Version:  2.0.40 2.2.26 2.4.37 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0

Linux/net/bluetooth/hidp/core.c

  1 /*
  2    HIDP implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
  4    Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
  5 
  6    This program is free software; you can redistribute it and/or modify
  7    it under the terms of the GNU General Public License version 2 as
  8    published by the Free Software Foundation;
  9 
 10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18 
 19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 21    SOFTWARE IS DISCLAIMED.
 22 */
 23 
 24 #include <linux/kref.h>
 25 #include <linux/module.h>
 26 #include <linux/file.h>
 27 #include <linux/kthread.h>
 28 #include <linux/hidraw.h>
 29 
 30 #include <net/bluetooth/bluetooth.h>
 31 #include <net/bluetooth/hci_core.h>
 32 #include <net/bluetooth/l2cap.h>
 33 
 34 #include "hidp.h"
 35 
 36 #define VERSION "1.2"
 37 
 38 static DECLARE_RWSEM(hidp_session_sem);
 39 static LIST_HEAD(hidp_session_list);
 40 
 41 static unsigned char hidp_keycode[256] = {
 42           0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,
 43          37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,
 44          21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,
 45          14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,
 46          53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,
 47          99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,
 48          98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,
 49          82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
 50         191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
 51         136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,
 52          95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,
 53           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 54           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 55           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 56           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 57           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 58          29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,
 59         114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
 60 };
 61 
 62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
 63 
 64 static int hidp_session_probe(struct l2cap_conn *conn,
 65                               struct l2cap_user *user);
 66 static void hidp_session_remove(struct l2cap_conn *conn,
 67                                 struct l2cap_user *user);
 68 static int hidp_session_thread(void *arg);
 69 static void hidp_session_terminate(struct hidp_session *s);
 70 
 71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
 72 {
 73         memset(ci, 0, sizeof(*ci));
 74         bacpy(&ci->bdaddr, &session->bdaddr);
 75 
 76         ci->flags = session->flags;
 77         ci->state = BT_CONNECTED;
 78 
 79         if (session->input) {
 80                 ci->vendor  = session->input->id.vendor;
 81                 ci->product = session->input->id.product;
 82                 ci->version = session->input->id.version;
 83                 if (session->input->name)
 84                         strlcpy(ci->name, session->input->name, 128);
 85                 else
 86                         strlcpy(ci->name, "HID Boot Device", 128);
 87         } else if (session->hid) {
 88                 ci->vendor  = session->hid->vendor;
 89                 ci->product = session->hid->product;
 90                 ci->version = session->hid->version;
 91                 strlcpy(ci->name, session->hid->name, 128);
 92         }
 93 }
 94 
 95 /* assemble skb, queue message on @transmit and wake up the session thread */
 96 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
 97                              struct sk_buff_head *transmit, unsigned char hdr,
 98                              const unsigned char *data, int size)
 99 {
100         struct sk_buff *skb;
101         struct sock *sk = sock->sk;
102 
103         BT_DBG("session %p data %p size %d", session, data, size);
104 
105         if (atomic_read(&session->terminate))
106                 return -EIO;
107 
108         skb = alloc_skb(size + 1, GFP_ATOMIC);
109         if (!skb) {
110                 BT_ERR("Can't allocate memory for new frame");
111                 return -ENOMEM;
112         }
113 
114         *skb_put(skb, 1) = hdr;
115         if (data && size > 0)
116                 memcpy(skb_put(skb, size), data, size);
117 
118         skb_queue_tail(transmit, skb);
119         wake_up_interruptible(sk_sleep(sk));
120 
121         return 0;
122 }
123 
124 static int hidp_send_ctrl_message(struct hidp_session *session,
125                                   unsigned char hdr, const unsigned char *data,
126                                   int size)
127 {
128         return hidp_send_message(session, session->ctrl_sock,
129                                  &session->ctrl_transmit, hdr, data, size);
130 }
131 
132 static int hidp_send_intr_message(struct hidp_session *session,
133                                   unsigned char hdr, const unsigned char *data,
134                                   int size)
135 {
136         return hidp_send_message(session, session->intr_sock,
137                                  &session->intr_transmit, hdr, data, size);
138 }
139 
140 static int hidp_input_event(struct input_dev *dev, unsigned int type,
141                             unsigned int code, int value)
142 {
143         struct hidp_session *session = input_get_drvdata(dev);
144         unsigned char newleds;
145         unsigned char hdr, data[2];
146 
147         BT_DBG("session %p type %d code %d value %d",
148                session, type, code, value);
149 
150         if (type != EV_LED)
151                 return -1;
152 
153         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
154                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
157                   (!!test_bit(LED_NUML,    dev->led) << 0);
158 
159         if (session->leds == newleds)
160                 return 0;
161 
162         session->leds = newleds;
163 
164         hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
165         data[0] = 0x01;
166         data[1] = newleds;
167 
168         return hidp_send_intr_message(session, hdr, data, 2);
169 }
170 
171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
172 {
173         struct input_dev *dev = session->input;
174         unsigned char *keys = session->keys;
175         unsigned char *udata = skb->data + 1;
176         signed char *sdata = skb->data + 1;
177         int i, size = skb->len - 1;
178 
179         switch (skb->data[0]) {
180         case 0x01:      /* Keyboard report */
181                 for (i = 0; i < 8; i++)
182                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
183 
184                 /* If all the key codes have been set to 0x01, it means
185                  * too many keys were pressed at the same time. */
186                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
187                         break;
188 
189                 for (i = 2; i < 8; i++) {
190                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191                                 if (hidp_keycode[keys[i]])
192                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
193                                 else
194                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
195                         }
196 
197                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198                                 if (hidp_keycode[udata[i]])
199                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
200                                 else
201                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
202                         }
203                 }
204 
205                 memcpy(keys, udata, 8);
206                 break;
207 
208         case 0x02:      /* Mouse report */
209                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
210                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
211                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
213                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
214 
215                 input_report_rel(dev, REL_X, sdata[1]);
216                 input_report_rel(dev, REL_Y, sdata[2]);
217 
218                 if (size > 3)
219                         input_report_rel(dev, REL_WHEEL, sdata[3]);
220                 break;
221         }
222 
223         input_sync(dev);
224 }
225 
226 static int hidp_get_raw_report(struct hid_device *hid,
227                 unsigned char report_number,
228                 unsigned char *data, size_t count,
229                 unsigned char report_type)
230 {
231         struct hidp_session *session = hid->driver_data;
232         struct sk_buff *skb;
233         size_t len;
234         int numbered_reports = hid->report_enum[report_type].numbered;
235         int ret;
236 
237         if (atomic_read(&session->terminate))
238                 return -EIO;
239 
240         switch (report_type) {
241         case HID_FEATURE_REPORT:
242                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
243                 break;
244         case HID_INPUT_REPORT:
245                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
246                 break;
247         case HID_OUTPUT_REPORT:
248                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
249                 break;
250         default:
251                 return -EINVAL;
252         }
253 
254         if (mutex_lock_interruptible(&session->report_mutex))
255                 return -ERESTARTSYS;
256 
257         /* Set up our wait, and send the report request to the device. */
258         session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
259         session->waiting_report_number = numbered_reports ? report_number : -1;
260         set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
261         data[0] = report_number;
262         ret = hidp_send_ctrl_message(session, report_type, data, 1);
263         if (ret)
264                 goto err;
265 
266         /* Wait for the return of the report. The returned report
267            gets put in session->report_return.  */
268         while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
269                !atomic_read(&session->terminate)) {
270                 int res;
271 
272                 res = wait_event_interruptible_timeout(session->report_queue,
273                         !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
274                                 || atomic_read(&session->terminate),
275                         5*HZ);
276                 if (res == 0) {
277                         /* timeout */
278                         ret = -EIO;
279                         goto err;
280                 }
281                 if (res < 0) {
282                         /* signal */
283                         ret = -ERESTARTSYS;
284                         goto err;
285                 }
286         }
287 
288         skb = session->report_return;
289         if (skb) {
290                 len = skb->len < count ? skb->len : count;
291                 memcpy(data, skb->data, len);
292 
293                 kfree_skb(skb);
294                 session->report_return = NULL;
295         } else {
296                 /* Device returned a HANDSHAKE, indicating  protocol error. */
297                 len = -EIO;
298         }
299 
300         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
301         mutex_unlock(&session->report_mutex);
302 
303         return len;
304 
305 err:
306         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
307         mutex_unlock(&session->report_mutex);
308         return ret;
309 }
310 
311 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum,
312                                unsigned char *data, size_t count,
313                                unsigned char report_type)
314 {
315         struct hidp_session *session = hid->driver_data;
316         int ret;
317 
318         switch (report_type) {
319         case HID_FEATURE_REPORT:
320                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
321                 break;
322         case HID_INPUT_REPORT:
323                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT;
324                 break;
325         case HID_OUTPUT_REPORT:
326                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
327                 break;
328         default:
329                 return -EINVAL;
330         }
331 
332         if (mutex_lock_interruptible(&session->report_mutex))
333                 return -ERESTARTSYS;
334 
335         /* Set up our wait, and send the report request to the device. */
336         data[0] = reportnum;
337         set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
338         ret = hidp_send_ctrl_message(session, report_type, data, count);
339         if (ret)
340                 goto err;
341 
342         /* Wait for the ACK from the device. */
343         while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
344                !atomic_read(&session->terminate)) {
345                 int res;
346 
347                 res = wait_event_interruptible_timeout(session->report_queue,
348                         !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
349                                 || atomic_read(&session->terminate),
350                         10*HZ);
351                 if (res == 0) {
352                         /* timeout */
353                         ret = -EIO;
354                         goto err;
355                 }
356                 if (res < 0) {
357                         /* signal */
358                         ret = -ERESTARTSYS;
359                         goto err;
360                 }
361         }
362 
363         if (!session->output_report_success) {
364                 ret = -EIO;
365                 goto err;
366         }
367 
368         ret = count;
369 
370 err:
371         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
372         mutex_unlock(&session->report_mutex);
373         return ret;
374 }
375 
376 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count)
377 {
378         struct hidp_session *session = hid->driver_data;
379 
380         return hidp_send_intr_message(session,
381                                       HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT,
382                                       data, count);
383 }
384 
385 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum,
386                             __u8 *buf, size_t len, unsigned char rtype,
387                             int reqtype)
388 {
389         switch (reqtype) {
390         case HID_REQ_GET_REPORT:
391                 return hidp_get_raw_report(hid, reportnum, buf, len, rtype);
392         case HID_REQ_SET_REPORT:
393                 return hidp_set_raw_report(hid, reportnum, buf, len, rtype);
394         default:
395                 return -EIO;
396         }
397 }
398 
399 static void hidp_idle_timeout(unsigned long arg)
400 {
401         struct hidp_session *session = (struct hidp_session *) arg;
402 
403         hidp_session_terminate(session);
404 }
405 
406 static void hidp_set_timer(struct hidp_session *session)
407 {
408         if (session->idle_to > 0)
409                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
410 }
411 
412 static void hidp_del_timer(struct hidp_session *session)
413 {
414         if (session->idle_to > 0)
415                 del_timer(&session->timer);
416 }
417 
418 static void hidp_process_report(struct hidp_session *session,
419                                 int type, const u8 *data, int len, int intr)
420 {
421         if (len > HID_MAX_BUFFER_SIZE)
422                 len = HID_MAX_BUFFER_SIZE;
423 
424         memcpy(session->input_buf, data, len);
425         hid_input_report(session->hid, type, session->input_buf, len, intr);
426 }
427 
428 static void hidp_process_handshake(struct hidp_session *session,
429                                         unsigned char param)
430 {
431         BT_DBG("session %p param 0x%02x", session, param);
432         session->output_report_success = 0; /* default condition */
433 
434         switch (param) {
435         case HIDP_HSHK_SUCCESSFUL:
436                 /* FIXME: Call into SET_ GET_ handlers here */
437                 session->output_report_success = 1;
438                 break;
439 
440         case HIDP_HSHK_NOT_READY:
441         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
442         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
443         case HIDP_HSHK_ERR_INVALID_PARAMETER:
444                 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
445                         wake_up_interruptible(&session->report_queue);
446 
447                 /* FIXME: Call into SET_ GET_ handlers here */
448                 break;
449 
450         case HIDP_HSHK_ERR_UNKNOWN:
451                 break;
452 
453         case HIDP_HSHK_ERR_FATAL:
454                 /* Device requests a reboot, as this is the only way this error
455                  * can be recovered. */
456                 hidp_send_ctrl_message(session,
457                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
458                 break;
459 
460         default:
461                 hidp_send_ctrl_message(session,
462                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
463                 break;
464         }
465 
466         /* Wake up the waiting thread. */
467         if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
468                 wake_up_interruptible(&session->report_queue);
469 }
470 
471 static void hidp_process_hid_control(struct hidp_session *session,
472                                         unsigned char param)
473 {
474         BT_DBG("session %p param 0x%02x", session, param);
475 
476         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
477                 /* Flush the transmit queues */
478                 skb_queue_purge(&session->ctrl_transmit);
479                 skb_queue_purge(&session->intr_transmit);
480 
481                 hidp_session_terminate(session);
482         }
483 }
484 
485 /* Returns true if the passed-in skb should be freed by the caller. */
486 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
487                                 unsigned char param)
488 {
489         int done_with_skb = 1;
490         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
491 
492         switch (param) {
493         case HIDP_DATA_RTYPE_INPUT:
494                 hidp_set_timer(session);
495 
496                 if (session->input)
497                         hidp_input_report(session, skb);
498 
499                 if (session->hid)
500                         hidp_process_report(session, HID_INPUT_REPORT,
501                                             skb->data, skb->len, 0);
502                 break;
503 
504         case HIDP_DATA_RTYPE_OTHER:
505         case HIDP_DATA_RTYPE_OUPUT:
506         case HIDP_DATA_RTYPE_FEATURE:
507                 break;
508 
509         default:
510                 hidp_send_ctrl_message(session,
511                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
512         }
513 
514         if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
515                                 param == session->waiting_report_type) {
516                 if (session->waiting_report_number < 0 ||
517                     session->waiting_report_number == skb->data[0]) {
518                         /* hidp_get_raw_report() is waiting on this report. */
519                         session->report_return = skb;
520                         done_with_skb = 0;
521                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
522                         wake_up_interruptible(&session->report_queue);
523                 }
524         }
525 
526         return done_with_skb;
527 }
528 
529 static void hidp_recv_ctrl_frame(struct hidp_session *session,
530                                         struct sk_buff *skb)
531 {
532         unsigned char hdr, type, param;
533         int free_skb = 1;
534 
535         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
536 
537         hdr = skb->data[0];
538         skb_pull(skb, 1);
539 
540         type = hdr & HIDP_HEADER_TRANS_MASK;
541         param = hdr & HIDP_HEADER_PARAM_MASK;
542 
543         switch (type) {
544         case HIDP_TRANS_HANDSHAKE:
545                 hidp_process_handshake(session, param);
546                 break;
547 
548         case HIDP_TRANS_HID_CONTROL:
549                 hidp_process_hid_control(session, param);
550                 break;
551 
552         case HIDP_TRANS_DATA:
553                 free_skb = hidp_process_data(session, skb, param);
554                 break;
555 
556         default:
557                 hidp_send_ctrl_message(session,
558                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
559                 break;
560         }
561 
562         if (free_skb)
563                 kfree_skb(skb);
564 }
565 
566 static void hidp_recv_intr_frame(struct hidp_session *session,
567                                 struct sk_buff *skb)
568 {
569         unsigned char hdr;
570 
571         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
572 
573         hdr = skb->data[0];
574         skb_pull(skb, 1);
575 
576         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
577                 hidp_set_timer(session);
578 
579                 if (session->input)
580                         hidp_input_report(session, skb);
581 
582                 if (session->hid) {
583                         hidp_process_report(session, HID_INPUT_REPORT,
584                                             skb->data, skb->len, 1);
585                         BT_DBG("report len %d", skb->len);
586                 }
587         } else {
588                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
589         }
590 
591         kfree_skb(skb);
592 }
593 
594 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
595 {
596         struct kvec iv = { data, len };
597         struct msghdr msg;
598 
599         BT_DBG("sock %p data %p len %d", sock, data, len);
600 
601         if (!len)
602                 return 0;
603 
604         memset(&msg, 0, sizeof(msg));
605 
606         return kernel_sendmsg(sock, &msg, &iv, 1, len);
607 }
608 
609 /* dequeue message from @transmit and send via @sock */
610 static void hidp_process_transmit(struct hidp_session *session,
611                                   struct sk_buff_head *transmit,
612                                   struct socket *sock)
613 {
614         struct sk_buff *skb;
615         int ret;
616 
617         BT_DBG("session %p", session);
618 
619         while ((skb = skb_dequeue(transmit))) {
620                 ret = hidp_send_frame(sock, skb->data, skb->len);
621                 if (ret == -EAGAIN) {
622                         skb_queue_head(transmit, skb);
623                         break;
624                 } else if (ret < 0) {
625                         hidp_session_terminate(session);
626                         kfree_skb(skb);
627                         break;
628                 }
629 
630                 hidp_set_timer(session);
631                 kfree_skb(skb);
632         }
633 }
634 
635 static int hidp_setup_input(struct hidp_session *session,
636                                 struct hidp_connadd_req *req)
637 {
638         struct input_dev *input;
639         int i;
640 
641         input = input_allocate_device();
642         if (!input)
643                 return -ENOMEM;
644 
645         session->input = input;
646 
647         input_set_drvdata(input, session);
648 
649         input->name = "Bluetooth HID Boot Protocol Device";
650 
651         input->id.bustype = BUS_BLUETOOTH;
652         input->id.vendor  = req->vendor;
653         input->id.product = req->product;
654         input->id.version = req->version;
655 
656         if (req->subclass & 0x40) {
657                 set_bit(EV_KEY, input->evbit);
658                 set_bit(EV_LED, input->evbit);
659                 set_bit(EV_REP, input->evbit);
660 
661                 set_bit(LED_NUML,    input->ledbit);
662                 set_bit(LED_CAPSL,   input->ledbit);
663                 set_bit(LED_SCROLLL, input->ledbit);
664                 set_bit(LED_COMPOSE, input->ledbit);
665                 set_bit(LED_KANA,    input->ledbit);
666 
667                 for (i = 0; i < sizeof(hidp_keycode); i++)
668                         set_bit(hidp_keycode[i], input->keybit);
669                 clear_bit(0, input->keybit);
670         }
671 
672         if (req->subclass & 0x80) {
673                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
674                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
675                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
676                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
677                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
678                         BIT_MASK(BTN_EXTRA);
679                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
680         }
681 
682         input->dev.parent = &session->conn->hcon->dev;
683 
684         input->event = hidp_input_event;
685 
686         return 0;
687 }
688 
689 static int hidp_open(struct hid_device *hid)
690 {
691         return 0;
692 }
693 
694 static void hidp_close(struct hid_device *hid)
695 {
696 }
697 
698 static int hidp_parse(struct hid_device *hid)
699 {
700         struct hidp_session *session = hid->driver_data;
701 
702         return hid_parse_report(session->hid, session->rd_data,
703                         session->rd_size);
704 }
705 
706 static int hidp_start(struct hid_device *hid)
707 {
708         return 0;
709 }
710 
711 static void hidp_stop(struct hid_device *hid)
712 {
713         struct hidp_session *session = hid->driver_data;
714 
715         skb_queue_purge(&session->ctrl_transmit);
716         skb_queue_purge(&session->intr_transmit);
717 
718         hid->claimed = 0;
719 }
720 
721 static struct hid_ll_driver hidp_hid_driver = {
722         .parse = hidp_parse,
723         .start = hidp_start,
724         .stop = hidp_stop,
725         .open  = hidp_open,
726         .close = hidp_close,
727         .raw_request = hidp_raw_request,
728         .output_report = hidp_output_report,
729 };
730 
731 /* This function sets up the hid device. It does not add it
732    to the HID system. That is done in hidp_add_connection(). */
733 static int hidp_setup_hid(struct hidp_session *session,
734                                 struct hidp_connadd_req *req)
735 {
736         struct hid_device *hid;
737         int err;
738 
739         session->rd_data = memdup_user(req->rd_data, req->rd_size);
740         if (IS_ERR(session->rd_data))
741                 return PTR_ERR(session->rd_data);
742 
743         session->rd_size = req->rd_size;
744 
745         hid = hid_allocate_device();
746         if (IS_ERR(hid)) {
747                 err = PTR_ERR(hid);
748                 goto fault;
749         }
750 
751         session->hid = hid;
752 
753         hid->driver_data = session;
754 
755         hid->bus     = BUS_BLUETOOTH;
756         hid->vendor  = req->vendor;
757         hid->product = req->product;
758         hid->version = req->version;
759         hid->country = req->country;
760 
761         strncpy(hid->name, req->name, sizeof(req->name) - 1);
762 
763         snprintf(hid->phys, sizeof(hid->phys), "%pMR",
764                  &l2cap_pi(session->ctrl_sock->sk)->chan->src);
765 
766         /* NOTE: Some device modules depend on the dst address being stored in
767          * uniq. Please be aware of this before making changes to this behavior.
768          */
769         snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
770                  &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
771 
772         hid->dev.parent = &session->conn->hcon->dev;
773         hid->ll_driver = &hidp_hid_driver;
774 
775         /* True if device is blacklisted in drivers/hid/hid-core.c */
776         if (hid_ignore(hid)) {
777                 hid_destroy_device(session->hid);
778                 session->hid = NULL;
779                 return -ENODEV;
780         }
781 
782         return 0;
783 
784 fault:
785         kfree(session->rd_data);
786         session->rd_data = NULL;
787 
788         return err;
789 }
790 
791 /* initialize session devices */
792 static int hidp_session_dev_init(struct hidp_session *session,
793                                  struct hidp_connadd_req *req)
794 {
795         int ret;
796 
797         if (req->rd_size > 0) {
798                 ret = hidp_setup_hid(session, req);
799                 if (ret && ret != -ENODEV)
800                         return ret;
801         }
802 
803         if (!session->hid) {
804                 ret = hidp_setup_input(session, req);
805                 if (ret < 0)
806                         return ret;
807         }
808 
809         return 0;
810 }
811 
812 /* destroy session devices */
813 static void hidp_session_dev_destroy(struct hidp_session *session)
814 {
815         if (session->hid)
816                 put_device(&session->hid->dev);
817         else if (session->input)
818                 input_put_device(session->input);
819 
820         kfree(session->rd_data);
821         session->rd_data = NULL;
822 }
823 
824 /* add HID/input devices to their underlying bus systems */
825 static int hidp_session_dev_add(struct hidp_session *session)
826 {
827         int ret;
828 
829         /* Both HID and input systems drop a ref-count when unregistering the
830          * device but they don't take a ref-count when registering them. Work
831          * around this by explicitly taking a refcount during registration
832          * which is dropped automatically by unregistering the devices. */
833 
834         if (session->hid) {
835                 ret = hid_add_device(session->hid);
836                 if (ret)
837                         return ret;
838                 get_device(&session->hid->dev);
839         } else if (session->input) {
840                 ret = input_register_device(session->input);
841                 if (ret)
842                         return ret;
843                 input_get_device(session->input);
844         }
845 
846         return 0;
847 }
848 
849 /* remove HID/input devices from their bus systems */
850 static void hidp_session_dev_del(struct hidp_session *session)
851 {
852         if (session->hid)
853                 hid_destroy_device(session->hid);
854         else if (session->input)
855                 input_unregister_device(session->input);
856 }
857 
858 /*
859  * Asynchronous device registration
860  * HID device drivers might want to perform I/O during initialization to
861  * detect device types. Therefore, call device registration in a separate
862  * worker so the HIDP thread can schedule I/O operations.
863  * Note that this must be called after the worker thread was initialized
864  * successfully. This will then add the devices and increase session state
865  * on success, otherwise it will terminate the session thread.
866  */
867 static void hidp_session_dev_work(struct work_struct *work)
868 {
869         struct hidp_session *session = container_of(work,
870                                                     struct hidp_session,
871                                                     dev_init);
872         int ret;
873 
874         ret = hidp_session_dev_add(session);
875         if (!ret)
876                 atomic_inc(&session->state);
877         else
878                 hidp_session_terminate(session);
879 }
880 
881 /*
882  * Create new session object
883  * Allocate session object, initialize static fields, copy input data into the
884  * object and take a reference to all sub-objects.
885  * This returns 0 on success and puts a pointer to the new session object in
886  * \out. Otherwise, an error code is returned.
887  * The new session object has an initial ref-count of 1.
888  */
889 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
890                             struct socket *ctrl_sock,
891                             struct socket *intr_sock,
892                             struct hidp_connadd_req *req,
893                             struct l2cap_conn *conn)
894 {
895         struct hidp_session *session;
896         int ret;
897         struct bt_sock *ctrl, *intr;
898 
899         ctrl = bt_sk(ctrl_sock->sk);
900         intr = bt_sk(intr_sock->sk);
901 
902         session = kzalloc(sizeof(*session), GFP_KERNEL);
903         if (!session)
904                 return -ENOMEM;
905 
906         /* object and runtime management */
907         kref_init(&session->ref);
908         atomic_set(&session->state, HIDP_SESSION_IDLING);
909         init_waitqueue_head(&session->state_queue);
910         session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
911 
912         /* connection management */
913         bacpy(&session->bdaddr, bdaddr);
914         session->conn = l2cap_conn_get(conn);
915         session->user.probe = hidp_session_probe;
916         session->user.remove = hidp_session_remove;
917         session->ctrl_sock = ctrl_sock;
918         session->intr_sock = intr_sock;
919         skb_queue_head_init(&session->ctrl_transmit);
920         skb_queue_head_init(&session->intr_transmit);
921         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
922                                         l2cap_pi(ctrl)->chan->imtu);
923         session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
924                                         l2cap_pi(intr)->chan->imtu);
925         session->idle_to = req->idle_to;
926 
927         /* device management */
928         INIT_WORK(&session->dev_init, hidp_session_dev_work);
929         setup_timer(&session->timer, hidp_idle_timeout,
930                     (unsigned long)session);
931 
932         /* session data */
933         mutex_init(&session->report_mutex);
934         init_waitqueue_head(&session->report_queue);
935 
936         ret = hidp_session_dev_init(session, req);
937         if (ret)
938                 goto err_free;
939 
940         get_file(session->intr_sock->file);
941         get_file(session->ctrl_sock->file);
942         *out = session;
943         return 0;
944 
945 err_free:
946         l2cap_conn_put(session->conn);
947         kfree(session);
948         return ret;
949 }
950 
951 /* increase ref-count of the given session by one */
952 static void hidp_session_get(struct hidp_session *session)
953 {
954         kref_get(&session->ref);
955 }
956 
957 /* release callback */
958 static void session_free(struct kref *ref)
959 {
960         struct hidp_session *session = container_of(ref, struct hidp_session,
961                                                     ref);
962 
963         hidp_session_dev_destroy(session);
964         skb_queue_purge(&session->ctrl_transmit);
965         skb_queue_purge(&session->intr_transmit);
966         fput(session->intr_sock->file);
967         fput(session->ctrl_sock->file);
968         l2cap_conn_put(session->conn);
969         kfree(session);
970 }
971 
972 /* decrease ref-count of the given session by one */
973 static void hidp_session_put(struct hidp_session *session)
974 {
975         kref_put(&session->ref, session_free);
976 }
977 
978 /*
979  * Search the list of active sessions for a session with target address
980  * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
981  * you do not release this lock, the session objects cannot vanish and you can
982  * safely take a reference to the session yourself.
983  */
984 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
985 {
986         struct hidp_session *session;
987 
988         list_for_each_entry(session, &hidp_session_list, list) {
989                 if (!bacmp(bdaddr, &session->bdaddr))
990                         return session;
991         }
992 
993         return NULL;
994 }
995 
996 /*
997  * Same as __hidp_session_find() but no locks must be held. This also takes a
998  * reference of the returned session (if non-NULL) so you must drop this
999  * reference if you no longer use the object.
1000  */
1001 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1002 {
1003         struct hidp_session *session;
1004 
1005         down_read(&hidp_session_sem);
1006 
1007         session = __hidp_session_find(bdaddr);
1008         if (session)
1009                 hidp_session_get(session);
1010 
1011         up_read(&hidp_session_sem);
1012 
1013         return session;
1014 }
1015 
1016 /*
1017  * Start session synchronously
1018  * This starts a session thread and waits until initialization
1019  * is done or returns an error if it couldn't be started.
1020  * If this returns 0 the session thread is up and running. You must call
1021  * hipd_session_stop_sync() before deleting any runtime resources.
1022  */
1023 static int hidp_session_start_sync(struct hidp_session *session)
1024 {
1025         unsigned int vendor, product;
1026 
1027         if (session->hid) {
1028                 vendor  = session->hid->vendor;
1029                 product = session->hid->product;
1030         } else if (session->input) {
1031                 vendor  = session->input->id.vendor;
1032                 product = session->input->id.product;
1033         } else {
1034                 vendor = 0x0000;
1035                 product = 0x0000;
1036         }
1037 
1038         session->task = kthread_run(hidp_session_thread, session,
1039                                     "khidpd_%04x%04x", vendor, product);
1040         if (IS_ERR(session->task))
1041                 return PTR_ERR(session->task);
1042 
1043         while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1044                 wait_event(session->state_queue,
1045                            atomic_read(&session->state) > HIDP_SESSION_IDLING);
1046 
1047         return 0;
1048 }
1049 
1050 /*
1051  * Terminate session thread
1052  * Wake up session thread and notify it to stop. This is asynchronous and
1053  * returns immediately. Call this whenever a runtime error occurs and you want
1054  * the session to stop.
1055  * Note: wake_up_process() performs any necessary memory-barriers for us.
1056  */
1057 static void hidp_session_terminate(struct hidp_session *session)
1058 {
1059         atomic_inc(&session->terminate);
1060         wake_up_process(session->task);
1061 }
1062 
1063 /*
1064  * Probe HIDP session
1065  * This is called from the l2cap_conn core when our l2cap_user object is bound
1066  * to the hci-connection. We get the session via the \user object and can now
1067  * start the session thread, link it into the global session list and
1068  * schedule HID/input device registration.
1069  * The global session-list owns its own reference to the session object so you
1070  * can drop your own reference after registering the l2cap_user object.
1071  */
1072 static int hidp_session_probe(struct l2cap_conn *conn,
1073                               struct l2cap_user *user)
1074 {
1075         struct hidp_session *session = container_of(user,
1076                                                     struct hidp_session,
1077                                                     user);
1078         struct hidp_session *s;
1079         int ret;
1080 
1081         down_write(&hidp_session_sem);
1082 
1083         /* check that no other session for this device exists */
1084         s = __hidp_session_find(&session->bdaddr);
1085         if (s) {
1086                 ret = -EEXIST;
1087                 goto out_unlock;
1088         }
1089 
1090         if (session->input) {
1091                 ret = hidp_session_dev_add(session);
1092                 if (ret)
1093                         goto out_unlock;
1094         }
1095 
1096         ret = hidp_session_start_sync(session);
1097         if (ret)
1098                 goto out_del;
1099 
1100         /* HID device registration is async to allow I/O during probe */
1101         if (session->input)
1102                 atomic_inc(&session->state);
1103         else
1104                 schedule_work(&session->dev_init);
1105 
1106         hidp_session_get(session);
1107         list_add(&session->list, &hidp_session_list);
1108         ret = 0;
1109         goto out_unlock;
1110 
1111 out_del:
1112         if (session->input)
1113                 hidp_session_dev_del(session);
1114 out_unlock:
1115         up_write(&hidp_session_sem);
1116         return ret;
1117 }
1118 
1119 /*
1120  * Remove HIDP session
1121  * Called from the l2cap_conn core when either we explicitly unregistered
1122  * the l2cap_user object or if the underlying connection is shut down.
1123  * We signal the hidp-session thread to shut down, unregister the HID/input
1124  * devices and unlink the session from the global list.
1125  * This drops the reference to the session that is owned by the global
1126  * session-list.
1127  * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1128  * This is, because the session-thread might be waiting for an HCI lock that is
1129  * held while we are called. Therefore, we only unregister the devices and
1130  * notify the session-thread to terminate. The thread itself owns a reference
1131  * to the session object so it can safely shut down.
1132  */
1133 static void hidp_session_remove(struct l2cap_conn *conn,
1134                                 struct l2cap_user *user)
1135 {
1136         struct hidp_session *session = container_of(user,
1137                                                     struct hidp_session,
1138                                                     user);
1139 
1140         down_write(&hidp_session_sem);
1141 
1142         hidp_session_terminate(session);
1143 
1144         cancel_work_sync(&session->dev_init);
1145         if (session->input ||
1146             atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1147                 hidp_session_dev_del(session);
1148 
1149         list_del(&session->list);
1150 
1151         up_write(&hidp_session_sem);
1152 
1153         hidp_session_put(session);
1154 }
1155 
1156 /*
1157  * Session Worker
1158  * This performs the actual main-loop of the HIDP worker. We first check
1159  * whether the underlying connection is still alive, then parse all pending
1160  * messages and finally send all outstanding messages.
1161  */
1162 static void hidp_session_run(struct hidp_session *session)
1163 {
1164         struct sock *ctrl_sk = session->ctrl_sock->sk;
1165         struct sock *intr_sk = session->intr_sock->sk;
1166         struct sk_buff *skb;
1167 
1168         for (;;) {
1169                 /*
1170                  * This thread can be woken up two ways:
1171                  *  - You call hidp_session_terminate() which sets the
1172                  *    session->terminate flag and wakes this thread up.
1173                  *  - Via modifying the socket state of ctrl/intr_sock. This
1174                  *    thread is woken up by ->sk_state_changed().
1175                  *
1176                  * Note: set_current_state() performs any necessary
1177                  * memory-barriers for us.
1178                  */
1179                 set_current_state(TASK_INTERRUPTIBLE);
1180 
1181                 if (atomic_read(&session->terminate))
1182                         break;
1183 
1184                 if (ctrl_sk->sk_state != BT_CONNECTED ||
1185                     intr_sk->sk_state != BT_CONNECTED)
1186                         break;
1187 
1188                 /* parse incoming intr-skbs */
1189                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1190                         skb_orphan(skb);
1191                         if (!skb_linearize(skb))
1192                                 hidp_recv_intr_frame(session, skb);
1193                         else
1194                                 kfree_skb(skb);
1195                 }
1196 
1197                 /* send pending intr-skbs */
1198                 hidp_process_transmit(session, &session->intr_transmit,
1199                                       session->intr_sock);
1200 
1201                 /* parse incoming ctrl-skbs */
1202                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1203                         skb_orphan(skb);
1204                         if (!skb_linearize(skb))
1205                                 hidp_recv_ctrl_frame(session, skb);
1206                         else
1207                                 kfree_skb(skb);
1208                 }
1209 
1210                 /* send pending ctrl-skbs */
1211                 hidp_process_transmit(session, &session->ctrl_transmit,
1212                                       session->ctrl_sock);
1213 
1214                 schedule();
1215         }
1216 
1217         atomic_inc(&session->terminate);
1218         set_current_state(TASK_RUNNING);
1219 }
1220 
1221 /*
1222  * HIDP session thread
1223  * This thread runs the I/O for a single HIDP session. Startup is synchronous
1224  * which allows us to take references to ourself here instead of doing that in
1225  * the caller.
1226  * When we are ready to run we notify the caller and call hidp_session_run().
1227  */
1228 static int hidp_session_thread(void *arg)
1229 {
1230         struct hidp_session *session = arg;
1231         wait_queue_t ctrl_wait, intr_wait;
1232 
1233         BT_DBG("session %p", session);
1234 
1235         /* initialize runtime environment */
1236         hidp_session_get(session);
1237         __module_get(THIS_MODULE);
1238         set_user_nice(current, -15);
1239         hidp_set_timer(session);
1240 
1241         init_waitqueue_entry(&ctrl_wait, current);
1242         init_waitqueue_entry(&intr_wait, current);
1243         add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1244         add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1245         /* This memory barrier is paired with wq_has_sleeper(). See
1246          * sock_poll_wait() for more information why this is needed. */
1247         smp_mb();
1248 
1249         /* notify synchronous startup that we're ready */
1250         atomic_inc(&session->state);
1251         wake_up(&session->state_queue);
1252 
1253         /* run session */
1254         hidp_session_run(session);
1255 
1256         /* cleanup runtime environment */
1257         remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1258         remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1259         wake_up_interruptible(&session->report_queue);
1260         hidp_del_timer(session);
1261 
1262         /*
1263          * If we stopped ourself due to any internal signal, we should try to
1264          * unregister our own session here to avoid having it linger until the
1265          * parent l2cap_conn dies or user-space cleans it up.
1266          * This does not deadlock as we don't do any synchronous shutdown.
1267          * Instead, this call has the same semantics as if user-space tried to
1268          * delete the session.
1269          */
1270         l2cap_unregister_user(session->conn, &session->user);
1271         hidp_session_put(session);
1272 
1273         module_put_and_exit(0);
1274         return 0;
1275 }
1276 
1277 static int hidp_verify_sockets(struct socket *ctrl_sock,
1278                                struct socket *intr_sock)
1279 {
1280         struct l2cap_chan *ctrl_chan, *intr_chan;
1281         struct bt_sock *ctrl, *intr;
1282         struct hidp_session *session;
1283 
1284         if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1285                 return -EINVAL;
1286 
1287         ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1288         intr_chan = l2cap_pi(intr_sock->sk)->chan;
1289 
1290         if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1291             bacmp(&ctrl_chan->dst, &intr_chan->dst))
1292                 return -ENOTUNIQ;
1293 
1294         ctrl = bt_sk(ctrl_sock->sk);
1295         intr = bt_sk(intr_sock->sk);
1296 
1297         if (ctrl->sk.sk_state != BT_CONNECTED ||
1298             intr->sk.sk_state != BT_CONNECTED)
1299                 return -EBADFD;
1300 
1301         /* early session check, we check again during session registration */
1302         session = hidp_session_find(&ctrl_chan->dst);
1303         if (session) {
1304                 hidp_session_put(session);
1305                 return -EEXIST;
1306         }
1307 
1308         return 0;
1309 }
1310 
1311 int hidp_connection_add(struct hidp_connadd_req *req,
1312                         struct socket *ctrl_sock,
1313                         struct socket *intr_sock)
1314 {
1315         struct hidp_session *session;
1316         struct l2cap_conn *conn;
1317         struct l2cap_chan *chan;
1318         int ret;
1319 
1320         ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1321         if (ret)
1322                 return ret;
1323 
1324         chan = l2cap_pi(ctrl_sock->sk)->chan;
1325         conn = NULL;
1326         l2cap_chan_lock(chan);
1327         if (chan->conn)
1328                 conn = l2cap_conn_get(chan->conn);
1329         l2cap_chan_unlock(chan);
1330 
1331         if (!conn)
1332                 return -EBADFD;
1333 
1334         ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1335                                intr_sock, req, conn);
1336         if (ret)
1337                 goto out_conn;
1338 
1339         ret = l2cap_register_user(conn, &session->user);
1340         if (ret)
1341                 goto out_session;
1342 
1343         ret = 0;
1344 
1345 out_session:
1346         hidp_session_put(session);
1347 out_conn:
1348         l2cap_conn_put(conn);
1349         return ret;
1350 }
1351 
1352 int hidp_connection_del(struct hidp_conndel_req *req)
1353 {
1354         struct hidp_session *session;
1355 
1356         session = hidp_session_find(&req->bdaddr);
1357         if (!session)
1358                 return -ENOENT;
1359 
1360         if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1361                 hidp_send_ctrl_message(session,
1362                                        HIDP_TRANS_HID_CONTROL |
1363                                          HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1364                                        NULL, 0);
1365         else
1366                 l2cap_unregister_user(session->conn, &session->user);
1367 
1368         hidp_session_put(session);
1369 
1370         return 0;
1371 }
1372 
1373 int hidp_get_connlist(struct hidp_connlist_req *req)
1374 {
1375         struct hidp_session *session;
1376         int err = 0, n = 0;
1377 
1378         BT_DBG("");
1379 
1380         down_read(&hidp_session_sem);
1381 
1382         list_for_each_entry(session, &hidp_session_list, list) {
1383                 struct hidp_conninfo ci;
1384 
1385                 hidp_copy_session(session, &ci);
1386 
1387                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1388                         err = -EFAULT;
1389                         break;
1390                 }
1391 
1392                 if (++n >= req->cnum)
1393                         break;
1394 
1395                 req->ci++;
1396         }
1397         req->cnum = n;
1398 
1399         up_read(&hidp_session_sem);
1400         return err;
1401 }
1402 
1403 int hidp_get_conninfo(struct hidp_conninfo *ci)
1404 {
1405         struct hidp_session *session;
1406 
1407         session = hidp_session_find(&ci->bdaddr);
1408         if (session) {
1409                 hidp_copy_session(session, ci);
1410                 hidp_session_put(session);
1411         }
1412 
1413         return session ? 0 : -ENOENT;
1414 }
1415 
1416 static int __init hidp_init(void)
1417 {
1418         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1419 
1420         return hidp_init_sockets();
1421 }
1422 
1423 static void __exit hidp_exit(void)
1424 {
1425         hidp_cleanup_sockets();
1426 }
1427 
1428 module_init(hidp_init);
1429 module_exit(hidp_exit);
1430 
1431 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1432 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1433 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1434 MODULE_VERSION(VERSION);
1435 MODULE_LICENSE("GPL");
1436 MODULE_ALIAS("bt-proto-6");
1437 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us