Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm
[linux-2.6] / net / bluetooth / hidp / core.c
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/freezer.h>
32 #include <linux/fcntl.h>
33 #include <linux/skbuff.h>
34 #include <linux/socket.h>
35 #include <linux/ioctl.h>
36 #include <linux/file.h>
37 #include <linux/init.h>
38 #include <linux/wait.h>
39 #include <net/sock.h>
40
41 #include <linux/input.h>
42 #include <linux/hid.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47
48 #include "hidp.h"
49
50 #ifndef CONFIG_BT_HIDP_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 #define VERSION "1.2"
56
57 static DECLARE_RWSEM(hidp_session_sem);
58 static LIST_HEAD(hidp_session_list);
59
60 static unsigned char hidp_keycode[256] = {
61           0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
62          50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
63           4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
64          27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
65          65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
66         105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
67          72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
68         191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
69         115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
70         122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
71           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
72           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
73           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
74           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
75          29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
76         150,158,159,128,136,177,178,176,142,152,173,140
77 };
78
79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82 {
83         struct hidp_session *session;
84         struct list_head *p;
85
86         BT_DBG("");
87
88         list_for_each(p, &hidp_session_list) {
89                 session = list_entry(p, struct hidp_session, list);
90                 if (!bacmp(bdaddr, &session->bdaddr))
91                         return session;
92         }
93         return NULL;
94 }
95
96 static void __hidp_link_session(struct hidp_session *session)
97 {
98         __module_get(THIS_MODULE);
99         list_add(&session->list, &hidp_session_list);
100 }
101
102 static void __hidp_unlink_session(struct hidp_session *session)
103 {
104         list_del(&session->list);
105         module_put(THIS_MODULE);
106 }
107
108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109 {
110         bacpy(&ci->bdaddr, &session->bdaddr);
111
112         ci->flags = session->flags;
113         ci->state = session->state;
114
115         ci->vendor  = 0x0000;
116         ci->product = 0x0000;
117         ci->version = 0x0000;
118         memset(ci->name, 0, 128);
119
120         if (session->input) {
121                 ci->vendor  = session->input->id.vendor;
122                 ci->product = session->input->id.product;
123                 ci->version = session->input->id.version;
124                 if (session->input->name)
125                         strncpy(ci->name, session->input->name, 128);
126                 else
127                         strncpy(ci->name, "HID Boot Device", 128);
128         }
129
130         if (session->hid) {
131                 ci->vendor  = session->hid->vendor;
132                 ci->product = session->hid->product;
133                 ci->version = session->hid->version;
134                 strncpy(ci->name, session->hid->name, 128);
135         }
136 }
137
138 static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139                                         unsigned int type, unsigned int code, int value)
140 {
141         unsigned char newleds;
142         struct sk_buff *skb;
143
144         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
145
146         if (type != EV_LED)
147                 return -1;
148
149         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
150                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
153                   (!!test_bit(LED_NUML,    dev->led));
154
155         if (session->leds == newleds)
156                 return 0;
157
158         session->leds = newleds;
159
160         if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161                 BT_ERR("Can't allocate memory for new frame");
162                 return -ENOMEM;
163         }
164
165         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166         *skb_put(skb, 1) = 0x01;
167         *skb_put(skb, 1) = newleds;
168
169         skb_queue_tail(&session->intr_transmit, skb);
170
171         hidp_schedule(session);
172
173         return 0;
174 }
175
176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177 {
178         struct hid_device *hid = input_get_drvdata(dev);
179         struct hidp_session *session = hid->driver_data;
180
181         return hidp_queue_event(session, dev, type, code, value);
182 }
183
184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185 {
186         struct hidp_session *session = input_get_drvdata(dev);
187
188         return hidp_queue_event(session, dev, type, code, value);
189 }
190
191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192 {
193         struct input_dev *dev = session->input;
194         unsigned char *keys = session->keys;
195         unsigned char *udata = skb->data + 1;
196         signed char *sdata = skb->data + 1;
197         int i, size = skb->len - 1;
198
199         switch (skb->data[0]) {
200         case 0x01:      /* Keyboard report */
201                 for (i = 0; i < 8; i++)
202                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204                 /* If all the key codes have been set to 0x01, it means
205                  * too many keys were pressed at the same time. */
206                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207                         break;
208
209                 for (i = 2; i < 8; i++) {
210                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211                                 if (hidp_keycode[keys[i]])
212                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
213                                 else
214                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215                         }
216
217                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218                                 if (hidp_keycode[udata[i]])
219                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
220                                 else
221                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222                         }
223                 }
224
225                 memcpy(keys, udata, 8);
226                 break;
227
228         case 0x02:      /* Mouse report */
229                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
230                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
231                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
233                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
234
235                 input_report_rel(dev, REL_X, sdata[1]);
236                 input_report_rel(dev, REL_Y, sdata[2]);
237
238                 if (size > 3)
239                         input_report_rel(dev, REL_WHEEL, sdata[3]);
240                 break;
241         }
242
243         input_sync(dev);
244 }
245
246 static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size)
247 {
248         struct sk_buff *skb;
249
250         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
251
252         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
253                 BT_ERR("Can't allocate memory for new frame");
254                 return -ENOMEM;
255         }
256
257         *skb_put(skb, 1) = 0xa2;
258         if (size > 0)
259                 memcpy(skb_put(skb, size), data, size);
260
261         skb_queue_tail(&session->intr_transmit, skb);
262
263         hidp_schedule(session);
264
265         return 0;
266 }
267
268 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
269 {
270         unsigned char buf[32];
271         int rsize;
272
273         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
274         if (rsize > sizeof(buf))
275                 return -EIO;
276
277         hid_output_report(report, buf);
278
279         return hidp_queue_report(session, buf, rsize);
280 }
281
282 static void hidp_idle_timeout(unsigned long arg)
283 {
284         struct hidp_session *session = (struct hidp_session *) arg;
285
286         atomic_inc(&session->terminate);
287         hidp_schedule(session);
288 }
289
290 static inline void hidp_set_timer(struct hidp_session *session)
291 {
292         if (session->idle_to > 0)
293                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
294 }
295
296 static inline void hidp_del_timer(struct hidp_session *session)
297 {
298         if (session->idle_to > 0)
299                 del_timer(&session->timer);
300 }
301
302 static int __hidp_send_ctrl_message(struct hidp_session *session,
303                         unsigned char hdr, unsigned char *data, int size)
304 {
305         struct sk_buff *skb;
306
307         BT_DBG("session %p data %p size %d", session, data, size);
308
309         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
310                 BT_ERR("Can't allocate memory for new frame");
311                 return -ENOMEM;
312         }
313
314         *skb_put(skb, 1) = hdr;
315         if (data && size > 0)
316                 memcpy(skb_put(skb, size), data, size);
317
318         skb_queue_tail(&session->ctrl_transmit, skb);
319
320         return 0;
321 }
322
323 static inline int hidp_send_ctrl_message(struct hidp_session *session,
324                         unsigned char hdr, unsigned char *data, int size)
325 {
326         int err;
327
328         err = __hidp_send_ctrl_message(session, hdr, data, size);
329
330         hidp_schedule(session);
331
332         return err;
333 }
334
335 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param)
336 {
337         BT_DBG("session %p param 0x%02x", session, param);
338
339         switch (param) {
340         case HIDP_HSHK_SUCCESSFUL:
341                 /* FIXME: Call into SET_ GET_ handlers here */
342                 break;
343
344         case HIDP_HSHK_NOT_READY:
345         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
346         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
347         case HIDP_HSHK_ERR_INVALID_PARAMETER:
348                 /* FIXME: Call into SET_ GET_ handlers here */
349                 break;
350
351         case HIDP_HSHK_ERR_UNKNOWN:
352                 break;
353
354         case HIDP_HSHK_ERR_FATAL:
355                 /* Device requests a reboot, as this is the only way this error
356                  * can be recovered. */
357                 __hidp_send_ctrl_message(session,
358                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
359                 break;
360
361         default:
362                 __hidp_send_ctrl_message(session,
363                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
364                 break;
365         }
366 }
367
368 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param)
369 {
370         BT_DBG("session %p param 0x%02x", session, param);
371
372         switch (param) {
373         case HIDP_CTRL_NOP:
374                 break;
375
376         case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG:
377                 /* Flush the transmit queues */
378                 skb_queue_purge(&session->ctrl_transmit);
379                 skb_queue_purge(&session->intr_transmit);
380
381                 /* Kill session thread */
382                 atomic_inc(&session->terminate);
383                 break;
384
385         case HIDP_CTRL_HARD_RESET:
386         case HIDP_CTRL_SOFT_RESET:
387         case HIDP_CTRL_SUSPEND:
388         case HIDP_CTRL_EXIT_SUSPEND:
389                 /* FIXME: We have to parse these and return no error */
390                 break;
391
392         default:
393                 __hidp_send_ctrl_message(session,
394                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
395                 break;
396         }
397 }
398
399 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param)
400 {
401         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
402
403         switch (param) {
404         case HIDP_DATA_RTYPE_INPUT:
405                 hidp_set_timer(session);
406
407                 if (session->input)
408                         hidp_input_report(session, skb);
409
410                 if (session->hid)
411                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
412
413                 break;
414
415         case HIDP_DATA_RTYPE_OTHER:
416         case HIDP_DATA_RTYPE_OUPUT:
417         case HIDP_DATA_RTYPE_FEATURE:
418                 break;
419
420         default:
421                 __hidp_send_ctrl_message(session,
422                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
423         }
424 }
425
426 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb)
427 {
428         unsigned char hdr, type, param;
429
430         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
431
432         hdr = skb->data[0];
433         skb_pull(skb, 1);
434
435         type = hdr & HIDP_HEADER_TRANS_MASK;
436         param = hdr & HIDP_HEADER_PARAM_MASK;
437
438         switch (type) {
439         case HIDP_TRANS_HANDSHAKE:
440                 hidp_process_handshake(session, param);
441                 break;
442
443         case HIDP_TRANS_HID_CONTROL:
444                 hidp_process_hid_control(session, param);
445                 break;
446
447         case HIDP_TRANS_DATA:
448                 hidp_process_data(session, skb, param);
449                 break;
450
451         default:
452                 __hidp_send_ctrl_message(session,
453                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
454                 break;
455         }
456
457         kfree_skb(skb);
458 }
459
460 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb)
461 {
462         unsigned char hdr;
463
464         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
465
466         hdr = skb->data[0];
467         skb_pull(skb, 1);
468
469         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
470                 hidp_set_timer(session);
471
472                 if (session->input)
473                         hidp_input_report(session, skb);
474
475                 if (session->hid) {
476                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
477                         BT_DBG("report len %d", skb->len);
478                 }
479         } else {
480                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
481         }
482
483         kfree_skb(skb);
484 }
485
486 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
487 {
488         struct kvec iv = { data, len };
489         struct msghdr msg;
490
491         BT_DBG("sock %p data %p len %d", sock, data, len);
492
493         if (!len)
494                 return 0;
495
496         memset(&msg, 0, sizeof(msg));
497
498         return kernel_sendmsg(sock, &msg, &iv, 1, len);
499 }
500
501 static void hidp_process_transmit(struct hidp_session *session)
502 {
503         struct sk_buff *skb;
504
505         BT_DBG("session %p", session);
506
507         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
508                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
509                         skb_queue_head(&session->ctrl_transmit, skb);
510                         break;
511                 }
512
513                 hidp_set_timer(session);
514                 kfree_skb(skb);
515         }
516
517         while ((skb = skb_dequeue(&session->intr_transmit))) {
518                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
519                         skb_queue_head(&session->intr_transmit, skb);
520                         break;
521                 }
522
523                 hidp_set_timer(session);
524                 kfree_skb(skb);
525         }
526 }
527
528 static int hidp_session(void *arg)
529 {
530         struct hidp_session *session = arg;
531         struct sock *ctrl_sk = session->ctrl_sock->sk;
532         struct sock *intr_sk = session->intr_sock->sk;
533         struct sk_buff *skb;
534         int vendor = 0x0000, product = 0x0000;
535         wait_queue_t ctrl_wait, intr_wait;
536
537         BT_DBG("session %p", session);
538
539         if (session->input) {
540                 vendor  = session->input->id.vendor;
541                 product = session->input->id.product;
542         }
543
544         if (session->hid) {
545                 vendor  = session->hid->vendor;
546                 product = session->hid->product;
547         }
548
549         daemonize("khidpd_%04x%04x", vendor, product);
550         set_user_nice(current, -15);
551
552         init_waitqueue_entry(&ctrl_wait, current);
553         init_waitqueue_entry(&intr_wait, current);
554         add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
555         add_wait_queue(intr_sk->sk_sleep, &intr_wait);
556         while (!atomic_read(&session->terminate)) {
557                 set_current_state(TASK_INTERRUPTIBLE);
558
559                 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
560                         break;
561
562                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
563                         skb_orphan(skb);
564                         hidp_recv_ctrl_frame(session, skb);
565                 }
566
567                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
568                         skb_orphan(skb);
569                         hidp_recv_intr_frame(session, skb);
570                 }
571
572                 hidp_process_transmit(session);
573
574                 schedule();
575         }
576         set_current_state(TASK_RUNNING);
577         remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
578         remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
579
580         down_write(&hidp_session_sem);
581
582         hidp_del_timer(session);
583
584         if (session->input) {
585                 input_unregister_device(session->input);
586                 session->input = NULL;
587         }
588
589         if (session->hid) {
590                 if (session->hid->claimed & HID_CLAIMED_INPUT)
591                         hidinput_disconnect(session->hid);
592                 hid_free_device(session->hid);
593         }
594
595         fput(session->intr_sock->file);
596
597         wait_event_timeout(*(ctrl_sk->sk_sleep),
598                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
599
600         fput(session->ctrl_sock->file);
601
602         __hidp_unlink_session(session);
603
604         up_write(&hidp_session_sem);
605
606         kfree(session);
607         return 0;
608 }
609
610 static struct device *hidp_get_device(struct hidp_session *session)
611 {
612         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
613         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
614         struct hci_dev *hdev;
615         struct hci_conn *conn;
616
617         hdev = hci_get_route(dst, src);
618         if (!hdev)
619                 return NULL;
620
621         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
622
623         hci_dev_put(hdev);
624
625         return conn ? &conn->dev : NULL;
626 }
627
628 static inline int hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
629 {
630         struct input_dev *input = session->input;
631         int i;
632
633         input_set_drvdata(input, session);
634
635         input->name = "Bluetooth HID Boot Protocol Device";
636
637         input->id.bustype = BUS_BLUETOOTH;
638         input->id.vendor  = req->vendor;
639         input->id.product = req->product;
640         input->id.version = req->version;
641
642         if (req->subclass & 0x40) {
643                 set_bit(EV_KEY, input->evbit);
644                 set_bit(EV_LED, input->evbit);
645                 set_bit(EV_REP, input->evbit);
646
647                 set_bit(LED_NUML,    input->ledbit);
648                 set_bit(LED_CAPSL,   input->ledbit);
649                 set_bit(LED_SCROLLL, input->ledbit);
650                 set_bit(LED_COMPOSE, input->ledbit);
651                 set_bit(LED_KANA,    input->ledbit);
652
653                 for (i = 0; i < sizeof(hidp_keycode); i++)
654                         set_bit(hidp_keycode[i], input->keybit);
655                 clear_bit(0, input->keybit);
656         }
657
658         if (req->subclass & 0x80) {
659                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
660                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
661                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
662                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
663                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
664                         BIT_MASK(BTN_EXTRA);
665                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
666         }
667
668         input->dev.parent = hidp_get_device(session);
669
670         input->event = hidp_input_event;
671
672         return input_register_device(input);
673 }
674
675 static int hidp_open(struct hid_device *hid)
676 {
677         return 0;
678 }
679
680 static void hidp_close(struct hid_device *hid)
681 {
682 }
683
684 static const struct {
685         __u16 idVendor;
686         __u16 idProduct;
687         unsigned quirks;
688 } hidp_blacklist[] = {
689         /* Apple wireless Mighty Mouse */
690         { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL },
691
692         { }     /* Terminating entry */
693 };
694
695 static void hidp_setup_quirks(struct hid_device *hid)
696 {
697         unsigned int n;
698
699         for (n = 0; hidp_blacklist[n].idVendor; n++)
700                 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) &&
701                                 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product))
702                         hid->quirks = hidp_blacklist[n].quirks;
703 }
704
705 static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req)
706 {
707         struct hid_device *hid = session->hid;
708         struct hid_report *report;
709         bdaddr_t src, dst;
710
711         baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
712         baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
713
714         hid->driver_data = session;
715
716         hid->country = req->country;
717
718         hid->bus     = BUS_BLUETOOTH;
719         hid->vendor  = req->vendor;
720         hid->product = req->product;
721         hid->version = req->version;
722
723         strncpy(hid->name, req->name, 128);
724         strncpy(hid->phys, batostr(&src), 64);
725         strncpy(hid->uniq, batostr(&dst), 64);
726
727         hid->dev = hidp_get_device(session);
728
729         hid->hid_open  = hidp_open;
730         hid->hid_close = hidp_close;
731
732         hid->hidinput_input_event = hidp_hidinput_event;
733
734         hidp_setup_quirks(hid);
735
736         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list)
737                 hidp_send_report(session, report);
738
739         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list)
740                 hidp_send_report(session, report);
741
742         if (hidinput_connect(hid) == 0)
743                 hid->claimed |= HID_CLAIMED_INPUT;
744 }
745
746 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
747 {
748         struct hidp_session *session, *s;
749         int err;
750
751         BT_DBG("");
752
753         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
754                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
755                 return -ENOTUNIQ;
756
757         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
758         if (!session)
759                 return -ENOMEM;
760
761         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
762
763         if (req->rd_size > 0) {
764                 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL);
765
766                 if (!buf) {
767                         kfree(session);
768                         return -ENOMEM;
769                 }
770
771                 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
772                         kfree(buf);
773                         kfree(session);
774                         return -EFAULT;
775                 }
776
777                 session->hid = hid_parse_report(buf, req->rd_size);
778
779                 kfree(buf);
780
781                 if (!session->hid) {
782                         kfree(session);
783                         return -EINVAL;
784                 }
785         }
786
787         if (!session->hid) {
788                 session->input = input_allocate_device();
789                 if (!session->input) {
790                         kfree(session);
791                         return -ENOMEM;
792                 }
793         }
794
795         down_write(&hidp_session_sem);
796
797         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
798         if (s && s->state == BT_CONNECTED) {
799                 err = -EEXIST;
800                 goto failed;
801         }
802
803         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
804
805         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
806         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
807
808         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
809
810         session->ctrl_sock = ctrl_sock;
811         session->intr_sock = intr_sock;
812         session->state     = BT_CONNECTED;
813
814         init_timer(&session->timer);
815
816         session->timer.function = hidp_idle_timeout;
817         session->timer.data     = (unsigned long) session;
818
819         skb_queue_head_init(&session->ctrl_transmit);
820         skb_queue_head_init(&session->intr_transmit);
821
822         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
823         session->idle_to = req->idle_to;
824
825         if (session->input) {
826                 err = hidp_setup_input(session, req);
827                 if (err < 0)
828                         goto failed;
829         }
830
831         if (session->hid)
832                 hidp_setup_hid(session, req);
833
834         __hidp_link_session(session);
835
836         hidp_set_timer(session);
837
838         err = kernel_thread(hidp_session, session, CLONE_KERNEL);
839         if (err < 0)
840                 goto unlink;
841
842         if (session->input) {
843                 hidp_send_ctrl_message(session,
844                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
845                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
846
847                 session->leds = 0xff;
848                 hidp_input_event(session->input, EV_LED, 0, 0);
849         }
850
851         up_write(&hidp_session_sem);
852         return 0;
853
854 unlink:
855         hidp_del_timer(session);
856
857         __hidp_unlink_session(session);
858
859         if (session->input) {
860                 input_unregister_device(session->input);
861                 session->input = NULL; /* don't try to free it here */
862         }
863
864 failed:
865         up_write(&hidp_session_sem);
866
867         if (session->hid)
868                 hid_free_device(session->hid);
869
870         input_free_device(session->input);
871         kfree(session);
872         return err;
873 }
874
875 int hidp_del_connection(struct hidp_conndel_req *req)
876 {
877         struct hidp_session *session;
878         int err = 0;
879
880         BT_DBG("");
881
882         down_read(&hidp_session_sem);
883
884         session = __hidp_get_session(&req->bdaddr);
885         if (session) {
886                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
887                         hidp_send_ctrl_message(session,
888                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
889                 } else {
890                         /* Flush the transmit queues */
891                         skb_queue_purge(&session->ctrl_transmit);
892                         skb_queue_purge(&session->intr_transmit);
893
894                         /* Kill session thread */
895                         atomic_inc(&session->terminate);
896                         hidp_schedule(session);
897                 }
898         } else
899                 err = -ENOENT;
900
901         up_read(&hidp_session_sem);
902         return err;
903 }
904
905 int hidp_get_connlist(struct hidp_connlist_req *req)
906 {
907         struct list_head *p;
908         int err = 0, n = 0;
909
910         BT_DBG("");
911
912         down_read(&hidp_session_sem);
913
914         list_for_each(p, &hidp_session_list) {
915                 struct hidp_session *session;
916                 struct hidp_conninfo ci;
917
918                 session = list_entry(p, struct hidp_session, list);
919
920                 __hidp_copy_session(session, &ci);
921
922                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
923                         err = -EFAULT;
924                         break;
925                 }
926
927                 if (++n >= req->cnum)
928                         break;
929
930                 req->ci++;
931         }
932         req->cnum = n;
933
934         up_read(&hidp_session_sem);
935         return err;
936 }
937
938 int hidp_get_conninfo(struct hidp_conninfo *ci)
939 {
940         struct hidp_session *session;
941         int err = 0;
942
943         down_read(&hidp_session_sem);
944
945         session = __hidp_get_session(&ci->bdaddr);
946         if (session)
947                 __hidp_copy_session(session, ci);
948         else
949                 err = -ENOENT;
950
951         up_read(&hidp_session_sem);
952         return err;
953 }
954
955 static int __init hidp_init(void)
956 {
957         l2cap_load();
958
959         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
960
961         return hidp_init_sockets();
962 }
963
964 static void __exit hidp_exit(void)
965 {
966         hidp_cleanup_sockets();
967 }
968
969 module_init(hidp_init);
970 module_exit(hidp_exit);
971
972 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
973 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
974 MODULE_VERSION(VERSION);
975 MODULE_LICENSE("GPL");
976 MODULE_ALIAS("bt-proto-6");