217 input_report_rel(dev, REL_WHEEL, sdata[3]);
224 static int __hidp_send_ctrl_message(struct hidp_session *session,
225 unsigned char hdr, unsigned char *data,
230 BT_DBG("session %p data %p size %d", session, data, size);
232 if (atomic_read(&session->terminate))
235 skb = alloc_skb(size + 1, GFP_ATOMIC);
237 BT_ERR("Can't allocate memory for new frame");
241 *skb_put(skb, 1) = hdr;
242 if (data && size > 0)
243 memcpy(skb_put(skb, size), data, size);
245 skb_queue_tail(&session->ctrl_transmit, skb);
250 static int hidp_send_ctrl_message(struct hidp_session *session,
251 unsigned char hdr, unsigned char *data, int size)
255 err = __hidp_send_ctrl_message(session, hdr, data, size);
257 hidp_schedule(session);
262 static int hidp_queue_report(struct hidp_session *session,
263 unsigned char *data, int size)
267 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
269 skb = alloc_skb(size + 1, GFP_ATOMIC);
271 BT_ERR("Can't allocate memory for new frame");
275 *skb_put(skb, 1) = 0xa2;
277 memcpy(skb_put(skb, size), data, size);
279 skb_queue_tail(&session->intr_transmit, skb);
281 hidp_schedule(session);
286 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
288 unsigned char buf[32];
291 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
292 if (rsize > sizeof(buf))
295 hid_output_report(report, buf);
297 return hidp_queue_report(session, buf, rsize);
300 static int hidp_get_raw_report(struct hid_device *hid,
301 unsigned char report_number,
302 unsigned char *data, size_t count,
303 unsigned char report_type)
305 struct hidp_session *session = hid->driver_data;
308 int numbered_reports = hid->report_enum[report_type].numbered;
311 if (atomic_read(&session->terminate))
314 switch (report_type) {
315 case HID_FEATURE_REPORT:
316 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
318 case HID_INPUT_REPORT:
319 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
321 case HID_OUTPUT_REPORT:
322 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
328 if (mutex_lock_interruptible(&session->report_mutex))
331 /* Set up our wait, and send the report request to the device. */
332 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
333 session->waiting_report_number = numbered_reports ? report_number : -1;
334 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
335 data[0] = report_number;
336 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
340 /* Wait for the return of the report. The returned report
341 gets put in session->report_return. */
342 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
343 !atomic_read(&session->terminate)) {
346 res = wait_event_interruptible_timeout(session->report_queue,
347 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
348 || atomic_read(&session->terminate),
362 skb = session->report_return;
364 len = skb->len < count ? skb->len : count;
365 memcpy(data, skb->data, len);
368 session->report_return = NULL;
370 /* Device returned a HANDSHAKE, indicating protocol error. */
374 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
375 mutex_unlock(&session->report_mutex);
380 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
381 mutex_unlock(&session->report_mutex);
385 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
386 unsigned char report_type)
388 struct hidp_session *session = hid->driver_data;
391 switch (report_type) {
392 case HID_FEATURE_REPORT:
393 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
395 case HID_OUTPUT_REPORT:
396 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
402 if (mutex_lock_interruptible(&session->report_mutex))
405 /* Set up our wait, and send the report request to the device. */
406 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
407 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
412 /* Wait for the ACK from the device. */
413 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
414 !atomic_read(&session->terminate)) {
417 res = wait_event_interruptible_timeout(session->report_queue,
418 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
419 || atomic_read(&session->terminate),
433 if (!session->output_report_success) {
441 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
442 mutex_unlock(&session->report_mutex);
446 static void hidp_idle_timeout(unsigned long arg)
448 struct hidp_session *session = (struct hidp_session *) arg;
450 atomic_inc(&session->terminate);
451 wake_up_process(session->task);
454 static void hidp_set_timer(struct hidp_session *session)
456 if (session->idle_to > 0)
457 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
460 static void hidp_del_timer(struct hidp_session *session)
462 if (session->idle_to > 0)
463 del_timer(&session->timer);
466 static void hidp_process_handshake(struct hidp_session *session,
469 BT_DBG("session %p param 0x%02x", session, param);
470 session->output_report_success = 0; /* default condition */
473 case HIDP_HSHK_SUCCESSFUL:
474 /* FIXME: Call into SET_ GET_ handlers here */
475 session->output_report_success = 1;
478 case HIDP_HSHK_NOT_READY:
479 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
480 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
481 case HIDP_HSHK_ERR_INVALID_PARAMETER:
482 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
483 wake_up_interruptible(&session->report_queue);
485 /* FIXME: Call into SET_ GET_ handlers here */
488 case HIDP_HSHK_ERR_UNKNOWN:
491 case HIDP_HSHK_ERR_FATAL:
492 /* Device requests a reboot, as this is the only way this error
493 * can be recovered. */
494 __hidp_send_ctrl_message(session,
495 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
499 __hidp_send_ctrl_message(session,
500 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
504 /* Wake up the waiting thread. */
505 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
506 wake_up_interruptible(&session->report_queue);
509 static void hidp_process_hid_control(struct hidp_session *session,
512 BT_DBG("session %p param 0x%02x", session, param);
514 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
515 /* Flush the transmit queues */
516 skb_queue_purge(&session->ctrl_transmit);
517 skb_queue_purge(&session->intr_transmit);
519 atomic_inc(&session->terminate);
520 wake_up_process(current);
524 /* Returns true if the passed-in skb should be freed by the caller. */
525 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
528 int done_with_skb = 1;
529 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
532 case HIDP_DATA_RTYPE_INPUT:
533 hidp_set_timer(session);
536 hidp_input_report(session, skb);
539 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
542 case HIDP_DATA_RTYPE_OTHER:
543 case HIDP_DATA_RTYPE_OUPUT:
544 case HIDP_DATA_RTYPE_FEATURE:
548 __hidp_send_ctrl_message(session,
549 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
552 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
553 param == session->waiting_report_type) {
554 if (session->waiting_report_number < 0 ||
555 session->waiting_report_number == skb->data[0]) {
556 /* hidp_get_raw_report() is waiting on this report. */
557 session->report_return = skb;
559 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
560 wake_up_interruptible(&session->report_queue);
564 return done_with_skb;
567 static void hidp_recv_ctrl_frame(struct hidp_session *session,
570 unsigned char hdr, type, param;
573 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
578 type = hdr & HIDP_HEADER_TRANS_MASK;
579 param = hdr & HIDP_HEADER_PARAM_MASK;
582 case HIDP_TRANS_HANDSHAKE:
583 hidp_process_handshake(session, param);
586 case HIDP_TRANS_HID_CONTROL:
587 hidp_process_hid_control(session, param);
590 case HIDP_TRANS_DATA:
591 free_skb = hidp_process_data(session, skb, param);
595 __hidp_send_ctrl_message(session,
596 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
604 static void hidp_recv_intr_frame(struct hidp_session *session,
609 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
614 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
615 hidp_set_timer(session);
618 hidp_input_report(session, skb);
621 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
622 BT_DBG("report len %d", skb->len);
625 BT_DBG("Unsupported protocol header 0x%02x", hdr);
631 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
633 struct kvec iv = { data, len };
636 BT_DBG("sock %p data %p len %d", sock, data, len);
641 memset(&msg, 0, sizeof(msg));
643 return kernel_sendmsg(sock, &msg, &iv, 1, len);
646 static void hidp_process_intr_transmit(struct hidp_session *session)
650 BT_DBG("session %p", session);
652 while ((skb = skb_dequeue(&session->intr_transmit))) {
653 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
654 skb_queue_head(&session->intr_transmit, skb);
658 hidp_set_timer(session);
663 static void hidp_process_ctrl_transmit(struct hidp_session *session)
667 BT_DBG("session %p", session);
669 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
670 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
671 skb_queue_head(&session->ctrl_transmit, skb);
675 hidp_set_timer(session);
680 static int hidp_session(void *arg)
682 struct hidp_session *session = arg;
683 struct sock *ctrl_sk = session->ctrl_sock->sk;
684 struct sock *intr_sk = session->intr_sock->sk;
686 wait_queue_t ctrl_wait, intr_wait;
688 BT_DBG("session %p", session);
690 __module_get(THIS_MODULE);
691 set_user_nice(current, -15);
693 init_waitqueue_entry(&ctrl_wait, current);
694 init_waitqueue_entry(&intr_wait, current);
695 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
696 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
697 session->waiting_for_startup = 0;
698 wake_up_interruptible(&session->startup_queue);
699 set_current_state(TASK_INTERRUPTIBLE);
700 while (!atomic_read(&session->terminate)) {
701 if (ctrl_sk->sk_state != BT_CONNECTED ||
702 intr_sk->sk_state != BT_CONNECTED)
705 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
707 if (!skb_linearize(skb))
708 hidp_recv_intr_frame(session, skb);
713 hidp_process_intr_transmit(session);
715 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
717 if (!skb_linearize(skb))
718 hidp_recv_ctrl_frame(session, skb);
723 hidp_process_ctrl_transmit(session);
726 set_current_state(TASK_INTERRUPTIBLE);
728 set_current_state(TASK_RUNNING);
729 atomic_inc(&session->terminate);
730 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
731 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
733 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
734 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
735 wake_up_interruptible(&session->report_queue);
737 down_write(&hidp_session_sem);
739 hidp_del_timer(session);
741 if (session->input) {
742 input_unregister_device(session->input);
743 session->input = NULL;
747 hid_destroy_device(session->hid);
751 /* Wakeup user-space polling for socket errors */
752 session->intr_sock->sk->sk_err = EUNATCH;
753 session->ctrl_sock->sk->sk_err = EUNATCH;
755 hidp_schedule(session);
757 fput(session->intr_sock->file);
759 wait_event_timeout(*(sk_sleep(ctrl_sk)),
760 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
762 fput(session->ctrl_sock->file);
764 list_del(&session->list);
766 up_write(&hidp_session_sem);
768 kfree(session->rd_data);
770 module_put_and_exit(0);
774 static struct hci_conn *hidp_get_connection(struct hidp_session *session)
776 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
777 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
778 struct hci_conn *conn;
779 struct hci_dev *hdev;
781 hdev = hci_get_route(dst, src);
786 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
787 hci_dev_unlock(hdev);
794 static int hidp_setup_input(struct hidp_session *session,
795 struct hidp_connadd_req *req)
797 struct input_dev *input;
800 input = input_allocate_device();
804 session->input = input;
806 input_set_drvdata(input, session);
808 input->name = "Bluetooth HID Boot Protocol Device";
810 input->id.bustype = BUS_BLUETOOTH;
811 input->id.vendor = req->vendor;
812 input->id.product = req->product;
813 input->id.version = req->version;
815 if (req->subclass & 0x40) {
816 set_bit(EV_KEY, input->evbit);
817 set_bit(EV_LED, input->evbit);
818 set_bit(EV_REP, input->evbit);
820 set_bit(LED_NUML, input->ledbit);
821 set_bit(LED_CAPSL, input->ledbit);
822 set_bit(LED_SCROLLL, input->ledbit);
823 set_bit(LED_COMPOSE, input->ledbit);
824 set_bit(LED_KANA, input->ledbit);
826 for (i = 0; i < sizeof(hidp_keycode); i++)
827 set_bit(hidp_keycode[i], input->keybit);
828 clear_bit(0, input->keybit);
831 if (req->subclass & 0x80) {
832 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
833 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
834 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
835 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
836 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
838 input->relbit[0] |= BIT_MASK(REL_WHEEL);
841 input->dev.parent = &session->conn->dev;
843 input->event = hidp_input_event;
848 static int hidp_open(struct hid_device *hid)
853 static void hidp_close(struct hid_device *hid)
857 static int hidp_parse(struct hid_device *hid)
859 struct hidp_session *session = hid->driver_data;
861 return hid_parse_report(session->hid, session->rd_data,
865 static int hidp_start(struct hid_device *hid)
867 struct hidp_session *session = hid->driver_data;
868 struct hid_report *report;
870 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
873 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
875 hidp_send_report(session, report);
877 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
879 hidp_send_report(session, report);
884 static void hidp_stop(struct hid_device *hid)
886 struct hidp_session *session = hid->driver_data;
888 skb_queue_purge(&session->ctrl_transmit);
889 skb_queue_purge(&session->intr_transmit);
894 static struct hid_ll_driver hidp_hid_driver = {
900 .hidinput_input_event = hidp_hidinput_event,
903 /* This function sets up the hid device. It does not add it
904 to the HID system. That is done in hidp_add_connection(). */
905 static int hidp_setup_hid(struct hidp_session *session,
906 struct hidp_connadd_req *req)
908 struct hid_device *hid;
911 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
912 if (!session->rd_data)
915 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
919 session->rd_size = req->rd_size;
921 hid = hid_allocate_device();
929 hid->driver_data = session;
931 hid->bus = BUS_BLUETOOTH;
932 hid->vendor = req->vendor;
933 hid->product = req->product;
934 hid->version = req->version;
935 hid->country = req->country;
937 strncpy(hid->name, req->name, sizeof(req->name) - 1);
939 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
940 &bt_sk(session->ctrl_sock->sk)->src);
942 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
943 &bt_sk(session->ctrl_sock->sk)->dst);
945 hid->dev.parent = &session->conn->dev;
946 hid->ll_driver = &hidp_hid_driver;
948 hid->hid_get_raw_report = hidp_get_raw_report;
949 hid->hid_output_raw_report = hidp_output_raw_report;
951 /* True if device is blacklisted in drivers/hid/hid-core.c */
952 if (hid_ignore(hid)) {
953 hid_destroy_device(session->hid);
961 kfree(session->rd_data);
962 session->rd_data = NULL;
967 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
969 struct hidp_session *session, *s;
975 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
977 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
978 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
981 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
983 down_write(&hidp_session_sem);
985 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
987 up_write(&hidp_session_sem);
991 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
993 up_write(&hidp_session_sem);
997 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
999 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
1000 l2cap_pi(ctrl_sock->sk)->chan->imtu);
1001 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
1002 l2cap_pi(intr_sock->sk)->chan->imtu);
1004 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1006 session->ctrl_sock = ctrl_sock;
1007 session->intr_sock = intr_sock;
1009 session->conn = hidp_get_connection(session);
1010 if (!session->conn) {
1015 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1017 skb_queue_head_init(&session->ctrl_transmit);
1018 skb_queue_head_init(&session->intr_transmit);
1020 mutex_init(&session->report_mutex);
1021 init_waitqueue_head(&session->report_queue);
1022 init_waitqueue_head(&session->startup_queue);
1023 session->waiting_for_startup = 1;
1024 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1025 session->idle_to = req->idle_to;
1027 list_add(&session->list, &hidp_session_list);
1029 if (req->rd_size > 0) {
1030 err = hidp_setup_hid(session, req);
1031 if (err && err != -ENODEV)
1035 if (!session->hid) {
1036 err = hidp_setup_input(session, req);
1041 hidp_set_timer(session);
1044 vendor = session->hid->vendor;
1045 product = session->hid->product;
1046 } else if (session->input) {
1047 vendor = session->input->id.vendor;
1048 product = session->input->id.product;
1054 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1056 if (IS_ERR(session->task)) {
1057 err = PTR_ERR(session->task);
1061 while (session->waiting_for_startup) {
1062 wait_event_interruptible(session->startup_queue,
1063 !session->waiting_for_startup);
1067 err = hid_add_device(session->hid);
1069 err = input_register_device(session->input);
1072 atomic_inc(&session->terminate);
1073 wake_up_process(session->task);
1074 up_write(&hidp_session_sem);
1078 if (session->input) {
1079 hidp_send_ctrl_message(session,
1080 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1081 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1083 session->leds = 0xff;
1084 hidp_input_event(session->input, EV_LED, 0, 0);
1087 up_write(&hidp_session_sem);
1091 hidp_del_timer(session);
1093 if (session->input) {
1094 input_unregister_device(session->input);
1095 session->input = NULL;
1099 hid_destroy_device(session->hid);
1100 session->hid = NULL;
1103 kfree(session->rd_data);
1104 session->rd_data = NULL;
1107 list_del(&session->list);
1109 skb_queue_purge(&session->ctrl_transmit);
1110 skb_queue_purge(&session->intr_transmit);
1113 up_write(&hidp_session_sem);
1119 int hidp_del_connection(struct hidp_conndel_req *req)
1121 struct hidp_session *session;
1126 down_read(&hidp_session_sem);
1128 session = __hidp_get_session(&req->bdaddr);
1130 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1131 hidp_send_ctrl_message(session,
1132 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1134 /* Flush the transmit queues */
1135 skb_queue_purge(&session->ctrl_transmit);
1136 skb_queue_purge(&session->intr_transmit);
1138 atomic_inc(&session->terminate);
1139 wake_up_process(session->task);
1144 up_read(&hidp_session_sem);
1148 int hidp_get_connlist(struct hidp_connlist_req *req)
1150 struct hidp_session *session;
1155 down_read(&hidp_session_sem);
1157 list_for_each_entry(session, &hidp_session_list, list) {
1158 struct hidp_conninfo ci;
1160 __hidp_copy_session(session, &ci);
1162 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1167 if (++n >= req->cnum)
1174 up_read(&hidp_session_sem);
1178 int hidp_get_conninfo(struct hidp_conninfo *ci)
1180 struct hidp_session *session;
1183 down_read(&hidp_session_sem);
1185 session = __hidp_get_session(&ci->bdaddr);
1187 __hidp_copy_session(session, ci);
1191 up_read(&hidp_session_sem);
1195 static int __init hidp_init(void)
1197 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1199 return hidp_init_sockets();
1202 static void __exit hidp_exit(void)
1204 hidp_cleanup_sockets();
1207 module_init(hidp_init);
1208 module_exit(hidp_exit);
1210 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1211 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1212 MODULE_VERSION(VERSION);
1213 MODULE_LICENSE("GPL");
1214 MODULE_ALIAS("bt-proto-6");