Version:  2.0.40 2.2.26 2.4.37 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16

Linux/net/bluetooth/hidp/core.c

  1 /*
  2    HIDP implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
  4    Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
  5 
  6    This program is free software; you can redistribute it and/or modify
  7    it under the terms of the GNU General Public License version 2 as
  8    published by the Free Software Foundation;
  9 
 10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18 
 19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 21    SOFTWARE IS DISCLAIMED.
 22 */
 23 
 24 #include <linux/kref.h>
 25 #include <linux/module.h>
 26 #include <linux/file.h>
 27 #include <linux/kthread.h>
 28 #include <linux/hidraw.h>
 29 
 30 #include <net/bluetooth/bluetooth.h>
 31 #include <net/bluetooth/hci_core.h>
 32 #include <net/bluetooth/l2cap.h>
 33 
 34 #include "hidp.h"
 35 
 36 #define VERSION "1.2"
 37 
 38 static DECLARE_RWSEM(hidp_session_sem);
 39 static LIST_HEAD(hidp_session_list);
 40 
 41 static unsigned char hidp_keycode[256] = {
 42           0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,
 43          37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,
 44          21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,
 45          14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,
 46          53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,
 47          99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,
 48          98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,
 49          82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
 50         191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
 51         136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,
 52          95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,
 53           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 54           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 55           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 56           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 57           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 58          29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,
 59         114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
 60 };
 61 
 62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
 63 
 64 static int hidp_session_probe(struct l2cap_conn *conn,
 65                               struct l2cap_user *user);
 66 static void hidp_session_remove(struct l2cap_conn *conn,
 67                                 struct l2cap_user *user);
 68 static int hidp_session_thread(void *arg);
 69 static void hidp_session_terminate(struct hidp_session *s);
 70 
 71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
 72 {
 73         memset(ci, 0, sizeof(*ci));
 74         bacpy(&ci->bdaddr, &session->bdaddr);
 75 
 76         ci->flags = session->flags;
 77         ci->state = BT_CONNECTED;
 78 
 79         if (session->input) {
 80                 ci->vendor  = session->input->id.vendor;
 81                 ci->product = session->input->id.product;
 82                 ci->version = session->input->id.version;
 83                 if (session->input->name)
 84                         strlcpy(ci->name, session->input->name, 128);
 85                 else
 86                         strlcpy(ci->name, "HID Boot Device", 128);
 87         } else if (session->hid) {
 88                 ci->vendor  = session->hid->vendor;
 89                 ci->product = session->hid->product;
 90                 ci->version = session->hid->version;
 91                 strlcpy(ci->name, session->hid->name, 128);
 92         }
 93 }
 94 
 95 /* assemble skb, queue message on @transmit and wake up the session thread */
 96 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
 97                              struct sk_buff_head *transmit, unsigned char hdr,
 98                              const unsigned char *data, int size)
 99 {
100         struct sk_buff *skb;
101         struct sock *sk = sock->sk;
102 
103         BT_DBG("session %p data %p size %d", session, data, size);
104 
105         if (atomic_read(&session->terminate))
106                 return -EIO;
107 
108         skb = alloc_skb(size + 1, GFP_ATOMIC);
109         if (!skb) {
110                 BT_ERR("Can't allocate memory for new frame");
111                 return -ENOMEM;
112         }
113 
114         *skb_put(skb, 1) = hdr;
115         if (data && size > 0)
116                 memcpy(skb_put(skb, size), data, size);
117 
118         skb_queue_tail(transmit, skb);
119         wake_up_interruptible(sk_sleep(sk));
120 
121         return 0;
122 }
123 
124 static int hidp_send_ctrl_message(struct hidp_session *session,
125                                   unsigned char hdr, const unsigned char *data,
126                                   int size)
127 {
128         return hidp_send_message(session, session->ctrl_sock,
129                                  &session->ctrl_transmit, hdr, data, size);
130 }
131 
132 static int hidp_send_intr_message(struct hidp_session *session,
133                                   unsigned char hdr, const unsigned char *data,
134                                   int size)
135 {
136         return hidp_send_message(session, session->intr_sock,
137                                  &session->intr_transmit, hdr, data, size);
138 }
139 
140 static int hidp_input_event(struct input_dev *dev, unsigned int type,
141                             unsigned int code, int value)
142 {
143         struct hidp_session *session = input_get_drvdata(dev);
144         unsigned char newleds;
145         unsigned char hdr, data[2];
146 
147         BT_DBG("session %p type %d code %d value %d",
148                session, type, code, value);
149 
150         if (type != EV_LED)
151                 return -1;
152 
153         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
154                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
157                   (!!test_bit(LED_NUML,    dev->led));
158 
159         if (session->leds == newleds)
160                 return 0;
161 
162         session->leds = newleds;
163 
164         hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
165         data[0] = 0x01;
166         data[1] = newleds;
167 
168         return hidp_send_intr_message(session, hdr, data, 2);
169 }
170 
171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
172 {
173         struct input_dev *dev = session->input;
174         unsigned char *keys = session->keys;
175         unsigned char *udata = skb->data + 1;
176         signed char *sdata = skb->data + 1;
177         int i, size = skb->len - 1;
178 
179         switch (skb->data[0]) {
180         case 0x01:      /* Keyboard report */
181                 for (i = 0; i < 8; i++)
182                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
183 
184                 /* If all the key codes have been set to 0x01, it means
185                  * too many keys were pressed at the same time. */
186                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
187                         break;
188 
189                 for (i = 2; i < 8; i++) {
190                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191                                 if (hidp_keycode[keys[i]])
192                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
193                                 else
194                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
195                         }
196 
197                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198                                 if (hidp_keycode[udata[i]])
199                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
200                                 else
201                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
202                         }
203                 }
204 
205                 memcpy(keys, udata, 8);
206                 break;
207 
208         case 0x02:      /* Mouse report */
209                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
210                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
211                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
213                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
214 
215                 input_report_rel(dev, REL_X, sdata[1]);
216                 input_report_rel(dev, REL_Y, sdata[2]);
217 
218                 if (size > 3)
219                         input_report_rel(dev, REL_WHEEL, sdata[3]);
220                 break;
221         }
222 
223         input_sync(dev);
224 }
225 
226 static int hidp_get_raw_report(struct hid_device *hid,
227                 unsigned char report_number,
228                 unsigned char *data, size_t count,
229                 unsigned char report_type)
230 {
231         struct hidp_session *session = hid->driver_data;
232         struct sk_buff *skb;
233         size_t len;
234         int numbered_reports = hid->report_enum[report_type].numbered;
235         int ret;
236 
237         if (atomic_read(&session->terminate))
238                 return -EIO;
239 
240         switch (report_type) {
241         case HID_FEATURE_REPORT:
242                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
243                 break;
244         case HID_INPUT_REPORT:
245                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
246                 break;
247         case HID_OUTPUT_REPORT:
248                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
249                 break;
250         default:
251                 return -EINVAL;
252         }
253 
254         if (mutex_lock_interruptible(&session->report_mutex))
255                 return -ERESTARTSYS;
256 
257         /* Set up our wait, and send the report request to the device. */
258         session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
259         session->waiting_report_number = numbered_reports ? report_number : -1;
260         set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
261         data[0] = report_number;
262         ret = hidp_send_ctrl_message(session, report_type, data, 1);
263         if (ret)
264                 goto err;
265 
266         /* Wait for the return of the report. The returned report
267            gets put in session->report_return.  */
268         while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
269                !atomic_read(&session->terminate)) {
270                 int res;
271 
272                 res = wait_event_interruptible_timeout(session->report_queue,
273                         !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
274                                 || atomic_read(&session->terminate),
275                         5*HZ);
276                 if (res == 0) {
277                         /* timeout */
278                         ret = -EIO;
279                         goto err;
280                 }
281                 if (res < 0) {
282                         /* signal */
283                         ret = -ERESTARTSYS;
284                         goto err;
285                 }
286         }
287 
288         skb = session->report_return;
289         if (skb) {
290                 len = skb->len < count ? skb->len : count;
291                 memcpy(data, skb->data, len);
292 
293                 kfree_skb(skb);
294                 session->report_return = NULL;
295         } else {
296                 /* Device returned a HANDSHAKE, indicating  protocol error. */
297                 len = -EIO;
298         }
299 
300         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
301         mutex_unlock(&session->report_mutex);
302 
303         return len;
304 
305 err:
306         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
307         mutex_unlock(&session->report_mutex);
308         return ret;
309 }
310 
311 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum,
312                                unsigned char *data, size_t count,
313                                unsigned char report_type)
314 {
315         struct hidp_session *session = hid->driver_data;
316         int ret;
317 
318         switch (report_type) {
319         case HID_FEATURE_REPORT:
320                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
321                 break;
322         case HID_INPUT_REPORT:
323                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT;
324                 break;
325         case HID_OUTPUT_REPORT:
326                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
327                 break;
328         default:
329                 return -EINVAL;
330         }
331 
332         if (mutex_lock_interruptible(&session->report_mutex))
333                 return -ERESTARTSYS;
334 
335         /* Set up our wait, and send the report request to the device. */
336         data[0] = reportnum;
337         set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
338         ret = hidp_send_ctrl_message(session, report_type, data, count);
339         if (ret)
340                 goto err;
341 
342         /* Wait for the ACK from the device. */
343         while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
344                !atomic_read(&session->terminate)) {
345                 int res;
346 
347                 res = wait_event_interruptible_timeout(session->report_queue,
348                         !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
349                                 || atomic_read(&session->terminate),
350                         10*HZ);
351                 if (res == 0) {
352                         /* timeout */
353                         ret = -EIO;
354                         goto err;
355                 }
356                 if (res < 0) {
357                         /* signal */
358                         ret = -ERESTARTSYS;
359                         goto err;
360                 }
361         }
362 
363         if (!session->output_report_success) {
364                 ret = -EIO;
365                 goto err;
366         }
367 
368         ret = count;
369 
370 err:
371         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
372         mutex_unlock(&session->report_mutex);
373         return ret;
374 }
375 
376 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count)
377 {
378         struct hidp_session *session = hid->driver_data;
379 
380         return hidp_send_intr_message(session,
381                                       HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT,
382                                       data, count);
383 }
384 
385 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum,
386                             __u8 *buf, size_t len, unsigned char rtype,
387                             int reqtype)
388 {
389         switch (reqtype) {
390         case HID_REQ_GET_REPORT:
391                 return hidp_get_raw_report(hid, reportnum, buf, len, rtype);
392         case HID_REQ_SET_REPORT:
393                 return hidp_set_raw_report(hid, reportnum, buf, len, rtype);
394         default:
395                 return -EIO;
396         }
397 }
398 
399 static void hidp_idle_timeout(unsigned long arg)
400 {
401         struct hidp_session *session = (struct hidp_session *) arg;
402 
403         hidp_session_terminate(session);
404 }
405 
406 static void hidp_set_timer(struct hidp_session *session)
407 {
408         if (session->idle_to > 0)
409                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
410 }
411 
412 static void hidp_del_timer(struct hidp_session *session)
413 {
414         if (session->idle_to > 0)
415                 del_timer(&session->timer);
416 }
417 
418 static void hidp_process_report(struct hidp_session *session,
419                                 int type, const u8 *data, int len, int intr)
420 {
421         if (len > HID_MAX_BUFFER_SIZE)
422                 len = HID_MAX_BUFFER_SIZE;
423 
424         memcpy(session->input_buf, data, len);
425         hid_input_report(session->hid, type, session->input_buf, len, intr);
426 }
427 
428 static void hidp_process_handshake(struct hidp_session *session,
429                                         unsigned char param)
430 {
431         BT_DBG("session %p param 0x%02x", session, param);
432         session->output_report_success = 0; /* default condition */
433 
434         switch (param) {
435         case HIDP_HSHK_SUCCESSFUL:
436                 /* FIXME: Call into SET_ GET_ handlers here */
437                 session->output_report_success = 1;
438                 break;
439 
440         case HIDP_HSHK_NOT_READY:
441         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
442         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
443         case HIDP_HSHK_ERR_INVALID_PARAMETER:
444                 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
445                         wake_up_interruptible(&session->report_queue);
446 
447                 /* FIXME: Call into SET_ GET_ handlers here */
448                 break;
449 
450         case HIDP_HSHK_ERR_UNKNOWN:
451                 break;
452 
453         case HIDP_HSHK_ERR_FATAL:
454                 /* Device requests a reboot, as this is the only way this error
455                  * can be recovered. */
456                 hidp_send_ctrl_message(session,
457                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
458                 break;
459 
460         default:
461                 hidp_send_ctrl_message(session,
462                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
463                 break;
464         }
465 
466         /* Wake up the waiting thread. */
467         if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
468                 wake_up_interruptible(&session->report_queue);
469 }
470 
471 static void hidp_process_hid_control(struct hidp_session *session,
472                                         unsigned char param)
473 {
474         BT_DBG("session %p param 0x%02x", session, param);
475 
476         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
477                 /* Flush the transmit queues */
478                 skb_queue_purge(&session->ctrl_transmit);
479                 skb_queue_purge(&session->intr_transmit);
480 
481                 hidp_session_terminate(session);
482         }
483 }
484 
485 /* Returns true if the passed-in skb should be freed by the caller. */
486 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
487                                 unsigned char param)
488 {
489         int done_with_skb = 1;
490         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
491 
492         switch (param) {
493         case HIDP_DATA_RTYPE_INPUT:
494                 hidp_set_timer(session);
495 
496                 if (session->input)
497                         hidp_input_report(session, skb);
498 
499                 if (session->hid)
500                         hidp_process_report(session, HID_INPUT_REPORT,
501                                             skb->data, skb->len, 0);
502                 break;
503 
504         case HIDP_DATA_RTYPE_OTHER:
505         case HIDP_DATA_RTYPE_OUPUT:
506         case HIDP_DATA_RTYPE_FEATURE:
507                 break;
508 
509         default:
510                 hidp_send_ctrl_message(session,
511                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
512         }
513 
514         if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
515                                 param == session->waiting_report_type) {
516                 if (session->waiting_report_number < 0 ||
517                     session->waiting_report_number == skb->data[0]) {
518                         /* hidp_get_raw_report() is waiting on this report. */
519                         session->report_return = skb;
520                         done_with_skb = 0;
521                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
522                         wake_up_interruptible(&session->report_queue);
523                 }
524         }
525 
526         return done_with_skb;
527 }
528 
529 static void hidp_recv_ctrl_frame(struct hidp_session *session,
530                                         struct sk_buff *skb)
531 {
532         unsigned char hdr, type, param;
533         int free_skb = 1;
534 
535         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
536 
537         hdr = skb->data[0];
538         skb_pull(skb, 1);
539 
540         type = hdr & HIDP_HEADER_TRANS_MASK;
541         param = hdr & HIDP_HEADER_PARAM_MASK;
542 
543         switch (type) {
544         case HIDP_TRANS_HANDSHAKE:
545                 hidp_process_handshake(session, param);
546                 break;
547 
548         case HIDP_TRANS_HID_CONTROL:
549                 hidp_process_hid_control(session, param);
550                 break;
551 
552         case HIDP_TRANS_DATA:
553                 free_skb = hidp_process_data(session, skb, param);
554                 break;
555 
556         default:
557                 hidp_send_ctrl_message(session,
558                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
559                 break;
560         }
561 
562         if (free_skb)
563                 kfree_skb(skb);
564 }
565 
566 static void hidp_recv_intr_frame(struct hidp_session *session,
567                                 struct sk_buff *skb)
568 {
569         unsigned char hdr;
570 
571         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
572 
573         hdr = skb->data[0];
574         skb_pull(skb, 1);
575 
576         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
577                 hidp_set_timer(session);
578 
579                 if (session->input)
580                         hidp_input_report(session, skb);
581 
582                 if (session->hid) {
583                         hidp_process_report(session, HID_INPUT_REPORT,
584                                             skb->data, skb->len, 1);
585                         BT_DBG("report len %d", skb->len);
586                 }
587         } else {
588                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
589         }
590 
591         kfree_skb(skb);
592 }
593 
594 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
595 {
596         struct kvec iv = { data, len };
597         struct msghdr msg;
598 
599         BT_DBG("sock %p data %p len %d", sock, data, len);
600 
601         if (!len)
602                 return 0;
603 
604         memset(&msg, 0, sizeof(msg));
605 
606         return kernel_sendmsg(sock, &msg, &iv, 1, len);
607 }
608 
609 /* dequeue message from @transmit and send via @sock */
610 static void hidp_process_transmit(struct hidp_session *session,
611                                   struct sk_buff_head *transmit,
612                                   struct socket *sock)
613 {
614         struct sk_buff *skb;
615         int ret;
616 
617         BT_DBG("session %p", session);
618 
619         while ((skb = skb_dequeue(transmit))) {
620                 ret = hidp_send_frame(sock, skb->data, skb->len);
621                 if (ret == -EAGAIN) {
622                         skb_queue_head(transmit, skb);
623                         break;
624                 } else if (ret < 0) {
625                         hidp_session_terminate(session);
626                         kfree_skb(skb);
627                         break;
628                 }
629 
630                 hidp_set_timer(session);
631                 kfree_skb(skb);
632         }
633 }
634 
635 static int hidp_setup_input(struct hidp_session *session,
636                                 struct hidp_connadd_req *req)
637 {
638         struct input_dev *input;
639         int i;
640 
641         input = input_allocate_device();
642         if (!input)
643                 return -ENOMEM;
644 
645         session->input = input;
646 
647         input_set_drvdata(input, session);
648 
649         input->name = "Bluetooth HID Boot Protocol Device";
650 
651         input->id.bustype = BUS_BLUETOOTH;
652         input->id.vendor  = req->vendor;
653         input->id.product = req->product;
654         input->id.version = req->version;
655 
656         if (req->subclass & 0x40) {
657                 set_bit(EV_KEY, input->evbit);
658                 set_bit(EV_LED, input->evbit);
659                 set_bit(EV_REP, input->evbit);
660 
661                 set_bit(LED_NUML,    input->ledbit);
662                 set_bit(LED_CAPSL,   input->ledbit);
663                 set_bit(LED_SCROLLL, input->ledbit);
664                 set_bit(LED_COMPOSE, input->ledbit);
665                 set_bit(LED_KANA,    input->ledbit);
666 
667                 for (i = 0; i < sizeof(hidp_keycode); i++)
668                         set_bit(hidp_keycode[i], input->keybit);
669                 clear_bit(0, input->keybit);
670         }
671 
672         if (req->subclass & 0x80) {
673                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
674                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
675                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
676                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
677                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
678                         BIT_MASK(BTN_EXTRA);
679                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
680         }
681 
682         input->dev.parent = &session->conn->hcon->dev;
683 
684         input->event = hidp_input_event;
685 
686         return 0;
687 }
688 
689 static int hidp_open(struct hid_device *hid)
690 {
691         return 0;
692 }
693 
694 static void hidp_close(struct hid_device *hid)
695 {
696 }
697 
698 static int hidp_parse(struct hid_device *hid)
699 {
700         struct hidp_session *session = hid->driver_data;
701 
702         return hid_parse_report(session->hid, session->rd_data,
703                         session->rd_size);
704 }
705 
706 static int hidp_start(struct hid_device *hid)
707 {
708         return 0;
709 }
710 
711 static void hidp_stop(struct hid_device *hid)
712 {
713         struct hidp_session *session = hid->driver_data;
714 
715         skb_queue_purge(&session->ctrl_transmit);
716         skb_queue_purge(&session->intr_transmit);
717 
718         hid->claimed = 0;
719 }
720 
721 static struct hid_ll_driver hidp_hid_driver = {
722         .parse = hidp_parse,
723         .start = hidp_start,
724         .stop = hidp_stop,
725         .open  = hidp_open,
726         .close = hidp_close,
727         .raw_request = hidp_raw_request,
728         .output_report = hidp_output_report,
729 };
730 
731 /* This function sets up the hid device. It does not add it
732    to the HID system. That is done in hidp_add_connection(). */
733 static int hidp_setup_hid(struct hidp_session *session,
734                                 struct hidp_connadd_req *req)
735 {
736         struct hid_device *hid;
737         int err;
738 
739         session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
740         if (!session->rd_data)
741                 return -ENOMEM;
742 
743         if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
744                 err = -EFAULT;
745                 goto fault;
746         }
747         session->rd_size = req->rd_size;
748 
749         hid = hid_allocate_device();
750         if (IS_ERR(hid)) {
751                 err = PTR_ERR(hid);
752                 goto fault;
753         }
754 
755         session->hid = hid;
756 
757         hid->driver_data = session;
758 
759         hid->bus     = BUS_BLUETOOTH;
760         hid->vendor  = req->vendor;
761         hid->product = req->product;
762         hid->version = req->version;
763         hid->country = req->country;
764 
765         strncpy(hid->name, req->name, sizeof(req->name) - 1);
766 
767         snprintf(hid->phys, sizeof(hid->phys), "%pMR",
768                  &l2cap_pi(session->ctrl_sock->sk)->chan->src);
769 
770         /* NOTE: Some device modules depend on the dst address being stored in
771          * uniq. Please be aware of this before making changes to this behavior.
772          */
773         snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
774                  &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
775 
776         hid->dev.parent = &session->conn->hcon->dev;
777         hid->ll_driver = &hidp_hid_driver;
778 
779         /* True if device is blacklisted in drivers/hid/hid-core.c */
780         if (hid_ignore(hid)) {
781                 hid_destroy_device(session->hid);
782                 session->hid = NULL;
783                 return -ENODEV;
784         }
785 
786         return 0;
787 
788 fault:
789         kfree(session->rd_data);
790         session->rd_data = NULL;
791 
792         return err;
793 }
794 
795 /* initialize session devices */
796 static int hidp_session_dev_init(struct hidp_session *session,
797                                  struct hidp_connadd_req *req)
798 {
799         int ret;
800 
801         if (req->rd_size > 0) {
802                 ret = hidp_setup_hid(session, req);
803                 if (ret && ret != -ENODEV)
804                         return ret;
805         }
806 
807         if (!session->hid) {
808                 ret = hidp_setup_input(session, req);
809                 if (ret < 0)
810                         return ret;
811         }
812 
813         return 0;
814 }
815 
816 /* destroy session devices */
817 static void hidp_session_dev_destroy(struct hidp_session *session)
818 {
819         if (session->hid)
820                 put_device(&session->hid->dev);
821         else if (session->input)
822                 input_put_device(session->input);
823 
824         kfree(session->rd_data);
825         session->rd_data = NULL;
826 }
827 
828 /* add HID/input devices to their underlying bus systems */
829 static int hidp_session_dev_add(struct hidp_session *session)
830 {
831         int ret;
832 
833         /* Both HID and input systems drop a ref-count when unregistering the
834          * device but they don't take a ref-count when registering them. Work
835          * around this by explicitly taking a refcount during registration
836          * which is dropped automatically by unregistering the devices. */
837 
838         if (session->hid) {
839                 ret = hid_add_device(session->hid);
840                 if (ret)
841                         return ret;
842                 get_device(&session->hid->dev);
843         } else if (session->input) {
844                 ret = input_register_device(session->input);
845                 if (ret)
846                         return ret;
847                 input_get_device(session->input);
848         }
849 
850         return 0;
851 }
852 
853 /* remove HID/input devices from their bus systems */
854 static void hidp_session_dev_del(struct hidp_session *session)
855 {
856         if (session->hid)
857                 hid_destroy_device(session->hid);
858         else if (session->input)
859                 input_unregister_device(session->input);
860 }
861 
862 /*
863  * Asynchronous device registration
864  * HID device drivers might want to perform I/O during initialization to
865  * detect device types. Therefore, call device registration in a separate
866  * worker so the HIDP thread can schedule I/O operations.
867  * Note that this must be called after the worker thread was initialized
868  * successfully. This will then add the devices and increase session state
869  * on success, otherwise it will terminate the session thread.
870  */
871 static void hidp_session_dev_work(struct work_struct *work)
872 {
873         struct hidp_session *session = container_of(work,
874                                                     struct hidp_session,
875                                                     dev_init);
876         int ret;
877 
878         ret = hidp_session_dev_add(session);
879         if (!ret)
880                 atomic_inc(&session->state);
881         else
882                 hidp_session_terminate(session);
883 }
884 
885 /*
886  * Create new session object
887  * Allocate session object, initialize static fields, copy input data into the
888  * object and take a reference to all sub-objects.
889  * This returns 0 on success and puts a pointer to the new session object in
890  * \out. Otherwise, an error code is returned.
891  * The new session object has an initial ref-count of 1.
892  */
893 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
894                             struct socket *ctrl_sock,
895                             struct socket *intr_sock,
896                             struct hidp_connadd_req *req,
897                             struct l2cap_conn *conn)
898 {
899         struct hidp_session *session;
900         int ret;
901         struct bt_sock *ctrl, *intr;
902 
903         ctrl = bt_sk(ctrl_sock->sk);
904         intr = bt_sk(intr_sock->sk);
905 
906         session = kzalloc(sizeof(*session), GFP_KERNEL);
907         if (!session)
908                 return -ENOMEM;
909 
910         /* object and runtime management */
911         kref_init(&session->ref);
912         atomic_set(&session->state, HIDP_SESSION_IDLING);
913         init_waitqueue_head(&session->state_queue);
914         session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
915 
916         /* connection management */
917         bacpy(&session->bdaddr, bdaddr);
918         session->conn = conn;
919         session->user.probe = hidp_session_probe;
920         session->user.remove = hidp_session_remove;
921         session->ctrl_sock = ctrl_sock;
922         session->intr_sock = intr_sock;
923         skb_queue_head_init(&session->ctrl_transmit);
924         skb_queue_head_init(&session->intr_transmit);
925         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
926                                         l2cap_pi(ctrl)->chan->imtu);
927         session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
928                                         l2cap_pi(intr)->chan->imtu);
929         session->idle_to = req->idle_to;
930 
931         /* device management */
932         INIT_WORK(&session->dev_init, hidp_session_dev_work);
933         setup_timer(&session->timer, hidp_idle_timeout,
934                     (unsigned long)session);
935 
936         /* session data */
937         mutex_init(&session->report_mutex);
938         init_waitqueue_head(&session->report_queue);
939 
940         ret = hidp_session_dev_init(session, req);
941         if (ret)
942                 goto err_free;
943 
944         l2cap_conn_get(session->conn);
945         get_file(session->intr_sock->file);
946         get_file(session->ctrl_sock->file);
947         *out = session;
948         return 0;
949 
950 err_free:
951         kfree(session);
952         return ret;
953 }
954 
955 /* increase ref-count of the given session by one */
956 static void hidp_session_get(struct hidp_session *session)
957 {
958         kref_get(&session->ref);
959 }
960 
961 /* release callback */
962 static void session_free(struct kref *ref)
963 {
964         struct hidp_session *session = container_of(ref, struct hidp_session,
965                                                     ref);
966 
967         hidp_session_dev_destroy(session);
968         skb_queue_purge(&session->ctrl_transmit);
969         skb_queue_purge(&session->intr_transmit);
970         fput(session->intr_sock->file);
971         fput(session->ctrl_sock->file);
972         l2cap_conn_put(session->conn);
973         kfree(session);
974 }
975 
976 /* decrease ref-count of the given session by one */
977 static void hidp_session_put(struct hidp_session *session)
978 {
979         kref_put(&session->ref, session_free);
980 }
981 
982 /*
983  * Search the list of active sessions for a session with target address
984  * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
985  * you do not release this lock, the session objects cannot vanish and you can
986  * safely take a reference to the session yourself.
987  */
988 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
989 {
990         struct hidp_session *session;
991 
992         list_for_each_entry(session, &hidp_session_list, list) {
993                 if (!bacmp(bdaddr, &session->bdaddr))
994                         return session;
995         }
996 
997         return NULL;
998 }
999 
1000 /*
1001  * Same as __hidp_session_find() but no locks must be held. This also takes a
1002  * reference of the returned session (if non-NULL) so you must drop this
1003  * reference if you no longer use the object.
1004  */
1005 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1006 {
1007         struct hidp_session *session;
1008 
1009         down_read(&hidp_session_sem);
1010 
1011         session = __hidp_session_find(bdaddr);
1012         if (session)
1013                 hidp_session_get(session);
1014 
1015         up_read(&hidp_session_sem);
1016 
1017         return session;
1018 }
1019 
1020 /*
1021  * Start session synchronously
1022  * This starts a session thread and waits until initialization
1023  * is done or returns an error if it couldn't be started.
1024  * If this returns 0 the session thread is up and running. You must call
1025  * hipd_session_stop_sync() before deleting any runtime resources.
1026  */
1027 static int hidp_session_start_sync(struct hidp_session *session)
1028 {
1029         unsigned int vendor, product;
1030 
1031         if (session->hid) {
1032                 vendor  = session->hid->vendor;
1033                 product = session->hid->product;
1034         } else if (session->input) {
1035                 vendor  = session->input->id.vendor;
1036                 product = session->input->id.product;
1037         } else {
1038                 vendor = 0x0000;
1039                 product = 0x0000;
1040         }
1041 
1042         session->task = kthread_run(hidp_session_thread, session,
1043                                     "khidpd_%04x%04x", vendor, product);
1044         if (IS_ERR(session->task))
1045                 return PTR_ERR(session->task);
1046 
1047         while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1048                 wait_event(session->state_queue,
1049                            atomic_read(&session->state) > HIDP_SESSION_IDLING);
1050 
1051         return 0;
1052 }
1053 
1054 /*
1055  * Terminate session thread
1056  * Wake up session thread and notify it to stop. This is asynchronous and
1057  * returns immediately. Call this whenever a runtime error occurs and you want
1058  * the session to stop.
1059  * Note: wake_up_process() performs any necessary memory-barriers for us.
1060  */
1061 static void hidp_session_terminate(struct hidp_session *session)
1062 {
1063         atomic_inc(&session->terminate);
1064         wake_up_process(session->task);
1065 }
1066 
1067 /*
1068  * Probe HIDP session
1069  * This is called from the l2cap_conn core when our l2cap_user object is bound
1070  * to the hci-connection. We get the session via the \user object and can now
1071  * start the session thread, link it into the global session list and
1072  * schedule HID/input device registration.
1073  * The global session-list owns its own reference to the session object so you
1074  * can drop your own reference after registering the l2cap_user object.
1075  */
1076 static int hidp_session_probe(struct l2cap_conn *conn,
1077                               struct l2cap_user *user)
1078 {
1079         struct hidp_session *session = container_of(user,
1080                                                     struct hidp_session,
1081                                                     user);
1082         struct hidp_session *s;
1083         int ret;
1084 
1085         down_write(&hidp_session_sem);
1086 
1087         /* check that no other session for this device exists */
1088         s = __hidp_session_find(&session->bdaddr);
1089         if (s) {
1090                 ret = -EEXIST;
1091                 goto out_unlock;
1092         }
1093 
1094         if (session->input) {
1095                 ret = hidp_session_dev_add(session);
1096                 if (ret)
1097                         goto out_unlock;
1098         }
1099 
1100         ret = hidp_session_start_sync(session);
1101         if (ret)
1102                 goto out_del;
1103 
1104         /* HID device registration is async to allow I/O during probe */
1105         if (session->input)
1106                 atomic_inc(&session->state);
1107         else
1108                 schedule_work(&session->dev_init);
1109 
1110         hidp_session_get(session);
1111         list_add(&session->list, &hidp_session_list);
1112         ret = 0;
1113         goto out_unlock;
1114 
1115 out_del:
1116         if (session->input)
1117                 hidp_session_dev_del(session);
1118 out_unlock:
1119         up_write(&hidp_session_sem);
1120         return ret;
1121 }
1122 
1123 /*
1124  * Remove HIDP session
1125  * Called from the l2cap_conn core when either we explicitly unregistered
1126  * the l2cap_user object or if the underlying connection is shut down.
1127  * We signal the hidp-session thread to shut down, unregister the HID/input
1128  * devices and unlink the session from the global list.
1129  * This drops the reference to the session that is owned by the global
1130  * session-list.
1131  * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1132  * This is, because the session-thread might be waiting for an HCI lock that is
1133  * held while we are called. Therefore, we only unregister the devices and
1134  * notify the session-thread to terminate. The thread itself owns a reference
1135  * to the session object so it can safely shut down.
1136  */
1137 static void hidp_session_remove(struct l2cap_conn *conn,
1138                                 struct l2cap_user *user)
1139 {
1140         struct hidp_session *session = container_of(user,
1141                                                     struct hidp_session,
1142                                                     user);
1143 
1144         down_write(&hidp_session_sem);
1145 
1146         hidp_session_terminate(session);
1147 
1148         cancel_work_sync(&session->dev_init);
1149         if (session->input ||
1150             atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1151                 hidp_session_dev_del(session);
1152 
1153         list_del(&session->list);
1154 
1155         up_write(&hidp_session_sem);
1156 
1157         hidp_session_put(session);
1158 }
1159 
1160 /*
1161  * Session Worker
1162  * This performs the actual main-loop of the HIDP worker. We first check
1163  * whether the underlying connection is still alive, then parse all pending
1164  * messages and finally send all outstanding messages.
1165  */
1166 static void hidp_session_run(struct hidp_session *session)
1167 {
1168         struct sock *ctrl_sk = session->ctrl_sock->sk;
1169         struct sock *intr_sk = session->intr_sock->sk;
1170         struct sk_buff *skb;
1171 
1172         for (;;) {
1173                 /*
1174                  * This thread can be woken up two ways:
1175                  *  - You call hidp_session_terminate() which sets the
1176                  *    session->terminate flag and wakes this thread up.
1177                  *  - Via modifying the socket state of ctrl/intr_sock. This
1178                  *    thread is woken up by ->sk_state_changed().
1179                  *
1180                  * Note: set_current_state() performs any necessary
1181                  * memory-barriers for us.
1182                  */
1183                 set_current_state(TASK_INTERRUPTIBLE);
1184 
1185                 if (atomic_read(&session->terminate))
1186                         break;
1187 
1188                 if (ctrl_sk->sk_state != BT_CONNECTED ||
1189                     intr_sk->sk_state != BT_CONNECTED)
1190                         break;
1191 
1192                 /* parse incoming intr-skbs */
1193                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1194                         skb_orphan(skb);
1195                         if (!skb_linearize(skb))
1196                                 hidp_recv_intr_frame(session, skb);
1197                         else
1198                                 kfree_skb(skb);
1199                 }
1200 
1201                 /* send pending intr-skbs */
1202                 hidp_process_transmit(session, &session->intr_transmit,
1203                                       session->intr_sock);
1204 
1205                 /* parse incoming ctrl-skbs */
1206                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1207                         skb_orphan(skb);
1208                         if (!skb_linearize(skb))
1209                                 hidp_recv_ctrl_frame(session, skb);
1210                         else
1211                                 kfree_skb(skb);
1212                 }
1213 
1214                 /* send pending ctrl-skbs */
1215                 hidp_process_transmit(session, &session->ctrl_transmit,
1216                                       session->ctrl_sock);
1217 
1218                 schedule();
1219         }
1220 
1221         atomic_inc(&session->terminate);
1222         set_current_state(TASK_RUNNING);
1223 }
1224 
1225 /*
1226  * HIDP session thread
1227  * This thread runs the I/O for a single HIDP session. Startup is synchronous
1228  * which allows us to take references to ourself here instead of doing that in
1229  * the caller.
1230  * When we are ready to run we notify the caller and call hidp_session_run().
1231  */
1232 static int hidp_session_thread(void *arg)
1233 {
1234         struct hidp_session *session = arg;
1235         wait_queue_t ctrl_wait, intr_wait;
1236 
1237         BT_DBG("session %p", session);
1238 
1239         /* initialize runtime environment */
1240         hidp_session_get(session);
1241         __module_get(THIS_MODULE);
1242         set_user_nice(current, -15);
1243         hidp_set_timer(session);
1244 
1245         init_waitqueue_entry(&ctrl_wait, current);
1246         init_waitqueue_entry(&intr_wait, current);
1247         add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1248         add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1249         /* This memory barrier is paired with wq_has_sleeper(). See
1250          * sock_poll_wait() for more information why this is needed. */
1251         smp_mb();
1252 
1253         /* notify synchronous startup that we're ready */
1254         atomic_inc(&session->state);
1255         wake_up(&session->state_queue);
1256 
1257         /* run session */
1258         hidp_session_run(session);
1259 
1260         /* cleanup runtime environment */
1261         remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1262         remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1263         wake_up_interruptible(&session->report_queue);
1264         hidp_del_timer(session);
1265 
1266         /*
1267          * If we stopped ourself due to any internal signal, we should try to
1268          * unregister our own session here to avoid having it linger until the
1269          * parent l2cap_conn dies or user-space cleans it up.
1270          * This does not deadlock as we don't do any synchronous shutdown.
1271          * Instead, this call has the same semantics as if user-space tried to
1272          * delete the session.
1273          */
1274         l2cap_unregister_user(session->conn, &session->user);
1275         hidp_session_put(session);
1276 
1277         module_put_and_exit(0);
1278         return 0;
1279 }
1280 
1281 static int hidp_verify_sockets(struct socket *ctrl_sock,
1282                                struct socket *intr_sock)
1283 {
1284         struct l2cap_chan *ctrl_chan, *intr_chan;
1285         struct bt_sock *ctrl, *intr;
1286         struct hidp_session *session;
1287 
1288         if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1289                 return -EINVAL;
1290 
1291         ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1292         intr_chan = l2cap_pi(intr_sock->sk)->chan;
1293 
1294         if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1295             bacmp(&ctrl_chan->dst, &intr_chan->dst))
1296                 return -ENOTUNIQ;
1297 
1298         ctrl = bt_sk(ctrl_sock->sk);
1299         intr = bt_sk(intr_sock->sk);
1300 
1301         if (ctrl->sk.sk_state != BT_CONNECTED ||
1302             intr->sk.sk_state != BT_CONNECTED)
1303                 return -EBADFD;
1304 
1305         /* early session check, we check again during session registration */
1306         session = hidp_session_find(&ctrl_chan->dst);
1307         if (session) {
1308                 hidp_session_put(session);
1309                 return -EEXIST;
1310         }
1311 
1312         return 0;
1313 }
1314 
1315 int hidp_connection_add(struct hidp_connadd_req *req,
1316                         struct socket *ctrl_sock,
1317                         struct socket *intr_sock)
1318 {
1319         struct hidp_session *session;
1320         struct l2cap_conn *conn;
1321         struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1322         int ret;
1323 
1324         ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1325         if (ret)
1326                 return ret;
1327 
1328         conn = NULL;
1329         l2cap_chan_lock(chan);
1330         if (chan->conn) {
1331                 l2cap_conn_get(chan->conn);
1332                 conn = chan->conn;
1333         }
1334         l2cap_chan_unlock(chan);
1335 
1336         if (!conn)
1337                 return -EBADFD;
1338 
1339         ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1340                                intr_sock, req, conn);
1341         if (ret)
1342                 goto out_conn;
1343 
1344         ret = l2cap_register_user(conn, &session->user);
1345         if (ret)
1346                 goto out_session;
1347 
1348         ret = 0;
1349 
1350 out_session:
1351         hidp_session_put(session);
1352 out_conn:
1353         l2cap_conn_put(conn);
1354         return ret;
1355 }
1356 
1357 int hidp_connection_del(struct hidp_conndel_req *req)
1358 {
1359         struct hidp_session *session;
1360 
1361         session = hidp_session_find(&req->bdaddr);
1362         if (!session)
1363                 return -ENOENT;
1364 
1365         if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1366                 hidp_send_ctrl_message(session,
1367                                        HIDP_TRANS_HID_CONTROL |
1368                                          HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1369                                        NULL, 0);
1370         else
1371                 l2cap_unregister_user(session->conn, &session->user);
1372 
1373         hidp_session_put(session);
1374 
1375         return 0;
1376 }
1377 
1378 int hidp_get_connlist(struct hidp_connlist_req *req)
1379 {
1380         struct hidp_session *session;
1381         int err = 0, n = 0;
1382 
1383         BT_DBG("");
1384 
1385         down_read(&hidp_session_sem);
1386 
1387         list_for_each_entry(session, &hidp_session_list, list) {
1388                 struct hidp_conninfo ci;
1389 
1390                 hidp_copy_session(session, &ci);
1391 
1392                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1393                         err = -EFAULT;
1394                         break;
1395                 }
1396 
1397                 if (++n >= req->cnum)
1398                         break;
1399 
1400                 req->ci++;
1401         }
1402         req->cnum = n;
1403 
1404         up_read(&hidp_session_sem);
1405         return err;
1406 }
1407 
1408 int hidp_get_conninfo(struct hidp_conninfo *ci)
1409 {
1410         struct hidp_session *session;
1411 
1412         session = hidp_session_find(&ci->bdaddr);
1413         if (session) {
1414                 hidp_copy_session(session, ci);
1415                 hidp_session_put(session);
1416         }
1417 
1418         return session ? 0 : -ENOENT;
1419 }
1420 
1421 static int __init hidp_init(void)
1422 {
1423         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1424 
1425         return hidp_init_sockets();
1426 }
1427 
1428 static void __exit hidp_exit(void)
1429 {
1430         hidp_cleanup_sockets();
1431 }
1432 
1433 module_init(hidp_init);
1434 module_exit(hidp_exit);
1435 
1436 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1437 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1438 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1439 MODULE_VERSION(VERSION);
1440 MODULE_LICENSE("GPL");
1441 MODULE_ALIAS("bt-proto-6");
1442 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us