2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/module.h>
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/fcntl.h>
32 #include <linux/skbuff.h>
33 #include <linux/socket.h>
34 #include <linux/ioctl.h>
35 #include <linux/file.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
40 #include <linux/input.h>
42 #include <net/bluetooth/bluetooth.h>
43 #include <net/bluetooth/l2cap.h>
47 #ifndef CONFIG_BT_HIDP_DEBUG
54 static DECLARE_RWSEM(hidp_session_sem);
55 static LIST_HEAD(hidp_session_list);
57 static unsigned char hidp_keycode[256] = {
58 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
59 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
60 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
61 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
62 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
63 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
64 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
65 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
66 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
67 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
73 150,158,159,128,136,177,178,176,142,152,173,140
76 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
78 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
80 struct hidp_session *session;
85 list_for_each(p, &hidp_session_list) {
86 session = list_entry(p, struct hidp_session, list);
87 if (!bacmp(bdaddr, &session->bdaddr))
93 static void __hidp_link_session(struct hidp_session *session)
95 __module_get(THIS_MODULE);
96 list_add(&session->list, &hidp_session_list);
99 static void __hidp_unlink_session(struct hidp_session *session)
101 list_del(&session->list);
102 module_put(THIS_MODULE);
105 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
107 bacpy(&ci->bdaddr, &session->bdaddr);
109 ci->flags = session->flags;
110 ci->state = session->state;
113 ci->product = 0x0000;
114 ci->version = 0x0000;
115 memset(ci->name, 0, 128);
117 if (session->input) {
118 ci->vendor = session->input->id.vendor;
119 ci->product = session->input->id.product;
120 ci->version = session->input->id.version;
121 if (session->input->name)
122 strncpy(ci->name, session->input->name, 128);
124 strncpy(ci->name, "HID Boot Device", 128);
128 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
130 struct hidp_session *session = dev->private;
132 unsigned char newleds;
134 BT_DBG("input %p type %d code %d value %d", dev, type, code, value);
139 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
140 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
141 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
142 (!!test_bit(LED_CAPSL, dev->led) << 1) |
143 (!!test_bit(LED_NUML, dev->led));
145 if (session->leds == newleds)
148 session->leds = newleds;
150 if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
151 BT_ERR("Can't allocate memory for new frame");
155 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
156 *skb_put(skb, 1) = 0x01;
157 *skb_put(skb, 1) = newleds;
159 skb_queue_tail(&session->intr_transmit, skb);
161 hidp_schedule(session);
166 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
168 struct input_dev *dev = session->input;
169 unsigned char *keys = session->keys;
170 unsigned char *udata = skb->data + 1;
171 signed char *sdata = skb->data + 1;
172 int i, size = skb->len - 1;
174 switch (skb->data[0]) {
175 case 0x01: /* Keyboard report */
176 for (i = 0; i < 8; i++)
177 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
179 /* If all the key codes have been set to 0x01, it means
180 * too many keys were pressed at the same time. */
181 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
184 for (i = 2; i < 8; i++) {
185 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
186 if (hidp_keycode[keys[i]])
187 input_report_key(dev, hidp_keycode[keys[i]], 0);
189 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
192 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
193 if (hidp_keycode[udata[i]])
194 input_report_key(dev, hidp_keycode[udata[i]], 1);
196 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
200 memcpy(keys, udata, 8);
203 case 0x02: /* Mouse report */
204 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
205 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
206 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
207 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
208 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
210 input_report_rel(dev, REL_X, sdata[1]);
211 input_report_rel(dev, REL_Y, sdata[2]);
214 input_report_rel(dev, REL_WHEEL, sdata[3]);
221 static void hidp_idle_timeout(unsigned long arg)
223 struct hidp_session *session = (struct hidp_session *) arg;
225 atomic_inc(&session->terminate);
226 hidp_schedule(session);
229 static inline void hidp_set_timer(struct hidp_session *session)
231 if (session->idle_to > 0)
232 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
235 static inline void hidp_del_timer(struct hidp_session *session)
237 if (session->idle_to > 0)
238 del_timer(&session->timer);
241 static int __hidp_send_ctrl_message(struct hidp_session *session,
242 unsigned char hdr, unsigned char *data, int size)
246 BT_DBG("session %p data %p size %d", session, data, size);
248 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
249 BT_ERR("Can't allocate memory for new frame");
253 *skb_put(skb, 1) = hdr;
254 if (data && size > 0)
255 memcpy(skb_put(skb, size), data, size);
257 skb_queue_tail(&session->ctrl_transmit, skb);
262 static int inline hidp_send_ctrl_message(struct hidp_session *session,
263 unsigned char hdr, unsigned char *data, int size)
267 err = __hidp_send_ctrl_message(session, hdr, data, size);
269 hidp_schedule(session);
274 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param)
276 BT_DBG("session %p param 0x%02x", session, param);
279 case HIDP_HSHK_SUCCESSFUL:
280 /* FIXME: Call into SET_ GET_ handlers here */
283 case HIDP_HSHK_NOT_READY:
284 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
285 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
286 case HIDP_HSHK_ERR_INVALID_PARAMETER:
287 /* FIXME: Call into SET_ GET_ handlers here */
290 case HIDP_HSHK_ERR_UNKNOWN:
293 case HIDP_HSHK_ERR_FATAL:
294 /* Device requests a reboot, as this is the only way this error
295 * can be recovered. */
296 __hidp_send_ctrl_message(session,
297 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
301 __hidp_send_ctrl_message(session,
302 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
307 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param)
309 BT_DBG("session %p param 0x%02x", session, param);
315 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG:
316 /* Flush the transmit queues */
317 skb_queue_purge(&session->ctrl_transmit);
318 skb_queue_purge(&session->intr_transmit);
320 /* Kill session thread */
321 atomic_inc(&session->terminate);
324 case HIDP_CTRL_HARD_RESET:
325 case HIDP_CTRL_SOFT_RESET:
326 case HIDP_CTRL_SUSPEND:
327 case HIDP_CTRL_EXIT_SUSPEND:
328 /* FIXME: We have to parse these and return no error */
332 __hidp_send_ctrl_message(session,
333 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
338 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param)
340 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
343 case HIDP_DATA_RTYPE_INPUT:
344 hidp_set_timer(session);
347 hidp_input_report(session, skb);
350 case HIDP_DATA_RTYPE_OTHER:
351 case HIDP_DATA_RTYPE_OUPUT:
352 case HIDP_DATA_RTYPE_FEATURE:
356 __hidp_send_ctrl_message(session,
357 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
361 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb)
363 unsigned char hdr, type, param;
365 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
370 type = hdr & HIDP_HEADER_TRANS_MASK;
371 param = hdr & HIDP_HEADER_PARAM_MASK;
374 case HIDP_TRANS_HANDSHAKE:
375 hidp_process_handshake(session, param);
378 case HIDP_TRANS_HID_CONTROL:
379 hidp_process_hid_control(session, param);
382 case HIDP_TRANS_DATA:
383 hidp_process_data(session, skb, param);
387 __hidp_send_ctrl_message(session,
388 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
395 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb)
399 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
404 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
405 hidp_set_timer(session);
407 hidp_input_report(session, skb);
409 BT_DBG("Unsupported protocol header 0x%02x", hdr);
415 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
417 struct kvec iv = { data, len };
420 BT_DBG("sock %p data %p len %d", sock, data, len);
425 memset(&msg, 0, sizeof(msg));
427 return kernel_sendmsg(sock, &msg, &iv, 1, len);
430 static void hidp_process_transmit(struct hidp_session *session)
434 BT_DBG("session %p", session);
436 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
437 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
438 skb_queue_head(&session->ctrl_transmit, skb);
442 hidp_set_timer(session);
446 while ((skb = skb_dequeue(&session->intr_transmit))) {
447 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
448 skb_queue_head(&session->intr_transmit, skb);
452 hidp_set_timer(session);
457 static int hidp_session(void *arg)
459 struct hidp_session *session = arg;
460 struct sock *ctrl_sk = session->ctrl_sock->sk;
461 struct sock *intr_sk = session->intr_sock->sk;
463 int vendor = 0x0000, product = 0x0000;
464 wait_queue_t ctrl_wait, intr_wait;
466 BT_DBG("session %p", session);
468 if (session->input) {
469 vendor = session->input->id.vendor;
470 product = session->input->id.product;
473 daemonize("khidpd_%04x%04x", vendor, product);
474 set_user_nice(current, -15);
475 current->flags |= PF_NOFREEZE;
477 init_waitqueue_entry(&ctrl_wait, current);
478 init_waitqueue_entry(&intr_wait, current);
479 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
480 add_wait_queue(intr_sk->sk_sleep, &intr_wait);
481 while (!atomic_read(&session->terminate)) {
482 set_current_state(TASK_INTERRUPTIBLE);
484 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
487 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
489 hidp_recv_ctrl_frame(session, skb);
492 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
494 hidp_recv_intr_frame(session, skb);
497 hidp_process_transmit(session);
501 set_current_state(TASK_RUNNING);
502 remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
503 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
505 down_write(&hidp_session_sem);
507 hidp_del_timer(session);
509 if (intr_sk->sk_state != BT_CONNECTED)
510 wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
512 fput(session->ctrl_sock->file);
514 wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ);
516 fput(session->intr_sock->file);
518 __hidp_unlink_session(session);
520 if (session->input) {
521 input_unregister_device(session->input);
522 session->input = NULL;
525 up_write(&hidp_session_sem);
531 static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
533 struct input_dev *input = session->input;
536 input->private = session;
538 input->name = "Bluetooth HID Boot Protocol Device";
540 input->id.bustype = BUS_BLUETOOTH;
541 input->id.vendor = req->vendor;
542 input->id.product = req->product;
543 input->id.version = req->version;
545 if (req->subclass & 0x40) {
546 set_bit(EV_KEY, input->evbit);
547 set_bit(EV_LED, input->evbit);
548 set_bit(EV_REP, input->evbit);
550 set_bit(LED_NUML, input->ledbit);
551 set_bit(LED_CAPSL, input->ledbit);
552 set_bit(LED_SCROLLL, input->ledbit);
553 set_bit(LED_COMPOSE, input->ledbit);
554 set_bit(LED_KANA, input->ledbit);
556 for (i = 0; i < sizeof(hidp_keycode); i++)
557 set_bit(hidp_keycode[i], input->keybit);
558 clear_bit(0, input->keybit);
561 if (req->subclass & 0x80) {
562 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL);
563 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE);
564 input->relbit[0] = BIT(REL_X) | BIT(REL_Y);
565 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA);
566 input->relbit[0] |= BIT(REL_WHEEL);
569 input->event = hidp_input_event;
571 input_register_device(input);
574 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
576 struct hidp_session *session, *s;
581 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
582 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
585 session = kmalloc(sizeof(struct hidp_session), GFP_KERNEL);
588 memset(session, 0, sizeof(struct hidp_session));
590 session->input = input_allocate_device();
591 if (!session->input) {
596 down_write(&hidp_session_sem);
598 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
599 if (s && s->state == BT_CONNECTED) {
604 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
606 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
607 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
609 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
611 session->ctrl_sock = ctrl_sock;
612 session->intr_sock = intr_sock;
613 session->state = BT_CONNECTED;
615 init_timer(&session->timer);
617 session->timer.function = hidp_idle_timeout;
618 session->timer.data = (unsigned long) session;
620 skb_queue_head_init(&session->ctrl_transmit);
621 skb_queue_head_init(&session->intr_transmit);
623 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
624 session->idle_to = req->idle_to;
627 hidp_setup_input(session, req);
629 __hidp_link_session(session);
631 hidp_set_timer(session);
633 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
637 if (session->input) {
638 hidp_send_ctrl_message(session,
639 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
640 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
642 session->leds = 0xff;
643 hidp_input_event(session->input, EV_LED, 0, 0);
646 up_write(&hidp_session_sem);
650 hidp_del_timer(session);
652 __hidp_unlink_session(session);
654 if (session->input) {
655 input_unregister_device(session->input);
656 session->input = NULL; /* don't try to free it here */
660 up_write(&hidp_session_sem);
662 kfree(session->input);
667 int hidp_del_connection(struct hidp_conndel_req *req)
669 struct hidp_session *session;
674 down_read(&hidp_session_sem);
676 session = __hidp_get_session(&req->bdaddr);
678 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
679 hidp_send_ctrl_message(session,
680 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
682 /* Flush the transmit queues */
683 skb_queue_purge(&session->ctrl_transmit);
684 skb_queue_purge(&session->intr_transmit);
686 /* Kill session thread */
687 atomic_inc(&session->terminate);
688 hidp_schedule(session);
693 up_read(&hidp_session_sem);
697 int hidp_get_connlist(struct hidp_connlist_req *req)
704 down_read(&hidp_session_sem);
706 list_for_each(p, &hidp_session_list) {
707 struct hidp_session *session;
708 struct hidp_conninfo ci;
710 session = list_entry(p, struct hidp_session, list);
712 __hidp_copy_session(session, &ci);
714 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
719 if (++n >= req->cnum)
726 up_read(&hidp_session_sem);
730 int hidp_get_conninfo(struct hidp_conninfo *ci)
732 struct hidp_session *session;
735 down_read(&hidp_session_sem);
737 session = __hidp_get_session(&ci->bdaddr);
739 __hidp_copy_session(session, ci);
743 up_read(&hidp_session_sem);
747 static int __init hidp_init(void)
751 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
753 return hidp_init_sockets();
756 static void __exit hidp_exit(void)
758 hidp_cleanup_sockets();
761 module_init(hidp_init);
762 module_exit(hidp_exit);
764 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
765 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
766 MODULE_VERSION(VERSION);
767 MODULE_LICENSE("GPL");
768 MODULE_ALIAS("bt-proto-6");