Version:  2.0.40 2.2.26 2.4.37 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1

Linux/net/bluetooth/hidp/core.c

  1 /*
  2    HIDP implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
  4    Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
  5 
  6    This program is free software; you can redistribute it and/or modify
  7    it under the terms of the GNU General Public License version 2 as
  8    published by the Free Software Foundation;
  9 
 10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18 
 19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 21    SOFTWARE IS DISCLAIMED.
 22 */
 23 
 24 #include <linux/kref.h>
 25 #include <linux/module.h>
 26 #include <linux/file.h>
 27 #include <linux/kthread.h>
 28 #include <linux/hidraw.h>
 29 
 30 #include <net/bluetooth/bluetooth.h>
 31 #include <net/bluetooth/hci_core.h>
 32 #include <net/bluetooth/l2cap.h>
 33 
 34 #include "hidp.h"
 35 
 36 #define VERSION "1.2"
 37 
 38 static DECLARE_RWSEM(hidp_session_sem);
 39 static LIST_HEAD(hidp_session_list);
 40 
 41 static unsigned char hidp_keycode[256] = {
 42           0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,
 43          37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,
 44          21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,
 45          14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,
 46          53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,
 47          99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,
 48          98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,
 49          82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
 50         191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
 51         136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,
 52          95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,
 53           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 54           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 55           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 56           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 57           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 58          29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,
 59         114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
 60 };
 61 
 62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
 63 
 64 static int hidp_session_probe(struct l2cap_conn *conn,
 65                               struct l2cap_user *user);
 66 static void hidp_session_remove(struct l2cap_conn *conn,
 67                                 struct l2cap_user *user);
 68 static int hidp_session_thread(void *arg);
 69 static void hidp_session_terminate(struct hidp_session *s);
 70 
 71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
 72 {
 73         u32 valid_flags = 0;
 74         memset(ci, 0, sizeof(*ci));
 75         bacpy(&ci->bdaddr, &session->bdaddr);
 76 
 77         ci->flags = session->flags & valid_flags;
 78         ci->state = BT_CONNECTED;
 79 
 80         if (session->input) {
 81                 ci->vendor  = session->input->id.vendor;
 82                 ci->product = session->input->id.product;
 83                 ci->version = session->input->id.version;
 84                 if (session->input->name)
 85                         strlcpy(ci->name, session->input->name, 128);
 86                 else
 87                         strlcpy(ci->name, "HID Boot Device", 128);
 88         } else if (session->hid) {
 89                 ci->vendor  = session->hid->vendor;
 90                 ci->product = session->hid->product;
 91                 ci->version = session->hid->version;
 92                 strlcpy(ci->name, session->hid->name, 128);
 93         }
 94 }
 95 
 96 /* assemble skb, queue message on @transmit and wake up the session thread */
 97 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
 98                              struct sk_buff_head *transmit, unsigned char hdr,
 99                              const unsigned char *data, int size)
100 {
101         struct sk_buff *skb;
102         struct sock *sk = sock->sk;
103 
104         BT_DBG("session %p data %p size %d", session, data, size);
105 
106         if (atomic_read(&session->terminate))
107                 return -EIO;
108 
109         skb = alloc_skb(size + 1, GFP_ATOMIC);
110         if (!skb) {
111                 BT_ERR("Can't allocate memory for new frame");
112                 return -ENOMEM;
113         }
114 
115         *skb_put(skb, 1) = hdr;
116         if (data && size > 0)
117                 memcpy(skb_put(skb, size), data, size);
118 
119         skb_queue_tail(transmit, skb);
120         wake_up_interruptible(sk_sleep(sk));
121 
122         return 0;
123 }
124 
125 static int hidp_send_ctrl_message(struct hidp_session *session,
126                                   unsigned char hdr, const unsigned char *data,
127                                   int size)
128 {
129         return hidp_send_message(session, session->ctrl_sock,
130                                  &session->ctrl_transmit, hdr, data, size);
131 }
132 
133 static int hidp_send_intr_message(struct hidp_session *session,
134                                   unsigned char hdr, const unsigned char *data,
135                                   int size)
136 {
137         return hidp_send_message(session, session->intr_sock,
138                                  &session->intr_transmit, hdr, data, size);
139 }
140 
141 static int hidp_input_event(struct input_dev *dev, unsigned int type,
142                             unsigned int code, int value)
143 {
144         struct hidp_session *session = input_get_drvdata(dev);
145         unsigned char newleds;
146         unsigned char hdr, data[2];
147 
148         BT_DBG("session %p type %d code %d value %d",
149                session, type, code, value);
150 
151         if (type != EV_LED)
152                 return -1;
153 
154         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
155                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
156                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
157                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
158                   (!!test_bit(LED_NUML,    dev->led) << 0);
159 
160         if (session->leds == newleds)
161                 return 0;
162 
163         session->leds = newleds;
164 
165         hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166         data[0] = 0x01;
167         data[1] = newleds;
168 
169         return hidp_send_intr_message(session, hdr, data, 2);
170 }
171 
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 {
174         struct input_dev *dev = session->input;
175         unsigned char *keys = session->keys;
176         unsigned char *udata = skb->data + 1;
177         signed char *sdata = skb->data + 1;
178         int i, size = skb->len - 1;
179 
180         switch (skb->data[0]) {
181         case 0x01:      /* Keyboard report */
182                 for (i = 0; i < 8; i++)
183                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 
185                 /* If all the key codes have been set to 0x01, it means
186                  * too many keys were pressed at the same time. */
187                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
188                         break;
189 
190                 for (i = 2; i < 8; i++) {
191                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192                                 if (hidp_keycode[keys[i]])
193                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
194                                 else
195                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
196                         }
197 
198                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199                                 if (hidp_keycode[udata[i]])
200                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
201                                 else
202                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203                         }
204                 }
205 
206                 memcpy(keys, udata, 8);
207                 break;
208 
209         case 0x02:      /* Mouse report */
210                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
211                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
212                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
214                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
215 
216                 input_report_rel(dev, REL_X, sdata[1]);
217                 input_report_rel(dev, REL_Y, sdata[2]);
218 
219                 if (size > 3)
220                         input_report_rel(dev, REL_WHEEL, sdata[3]);
221                 break;
222         }
223 
224         input_sync(dev);
225 }
226 
227 static int hidp_get_raw_report(struct hid_device *hid,
228                 unsigned char report_number,
229                 unsigned char *data, size_t count,
230                 unsigned char report_type)
231 {
232         struct hidp_session *session = hid->driver_data;
233         struct sk_buff *skb;
234         size_t len;
235         int numbered_reports = hid->report_enum[report_type].numbered;
236         int ret;
237 
238         if (atomic_read(&session->terminate))
239                 return -EIO;
240 
241         switch (report_type) {
242         case HID_FEATURE_REPORT:
243                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
244                 break;
245         case HID_INPUT_REPORT:
246                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
247                 break;
248         case HID_OUTPUT_REPORT:
249                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
250                 break;
251         default:
252                 return -EINVAL;
253         }
254 
255         if (mutex_lock_interruptible(&session->report_mutex))
256                 return -ERESTARTSYS;
257 
258         /* Set up our wait, and send the report request to the device. */
259         session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
260         session->waiting_report_number = numbered_reports ? report_number : -1;
261         set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
262         data[0] = report_number;
263         ret = hidp_send_ctrl_message(session, report_type, data, 1);
264         if (ret)
265                 goto err;
266 
267         /* Wait for the return of the report. The returned report
268            gets put in session->report_return.  */
269         while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
270                !atomic_read(&session->terminate)) {
271                 int res;
272 
273                 res = wait_event_interruptible_timeout(session->report_queue,
274                         !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
275                                 || atomic_read(&session->terminate),
276                         5*HZ);
277                 if (res == 0) {
278                         /* timeout */
279                         ret = -EIO;
280                         goto err;
281                 }
282                 if (res < 0) {
283                         /* signal */
284                         ret = -ERESTARTSYS;
285                         goto err;
286                 }
287         }
288 
289         skb = session->report_return;
290         if (skb) {
291                 len = skb->len < count ? skb->len : count;
292                 memcpy(data, skb->data, len);
293 
294                 kfree_skb(skb);
295                 session->report_return = NULL;
296         } else {
297                 /* Device returned a HANDSHAKE, indicating  protocol error. */
298                 len = -EIO;
299         }
300 
301         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
302         mutex_unlock(&session->report_mutex);
303 
304         return len;
305 
306 err:
307         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
308         mutex_unlock(&session->report_mutex);
309         return ret;
310 }
311 
312 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum,
313                                unsigned char *data, size_t count,
314                                unsigned char report_type)
315 {
316         struct hidp_session *session = hid->driver_data;
317         int ret;
318 
319         switch (report_type) {
320         case HID_FEATURE_REPORT:
321                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
322                 break;
323         case HID_INPUT_REPORT:
324                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT;
325                 break;
326         case HID_OUTPUT_REPORT:
327                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
328                 break;
329         default:
330                 return -EINVAL;
331         }
332 
333         if (mutex_lock_interruptible(&session->report_mutex))
334                 return -ERESTARTSYS;
335 
336         /* Set up our wait, and send the report request to the device. */
337         data[0] = reportnum;
338         set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
339         ret = hidp_send_ctrl_message(session, report_type, data, count);
340         if (ret)
341                 goto err;
342 
343         /* Wait for the ACK from the device. */
344         while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
345                !atomic_read(&session->terminate)) {
346                 int res;
347 
348                 res = wait_event_interruptible_timeout(session->report_queue,
349                         !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
350                                 || atomic_read(&session->terminate),
351                         10*HZ);
352                 if (res == 0) {
353                         /* timeout */
354                         ret = -EIO;
355                         goto err;
356                 }
357                 if (res < 0) {
358                         /* signal */
359                         ret = -ERESTARTSYS;
360                         goto err;
361                 }
362         }
363 
364         if (!session->output_report_success) {
365                 ret = -EIO;
366                 goto err;
367         }
368 
369         ret = count;
370 
371 err:
372         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
373         mutex_unlock(&session->report_mutex);
374         return ret;
375 }
376 
377 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count)
378 {
379         struct hidp_session *session = hid->driver_data;
380 
381         return hidp_send_intr_message(session,
382                                       HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT,
383                                       data, count);
384 }
385 
386 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum,
387                             __u8 *buf, size_t len, unsigned char rtype,
388                             int reqtype)
389 {
390         switch (reqtype) {
391         case HID_REQ_GET_REPORT:
392                 return hidp_get_raw_report(hid, reportnum, buf, len, rtype);
393         case HID_REQ_SET_REPORT:
394                 return hidp_set_raw_report(hid, reportnum, buf, len, rtype);
395         default:
396                 return -EIO;
397         }
398 }
399 
400 static void hidp_idle_timeout(unsigned long arg)
401 {
402         struct hidp_session *session = (struct hidp_session *) arg;
403 
404         hidp_session_terminate(session);
405 }
406 
407 static void hidp_set_timer(struct hidp_session *session)
408 {
409         if (session->idle_to > 0)
410                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
411 }
412 
413 static void hidp_del_timer(struct hidp_session *session)
414 {
415         if (session->idle_to > 0)
416                 del_timer(&session->timer);
417 }
418 
419 static void hidp_process_report(struct hidp_session *session,
420                                 int type, const u8 *data, int len, int intr)
421 {
422         if (len > HID_MAX_BUFFER_SIZE)
423                 len = HID_MAX_BUFFER_SIZE;
424 
425         memcpy(session->input_buf, data, len);
426         hid_input_report(session->hid, type, session->input_buf, len, intr);
427 }
428 
429 static void hidp_process_handshake(struct hidp_session *session,
430                                         unsigned char param)
431 {
432         BT_DBG("session %p param 0x%02x", session, param);
433         session->output_report_success = 0; /* default condition */
434 
435         switch (param) {
436         case HIDP_HSHK_SUCCESSFUL:
437                 /* FIXME: Call into SET_ GET_ handlers here */
438                 session->output_report_success = 1;
439                 break;
440 
441         case HIDP_HSHK_NOT_READY:
442         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
443         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
444         case HIDP_HSHK_ERR_INVALID_PARAMETER:
445                 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
446                         wake_up_interruptible(&session->report_queue);
447 
448                 /* FIXME: Call into SET_ GET_ handlers here */
449                 break;
450 
451         case HIDP_HSHK_ERR_UNKNOWN:
452                 break;
453 
454         case HIDP_HSHK_ERR_FATAL:
455                 /* Device requests a reboot, as this is the only way this error
456                  * can be recovered. */
457                 hidp_send_ctrl_message(session,
458                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
459                 break;
460 
461         default:
462                 hidp_send_ctrl_message(session,
463                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
464                 break;
465         }
466 
467         /* Wake up the waiting thread. */
468         if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
469                 wake_up_interruptible(&session->report_queue);
470 }
471 
472 static void hidp_process_hid_control(struct hidp_session *session,
473                                         unsigned char param)
474 {
475         BT_DBG("session %p param 0x%02x", session, param);
476 
477         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
478                 /* Flush the transmit queues */
479                 skb_queue_purge(&session->ctrl_transmit);
480                 skb_queue_purge(&session->intr_transmit);
481 
482                 hidp_session_terminate(session);
483         }
484 }
485 
486 /* Returns true if the passed-in skb should be freed by the caller. */
487 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
488                                 unsigned char param)
489 {
490         int done_with_skb = 1;
491         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
492 
493         switch (param) {
494         case HIDP_DATA_RTYPE_INPUT:
495                 hidp_set_timer(session);
496 
497                 if (session->input)
498                         hidp_input_report(session, skb);
499 
500                 if (session->hid)
501                         hidp_process_report(session, HID_INPUT_REPORT,
502                                             skb->data, skb->len, 0);
503                 break;
504 
505         case HIDP_DATA_RTYPE_OTHER:
506         case HIDP_DATA_RTYPE_OUPUT:
507         case HIDP_DATA_RTYPE_FEATURE:
508                 break;
509 
510         default:
511                 hidp_send_ctrl_message(session,
512                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
513         }
514 
515         if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
516                                 param == session->waiting_report_type) {
517                 if (session->waiting_report_number < 0 ||
518                     session->waiting_report_number == skb->data[0]) {
519                         /* hidp_get_raw_report() is waiting on this report. */
520                         session->report_return = skb;
521                         done_with_skb = 0;
522                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
523                         wake_up_interruptible(&session->report_queue);
524                 }
525         }
526 
527         return done_with_skb;
528 }
529 
530 static void hidp_recv_ctrl_frame(struct hidp_session *session,
531                                         struct sk_buff *skb)
532 {
533         unsigned char hdr, type, param;
534         int free_skb = 1;
535 
536         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
537 
538         hdr = skb->data[0];
539         skb_pull(skb, 1);
540 
541         type = hdr & HIDP_HEADER_TRANS_MASK;
542         param = hdr & HIDP_HEADER_PARAM_MASK;
543 
544         switch (type) {
545         case HIDP_TRANS_HANDSHAKE:
546                 hidp_process_handshake(session, param);
547                 break;
548 
549         case HIDP_TRANS_HID_CONTROL:
550                 hidp_process_hid_control(session, param);
551                 break;
552 
553         case HIDP_TRANS_DATA:
554                 free_skb = hidp_process_data(session, skb, param);
555                 break;
556 
557         default:
558                 hidp_send_ctrl_message(session,
559                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
560                 break;
561         }
562 
563         if (free_skb)
564                 kfree_skb(skb);
565 }
566 
567 static void hidp_recv_intr_frame(struct hidp_session *session,
568                                 struct sk_buff *skb)
569 {
570         unsigned char hdr;
571 
572         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
573 
574         hdr = skb->data[0];
575         skb_pull(skb, 1);
576 
577         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
578                 hidp_set_timer(session);
579 
580                 if (session->input)
581                         hidp_input_report(session, skb);
582 
583                 if (session->hid) {
584                         hidp_process_report(session, HID_INPUT_REPORT,
585                                             skb->data, skb->len, 1);
586                         BT_DBG("report len %d", skb->len);
587                 }
588         } else {
589                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
590         }
591 
592         kfree_skb(skb);
593 }
594 
595 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
596 {
597         struct kvec iv = { data, len };
598         struct msghdr msg;
599 
600         BT_DBG("sock %p data %p len %d", sock, data, len);
601 
602         if (!len)
603                 return 0;
604 
605         memset(&msg, 0, sizeof(msg));
606 
607         return kernel_sendmsg(sock, &msg, &iv, 1, len);
608 }
609 
610 /* dequeue message from @transmit and send via @sock */
611 static void hidp_process_transmit(struct hidp_session *session,
612                                   struct sk_buff_head *transmit,
613                                   struct socket *sock)
614 {
615         struct sk_buff *skb;
616         int ret;
617 
618         BT_DBG("session %p", session);
619 
620         while ((skb = skb_dequeue(transmit))) {
621                 ret = hidp_send_frame(sock, skb->data, skb->len);
622                 if (ret == -EAGAIN) {
623                         skb_queue_head(transmit, skb);
624                         break;
625                 } else if (ret < 0) {
626                         hidp_session_terminate(session);
627                         kfree_skb(skb);
628                         break;
629                 }
630 
631                 hidp_set_timer(session);
632                 kfree_skb(skb);
633         }
634 }
635 
636 static int hidp_setup_input(struct hidp_session *session,
637                                 struct hidp_connadd_req *req)
638 {
639         struct input_dev *input;
640         int i;
641 
642         input = input_allocate_device();
643         if (!input)
644                 return -ENOMEM;
645 
646         session->input = input;
647 
648         input_set_drvdata(input, session);
649 
650         input->name = "Bluetooth HID Boot Protocol Device";
651 
652         input->id.bustype = BUS_BLUETOOTH;
653         input->id.vendor  = req->vendor;
654         input->id.product = req->product;
655         input->id.version = req->version;
656 
657         if (req->subclass & 0x40) {
658                 set_bit(EV_KEY, input->evbit);
659                 set_bit(EV_LED, input->evbit);
660                 set_bit(EV_REP, input->evbit);
661 
662                 set_bit(LED_NUML,    input->ledbit);
663                 set_bit(LED_CAPSL,   input->ledbit);
664                 set_bit(LED_SCROLLL, input->ledbit);
665                 set_bit(LED_COMPOSE, input->ledbit);
666                 set_bit(LED_KANA,    input->ledbit);
667 
668                 for (i = 0; i < sizeof(hidp_keycode); i++)
669                         set_bit(hidp_keycode[i], input->keybit);
670                 clear_bit(0, input->keybit);
671         }
672 
673         if (req->subclass & 0x80) {
674                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
675                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
676                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
677                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
678                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
679                         BIT_MASK(BTN_EXTRA);
680                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
681         }
682 
683         input->dev.parent = &session->conn->hcon->dev;
684 
685         input->event = hidp_input_event;
686 
687         return 0;
688 }
689 
690 static int hidp_open(struct hid_device *hid)
691 {
692         return 0;
693 }
694 
695 static void hidp_close(struct hid_device *hid)
696 {
697 }
698 
699 static int hidp_parse(struct hid_device *hid)
700 {
701         struct hidp_session *session = hid->driver_data;
702 
703         return hid_parse_report(session->hid, session->rd_data,
704                         session->rd_size);
705 }
706 
707 static int hidp_start(struct hid_device *hid)
708 {
709         return 0;
710 }
711 
712 static void hidp_stop(struct hid_device *hid)
713 {
714         struct hidp_session *session = hid->driver_data;
715 
716         skb_queue_purge(&session->ctrl_transmit);
717         skb_queue_purge(&session->intr_transmit);
718 
719         hid->claimed = 0;
720 }
721 
722 static struct hid_ll_driver hidp_hid_driver = {
723         .parse = hidp_parse,
724         .start = hidp_start,
725         .stop = hidp_stop,
726         .open  = hidp_open,
727         .close = hidp_close,
728         .raw_request = hidp_raw_request,
729         .output_report = hidp_output_report,
730 };
731 
732 /* This function sets up the hid device. It does not add it
733    to the HID system. That is done in hidp_add_connection(). */
734 static int hidp_setup_hid(struct hidp_session *session,
735                                 struct hidp_connadd_req *req)
736 {
737         struct hid_device *hid;
738         int err;
739 
740         session->rd_data = memdup_user(req->rd_data, req->rd_size);
741         if (IS_ERR(session->rd_data))
742                 return PTR_ERR(session->rd_data);
743 
744         session->rd_size = req->rd_size;
745 
746         hid = hid_allocate_device();
747         if (IS_ERR(hid)) {
748                 err = PTR_ERR(hid);
749                 goto fault;
750         }
751 
752         session->hid = hid;
753 
754         hid->driver_data = session;
755 
756         hid->bus     = BUS_BLUETOOTH;
757         hid->vendor  = req->vendor;
758         hid->product = req->product;
759         hid->version = req->version;
760         hid->country = req->country;
761 
762         strncpy(hid->name, req->name, sizeof(req->name) - 1);
763 
764         snprintf(hid->phys, sizeof(hid->phys), "%pMR",
765                  &l2cap_pi(session->ctrl_sock->sk)->chan->src);
766 
767         /* NOTE: Some device modules depend on the dst address being stored in
768          * uniq. Please be aware of this before making changes to this behavior.
769          */
770         snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
771                  &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
772 
773         hid->dev.parent = &session->conn->hcon->dev;
774         hid->ll_driver = &hidp_hid_driver;
775 
776         /* True if device is blacklisted in drivers/hid/hid-core.c */
777         if (hid_ignore(hid)) {
778                 hid_destroy_device(session->hid);
779                 session->hid = NULL;
780                 return -ENODEV;
781         }
782 
783         return 0;
784 
785 fault:
786         kfree(session->rd_data);
787         session->rd_data = NULL;
788 
789         return err;
790 }
791 
792 /* initialize session devices */
793 static int hidp_session_dev_init(struct hidp_session *session,
794                                  struct hidp_connadd_req *req)
795 {
796         int ret;
797 
798         if (req->rd_size > 0) {
799                 ret = hidp_setup_hid(session, req);
800                 if (ret && ret != -ENODEV)
801                         return ret;
802         }
803 
804         if (!session->hid) {
805                 ret = hidp_setup_input(session, req);
806                 if (ret < 0)
807                         return ret;
808         }
809 
810         return 0;
811 }
812 
813 /* destroy session devices */
814 static void hidp_session_dev_destroy(struct hidp_session *session)
815 {
816         if (session->hid)
817                 put_device(&session->hid->dev);
818         else if (session->input)
819                 input_put_device(session->input);
820 
821         kfree(session->rd_data);
822         session->rd_data = NULL;
823 }
824 
825 /* add HID/input devices to their underlying bus systems */
826 static int hidp_session_dev_add(struct hidp_session *session)
827 {
828         int ret;
829 
830         /* Both HID and input systems drop a ref-count when unregistering the
831          * device but they don't take a ref-count when registering them. Work
832          * around this by explicitly taking a refcount during registration
833          * which is dropped automatically by unregistering the devices. */
834 
835         if (session->hid) {
836                 ret = hid_add_device(session->hid);
837                 if (ret)
838                         return ret;
839                 get_device(&session->hid->dev);
840         } else if (session->input) {
841                 ret = input_register_device(session->input);
842                 if (ret)
843                         return ret;
844                 input_get_device(session->input);
845         }
846 
847         return 0;
848 }
849 
850 /* remove HID/input devices from their bus systems */
851 static void hidp_session_dev_del(struct hidp_session *session)
852 {
853         if (session->hid)
854                 hid_destroy_device(session->hid);
855         else if (session->input)
856                 input_unregister_device(session->input);
857 }
858 
859 /*
860  * Asynchronous device registration
861  * HID device drivers might want to perform I/O during initialization to
862  * detect device types. Therefore, call device registration in a separate
863  * worker so the HIDP thread can schedule I/O operations.
864  * Note that this must be called after the worker thread was initialized
865  * successfully. This will then add the devices and increase session state
866  * on success, otherwise it will terminate the session thread.
867  */
868 static void hidp_session_dev_work(struct work_struct *work)
869 {
870         struct hidp_session *session = container_of(work,
871                                                     struct hidp_session,
872                                                     dev_init);
873         int ret;
874 
875         ret = hidp_session_dev_add(session);
876         if (!ret)
877                 atomic_inc(&session->state);
878         else
879                 hidp_session_terminate(session);
880 }
881 
882 /*
883  * Create new session object
884  * Allocate session object, initialize static fields, copy input data into the
885  * object and take a reference to all sub-objects.
886  * This returns 0 on success and puts a pointer to the new session object in
887  * \out. Otherwise, an error code is returned.
888  * The new session object has an initial ref-count of 1.
889  */
890 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
891                             struct socket *ctrl_sock,
892                             struct socket *intr_sock,
893                             struct hidp_connadd_req *req,
894                             struct l2cap_conn *conn)
895 {
896         struct hidp_session *session;
897         int ret;
898         struct bt_sock *ctrl, *intr;
899 
900         ctrl = bt_sk(ctrl_sock->sk);
901         intr = bt_sk(intr_sock->sk);
902 
903         session = kzalloc(sizeof(*session), GFP_KERNEL);
904         if (!session)
905                 return -ENOMEM;
906 
907         /* object and runtime management */
908         kref_init(&session->ref);
909         atomic_set(&session->state, HIDP_SESSION_IDLING);
910         init_waitqueue_head(&session->state_queue);
911         session->flags = req->flags & BIT(HIDP_BLUETOOTH_VENDOR_ID);
912 
913         /* connection management */
914         bacpy(&session->bdaddr, bdaddr);
915         session->conn = l2cap_conn_get(conn);
916         session->user.probe = hidp_session_probe;
917         session->user.remove = hidp_session_remove;
918         session->ctrl_sock = ctrl_sock;
919         session->intr_sock = intr_sock;
920         skb_queue_head_init(&session->ctrl_transmit);
921         skb_queue_head_init(&session->intr_transmit);
922         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
923                                         l2cap_pi(ctrl)->chan->imtu);
924         session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
925                                         l2cap_pi(intr)->chan->imtu);
926         session->idle_to = req->idle_to;
927 
928         /* device management */
929         INIT_WORK(&session->dev_init, hidp_session_dev_work);
930         setup_timer(&session->timer, hidp_idle_timeout,
931                     (unsigned long)session);
932 
933         /* session data */
934         mutex_init(&session->report_mutex);
935         init_waitqueue_head(&session->report_queue);
936 
937         ret = hidp_session_dev_init(session, req);
938         if (ret)
939                 goto err_free;
940 
941         get_file(session->intr_sock->file);
942         get_file(session->ctrl_sock->file);
943         *out = session;
944         return 0;
945 
946 err_free:
947         l2cap_conn_put(session->conn);
948         kfree(session);
949         return ret;
950 }
951 
952 /* increase ref-count of the given session by one */
953 static void hidp_session_get(struct hidp_session *session)
954 {
955         kref_get(&session->ref);
956 }
957 
958 /* release callback */
959 static void session_free(struct kref *ref)
960 {
961         struct hidp_session *session = container_of(ref, struct hidp_session,
962                                                     ref);
963 
964         hidp_session_dev_destroy(session);
965         skb_queue_purge(&session->ctrl_transmit);
966         skb_queue_purge(&session->intr_transmit);
967         fput(session->intr_sock->file);
968         fput(session->ctrl_sock->file);
969         l2cap_conn_put(session->conn);
970         kfree(session);
971 }
972 
973 /* decrease ref-count of the given session by one */
974 static void hidp_session_put(struct hidp_session *session)
975 {
976         kref_put(&session->ref, session_free);
977 }
978 
979 /*
980  * Search the list of active sessions for a session with target address
981  * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
982  * you do not release this lock, the session objects cannot vanish and you can
983  * safely take a reference to the session yourself.
984  */
985 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
986 {
987         struct hidp_session *session;
988 
989         list_for_each_entry(session, &hidp_session_list, list) {
990                 if (!bacmp(bdaddr, &session->bdaddr))
991                         return session;
992         }
993 
994         return NULL;
995 }
996 
997 /*
998  * Same as __hidp_session_find() but no locks must be held. This also takes a
999  * reference of the returned session (if non-NULL) so you must drop this
1000  * reference if you no longer use the object.
1001  */
1002 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1003 {
1004         struct hidp_session *session;
1005 
1006         down_read(&hidp_session_sem);
1007 
1008         session = __hidp_session_find(bdaddr);
1009         if (session)
1010                 hidp_session_get(session);
1011 
1012         up_read(&hidp_session_sem);
1013 
1014         return session;
1015 }
1016 
1017 /*
1018  * Start session synchronously
1019  * This starts a session thread and waits until initialization
1020  * is done or returns an error if it couldn't be started.
1021  * If this returns 0 the session thread is up and running. You must call
1022  * hipd_session_stop_sync() before deleting any runtime resources.
1023  */
1024 static int hidp_session_start_sync(struct hidp_session *session)
1025 {
1026         unsigned int vendor, product;
1027 
1028         if (session->hid) {
1029                 vendor  = session->hid->vendor;
1030                 product = session->hid->product;
1031         } else if (session->input) {
1032                 vendor  = session->input->id.vendor;
1033                 product = session->input->id.product;
1034         } else {
1035                 vendor = 0x0000;
1036                 product = 0x0000;
1037         }
1038 
1039         session->task = kthread_run(hidp_session_thread, session,
1040                                     "khidpd_%04x%04x", vendor, product);
1041         if (IS_ERR(session->task))
1042                 return PTR_ERR(session->task);
1043 
1044         while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1045                 wait_event(session->state_queue,
1046                            atomic_read(&session->state) > HIDP_SESSION_IDLING);
1047 
1048         return 0;
1049 }
1050 
1051 /*
1052  * Terminate session thread
1053  * Wake up session thread and notify it to stop. This is asynchronous and
1054  * returns immediately. Call this whenever a runtime error occurs and you want
1055  * the session to stop.
1056  * Note: wake_up_process() performs any necessary memory-barriers for us.
1057  */
1058 static void hidp_session_terminate(struct hidp_session *session)
1059 {
1060         atomic_inc(&session->terminate);
1061         wake_up_process(session->task);
1062 }
1063 
1064 /*
1065  * Probe HIDP session
1066  * This is called from the l2cap_conn core when our l2cap_user object is bound
1067  * to the hci-connection. We get the session via the \user object and can now
1068  * start the session thread, link it into the global session list and
1069  * schedule HID/input device registration.
1070  * The global session-list owns its own reference to the session object so you
1071  * can drop your own reference after registering the l2cap_user object.
1072  */
1073 static int hidp_session_probe(struct l2cap_conn *conn,
1074                               struct l2cap_user *user)
1075 {
1076         struct hidp_session *session = container_of(user,
1077                                                     struct hidp_session,
1078                                                     user);
1079         struct hidp_session *s;
1080         int ret;
1081 
1082         down_write(&hidp_session_sem);
1083 
1084         /* check that no other session for this device exists */
1085         s = __hidp_session_find(&session->bdaddr);
1086         if (s) {
1087                 ret = -EEXIST;
1088                 goto out_unlock;
1089         }
1090 
1091         if (session->input) {
1092                 ret = hidp_session_dev_add(session);
1093                 if (ret)
1094                         goto out_unlock;
1095         }
1096 
1097         ret = hidp_session_start_sync(session);
1098         if (ret)
1099                 goto out_del;
1100 
1101         /* HID device registration is async to allow I/O during probe */
1102         if (session->input)
1103                 atomic_inc(&session->state);
1104         else
1105                 schedule_work(&session->dev_init);
1106 
1107         hidp_session_get(session);
1108         list_add(&session->list, &hidp_session_list);
1109         ret = 0;
1110         goto out_unlock;
1111 
1112 out_del:
1113         if (session->input)
1114                 hidp_session_dev_del(session);
1115 out_unlock:
1116         up_write(&hidp_session_sem);
1117         return ret;
1118 }
1119 
1120 /*
1121  * Remove HIDP session
1122  * Called from the l2cap_conn core when either we explicitly unregistered
1123  * the l2cap_user object or if the underlying connection is shut down.
1124  * We signal the hidp-session thread to shut down, unregister the HID/input
1125  * devices and unlink the session from the global list.
1126  * This drops the reference to the session that is owned by the global
1127  * session-list.
1128  * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1129  * This is, because the session-thread might be waiting for an HCI lock that is
1130  * held while we are called. Therefore, we only unregister the devices and
1131  * notify the session-thread to terminate. The thread itself owns a reference
1132  * to the session object so it can safely shut down.
1133  */
1134 static void hidp_session_remove(struct l2cap_conn *conn,
1135                                 struct l2cap_user *user)
1136 {
1137         struct hidp_session *session = container_of(user,
1138                                                     struct hidp_session,
1139                                                     user);
1140 
1141         down_write(&hidp_session_sem);
1142 
1143         hidp_session_terminate(session);
1144 
1145         cancel_work_sync(&session->dev_init);
1146         if (session->input ||
1147             atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1148                 hidp_session_dev_del(session);
1149 
1150         list_del(&session->list);
1151 
1152         up_write(&hidp_session_sem);
1153 
1154         hidp_session_put(session);
1155 }
1156 
1157 /*
1158  * Session Worker
1159  * This performs the actual main-loop of the HIDP worker. We first check
1160  * whether the underlying connection is still alive, then parse all pending
1161  * messages and finally send all outstanding messages.
1162  */
1163 static void hidp_session_run(struct hidp_session *session)
1164 {
1165         struct sock *ctrl_sk = session->ctrl_sock->sk;
1166         struct sock *intr_sk = session->intr_sock->sk;
1167         struct sk_buff *skb;
1168 
1169         for (;;) {
1170                 /*
1171                  * This thread can be woken up two ways:
1172                  *  - You call hidp_session_terminate() which sets the
1173                  *    session->terminate flag and wakes this thread up.
1174                  *  - Via modifying the socket state of ctrl/intr_sock. This
1175                  *    thread is woken up by ->sk_state_changed().
1176                  *
1177                  * Note: set_current_state() performs any necessary
1178                  * memory-barriers for us.
1179                  */
1180                 set_current_state(TASK_INTERRUPTIBLE);
1181 
1182                 if (atomic_read(&session->terminate))
1183                         break;
1184 
1185                 if (ctrl_sk->sk_state != BT_CONNECTED ||
1186                     intr_sk->sk_state != BT_CONNECTED)
1187                         break;
1188 
1189                 /* parse incoming intr-skbs */
1190                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1191                         skb_orphan(skb);
1192                         if (!skb_linearize(skb))
1193                                 hidp_recv_intr_frame(session, skb);
1194                         else
1195                                 kfree_skb(skb);
1196                 }
1197 
1198                 /* send pending intr-skbs */
1199                 hidp_process_transmit(session, &session->intr_transmit,
1200                                       session->intr_sock);
1201 
1202                 /* parse incoming ctrl-skbs */
1203                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1204                         skb_orphan(skb);
1205                         if (!skb_linearize(skb))
1206                                 hidp_recv_ctrl_frame(session, skb);
1207                         else
1208                                 kfree_skb(skb);
1209                 }
1210 
1211                 /* send pending ctrl-skbs */
1212                 hidp_process_transmit(session, &session->ctrl_transmit,
1213                                       session->ctrl_sock);
1214 
1215                 schedule();
1216         }
1217 
1218         atomic_inc(&session->terminate);
1219         set_current_state(TASK_RUNNING);
1220 }
1221 
1222 /*
1223  * HIDP session thread
1224  * This thread runs the I/O for a single HIDP session. Startup is synchronous
1225  * which allows us to take references to ourself here instead of doing that in
1226  * the caller.
1227  * When we are ready to run we notify the caller and call hidp_session_run().
1228  */
1229 static int hidp_session_thread(void *arg)
1230 {
1231         struct hidp_session *session = arg;
1232         wait_queue_t ctrl_wait, intr_wait;
1233 
1234         BT_DBG("session %p", session);
1235 
1236         /* initialize runtime environment */
1237         hidp_session_get(session);
1238         __module_get(THIS_MODULE);
1239         set_user_nice(current, -15);
1240         hidp_set_timer(session);
1241 
1242         init_waitqueue_entry(&ctrl_wait, current);
1243         init_waitqueue_entry(&intr_wait, current);
1244         add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1245         add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1246         /* This memory barrier is paired with wq_has_sleeper(). See
1247          * sock_poll_wait() for more information why this is needed. */
1248         smp_mb();
1249 
1250         /* notify synchronous startup that we're ready */
1251         atomic_inc(&session->state);
1252         wake_up(&session->state_queue);
1253 
1254         /* run session */
1255         hidp_session_run(session);
1256 
1257         /* cleanup runtime environment */
1258         remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1259         remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1260         wake_up_interruptible(&session->report_queue);
1261         hidp_del_timer(session);
1262 
1263         /*
1264          * If we stopped ourself due to any internal signal, we should try to
1265          * unregister our own session here to avoid having it linger until the
1266          * parent l2cap_conn dies or user-space cleans it up.
1267          * This does not deadlock as we don't do any synchronous shutdown.
1268          * Instead, this call has the same semantics as if user-space tried to
1269          * delete the session.
1270          */
1271         l2cap_unregister_user(session->conn, &session->user);
1272         hidp_session_put(session);
1273 
1274         module_put_and_exit(0);
1275         return 0;
1276 }
1277 
1278 static int hidp_verify_sockets(struct socket *ctrl_sock,
1279                                struct socket *intr_sock)
1280 {
1281         struct l2cap_chan *ctrl_chan, *intr_chan;
1282         struct bt_sock *ctrl, *intr;
1283         struct hidp_session *session;
1284 
1285         if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1286                 return -EINVAL;
1287 
1288         ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1289         intr_chan = l2cap_pi(intr_sock->sk)->chan;
1290 
1291         if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1292             bacmp(&ctrl_chan->dst, &intr_chan->dst))
1293                 return -ENOTUNIQ;
1294 
1295         ctrl = bt_sk(ctrl_sock->sk);
1296         intr = bt_sk(intr_sock->sk);
1297 
1298         if (ctrl->sk.sk_state != BT_CONNECTED ||
1299             intr->sk.sk_state != BT_CONNECTED)
1300                 return -EBADFD;
1301 
1302         /* early session check, we check again during session registration */
1303         session = hidp_session_find(&ctrl_chan->dst);
1304         if (session) {
1305                 hidp_session_put(session);
1306                 return -EEXIST;
1307         }
1308 
1309         return 0;
1310 }
1311 
1312 int hidp_connection_add(struct hidp_connadd_req *req,
1313                         struct socket *ctrl_sock,
1314                         struct socket *intr_sock)
1315 {
1316         u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG) |
1317                           BIT(HIDP_BOOT_PROTOCOL_MODE);
1318         struct hidp_session *session;
1319         struct l2cap_conn *conn;
1320         struct l2cap_chan *chan;
1321         int ret;
1322 
1323         ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1324         if (ret)
1325                 return ret;
1326 
1327         if (req->flags & ~valid_flags)
1328                 return -EINVAL;
1329 
1330         chan = l2cap_pi(ctrl_sock->sk)->chan;
1331         conn = NULL;
1332         l2cap_chan_lock(chan);
1333         if (chan->conn)
1334                 conn = l2cap_conn_get(chan->conn);
1335         l2cap_chan_unlock(chan);
1336 
1337         if (!conn)
1338                 return -EBADFD;
1339 
1340         ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1341                                intr_sock, req, conn);
1342         if (ret)
1343                 goto out_conn;
1344 
1345         ret = l2cap_register_user(conn, &session->user);
1346         if (ret)
1347                 goto out_session;
1348 
1349         ret = 0;
1350 
1351 out_session:
1352         hidp_session_put(session);
1353 out_conn:
1354         l2cap_conn_put(conn);
1355         return ret;
1356 }
1357 
1358 int hidp_connection_del(struct hidp_conndel_req *req)
1359 {
1360         u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG);
1361         struct hidp_session *session;
1362 
1363         if (req->flags & ~valid_flags)
1364                 return -EINVAL;
1365 
1366         session = hidp_session_find(&req->bdaddr);
1367         if (!session)
1368                 return -ENOENT;
1369 
1370         if (req->flags & BIT(HIDP_VIRTUAL_CABLE_UNPLUG))
1371                 hidp_send_ctrl_message(session,
1372                                        HIDP_TRANS_HID_CONTROL |
1373                                          HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1374                                        NULL, 0);
1375         else
1376                 l2cap_unregister_user(session->conn, &session->user);
1377 
1378         hidp_session_put(session);
1379 
1380         return 0;
1381 }
1382 
1383 int hidp_get_connlist(struct hidp_connlist_req *req)
1384 {
1385         struct hidp_session *session;
1386         int err = 0, n = 0;
1387 
1388         BT_DBG("");
1389 
1390         down_read(&hidp_session_sem);
1391 
1392         list_for_each_entry(session, &hidp_session_list, list) {
1393                 struct hidp_conninfo ci;
1394 
1395                 hidp_copy_session(session, &ci);
1396 
1397                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1398                         err = -EFAULT;
1399                         break;
1400                 }
1401 
1402                 if (++n >= req->cnum)
1403                         break;
1404 
1405                 req->ci++;
1406         }
1407         req->cnum = n;
1408 
1409         up_read(&hidp_session_sem);
1410         return err;
1411 }
1412 
1413 int hidp_get_conninfo(struct hidp_conninfo *ci)
1414 {
1415         struct hidp_session *session;
1416 
1417         session = hidp_session_find(&ci->bdaddr);
1418         if (session) {
1419                 hidp_copy_session(session, ci);
1420                 hidp_session_put(session);
1421         }
1422 
1423         return session ? 0 : -ENOENT;
1424 }
1425 
1426 static int __init hidp_init(void)
1427 {
1428         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1429 
1430         return hidp_init_sockets();
1431 }
1432 
1433 static void __exit hidp_exit(void)
1434 {
1435         hidp_cleanup_sockets();
1436 }
1437 
1438 module_init(hidp_init);
1439 module_exit(hidp_exit);
1440 
1441 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1442 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1443 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1444 MODULE_VERSION(VERSION);
1445 MODULE_LICENSE("GPL");
1446 MODULE_ALIAS("bt-proto-6");
1447 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us