Version:  2.0.40 2.2.26 2.4.37 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2

Linux/net/bluetooth/hidp/core.c

  1 /*
  2    HIDP implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
  4    Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
  5 
  6    This program is free software; you can redistribute it and/or modify
  7    it under the terms of the GNU General Public License version 2 as
  8    published by the Free Software Foundation;
  9 
 10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18 
 19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 21    SOFTWARE IS DISCLAIMED.
 22 */
 23 
 24 #include <linux/kref.h>
 25 #include <linux/module.h>
 26 #include <linux/file.h>
 27 #include <linux/kthread.h>
 28 #include <linux/hidraw.h>
 29 
 30 #include <net/bluetooth/bluetooth.h>
 31 #include <net/bluetooth/hci_core.h>
 32 #include <net/bluetooth/l2cap.h>
 33 
 34 #include "hidp.h"
 35 
 36 #define VERSION "1.2"
 37 
 38 static DECLARE_RWSEM(hidp_session_sem);
 39 static LIST_HEAD(hidp_session_list);
 40 
 41 static unsigned char hidp_keycode[256] = {
 42           0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,
 43          37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,
 44          21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,
 45          14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,
 46          53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,
 47          99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,
 48          98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,
 49          82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
 50         191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
 51         136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,
 52          95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,
 53           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 54           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 55           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 56           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 57           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 58          29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,
 59         114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
 60 };
 61 
 62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
 63 
 64 static int hidp_session_probe(struct l2cap_conn *conn,
 65                               struct l2cap_user *user);
 66 static void hidp_session_remove(struct l2cap_conn *conn,
 67                                 struct l2cap_user *user);
 68 static int hidp_session_thread(void *arg);
 69 static void hidp_session_terminate(struct hidp_session *s);
 70 
 71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
 72 {
 73         u32 valid_flags = 0;
 74         memset(ci, 0, sizeof(*ci));
 75         bacpy(&ci->bdaddr, &session->bdaddr);
 76 
 77         ci->flags = session->flags & valid_flags;
 78         ci->state = BT_CONNECTED;
 79 
 80         if (session->input) {
 81                 ci->vendor  = session->input->id.vendor;
 82                 ci->product = session->input->id.product;
 83                 ci->version = session->input->id.version;
 84                 if (session->input->name)
 85                         strlcpy(ci->name, session->input->name, 128);
 86                 else
 87                         strlcpy(ci->name, "HID Boot Device", 128);
 88         } else if (session->hid) {
 89                 ci->vendor  = session->hid->vendor;
 90                 ci->product = session->hid->product;
 91                 ci->version = session->hid->version;
 92                 strlcpy(ci->name, session->hid->name, 128);
 93         }
 94 }
 95 
 96 /* assemble skb, queue message on @transmit and wake up the session thread */
 97 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
 98                              struct sk_buff_head *transmit, unsigned char hdr,
 99                              const unsigned char *data, int size)
100 {
101         struct sk_buff *skb;
102         struct sock *sk = sock->sk;
103 
104         BT_DBG("session %p data %p size %d", session, data, size);
105 
106         if (atomic_read(&session->terminate))
107                 return -EIO;
108 
109         skb = alloc_skb(size + 1, GFP_ATOMIC);
110         if (!skb) {
111                 BT_ERR("Can't allocate memory for new frame");
112                 return -ENOMEM;
113         }
114 
115         *skb_put(skb, 1) = hdr;
116         if (data && size > 0)
117                 memcpy(skb_put(skb, size), data, size);
118 
119         skb_queue_tail(transmit, skb);
120         wake_up_interruptible(sk_sleep(sk));
121 
122         return 0;
123 }
124 
125 static int hidp_send_ctrl_message(struct hidp_session *session,
126                                   unsigned char hdr, const unsigned char *data,
127                                   int size)
128 {
129         return hidp_send_message(session, session->ctrl_sock,
130                                  &session->ctrl_transmit, hdr, data, size);
131 }
132 
133 static int hidp_send_intr_message(struct hidp_session *session,
134                                   unsigned char hdr, const unsigned char *data,
135                                   int size)
136 {
137         return hidp_send_message(session, session->intr_sock,
138                                  &session->intr_transmit, hdr, data, size);
139 }
140 
141 static int hidp_input_event(struct input_dev *dev, unsigned int type,
142                             unsigned int code, int value)
143 {
144         struct hidp_session *session = input_get_drvdata(dev);
145         unsigned char newleds;
146         unsigned char hdr, data[2];
147 
148         BT_DBG("session %p type %d code %d value %d",
149                session, type, code, value);
150 
151         if (type != EV_LED)
152                 return -1;
153 
154         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
155                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
156                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
157                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
158                   (!!test_bit(LED_NUML,    dev->led) << 0);
159 
160         if (session->leds == newleds)
161                 return 0;
162 
163         session->leds = newleds;
164 
165         hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166         data[0] = 0x01;
167         data[1] = newleds;
168 
169         return hidp_send_intr_message(session, hdr, data, 2);
170 }
171 
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 {
174         struct input_dev *dev = session->input;
175         unsigned char *keys = session->keys;
176         unsigned char *udata = skb->data + 1;
177         signed char *sdata = skb->data + 1;
178         int i, size = skb->len - 1;
179 
180         switch (skb->data[0]) {
181         case 0x01:      /* Keyboard report */
182                 for (i = 0; i < 8; i++)
183                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 
185                 /* If all the key codes have been set to 0x01, it means
186                  * too many keys were pressed at the same time. */
187                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
188                         break;
189 
190                 for (i = 2; i < 8; i++) {
191                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192                                 if (hidp_keycode[keys[i]])
193                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
194                                 else
195                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
196                         }
197 
198                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199                                 if (hidp_keycode[udata[i]])
200                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
201                                 else
202                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203                         }
204                 }
205 
206                 memcpy(keys, udata, 8);
207                 break;
208 
209         case 0x02:      /* Mouse report */
210                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
211                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
212                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
214                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
215 
216                 input_report_rel(dev, REL_X, sdata[1]);
217                 input_report_rel(dev, REL_Y, sdata[2]);
218 
219                 if (size > 3)
220                         input_report_rel(dev, REL_WHEEL, sdata[3]);
221                 break;
222         }
223 
224         input_sync(dev);
225 }
226 
227 static int hidp_get_raw_report(struct hid_device *hid,
228                 unsigned char report_number,
229                 unsigned char *data, size_t count,
230                 unsigned char report_type)
231 {
232         struct hidp_session *session = hid->driver_data;
233         struct sk_buff *skb;
234         size_t len;
235         int numbered_reports = hid->report_enum[report_type].numbered;
236         int ret;
237 
238         if (atomic_read(&session->terminate))
239                 return -EIO;
240 
241         switch (report_type) {
242         case HID_FEATURE_REPORT:
243                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
244                 break;
245         case HID_INPUT_REPORT:
246                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
247                 break;
248         case HID_OUTPUT_REPORT:
249                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
250                 break;
251         default:
252                 return -EINVAL;
253         }
254 
255         if (mutex_lock_interruptible(&session->report_mutex))
256                 return -ERESTARTSYS;
257 
258         /* Set up our wait, and send the report request to the device. */
259         session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
260         session->waiting_report_number = numbered_reports ? report_number : -1;
261         set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
262         data[0] = report_number;
263         ret = hidp_send_ctrl_message(session, report_type, data, 1);
264         if (ret)
265                 goto err;
266 
267         /* Wait for the return of the report. The returned report
268            gets put in session->report_return.  */
269         while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
270                !atomic_read(&session->terminate)) {
271                 int res;
272 
273                 res = wait_event_interruptible_timeout(session->report_queue,
274                         !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
275                                 || atomic_read(&session->terminate),
276                         5*HZ);
277                 if (res == 0) {
278                         /* timeout */
279                         ret = -EIO;
280                         goto err;
281                 }
282                 if (res < 0) {
283                         /* signal */
284                         ret = -ERESTARTSYS;
285                         goto err;
286                 }
287         }
288 
289         skb = session->report_return;
290         if (skb) {
291                 len = skb->len < count ? skb->len : count;
292                 memcpy(data, skb->data, len);
293 
294                 kfree_skb(skb);
295                 session->report_return = NULL;
296         } else {
297                 /* Device returned a HANDSHAKE, indicating  protocol error. */
298                 len = -EIO;
299         }
300 
301         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
302         mutex_unlock(&session->report_mutex);
303 
304         return len;
305 
306 err:
307         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
308         mutex_unlock(&session->report_mutex);
309         return ret;
310 }
311 
312 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum,
313                                unsigned char *data, size_t count,
314                                unsigned char report_type)
315 {
316         struct hidp_session *session = hid->driver_data;
317         int ret;
318 
319         switch (report_type) {
320         case HID_FEATURE_REPORT:
321                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
322                 break;
323         case HID_INPUT_REPORT:
324                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT;
325                 break;
326         case HID_OUTPUT_REPORT:
327                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
328                 break;
329         default:
330                 return -EINVAL;
331         }
332 
333         if (mutex_lock_interruptible(&session->report_mutex))
334                 return -ERESTARTSYS;
335 
336         /* Set up our wait, and send the report request to the device. */
337         data[0] = reportnum;
338         set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
339         ret = hidp_send_ctrl_message(session, report_type, data, count);
340         if (ret)
341                 goto err;
342 
343         /* Wait for the ACK from the device. */
344         while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
345                !atomic_read(&session->terminate)) {
346                 int res;
347 
348                 res = wait_event_interruptible_timeout(session->report_queue,
349                         !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
350                                 || atomic_read(&session->terminate),
351                         10*HZ);
352                 if (res == 0) {
353                         /* timeout */
354                         ret = -EIO;
355                         goto err;
356                 }
357                 if (res < 0) {
358                         /* signal */
359                         ret = -ERESTARTSYS;
360                         goto err;
361                 }
362         }
363 
364         if (!session->output_report_success) {
365                 ret = -EIO;
366                 goto err;
367         }
368 
369         ret = count;
370 
371 err:
372         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
373         mutex_unlock(&session->report_mutex);
374         return ret;
375 }
376 
377 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count)
378 {
379         struct hidp_session *session = hid->driver_data;
380 
381         return hidp_send_intr_message(session,
382                                       HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT,
383                                       data, count);
384 }
385 
386 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum,
387                             __u8 *buf, size_t len, unsigned char rtype,
388                             int reqtype)
389 {
390         switch (reqtype) {
391         case HID_REQ_GET_REPORT:
392                 return hidp_get_raw_report(hid, reportnum, buf, len, rtype);
393         case HID_REQ_SET_REPORT:
394                 return hidp_set_raw_report(hid, reportnum, buf, len, rtype);
395         default:
396                 return -EIO;
397         }
398 }
399 
400 static void hidp_idle_timeout(unsigned long arg)
401 {
402         struct hidp_session *session = (struct hidp_session *) arg;
403 
404         hidp_session_terminate(session);
405 }
406 
407 static void hidp_set_timer(struct hidp_session *session)
408 {
409         if (session->idle_to > 0)
410                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
411 }
412 
413 static void hidp_del_timer(struct hidp_session *session)
414 {
415         if (session->idle_to > 0)
416                 del_timer(&session->timer);
417 }
418 
419 static void hidp_process_report(struct hidp_session *session,
420                                 int type, const u8 *data, int len, int intr)
421 {
422         if (len > HID_MAX_BUFFER_SIZE)
423                 len = HID_MAX_BUFFER_SIZE;
424 
425         memcpy(session->input_buf, data, len);
426         hid_input_report(session->hid, type, session->input_buf, len, intr);
427 }
428 
429 static void hidp_process_handshake(struct hidp_session *session,
430                                         unsigned char param)
431 {
432         BT_DBG("session %p param 0x%02x", session, param);
433         session->output_report_success = 0; /* default condition */
434 
435         switch (param) {
436         case HIDP_HSHK_SUCCESSFUL:
437                 /* FIXME: Call into SET_ GET_ handlers here */
438                 session->output_report_success = 1;
439                 break;
440 
441         case HIDP_HSHK_NOT_READY:
442         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
443         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
444         case HIDP_HSHK_ERR_INVALID_PARAMETER:
445                 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
446                         wake_up_interruptible(&session->report_queue);
447 
448                 /* FIXME: Call into SET_ GET_ handlers here */
449                 break;
450 
451         case HIDP_HSHK_ERR_UNKNOWN:
452                 break;
453 
454         case HIDP_HSHK_ERR_FATAL:
455                 /* Device requests a reboot, as this is the only way this error
456                  * can be recovered. */
457                 hidp_send_ctrl_message(session,
458                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
459                 break;
460 
461         default:
462                 hidp_send_ctrl_message(session,
463                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
464                 break;
465         }
466 
467         /* Wake up the waiting thread. */
468         if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
469                 wake_up_interruptible(&session->report_queue);
470 }
471 
472 static void hidp_process_hid_control(struct hidp_session *session,
473                                         unsigned char param)
474 {
475         BT_DBG("session %p param 0x%02x", session, param);
476 
477         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
478                 /* Flush the transmit queues */
479                 skb_queue_purge(&session->ctrl_transmit);
480                 skb_queue_purge(&session->intr_transmit);
481 
482                 hidp_session_terminate(session);
483         }
484 }
485 
486 /* Returns true if the passed-in skb should be freed by the caller. */
487 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
488                                 unsigned char param)
489 {
490         int done_with_skb = 1;
491         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
492 
493         switch (param) {
494         case HIDP_DATA_RTYPE_INPUT:
495                 hidp_set_timer(session);
496 
497                 if (session->input)
498                         hidp_input_report(session, skb);
499 
500                 if (session->hid)
501                         hidp_process_report(session, HID_INPUT_REPORT,
502                                             skb->data, skb->len, 0);
503                 break;
504 
505         case HIDP_DATA_RTYPE_OTHER:
506         case HIDP_DATA_RTYPE_OUPUT:
507         case HIDP_DATA_RTYPE_FEATURE:
508                 break;
509 
510         default:
511                 hidp_send_ctrl_message(session,
512                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
513         }
514 
515         if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
516                                 param == session->waiting_report_type) {
517                 if (session->waiting_report_number < 0 ||
518                     session->waiting_report_number == skb->data[0]) {
519                         /* hidp_get_raw_report() is waiting on this report. */
520                         session->report_return = skb;
521                         done_with_skb = 0;
522                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
523                         wake_up_interruptible(&session->report_queue);
524                 }
525         }
526 
527         return done_with_skb;
528 }
529 
530 static void hidp_recv_ctrl_frame(struct hidp_session *session,
531                                         struct sk_buff *skb)
532 {
533         unsigned char hdr, type, param;
534         int free_skb = 1;
535 
536         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
537 
538         hdr = skb->data[0];
539         skb_pull(skb, 1);
540 
541         type = hdr & HIDP_HEADER_TRANS_MASK;
542         param = hdr & HIDP_HEADER_PARAM_MASK;
543 
544         switch (type) {
545         case HIDP_TRANS_HANDSHAKE:
546                 hidp_process_handshake(session, param);
547                 break;
548 
549         case HIDP_TRANS_HID_CONTROL:
550                 hidp_process_hid_control(session, param);
551                 break;
552 
553         case HIDP_TRANS_DATA:
554                 free_skb = hidp_process_data(session, skb, param);
555                 break;
556 
557         default:
558                 hidp_send_ctrl_message(session,
559                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
560                 break;
561         }
562 
563         if (free_skb)
564                 kfree_skb(skb);
565 }
566 
567 static void hidp_recv_intr_frame(struct hidp_session *session,
568                                 struct sk_buff *skb)
569 {
570         unsigned char hdr;
571 
572         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
573 
574         hdr = skb->data[0];
575         skb_pull(skb, 1);
576 
577         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
578                 hidp_set_timer(session);
579 
580                 if (session->input)
581                         hidp_input_report(session, skb);
582 
583                 if (session->hid) {
584                         hidp_process_report(session, HID_INPUT_REPORT,
585                                             skb->data, skb->len, 1);
586                         BT_DBG("report len %d", skb->len);
587                 }
588         } else {
589                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
590         }
591 
592         kfree_skb(skb);
593 }
594 
595 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
596 {
597         struct kvec iv = { data, len };
598         struct msghdr msg;
599 
600         BT_DBG("sock %p data %p len %d", sock, data, len);
601 
602         if (!len)
603                 return 0;
604 
605         memset(&msg, 0, sizeof(msg));
606 
607         return kernel_sendmsg(sock, &msg, &iv, 1, len);
608 }
609 
610 /* dequeue message from @transmit and send via @sock */
611 static void hidp_process_transmit(struct hidp_session *session,
612                                   struct sk_buff_head *transmit,
613                                   struct socket *sock)
614 {
615         struct sk_buff *skb;
616         int ret;
617 
618         BT_DBG("session %p", session);
619 
620         while ((skb = skb_dequeue(transmit))) {
621                 ret = hidp_send_frame(sock, skb->data, skb->len);
622                 if (ret == -EAGAIN) {
623                         skb_queue_head(transmit, skb);
624                         break;
625                 } else if (ret < 0) {
626                         hidp_session_terminate(session);
627                         kfree_skb(skb);
628                         break;
629                 }
630 
631                 hidp_set_timer(session);
632                 kfree_skb(skb);
633         }
634 }
635 
636 static int hidp_setup_input(struct hidp_session *session,
637                                 struct hidp_connadd_req *req)
638 {
639         struct input_dev *input;
640         int i;
641 
642         input = input_allocate_device();
643         if (!input)
644                 return -ENOMEM;
645 
646         session->input = input;
647 
648         input_set_drvdata(input, session);
649 
650         input->name = "Bluetooth HID Boot Protocol Device";
651 
652         input->id.bustype = BUS_BLUETOOTH;
653         input->id.vendor  = req->vendor;
654         input->id.product = req->product;
655         input->id.version = req->version;
656 
657         if (req->subclass & 0x40) {
658                 set_bit(EV_KEY, input->evbit);
659                 set_bit(EV_LED, input->evbit);
660                 set_bit(EV_REP, input->evbit);
661 
662                 set_bit(LED_NUML,    input->ledbit);
663                 set_bit(LED_CAPSL,   input->ledbit);
664                 set_bit(LED_SCROLLL, input->ledbit);
665                 set_bit(LED_COMPOSE, input->ledbit);
666                 set_bit(LED_KANA,    input->ledbit);
667 
668                 for (i = 0; i < sizeof(hidp_keycode); i++)
669                         set_bit(hidp_keycode[i], input->keybit);
670                 clear_bit(0, input->keybit);
671         }
672 
673         if (req->subclass & 0x80) {
674                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
675                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
676                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
677                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
678                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
679                         BIT_MASK(BTN_EXTRA);
680                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
681         }
682 
683         input->dev.parent = &session->conn->hcon->dev;
684 
685         input->event = hidp_input_event;
686 
687         return 0;
688 }
689 
690 static int hidp_open(struct hid_device *hid)
691 {
692         return 0;
693 }
694 
695 static void hidp_close(struct hid_device *hid)
696 {
697 }
698 
699 static int hidp_parse(struct hid_device *hid)
700 {
701         struct hidp_session *session = hid->driver_data;
702 
703         return hid_parse_report(session->hid, session->rd_data,
704                         session->rd_size);
705 }
706 
707 static int hidp_start(struct hid_device *hid)
708 {
709         return 0;
710 }
711 
712 static void hidp_stop(struct hid_device *hid)
713 {
714         struct hidp_session *session = hid->driver_data;
715 
716         skb_queue_purge(&session->ctrl_transmit);
717         skb_queue_purge(&session->intr_transmit);
718 
719         hid->claimed = 0;
720 }
721 
722 static struct hid_ll_driver hidp_hid_driver = {
723         .parse = hidp_parse,
724         .start = hidp_start,
725         .stop = hidp_stop,
726         .open  = hidp_open,
727         .close = hidp_close,
728         .raw_request = hidp_raw_request,
729         .output_report = hidp_output_report,
730 };
731 
732 /* This function sets up the hid device. It does not add it
733    to the HID system. That is done in hidp_add_connection(). */
734 static int hidp_setup_hid(struct hidp_session *session,
735                                 struct hidp_connadd_req *req)
736 {
737         struct hid_device *hid;
738         int err;
739 
740         session->rd_data = memdup_user(req->rd_data, req->rd_size);
741         if (IS_ERR(session->rd_data))
742                 return PTR_ERR(session->rd_data);
743 
744         session->rd_size = req->rd_size;
745 
746         hid = hid_allocate_device();
747         if (IS_ERR(hid)) {
748                 err = PTR_ERR(hid);
749                 goto fault;
750         }
751 
752         session->hid = hid;
753 
754         hid->driver_data = session;
755 
756         hid->bus     = BUS_BLUETOOTH;
757         hid->vendor  = req->vendor;
758         hid->product = req->product;
759         hid->version = req->version;
760         hid->country = req->country;
761 
762         strncpy(hid->name, req->name, sizeof(req->name) - 1);
763 
764         snprintf(hid->phys, sizeof(hid->phys), "%pMR",
765                  &l2cap_pi(session->ctrl_sock->sk)->chan->src);
766 
767         /* NOTE: Some device modules depend on the dst address being stored in
768          * uniq. Please be aware of this before making changes to this behavior.
769          */
770         snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
771                  &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
772 
773         hid->dev.parent = &session->conn->hcon->dev;
774         hid->ll_driver = &hidp_hid_driver;
775 
776         /* True if device is blacklisted in drivers/hid/hid-core.c */
777         if (hid_ignore(hid)) {
778                 hid_destroy_device(session->hid);
779                 session->hid = NULL;
780                 return -ENODEV;
781         }
782 
783         return 0;
784 
785 fault:
786         kfree(session->rd_data);
787         session->rd_data = NULL;
788 
789         return err;
790 }
791 
792 /* initialize session devices */
793 static int hidp_session_dev_init(struct hidp_session *session,
794                                  struct hidp_connadd_req *req)
795 {
796         int ret;
797 
798         if (req->rd_size > 0) {
799                 ret = hidp_setup_hid(session, req);
800                 if (ret && ret != -ENODEV)
801                         return ret;
802         }
803 
804         if (!session->hid) {
805                 ret = hidp_setup_input(session, req);
806                 if (ret < 0)
807                         return ret;
808         }
809 
810         return 0;
811 }
812 
813 /* destroy session devices */
814 static void hidp_session_dev_destroy(struct hidp_session *session)
815 {
816         if (session->hid)
817                 put_device(&session->hid->dev);
818         else if (session->input)
819                 input_put_device(session->input);
820 
821         kfree(session->rd_data);
822         session->rd_data = NULL;
823 }
824 
825 /* add HID/input devices to their underlying bus systems */
826 static int hidp_session_dev_add(struct hidp_session *session)
827 {
828         int ret;
829 
830         /* Both HID and input systems drop a ref-count when unregistering the
831          * device but they don't take a ref-count when registering them. Work
832          * around this by explicitly taking a refcount during registration
833          * which is dropped automatically by unregistering the devices. */
834 
835         if (session->hid) {
836                 ret = hid_add_device(session->hid);
837                 if (ret)
838                         return ret;
839                 get_device(&session->hid->dev);
840         } else if (session->input) {
841                 ret = input_register_device(session->input);
842                 if (ret)
843                         return ret;
844                 input_get_device(session->input);
845         }
846 
847         return 0;
848 }
849 
850 /* remove HID/input devices from their bus systems */
851 static void hidp_session_dev_del(struct hidp_session *session)
852 {
853         if (session->hid)
854                 hid_destroy_device(session->hid);
855         else if (session->input)
856                 input_unregister_device(session->input);
857 }
858 
859 /*
860  * Asynchronous device registration
861  * HID device drivers might want to perform I/O during initialization to
862  * detect device types. Therefore, call device registration in a separate
863  * worker so the HIDP thread can schedule I/O operations.
864  * Note that this must be called after the worker thread was initialized
865  * successfully. This will then add the devices and increase session state
866  * on success, otherwise it will terminate the session thread.
867  */
868 static void hidp_session_dev_work(struct work_struct *work)
869 {
870         struct hidp_session *session = container_of(work,
871                                                     struct hidp_session,
872                                                     dev_init);
873         int ret;
874 
875         ret = hidp_session_dev_add(session);
876         if (!ret)
877                 atomic_inc(&session->state);
878         else
879                 hidp_session_terminate(session);
880 }
881 
882 /*
883  * Create new session object
884  * Allocate session object, initialize static fields, copy input data into the
885  * object and take a reference to all sub-objects.
886  * This returns 0 on success and puts a pointer to the new session object in
887  * \out. Otherwise, an error code is returned.
888  * The new session object has an initial ref-count of 1.
889  */
890 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
891                             struct socket *ctrl_sock,
892                             struct socket *intr_sock,
893                             struct hidp_connadd_req *req,
894                             struct l2cap_conn *conn)
895 {
896         struct hidp_session *session;
897         int ret;
898         struct bt_sock *ctrl, *intr;
899 
900         ctrl = bt_sk(ctrl_sock->sk);
901         intr = bt_sk(intr_sock->sk);
902 
903         session = kzalloc(sizeof(*session), GFP_KERNEL);
904         if (!session)
905                 return -ENOMEM;
906 
907         /* object and runtime management */
908         kref_init(&session->ref);
909         atomic_set(&session->state, HIDP_SESSION_IDLING);
910         init_waitqueue_head(&session->state_queue);
911         session->flags = req->flags & BIT(HIDP_BLUETOOTH_VENDOR_ID);
912 
913         /* connection management */
914         bacpy(&session->bdaddr, bdaddr);
915         session->conn = l2cap_conn_get(conn);
916         session->user.probe = hidp_session_probe;
917         session->user.remove = hidp_session_remove;
918         INIT_LIST_HEAD(&session->user.list);
919         session->ctrl_sock = ctrl_sock;
920         session->intr_sock = intr_sock;
921         skb_queue_head_init(&session->ctrl_transmit);
922         skb_queue_head_init(&session->intr_transmit);
923         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
924                                         l2cap_pi(ctrl)->chan->imtu);
925         session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
926                                         l2cap_pi(intr)->chan->imtu);
927         session->idle_to = req->idle_to;
928 
929         /* device management */
930         INIT_WORK(&session->dev_init, hidp_session_dev_work);
931         setup_timer(&session->timer, hidp_idle_timeout,
932                     (unsigned long)session);
933 
934         /* session data */
935         mutex_init(&session->report_mutex);
936         init_waitqueue_head(&session->report_queue);
937 
938         ret = hidp_session_dev_init(session, req);
939         if (ret)
940                 goto err_free;
941 
942         get_file(session->intr_sock->file);
943         get_file(session->ctrl_sock->file);
944         *out = session;
945         return 0;
946 
947 err_free:
948         l2cap_conn_put(session->conn);
949         kfree(session);
950         return ret;
951 }
952 
953 /* increase ref-count of the given session by one */
954 static void hidp_session_get(struct hidp_session *session)
955 {
956         kref_get(&session->ref);
957 }
958 
959 /* release callback */
960 static void session_free(struct kref *ref)
961 {
962         struct hidp_session *session = container_of(ref, struct hidp_session,
963                                                     ref);
964 
965         hidp_session_dev_destroy(session);
966         skb_queue_purge(&session->ctrl_transmit);
967         skb_queue_purge(&session->intr_transmit);
968         fput(session->intr_sock->file);
969         fput(session->ctrl_sock->file);
970         l2cap_conn_put(session->conn);
971         kfree(session);
972 }
973 
974 /* decrease ref-count of the given session by one */
975 static void hidp_session_put(struct hidp_session *session)
976 {
977         kref_put(&session->ref, session_free);
978 }
979 
980 /*
981  * Search the list of active sessions for a session with target address
982  * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
983  * you do not release this lock, the session objects cannot vanish and you can
984  * safely take a reference to the session yourself.
985  */
986 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
987 {
988         struct hidp_session *session;
989 
990         list_for_each_entry(session, &hidp_session_list, list) {
991                 if (!bacmp(bdaddr, &session->bdaddr))
992                         return session;
993         }
994 
995         return NULL;
996 }
997 
998 /*
999  * Same as __hidp_session_find() but no locks must be held. This also takes a
1000  * reference of the returned session (if non-NULL) so you must drop this
1001  * reference if you no longer use the object.
1002  */
1003 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1004 {
1005         struct hidp_session *session;
1006 
1007         down_read(&hidp_session_sem);
1008 
1009         session = __hidp_session_find(bdaddr);
1010         if (session)
1011                 hidp_session_get(session);
1012 
1013         up_read(&hidp_session_sem);
1014 
1015         return session;
1016 }
1017 
1018 /*
1019  * Start session synchronously
1020  * This starts a session thread and waits until initialization
1021  * is done or returns an error if it couldn't be started.
1022  * If this returns 0 the session thread is up and running. You must call
1023  * hipd_session_stop_sync() before deleting any runtime resources.
1024  */
1025 static int hidp_session_start_sync(struct hidp_session *session)
1026 {
1027         unsigned int vendor, product;
1028 
1029         if (session->hid) {
1030                 vendor  = session->hid->vendor;
1031                 product = session->hid->product;
1032         } else if (session->input) {
1033                 vendor  = session->input->id.vendor;
1034                 product = session->input->id.product;
1035         } else {
1036                 vendor = 0x0000;
1037                 product = 0x0000;
1038         }
1039 
1040         session->task = kthread_run(hidp_session_thread, session,
1041                                     "khidpd_%04x%04x", vendor, product);
1042         if (IS_ERR(session->task))
1043                 return PTR_ERR(session->task);
1044 
1045         while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1046                 wait_event(session->state_queue,
1047                            atomic_read(&session->state) > HIDP_SESSION_IDLING);
1048 
1049         return 0;
1050 }
1051 
1052 /*
1053  * Terminate session thread
1054  * Wake up session thread and notify it to stop. This is asynchronous and
1055  * returns immediately. Call this whenever a runtime error occurs and you want
1056  * the session to stop.
1057  * Note: wake_up_process() performs any necessary memory-barriers for us.
1058  */
1059 static void hidp_session_terminate(struct hidp_session *session)
1060 {
1061         atomic_inc(&session->terminate);
1062         wake_up_process(session->task);
1063 }
1064 
1065 /*
1066  * Probe HIDP session
1067  * This is called from the l2cap_conn core when our l2cap_user object is bound
1068  * to the hci-connection. We get the session via the \user object and can now
1069  * start the session thread, link it into the global session list and
1070  * schedule HID/input device registration.
1071  * The global session-list owns its own reference to the session object so you
1072  * can drop your own reference after registering the l2cap_user object.
1073  */
1074 static int hidp_session_probe(struct l2cap_conn *conn,
1075                               struct l2cap_user *user)
1076 {
1077         struct hidp_session *session = container_of(user,
1078                                                     struct hidp_session,
1079                                                     user);
1080         struct hidp_session *s;
1081         int ret;
1082 
1083         down_write(&hidp_session_sem);
1084 
1085         /* check that no other session for this device exists */
1086         s = __hidp_session_find(&session->bdaddr);
1087         if (s) {
1088                 ret = -EEXIST;
1089                 goto out_unlock;
1090         }
1091 
1092         if (session->input) {
1093                 ret = hidp_session_dev_add(session);
1094                 if (ret)
1095                         goto out_unlock;
1096         }
1097 
1098         ret = hidp_session_start_sync(session);
1099         if (ret)
1100                 goto out_del;
1101 
1102         /* HID device registration is async to allow I/O during probe */
1103         if (session->input)
1104                 atomic_inc(&session->state);
1105         else
1106                 schedule_work(&session->dev_init);
1107 
1108         hidp_session_get(session);
1109         list_add(&session->list, &hidp_session_list);
1110         ret = 0;
1111         goto out_unlock;
1112 
1113 out_del:
1114         if (session->input)
1115                 hidp_session_dev_del(session);
1116 out_unlock:
1117         up_write(&hidp_session_sem);
1118         return ret;
1119 }
1120 
1121 /*
1122  * Remove HIDP session
1123  * Called from the l2cap_conn core when either we explicitly unregistered
1124  * the l2cap_user object or if the underlying connection is shut down.
1125  * We signal the hidp-session thread to shut down, unregister the HID/input
1126  * devices and unlink the session from the global list.
1127  * This drops the reference to the session that is owned by the global
1128  * session-list.
1129  * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1130  * This is, because the session-thread might be waiting for an HCI lock that is
1131  * held while we are called. Therefore, we only unregister the devices and
1132  * notify the session-thread to terminate. The thread itself owns a reference
1133  * to the session object so it can safely shut down.
1134  */
1135 static void hidp_session_remove(struct l2cap_conn *conn,
1136                                 struct l2cap_user *user)
1137 {
1138         struct hidp_session *session = container_of(user,
1139                                                     struct hidp_session,
1140                                                     user);
1141 
1142         down_write(&hidp_session_sem);
1143 
1144         hidp_session_terminate(session);
1145 
1146         cancel_work_sync(&session->dev_init);
1147         if (session->input ||
1148             atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1149                 hidp_session_dev_del(session);
1150 
1151         list_del(&session->list);
1152 
1153         up_write(&hidp_session_sem);
1154 
1155         hidp_session_put(session);
1156 }
1157 
1158 /*
1159  * Session Worker
1160  * This performs the actual main-loop of the HIDP worker. We first check
1161  * whether the underlying connection is still alive, then parse all pending
1162  * messages and finally send all outstanding messages.
1163  */
1164 static void hidp_session_run(struct hidp_session *session)
1165 {
1166         struct sock *ctrl_sk = session->ctrl_sock->sk;
1167         struct sock *intr_sk = session->intr_sock->sk;
1168         struct sk_buff *skb;
1169 
1170         for (;;) {
1171                 /*
1172                  * This thread can be woken up two ways:
1173                  *  - You call hidp_session_terminate() which sets the
1174                  *    session->terminate flag and wakes this thread up.
1175                  *  - Via modifying the socket state of ctrl/intr_sock. This
1176                  *    thread is woken up by ->sk_state_changed().
1177                  *
1178                  * Note: set_current_state() performs any necessary
1179                  * memory-barriers for us.
1180                  */
1181                 set_current_state(TASK_INTERRUPTIBLE);
1182 
1183                 if (atomic_read(&session->terminate))
1184                         break;
1185 
1186                 if (ctrl_sk->sk_state != BT_CONNECTED ||
1187                     intr_sk->sk_state != BT_CONNECTED)
1188                         break;
1189 
1190                 /* parse incoming intr-skbs */
1191                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1192                         skb_orphan(skb);
1193                         if (!skb_linearize(skb))
1194                                 hidp_recv_intr_frame(session, skb);
1195                         else
1196                                 kfree_skb(skb);
1197                 }
1198 
1199                 /* send pending intr-skbs */
1200                 hidp_process_transmit(session, &session->intr_transmit,
1201                                       session->intr_sock);
1202 
1203                 /* parse incoming ctrl-skbs */
1204                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1205                         skb_orphan(skb);
1206                         if (!skb_linearize(skb))
1207                                 hidp_recv_ctrl_frame(session, skb);
1208                         else
1209                                 kfree_skb(skb);
1210                 }
1211 
1212                 /* send pending ctrl-skbs */
1213                 hidp_process_transmit(session, &session->ctrl_transmit,
1214                                       session->ctrl_sock);
1215 
1216                 schedule();
1217         }
1218 
1219         atomic_inc(&session->terminate);
1220         set_current_state(TASK_RUNNING);
1221 }
1222 
1223 /*
1224  * HIDP session thread
1225  * This thread runs the I/O for a single HIDP session. Startup is synchronous
1226  * which allows us to take references to ourself here instead of doing that in
1227  * the caller.
1228  * When we are ready to run we notify the caller and call hidp_session_run().
1229  */
1230 static int hidp_session_thread(void *arg)
1231 {
1232         struct hidp_session *session = arg;
1233         wait_queue_t ctrl_wait, intr_wait;
1234 
1235         BT_DBG("session %p", session);
1236 
1237         /* initialize runtime environment */
1238         hidp_session_get(session);
1239         __module_get(THIS_MODULE);
1240         set_user_nice(current, -15);
1241         hidp_set_timer(session);
1242 
1243         init_waitqueue_entry(&ctrl_wait, current);
1244         init_waitqueue_entry(&intr_wait, current);
1245         add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1246         add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1247         /* This memory barrier is paired with wq_has_sleeper(). See
1248          * sock_poll_wait() for more information why this is needed. */
1249         smp_mb();
1250 
1251         /* notify synchronous startup that we're ready */
1252         atomic_inc(&session->state);
1253         wake_up(&session->state_queue);
1254 
1255         /* run session */
1256         hidp_session_run(session);
1257 
1258         /* cleanup runtime environment */
1259         remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1260         remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1261         wake_up_interruptible(&session->report_queue);
1262         hidp_del_timer(session);
1263 
1264         /*
1265          * If we stopped ourself due to any internal signal, we should try to
1266          * unregister our own session here to avoid having it linger until the
1267          * parent l2cap_conn dies or user-space cleans it up.
1268          * This does not deadlock as we don't do any synchronous shutdown.
1269          * Instead, this call has the same semantics as if user-space tried to
1270          * delete the session.
1271          */
1272         l2cap_unregister_user(session->conn, &session->user);
1273         hidp_session_put(session);
1274 
1275         module_put_and_exit(0);
1276         return 0;
1277 }
1278 
1279 static int hidp_verify_sockets(struct socket *ctrl_sock,
1280                                struct socket *intr_sock)
1281 {
1282         struct l2cap_chan *ctrl_chan, *intr_chan;
1283         struct bt_sock *ctrl, *intr;
1284         struct hidp_session *session;
1285 
1286         if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1287                 return -EINVAL;
1288 
1289         ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1290         intr_chan = l2cap_pi(intr_sock->sk)->chan;
1291 
1292         if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1293             bacmp(&ctrl_chan->dst, &intr_chan->dst))
1294                 return -ENOTUNIQ;
1295 
1296         ctrl = bt_sk(ctrl_sock->sk);
1297         intr = bt_sk(intr_sock->sk);
1298 
1299         if (ctrl->sk.sk_state != BT_CONNECTED ||
1300             intr->sk.sk_state != BT_CONNECTED)
1301                 return -EBADFD;
1302 
1303         /* early session check, we check again during session registration */
1304         session = hidp_session_find(&ctrl_chan->dst);
1305         if (session) {
1306                 hidp_session_put(session);
1307                 return -EEXIST;
1308         }
1309 
1310         return 0;
1311 }
1312 
1313 int hidp_connection_add(struct hidp_connadd_req *req,
1314                         struct socket *ctrl_sock,
1315                         struct socket *intr_sock)
1316 {
1317         u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG) |
1318                           BIT(HIDP_BOOT_PROTOCOL_MODE);
1319         struct hidp_session *session;
1320         struct l2cap_conn *conn;
1321         struct l2cap_chan *chan;
1322         int ret;
1323 
1324         ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1325         if (ret)
1326                 return ret;
1327 
1328         if (req->flags & ~valid_flags)
1329                 return -EINVAL;
1330 
1331         chan = l2cap_pi(ctrl_sock->sk)->chan;
1332         conn = NULL;
1333         l2cap_chan_lock(chan);
1334         if (chan->conn)
1335                 conn = l2cap_conn_get(chan->conn);
1336         l2cap_chan_unlock(chan);
1337 
1338         if (!conn)
1339                 return -EBADFD;
1340 
1341         ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1342                                intr_sock, req, conn);
1343         if (ret)
1344                 goto out_conn;
1345 
1346         ret = l2cap_register_user(conn, &session->user);
1347         if (ret)
1348                 goto out_session;
1349 
1350         ret = 0;
1351 
1352 out_session:
1353         hidp_session_put(session);
1354 out_conn:
1355         l2cap_conn_put(conn);
1356         return ret;
1357 }
1358 
1359 int hidp_connection_del(struct hidp_conndel_req *req)
1360 {
1361         u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG);
1362         struct hidp_session *session;
1363 
1364         if (req->flags & ~valid_flags)
1365                 return -EINVAL;
1366 
1367         session = hidp_session_find(&req->bdaddr);
1368         if (!session)
1369                 return -ENOENT;
1370 
1371         if (req->flags & BIT(HIDP_VIRTUAL_CABLE_UNPLUG))
1372                 hidp_send_ctrl_message(session,
1373                                        HIDP_TRANS_HID_CONTROL |
1374                                          HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1375                                        NULL, 0);
1376         else
1377                 l2cap_unregister_user(session->conn, &session->user);
1378 
1379         hidp_session_put(session);
1380 
1381         return 0;
1382 }
1383 
1384 int hidp_get_connlist(struct hidp_connlist_req *req)
1385 {
1386         struct hidp_session *session;
1387         int err = 0, n = 0;
1388 
1389         BT_DBG("");
1390 
1391         down_read(&hidp_session_sem);
1392 
1393         list_for_each_entry(session, &hidp_session_list, list) {
1394                 struct hidp_conninfo ci;
1395 
1396                 hidp_copy_session(session, &ci);
1397 
1398                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1399                         err = -EFAULT;
1400                         break;
1401                 }
1402 
1403                 if (++n >= req->cnum)
1404                         break;
1405 
1406                 req->ci++;
1407         }
1408         req->cnum = n;
1409 
1410         up_read(&hidp_session_sem);
1411         return err;
1412 }
1413 
1414 int hidp_get_conninfo(struct hidp_conninfo *ci)
1415 {
1416         struct hidp_session *session;
1417 
1418         session = hidp_session_find(&ci->bdaddr);
1419         if (session) {
1420                 hidp_copy_session(session, ci);
1421                 hidp_session_put(session);
1422         }
1423 
1424         return session ? 0 : -ENOENT;
1425 }
1426 
1427 static int __init hidp_init(void)
1428 {
1429         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1430 
1431         return hidp_init_sockets();
1432 }
1433 
1434 static void __exit hidp_exit(void)
1435 {
1436         hidp_cleanup_sockets();
1437 }
1438 
1439 module_init(hidp_init);
1440 module_exit(hidp_exit);
1441 
1442 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1443 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1444 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1445 MODULE_VERSION(VERSION);
1446 MODULE_LICENSE("GPL");
1447 MODULE_ALIAS("bt-proto-6");
1448 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us