2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/module.h>
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/fcntl.h>
32 #include <linux/skbuff.h>
33 #include <linux/socket.h>
34 #include <linux/ioctl.h>
35 #include <linux/file.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
40 #include <linux/input.h>
42 #include <net/bluetooth/bluetooth.h>
43 #include <net/bluetooth/l2cap.h>
47 #ifndef CONFIG_BT_HIDP_DEBUG
54 static DECLARE_RWSEM(hidp_session_sem);
55 static LIST_HEAD(hidp_session_list);
57 static unsigned char hidp_keycode[256] = {
58 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
59 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
60 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
61 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
62 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
63 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
64 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
65 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
66 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
67 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
73 150,158,159,128,136,177,178,176,142,152,173,140
76 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
78 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
80 struct hidp_session *session;
85 list_for_each(p, &hidp_session_list) {
86 session = list_entry(p, struct hidp_session, list);
87 if (!bacmp(bdaddr, &session->bdaddr))
93 static void __hidp_link_session(struct hidp_session *session)
95 __module_get(THIS_MODULE);
96 list_add(&session->list, &hidp_session_list);
99 static void __hidp_unlink_session(struct hidp_session *session)
101 list_del(&session->list);
102 module_put(THIS_MODULE);
105 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
107 bacpy(&ci->bdaddr, &session->bdaddr);
109 ci->flags = session->flags;
110 ci->state = session->state;
113 ci->product = 0x0000;
114 ci->version = 0x0000;
115 memset(ci->name, 0, 128);
117 if (session->input) {
118 ci->vendor = session->input->id.vendor;
119 ci->product = session->input->id.product;
120 ci->version = session->input->id.version;
121 if (session->input->name)
122 strncpy(ci->name, session->input->name, 128);
124 strncpy(ci->name, "HID Boot Device", 128);
128 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
130 struct hidp_session *session = dev->private;
132 unsigned char newleds;
134 BT_DBG("input %p type %d code %d value %d", dev, type, code, value);
139 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
140 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
141 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
142 (!!test_bit(LED_CAPSL, dev->led) << 1) |
143 (!!test_bit(LED_NUML, dev->led));
145 if (session->leds == newleds)
148 session->leds = newleds;
150 if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
151 BT_ERR("Can't allocate memory for new frame");
155 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
156 *skb_put(skb, 1) = 0x01;
157 *skb_put(skb, 1) = newleds;
159 skb_queue_tail(&session->intr_transmit, skb);
161 hidp_schedule(session);
166 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
168 struct input_dev *dev = session->input;
169 unsigned char *keys = session->keys;
170 unsigned char *udata = skb->data + 1;
171 signed char *sdata = skb->data + 1;
172 int i, size = skb->len - 1;
174 switch (skb->data[0]) {
175 case 0x01: /* Keyboard report */
176 for (i = 0; i < 8; i++)
177 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
179 /* If all the key codes have been set to 0x01, it means
180 * too many keys were pressed at the same time. */
181 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
184 for (i = 2; i < 8; i++) {
185 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
186 if (hidp_keycode[keys[i]])
187 input_report_key(dev, hidp_keycode[keys[i]], 0);
189 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
192 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
193 if (hidp_keycode[udata[i]])
194 input_report_key(dev, hidp_keycode[udata[i]], 1);
196 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
200 memcpy(keys, udata, 8);
203 case 0x02: /* Mouse report */
204 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
205 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
206 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
207 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
208 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
210 input_report_rel(dev, REL_X, sdata[1]);
211 input_report_rel(dev, REL_Y, sdata[2]);
214 input_report_rel(dev, REL_WHEEL, sdata[3]);
221 static void hidp_idle_timeout(unsigned long arg)
223 struct hidp_session *session = (struct hidp_session *) arg;
225 atomic_inc(&session->terminate);
226 hidp_schedule(session);
229 static inline void hidp_set_timer(struct hidp_session *session)
231 if (session->idle_to > 0)
232 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
235 static inline void hidp_del_timer(struct hidp_session *session)
237 if (session->idle_to > 0)
238 del_timer(&session->timer);
241 static int __hidp_send_ctrl_message(struct hidp_session *session,
242 unsigned char hdr, unsigned char *data, int size)
246 BT_DBG("session %p data %p size %d", session, data, size);
248 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
249 BT_ERR("Can't allocate memory for new frame");
253 *skb_put(skb, 1) = hdr;
254 if (data && size > 0)
255 memcpy(skb_put(skb, size), data, size);
257 skb_queue_tail(&session->ctrl_transmit, skb);
262 static int inline hidp_send_ctrl_message(struct hidp_session *session,
263 unsigned char hdr, unsigned char *data, int size)
267 err = __hidp_send_ctrl_message(session, hdr, data, size);
269 hidp_schedule(session);
274 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param)
276 BT_DBG("session %p param 0x%02x", session, param);
279 case HIDP_HSHK_SUCCESSFUL:
280 /* FIXME: Call into SET_ GET_ handlers here */
283 case HIDP_HSHK_NOT_READY:
284 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
285 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
286 case HIDP_HSHK_ERR_INVALID_PARAMETER:
287 /* FIXME: Call into SET_ GET_ handlers here */
290 case HIDP_HSHK_ERR_UNKNOWN:
293 case HIDP_HSHK_ERR_FATAL:
294 /* Device requests a reboot, as this is the only way this error
295 * can be recovered. */
296 __hidp_send_ctrl_message(session,
297 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
301 __hidp_send_ctrl_message(session,
302 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
307 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param)
309 BT_DBG("session %p param 0x%02x", session, param);
315 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG:
316 /* Flush the transmit queues */
317 skb_queue_purge(&session->ctrl_transmit);
318 skb_queue_purge(&session->intr_transmit);
320 /* Kill session thread */
321 atomic_inc(&session->terminate);
324 case HIDP_CTRL_HARD_RESET:
325 case HIDP_CTRL_SOFT_RESET:
326 case HIDP_CTRL_SUSPEND:
327 case HIDP_CTRL_EXIT_SUSPEND:
328 /* FIXME: We have to parse these and return no error */
332 __hidp_send_ctrl_message(session,
333 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
338 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param)
340 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
343 case HIDP_DATA_RTYPE_INPUT:
344 hidp_set_timer(session);
347 hidp_input_report(session, skb);
350 case HIDP_DATA_RTYPE_OTHER:
351 case HIDP_DATA_RTYPE_OUPUT:
352 case HIDP_DATA_RTYPE_FEATURE:
356 __hidp_send_ctrl_message(session,
357 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
361 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb)
363 unsigned char hdr, type, param;
365 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
370 type = hdr & HIDP_HEADER_TRANS_MASK;
371 param = hdr & HIDP_HEADER_PARAM_MASK;
374 case HIDP_TRANS_HANDSHAKE:
375 hidp_process_handshake(session, param);
378 case HIDP_TRANS_HID_CONTROL:
379 hidp_process_hid_control(session, param);
382 case HIDP_TRANS_DATA:
383 hidp_process_data(session, skb, param);
387 __hidp_send_ctrl_message(session,
388 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
395 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb)
399 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
404 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
405 hidp_set_timer(session);
407 hidp_input_report(session, skb);
409 BT_DBG("Unsupported protocol header 0x%02x", hdr);
415 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
417 struct kvec iv = { data, len };
420 BT_DBG("sock %p data %p len %d", sock, data, len);
425 memset(&msg, 0, sizeof(msg));
427 return kernel_sendmsg(sock, &msg, &iv, 1, len);
430 static void hidp_process_transmit(struct hidp_session *session)
434 BT_DBG("session %p", session);
436 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
437 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
438 skb_queue_head(&session->ctrl_transmit, skb);
442 hidp_set_timer(session);
446 while ((skb = skb_dequeue(&session->intr_transmit))) {
447 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
448 skb_queue_head(&session->intr_transmit, skb);
452 hidp_set_timer(session);
457 static int hidp_session(void *arg)
459 struct hidp_session *session = arg;
460 struct sock *ctrl_sk = session->ctrl_sock->sk;
461 struct sock *intr_sk = session->intr_sock->sk;
463 int vendor = 0x0000, product = 0x0000;
464 wait_queue_t ctrl_wait, intr_wait;
466 BT_DBG("session %p", session);
468 if (session->input) {
469 vendor = session->input->id.vendor;
470 product = session->input->id.product;
473 daemonize("khidpd_%04x%04x", vendor, product);
474 set_user_nice(current, -15);
475 current->flags |= PF_NOFREEZE;
477 init_waitqueue_entry(&ctrl_wait, current);
478 init_waitqueue_entry(&intr_wait, current);
479 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
480 add_wait_queue(intr_sk->sk_sleep, &intr_wait);
481 while (!atomic_read(&session->terminate)) {
482 set_current_state(TASK_INTERRUPTIBLE);
484 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
487 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
489 hidp_recv_ctrl_frame(session, skb);
492 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
494 hidp_recv_intr_frame(session, skb);
497 hidp_process_transmit(session);
501 set_current_state(TASK_RUNNING);
502 remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
503 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
505 down_write(&hidp_session_sem);
507 hidp_del_timer(session);
509 if (intr_sk->sk_state != BT_CONNECTED)
510 wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
512 fput(session->ctrl_sock->file);
514 wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ);
516 fput(session->intr_sock->file);
518 __hidp_unlink_session(session);
520 if (session->input) {
521 input_unregister_device(session->input);
522 session->input = NULL;
525 up_write(&hidp_session_sem);
531 static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
533 struct input_dev *input = session->input;
536 input->private = session;
538 input->name = "Bluetooth HID Boot Protocol Device";
540 input->id.bustype = BUS_BLUETOOTH;
541 input->id.vendor = req->vendor;
542 input->id.product = req->product;
543 input->id.version = req->version;
545 if (req->subclass & 0x40) {
546 set_bit(EV_KEY, input->evbit);
547 set_bit(EV_LED, input->evbit);
548 set_bit(EV_REP, input->evbit);
550 set_bit(LED_NUML, input->ledbit);
551 set_bit(LED_CAPSL, input->ledbit);
552 set_bit(LED_SCROLLL, input->ledbit);
553 set_bit(LED_COMPOSE, input->ledbit);
554 set_bit(LED_KANA, input->ledbit);
556 for (i = 0; i < sizeof(hidp_keycode); i++)
557 set_bit(hidp_keycode[i], input->keybit);
558 clear_bit(0, input->keybit);
561 if (req->subclass & 0x80) {
562 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL);
563 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE);
564 input->relbit[0] = BIT(REL_X) | BIT(REL_Y);
565 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA);
566 input->relbit[0] |= BIT(REL_WHEEL);
569 input->event = hidp_input_event;
571 input_register_device(input);
574 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
576 struct hidp_session *session, *s;
581 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
582 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
585 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
589 session->input = input_allocate_device();
590 if (!session->input) {
595 down_write(&hidp_session_sem);
597 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
598 if (s && s->state == BT_CONNECTED) {
603 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
605 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
606 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
608 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
610 session->ctrl_sock = ctrl_sock;
611 session->intr_sock = intr_sock;
612 session->state = BT_CONNECTED;
614 init_timer(&session->timer);
616 session->timer.function = hidp_idle_timeout;
617 session->timer.data = (unsigned long) session;
619 skb_queue_head_init(&session->ctrl_transmit);
620 skb_queue_head_init(&session->intr_transmit);
622 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
623 session->idle_to = req->idle_to;
626 hidp_setup_input(session, req);
628 __hidp_link_session(session);
630 hidp_set_timer(session);
632 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
636 if (session->input) {
637 hidp_send_ctrl_message(session,
638 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
639 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
641 session->leds = 0xff;
642 hidp_input_event(session->input, EV_LED, 0, 0);
645 up_write(&hidp_session_sem);
649 hidp_del_timer(session);
651 __hidp_unlink_session(session);
653 if (session->input) {
654 input_unregister_device(session->input);
655 session->input = NULL; /* don't try to free it here */
659 up_write(&hidp_session_sem);
661 kfree(session->input);
666 int hidp_del_connection(struct hidp_conndel_req *req)
668 struct hidp_session *session;
673 down_read(&hidp_session_sem);
675 session = __hidp_get_session(&req->bdaddr);
677 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
678 hidp_send_ctrl_message(session,
679 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
681 /* Flush the transmit queues */
682 skb_queue_purge(&session->ctrl_transmit);
683 skb_queue_purge(&session->intr_transmit);
685 /* Kill session thread */
686 atomic_inc(&session->terminate);
687 hidp_schedule(session);
692 up_read(&hidp_session_sem);
696 int hidp_get_connlist(struct hidp_connlist_req *req)
703 down_read(&hidp_session_sem);
705 list_for_each(p, &hidp_session_list) {
706 struct hidp_session *session;
707 struct hidp_conninfo ci;
709 session = list_entry(p, struct hidp_session, list);
711 __hidp_copy_session(session, &ci);
713 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
718 if (++n >= req->cnum)
725 up_read(&hidp_session_sem);
729 int hidp_get_conninfo(struct hidp_conninfo *ci)
731 struct hidp_session *session;
734 down_read(&hidp_session_sem);
736 session = __hidp_get_session(&ci->bdaddr);
738 __hidp_copy_session(session, ci);
742 up_read(&hidp_session_sem);
746 static int __init hidp_init(void)
750 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
752 return hidp_init_sockets();
755 static void __exit hidp_exit(void)
757 hidp_cleanup_sockets();
760 module_init(hidp_init);
761 module_exit(hidp_exit);
763 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
764 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
765 MODULE_VERSION(VERSION);
766 MODULE_LICENSE("GPL");
767 MODULE_ALIAS("bt-proto-6");