Bluetooth: Fix RFCOMM usage of in-kernel L2CAP sockets
[linux-2.6] / net / bluetooth / hidp / core.c
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/freezer.h>
32 #include <linux/fcntl.h>
33 #include <linux/skbuff.h>
34 #include <linux/socket.h>
35 #include <linux/ioctl.h>
36 #include <linux/file.h>
37 #include <linux/init.h>
38 #include <linux/wait.h>
39 #include <net/sock.h>
40
41 #include <linux/input.h>
42 #include <linux/hid.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47
48 #include "hidp.h"
49
50 #define VERSION "1.2"
51
52 static DECLARE_RWSEM(hidp_session_sem);
53 static LIST_HEAD(hidp_session_list);
54
55 static unsigned char hidp_keycode[256] = {
56           0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
57          50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
58           4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
59          27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
60          65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
61         105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
62          72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
63         191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
64         115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
65         122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
66           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
67           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
68           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
69           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
70          29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
71         150,158,159,128,136,177,178,176,142,152,173,140
72 };
73
74 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
75
76 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
77 {
78         struct hidp_session *session;
79         struct list_head *p;
80
81         BT_DBG("");
82
83         list_for_each(p, &hidp_session_list) {
84                 session = list_entry(p, struct hidp_session, list);
85                 if (!bacmp(bdaddr, &session->bdaddr))
86                         return session;
87         }
88         return NULL;
89 }
90
91 static void __hidp_link_session(struct hidp_session *session)
92 {
93         __module_get(THIS_MODULE);
94         list_add(&session->list, &hidp_session_list);
95 }
96
97 static void __hidp_unlink_session(struct hidp_session *session)
98 {
99         list_del(&session->list);
100         module_put(THIS_MODULE);
101 }
102
103 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
104 {
105         bacpy(&ci->bdaddr, &session->bdaddr);
106
107         ci->flags = session->flags;
108         ci->state = session->state;
109
110         ci->vendor  = 0x0000;
111         ci->product = 0x0000;
112         ci->version = 0x0000;
113         memset(ci->name, 0, 128);
114
115         if (session->input) {
116                 ci->vendor  = session->input->id.vendor;
117                 ci->product = session->input->id.product;
118                 ci->version = session->input->id.version;
119                 if (session->input->name)
120                         strncpy(ci->name, session->input->name, 128);
121                 else
122                         strncpy(ci->name, "HID Boot Device", 128);
123         }
124
125         if (session->hid) {
126                 ci->vendor  = session->hid->vendor;
127                 ci->product = session->hid->product;
128                 ci->version = session->hid->version;
129                 strncpy(ci->name, session->hid->name, 128);
130         }
131 }
132
133 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
134                                 unsigned int type, unsigned int code, int value)
135 {
136         unsigned char newleds;
137         struct sk_buff *skb;
138
139         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
140
141         if (type != EV_LED)
142                 return -1;
143
144         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
145                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
146                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
147                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
148                   (!!test_bit(LED_NUML,    dev->led));
149
150         if (session->leds == newleds)
151                 return 0;
152
153         session->leds = newleds;
154
155         if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
156                 BT_ERR("Can't allocate memory for new frame");
157                 return -ENOMEM;
158         }
159
160         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
161         *skb_put(skb, 1) = 0x01;
162         *skb_put(skb, 1) = newleds;
163
164         skb_queue_tail(&session->intr_transmit, skb);
165
166         hidp_schedule(session);
167
168         return 0;
169 }
170
171 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
172 {
173         struct hid_device *hid = input_get_drvdata(dev);
174         struct hidp_session *session = hid->driver_data;
175
176         return hidp_queue_event(session, dev, type, code, value);
177 }
178
179 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
180 {
181         struct hidp_session *session = input_get_drvdata(dev);
182
183         return hidp_queue_event(session, dev, type, code, value);
184 }
185
186 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
187 {
188         struct input_dev *dev = session->input;
189         unsigned char *keys = session->keys;
190         unsigned char *udata = skb->data + 1;
191         signed char *sdata = skb->data + 1;
192         int i, size = skb->len - 1;
193
194         switch (skb->data[0]) {
195         case 0x01:      /* Keyboard report */
196                 for (i = 0; i < 8; i++)
197                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
198
199                 /* If all the key codes have been set to 0x01, it means
200                  * too many keys were pressed at the same time. */
201                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
202                         break;
203
204                 for (i = 2; i < 8; i++) {
205                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
206                                 if (hidp_keycode[keys[i]])
207                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
208                                 else
209                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
210                         }
211
212                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
213                                 if (hidp_keycode[udata[i]])
214                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
215                                 else
216                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
217                         }
218                 }
219
220                 memcpy(keys, udata, 8);
221                 break;
222
223         case 0x02:      /* Mouse report */
224                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
225                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
226                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
227                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
228                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
229
230                 input_report_rel(dev, REL_X, sdata[1]);
231                 input_report_rel(dev, REL_Y, sdata[2]);
232
233                 if (size > 3)
234                         input_report_rel(dev, REL_WHEEL, sdata[3]);
235                 break;
236         }
237
238         input_sync(dev);
239 }
240
241 static int hidp_queue_report(struct hidp_session *session,
242                                 unsigned char *data, int size)
243 {
244         struct sk_buff *skb;
245
246         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
247
248         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
249                 BT_ERR("Can't allocate memory for new frame");
250                 return -ENOMEM;
251         }
252
253         *skb_put(skb, 1) = 0xa2;
254         if (size > 0)
255                 memcpy(skb_put(skb, size), data, size);
256
257         skb_queue_tail(&session->intr_transmit, skb);
258
259         hidp_schedule(session);
260
261         return 0;
262 }
263
264 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
265 {
266         unsigned char buf[32];
267         int rsize;
268
269         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
270         if (rsize > sizeof(buf))
271                 return -EIO;
272
273         hid_output_report(report, buf);
274
275         return hidp_queue_report(session, buf, rsize);
276 }
277
278 static void hidp_idle_timeout(unsigned long arg)
279 {
280         struct hidp_session *session = (struct hidp_session *) arg;
281
282         atomic_inc(&session->terminate);
283         hidp_schedule(session);
284 }
285
286 static void hidp_set_timer(struct hidp_session *session)
287 {
288         if (session->idle_to > 0)
289                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
290 }
291
292 static inline void hidp_del_timer(struct hidp_session *session)
293 {
294         if (session->idle_to > 0)
295                 del_timer(&session->timer);
296 }
297
298 static int __hidp_send_ctrl_message(struct hidp_session *session,
299                         unsigned char hdr, unsigned char *data, int size)
300 {
301         struct sk_buff *skb;
302
303         BT_DBG("session %p data %p size %d", session, data, size);
304
305         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
306                 BT_ERR("Can't allocate memory for new frame");
307                 return -ENOMEM;
308         }
309
310         *skb_put(skb, 1) = hdr;
311         if (data && size > 0)
312                 memcpy(skb_put(skb, size), data, size);
313
314         skb_queue_tail(&session->ctrl_transmit, skb);
315
316         return 0;
317 }
318
319 static inline int hidp_send_ctrl_message(struct hidp_session *session,
320                         unsigned char hdr, unsigned char *data, int size)
321 {
322         int err;
323
324         err = __hidp_send_ctrl_message(session, hdr, data, size);
325
326         hidp_schedule(session);
327
328         return err;
329 }
330
331 static void hidp_process_handshake(struct hidp_session *session,
332                                         unsigned char param)
333 {
334         BT_DBG("session %p param 0x%02x", session, param);
335
336         switch (param) {
337         case HIDP_HSHK_SUCCESSFUL:
338                 /* FIXME: Call into SET_ GET_ handlers here */
339                 break;
340
341         case HIDP_HSHK_NOT_READY:
342         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
343         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
344         case HIDP_HSHK_ERR_INVALID_PARAMETER:
345                 /* FIXME: Call into SET_ GET_ handlers here */
346                 break;
347
348         case HIDP_HSHK_ERR_UNKNOWN:
349                 break;
350
351         case HIDP_HSHK_ERR_FATAL:
352                 /* Device requests a reboot, as this is the only way this error
353                  * can be recovered. */
354                 __hidp_send_ctrl_message(session,
355                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
356                 break;
357
358         default:
359                 __hidp_send_ctrl_message(session,
360                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
361                 break;
362         }
363 }
364
365 static void hidp_process_hid_control(struct hidp_session *session,
366                                         unsigned char param)
367 {
368         BT_DBG("session %p param 0x%02x", session, param);
369
370         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
371                 /* Flush the transmit queues */
372                 skb_queue_purge(&session->ctrl_transmit);
373                 skb_queue_purge(&session->intr_transmit);
374
375                 /* Kill session thread */
376                 atomic_inc(&session->terminate);
377         }
378 }
379
380 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
381                                 unsigned char param)
382 {
383         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
384
385         switch (param) {
386         case HIDP_DATA_RTYPE_INPUT:
387                 hidp_set_timer(session);
388
389                 if (session->input)
390                         hidp_input_report(session, skb);
391
392                 if (session->hid)
393                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
394
395                 break;
396
397         case HIDP_DATA_RTYPE_OTHER:
398         case HIDP_DATA_RTYPE_OUPUT:
399         case HIDP_DATA_RTYPE_FEATURE:
400                 break;
401
402         default:
403                 __hidp_send_ctrl_message(session,
404                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
405         }
406 }
407
408 static void hidp_recv_ctrl_frame(struct hidp_session *session,
409                                         struct sk_buff *skb)
410 {
411         unsigned char hdr, type, param;
412
413         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
414
415         hdr = skb->data[0];
416         skb_pull(skb, 1);
417
418         type = hdr & HIDP_HEADER_TRANS_MASK;
419         param = hdr & HIDP_HEADER_PARAM_MASK;
420
421         switch (type) {
422         case HIDP_TRANS_HANDSHAKE:
423                 hidp_process_handshake(session, param);
424                 break;
425
426         case HIDP_TRANS_HID_CONTROL:
427                 hidp_process_hid_control(session, param);
428                 break;
429
430         case HIDP_TRANS_DATA:
431                 hidp_process_data(session, skb, param);
432                 break;
433
434         default:
435                 __hidp_send_ctrl_message(session,
436                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
437                 break;
438         }
439
440         kfree_skb(skb);
441 }
442
443 static void hidp_recv_intr_frame(struct hidp_session *session,
444                                 struct sk_buff *skb)
445 {
446         unsigned char hdr;
447
448         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
449
450         hdr = skb->data[0];
451         skb_pull(skb, 1);
452
453         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
454                 hidp_set_timer(session);
455
456                 if (session->input)
457                         hidp_input_report(session, skb);
458
459                 if (session->hid) {
460                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
461                         BT_DBG("report len %d", skb->len);
462                 }
463         } else {
464                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
465         }
466
467         kfree_skb(skb);
468 }
469
470 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
471 {
472         struct kvec iv = { data, len };
473         struct msghdr msg;
474
475         BT_DBG("sock %p data %p len %d", sock, data, len);
476
477         if (!len)
478                 return 0;
479
480         memset(&msg, 0, sizeof(msg));
481
482         return kernel_sendmsg(sock, &msg, &iv, 1, len);
483 }
484
485 static void hidp_process_transmit(struct hidp_session *session)
486 {
487         struct sk_buff *skb;
488
489         BT_DBG("session %p", session);
490
491         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
492                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
493                         skb_queue_head(&session->ctrl_transmit, skb);
494                         break;
495                 }
496
497                 hidp_set_timer(session);
498                 kfree_skb(skb);
499         }
500
501         while ((skb = skb_dequeue(&session->intr_transmit))) {
502                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
503                         skb_queue_head(&session->intr_transmit, skb);
504                         break;
505                 }
506
507                 hidp_set_timer(session);
508                 kfree_skb(skb);
509         }
510 }
511
512 static int hidp_session(void *arg)
513 {
514         struct hidp_session *session = arg;
515         struct sock *ctrl_sk = session->ctrl_sock->sk;
516         struct sock *intr_sk = session->intr_sock->sk;
517         struct sk_buff *skb;
518         int vendor = 0x0000, product = 0x0000;
519         wait_queue_t ctrl_wait, intr_wait;
520
521         BT_DBG("session %p", session);
522
523         if (session->input) {
524                 vendor  = session->input->id.vendor;
525                 product = session->input->id.product;
526         }
527
528         if (session->hid) {
529                 vendor  = session->hid->vendor;
530                 product = session->hid->product;
531         }
532
533         daemonize("khidpd_%04x%04x", vendor, product);
534         set_user_nice(current, -15);
535
536         init_waitqueue_entry(&ctrl_wait, current);
537         init_waitqueue_entry(&intr_wait, current);
538         add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
539         add_wait_queue(intr_sk->sk_sleep, &intr_wait);
540         while (!atomic_read(&session->terminate)) {
541                 set_current_state(TASK_INTERRUPTIBLE);
542
543                 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
544                         break;
545
546                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
547                         skb_orphan(skb);
548                         hidp_recv_ctrl_frame(session, skb);
549                 }
550
551                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
552                         skb_orphan(skb);
553                         hidp_recv_intr_frame(session, skb);
554                 }
555
556                 hidp_process_transmit(session);
557
558                 schedule();
559         }
560         set_current_state(TASK_RUNNING);
561         remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
562         remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
563
564         down_write(&hidp_session_sem);
565
566         hidp_del_timer(session);
567
568         if (session->input) {
569                 input_unregister_device(session->input);
570                 session->input = NULL;
571         }
572
573         if (session->hid) {
574                 if (session->hid->claimed & HID_CLAIMED_INPUT)
575                         hidinput_disconnect(session->hid);
576                 hid_destroy_device(session->hid);
577         }
578
579         /* Wakeup user-space polling for socket errors */
580         session->intr_sock->sk->sk_err = EUNATCH;
581         session->ctrl_sock->sk->sk_err = EUNATCH;
582
583         hidp_schedule(session);
584
585         fput(session->intr_sock->file);
586
587         wait_event_timeout(*(ctrl_sk->sk_sleep),
588                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
589
590         fput(session->ctrl_sock->file);
591
592         __hidp_unlink_session(session);
593
594         up_write(&hidp_session_sem);
595
596         kfree(session);
597         return 0;
598 }
599
600 static struct device *hidp_get_device(struct hidp_session *session)
601 {
602         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
603         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
604         struct hci_dev *hdev;
605         struct hci_conn *conn;
606
607         hdev = hci_get_route(dst, src);
608         if (!hdev)
609                 return NULL;
610
611         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
612
613         hci_dev_put(hdev);
614
615         return conn ? &conn->dev : NULL;
616 }
617
618 static int hidp_setup_input(struct hidp_session *session,
619                                 struct hidp_connadd_req *req)
620 {
621         struct input_dev *input;
622         int i;
623
624         input = input_allocate_device();
625         if (!input)
626                 return -ENOMEM;
627
628         session->input = input;
629
630         input_set_drvdata(input, session);
631
632         input->name = "Bluetooth HID Boot Protocol Device";
633
634         input->id.bustype = BUS_BLUETOOTH;
635         input->id.vendor  = req->vendor;
636         input->id.product = req->product;
637         input->id.version = req->version;
638
639         if (req->subclass & 0x40) {
640                 set_bit(EV_KEY, input->evbit);
641                 set_bit(EV_LED, input->evbit);
642                 set_bit(EV_REP, input->evbit);
643
644                 set_bit(LED_NUML,    input->ledbit);
645                 set_bit(LED_CAPSL,   input->ledbit);
646                 set_bit(LED_SCROLLL, input->ledbit);
647                 set_bit(LED_COMPOSE, input->ledbit);
648                 set_bit(LED_KANA,    input->ledbit);
649
650                 for (i = 0; i < sizeof(hidp_keycode); i++)
651                         set_bit(hidp_keycode[i], input->keybit);
652                 clear_bit(0, input->keybit);
653         }
654
655         if (req->subclass & 0x80) {
656                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
657                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
658                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
659                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
660                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
661                         BIT_MASK(BTN_EXTRA);
662                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
663         }
664
665         input->dev.parent = hidp_get_device(session);
666
667         input->event = hidp_input_event;
668
669         return input_register_device(input);
670 }
671
672 static int hidp_open(struct hid_device *hid)
673 {
674         return 0;
675 }
676
677 static void hidp_close(struct hid_device *hid)
678 {
679 }
680
681 static int hidp_parse(struct hid_device *hid)
682 {
683         struct hidp_session *session = hid->driver_data;
684         struct hidp_connadd_req *req = session->req;
685         unsigned char *buf;
686         int ret;
687
688         buf = kmalloc(req->rd_size, GFP_KERNEL);
689         if (!buf)
690                 return -ENOMEM;
691
692         if (copy_from_user(buf, req->rd_data, req->rd_size)) {
693                 kfree(buf);
694                 return -EFAULT;
695         }
696
697         ret = hid_parse_report(session->hid, buf, req->rd_size);
698
699         kfree(buf);
700
701         if (ret)
702                 return ret;
703
704         session->req = NULL;
705
706         return 0;
707 }
708
709 static int hidp_start(struct hid_device *hid)
710 {
711         struct hidp_session *session = hid->driver_data;
712         struct hid_report *report;
713
714         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
715                         report_list, list)
716                 hidp_send_report(session, report);
717
718         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
719                         report_list, list)
720                 hidp_send_report(session, report);
721
722         return 0;
723 }
724
725 static void hidp_stop(struct hid_device *hid)
726 {
727         struct hidp_session *session = hid->driver_data;
728
729         skb_queue_purge(&session->ctrl_transmit);
730         skb_queue_purge(&session->intr_transmit);
731
732         if (hid->claimed & HID_CLAIMED_INPUT)
733                 hidinput_disconnect(hid);
734         hid->claimed = 0;
735 }
736
737 static struct hid_ll_driver hidp_hid_driver = {
738         .parse = hidp_parse,
739         .start = hidp_start,
740         .stop = hidp_stop,
741         .open  = hidp_open,
742         .close = hidp_close,
743         .hidinput_input_event = hidp_hidinput_event,
744 };
745
746 static int hidp_setup_hid(struct hidp_session *session,
747                                 struct hidp_connadd_req *req)
748 {
749         struct hid_device *hid;
750         bdaddr_t src, dst;
751         int ret;
752
753         hid = hid_allocate_device();
754         if (IS_ERR(hid)) {
755                 ret = PTR_ERR(session->hid);
756                 goto err;
757         }
758
759         session->hid = hid;
760         session->req = req;
761         hid->driver_data = session;
762
763         baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
764         baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
765
766         hid->bus     = BUS_BLUETOOTH;
767         hid->vendor  = req->vendor;
768         hid->product = req->product;
769         hid->version = req->version;
770         hid->country = req->country;
771
772         strncpy(hid->name, req->name, 128);
773         strncpy(hid->phys, batostr(&src), 64);
774         strncpy(hid->uniq, batostr(&dst), 64);
775
776         hid->dev.parent = hidp_get_device(session);
777         hid->ll_driver = &hidp_hid_driver;
778
779         ret = hid_add_device(hid);
780         if (ret)
781                 goto err_hid;
782
783         return 0;
784 err_hid:
785         hid_destroy_device(hid);
786         session->hid = NULL;
787 err:
788         return ret;
789 }
790
791 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
792 {
793         struct hidp_session *session, *s;
794         int err;
795
796         BT_DBG("");
797
798         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
799                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
800                 return -ENOTUNIQ;
801
802         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
803         if (!session)
804                 return -ENOMEM;
805
806         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
807
808         down_write(&hidp_session_sem);
809
810         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
811         if (s && s->state == BT_CONNECTED) {
812                 err = -EEXIST;
813                 goto failed;
814         }
815
816         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
817
818         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
819         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
820
821         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
822
823         session->ctrl_sock = ctrl_sock;
824         session->intr_sock = intr_sock;
825         session->state     = BT_CONNECTED;
826
827         setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
828
829         skb_queue_head_init(&session->ctrl_transmit);
830         skb_queue_head_init(&session->intr_transmit);
831
832         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
833         session->idle_to = req->idle_to;
834
835         if (req->rd_size > 0) {
836                 err = hidp_setup_hid(session, req);
837                 if (err && err != -ENODEV)
838                         goto err_skb;
839         }
840
841         if (!session->hid) {
842                 err = hidp_setup_input(session, req);
843                 if (err < 0)
844                         goto err_skb;
845         }
846
847         __hidp_link_session(session);
848
849         hidp_set_timer(session);
850
851         err = kernel_thread(hidp_session, session, CLONE_KERNEL);
852         if (err < 0)
853                 goto unlink;
854
855         if (session->input) {
856                 hidp_send_ctrl_message(session,
857                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
858                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
859
860                 session->leds = 0xff;
861                 hidp_input_event(session->input, EV_LED, 0, 0);
862         }
863
864         up_write(&hidp_session_sem);
865         return 0;
866
867 unlink:
868         hidp_del_timer(session);
869
870         __hidp_unlink_session(session);
871
872         if (session->input)
873                 input_unregister_device(session->input);
874         if (session->hid)
875                 hid_destroy_device(session->hid);
876 err_skb:
877         skb_queue_purge(&session->ctrl_transmit);
878         skb_queue_purge(&session->intr_transmit);
879 failed:
880         up_write(&hidp_session_sem);
881
882         input_free_device(session->input);
883         kfree(session);
884         return err;
885 }
886
887 int hidp_del_connection(struct hidp_conndel_req *req)
888 {
889         struct hidp_session *session;
890         int err = 0;
891
892         BT_DBG("");
893
894         down_read(&hidp_session_sem);
895
896         session = __hidp_get_session(&req->bdaddr);
897         if (session) {
898                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
899                         hidp_send_ctrl_message(session,
900                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
901                 } else {
902                         /* Flush the transmit queues */
903                         skb_queue_purge(&session->ctrl_transmit);
904                         skb_queue_purge(&session->intr_transmit);
905
906                         /* Wakeup user-space polling for socket errors */
907                         session->intr_sock->sk->sk_err = EUNATCH;
908                         session->ctrl_sock->sk->sk_err = EUNATCH;
909
910                         /* Kill session thread */
911                         atomic_inc(&session->terminate);
912                         hidp_schedule(session);
913                 }
914         } else
915                 err = -ENOENT;
916
917         up_read(&hidp_session_sem);
918         return err;
919 }
920
921 int hidp_get_connlist(struct hidp_connlist_req *req)
922 {
923         struct list_head *p;
924         int err = 0, n = 0;
925
926         BT_DBG("");
927
928         down_read(&hidp_session_sem);
929
930         list_for_each(p, &hidp_session_list) {
931                 struct hidp_session *session;
932                 struct hidp_conninfo ci;
933
934                 session = list_entry(p, struct hidp_session, list);
935
936                 __hidp_copy_session(session, &ci);
937
938                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
939                         err = -EFAULT;
940                         break;
941                 }
942
943                 if (++n >= req->cnum)
944                         break;
945
946                 req->ci++;
947         }
948         req->cnum = n;
949
950         up_read(&hidp_session_sem);
951         return err;
952 }
953
954 int hidp_get_conninfo(struct hidp_conninfo *ci)
955 {
956         struct hidp_session *session;
957         int err = 0;
958
959         down_read(&hidp_session_sem);
960
961         session = __hidp_get_session(&ci->bdaddr);
962         if (session)
963                 __hidp_copy_session(session, ci);
964         else
965                 err = -ENOENT;
966
967         up_read(&hidp_session_sem);
968         return err;
969 }
970
971 static const struct hid_device_id hidp_table[] = {
972         { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
973         { }
974 };
975
976 static struct hid_driver hidp_driver = {
977         .name = "generic-bluetooth",
978         .id_table = hidp_table,
979 };
980
981 static int __init hidp_init(void)
982 {
983         int ret;
984
985         l2cap_load();
986
987         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
988
989         ret = hid_register_driver(&hidp_driver);
990         if (ret)
991                 goto err;
992
993         ret = hidp_init_sockets();
994         if (ret)
995                 goto err_drv;
996
997         return 0;
998 err_drv:
999         hid_unregister_driver(&hidp_driver);
1000 err:
1001         return ret;
1002 }
1003
1004 static void __exit hidp_exit(void)
1005 {
1006         hidp_cleanup_sockets();
1007         hid_unregister_driver(&hidp_driver);
1008 }
1009
1010 module_init(hidp_init);
1011 module_exit(hidp_exit);
1012
1013 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1014 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1015 MODULE_VERSION(VERSION);
1016 MODULE_LICENSE("GPL");
1017 MODULE_ALIAS("bt-proto-6");