[PATCH] bluetooth hid quirks: mightymouse quirk
[linux-2.6.git] / net / bluetooth / hidp / core.c
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/fcntl.h>
32 #include <linux/skbuff.h>
33 #include <linux/socket.h>
34 #include <linux/ioctl.h>
35 #include <linux/file.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <net/sock.h>
39
40 #include <linux/input.h>
41 #include <linux/hid.h>
42
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
45 #include <net/bluetooth/l2cap.h>
46
47 #include "hidp.h"
48
49 #ifndef CONFIG_BT_HIDP_DEBUG
50 #undef  BT_DBG
51 #define BT_DBG(D...)
52 #endif
53
54 #define VERSION "1.2"
55
56 static DECLARE_RWSEM(hidp_session_sem);
57 static LIST_HEAD(hidp_session_list);
58
59 static unsigned char hidp_keycode[256] = {
60           0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
61          50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
62           4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
63          27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
64          65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
65         105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
66          72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
67         191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
68         115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
69         122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
70           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
71           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
72           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
73           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
74          29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
75         150,158,159,128,136,177,178,176,142,152,173,140
76 };
77
78 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
79
80 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
81 {
82         struct hidp_session *session;
83         struct list_head *p;
84
85         BT_DBG("");
86
87         list_for_each(p, &hidp_session_list) {
88                 session = list_entry(p, struct hidp_session, list);
89                 if (!bacmp(bdaddr, &session->bdaddr))
90                         return session;
91         }
92         return NULL;
93 }
94
95 static void __hidp_link_session(struct hidp_session *session)
96 {
97         __module_get(THIS_MODULE);
98         list_add(&session->list, &hidp_session_list);
99 }
100
101 static void __hidp_unlink_session(struct hidp_session *session)
102 {
103         list_del(&session->list);
104         module_put(THIS_MODULE);
105 }
106
107 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
108 {
109         bacpy(&ci->bdaddr, &session->bdaddr);
110
111         ci->flags = session->flags;
112         ci->state = session->state;
113
114         ci->vendor  = 0x0000;
115         ci->product = 0x0000;
116         ci->version = 0x0000;
117         memset(ci->name, 0, 128);
118
119         if (session->input) {
120                 ci->vendor  = session->input->id.vendor;
121                 ci->product = session->input->id.product;
122                 ci->version = session->input->id.version;
123                 if (session->input->name)
124                         strncpy(ci->name, session->input->name, 128);
125                 else
126                         strncpy(ci->name, "HID Boot Device", 128);
127         }
128
129         if (session->hid) {
130                 ci->vendor  = session->hid->vendor;
131                 ci->product = session->hid->product;
132                 ci->version = session->hid->version;
133                 strncpy(ci->name, session->hid->name, 128);
134         }
135 }
136
137 static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
138                                         unsigned int type, unsigned int code, int value)
139 {
140         unsigned char newleds;
141         struct sk_buff *skb;
142
143         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
144
145         if (type != EV_LED)
146                 return -1;
147
148         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
149                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
150                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
151                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
152                   (!!test_bit(LED_NUML,    dev->led));
153
154         if (session->leds == newleds)
155                 return 0;
156
157         session->leds = newleds;
158
159         if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
160                 BT_ERR("Can't allocate memory for new frame");
161                 return -ENOMEM;
162         }
163
164         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
165         *skb_put(skb, 1) = 0x01;
166         *skb_put(skb, 1) = newleds;
167
168         skb_queue_tail(&session->intr_transmit, skb);
169
170         hidp_schedule(session);
171
172         return 0;
173 }
174
175 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
176 {
177         struct hid_device *hid = dev->private;
178         struct hidp_session *session = hid->driver_data;
179
180         return hidp_queue_event(session, dev, type, code, value);
181 }
182
183 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
184 {
185         struct hidp_session *session = dev->private;
186
187         return hidp_queue_event(session, dev, type, code, value);
188 }
189
190 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
191 {
192         struct input_dev *dev = session->input;
193         unsigned char *keys = session->keys;
194         unsigned char *udata = skb->data + 1;
195         signed char *sdata = skb->data + 1;
196         int i, size = skb->len - 1;
197
198         switch (skb->data[0]) {
199         case 0x01:      /* Keyboard report */
200                 for (i = 0; i < 8; i++)
201                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
202
203                 /* If all the key codes have been set to 0x01, it means
204                  * too many keys were pressed at the same time. */
205                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
206                         break;
207
208                 for (i = 2; i < 8; i++) {
209                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
210                                 if (hidp_keycode[keys[i]])
211                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
212                                 else
213                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
214                         }
215
216                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
217                                 if (hidp_keycode[udata[i]])
218                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
219                                 else
220                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
221                         }
222                 }
223
224                 memcpy(keys, udata, 8);
225                 break;
226
227         case 0x02:      /* Mouse report */
228                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
229                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
230                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
231                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
232                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
233
234                 input_report_rel(dev, REL_X, sdata[1]);
235                 input_report_rel(dev, REL_Y, sdata[2]);
236
237                 if (size > 3)
238                         input_report_rel(dev, REL_WHEEL, sdata[3]);
239                 break;
240         }
241
242         input_sync(dev);
243 }
244
245 static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size)
246 {
247         struct sk_buff *skb;
248
249         BT_DBG("session %p hid %p data %p size %d", session, device, data, size);
250
251         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
252                 BT_ERR("Can't allocate memory for new frame");
253                 return -ENOMEM;
254         }
255
256         *skb_put(skb, 1) = 0xa2;
257         if (size > 0)
258                 memcpy(skb_put(skb, size), data, size);
259
260         skb_queue_tail(&session->intr_transmit, skb);
261
262         hidp_schedule(session);
263
264         return 0;
265 }
266
267 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
268 {
269         unsigned char buf[32];
270         int rsize;
271
272         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
273         if (rsize > sizeof(buf))
274                 return -EIO;
275
276         hid_output_report(report, buf);
277
278         return hidp_queue_report(session, buf, rsize);
279 }
280
281 static void hidp_idle_timeout(unsigned long arg)
282 {
283         struct hidp_session *session = (struct hidp_session *) arg;
284
285         atomic_inc(&session->terminate);
286         hidp_schedule(session);
287 }
288
289 static inline void hidp_set_timer(struct hidp_session *session)
290 {
291         if (session->idle_to > 0)
292                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
293 }
294
295 static inline void hidp_del_timer(struct hidp_session *session)
296 {
297         if (session->idle_to > 0)
298                 del_timer(&session->timer);
299 }
300
301 static int __hidp_send_ctrl_message(struct hidp_session *session,
302                         unsigned char hdr, unsigned char *data, int size)
303 {
304         struct sk_buff *skb;
305
306         BT_DBG("session %p data %p size %d", session, data, size);
307
308         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
309                 BT_ERR("Can't allocate memory for new frame");
310                 return -ENOMEM;
311         }
312
313         *skb_put(skb, 1) = hdr;
314         if (data && size > 0)
315                 memcpy(skb_put(skb, size), data, size);
316
317         skb_queue_tail(&session->ctrl_transmit, skb);
318
319         return 0;
320 }
321
322 static inline int hidp_send_ctrl_message(struct hidp_session *session,
323                         unsigned char hdr, unsigned char *data, int size)
324 {
325         int err;
326
327         err = __hidp_send_ctrl_message(session, hdr, data, size);
328
329         hidp_schedule(session);
330
331         return err;
332 }
333
334 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param)
335 {
336         BT_DBG("session %p param 0x%02x", session, param);
337
338         switch (param) {
339         case HIDP_HSHK_SUCCESSFUL:
340                 /* FIXME: Call into SET_ GET_ handlers here */
341                 break;
342
343         case HIDP_HSHK_NOT_READY:
344         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
345         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
346         case HIDP_HSHK_ERR_INVALID_PARAMETER:
347                 /* FIXME: Call into SET_ GET_ handlers here */
348                 break;
349
350         case HIDP_HSHK_ERR_UNKNOWN:
351                 break;
352
353         case HIDP_HSHK_ERR_FATAL:
354                 /* Device requests a reboot, as this is the only way this error
355                  * can be recovered. */
356                 __hidp_send_ctrl_message(session,
357                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
358                 break;
359
360         default:
361                 __hidp_send_ctrl_message(session,
362                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
363                 break;
364         }
365 }
366
367 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param)
368 {
369         BT_DBG("session %p param 0x%02x", session, param);
370
371         switch (param) {
372         case HIDP_CTRL_NOP:
373                 break;
374
375         case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG:
376                 /* Flush the transmit queues */
377                 skb_queue_purge(&session->ctrl_transmit);
378                 skb_queue_purge(&session->intr_transmit);
379
380                 /* Kill session thread */
381                 atomic_inc(&session->terminate);
382                 break;
383
384         case HIDP_CTRL_HARD_RESET:
385         case HIDP_CTRL_SOFT_RESET:
386         case HIDP_CTRL_SUSPEND:
387         case HIDP_CTRL_EXIT_SUSPEND:
388                 /* FIXME: We have to parse these and return no error */
389                 break;
390
391         default:
392                 __hidp_send_ctrl_message(session,
393                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
394                 break;
395         }
396 }
397
398 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param)
399 {
400         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
401
402         switch (param) {
403         case HIDP_DATA_RTYPE_INPUT:
404                 hidp_set_timer(session);
405
406                 if (session->input)
407                         hidp_input_report(session, skb);
408
409                 if (session->hid)
410                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
411
412                 break;
413
414         case HIDP_DATA_RTYPE_OTHER:
415         case HIDP_DATA_RTYPE_OUPUT:
416         case HIDP_DATA_RTYPE_FEATURE:
417                 break;
418
419         default:
420                 __hidp_send_ctrl_message(session,
421                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
422         }
423 }
424
425 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb)
426 {
427         unsigned char hdr, type, param;
428
429         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
430
431         hdr = skb->data[0];
432         skb_pull(skb, 1);
433
434         type = hdr & HIDP_HEADER_TRANS_MASK;
435         param = hdr & HIDP_HEADER_PARAM_MASK;
436
437         switch (type) {
438         case HIDP_TRANS_HANDSHAKE:
439                 hidp_process_handshake(session, param);
440                 break;
441
442         case HIDP_TRANS_HID_CONTROL:
443                 hidp_process_hid_control(session, param);
444                 break;
445
446         case HIDP_TRANS_DATA:
447                 hidp_process_data(session, skb, param);
448                 break;
449
450         default:
451                 __hidp_send_ctrl_message(session,
452                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
453                 break;
454         }
455
456         kfree_skb(skb);
457 }
458
459 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb)
460 {
461         unsigned char hdr;
462
463         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
464
465         hdr = skb->data[0];
466         skb_pull(skb, 1);
467
468         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
469                 hidp_set_timer(session);
470
471                 if (session->input)
472                         hidp_input_report(session, skb);
473
474                 if (session->hid) {
475                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
476                         BT_DBG("report len %d", skb->len);
477                 }
478         } else {
479                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
480         }
481
482         kfree_skb(skb);
483 }
484
485 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
486 {
487         struct kvec iv = { data, len };
488         struct msghdr msg;
489
490         BT_DBG("sock %p data %p len %d", sock, data, len);
491
492         if (!len)
493                 return 0;
494
495         memset(&msg, 0, sizeof(msg));
496
497         return kernel_sendmsg(sock, &msg, &iv, 1, len);
498 }
499
500 static void hidp_process_transmit(struct hidp_session *session)
501 {
502         struct sk_buff *skb;
503
504         BT_DBG("session %p", session);
505
506         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
507                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
508                         skb_queue_head(&session->ctrl_transmit, skb);
509                         break;
510                 }
511
512                 hidp_set_timer(session);
513                 kfree_skb(skb);
514         }
515
516         while ((skb = skb_dequeue(&session->intr_transmit))) {
517                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
518                         skb_queue_head(&session->intr_transmit, skb);
519                         break;
520                 }
521
522                 hidp_set_timer(session);
523                 kfree_skb(skb);
524         }
525 }
526
527 static int hidp_session(void *arg)
528 {
529         struct hidp_session *session = arg;
530         struct sock *ctrl_sk = session->ctrl_sock->sk;
531         struct sock *intr_sk = session->intr_sock->sk;
532         struct sk_buff *skb;
533         int vendor = 0x0000, product = 0x0000;
534         wait_queue_t ctrl_wait, intr_wait;
535
536         BT_DBG("session %p", session);
537
538         if (session->input) {
539                 vendor  = session->input->id.vendor;
540                 product = session->input->id.product;
541         }
542
543         if (session->hid) {
544                 vendor  = session->hid->vendor;
545                 product = session->hid->product;
546         }
547
548         daemonize("khidpd_%04x%04x", vendor, product);
549         set_user_nice(current, -15);
550         current->flags |= PF_NOFREEZE;
551
552         init_waitqueue_entry(&ctrl_wait, current);
553         init_waitqueue_entry(&intr_wait, current);
554         add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
555         add_wait_queue(intr_sk->sk_sleep, &intr_wait);
556         while (!atomic_read(&session->terminate)) {
557                 set_current_state(TASK_INTERRUPTIBLE);
558
559                 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
560                         break;
561
562                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
563                         skb_orphan(skb);
564                         hidp_recv_ctrl_frame(session, skb);
565                 }
566
567                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
568                         skb_orphan(skb);
569                         hidp_recv_intr_frame(session, skb);
570                 }
571
572                 hidp_process_transmit(session);
573
574                 schedule();
575         }
576         set_current_state(TASK_RUNNING);
577         remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
578         remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
579
580         down_write(&hidp_session_sem);
581
582         hidp_del_timer(session);
583
584         fput(session->intr_sock->file);
585
586         wait_event_timeout(*(ctrl_sk->sk_sleep),
587                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
588
589         fput(session->ctrl_sock->file);
590
591         __hidp_unlink_session(session);
592
593         if (session->input) {
594                 input_unregister_device(session->input);
595                 session->input = NULL;
596         }
597
598         if (session->hid) {
599                 if (session->hid->claimed & HID_CLAIMED_INPUT)
600                         hidinput_disconnect(session->hid);
601                 hid_free_device(session->hid);
602         }
603
604         up_write(&hidp_session_sem);
605
606         kfree(session);
607         return 0;
608 }
609
610 static struct device *hidp_get_device(struct hidp_session *session)
611 {
612         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
613         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
614         struct hci_dev *hdev;
615         struct hci_conn *conn;
616
617         hdev = hci_get_route(dst, src);
618         if (!hdev)
619                 return NULL;
620
621         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
622
623         hci_dev_put(hdev);
624
625         return conn ? &conn->dev : NULL;
626 }
627
628 static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
629 {
630         struct input_dev *input = session->input;
631         int i;
632
633         input->private = session;
634
635         input->name = "Bluetooth HID Boot Protocol Device";
636
637         input->id.bustype = BUS_BLUETOOTH;
638         input->id.vendor  = req->vendor;
639         input->id.product = req->product;
640         input->id.version = req->version;
641
642         if (req->subclass & 0x40) {
643                 set_bit(EV_KEY, input->evbit);
644                 set_bit(EV_LED, input->evbit);
645                 set_bit(EV_REP, input->evbit);
646
647                 set_bit(LED_NUML,    input->ledbit);
648                 set_bit(LED_CAPSL,   input->ledbit);
649                 set_bit(LED_SCROLLL, input->ledbit);
650                 set_bit(LED_COMPOSE, input->ledbit);
651                 set_bit(LED_KANA,    input->ledbit);
652
653                 for (i = 0; i < sizeof(hidp_keycode); i++)
654                         set_bit(hidp_keycode[i], input->keybit);
655                 clear_bit(0, input->keybit);
656         }
657
658         if (req->subclass & 0x80) {
659                 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL);
660                 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE);
661                 input->relbit[0] = BIT(REL_X) | BIT(REL_Y);
662                 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA);
663                 input->relbit[0] |= BIT(REL_WHEEL);
664         }
665
666         input->cdev.dev = hidp_get_device(session);
667
668         input->event = hidp_input_event;
669
670         input_register_device(input);
671 }
672
673 static int hidp_open(struct hid_device *hid)
674 {
675         return 0;
676 }
677
678 static void hidp_close(struct hid_device *hid)
679 {
680 }
681
682 static const struct {
683         __u16 idVendor;
684         __u16 idProduct;
685         unsigned quirks;
686 } hidp_blacklist[] = {
687         /* Apple wireless Mighty Mouse */
688         { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL },
689
690         { }     /* Terminating entry */
691 };
692
693 static void hidp_setup_quirks(struct hid_device *hid)
694 {
695         unsigned int n;
696
697         for (n = 0; hidp_blacklist[n].idVendor; n++)
698                 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) &&
699                                 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product))
700                         hid->quirks = hidp_blacklist[n].quirks;
701 }
702
703 static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req)
704 {
705         struct hid_device *hid = session->hid;
706         struct hid_report *report;
707         bdaddr_t src, dst;
708
709         baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
710         baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
711
712         hid->driver_data = session;
713
714         hid->country = req->country;
715
716         hid->bus     = BUS_BLUETOOTH;
717         hid->vendor  = req->vendor;
718         hid->product = req->product;
719         hid->version = req->version;
720
721         strncpy(hid->name, req->name, 128);
722         strncpy(hid->phys, batostr(&src), 64);
723         strncpy(hid->uniq, batostr(&dst), 64);
724
725         hid->dev = hidp_get_device(session);
726
727         hid->hid_open  = hidp_open;
728         hid->hid_close = hidp_close;
729
730         hid->hidinput_input_event = hidp_hidinput_event;
731
732         hidp_setup_quirks(hid);
733
734         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list)
735                 hidp_send_report(session, report);
736
737         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list)
738                 hidp_send_report(session, report);
739
740         if (hidinput_connect(hid) == 0) {
741                 hid->claimed |= HID_CLAIMED_INPUT;
742                 hid_ff_init(hid);
743         }
744 }
745
746 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
747 {
748         struct hidp_session *session, *s;
749         int err;
750
751         BT_DBG("");
752
753         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
754                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
755                 return -ENOTUNIQ;
756
757         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
758         if (!session)
759                 return -ENOMEM;
760
761         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
762
763         if (req->rd_size > 0) {
764                 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL);
765
766                 if (!buf) {
767                         kfree(session);
768                         return -ENOMEM;
769                 }
770
771                 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
772                         kfree(buf);
773                         kfree(session);
774                         return -EFAULT;
775                 }
776
777                 session->hid = hid_parse_report(buf, req->rd_size);
778
779                 kfree(buf);
780
781                 if (!session->hid) {
782                         kfree(session);
783                         return -EINVAL;
784                 }
785         }
786
787         if (!session->hid) {
788                 session->input = input_allocate_device();
789                 if (!session->input) {
790                         kfree(session);
791                         return -ENOMEM;
792                 }
793         }
794
795         down_write(&hidp_session_sem);
796
797         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
798         if (s && s->state == BT_CONNECTED) {
799                 err = -EEXIST;
800                 goto failed;
801         }
802
803         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
804
805         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
806         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
807
808         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
809
810         session->ctrl_sock = ctrl_sock;
811         session->intr_sock = intr_sock;
812         session->state     = BT_CONNECTED;
813
814         init_timer(&session->timer);
815
816         session->timer.function = hidp_idle_timeout;
817         session->timer.data     = (unsigned long) session;
818
819         skb_queue_head_init(&session->ctrl_transmit);
820         skb_queue_head_init(&session->intr_transmit);
821
822         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
823         session->idle_to = req->idle_to;
824
825         if (session->input)
826                 hidp_setup_input(session, req);
827
828         if (session->hid)
829                 hidp_setup_hid(session, req);
830
831         __hidp_link_session(session);
832
833         hidp_set_timer(session);
834
835         err = kernel_thread(hidp_session, session, CLONE_KERNEL);
836         if (err < 0)
837                 goto unlink;
838
839         if (session->input) {
840                 hidp_send_ctrl_message(session,
841                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
842                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
843
844                 session->leds = 0xff;
845                 hidp_input_event(session->input, EV_LED, 0, 0);
846         }
847
848         up_write(&hidp_session_sem);
849         return 0;
850
851 unlink:
852         hidp_del_timer(session);
853
854         __hidp_unlink_session(session);
855
856         if (session->input) {
857                 input_unregister_device(session->input);
858                 session->input = NULL; /* don't try to free it here */
859         }
860
861 failed:
862         up_write(&hidp_session_sem);
863
864         if (session->hid)
865                 hid_free_device(session->hid);
866
867         kfree(session->input);
868         kfree(session);
869         return err;
870 }
871
872 int hidp_del_connection(struct hidp_conndel_req *req)
873 {
874         struct hidp_session *session;
875         int err = 0;
876
877         BT_DBG("");
878
879         down_read(&hidp_session_sem);
880
881         session = __hidp_get_session(&req->bdaddr);
882         if (session) {
883                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
884                         hidp_send_ctrl_message(session,
885                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
886                 } else {
887                         /* Flush the transmit queues */
888                         skb_queue_purge(&session->ctrl_transmit);
889                         skb_queue_purge(&session->intr_transmit);
890
891                         /* Kill session thread */
892                         atomic_inc(&session->terminate);
893                         hidp_schedule(session);
894                 }
895         } else
896                 err = -ENOENT;
897
898         up_read(&hidp_session_sem);
899         return err;
900 }
901
902 int hidp_get_connlist(struct hidp_connlist_req *req)
903 {
904         struct list_head *p;
905         int err = 0, n = 0;
906
907         BT_DBG("");
908
909         down_read(&hidp_session_sem);
910
911         list_for_each(p, &hidp_session_list) {
912                 struct hidp_session *session;
913                 struct hidp_conninfo ci;
914
915                 session = list_entry(p, struct hidp_session, list);
916
917                 __hidp_copy_session(session, &ci);
918
919                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
920                         err = -EFAULT;
921                         break;
922                 }
923
924                 if (++n >= req->cnum)
925                         break;
926
927                 req->ci++;
928         }
929         req->cnum = n;
930
931         up_read(&hidp_session_sem);
932         return err;
933 }
934
935 int hidp_get_conninfo(struct hidp_conninfo *ci)
936 {
937         struct hidp_session *session;
938         int err = 0;
939
940         down_read(&hidp_session_sem);
941
942         session = __hidp_get_session(&ci->bdaddr);
943         if (session)
944                 __hidp_copy_session(session, ci);
945         else
946                 err = -ENOENT;
947
948         up_read(&hidp_session_sem);
949         return err;
950 }
951
952 static int __init hidp_init(void)
953 {
954         l2cap_load();
955
956         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
957
958         return hidp_init_sockets();
959 }
960
961 static void __exit hidp_exit(void)
962 {
963         hidp_cleanup_sockets();
964 }
965
966 module_init(hidp_init);
967 module_exit(hidp_exit);
968
969 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
970 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
971 MODULE_VERSION(VERSION);
972 MODULE_LICENSE("GPL");
973 MODULE_ALIAS("bt-proto-6");