4ae3207e8a98e1ded4542dbad60edec5c93ef4da
[linux-2.6.git] / net / bluetooth / hidp / core.c
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/freezer.h>
32 #include <linux/fcntl.h>
33 #include <linux/skbuff.h>
34 #include <linux/socket.h>
35 #include <linux/ioctl.h>
36 #include <linux/file.h>
37 #include <linux/init.h>
38 #include <linux/wait.h>
39 #include <net/sock.h>
40
41 #include <linux/input.h>
42 #include <linux/hid.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47
48 #include "hidp.h"
49
50 #ifndef CONFIG_BT_HIDP_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 #define VERSION "1.2"
56
57 static DECLARE_RWSEM(hidp_session_sem);
58 static LIST_HEAD(hidp_session_list);
59
60 static unsigned char hidp_keycode[256] = {
61           0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
62          50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
63           4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
64          27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
65          65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
66         105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
67          72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
68         191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
69         115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
70         122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
71           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
72           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
73           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
74           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
75          29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
76         150,158,159,128,136,177,178,176,142,152,173,140
77 };
78
79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82 {
83         struct hidp_session *session;
84         struct list_head *p;
85
86         BT_DBG("");
87
88         list_for_each(p, &hidp_session_list) {
89                 session = list_entry(p, struct hidp_session, list);
90                 if (!bacmp(bdaddr, &session->bdaddr))
91                         return session;
92         }
93         return NULL;
94 }
95
96 static void __hidp_link_session(struct hidp_session *session)
97 {
98         __module_get(THIS_MODULE);
99         list_add(&session->list, &hidp_session_list);
100 }
101
102 static void __hidp_unlink_session(struct hidp_session *session)
103 {
104         list_del(&session->list);
105         module_put(THIS_MODULE);
106 }
107
108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109 {
110         bacpy(&ci->bdaddr, &session->bdaddr);
111
112         ci->flags = session->flags;
113         ci->state = session->state;
114
115         ci->vendor  = 0x0000;
116         ci->product = 0x0000;
117         ci->version = 0x0000;
118         memset(ci->name, 0, 128);
119
120         if (session->input) {
121                 ci->vendor  = session->input->id.vendor;
122                 ci->product = session->input->id.product;
123                 ci->version = session->input->id.version;
124                 if (session->input->name)
125                         strncpy(ci->name, session->input->name, 128);
126                 else
127                         strncpy(ci->name, "HID Boot Device", 128);
128         }
129
130         if (session->hid) {
131                 ci->vendor  = session->hid->vendor;
132                 ci->product = session->hid->product;
133                 ci->version = session->hid->version;
134                 strncpy(ci->name, session->hid->name, 128);
135         }
136 }
137
138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139                                 unsigned int type, unsigned int code, int value)
140 {
141         unsigned char newleds;
142         struct sk_buff *skb;
143
144         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
145
146         if (type != EV_LED)
147                 return -1;
148
149         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
150                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
153                   (!!test_bit(LED_NUML,    dev->led));
154
155         if (session->leds == newleds)
156                 return 0;
157
158         session->leds = newleds;
159
160         if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161                 BT_ERR("Can't allocate memory for new frame");
162                 return -ENOMEM;
163         }
164
165         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166         *skb_put(skb, 1) = 0x01;
167         *skb_put(skb, 1) = newleds;
168
169         skb_queue_tail(&session->intr_transmit, skb);
170
171         hidp_schedule(session);
172
173         return 0;
174 }
175
176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177 {
178         struct hid_device *hid = input_get_drvdata(dev);
179         struct hidp_session *session = hid->driver_data;
180
181         return hidp_queue_event(session, dev, type, code, value);
182 }
183
184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185 {
186         struct hidp_session *session = input_get_drvdata(dev);
187
188         return hidp_queue_event(session, dev, type, code, value);
189 }
190
191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192 {
193         struct input_dev *dev = session->input;
194         unsigned char *keys = session->keys;
195         unsigned char *udata = skb->data + 1;
196         signed char *sdata = skb->data + 1;
197         int i, size = skb->len - 1;
198
199         switch (skb->data[0]) {
200         case 0x01:      /* Keyboard report */
201                 for (i = 0; i < 8; i++)
202                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204                 /* If all the key codes have been set to 0x01, it means
205                  * too many keys were pressed at the same time. */
206                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207                         break;
208
209                 for (i = 2; i < 8; i++) {
210                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211                                 if (hidp_keycode[keys[i]])
212                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
213                                 else
214                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215                         }
216
217                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218                                 if (hidp_keycode[udata[i]])
219                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
220                                 else
221                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222                         }
223                 }
224
225                 memcpy(keys, udata, 8);
226                 break;
227
228         case 0x02:      /* Mouse report */
229                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
230                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
231                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
233                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
234
235                 input_report_rel(dev, REL_X, sdata[1]);
236                 input_report_rel(dev, REL_Y, sdata[2]);
237
238                 if (size > 3)
239                         input_report_rel(dev, REL_WHEEL, sdata[3]);
240                 break;
241         }
242
243         input_sync(dev);
244 }
245
246 static int hidp_queue_report(struct hidp_session *session,
247                                 unsigned char *data, int size)
248 {
249         struct sk_buff *skb;
250
251         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
252
253         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254                 BT_ERR("Can't allocate memory for new frame");
255                 return -ENOMEM;
256         }
257
258         *skb_put(skb, 1) = 0xa2;
259         if (size > 0)
260                 memcpy(skb_put(skb, size), data, size);
261
262         skb_queue_tail(&session->intr_transmit, skb);
263
264         hidp_schedule(session);
265
266         return 0;
267 }
268
269 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
270 {
271         unsigned char buf[32];
272         int rsize;
273
274         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
275         if (rsize > sizeof(buf))
276                 return -EIO;
277
278         hid_output_report(report, buf);
279
280         return hidp_queue_report(session, buf, rsize);
281 }
282
283 static void hidp_idle_timeout(unsigned long arg)
284 {
285         struct hidp_session *session = (struct hidp_session *) arg;
286
287         atomic_inc(&session->terminate);
288         hidp_schedule(session);
289 }
290
291 static void hidp_set_timer(struct hidp_session *session)
292 {
293         if (session->idle_to > 0)
294                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
295 }
296
297 static inline void hidp_del_timer(struct hidp_session *session)
298 {
299         if (session->idle_to > 0)
300                 del_timer(&session->timer);
301 }
302
303 static int __hidp_send_ctrl_message(struct hidp_session *session,
304                         unsigned char hdr, unsigned char *data, int size)
305 {
306         struct sk_buff *skb;
307
308         BT_DBG("session %p data %p size %d", session, data, size);
309
310         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
311                 BT_ERR("Can't allocate memory for new frame");
312                 return -ENOMEM;
313         }
314
315         *skb_put(skb, 1) = hdr;
316         if (data && size > 0)
317                 memcpy(skb_put(skb, size), data, size);
318
319         skb_queue_tail(&session->ctrl_transmit, skb);
320
321         return 0;
322 }
323
324 static inline int hidp_send_ctrl_message(struct hidp_session *session,
325                         unsigned char hdr, unsigned char *data, int size)
326 {
327         int err;
328
329         err = __hidp_send_ctrl_message(session, hdr, data, size);
330
331         hidp_schedule(session);
332
333         return err;
334 }
335
336 static void hidp_process_handshake(struct hidp_session *session,
337                                         unsigned char param)
338 {
339         BT_DBG("session %p param 0x%02x", session, param);
340
341         switch (param) {
342         case HIDP_HSHK_SUCCESSFUL:
343                 /* FIXME: Call into SET_ GET_ handlers here */
344                 break;
345
346         case HIDP_HSHK_NOT_READY:
347         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
348         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
349         case HIDP_HSHK_ERR_INVALID_PARAMETER:
350                 /* FIXME: Call into SET_ GET_ handlers here */
351                 break;
352
353         case HIDP_HSHK_ERR_UNKNOWN:
354                 break;
355
356         case HIDP_HSHK_ERR_FATAL:
357                 /* Device requests a reboot, as this is the only way this error
358                  * can be recovered. */
359                 __hidp_send_ctrl_message(session,
360                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
361                 break;
362
363         default:
364                 __hidp_send_ctrl_message(session,
365                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
366                 break;
367         }
368 }
369
370 static void hidp_process_hid_control(struct hidp_session *session,
371                                         unsigned char param)
372 {
373         BT_DBG("session %p param 0x%02x", session, param);
374
375         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
376                 /* Flush the transmit queues */
377                 skb_queue_purge(&session->ctrl_transmit);
378                 skb_queue_purge(&session->intr_transmit);
379
380                 /* Kill session thread */
381                 atomic_inc(&session->terminate);
382         }
383 }
384
385 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
386                                 unsigned char param)
387 {
388         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
389
390         switch (param) {
391         case HIDP_DATA_RTYPE_INPUT:
392                 hidp_set_timer(session);
393
394                 if (session->input)
395                         hidp_input_report(session, skb);
396
397                 if (session->hid)
398                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
399
400                 break;
401
402         case HIDP_DATA_RTYPE_OTHER:
403         case HIDP_DATA_RTYPE_OUPUT:
404         case HIDP_DATA_RTYPE_FEATURE:
405                 break;
406
407         default:
408                 __hidp_send_ctrl_message(session,
409                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
410         }
411 }
412
413 static void hidp_recv_ctrl_frame(struct hidp_session *session,
414                                         struct sk_buff *skb)
415 {
416         unsigned char hdr, type, param;
417
418         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
419
420         hdr = skb->data[0];
421         skb_pull(skb, 1);
422
423         type = hdr & HIDP_HEADER_TRANS_MASK;
424         param = hdr & HIDP_HEADER_PARAM_MASK;
425
426         switch (type) {
427         case HIDP_TRANS_HANDSHAKE:
428                 hidp_process_handshake(session, param);
429                 break;
430
431         case HIDP_TRANS_HID_CONTROL:
432                 hidp_process_hid_control(session, param);
433                 break;
434
435         case HIDP_TRANS_DATA:
436                 hidp_process_data(session, skb, param);
437                 break;
438
439         default:
440                 __hidp_send_ctrl_message(session,
441                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
442                 break;
443         }
444
445         kfree_skb(skb);
446 }
447
448 static void hidp_recv_intr_frame(struct hidp_session *session,
449                                 struct sk_buff *skb)
450 {
451         unsigned char hdr;
452
453         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
454
455         hdr = skb->data[0];
456         skb_pull(skb, 1);
457
458         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
459                 hidp_set_timer(session);
460
461                 if (session->input)
462                         hidp_input_report(session, skb);
463
464                 if (session->hid) {
465                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
466                         BT_DBG("report len %d", skb->len);
467                 }
468         } else {
469                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
470         }
471
472         kfree_skb(skb);
473 }
474
475 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
476 {
477         struct kvec iv = { data, len };
478         struct msghdr msg;
479
480         BT_DBG("sock %p data %p len %d", sock, data, len);
481
482         if (!len)
483                 return 0;
484
485         memset(&msg, 0, sizeof(msg));
486
487         return kernel_sendmsg(sock, &msg, &iv, 1, len);
488 }
489
490 static void hidp_process_transmit(struct hidp_session *session)
491 {
492         struct sk_buff *skb;
493
494         BT_DBG("session %p", session);
495
496         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
497                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
498                         skb_queue_head(&session->ctrl_transmit, skb);
499                         break;
500                 }
501
502                 hidp_set_timer(session);
503                 kfree_skb(skb);
504         }
505
506         while ((skb = skb_dequeue(&session->intr_transmit))) {
507                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
508                         skb_queue_head(&session->intr_transmit, skb);
509                         break;
510                 }
511
512                 hidp_set_timer(session);
513                 kfree_skb(skb);
514         }
515 }
516
517 static int hidp_session(void *arg)
518 {
519         struct hidp_session *session = arg;
520         struct sock *ctrl_sk = session->ctrl_sock->sk;
521         struct sock *intr_sk = session->intr_sock->sk;
522         struct sk_buff *skb;
523         int vendor = 0x0000, product = 0x0000;
524         wait_queue_t ctrl_wait, intr_wait;
525
526         BT_DBG("session %p", session);
527
528         if (session->input) {
529                 vendor  = session->input->id.vendor;
530                 product = session->input->id.product;
531         }
532
533         if (session->hid) {
534                 vendor  = session->hid->vendor;
535                 product = session->hid->product;
536         }
537
538         daemonize("khidpd_%04x%04x", vendor, product);
539         set_user_nice(current, -15);
540
541         init_waitqueue_entry(&ctrl_wait, current);
542         init_waitqueue_entry(&intr_wait, current);
543         add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
544         add_wait_queue(intr_sk->sk_sleep, &intr_wait);
545         while (!atomic_read(&session->terminate)) {
546                 set_current_state(TASK_INTERRUPTIBLE);
547
548                 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
549                         break;
550
551                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
552                         skb_orphan(skb);
553                         hidp_recv_ctrl_frame(session, skb);
554                 }
555
556                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
557                         skb_orphan(skb);
558                         hidp_recv_intr_frame(session, skb);
559                 }
560
561                 hidp_process_transmit(session);
562
563                 schedule();
564         }
565         set_current_state(TASK_RUNNING);
566         remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
567         remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
568
569         down_write(&hidp_session_sem);
570
571         hidp_del_timer(session);
572
573         if (session->input) {
574                 input_unregister_device(session->input);
575                 session->input = NULL;
576         }
577
578         if (session->hid) {
579                 if (session->hid->claimed & HID_CLAIMED_INPUT)
580                         hidinput_disconnect(session->hid);
581                 hid_destroy_device(session->hid);
582         }
583
584         /* Wakeup user-space polling for socket errors */
585         session->intr_sock->sk->sk_err = EUNATCH;
586         session->ctrl_sock->sk->sk_err = EUNATCH;
587
588         hidp_schedule(session);
589
590         fput(session->intr_sock->file);
591
592         wait_event_timeout(*(ctrl_sk->sk_sleep),
593                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
594
595         fput(session->ctrl_sock->file);
596
597         __hidp_unlink_session(session);
598
599         up_write(&hidp_session_sem);
600
601         kfree(session);
602         return 0;
603 }
604
605 static struct device *hidp_get_device(struct hidp_session *session)
606 {
607         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
608         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
609         struct hci_dev *hdev;
610         struct hci_conn *conn;
611
612         hdev = hci_get_route(dst, src);
613         if (!hdev)
614                 return NULL;
615
616         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
617
618         hci_dev_put(hdev);
619
620         return conn ? &conn->dev : NULL;
621 }
622
623 static int hidp_setup_input(struct hidp_session *session,
624                                 struct hidp_connadd_req *req)
625 {
626         struct input_dev *input;
627         int i;
628
629         input = input_allocate_device();
630         if (!input)
631                 return -ENOMEM;
632
633         session->input = input;
634
635         input_set_drvdata(input, session);
636
637         input->name = "Bluetooth HID Boot Protocol Device";
638
639         input->id.bustype = BUS_BLUETOOTH;
640         input->id.vendor  = req->vendor;
641         input->id.product = req->product;
642         input->id.version = req->version;
643
644         if (req->subclass & 0x40) {
645                 set_bit(EV_KEY, input->evbit);
646                 set_bit(EV_LED, input->evbit);
647                 set_bit(EV_REP, input->evbit);
648
649                 set_bit(LED_NUML,    input->ledbit);
650                 set_bit(LED_CAPSL,   input->ledbit);
651                 set_bit(LED_SCROLLL, input->ledbit);
652                 set_bit(LED_COMPOSE, input->ledbit);
653                 set_bit(LED_KANA,    input->ledbit);
654
655                 for (i = 0; i < sizeof(hidp_keycode); i++)
656                         set_bit(hidp_keycode[i], input->keybit);
657                 clear_bit(0, input->keybit);
658         }
659
660         if (req->subclass & 0x80) {
661                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
662                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
663                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
664                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
665                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
666                         BIT_MASK(BTN_EXTRA);
667                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
668         }
669
670         input->dev.parent = hidp_get_device(session);
671
672         input->event = hidp_input_event;
673
674         return input_register_device(input);
675 }
676
677 static int hidp_open(struct hid_device *hid)
678 {
679         return 0;
680 }
681
682 static void hidp_close(struct hid_device *hid)
683 {
684 }
685
686 static const struct {
687         __u16 idVendor;
688         __u16 idProduct;
689         unsigned quirks;
690 } hidp_blacklist[] = {
691         /* Apple wireless Mighty Mouse */
692         { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL },
693
694         { }     /* Terminating entry */
695 };
696
697 static void hidp_setup_quirks(struct hid_device *hid)
698 {
699         unsigned int n;
700
701         for (n = 0; hidp_blacklist[n].idVendor; n++)
702                 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) &&
703                                 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product))
704                         hid->quirks = hidp_blacklist[n].quirks;
705 }
706
707 static int hidp_parse(struct hid_device *hid)
708 {
709         struct hidp_session *session = hid->driver_data;
710         struct hidp_connadd_req *req = session->req;
711         unsigned char *buf;
712         int ret;
713
714         buf = kmalloc(req->rd_size, GFP_KERNEL);
715         if (!buf)
716                 return -ENOMEM;
717
718         if (copy_from_user(buf, req->rd_data, req->rd_size)) {
719                 kfree(buf);
720                 return -EFAULT;
721         }
722
723         ret = hid_parse_report(session->hid, buf, req->rd_size);
724
725         kfree(buf);
726
727         if (ret)
728                 return ret;
729
730         session->req = NULL;
731
732         hidp_setup_quirks(hid);
733         return 0;
734 }
735
736 static int hidp_start(struct hid_device *hid)
737 {
738         struct hidp_session *session = hid->driver_data;
739         struct hid_report *report;
740
741         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
742                         report_list, list)
743                 hidp_send_report(session, report);
744
745         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
746                         report_list, list)
747                 hidp_send_report(session, report);
748
749         if (hidinput_connect(hid) == 0)
750                 hid->claimed |= HID_CLAIMED_INPUT;
751
752         return 0;
753 }
754
755 static void hidp_stop(struct hid_device *hid)
756 {
757         struct hidp_session *session = hid->driver_data;
758
759         skb_queue_purge(&session->ctrl_transmit);
760         skb_queue_purge(&session->intr_transmit);
761
762         if (hid->claimed & HID_CLAIMED_INPUT)
763                 hidinput_disconnect(hid);
764         hid->claimed = 0;
765 }
766
767 static struct hid_ll_driver hidp_hid_driver = {
768         .parse = hidp_parse,
769         .start = hidp_start,
770         .stop = hidp_stop,
771         .open  = hidp_open,
772         .close = hidp_close,
773         .hidinput_input_event = hidp_hidinput_event,
774 };
775
776 static int hidp_setup_hid(struct hidp_session *session,
777                                 struct hidp_connadd_req *req)
778 {
779         struct hid_device *hid;
780         bdaddr_t src, dst;
781         int ret;
782
783         hid = hid_allocate_device();
784         if (IS_ERR(hid)) {
785                 ret = PTR_ERR(session->hid);
786                 goto err;
787         }
788
789         session->hid = hid;
790         session->req = req;
791         hid->driver_data = session;
792
793         baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
794         baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
795
796         hid->bus     = BUS_BLUETOOTH;
797         hid->vendor  = req->vendor;
798         hid->product = req->product;
799         hid->version = req->version;
800         hid->country = req->country;
801
802         strncpy(hid->name, req->name, 128);
803         strncpy(hid->phys, batostr(&src), 64);
804         strncpy(hid->uniq, batostr(&dst), 64);
805
806         hid->dev.parent = hidp_get_device(session);
807         hid->ll_driver = &hidp_hid_driver;
808
809         ret = hid_add_device(hid);
810         if (ret)
811                 goto err_hid;
812
813         return 0;
814 err_hid:
815         hid_destroy_device(hid);
816         session->hid = NULL;
817 err:
818         return ret;
819 }
820
821 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
822 {
823         struct hidp_session *session, *s;
824         int err;
825
826         BT_DBG("");
827
828         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
829                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
830                 return -ENOTUNIQ;
831
832         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
833         if (!session)
834                 return -ENOMEM;
835
836         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
837
838         down_write(&hidp_session_sem);
839
840         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
841         if (s && s->state == BT_CONNECTED) {
842                 err = -EEXIST;
843                 goto failed;
844         }
845
846         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
847
848         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
849         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
850
851         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
852
853         session->ctrl_sock = ctrl_sock;
854         session->intr_sock = intr_sock;
855         session->state     = BT_CONNECTED;
856
857         setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
858
859         skb_queue_head_init(&session->ctrl_transmit);
860         skb_queue_head_init(&session->intr_transmit);
861
862         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
863         session->idle_to = req->idle_to;
864
865         if (req->rd_size > 0) {
866                 err = hidp_setup_hid(session, req);
867                 if (err && err != -ENODEV)
868                         goto err_skb;
869         }
870
871         if (!session->hid) {
872                 err = hidp_setup_input(session, req);
873                 if (err < 0)
874                         goto err_skb;
875         }
876
877         __hidp_link_session(session);
878
879         hidp_set_timer(session);
880
881         err = kernel_thread(hidp_session, session, CLONE_KERNEL);
882         if (err < 0)
883                 goto unlink;
884
885         if (session->input) {
886                 hidp_send_ctrl_message(session,
887                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
888                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
889
890                 session->leds = 0xff;
891                 hidp_input_event(session->input, EV_LED, 0, 0);
892         }
893
894         up_write(&hidp_session_sem);
895         return 0;
896
897 unlink:
898         hidp_del_timer(session);
899
900         __hidp_unlink_session(session);
901
902         if (session->input)
903                 input_unregister_device(session->input);
904         if (session->hid)
905                 hid_destroy_device(session->hid);
906 err_skb:
907         skb_queue_purge(&session->ctrl_transmit);
908         skb_queue_purge(&session->intr_transmit);
909 failed:
910         up_write(&hidp_session_sem);
911
912         input_free_device(session->input);
913         kfree(session);
914         return err;
915 }
916
917 int hidp_del_connection(struct hidp_conndel_req *req)
918 {
919         struct hidp_session *session;
920         int err = 0;
921
922         BT_DBG("");
923
924         down_read(&hidp_session_sem);
925
926         session = __hidp_get_session(&req->bdaddr);
927         if (session) {
928                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
929                         hidp_send_ctrl_message(session,
930                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
931                 } else {
932                         /* Flush the transmit queues */
933                         skb_queue_purge(&session->ctrl_transmit);
934                         skb_queue_purge(&session->intr_transmit);
935
936                         /* Wakeup user-space polling for socket errors */
937                         session->intr_sock->sk->sk_err = EUNATCH;
938                         session->ctrl_sock->sk->sk_err = EUNATCH;
939
940                         /* Kill session thread */
941                         atomic_inc(&session->terminate);
942                         hidp_schedule(session);
943                 }
944         } else
945                 err = -ENOENT;
946
947         up_read(&hidp_session_sem);
948         return err;
949 }
950
951 int hidp_get_connlist(struct hidp_connlist_req *req)
952 {
953         struct list_head *p;
954         int err = 0, n = 0;
955
956         BT_DBG("");
957
958         down_read(&hidp_session_sem);
959
960         list_for_each(p, &hidp_session_list) {
961                 struct hidp_session *session;
962                 struct hidp_conninfo ci;
963
964                 session = list_entry(p, struct hidp_session, list);
965
966                 __hidp_copy_session(session, &ci);
967
968                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
969                         err = -EFAULT;
970                         break;
971                 }
972
973                 if (++n >= req->cnum)
974                         break;
975
976                 req->ci++;
977         }
978         req->cnum = n;
979
980         up_read(&hidp_session_sem);
981         return err;
982 }
983
984 int hidp_get_conninfo(struct hidp_conninfo *ci)
985 {
986         struct hidp_session *session;
987         int err = 0;
988
989         down_read(&hidp_session_sem);
990
991         session = __hidp_get_session(&ci->bdaddr);
992         if (session)
993                 __hidp_copy_session(session, ci);
994         else
995                 err = -ENOENT;
996
997         up_read(&hidp_session_sem);
998         return err;
999 }
1000
1001 static const struct hid_device_id hidp_table[] = {
1002         { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1003         { }
1004 };
1005
1006 static struct hid_driver hidp_driver = {
1007         .name = "generic-bluetooth",
1008         .id_table = hidp_table,
1009 };
1010
1011 static int __init hidp_init(void)
1012 {
1013         int ret;
1014
1015         l2cap_load();
1016
1017         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1018
1019         ret = hid_register_driver(&hidp_driver);
1020         if (ret)
1021                 goto err;
1022
1023         ret = hidp_init_sockets();
1024         if (ret)
1025                 goto err_drv;
1026
1027         return 0;
1028 err_drv:
1029         hid_unregister_driver(&hidp_driver);
1030 err:
1031         return ret;
1032 }
1033
1034 static void __exit hidp_exit(void)
1035 {
1036         hidp_cleanup_sockets();
1037         hid_unregister_driver(&hidp_driver);
1038 }
1039
1040 module_init(hidp_init);
1041 module_exit(hidp_exit);
1042
1043 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1044 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1045 MODULE_VERSION(VERSION);
1046 MODULE_LICENSE("GPL");
1047 MODULE_ALIAS("bt-proto-6");