bluetooth: hidp_process_hid_control remove unnecessary parameter dealing
[linux-2.6.git] / net / bluetooth / hidp / core.c
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/freezer.h>
32 #include <linux/fcntl.h>
33 #include <linux/skbuff.h>
34 #include <linux/socket.h>
35 #include <linux/ioctl.h>
36 #include <linux/file.h>
37 #include <linux/init.h>
38 #include <linux/wait.h>
39 #include <net/sock.h>
40
41 #include <linux/input.h>
42 #include <linux/hid.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47
48 #include "hidp.h"
49
50 #ifndef CONFIG_BT_HIDP_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 #define VERSION "1.2"
56
57 static DECLARE_RWSEM(hidp_session_sem);
58 static LIST_HEAD(hidp_session_list);
59
60 static unsigned char hidp_keycode[256] = {
61           0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
62          50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
63           4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
64          27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
65          65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
66         105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
67          72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
68         191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
69         115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
70         122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
71           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
72           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
73           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
74           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
75          29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
76         150,158,159,128,136,177,178,176,142,152,173,140
77 };
78
79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82 {
83         struct hidp_session *session;
84         struct list_head *p;
85
86         BT_DBG("");
87
88         list_for_each(p, &hidp_session_list) {
89                 session = list_entry(p, struct hidp_session, list);
90                 if (!bacmp(bdaddr, &session->bdaddr))
91                         return session;
92         }
93         return NULL;
94 }
95
96 static void __hidp_link_session(struct hidp_session *session)
97 {
98         __module_get(THIS_MODULE);
99         list_add(&session->list, &hidp_session_list);
100 }
101
102 static void __hidp_unlink_session(struct hidp_session *session)
103 {
104         list_del(&session->list);
105         module_put(THIS_MODULE);
106 }
107
108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109 {
110         bacpy(&ci->bdaddr, &session->bdaddr);
111
112         ci->flags = session->flags;
113         ci->state = session->state;
114
115         ci->vendor  = 0x0000;
116         ci->product = 0x0000;
117         ci->version = 0x0000;
118         memset(ci->name, 0, 128);
119
120         if (session->input) {
121                 ci->vendor  = session->input->id.vendor;
122                 ci->product = session->input->id.product;
123                 ci->version = session->input->id.version;
124                 if (session->input->name)
125                         strncpy(ci->name, session->input->name, 128);
126                 else
127                         strncpy(ci->name, "HID Boot Device", 128);
128         }
129
130         if (session->hid) {
131                 ci->vendor  = session->hid->vendor;
132                 ci->product = session->hid->product;
133                 ci->version = session->hid->version;
134                 strncpy(ci->name, session->hid->name, 128);
135         }
136 }
137
138 static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139                                         unsigned int type, unsigned int code, int value)
140 {
141         unsigned char newleds;
142         struct sk_buff *skb;
143
144         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
145
146         if (type != EV_LED)
147                 return -1;
148
149         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
150                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
153                   (!!test_bit(LED_NUML,    dev->led));
154
155         if (session->leds == newleds)
156                 return 0;
157
158         session->leds = newleds;
159
160         if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161                 BT_ERR("Can't allocate memory for new frame");
162                 return -ENOMEM;
163         }
164
165         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166         *skb_put(skb, 1) = 0x01;
167         *skb_put(skb, 1) = newleds;
168
169         skb_queue_tail(&session->intr_transmit, skb);
170
171         hidp_schedule(session);
172
173         return 0;
174 }
175
176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177 {
178         struct hid_device *hid = input_get_drvdata(dev);
179         struct hidp_session *session = hid->driver_data;
180
181         return hidp_queue_event(session, dev, type, code, value);
182 }
183
184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185 {
186         struct hidp_session *session = input_get_drvdata(dev);
187
188         return hidp_queue_event(session, dev, type, code, value);
189 }
190
191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192 {
193         struct input_dev *dev = session->input;
194         unsigned char *keys = session->keys;
195         unsigned char *udata = skb->data + 1;
196         signed char *sdata = skb->data + 1;
197         int i, size = skb->len - 1;
198
199         switch (skb->data[0]) {
200         case 0x01:      /* Keyboard report */
201                 for (i = 0; i < 8; i++)
202                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204                 /* If all the key codes have been set to 0x01, it means
205                  * too many keys were pressed at the same time. */
206                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207                         break;
208
209                 for (i = 2; i < 8; i++) {
210                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211                                 if (hidp_keycode[keys[i]])
212                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
213                                 else
214                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215                         }
216
217                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218                                 if (hidp_keycode[udata[i]])
219                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
220                                 else
221                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222                         }
223                 }
224
225                 memcpy(keys, udata, 8);
226                 break;
227
228         case 0x02:      /* Mouse report */
229                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
230                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
231                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
233                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
234
235                 input_report_rel(dev, REL_X, sdata[1]);
236                 input_report_rel(dev, REL_Y, sdata[2]);
237
238                 if (size > 3)
239                         input_report_rel(dev, REL_WHEEL, sdata[3]);
240                 break;
241         }
242
243         input_sync(dev);
244 }
245
246 static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size)
247 {
248         struct sk_buff *skb;
249
250         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
251
252         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
253                 BT_ERR("Can't allocate memory for new frame");
254                 return -ENOMEM;
255         }
256
257         *skb_put(skb, 1) = 0xa2;
258         if (size > 0)
259                 memcpy(skb_put(skb, size), data, size);
260
261         skb_queue_tail(&session->intr_transmit, skb);
262
263         hidp_schedule(session);
264
265         return 0;
266 }
267
268 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
269 {
270         unsigned char buf[32];
271         int rsize;
272
273         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
274         if (rsize > sizeof(buf))
275                 return -EIO;
276
277         hid_output_report(report, buf);
278
279         return hidp_queue_report(session, buf, rsize);
280 }
281
282 static void hidp_idle_timeout(unsigned long arg)
283 {
284         struct hidp_session *session = (struct hidp_session *) arg;
285
286         atomic_inc(&session->terminate);
287         hidp_schedule(session);
288 }
289
290 static inline void hidp_set_timer(struct hidp_session *session)
291 {
292         if (session->idle_to > 0)
293                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
294 }
295
296 static inline void hidp_del_timer(struct hidp_session *session)
297 {
298         if (session->idle_to > 0)
299                 del_timer(&session->timer);
300 }
301
302 static int __hidp_send_ctrl_message(struct hidp_session *session,
303                         unsigned char hdr, unsigned char *data, int size)
304 {
305         struct sk_buff *skb;
306
307         BT_DBG("session %p data %p size %d", session, data, size);
308
309         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
310                 BT_ERR("Can't allocate memory for new frame");
311                 return -ENOMEM;
312         }
313
314         *skb_put(skb, 1) = hdr;
315         if (data && size > 0)
316                 memcpy(skb_put(skb, size), data, size);
317
318         skb_queue_tail(&session->ctrl_transmit, skb);
319
320         return 0;
321 }
322
323 static inline int hidp_send_ctrl_message(struct hidp_session *session,
324                         unsigned char hdr, unsigned char *data, int size)
325 {
326         int err;
327
328         err = __hidp_send_ctrl_message(session, hdr, data, size);
329
330         hidp_schedule(session);
331
332         return err;
333 }
334
335 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param)
336 {
337         BT_DBG("session %p param 0x%02x", session, param);
338
339         switch (param) {
340         case HIDP_HSHK_SUCCESSFUL:
341                 /* FIXME: Call into SET_ GET_ handlers here */
342                 break;
343
344         case HIDP_HSHK_NOT_READY:
345         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
346         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
347         case HIDP_HSHK_ERR_INVALID_PARAMETER:
348                 /* FIXME: Call into SET_ GET_ handlers here */
349                 break;
350
351         case HIDP_HSHK_ERR_UNKNOWN:
352                 break;
353
354         case HIDP_HSHK_ERR_FATAL:
355                 /* Device requests a reboot, as this is the only way this error
356                  * can be recovered. */
357                 __hidp_send_ctrl_message(session,
358                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
359                 break;
360
361         default:
362                 __hidp_send_ctrl_message(session,
363                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
364                 break;
365         }
366 }
367
368 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param)
369 {
370         BT_DBG("session %p param 0x%02x", session, param);
371
372         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
373                 /* Flush the transmit queues */
374                 skb_queue_purge(&session->ctrl_transmit);
375                 skb_queue_purge(&session->intr_transmit);
376
377                 /* Kill session thread */
378                 atomic_inc(&session->terminate);
379         }
380 }
381
382 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param)
383 {
384         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
385
386         switch (param) {
387         case HIDP_DATA_RTYPE_INPUT:
388                 hidp_set_timer(session);
389
390                 if (session->input)
391                         hidp_input_report(session, skb);
392
393                 if (session->hid)
394                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
395
396                 break;
397
398         case HIDP_DATA_RTYPE_OTHER:
399         case HIDP_DATA_RTYPE_OUPUT:
400         case HIDP_DATA_RTYPE_FEATURE:
401                 break;
402
403         default:
404                 __hidp_send_ctrl_message(session,
405                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
406         }
407 }
408
409 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb)
410 {
411         unsigned char hdr, type, param;
412
413         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
414
415         hdr = skb->data[0];
416         skb_pull(skb, 1);
417
418         type = hdr & HIDP_HEADER_TRANS_MASK;
419         param = hdr & HIDP_HEADER_PARAM_MASK;
420
421         switch (type) {
422         case HIDP_TRANS_HANDSHAKE:
423                 hidp_process_handshake(session, param);
424                 break;
425
426         case HIDP_TRANS_HID_CONTROL:
427                 hidp_process_hid_control(session, param);
428                 break;
429
430         case HIDP_TRANS_DATA:
431                 hidp_process_data(session, skb, param);
432                 break;
433
434         default:
435                 __hidp_send_ctrl_message(session,
436                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
437                 break;
438         }
439
440         kfree_skb(skb);
441 }
442
443 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb)
444 {
445         unsigned char hdr;
446
447         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
448
449         hdr = skb->data[0];
450         skb_pull(skb, 1);
451
452         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
453                 hidp_set_timer(session);
454
455                 if (session->input)
456                         hidp_input_report(session, skb);
457
458                 if (session->hid) {
459                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
460                         BT_DBG("report len %d", skb->len);
461                 }
462         } else {
463                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
464         }
465
466         kfree_skb(skb);
467 }
468
469 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
470 {
471         struct kvec iv = { data, len };
472         struct msghdr msg;
473
474         BT_DBG("sock %p data %p len %d", sock, data, len);
475
476         if (!len)
477                 return 0;
478
479         memset(&msg, 0, sizeof(msg));
480
481         return kernel_sendmsg(sock, &msg, &iv, 1, len);
482 }
483
484 static void hidp_process_transmit(struct hidp_session *session)
485 {
486         struct sk_buff *skb;
487
488         BT_DBG("session %p", session);
489
490         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
491                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
492                         skb_queue_head(&session->ctrl_transmit, skb);
493                         break;
494                 }
495
496                 hidp_set_timer(session);
497                 kfree_skb(skb);
498         }
499
500         while ((skb = skb_dequeue(&session->intr_transmit))) {
501                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
502                         skb_queue_head(&session->intr_transmit, skb);
503                         break;
504                 }
505
506                 hidp_set_timer(session);
507                 kfree_skb(skb);
508         }
509 }
510
511 static int hidp_session(void *arg)
512 {
513         struct hidp_session *session = arg;
514         struct sock *ctrl_sk = session->ctrl_sock->sk;
515         struct sock *intr_sk = session->intr_sock->sk;
516         struct sk_buff *skb;
517         int vendor = 0x0000, product = 0x0000;
518         wait_queue_t ctrl_wait, intr_wait;
519
520         BT_DBG("session %p", session);
521
522         if (session->input) {
523                 vendor  = session->input->id.vendor;
524                 product = session->input->id.product;
525         }
526
527         if (session->hid) {
528                 vendor  = session->hid->vendor;
529                 product = session->hid->product;
530         }
531
532         daemonize("khidpd_%04x%04x", vendor, product);
533         set_user_nice(current, -15);
534
535         init_waitqueue_entry(&ctrl_wait, current);
536         init_waitqueue_entry(&intr_wait, current);
537         add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
538         add_wait_queue(intr_sk->sk_sleep, &intr_wait);
539         while (!atomic_read(&session->terminate)) {
540                 set_current_state(TASK_INTERRUPTIBLE);
541
542                 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
543                         break;
544
545                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
546                         skb_orphan(skb);
547                         hidp_recv_ctrl_frame(session, skb);
548                 }
549
550                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
551                         skb_orphan(skb);
552                         hidp_recv_intr_frame(session, skb);
553                 }
554
555                 hidp_process_transmit(session);
556
557                 schedule();
558         }
559         set_current_state(TASK_RUNNING);
560         remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
561         remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
562
563         down_write(&hidp_session_sem);
564
565         hidp_del_timer(session);
566
567         if (session->input) {
568                 input_unregister_device(session->input);
569                 session->input = NULL;
570         }
571
572         if (session->hid) {
573                 if (session->hid->claimed & HID_CLAIMED_INPUT)
574                         hidinput_disconnect(session->hid);
575                 hid_free_device(session->hid);
576         }
577
578         fput(session->intr_sock->file);
579
580         wait_event_timeout(*(ctrl_sk->sk_sleep),
581                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
582
583         fput(session->ctrl_sock->file);
584
585         __hidp_unlink_session(session);
586
587         up_write(&hidp_session_sem);
588
589         kfree(session);
590         return 0;
591 }
592
593 static struct device *hidp_get_device(struct hidp_session *session)
594 {
595         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
596         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
597         struct hci_dev *hdev;
598         struct hci_conn *conn;
599
600         hdev = hci_get_route(dst, src);
601         if (!hdev)
602                 return NULL;
603
604         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
605
606         hci_dev_put(hdev);
607
608         return conn ? &conn->dev : NULL;
609 }
610
611 static inline int hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
612 {
613         struct input_dev *input = session->input;
614         int i;
615
616         input_set_drvdata(input, session);
617
618         input->name = "Bluetooth HID Boot Protocol Device";
619
620         input->id.bustype = BUS_BLUETOOTH;
621         input->id.vendor  = req->vendor;
622         input->id.product = req->product;
623         input->id.version = req->version;
624
625         if (req->subclass & 0x40) {
626                 set_bit(EV_KEY, input->evbit);
627                 set_bit(EV_LED, input->evbit);
628                 set_bit(EV_REP, input->evbit);
629
630                 set_bit(LED_NUML,    input->ledbit);
631                 set_bit(LED_CAPSL,   input->ledbit);
632                 set_bit(LED_SCROLLL, input->ledbit);
633                 set_bit(LED_COMPOSE, input->ledbit);
634                 set_bit(LED_KANA,    input->ledbit);
635
636                 for (i = 0; i < sizeof(hidp_keycode); i++)
637                         set_bit(hidp_keycode[i], input->keybit);
638                 clear_bit(0, input->keybit);
639         }
640
641         if (req->subclass & 0x80) {
642                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
643                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
644                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
645                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
646                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
647                         BIT_MASK(BTN_EXTRA);
648                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
649         }
650
651         input->dev.parent = hidp_get_device(session);
652
653         input->event = hidp_input_event;
654
655         return input_register_device(input);
656 }
657
658 static int hidp_open(struct hid_device *hid)
659 {
660         return 0;
661 }
662
663 static void hidp_close(struct hid_device *hid)
664 {
665 }
666
667 static const struct {
668         __u16 idVendor;
669         __u16 idProduct;
670         unsigned quirks;
671 } hidp_blacklist[] = {
672         /* Apple wireless Mighty Mouse */
673         { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL },
674
675         { }     /* Terminating entry */
676 };
677
678 static void hidp_setup_quirks(struct hid_device *hid)
679 {
680         unsigned int n;
681
682         for (n = 0; hidp_blacklist[n].idVendor; n++)
683                 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) &&
684                                 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product))
685                         hid->quirks = hidp_blacklist[n].quirks;
686 }
687
688 static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req)
689 {
690         struct hid_device *hid = session->hid;
691         struct hid_report *report;
692         bdaddr_t src, dst;
693
694         baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
695         baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
696
697         hid->driver_data = session;
698
699         hid->country = req->country;
700
701         hid->bus     = BUS_BLUETOOTH;
702         hid->vendor  = req->vendor;
703         hid->product = req->product;
704         hid->version = req->version;
705
706         strncpy(hid->name, req->name, 128);
707         strncpy(hid->phys, batostr(&src), 64);
708         strncpy(hid->uniq, batostr(&dst), 64);
709
710         hid->dev = hidp_get_device(session);
711
712         hid->hid_open  = hidp_open;
713         hid->hid_close = hidp_close;
714
715         hid->hidinput_input_event = hidp_hidinput_event;
716
717         hidp_setup_quirks(hid);
718
719         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list)
720                 hidp_send_report(session, report);
721
722         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list)
723                 hidp_send_report(session, report);
724
725         if (hidinput_connect(hid) == 0)
726                 hid->claimed |= HID_CLAIMED_INPUT;
727 }
728
729 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
730 {
731         struct hidp_session *session, *s;
732         int err;
733
734         BT_DBG("");
735
736         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
737                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
738                 return -ENOTUNIQ;
739
740         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
741         if (!session)
742                 return -ENOMEM;
743
744         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
745
746         if (req->rd_size > 0) {
747                 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL);
748
749                 if (!buf) {
750                         kfree(session);
751                         return -ENOMEM;
752                 }
753
754                 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
755                         kfree(buf);
756                         kfree(session);
757                         return -EFAULT;
758                 }
759
760                 session->hid = hid_parse_report(buf, req->rd_size);
761
762                 kfree(buf);
763
764                 if (!session->hid) {
765                         kfree(session);
766                         return -EINVAL;
767                 }
768         }
769
770         if (!session->hid) {
771                 session->input = input_allocate_device();
772                 if (!session->input) {
773                         kfree(session);
774                         return -ENOMEM;
775                 }
776         }
777
778         down_write(&hidp_session_sem);
779
780         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
781         if (s && s->state == BT_CONNECTED) {
782                 err = -EEXIST;
783                 goto failed;
784         }
785
786         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
787
788         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
789         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
790
791         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
792
793         session->ctrl_sock = ctrl_sock;
794         session->intr_sock = intr_sock;
795         session->state     = BT_CONNECTED;
796
797         setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
798
799         skb_queue_head_init(&session->ctrl_transmit);
800         skb_queue_head_init(&session->intr_transmit);
801
802         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
803         session->idle_to = req->idle_to;
804
805         if (session->input) {
806                 err = hidp_setup_input(session, req);
807                 if (err < 0)
808                         goto failed;
809         }
810
811         if (session->hid)
812                 hidp_setup_hid(session, req);
813
814         __hidp_link_session(session);
815
816         hidp_set_timer(session);
817
818         err = kernel_thread(hidp_session, session, CLONE_KERNEL);
819         if (err < 0)
820                 goto unlink;
821
822         if (session->input) {
823                 hidp_send_ctrl_message(session,
824                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
825                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
826
827                 session->leds = 0xff;
828                 hidp_input_event(session->input, EV_LED, 0, 0);
829         }
830
831         up_write(&hidp_session_sem);
832         return 0;
833
834 unlink:
835         hidp_del_timer(session);
836
837         __hidp_unlink_session(session);
838
839         if (session->input) {
840                 input_unregister_device(session->input);
841                 session->input = NULL; /* don't try to free it here */
842         }
843
844 failed:
845         up_write(&hidp_session_sem);
846
847         if (session->hid)
848                 hid_free_device(session->hid);
849
850         input_free_device(session->input);
851         kfree(session);
852         return err;
853 }
854
855 int hidp_del_connection(struct hidp_conndel_req *req)
856 {
857         struct hidp_session *session;
858         int err = 0;
859
860         BT_DBG("");
861
862         down_read(&hidp_session_sem);
863
864         session = __hidp_get_session(&req->bdaddr);
865         if (session) {
866                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
867                         hidp_send_ctrl_message(session,
868                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
869                 } else {
870                         /* Flush the transmit queues */
871                         skb_queue_purge(&session->ctrl_transmit);
872                         skb_queue_purge(&session->intr_transmit);
873
874                         /* Kill session thread */
875                         atomic_inc(&session->terminate);
876                         hidp_schedule(session);
877                 }
878         } else
879                 err = -ENOENT;
880
881         up_read(&hidp_session_sem);
882         return err;
883 }
884
885 int hidp_get_connlist(struct hidp_connlist_req *req)
886 {
887         struct list_head *p;
888         int err = 0, n = 0;
889
890         BT_DBG("");
891
892         down_read(&hidp_session_sem);
893
894         list_for_each(p, &hidp_session_list) {
895                 struct hidp_session *session;
896                 struct hidp_conninfo ci;
897
898                 session = list_entry(p, struct hidp_session, list);
899
900                 __hidp_copy_session(session, &ci);
901
902                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
903                         err = -EFAULT;
904                         break;
905                 }
906
907                 if (++n >= req->cnum)
908                         break;
909
910                 req->ci++;
911         }
912         req->cnum = n;
913
914         up_read(&hidp_session_sem);
915         return err;
916 }
917
918 int hidp_get_conninfo(struct hidp_conninfo *ci)
919 {
920         struct hidp_session *session;
921         int err = 0;
922
923         down_read(&hidp_session_sem);
924
925         session = __hidp_get_session(&ci->bdaddr);
926         if (session)
927                 __hidp_copy_session(session, ci);
928         else
929                 err = -ENOENT;
930
931         up_read(&hidp_session_sem);
932         return err;
933 }
934
935 static int __init hidp_init(void)
936 {
937         l2cap_load();
938
939         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
940
941         return hidp_init_sockets();
942 }
943
944 static void __exit hidp_exit(void)
945 {
946         hidp_cleanup_sockets();
947 }
948
949 module_init(hidp_init);
950 module_exit(hidp_exit);
951
952 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
953 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
954 MODULE_VERSION(VERSION);
955 MODULE_LICENSE("GPL");
956 MODULE_ALIAS("bt-proto-6");