2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 #include <linux/module.h>
24 #include <linux/file.h>
25 #include <linux/kthread.h>
26 #include <linux/hidraw.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
36 static DECLARE_RWSEM(hidp_session_sem);
37 static LIST_HEAD(hidp_session_list);
39 static unsigned char hidp_keycode[256] = {
40 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
60 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
62 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
64 struct hidp_session *session;
68 list_for_each_entry(session, &hidp_session_list, list) {
69 if (!bacmp(bdaddr, &session->bdaddr))
76 static void __hidp_link_session(struct hidp_session *session)
78 list_add(&session->list, &hidp_session_list);
81 static void __hidp_unlink_session(struct hidp_session *session)
83 hci_conn_put_device(session->conn);
85 list_del(&session->list);
88 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
90 memset(ci, 0, sizeof(*ci));
91 bacpy(&ci->bdaddr, &session->bdaddr);
93 ci->flags = session->flags;
94 ci->state = session->state;
100 if (session->input) {
101 ci->vendor = session->input->id.vendor;
102 ci->product = session->input->id.product;
103 ci->version = session->input->id.version;
104 if (session->input->name)
105 strncpy(ci->name, session->input->name, 128);
107 strncpy(ci->name, "HID Boot Device", 128);
111 ci->vendor = session->hid->vendor;
112 ci->product = session->hid->product;
113 ci->version = session->hid->version;
114 strncpy(ci->name, session->hid->name, 128);
118 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
119 unsigned int type, unsigned int code, int value)
121 unsigned char newleds;
124 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
129 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132 (!!test_bit(LED_CAPSL, dev->led) << 1) |
133 (!!test_bit(LED_NUML, dev->led));
135 if (session->leds == newleds)
138 session->leds = newleds;
140 skb = alloc_skb(3, GFP_ATOMIC);
142 BT_ERR("Can't allocate memory for new frame");
146 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
147 *skb_put(skb, 1) = 0x01;
148 *skb_put(skb, 1) = newleds;
150 skb_queue_tail(&session->intr_transmit, skb);
152 hidp_schedule(session);
157 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
159 struct hid_device *hid = input_get_drvdata(dev);
160 struct hidp_session *session = hid->driver_data;
162 return hidp_queue_event(session, dev, type, code, value);
165 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
167 struct hidp_session *session = input_get_drvdata(dev);
169 return hidp_queue_event(session, dev, type, code, value);
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
174 struct input_dev *dev = session->input;
175 unsigned char *keys = session->keys;
176 unsigned char *udata = skb->data + 1;
177 signed char *sdata = skb->data + 1;
178 int i, size = skb->len - 1;
180 switch (skb->data[0]) {
181 case 0x01: /* Keyboard report */
182 for (i = 0; i < 8; i++)
183 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
185 /* If all the key codes have been set to 0x01, it means
186 * too many keys were pressed at the same time. */
187 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
190 for (i = 2; i < 8; i++) {
191 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192 if (hidp_keycode[keys[i]])
193 input_report_key(dev, hidp_keycode[keys[i]], 0);
195 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
198 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199 if (hidp_keycode[udata[i]])
200 input_report_key(dev, hidp_keycode[udata[i]], 1);
202 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
206 memcpy(keys, udata, 8);
209 case 0x02: /* Mouse report */
210 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
211 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
212 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
214 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
216 input_report_rel(dev, REL_X, sdata[1]);
217 input_report_rel(dev, REL_Y, sdata[2]);
220 input_report_rel(dev, REL_WHEEL, sdata[3]);
227 static int __hidp_send_ctrl_message(struct hidp_session *session,
228 unsigned char hdr, unsigned char *data, int size)
232 BT_DBG("session %p data %p size %d", session, data, size);
234 if (atomic_read(&session->terminate))
237 skb = alloc_skb(size + 1, GFP_ATOMIC);
239 BT_ERR("Can't allocate memory for new frame");
243 *skb_put(skb, 1) = hdr;
244 if (data && size > 0)
245 memcpy(skb_put(skb, size), data, size);
247 skb_queue_tail(&session->ctrl_transmit, skb);
252 static int hidp_send_ctrl_message(struct hidp_session *session,
253 unsigned char hdr, unsigned char *data, int size)
257 err = __hidp_send_ctrl_message(session, hdr, data, size);
259 hidp_schedule(session);
264 static int hidp_queue_report(struct hidp_session *session,
265 unsigned char *data, int size)
269 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
271 skb = alloc_skb(size + 1, GFP_ATOMIC);
273 BT_ERR("Can't allocate memory for new frame");
277 *skb_put(skb, 1) = 0xa2;
279 memcpy(skb_put(skb, size), data, size);
281 skb_queue_tail(&session->intr_transmit, skb);
283 hidp_schedule(session);
288 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290 unsigned char buf[32];
293 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
294 if (rsize > sizeof(buf))
297 hid_output_report(report, buf);
299 return hidp_queue_report(session, buf, rsize);
302 static int hidp_get_raw_report(struct hid_device *hid,
303 unsigned char report_number,
304 unsigned char *data, size_t count,
305 unsigned char report_type)
307 struct hidp_session *session = hid->driver_data;
310 int numbered_reports = hid->report_enum[report_type].numbered;
313 switch (report_type) {
314 case HID_FEATURE_REPORT:
315 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
317 case HID_INPUT_REPORT:
318 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
320 case HID_OUTPUT_REPORT:
321 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
327 if (mutex_lock_interruptible(&session->report_mutex))
330 /* Set up our wait, and send the report request to the device. */
331 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
332 session->waiting_report_number = numbered_reports ? report_number : -1;
333 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
334 data[0] = report_number;
335 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
339 /* Wait for the return of the report. The returned report
340 gets put in session->report_return. */
341 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
344 res = wait_event_interruptible_timeout(session->report_queue,
345 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
359 skb = session->report_return;
361 len = skb->len < count ? skb->len : count;
362 memcpy(data, skb->data, len);
365 session->report_return = NULL;
367 /* Device returned a HANDSHAKE, indicating protocol error. */
371 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
372 mutex_unlock(&session->report_mutex);
377 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
378 mutex_unlock(&session->report_mutex);
382 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
383 unsigned char report_type)
385 struct hidp_session *session = hid->driver_data;
388 switch (report_type) {
389 case HID_FEATURE_REPORT:
390 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
392 case HID_OUTPUT_REPORT:
393 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
399 if (mutex_lock_interruptible(&session->report_mutex))
402 /* Set up our wait, and send the report request to the device. */
403 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
404 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
409 /* Wait for the ACK from the device. */
410 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
413 res = wait_event_interruptible_timeout(session->report_queue,
414 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
428 if (!session->output_report_success) {
436 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
437 mutex_unlock(&session->report_mutex);
441 static void hidp_idle_timeout(unsigned long arg)
443 struct hidp_session *session = (struct hidp_session *) arg;
445 atomic_inc(&session->terminate);
446 wake_up_process(session->task);
449 static void hidp_set_timer(struct hidp_session *session)
451 if (session->idle_to > 0)
452 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
455 static void hidp_del_timer(struct hidp_session *session)
457 if (session->idle_to > 0)
458 del_timer(&session->timer);
461 static void hidp_process_handshake(struct hidp_session *session,
464 BT_DBG("session %p param 0x%02x", session, param);
465 session->output_report_success = 0; /* default condition */
468 case HIDP_HSHK_SUCCESSFUL:
469 /* FIXME: Call into SET_ GET_ handlers here */
470 session->output_report_success = 1;
473 case HIDP_HSHK_NOT_READY:
474 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
475 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
476 case HIDP_HSHK_ERR_INVALID_PARAMETER:
477 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
478 wake_up_interruptible(&session->report_queue);
480 /* FIXME: Call into SET_ GET_ handlers here */
483 case HIDP_HSHK_ERR_UNKNOWN:
486 case HIDP_HSHK_ERR_FATAL:
487 /* Device requests a reboot, as this is the only way this error
488 * can be recovered. */
489 __hidp_send_ctrl_message(session,
490 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
494 __hidp_send_ctrl_message(session,
495 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
499 /* Wake up the waiting thread. */
500 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
501 wake_up_interruptible(&session->report_queue);
504 static void hidp_process_hid_control(struct hidp_session *session,
507 BT_DBG("session %p param 0x%02x", session, param);
509 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
510 /* Flush the transmit queues */
511 skb_queue_purge(&session->ctrl_transmit);
512 skb_queue_purge(&session->intr_transmit);
514 atomic_inc(&session->terminate);
515 wake_up_process(current);
519 /* Returns true if the passed-in skb should be freed by the caller. */
520 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
523 int done_with_skb = 1;
524 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
527 case HIDP_DATA_RTYPE_INPUT:
528 hidp_set_timer(session);
531 hidp_input_report(session, skb);
534 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
537 case HIDP_DATA_RTYPE_OTHER:
538 case HIDP_DATA_RTYPE_OUPUT:
539 case HIDP_DATA_RTYPE_FEATURE:
543 __hidp_send_ctrl_message(session,
544 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
547 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
548 param == session->waiting_report_type) {
549 if (session->waiting_report_number < 0 ||
550 session->waiting_report_number == skb->data[0]) {
551 /* hidp_get_raw_report() is waiting on this report. */
552 session->report_return = skb;
554 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
555 wake_up_interruptible(&session->report_queue);
559 return done_with_skb;
562 static void hidp_recv_ctrl_frame(struct hidp_session *session,
565 unsigned char hdr, type, param;
568 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
573 type = hdr & HIDP_HEADER_TRANS_MASK;
574 param = hdr & HIDP_HEADER_PARAM_MASK;
577 case HIDP_TRANS_HANDSHAKE:
578 hidp_process_handshake(session, param);
581 case HIDP_TRANS_HID_CONTROL:
582 hidp_process_hid_control(session, param);
585 case HIDP_TRANS_DATA:
586 free_skb = hidp_process_data(session, skb, param);
590 __hidp_send_ctrl_message(session,
591 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
599 static void hidp_recv_intr_frame(struct hidp_session *session,
604 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
609 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
610 hidp_set_timer(session);
613 hidp_input_report(session, skb);
616 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
617 BT_DBG("report len %d", skb->len);
620 BT_DBG("Unsupported protocol header 0x%02x", hdr);
626 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
628 struct kvec iv = { data, len };
631 BT_DBG("sock %p data %p len %d", sock, data, len);
636 memset(&msg, 0, sizeof(msg));
638 return kernel_sendmsg(sock, &msg, &iv, 1, len);
641 static void hidp_process_intr_transmit(struct hidp_session *session)
645 BT_DBG("session %p", session);
647 while ((skb = skb_dequeue(&session->intr_transmit))) {
648 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
649 skb_queue_head(&session->intr_transmit, skb);
653 hidp_set_timer(session);
658 static void hidp_process_ctrl_transmit(struct hidp_session *session)
662 BT_DBG("session %p", session);
664 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
665 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
666 skb_queue_head(&session->ctrl_transmit, skb);
670 hidp_set_timer(session);
675 static int hidp_session(void *arg)
677 struct hidp_session *session = arg;
678 struct sock *ctrl_sk = session->ctrl_sock->sk;
679 struct sock *intr_sk = session->intr_sock->sk;
681 wait_queue_t ctrl_wait, intr_wait;
683 BT_DBG("session %p", session);
685 __module_get(THIS_MODULE);
686 set_user_nice(current, -15);
688 init_waitqueue_entry(&ctrl_wait, current);
689 init_waitqueue_entry(&intr_wait, current);
690 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
691 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
692 session->waiting_for_startup = 0;
693 wake_up_interruptible(&session->startup_queue);
694 set_current_state(TASK_INTERRUPTIBLE);
695 while (!atomic_read(&session->terminate)) {
696 if (ctrl_sk->sk_state != BT_CONNECTED ||
697 intr_sk->sk_state != BT_CONNECTED)
700 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
702 if (!skb_linearize(skb))
703 hidp_recv_intr_frame(session, skb);
708 hidp_process_intr_transmit(session);
710 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
712 if (!skb_linearize(skb))
713 hidp_recv_ctrl_frame(session, skb);
718 hidp_process_ctrl_transmit(session);
721 set_current_state(TASK_INTERRUPTIBLE);
723 set_current_state(TASK_RUNNING);
724 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
725 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
727 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
728 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
729 wake_up_interruptible(&session->report_queue);
731 down_write(&hidp_session_sem);
733 hidp_del_timer(session);
735 if (session->input) {
736 input_unregister_device(session->input);
737 session->input = NULL;
741 hid_destroy_device(session->hid);
745 /* Wakeup user-space polling for socket errors */
746 session->intr_sock->sk->sk_err = EUNATCH;
747 session->ctrl_sock->sk->sk_err = EUNATCH;
749 hidp_schedule(session);
751 fput(session->intr_sock->file);
753 wait_event_timeout(*(sk_sleep(ctrl_sk)),
754 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
756 fput(session->ctrl_sock->file);
758 __hidp_unlink_session(session);
760 up_write(&hidp_session_sem);
762 kfree(session->rd_data);
764 module_put_and_exit(0);
768 static struct hci_conn *hidp_get_connection(struct hidp_session *session)
770 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
771 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
772 struct hci_conn *conn;
773 struct hci_dev *hdev;
775 hdev = hci_get_route(dst, src);
780 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
782 hci_conn_hold_device(conn);
783 hci_dev_unlock(hdev);
790 static int hidp_setup_input(struct hidp_session *session,
791 struct hidp_connadd_req *req)
793 struct input_dev *input;
796 input = input_allocate_device();
800 session->input = input;
802 input_set_drvdata(input, session);
804 input->name = "Bluetooth HID Boot Protocol Device";
806 input->id.bustype = BUS_BLUETOOTH;
807 input->id.vendor = req->vendor;
808 input->id.product = req->product;
809 input->id.version = req->version;
811 if (req->subclass & 0x40) {
812 set_bit(EV_KEY, input->evbit);
813 set_bit(EV_LED, input->evbit);
814 set_bit(EV_REP, input->evbit);
816 set_bit(LED_NUML, input->ledbit);
817 set_bit(LED_CAPSL, input->ledbit);
818 set_bit(LED_SCROLLL, input->ledbit);
819 set_bit(LED_COMPOSE, input->ledbit);
820 set_bit(LED_KANA, input->ledbit);
822 for (i = 0; i < sizeof(hidp_keycode); i++)
823 set_bit(hidp_keycode[i], input->keybit);
824 clear_bit(0, input->keybit);
827 if (req->subclass & 0x80) {
828 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
829 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
830 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
831 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
832 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
834 input->relbit[0] |= BIT_MASK(REL_WHEEL);
837 input->dev.parent = &session->conn->dev;
839 input->event = hidp_input_event;
844 static int hidp_open(struct hid_device *hid)
849 static void hidp_close(struct hid_device *hid)
853 static int hidp_parse(struct hid_device *hid)
855 struct hidp_session *session = hid->driver_data;
857 return hid_parse_report(session->hid, session->rd_data,
861 static int hidp_start(struct hid_device *hid)
863 struct hidp_session *session = hid->driver_data;
864 struct hid_report *report;
866 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
869 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
871 hidp_send_report(session, report);
873 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
875 hidp_send_report(session, report);
880 static void hidp_stop(struct hid_device *hid)
882 struct hidp_session *session = hid->driver_data;
884 skb_queue_purge(&session->ctrl_transmit);
885 skb_queue_purge(&session->intr_transmit);
890 static struct hid_ll_driver hidp_hid_driver = {
896 .hidinput_input_event = hidp_hidinput_event,
899 /* This function sets up the hid device. It does not add it
900 to the HID system. That is done in hidp_add_connection(). */
901 static int hidp_setup_hid(struct hidp_session *session,
902 struct hidp_connadd_req *req)
904 struct hid_device *hid;
907 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
908 if (!session->rd_data)
911 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
915 session->rd_size = req->rd_size;
917 hid = hid_allocate_device();
925 hid->driver_data = session;
927 hid->bus = BUS_BLUETOOTH;
928 hid->vendor = req->vendor;
929 hid->product = req->product;
930 hid->version = req->version;
931 hid->country = req->country;
933 strncpy(hid->name, req->name, 128);
934 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
935 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
937 hid->dev.parent = &session->conn->dev;
938 hid->ll_driver = &hidp_hid_driver;
940 hid->hid_get_raw_report = hidp_get_raw_report;
941 hid->hid_output_raw_report = hidp_output_raw_report;
946 kfree(session->rd_data);
947 session->rd_data = NULL;
952 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
954 struct hidp_session *session, *s;
960 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
961 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
964 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
966 down_write(&hidp_session_sem);
968 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
969 if (s && s->state == BT_CONNECTED) {
970 up_write(&hidp_session_sem);
974 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
976 up_write(&hidp_session_sem);
980 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
982 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
983 l2cap_pi(ctrl_sock->sk)->chan->imtu);
984 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
985 l2cap_pi(intr_sock->sk)->chan->imtu);
987 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
989 session->ctrl_sock = ctrl_sock;
990 session->intr_sock = intr_sock;
991 session->state = BT_CONNECTED;
993 session->conn = hidp_get_connection(session);
994 if (!session->conn) {
999 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1001 skb_queue_head_init(&session->ctrl_transmit);
1002 skb_queue_head_init(&session->intr_transmit);
1004 mutex_init(&session->report_mutex);
1005 init_waitqueue_head(&session->report_queue);
1006 init_waitqueue_head(&session->startup_queue);
1007 session->waiting_for_startup = 1;
1008 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1009 session->idle_to = req->idle_to;
1011 __hidp_link_session(session);
1013 if (req->rd_size > 0) {
1014 err = hidp_setup_hid(session, req);
1019 if (!session->hid) {
1020 err = hidp_setup_input(session, req);
1025 hidp_set_timer(session);
1028 vendor = session->hid->vendor;
1029 product = session->hid->product;
1030 } else if (session->input) {
1031 vendor = session->input->id.vendor;
1032 product = session->input->id.product;
1038 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1040 if (IS_ERR(session->task)) {
1041 err = PTR_ERR(session->task);
1045 while (session->waiting_for_startup) {
1046 wait_event_interruptible(session->startup_queue,
1047 !session->waiting_for_startup);
1051 err = hid_add_device(session->hid);
1053 err = input_register_device(session->input);
1056 atomic_inc(&session->terminate);
1057 wake_up_process(session->task);
1058 up_write(&hidp_session_sem);
1062 if (session->input) {
1063 hidp_send_ctrl_message(session,
1064 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1065 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1067 session->leds = 0xff;
1068 hidp_input_event(session->input, EV_LED, 0, 0);
1071 up_write(&hidp_session_sem);
1075 hidp_del_timer(session);
1077 if (session->input) {
1078 input_unregister_device(session->input);
1079 session->input = NULL;
1083 hid_destroy_device(session->hid);
1084 session->hid = NULL;
1087 kfree(session->rd_data);
1088 session->rd_data = NULL;
1091 __hidp_unlink_session(session);
1093 skb_queue_purge(&session->ctrl_transmit);
1094 skb_queue_purge(&session->intr_transmit);
1097 up_write(&hidp_session_sem);
1103 int hidp_del_connection(struct hidp_conndel_req *req)
1105 struct hidp_session *session;
1110 down_read(&hidp_session_sem);
1112 session = __hidp_get_session(&req->bdaddr);
1114 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1115 hidp_send_ctrl_message(session,
1116 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1118 /* Flush the transmit queues */
1119 skb_queue_purge(&session->ctrl_transmit);
1120 skb_queue_purge(&session->intr_transmit);
1122 atomic_inc(&session->terminate);
1123 wake_up_process(session->task);
1128 up_read(&hidp_session_sem);
1132 int hidp_get_connlist(struct hidp_connlist_req *req)
1134 struct hidp_session *session;
1139 down_read(&hidp_session_sem);
1141 list_for_each_entry(session, &hidp_session_list, list) {
1142 struct hidp_conninfo ci;
1144 __hidp_copy_session(session, &ci);
1146 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1151 if (++n >= req->cnum)
1158 up_read(&hidp_session_sem);
1162 int hidp_get_conninfo(struct hidp_conninfo *ci)
1164 struct hidp_session *session;
1167 down_read(&hidp_session_sem);
1169 session = __hidp_get_session(&ci->bdaddr);
1171 __hidp_copy_session(session, ci);
1175 up_read(&hidp_session_sem);
1179 static int __init hidp_init(void)
1181 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1183 return hidp_init_sockets();
1186 static void __exit hidp_exit(void)
1188 hidp_cleanup_sockets();
1191 module_init(hidp_init);
1192 module_exit(hidp_exit);
1194 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1195 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1196 MODULE_VERSION(VERSION);
1197 MODULE_LICENSE("GPL");
1198 MODULE_ALIAS("bt-proto-6");