aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2012-10-30 04:09:48 -0400
committerJohannes Berg <johannes.berg@intel.com>2012-10-30 04:09:48 -0400
commit6fb47de9cf1be4710fb9f364c500ff216fb47b34 (patch)
treee638cd1de972e7120dff9200efe71ce1b4ca3805 /net
parent1041638f2bba0f1de75e66086d50fb1251d64dcf (diff)
parentab3d59d265e772e734c36fe738809cb1a910f566 (diff)
Merge remote-tracking branch 'wireless-next/master' into mac80211-next
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/Kconfig1
-rw-r--r--net/bluetooth/Makefile2
-rw-r--r--net/bluetooth/a2mp.c459
-rw-r--r--net/bluetooth/af_bluetooth.c10
-rw-r--r--net/bluetooth/amp.c374
-rw-r--r--net/bluetooth/bnep/core.c3
-rw-r--r--net/bluetooth/cmtp/core.c2
-rw-r--r--net/bluetooth/hci_conn.c70
-rw-r--r--net/bluetooth/hci_core.c65
-rw-r--r--net/bluetooth/hci_event.c167
-rw-r--r--net/bluetooth/hci_sysfs.c10
-rw-r--r--net/bluetooth/hidp/core.c8
-rw-r--r--net/bluetooth/l2cap_core.c503
-rw-r--r--net/bluetooth/l2cap_sock.c89
-rw-r--r--net/bluetooth/lib.c14
-rw-r--r--net/bluetooth/mgmt.c5
-rw-r--r--net/bluetooth/rfcomm/core.c19
-rw-r--r--net/bluetooth/rfcomm/sock.c9
-rw-r--r--net/bluetooth/rfcomm/tty.c6
-rw-r--r--net/bluetooth/sco.c12
-rw-r--r--net/bluetooth/smp.c8
-rw-r--r--net/mac80211/ibss.c2
-rw-r--r--net/mac80211/iface.c2
-rw-r--r--net/mac80211/mlme.c34
-rw-r--r--net/mac80211/rx.c74
-rw-r--r--net/mac80211/sta_info.c4
-rw-r--r--net/mac80211/util.c46
-rw-r--r--net/mac80211/wpa.c14
-rw-r--r--net/nfc/Kconfig4
-rw-r--r--net/nfc/core.c33
-rw-r--r--net/nfc/hci/command.c24
-rw-r--r--net/nfc/hci/core.c71
-rw-r--r--net/nfc/hci/llc.c2
-rw-r--r--net/nfc/hci/llc_shdlc.c7
-rw-r--r--net/nfc/llcp/Kconfig4
-rw-r--r--net/nfc/llcp/commands.c120
-rw-r--r--net/nfc/llcp/llcp.c226
-rw-r--r--net/nfc/llcp/llcp.h13
-rw-r--r--net/nfc/llcp/sock.c42
-rw-r--r--net/nfc/nci/Kconfig4
-rw-r--r--net/nfc/nci/core.c29
-rw-r--r--net/nfc/netlink.c157
-rw-r--r--net/nfc/nfc.h6
-rw-r--r--net/nfc/rawsock.c1
-rw-r--r--net/wireless/core.c3
-rw-r--r--net/wireless/mlme.c12
-rw-r--r--net/wireless/reg.c5
-rw-r--r--net/wireless/util.c14
48 files changed, 2237 insertions, 552 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 3537d385035..1c11d0dcd86 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -11,6 +11,7 @@ menuconfig BT
11 select CRYPTO_BLKCIPHER 11 select CRYPTO_BLKCIPHER
12 select CRYPTO_AES 12 select CRYPTO_AES
13 select CRYPTO_ECB 13 select CRYPTO_ECB
14 select CRYPTO_SHA256
14 help 15 help
15 Bluetooth is low-cost, low-power, short-range wireless technology. 16 Bluetooth is low-cost, low-power, short-range wireless technology.
16 It was designed as a replacement for cables and other short-range 17 It was designed as a replacement for cables and other short-range
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile
index fa6d94a4602..dea6a287dac 100644
--- a/net/bluetooth/Makefile
+++ b/net/bluetooth/Makefile
@@ -10,4 +10,4 @@ obj-$(CONFIG_BT_HIDP) += hidp/
10 10
11bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ 11bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \
12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \ 12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \
13 a2mp.o 13 a2mp.o amp.o
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index 0760d1fed6f..d5136cfb57e 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -16,6 +16,11 @@
16#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/l2cap.h> 17#include <net/bluetooth/l2cap.h>
18#include <net/bluetooth/a2mp.h> 18#include <net/bluetooth/a2mp.h>
19#include <net/bluetooth/amp.h>
20
21/* Global AMP Manager list */
22LIST_HEAD(amp_mgr_list);
23DEFINE_MUTEX(amp_mgr_list_lock);
19 24
20/* A2MP build & send command helper functions */ 25/* A2MP build & send command helper functions */
21static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data) 26static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
@@ -37,8 +42,7 @@ static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
37 return cmd; 42 return cmd;
38} 43}
39 44
40static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, 45void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data)
41 void *data)
42{ 46{
43 struct l2cap_chan *chan = mgr->a2mp_chan; 47 struct l2cap_chan *chan = mgr->a2mp_chan;
44 struct a2mp_cmd *cmd; 48 struct a2mp_cmd *cmd;
@@ -63,6 +67,14 @@ static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len,
63 kfree(cmd); 67 kfree(cmd);
64} 68}
65 69
70u8 __next_ident(struct amp_mgr *mgr)
71{
72 if (++mgr->ident == 0)
73 mgr->ident = 1;
74
75 return mgr->ident;
76}
77
66static inline void __a2mp_cl_bredr(struct a2mp_cl *cl) 78static inline void __a2mp_cl_bredr(struct a2mp_cl *cl)
67{ 79{
68 cl->id = 0; 80 cl->id = 0;
@@ -161,6 +173,83 @@ static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
161 return 0; 173 return 0;
162} 174}
163 175
176static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
177 struct a2mp_cmd *hdr)
178{
179 struct a2mp_discov_rsp *rsp = (void *) skb->data;
180 u16 len = le16_to_cpu(hdr->len);
181 struct a2mp_cl *cl;
182 u16 ext_feat;
183 bool found = false;
184
185 if (len < sizeof(*rsp))
186 return -EINVAL;
187
188 len -= sizeof(*rsp);
189 skb_pull(skb, sizeof(*rsp));
190
191 ext_feat = le16_to_cpu(rsp->ext_feat);
192
193 BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(rsp->mtu), ext_feat);
194
195 /* check that packet is not broken for now */
196 while (ext_feat & A2MP_FEAT_EXT) {
197 if (len < sizeof(ext_feat))
198 return -EINVAL;
199
200 ext_feat = get_unaligned_le16(skb->data);
201 BT_DBG("efm 0x%4.4x", ext_feat);
202 len -= sizeof(ext_feat);
203 skb_pull(skb, sizeof(ext_feat));
204 }
205
206 cl = (void *) skb->data;
207 while (len >= sizeof(*cl)) {
208 BT_DBG("Remote AMP id %d type %d status %d", cl->id, cl->type,
209 cl->status);
210
211 if (cl->id != HCI_BREDR_ID && cl->type == HCI_AMP) {
212 struct a2mp_info_req req;
213
214 found = true;
215 req.id = cl->id;
216 a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr),
217 sizeof(req), &req);
218 }
219
220 len -= sizeof(*cl);
221 cl = (void *) skb_pull(skb, sizeof(*cl));
222 }
223
224 /* Fall back to L2CAP init sequence */
225 if (!found) {
226 struct l2cap_conn *conn = mgr->l2cap_conn;
227 struct l2cap_chan *chan;
228
229 mutex_lock(&conn->chan_lock);
230
231 list_for_each_entry(chan, &conn->chan_l, list) {
232
233 BT_DBG("chan %p state %s", chan,
234 state_to_string(chan->state));
235
236 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP)
237 continue;
238
239 l2cap_chan_lock(chan);
240
241 if (chan->state == BT_CONNECT)
242 l2cap_send_conn_req(chan);
243
244 l2cap_chan_unlock(chan);
245 }
246
247 mutex_unlock(&conn->chan_lock);
248 }
249
250 return 0;
251}
252
164static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb, 253static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb,
165 struct a2mp_cmd *hdr) 254 struct a2mp_cmd *hdr)
166{ 255{
@@ -181,7 +270,6 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
181 struct a2mp_cmd *hdr) 270 struct a2mp_cmd *hdr)
182{ 271{
183 struct a2mp_info_req *req = (void *) skb->data; 272 struct a2mp_info_req *req = (void *) skb->data;
184 struct a2mp_info_rsp rsp;
185 struct hci_dev *hdev; 273 struct hci_dev *hdev;
186 274
187 if (le16_to_cpu(hdr->len) < sizeof(*req)) 275 if (le16_to_cpu(hdr->len) < sizeof(*req))
@@ -189,53 +277,93 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
189 277
190 BT_DBG("id %d", req->id); 278 BT_DBG("id %d", req->id);
191 279
192 rsp.id = req->id;
193 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
194
195 hdev = hci_dev_get(req->id); 280 hdev = hci_dev_get(req->id);
196 if (hdev && hdev->amp_type != HCI_BREDR) { 281 if (!hdev || hdev->dev_type != HCI_AMP) {
197 rsp.status = 0; 282 struct a2mp_info_rsp rsp;
198 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw); 283
199 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw); 284 rsp.id = req->id;
200 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency); 285 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
201 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap); 286
202 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size); 287 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp),
288 &rsp);
289
290 goto done;
203 } 291 }
204 292
293 mgr->state = READ_LOC_AMP_INFO;
294 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
295
296done:
205 if (hdev) 297 if (hdev)
206 hci_dev_put(hdev); 298 hci_dev_put(hdev);
207 299
208 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp), &rsp);
209
210 skb_pull(skb, sizeof(*req)); 300 skb_pull(skb, sizeof(*req));
211 return 0; 301 return 0;
212} 302}
213 303
304static int a2mp_getinfo_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
305 struct a2mp_cmd *hdr)
306{
307 struct a2mp_info_rsp *rsp = (struct a2mp_info_rsp *) skb->data;
308 struct a2mp_amp_assoc_req req;
309 struct amp_ctrl *ctrl;
310
311 if (le16_to_cpu(hdr->len) < sizeof(*rsp))
312 return -EINVAL;
313
314 BT_DBG("id %d status 0x%2.2x", rsp->id, rsp->status);
315
316 if (rsp->status)
317 return -EINVAL;
318
319 ctrl = amp_ctrl_add(mgr, rsp->id);
320 if (!ctrl)
321 return -ENOMEM;
322
323 req.id = rsp->id;
324 a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req),
325 &req);
326
327 skb_pull(skb, sizeof(*rsp));
328 return 0;
329}
330
214static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, 331static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
215 struct a2mp_cmd *hdr) 332 struct a2mp_cmd *hdr)
216{ 333{
217 struct a2mp_amp_assoc_req *req = (void *) skb->data; 334 struct a2mp_amp_assoc_req *req = (void *) skb->data;
218 struct hci_dev *hdev; 335 struct hci_dev *hdev;
336 struct amp_mgr *tmp;
219 337
220 if (le16_to_cpu(hdr->len) < sizeof(*req)) 338 if (le16_to_cpu(hdr->len) < sizeof(*req))
221 return -EINVAL; 339 return -EINVAL;
222 340
223 BT_DBG("id %d", req->id); 341 BT_DBG("id %d", req->id);
224 342
343 /* Make sure that other request is not processed */
344 tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
345
225 hdev = hci_dev_get(req->id); 346 hdev = hci_dev_get(req->id);
226 if (!hdev || hdev->amp_type == HCI_BREDR) { 347 if (!hdev || hdev->amp_type == HCI_BREDR || tmp) {
227 struct a2mp_amp_assoc_rsp rsp; 348 struct a2mp_amp_assoc_rsp rsp;
228 rsp.id = req->id; 349 rsp.id = req->id;
229 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 350
351 if (tmp) {
352 rsp.status = A2MP_STATUS_COLLISION_OCCURED;
353 amp_mgr_put(tmp);
354 } else {
355 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
356 }
230 357
231 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp), 358 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp),
232 &rsp); 359 &rsp);
233 goto clean; 360
361 goto done;
234 } 362 }
235 363
236 /* Placeholder for HCI Read AMP Assoc */ 364 amp_read_loc_assoc(hdev, mgr);
237 365
238clean: 366done:
239 if (hdev) 367 if (hdev)
240 hci_dev_put(hdev); 368 hci_dev_put(hdev);
241 369
@@ -243,6 +371,68 @@ clean:
243 return 0; 371 return 0;
244} 372}
245 373
374static int a2mp_getampassoc_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
375 struct a2mp_cmd *hdr)
376{
377 struct a2mp_amp_assoc_rsp *rsp = (void *) skb->data;
378 u16 len = le16_to_cpu(hdr->len);
379 struct hci_dev *hdev;
380 struct amp_ctrl *ctrl;
381 struct hci_conn *hcon;
382 size_t assoc_len;
383
384 if (len < sizeof(*rsp))
385 return -EINVAL;
386
387 assoc_len = len - sizeof(*rsp);
388
389 BT_DBG("id %d status 0x%2.2x assoc len %zu", rsp->id, rsp->status,
390 assoc_len);
391
392 if (rsp->status)
393 return -EINVAL;
394
395 /* Save remote ASSOC data */
396 ctrl = amp_ctrl_lookup(mgr, rsp->id);
397 if (ctrl) {
398 u8 *assoc;
399
400 assoc = kzalloc(assoc_len, GFP_KERNEL);
401 if (!assoc) {
402 amp_ctrl_put(ctrl);
403 return -ENOMEM;
404 }
405
406 memcpy(assoc, rsp->amp_assoc, assoc_len);
407 ctrl->assoc = assoc;
408 ctrl->assoc_len = assoc_len;
409 ctrl->assoc_rem_len = assoc_len;
410 ctrl->assoc_len_so_far = 0;
411
412 amp_ctrl_put(ctrl);
413 }
414
415 /* Create Phys Link */
416 hdev = hci_dev_get(rsp->id);
417 if (!hdev)
418 return -EINVAL;
419
420 hcon = phylink_add(hdev, mgr, rsp->id, true);
421 if (!hcon)
422 goto done;
423
424 BT_DBG("Created hcon %p: loc:%d -> rem:%d", hcon, hdev->id, rsp->id);
425
426 mgr->bredr_chan->ctrl_id = rsp->id;
427
428 amp_create_phylink(hdev, mgr, hcon);
429
430done:
431 hci_dev_put(hdev);
432 skb_pull(skb, len);
433 return 0;
434}
435
246static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb, 436static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
247 struct a2mp_cmd *hdr) 437 struct a2mp_cmd *hdr)
248{ 438{
@@ -250,6 +440,8 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
250 440
251 struct a2mp_physlink_rsp rsp; 441 struct a2mp_physlink_rsp rsp;
252 struct hci_dev *hdev; 442 struct hci_dev *hdev;
443 struct hci_conn *hcon;
444 struct amp_ctrl *ctrl;
253 445
254 if (le16_to_cpu(hdr->len) < sizeof(*req)) 446 if (le16_to_cpu(hdr->len) < sizeof(*req))
255 return -EINVAL; 447 return -EINVAL;
@@ -265,9 +457,43 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
265 goto send_rsp; 457 goto send_rsp;
266 } 458 }
267 459
268 /* TODO process physlink create */ 460 ctrl = amp_ctrl_lookup(mgr, rsp.remote_id);
461 if (!ctrl) {
462 ctrl = amp_ctrl_add(mgr, rsp.remote_id);
463 if (ctrl) {
464 amp_ctrl_get(ctrl);
465 } else {
466 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
467 goto send_rsp;
468 }
469 }
269 470
270 rsp.status = A2MP_STATUS_SUCCESS; 471 if (ctrl) {
472 size_t assoc_len = le16_to_cpu(hdr->len) - sizeof(*req);
473 u8 *assoc;
474
475 assoc = kzalloc(assoc_len, GFP_KERNEL);
476 if (!assoc) {
477 amp_ctrl_put(ctrl);
478 return -ENOMEM;
479 }
480
481 memcpy(assoc, req->amp_assoc, assoc_len);
482 ctrl->assoc = assoc;
483 ctrl->assoc_len = assoc_len;
484 ctrl->assoc_rem_len = assoc_len;
485 ctrl->assoc_len_so_far = 0;
486
487 amp_ctrl_put(ctrl);
488 }
489
490 hcon = phylink_add(hdev, mgr, req->local_id, false);
491 if (hcon) {
492 amp_accept_phylink(hdev, mgr, hcon);
493 rsp.status = A2MP_STATUS_SUCCESS;
494 } else {
495 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
496 }
271 497
272send_rsp: 498send_rsp:
273 if (hdev) 499 if (hdev)
@@ -286,6 +512,7 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
286 struct a2mp_physlink_req *req = (void *) skb->data; 512 struct a2mp_physlink_req *req = (void *) skb->data;
287 struct a2mp_physlink_rsp rsp; 513 struct a2mp_physlink_rsp rsp;
288 struct hci_dev *hdev; 514 struct hci_dev *hdev;
515 struct hci_conn *hcon;
289 516
290 if (le16_to_cpu(hdr->len) < sizeof(*req)) 517 if (le16_to_cpu(hdr->len) < sizeof(*req))
291 return -EINVAL; 518 return -EINVAL;
@@ -296,14 +523,22 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
296 rsp.remote_id = req->local_id; 523 rsp.remote_id = req->local_id;
297 rsp.status = A2MP_STATUS_SUCCESS; 524 rsp.status = A2MP_STATUS_SUCCESS;
298 525
299 hdev = hci_dev_get(req->local_id); 526 hdev = hci_dev_get(req->remote_id);
300 if (!hdev) { 527 if (!hdev) {
301 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 528 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
302 goto send_rsp; 529 goto send_rsp;
303 } 530 }
304 531
532 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, mgr->l2cap_conn->dst);
533 if (!hcon) {
534 BT_ERR("No phys link exist");
535 rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS;
536 goto clean;
537 }
538
305 /* TODO Disconnect Phys Link here */ 539 /* TODO Disconnect Phys Link here */
306 540
541clean:
307 hci_dev_put(hdev); 542 hci_dev_put(hdev);
308 543
309send_rsp: 544send_rsp:
@@ -377,10 +612,19 @@ static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
377 err = a2mp_discphyslink_req(mgr, skb, hdr); 612 err = a2mp_discphyslink_req(mgr, skb, hdr);
378 break; 613 break;
379 614
380 case A2MP_CHANGE_RSP:
381 case A2MP_DISCOVER_RSP: 615 case A2MP_DISCOVER_RSP:
616 err = a2mp_discover_rsp(mgr, skb, hdr);
617 break;
618
382 case A2MP_GETINFO_RSP: 619 case A2MP_GETINFO_RSP:
620 err = a2mp_getinfo_rsp(mgr, skb, hdr);
621 break;
622
383 case A2MP_GETAMPASSOC_RSP: 623 case A2MP_GETAMPASSOC_RSP:
624 err = a2mp_getampassoc_rsp(mgr, skb, hdr);
625 break;
626
627 case A2MP_CHANGE_RSP:
384 case A2MP_CREATEPHYSLINK_RSP: 628 case A2MP_CREATEPHYSLINK_RSP:
385 case A2MP_DISCONNPHYSLINK_RSP: 629 case A2MP_DISCONNPHYSLINK_RSP:
386 err = a2mp_cmd_rsp(mgr, skb, hdr); 630 err = a2mp_cmd_rsp(mgr, skb, hdr);
@@ -455,9 +699,10 @@ static struct l2cap_ops a2mp_chan_ops = {
455 .new_connection = l2cap_chan_no_new_connection, 699 .new_connection = l2cap_chan_no_new_connection,
456 .teardown = l2cap_chan_no_teardown, 700 .teardown = l2cap_chan_no_teardown,
457 .ready = l2cap_chan_no_ready, 701 .ready = l2cap_chan_no_ready,
702 .defer = l2cap_chan_no_defer,
458}; 703};
459 704
460static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn) 705static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked)
461{ 706{
462 struct l2cap_chan *chan; 707 struct l2cap_chan *chan;
463 int err; 708 int err;
@@ -492,7 +737,10 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
492 737
493 chan->conf_state = 0; 738 chan->conf_state = 0;
494 739
495 l2cap_chan_add(conn, chan); 740 if (locked)
741 __l2cap_chan_add(conn, chan);
742 else
743 l2cap_chan_add(conn, chan);
496 744
497 chan->remote_mps = chan->omtu; 745 chan->remote_mps = chan->omtu;
498 chan->mps = chan->omtu; 746 chan->mps = chan->omtu;
@@ -503,11 +751,13 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
503} 751}
504 752
505/* AMP Manager functions */ 753/* AMP Manager functions */
506void amp_mgr_get(struct amp_mgr *mgr) 754struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr)
507{ 755{
508 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount)); 756 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
509 757
510 kref_get(&mgr->kref); 758 kref_get(&mgr->kref);
759
760 return mgr;
511} 761}
512 762
513static void amp_mgr_destroy(struct kref *kref) 763static void amp_mgr_destroy(struct kref *kref)
@@ -516,6 +766,11 @@ static void amp_mgr_destroy(struct kref *kref)
516 766
517 BT_DBG("mgr %p", mgr); 767 BT_DBG("mgr %p", mgr);
518 768
769 mutex_lock(&amp_mgr_list_lock);
770 list_del(&mgr->list);
771 mutex_unlock(&amp_mgr_list_lock);
772
773 amp_ctrl_list_flush(mgr);
519 kfree(mgr); 774 kfree(mgr);
520} 775}
521 776
@@ -526,7 +781,7 @@ int amp_mgr_put(struct amp_mgr *mgr)
526 return kref_put(&mgr->kref, &amp_mgr_destroy); 781 return kref_put(&mgr->kref, &amp_mgr_destroy);
527} 782}
528 783
529static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn) 784static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn, bool locked)
530{ 785{
531 struct amp_mgr *mgr; 786 struct amp_mgr *mgr;
532 struct l2cap_chan *chan; 787 struct l2cap_chan *chan;
@@ -539,7 +794,7 @@ static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn)
539 794
540 mgr->l2cap_conn = conn; 795 mgr->l2cap_conn = conn;
541 796
542 chan = a2mp_chan_open(conn); 797 chan = a2mp_chan_open(conn, locked);
543 if (!chan) { 798 if (!chan) {
544 kfree(mgr); 799 kfree(mgr);
545 return NULL; 800 return NULL;
@@ -552,6 +807,14 @@ static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn)
552 807
553 kref_init(&mgr->kref); 808 kref_init(&mgr->kref);
554 809
810 /* Remote AMP ctrl list initialization */
811 INIT_LIST_HEAD(&mgr->amp_ctrls);
812 mutex_init(&mgr->amp_ctrls_lock);
813
814 mutex_lock(&amp_mgr_list_lock);
815 list_add(&mgr->list, &amp_mgr_list);
816 mutex_unlock(&amp_mgr_list_lock);
817
555 return mgr; 818 return mgr;
556} 819}
557 820
@@ -560,7 +823,7 @@ struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
560{ 823{
561 struct amp_mgr *mgr; 824 struct amp_mgr *mgr;
562 825
563 mgr = amp_mgr_create(conn); 826 mgr = amp_mgr_create(conn, false);
564 if (!mgr) { 827 if (!mgr) {
565 BT_ERR("Could not create AMP manager"); 828 BT_ERR("Could not create AMP manager");
566 return NULL; 829 return NULL;
@@ -570,3 +833,139 @@ struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
570 833
571 return mgr->a2mp_chan; 834 return mgr->a2mp_chan;
572} 835}
836
837struct amp_mgr *amp_mgr_lookup_by_state(u8 state)
838{
839 struct amp_mgr *mgr;
840
841 mutex_lock(&amp_mgr_list_lock);
842 list_for_each_entry(mgr, &amp_mgr_list, list) {
843 if (mgr->state == state) {
844 amp_mgr_get(mgr);
845 mutex_unlock(&amp_mgr_list_lock);
846 return mgr;
847 }
848 }
849 mutex_unlock(&amp_mgr_list_lock);
850
851 return NULL;
852}
853
854void a2mp_send_getinfo_rsp(struct hci_dev *hdev)
855{
856 struct amp_mgr *mgr;
857 struct a2mp_info_rsp rsp;
858
859 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_INFO);
860 if (!mgr)
861 return;
862
863 BT_DBG("%s mgr %p", hdev->name, mgr);
864
865 rsp.id = hdev->id;
866 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
867
868 if (hdev->amp_type != HCI_BREDR) {
869 rsp.status = 0;
870 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
871 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
872 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency);
873 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap);
874 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size);
875 }
876
877 a2mp_send(mgr, A2MP_GETINFO_RSP, mgr->ident, sizeof(rsp), &rsp);
878 amp_mgr_put(mgr);
879}
880
881void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status)
882{
883 struct amp_mgr *mgr;
884 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
885 struct a2mp_amp_assoc_rsp *rsp;
886 size_t len;
887
888 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
889 if (!mgr)
890 return;
891
892 BT_DBG("%s mgr %p", hdev->name, mgr);
893
894 len = sizeof(struct a2mp_amp_assoc_rsp) + loc_assoc->len;
895 rsp = kzalloc(len, GFP_KERNEL);
896 if (!rsp) {
897 amp_mgr_put(mgr);
898 return;
899 }
900
901 rsp->id = hdev->id;
902
903 if (status) {
904 rsp->status = A2MP_STATUS_INVALID_CTRL_ID;
905 } else {
906 rsp->status = A2MP_STATUS_SUCCESS;
907 memcpy(rsp->amp_assoc, loc_assoc->data, loc_assoc->len);
908 }
909
910 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, mgr->ident, len, rsp);
911 amp_mgr_put(mgr);
912 kfree(rsp);
913}
914
915void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status)
916{
917 struct amp_mgr *mgr;
918 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
919 struct a2mp_physlink_req *req;
920 struct l2cap_chan *bredr_chan;
921 size_t len;
922
923 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC_FINAL);
924 if (!mgr)
925 return;
926
927 len = sizeof(*req) + loc_assoc->len;
928
929 BT_DBG("%s mgr %p assoc_len %zu", hdev->name, mgr, len);
930
931 req = kzalloc(len, GFP_KERNEL);
932 if (!req) {
933 amp_mgr_put(mgr);
934 return;
935 }
936
937 bredr_chan = mgr->bredr_chan;
938 if (!bredr_chan)
939 goto clean;
940
941 req->local_id = hdev->id;
942 req->remote_id = bredr_chan->ctrl_id;
943 memcpy(req->amp_assoc, loc_assoc->data, loc_assoc->len);
944
945 a2mp_send(mgr, A2MP_CREATEPHYSLINK_REQ, __next_ident(mgr), len, req);
946
947clean:
948 amp_mgr_put(mgr);
949 kfree(req);
950}
951
952void a2mp_discover_amp(struct l2cap_chan *chan)
953{
954 struct l2cap_conn *conn = chan->conn;
955 struct amp_mgr *mgr = conn->hcon->amp_mgr;
956 struct a2mp_discov_req req;
957
958 BT_DBG("chan %p conn %p mgr %p", chan, conn, mgr);
959
960 if (!mgr) {
961 mgr = amp_mgr_create(conn, true);
962 if (!mgr)
963 return;
964 }
965
966 mgr->bredr_chan = chan;
967
968 req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
969 req.ext_feat = 0;
970 a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req);
971}
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index ba033f09196..5355df63d39 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -569,7 +569,6 @@ static int bt_seq_show(struct seq_file *seq, void *v)
569{ 569{
570 struct bt_seq_state *s = seq->private; 570 struct bt_seq_state *s = seq->private;
571 struct bt_sock_list *l = s->l; 571 struct bt_sock_list *l = s->l;
572 bdaddr_t src_baswapped, dst_baswapped;
573 572
574 if (v == SEQ_START_TOKEN) { 573 if (v == SEQ_START_TOKEN) {
575 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent"); 574 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent");
@@ -583,18 +582,17 @@ static int bt_seq_show(struct seq_file *seq, void *v)
583 } else { 582 } else {
584 struct sock *sk = sk_entry(v); 583 struct sock *sk = sk_entry(v);
585 struct bt_sock *bt = bt_sk(sk); 584 struct bt_sock *bt = bt_sk(sk);
586 baswap(&src_baswapped, &bt->src);
587 baswap(&dst_baswapped, &bt->dst);
588 585
589 seq_printf(seq, "%pK %-6d %-6u %-6u %-6u %-6lu %pM %pM %-6lu", 586 seq_printf(seq,
587 "%pK %-6d %-6u %-6u %-6u %-6lu %pMR %pMR %-6lu",
590 sk, 588 sk,
591 atomic_read(&sk->sk_refcnt), 589 atomic_read(&sk->sk_refcnt),
592 sk_rmem_alloc_get(sk), 590 sk_rmem_alloc_get(sk),
593 sk_wmem_alloc_get(sk), 591 sk_wmem_alloc_get(sk),
594 from_kuid(seq_user_ns(seq), sock_i_uid(sk)), 592 from_kuid(seq_user_ns(seq), sock_i_uid(sk)),
595 sock_i_ino(sk), 593 sock_i_ino(sk),
596 &src_baswapped, 594 &bt->src,
597 &dst_baswapped, 595 &bt->dst,
598 bt->parent? sock_i_ino(bt->parent): 0LU); 596 bt->parent? sock_i_ino(bt->parent): 0LU);
599 597
600 if (l->custom_seq_show) { 598 if (l->custom_seq_show) {
diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c
new file mode 100644
index 00000000000..231d7ef53ec
--- /dev/null
+++ b/net/bluetooth/amp.c
@@ -0,0 +1,374 @@
1/*
2 Copyright (c) 2011,2012 Intel Corp.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2 and
6 only version 2 as published by the Free Software Foundation.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12*/
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci.h>
16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/a2mp.h>
18#include <net/bluetooth/amp.h>
19#include <crypto/hash.h>
20
21/* Remote AMP Controllers interface */
22void amp_ctrl_get(struct amp_ctrl *ctrl)
23{
24 BT_DBG("ctrl %p orig refcnt %d", ctrl,
25 atomic_read(&ctrl->kref.refcount));
26
27 kref_get(&ctrl->kref);
28}
29
30static void amp_ctrl_destroy(struct kref *kref)
31{
32 struct amp_ctrl *ctrl = container_of(kref, struct amp_ctrl, kref);
33
34 BT_DBG("ctrl %p", ctrl);
35
36 kfree(ctrl->assoc);
37 kfree(ctrl);
38}
39
40int amp_ctrl_put(struct amp_ctrl *ctrl)
41{
42 BT_DBG("ctrl %p orig refcnt %d", ctrl,
43 atomic_read(&ctrl->kref.refcount));
44
45 return kref_put(&ctrl->kref, &amp_ctrl_destroy);
46}
47
48struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id)
49{
50 struct amp_ctrl *ctrl;
51
52 ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
53 if (!ctrl)
54 return NULL;
55
56 kref_init(&ctrl->kref);
57 ctrl->id = id;
58
59 mutex_lock(&mgr->amp_ctrls_lock);
60 list_add(&ctrl->list, &mgr->amp_ctrls);
61 mutex_unlock(&mgr->amp_ctrls_lock);
62
63 BT_DBG("mgr %p ctrl %p", mgr, ctrl);
64
65 return ctrl;
66}
67
68void amp_ctrl_list_flush(struct amp_mgr *mgr)
69{
70 struct amp_ctrl *ctrl, *n;
71
72 BT_DBG("mgr %p", mgr);
73
74 mutex_lock(&mgr->amp_ctrls_lock);
75 list_for_each_entry_safe(ctrl, n, &mgr->amp_ctrls, list) {
76 list_del(&ctrl->list);
77 amp_ctrl_put(ctrl);
78 }
79 mutex_unlock(&mgr->amp_ctrls_lock);
80}
81
82struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id)
83{
84 struct amp_ctrl *ctrl;
85
86 BT_DBG("mgr %p id %d", mgr, id);
87
88 mutex_lock(&mgr->amp_ctrls_lock);
89 list_for_each_entry(ctrl, &mgr->amp_ctrls, list) {
90 if (ctrl->id == id) {
91 amp_ctrl_get(ctrl);
92 mutex_unlock(&mgr->amp_ctrls_lock);
93 return ctrl;
94 }
95 }
96 mutex_unlock(&mgr->amp_ctrls_lock);
97
98 return NULL;
99}
100
101/* Physical Link interface */
102static u8 __next_handle(struct amp_mgr *mgr)
103{
104 if (++mgr->handle == 0)
105 mgr->handle = 1;
106
107 return mgr->handle;
108}
109
110struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
111 u8 remote_id, bool out)
112{
113 bdaddr_t *dst = mgr->l2cap_conn->dst;
114 struct hci_conn *hcon;
115
116 hcon = hci_conn_add(hdev, AMP_LINK, dst);
117 if (!hcon)
118 return NULL;
119
120 BT_DBG("hcon %p dst %pMR", hcon, dst);
121
122 hcon->state = BT_CONNECT;
123 hcon->attempt++;
124 hcon->handle = __next_handle(mgr);
125 hcon->remote_id = remote_id;
126 hcon->amp_mgr = amp_mgr_get(mgr);
127 hcon->out = out;
128
129 return hcon;
130}
131
132/* AMP crypto key generation interface */
133static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output)
134{
135 int ret = 0;
136 struct crypto_shash *tfm;
137
138 if (!ksize)
139 return -EINVAL;
140
141 tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
142 if (IS_ERR(tfm)) {
143 BT_DBG("crypto_alloc_ahash failed: err %ld", PTR_ERR(tfm));
144 return PTR_ERR(tfm);
145 }
146
147 ret = crypto_shash_setkey(tfm, key, ksize);
148 if (ret) {
149 BT_DBG("crypto_ahash_setkey failed: err %d", ret);
150 } else {
151 struct {
152 struct shash_desc shash;
153 char ctx[crypto_shash_descsize(tfm)];
154 } desc;
155
156 desc.shash.tfm = tfm;
157 desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
158
159 ret = crypto_shash_digest(&desc.shash, plaintext, psize,
160 output);
161 }
162
163 crypto_free_shash(tfm);
164 return ret;
165}
166
167int phylink_gen_key(struct hci_conn *conn, u8 *data, u8 *len, u8 *type)
168{
169 struct hci_dev *hdev = conn->hdev;
170 struct link_key *key;
171 u8 keybuf[HCI_AMP_LINK_KEY_SIZE];
172 u8 gamp_key[HCI_AMP_LINK_KEY_SIZE];
173 int err;
174
175 if (!hci_conn_check_link_mode(conn))
176 return -EACCES;
177
178 BT_DBG("conn %p key_type %d", conn, conn->key_type);
179
180 /* Legacy key */
181 if (conn->key_type < 3) {
182 BT_ERR("Legacy key type %d", conn->key_type);
183 return -EACCES;
184 }
185
186 *type = conn->key_type;
187 *len = HCI_AMP_LINK_KEY_SIZE;
188
189 key = hci_find_link_key(hdev, &conn->dst);
190 if (!key) {
191 BT_DBG("No Link key for conn %p dst %pMR", conn, &conn->dst);
192 return -EACCES;
193 }
194
195 /* BR/EDR Link Key concatenated together with itself */
196 memcpy(&keybuf[0], key->val, HCI_LINK_KEY_SIZE);
197 memcpy(&keybuf[HCI_LINK_KEY_SIZE], key->val, HCI_LINK_KEY_SIZE);
198
199 /* Derive Generic AMP Link Key (gamp) */
200 err = hmac_sha256(keybuf, HCI_AMP_LINK_KEY_SIZE, "gamp", 4, gamp_key);
201 if (err) {
202 BT_ERR("Could not derive Generic AMP Key: err %d", err);
203 return err;
204 }
205
206 if (conn->key_type == HCI_LK_DEBUG_COMBINATION) {
207 BT_DBG("Use Generic AMP Key (gamp)");
208 memcpy(data, gamp_key, HCI_AMP_LINK_KEY_SIZE);
209 return err;
210 }
211
212 /* Derive Dedicated AMP Link Key: "802b" is 802.11 PAL keyID */
213 return hmac_sha256(gamp_key, HCI_AMP_LINK_KEY_SIZE, "802b", 4, data);
214}
215
216void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle)
217{
218 struct hci_cp_read_local_amp_assoc cp;
219 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
220
221 BT_DBG("%s handle %d", hdev->name, phy_handle);
222
223 cp.phy_handle = phy_handle;
224 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
225 cp.len_so_far = cpu_to_le16(loc_assoc->offset);
226
227 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
228}
229
230void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr)
231{
232 struct hci_cp_read_local_amp_assoc cp;
233
234 memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc));
235 memset(&cp, 0, sizeof(cp));
236
237 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
238
239 mgr->state = READ_LOC_AMP_ASSOC;
240 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
241}
242
243void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
244 struct hci_conn *hcon)
245{
246 struct hci_cp_read_local_amp_assoc cp;
247 struct amp_mgr *mgr = hcon->amp_mgr;
248
249 cp.phy_handle = hcon->handle;
250 cp.len_so_far = cpu_to_le16(0);
251 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
252
253 mgr->state = READ_LOC_AMP_ASSOC_FINAL;
254
255 /* Read Local AMP Assoc final link information data */
256 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
257}
258
259/* Write AMP Assoc data fragments, returns true with last fragment written*/
260static bool amp_write_rem_assoc_frag(struct hci_dev *hdev,
261 struct hci_conn *hcon)
262{
263 struct hci_cp_write_remote_amp_assoc *cp;
264 struct amp_mgr *mgr = hcon->amp_mgr;
265 struct amp_ctrl *ctrl;
266 u16 frag_len, len;
267
268 ctrl = amp_ctrl_lookup(mgr, hcon->remote_id);
269 if (!ctrl)
270 return false;
271
272 if (!ctrl->assoc_rem_len) {
273 BT_DBG("all fragments are written");
274 ctrl->assoc_rem_len = ctrl->assoc_len;
275 ctrl->assoc_len_so_far = 0;
276
277 amp_ctrl_put(ctrl);
278 return true;
279 }
280
281 frag_len = min_t(u16, 248, ctrl->assoc_rem_len);
282 len = frag_len + sizeof(*cp);
283
284 cp = kzalloc(len, GFP_KERNEL);
285 if (!cp) {
286 amp_ctrl_put(ctrl);
287 return false;
288 }
289
290 BT_DBG("hcon %p ctrl %p frag_len %u assoc_len %u rem_len %u",
291 hcon, ctrl, frag_len, ctrl->assoc_len, ctrl->assoc_rem_len);
292
293 cp->phy_handle = hcon->handle;
294 cp->len_so_far = cpu_to_le16(ctrl->assoc_len_so_far);
295 cp->rem_len = cpu_to_le16(ctrl->assoc_rem_len);
296 memcpy(cp->frag, ctrl->assoc, frag_len);
297
298 ctrl->assoc_len_so_far += frag_len;
299 ctrl->assoc_rem_len -= frag_len;
300
301 amp_ctrl_put(ctrl);
302
303 hci_send_cmd(hdev, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp);
304
305 kfree(cp);
306
307 return false;
308}
309
310void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle)
311{
312 struct hci_conn *hcon;
313
314 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
315
316 hcon = hci_conn_hash_lookup_handle(hdev, handle);
317 if (!hcon)
318 return;
319
320 amp_write_rem_assoc_frag(hdev, hcon);
321}
322
323void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle)
324{
325 struct hci_conn *hcon;
326
327 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
328
329 hcon = hci_conn_hash_lookup_handle(hdev, handle);
330 if (!hcon)
331 return;
332
333 BT_DBG("%s phy handle 0x%2.2x hcon %p", hdev->name, handle, hcon);
334
335 amp_write_rem_assoc_frag(hdev, hcon);
336}
337
338void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
339 struct hci_conn *hcon)
340{
341 struct hci_cp_create_phy_link cp;
342
343 cp.phy_handle = hcon->handle;
344
345 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
346 hcon->handle);
347
348 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
349 &cp.key_type)) {
350 BT_DBG("Cannot create link key");
351 return;
352 }
353
354 hci_send_cmd(hdev, HCI_OP_CREATE_PHY_LINK, sizeof(cp), &cp);
355}
356
357void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
358 struct hci_conn *hcon)
359{
360 struct hci_cp_accept_phy_link cp;
361
362 cp.phy_handle = hcon->handle;
363
364 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
365 hcon->handle);
366
367 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
368 &cp.key_type)) {
369 BT_DBG("Cannot create link key");
370 return;
371 }
372
373 hci_send_cmd(hdev, HCI_OP_ACCEPT_PHY_LINK, sizeof(cp), &cp);
374}
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 4a6620bc157..a5b63970263 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -182,8 +182,7 @@ static int bnep_ctrl_set_mcfilter(struct bnep_session *s, u8 *data, int len)
182 a2 = data; 182 a2 = data;
183 data += ETH_ALEN; 183 data += ETH_ALEN;
184 184
185 BT_DBG("mc filter %s -> %s", 185 BT_DBG("mc filter %pMR -> %pMR", a1, a2);
186 batostr((void *) a1), batostr((void *) a2));
187 186
188 /* Iterate from a1 to a2 */ 187 /* Iterate from a1 to a2 */
189 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter); 188 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter);
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 6c9c1fd601c..e0a6ebf2baa 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -353,7 +353,7 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
353 353
354 BT_DBG("mtu %d", session->mtu); 354 BT_DBG("mtu %d", session->mtu);
355 355
356 sprintf(session->name, "%s", batostr(&bt_sk(sock->sk)->dst)); 356 sprintf(session->name, "%pMR", &bt_sk(sock->sk)->dst);
357 357
358 session->sock = sock; 358 session->sock = sock;
359 session->state = BT_CONFIG; 359 session->state = BT_CONFIG;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b9196a44f75..fe646211c61 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -130,6 +130,20 @@ void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
131} 131}
132 132
133static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
134{
135 struct hci_cp_disconn_phy_link cp;
136
137 BT_DBG("hcon %p", conn);
138
139 conn->state = BT_DISCONN;
140
141 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
142 cp.reason = reason;
143 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
144 sizeof(cp), &cp);
145}
146
133static void hci_add_sco(struct hci_conn *conn, __u16 handle) 147static void hci_add_sco(struct hci_conn *conn, __u16 handle)
134{ 148{
135 struct hci_dev *hdev = conn->hdev; 149 struct hci_dev *hdev = conn->hdev;
@@ -230,11 +244,24 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
230 } 244 }
231} 245}
232 246
247static void hci_conn_disconnect(struct hci_conn *conn)
248{
249 __u8 reason = hci_proto_disconn_ind(conn);
250
251 switch (conn->type) {
252 case ACL_LINK:
253 hci_acl_disconn(conn, reason);
254 break;
255 case AMP_LINK:
256 hci_amp_disconn(conn, reason);
257 break;
258 }
259}
260
233static void hci_conn_timeout(struct work_struct *work) 261static void hci_conn_timeout(struct work_struct *work)
234{ 262{
235 struct hci_conn *conn = container_of(work, struct hci_conn, 263 struct hci_conn *conn = container_of(work, struct hci_conn,
236 disc_work.work); 264 disc_work.work);
237 __u8 reason;
238 265
239 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); 266 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
240 267
@@ -253,8 +280,7 @@ static void hci_conn_timeout(struct work_struct *work)
253 break; 280 break;
254 case BT_CONFIG: 281 case BT_CONFIG:
255 case BT_CONNECTED: 282 case BT_CONNECTED:
256 reason = hci_proto_disconn_ind(conn); 283 hci_conn_disconnect(conn);
257 hci_acl_disconn(conn, reason);
258 break; 284 break;
259 default: 285 default:
260 conn->state = BT_CLOSED; 286 conn->state = BT_CLOSED;
@@ -320,7 +346,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
320{ 346{
321 struct hci_conn *conn; 347 struct hci_conn *conn;
322 348
323 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 349 BT_DBG("%s dst %pMR", hdev->name, dst);
324 350
325 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL); 351 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
326 if (!conn) 352 if (!conn)
@@ -437,7 +463,7 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
437 int use_src = bacmp(src, BDADDR_ANY); 463 int use_src = bacmp(src, BDADDR_ANY);
438 struct hci_dev *hdev = NULL, *d; 464 struct hci_dev *hdev = NULL, *d;
439 465
440 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 466 BT_DBG("%pMR -> %pMR", src, dst);
441 467
442 read_lock(&hci_dev_list_lock); 468 read_lock(&hci_dev_list_lock);
443 469
@@ -567,7 +593,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
567struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, 593struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
568 __u8 dst_type, __u8 sec_level, __u8 auth_type) 594 __u8 dst_type, __u8 sec_level, __u8 auth_type)
569{ 595{
570 BT_DBG("%s dst %s type 0x%x", hdev->name, batostr(dst), type); 596 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
571 597
572 switch (type) { 598 switch (type) {
573 case LE_LINK: 599 case LE_LINK:
@@ -963,3 +989,35 @@ void hci_chan_list_flush(struct hci_conn *conn)
963 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 989 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
964 hci_chan_del(chan); 990 hci_chan_del(chan);
965} 991}
992
993static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
994 __u16 handle)
995{
996 struct hci_chan *hchan;
997
998 list_for_each_entry(hchan, &hcon->chan_list, list) {
999 if (hchan->handle == handle)
1000 return hchan;
1001 }
1002
1003 return NULL;
1004}
1005
1006struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1007{
1008 struct hci_conn_hash *h = &hdev->conn_hash;
1009 struct hci_conn *hcon;
1010 struct hci_chan *hchan = NULL;
1011
1012 rcu_read_lock();
1013
1014 list_for_each_entry_rcu(hcon, &h->list, list) {
1015 hchan = __hci_chan_lookup_handle(hcon, handle);
1016 if (hchan)
1017 break;
1018 }
1019
1020 rcu_read_unlock();
1021
1022 return hchan;
1023}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 8a0ce706aeb..5a3f941b610 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -405,7 +405,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
405 struct discovery_state *cache = &hdev->discovery; 405 struct discovery_state *cache = &hdev->discovery;
406 struct inquiry_entry *e; 406 struct inquiry_entry *e;
407 407
408 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 408 BT_DBG("cache %p, %pMR", cache, bdaddr);
409 409
410 list_for_each_entry(e, &cache->all, all) { 410 list_for_each_entry(e, &cache->all, all) {
411 if (!bacmp(&e->data.bdaddr, bdaddr)) 411 if (!bacmp(&e->data.bdaddr, bdaddr))
@@ -421,7 +421,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
421 struct discovery_state *cache = &hdev->discovery; 421 struct discovery_state *cache = &hdev->discovery;
422 struct inquiry_entry *e; 422 struct inquiry_entry *e;
423 423
424 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 424 BT_DBG("cache %p, %pMR", cache, bdaddr);
425 425
426 list_for_each_entry(e, &cache->unknown, list) { 426 list_for_each_entry(e, &cache->unknown, list) {
427 if (!bacmp(&e->data.bdaddr, bdaddr)) 427 if (!bacmp(&e->data.bdaddr, bdaddr))
@@ -438,7 +438,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
438 struct discovery_state *cache = &hdev->discovery; 438 struct discovery_state *cache = &hdev->discovery;
439 struct inquiry_entry *e; 439 struct inquiry_entry *e;
440 440
441 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state); 441 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
442 442
443 list_for_each_entry(e, &cache->resolve, list) { 443 list_for_each_entry(e, &cache->resolve, list) {
444 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state) 444 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
@@ -475,7 +475,7 @@ bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
475 struct discovery_state *cache = &hdev->discovery; 475 struct discovery_state *cache = &hdev->discovery;
476 struct inquiry_entry *ie; 476 struct inquiry_entry *ie;
477 477
478 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 478 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
479 479
480 if (ssp) 480 if (ssp)
481 *ssp = data->ssp_mode; 481 *ssp = data->ssp_mode;
@@ -1259,7 +1259,7 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1259 list_add(&key->list, &hdev->link_keys); 1259 list_add(&key->list, &hdev->link_keys);
1260 } 1260 }
1261 1261
1262 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type); 1262 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
1263 1263
1264 /* Some buggy controller combinations generate a changed 1264 /* Some buggy controller combinations generate a changed
1265 * combination key for legacy pairing even when there's no 1265 * combination key for legacy pairing even when there's no
@@ -1338,7 +1338,7 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1338 if (!key) 1338 if (!key)
1339 return -ENOENT; 1339 return -ENOENT;
1340 1340
1341 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1341 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1342 1342
1343 list_del(&key->list); 1343 list_del(&key->list);
1344 kfree(key); 1344 kfree(key);
@@ -1354,7 +1354,7 @@ int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1354 if (bacmp(bdaddr, &k->bdaddr)) 1354 if (bacmp(bdaddr, &k->bdaddr))
1355 continue; 1355 continue;
1356 1356
1357 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1357 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1358 1358
1359 list_del(&k->list); 1359 list_del(&k->list);
1360 kfree(k); 1360 kfree(k);
@@ -1401,7 +1401,7 @@ int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1401 if (!data) 1401 if (!data)
1402 return -ENOENT; 1402 return -ENOENT;
1403 1403
1404 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1404 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1405 1405
1406 list_del(&data->list); 1406 list_del(&data->list);
1407 kfree(data); 1407 kfree(data);
@@ -1440,7 +1440,7 @@ int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1440 memcpy(data->hash, hash, sizeof(data->hash)); 1440 memcpy(data->hash, hash, sizeof(data->hash));
1441 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 1441 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1442 1442
1443 BT_DBG("%s for %s", hdev->name, batostr(bdaddr)); 1443 BT_DBG("%s for %pMR", hdev->name, bdaddr);
1444 1444
1445 return 0; 1445 return 0;
1446} 1446}
@@ -2153,9 +2153,10 @@ static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2153 hdr->dlen = cpu_to_le16(len); 2153 hdr->dlen = cpu_to_le16(len);
2154} 2154}
2155 2155
2156static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue, 2156static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2157 struct sk_buff *skb, __u16 flags) 2157 struct sk_buff *skb, __u16 flags)
2158{ 2158{
2159 struct hci_conn *conn = chan->conn;
2159 struct hci_dev *hdev = conn->hdev; 2160 struct hci_dev *hdev = conn->hdev;
2160 struct sk_buff *list; 2161 struct sk_buff *list;
2161 2162
@@ -2163,7 +2164,18 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2163 skb->data_len = 0; 2164 skb->data_len = 0;
2164 2165
2165 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2166 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2166 hci_add_acl_hdr(skb, conn->handle, flags); 2167
2168 switch (hdev->dev_type) {
2169 case HCI_BREDR:
2170 hci_add_acl_hdr(skb, conn->handle, flags);
2171 break;
2172 case HCI_AMP:
2173 hci_add_acl_hdr(skb, chan->handle, flags);
2174 break;
2175 default:
2176 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2177 return;
2178 }
2167 2179
2168 list = skb_shinfo(skb)->frag_list; 2180 list = skb_shinfo(skb)->frag_list;
2169 if (!list) { 2181 if (!list) {
@@ -2202,14 +2214,13 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2202 2214
2203void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags) 2215void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2204{ 2216{
2205 struct hci_conn *conn = chan->conn; 2217 struct hci_dev *hdev = chan->conn->hdev;
2206 struct hci_dev *hdev = conn->hdev;
2207 2218
2208 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 2219 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2209 2220
2210 skb->dev = (void *) hdev; 2221 skb->dev = (void *) hdev;
2211 2222
2212 hci_queue_acl(conn, &chan->data_q, skb, flags); 2223 hci_queue_acl(chan, &chan->data_q, skb, flags);
2213 2224
2214 queue_work(hdev->workqueue, &hdev->tx_work); 2225 queue_work(hdev->workqueue, &hdev->tx_work);
2215} 2226}
@@ -2311,8 +2322,8 @@ static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2311 /* Kill stalled connections */ 2322 /* Kill stalled connections */
2312 list_for_each_entry_rcu(c, &h->list, list) { 2323 list_for_each_entry_rcu(c, &h->list, list) {
2313 if (c->type == type && c->sent) { 2324 if (c->type == type && c->sent) {
2314 BT_ERR("%s killing stalled connection %s", 2325 BT_ERR("%s killing stalled connection %pMR",
2315 hdev->name, batostr(&c->dst)); 2326 hdev->name, &c->dst);
2316 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM); 2327 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM);
2317 } 2328 }
2318 } 2329 }
@@ -2381,6 +2392,9 @@ static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2381 case ACL_LINK: 2392 case ACL_LINK:
2382 cnt = hdev->acl_cnt; 2393 cnt = hdev->acl_cnt;
2383 break; 2394 break;
2395 case AMP_LINK:
2396 cnt = hdev->block_cnt;
2397 break;
2384 case SCO_LINK: 2398 case SCO_LINK:
2385 case ESCO_LINK: 2399 case ESCO_LINK:
2386 cnt = hdev->sco_cnt; 2400 cnt = hdev->sco_cnt;
@@ -2510,11 +2524,19 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
2510 struct hci_chan *chan; 2524 struct hci_chan *chan;
2511 struct sk_buff *skb; 2525 struct sk_buff *skb;
2512 int quote; 2526 int quote;
2527 u8 type;
2513 2528
2514 __check_timeout(hdev, cnt); 2529 __check_timeout(hdev, cnt);
2515 2530
2531 BT_DBG("%s", hdev->name);
2532
2533 if (hdev->dev_type == HCI_AMP)
2534 type = AMP_LINK;
2535 else
2536 type = ACL_LINK;
2537
2516 while (hdev->block_cnt > 0 && 2538 while (hdev->block_cnt > 0 &&
2517 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) { 2539 (chan = hci_chan_sent(hdev, type, &quote))) {
2518 u32 priority = (skb_peek(&chan->data_q))->priority; 2540 u32 priority = (skb_peek(&chan->data_q))->priority;
2519 while (quote > 0 && (skb = skb_peek(&chan->data_q))) { 2541 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2520 int blocks; 2542 int blocks;
@@ -2547,14 +2569,19 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
2547 } 2569 }
2548 2570
2549 if (cnt != hdev->block_cnt) 2571 if (cnt != hdev->block_cnt)
2550 hci_prio_recalculate(hdev, ACL_LINK); 2572 hci_prio_recalculate(hdev, type);
2551} 2573}
2552 2574
2553static void hci_sched_acl(struct hci_dev *hdev) 2575static void hci_sched_acl(struct hci_dev *hdev)
2554{ 2576{
2555 BT_DBG("%s", hdev->name); 2577 BT_DBG("%s", hdev->name);
2556 2578
2557 if (!hci_conn_num(hdev, ACL_LINK)) 2579 /* No ACL link over BR/EDR controller */
2580 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
2581 return;
2582
2583 /* No AMP link over AMP controller */
2584 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
2558 return; 2585 return;
2559 2586
2560 switch (hdev->flow_ctl_mode) { 2587 switch (hdev->flow_ctl_mode) {
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 2022b43c735..0383635f91f 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -30,6 +30,8 @@
30#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h> 31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h> 32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/a2mp.h>
34#include <net/bluetooth/amp.h>
33 35
34/* Handle HCI Event packets */ 36/* Handle HCI Event packets */
35 37
@@ -846,7 +848,7 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 848 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
847 849
848 if (rp->status) 850 if (rp->status)
849 return; 851 goto a2mp_rsp;
850 852
851 hdev->amp_status = rp->amp_status; 853 hdev->amp_status = rp->amp_status;
852 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw); 854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
@@ -860,6 +862,46 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
860 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to); 862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 863
862 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status); 864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
865
866a2mp_rsp:
867 a2mp_send_getinfo_rsp(hdev);
868}
869
870static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
871 struct sk_buff *skb)
872{
873 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
874 struct amp_assoc *assoc = &hdev->loc_assoc;
875 size_t rem_len, frag_len;
876
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879 if (rp->status)
880 goto a2mp_rsp;
881
882 frag_len = skb->len - sizeof(*rp);
883 rem_len = __le16_to_cpu(rp->rem_len);
884
885 if (rem_len > frag_len) {
886 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
887
888 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
889 assoc->offset += frag_len;
890
891 /* Read other fragments */
892 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
893
894 return;
895 }
896
897 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
898 assoc->len = assoc->offset + rem_len;
899 assoc->offset = 0;
900
901a2mp_rsp:
902 /* Send A2MP Rsp when all fragments are received */
903 a2mp_send_getampassoc_rsp(hdev, rp->status);
904 a2mp_send_create_phy_link_req(hdev, rp->status);
863} 905}
864 906
865static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 907static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
@@ -1174,6 +1216,20 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1174 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status); 1216 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1175} 1217}
1176 1218
1219static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1220 struct sk_buff *skb)
1221{
1222 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1223
1224 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1225 hdev->name, rp->status, rp->phy_handle);
1226
1227 if (rp->status)
1228 return;
1229
1230 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1231}
1232
1177static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1233static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1178{ 1234{
1179 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -1210,7 +1266,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1210 1266
1211 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1212 1268
1213 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn); 1269 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1214 1270
1215 if (status) { 1271 if (status) {
1216 if (conn && conn->state == BT_CONNECT) { 1272 if (conn && conn->state == BT_CONNECT) {
@@ -1639,8 +1695,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1639 return; 1695 return;
1640 } 1696 }
1641 1697
1642 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst), 1698 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1643 conn);
1644 1699
1645 conn->state = BT_CLOSED; 1700 conn->state = BT_CLOSED;
1646 mgmt_connect_failed(hdev, &conn->dst, conn->type, 1701 mgmt_connect_failed(hdev, &conn->dst, conn->type,
@@ -1657,6 +1712,38 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1712 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1658} 1713}
1659 1714
1715static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1716{
1717 struct hci_cp_create_phy_link *cp;
1718
1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1720
1721 if (status)
1722 return;
1723
1724 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1725 if (!cp)
1726 return;
1727
1728 amp_write_remote_assoc(hdev, cp->phy_handle);
1729}
1730
1731static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1732{
1733 struct hci_cp_accept_phy_link *cp;
1734
1735 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1736
1737 if (status)
1738 return;
1739
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1741 if (!cp)
1742 return;
1743
1744 amp_write_remote_assoc(hdev, cp->phy_handle);
1745}
1746
1660static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1747static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1661{ 1748{
1662 __u8 status = *((__u8 *) skb->data); 1749 __u8 status = *((__u8 *) skb->data);
@@ -1822,7 +1909,7 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1822 struct hci_ev_conn_request *ev = (void *) skb->data; 1909 struct hci_ev_conn_request *ev = (void *) skb->data;
1823 int mask = hdev->link_mode; 1910 int mask = hdev->link_mode;
1824 1911
1825 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr), 1912 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1826 ev->link_type); 1913 ev->link_type);
1827 1914
1828 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1915 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
@@ -2314,6 +2401,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2314 hci_cc_read_local_amp_info(hdev, skb); 2401 hci_cc_read_local_amp_info(hdev, skb);
2315 break; 2402 break;
2316 2403
2404 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2405 hci_cc_read_local_amp_assoc(hdev, skb);
2406 break;
2407
2317 case HCI_OP_DELETE_STORED_LINK_KEY: 2408 case HCI_OP_DELETE_STORED_LINK_KEY:
2318 hci_cc_delete_stored_link_key(hdev, skb); 2409 hci_cc_delete_stored_link_key(hdev, skb);
2319 break; 2410 break;
@@ -2386,6 +2477,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2386 hci_cc_write_le_host_supported(hdev, skb); 2477 hci_cc_write_le_host_supported(hdev, skb);
2387 break; 2478 break;
2388 2479
2480 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2481 hci_cc_write_remote_amp_assoc(hdev, skb);
2482 break;
2483
2389 default: 2484 default:
2390 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2485 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2391 break; 2486 break;
@@ -2467,6 +2562,14 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2467 hci_cs_le_start_enc(hdev, ev->status); 2562 hci_cs_le_start_enc(hdev, ev->status);
2468 break; 2563 break;
2469 2564
2565 case HCI_OP_CREATE_PHY_LINK:
2566 hci_cs_create_phylink(hdev, ev->status);
2567 break;
2568
2569 case HCI_OP_ACCEPT_PHY_LINK:
2570 hci_cs_accept_phylink(hdev, ev->status);
2571 break;
2572
2470 default: 2573 default:
2471 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2574 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2472 break; 2575 break;
@@ -2574,6 +2677,27 @@ static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2574 queue_work(hdev->workqueue, &hdev->tx_work); 2677 queue_work(hdev->workqueue, &hdev->tx_work);
2575} 2678}
2576 2679
2680static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2681 __u16 handle)
2682{
2683 struct hci_chan *chan;
2684
2685 switch (hdev->dev_type) {
2686 case HCI_BREDR:
2687 return hci_conn_hash_lookup_handle(hdev, handle);
2688 case HCI_AMP:
2689 chan = hci_chan_lookup_handle(hdev, handle);
2690 if (chan)
2691 return chan->conn;
2692 break;
2693 default:
2694 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2695 break;
2696 }
2697
2698 return NULL;
2699}
2700
2577static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb) 2701static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2578{ 2702{
2579 struct hci_ev_num_comp_blocks *ev = (void *) skb->data; 2703 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
@@ -2595,13 +2719,13 @@ static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 2719
2596 for (i = 0; i < ev->num_hndl; i++) { 2720 for (i = 0; i < ev->num_hndl; i++) {
2597 struct hci_comp_blocks_info *info = &ev->handles[i]; 2721 struct hci_comp_blocks_info *info = &ev->handles[i];
2598 struct hci_conn *conn; 2722 struct hci_conn *conn = NULL;
2599 __u16 handle, block_count; 2723 __u16 handle, block_count;
2600 2724
2601 handle = __le16_to_cpu(info->handle); 2725 handle = __le16_to_cpu(info->handle);
2602 block_count = __le16_to_cpu(info->blocks); 2726 block_count = __le16_to_cpu(info->blocks);
2603 2727
2604 conn = hci_conn_hash_lookup_handle(hdev, handle); 2728 conn = __hci_conn_lookup_handle(hdev, handle);
2605 if (!conn) 2729 if (!conn)
2606 continue; 2730 continue;
2607 2731
@@ -2609,6 +2733,7 @@ static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609 2733
2610 switch (conn->type) { 2734 switch (conn->type) {
2611 case ACL_LINK: 2735 case ACL_LINK:
2736 case AMP_LINK:
2612 hdev->block_cnt += block_count; 2737 hdev->block_cnt += block_count;
2613 if (hdev->block_cnt > hdev->num_blocks) 2738 if (hdev->block_cnt > hdev->num_blocks)
2614 hdev->block_cnt = hdev->num_blocks; 2739 hdev->block_cnt = hdev->num_blocks;
@@ -2705,13 +2830,13 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2705 2830
2706 key = hci_find_link_key(hdev, &ev->bdaddr); 2831 key = hci_find_link_key(hdev, &ev->bdaddr);
2707 if (!key) { 2832 if (!key) {
2708 BT_DBG("%s link key not found for %s", hdev->name, 2833 BT_DBG("%s link key not found for %pMR", hdev->name,
2709 batostr(&ev->bdaddr)); 2834 &ev->bdaddr);
2710 goto not_found; 2835 goto not_found;
2711 } 2836 }
2712 2837
2713 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2838 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2714 batostr(&ev->bdaddr)); 2839 &ev->bdaddr);
2715 2840
2716 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) && 2841 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2717 key->type == HCI_LK_DEBUG_COMBINATION) { 2842 key->type == HCI_LK_DEBUG_COMBINATION) {
@@ -3558,6 +3683,22 @@ static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3558 } 3683 }
3559} 3684}
3560 3685
3686static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3687{
3688 struct hci_ev_channel_selected *ev = (void *) skb->data;
3689 struct hci_conn *hcon;
3690
3691 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3692
3693 skb_pull(skb, sizeof(*ev));
3694
3695 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3696 if (!hcon)
3697 return;
3698
3699 amp_read_loc_assoc_final_data(hdev, hcon);
3700}
3701
3561void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 3702void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3562{ 3703{
3563 struct hci_event_hdr *hdr = (void *) skb->data; 3704 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -3722,6 +3863,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3722 hci_le_meta_evt(hdev, skb); 3863 hci_le_meta_evt(hdev, skb);
3723 break; 3864 break;
3724 3865
3866 case HCI_EV_CHANNEL_SELECTED:
3867 hci_chan_selected_evt(hdev, skb);
3868 break;
3869
3725 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 3870 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3726 hci_remote_oob_data_request_evt(hdev, skb); 3871 hci_remote_oob_data_request_evt(hdev, skb);
3727 break; 3872 break;
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index a20e61c3653..55cceee02a8 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -38,7 +38,7 @@ static ssize_t show_link_address(struct device *dev,
38 struct device_attribute *attr, char *buf) 38 struct device_attribute *attr, char *buf)
39{ 39{
40 struct hci_conn *conn = to_hci_conn(dev); 40 struct hci_conn *conn = to_hci_conn(dev);
41 return sprintf(buf, "%s\n", batostr(&conn->dst)); 41 return sprintf(buf, "%pMR\n", &conn->dst);
42} 42}
43 43
44static ssize_t show_link_features(struct device *dev, 44static ssize_t show_link_features(struct device *dev,
@@ -224,7 +224,7 @@ static ssize_t show_address(struct device *dev,
224 struct device_attribute *attr, char *buf) 224 struct device_attribute *attr, char *buf)
225{ 225{
226 struct hci_dev *hdev = to_hci_dev(dev); 226 struct hci_dev *hdev = to_hci_dev(dev);
227 return sprintf(buf, "%s\n", batostr(&hdev->bdaddr)); 227 return sprintf(buf, "%pMR\n", &hdev->bdaddr);
228} 228}
229 229
230static ssize_t show_features(struct device *dev, 230static ssize_t show_features(struct device *dev,
@@ -406,8 +406,8 @@ static int inquiry_cache_show(struct seq_file *f, void *p)
406 406
407 list_for_each_entry(e, &cache->all, all) { 407 list_for_each_entry(e, &cache->all, all) {
408 struct inquiry_data *data = &e->data; 408 struct inquiry_data *data = &e->data;
409 seq_printf(f, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n", 409 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
410 batostr(&data->bdaddr), 410 &data->bdaddr,
411 data->pscan_rep_mode, data->pscan_period_mode, 411 data->pscan_rep_mode, data->pscan_period_mode,
412 data->pscan_mode, data->dev_class[2], 412 data->pscan_mode, data->dev_class[2],
413 data->dev_class[1], data->dev_class[0], 413 data->dev_class[1], data->dev_class[0],
@@ -440,7 +440,7 @@ static int blacklist_show(struct seq_file *f, void *p)
440 hci_dev_lock(hdev); 440 hci_dev_lock(hdev);
441 441
442 list_for_each_entry(b, &hdev->blacklist, list) 442 list_for_each_entry(b, &hdev->blacklist, list)
443 seq_printf(f, "%s\n", batostr(&b->bdaddr)); 443 seq_printf(f, "%pMR\n", &b->bdaddr);
444 444
445 hci_dev_unlock(hdev); 445 hci_dev_unlock(hdev);
446 446
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index ccd985da651..0c0028463fa 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -932,8 +932,12 @@ static int hidp_setup_hid(struct hidp_session *session,
932 hid->country = req->country; 932 hid->country = req->country;
933 933
934 strncpy(hid->name, req->name, 128); 934 strncpy(hid->name, req->name, 128);
935 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 935
936 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 936 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
937 &bt_sk(session->ctrl_sock->sk)->src);
938
939 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
940 &bt_sk(session->ctrl_sock->sk)->dst);
937 941
938 hid->dev.parent = &session->conn->dev; 942 hid->dev.parent = &session->conn->dev;
939 hid->ll_driver = &hidp_hid_driver; 943 hid->ll_driver = &hidp_hid_driver;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index a91239dcda4..08efc256c93 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -48,19 +48,20 @@ static LIST_HEAD(chan_list);
48static DEFINE_RWLOCK(chan_list_lock); 48static DEFINE_RWLOCK(chan_list_lock);
49 49
50static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 50static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
51 u8 code, u8 ident, u16 dlen, void *data); 51 u8 code, u8 ident, u16 dlen, void *data);
52static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, 52static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
53 void *data); 53 void *data);
54static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data); 54static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
55static void l2cap_send_disconn_req(struct l2cap_conn *conn, 55static void l2cap_send_disconn_req(struct l2cap_conn *conn,
56 struct l2cap_chan *chan, int err); 56 struct l2cap_chan *chan, int err);
57 57
58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control, 58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
59 struct sk_buff_head *skbs, u8 event); 59 struct sk_buff_head *skbs, u8 event);
60 60
61/* ---- L2CAP channels ---- */ 61/* ---- L2CAP channels ---- */
62 62
63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) 63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
64 u16 cid)
64{ 65{
65 struct l2cap_chan *c; 66 struct l2cap_chan *c;
66 67
@@ -71,7 +72,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16
71 return NULL; 72 return NULL;
72} 73}
73 74
74static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 75static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn,
76 u16 cid)
75{ 77{
76 struct l2cap_chan *c; 78 struct l2cap_chan *c;
77 79
@@ -84,7 +86,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16
84 86
85/* Find channel with given SCID. 87/* Find channel with given SCID.
86 * Returns locked channel. */ 88 * Returns locked channel. */
87static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 89static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn,
90 u16 cid)
88{ 91{
89 struct l2cap_chan *c; 92 struct l2cap_chan *c;
90 93
@@ -97,7 +100,8 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 ci
97 return c; 100 return c;
98} 101}
99 102
100static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 103static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn,
104 u8 ident)
101{ 105{
102 struct l2cap_chan *c; 106 struct l2cap_chan *c;
103 107
@@ -178,7 +182,7 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
178static void __l2cap_state_change(struct l2cap_chan *chan, int state) 182static void __l2cap_state_change(struct l2cap_chan *chan, int state)
179{ 183{
180 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state), 184 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
181 state_to_string(state)); 185 state_to_string(state));
182 186
183 chan->state = state; 187 chan->state = state;
184 chan->ops->state_change(chan, state); 188 chan->ops->state_change(chan, state);
@@ -361,7 +365,7 @@ static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
361static void l2cap_chan_timeout(struct work_struct *work) 365static void l2cap_chan_timeout(struct work_struct *work)
362{ 366{
363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan, 367 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work); 368 chan_timer.work);
365 struct l2cap_conn *conn = chan->conn; 369 struct l2cap_conn *conn = chan->conn;
366 int reason; 370 int reason;
367 371
@@ -373,7 +377,7 @@ static void l2cap_chan_timeout(struct work_struct *work)
373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) 377 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
374 reason = ECONNREFUSED; 378 reason = ECONNREFUSED;
375 else if (chan->state == BT_CONNECT && 379 else if (chan->state == BT_CONNECT &&
376 chan->sec_level != BT_SECURITY_SDP) 380 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED; 381 reason = ECONNREFUSED;
378 else 382 else
379 reason = ETIMEDOUT; 383 reason = ETIMEDOUT;
@@ -455,7 +459,7 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
455 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 459 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
456} 460}
457 461
458static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 462void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
459{ 463{
460 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 464 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
461 __le16_to_cpu(chan->psm), chan->dcid); 465 __le16_to_cpu(chan->psm), chan->dcid);
@@ -504,7 +508,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
504 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE; 508 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
505 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME; 509 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
506 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT; 510 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
507 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO; 511 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO;
508 512
509 l2cap_chan_hold(chan); 513 l2cap_chan_hold(chan);
510 514
@@ -527,6 +531,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
527 BT_DBG("chan %p, conn %p, err %d", chan, conn, err); 531 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
528 532
529 if (conn) { 533 if (conn) {
534 struct amp_mgr *mgr = conn->hcon->amp_mgr;
530 /* Delete from channel list */ 535 /* Delete from channel list */
531 list_del(&chan->list); 536 list_del(&chan->list);
532 537
@@ -536,10 +541,12 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
536 541
537 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) 542 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP)
538 hci_conn_put(conn->hcon); 543 hci_conn_put(conn->hcon);
544
545 if (mgr && mgr->bredr_chan == chan)
546 mgr->bredr_chan = NULL;
539 } 547 }
540 548
541 if (chan->ops->teardown) 549 chan->ops->teardown(chan, err);
542 chan->ops->teardown(chan, err);
543 550
544 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state)) 551 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
545 return; 552 return;
@@ -573,19 +580,18 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
573 struct l2cap_conn *conn = chan->conn; 580 struct l2cap_conn *conn = chan->conn;
574 struct sock *sk = chan->sk; 581 struct sock *sk = chan->sk;
575 582
576 BT_DBG("chan %p state %s sk %p", chan, 583 BT_DBG("chan %p state %s sk %p", chan, state_to_string(chan->state),
577 state_to_string(chan->state), sk); 584 sk);
578 585
579 switch (chan->state) { 586 switch (chan->state) {
580 case BT_LISTEN: 587 case BT_LISTEN:
581 if (chan->ops->teardown) 588 chan->ops->teardown(chan, 0);
582 chan->ops->teardown(chan, 0);
583 break; 589 break;
584 590
585 case BT_CONNECTED: 591 case BT_CONNECTED:
586 case BT_CONFIG: 592 case BT_CONFIG:
587 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 593 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
588 conn->hcon->type == ACL_LINK) { 594 conn->hcon->type == ACL_LINK) {
589 __set_chan_timer(chan, sk->sk_sndtimeo); 595 __set_chan_timer(chan, sk->sk_sndtimeo);
590 l2cap_send_disconn_req(conn, chan, reason); 596 l2cap_send_disconn_req(conn, chan, reason);
591 } else 597 } else
@@ -594,7 +600,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
594 600
595 case BT_CONNECT2: 601 case BT_CONNECT2:
596 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 602 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
597 conn->hcon->type == ACL_LINK) { 603 conn->hcon->type == ACL_LINK) {
598 struct l2cap_conn_rsp rsp; 604 struct l2cap_conn_rsp rsp;
599 __u16 result; 605 __u16 result;
600 606
@@ -609,7 +615,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
609 rsp.result = cpu_to_le16(result); 615 rsp.result = cpu_to_le16(result);
610 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 616 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
611 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 617 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
612 sizeof(rsp), &rsp); 618 sizeof(rsp), &rsp);
613 } 619 }
614 620
615 l2cap_chan_del(chan, reason); 621 l2cap_chan_del(chan, reason);
@@ -621,8 +627,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
621 break; 627 break;
622 628
623 default: 629 default:
624 if (chan->ops->teardown) 630 chan->ops->teardown(chan, 0);
625 chan->ops->teardown(chan, 0);
626 break; 631 break;
627 } 632 }
628} 633}
@@ -691,7 +696,8 @@ static u8 l2cap_get_ident(struct l2cap_conn *conn)
691 return id; 696 return id;
692} 697}
693 698
694static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) 699static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
700 void *data)
695{ 701{
696 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); 702 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
697 u8 flags; 703 u8 flags;
@@ -718,10 +724,10 @@ static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
718 u16 flags; 724 u16 flags;
719 725
720 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len, 726 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
721 skb->priority); 727 skb->priority);
722 728
723 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) && 729 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
724 lmp_no_flush_capable(hcon->hdev)) 730 lmp_no_flush_capable(hcon->hdev))
725 flags = ACL_START_NO_FLUSH; 731 flags = ACL_START_NO_FLUSH;
726 else 732 else
727 flags = ACL_START; 733 flags = ACL_START;
@@ -946,7 +952,19 @@ static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
946 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); 952 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
947} 953}
948 954
949static void l2cap_send_conn_req(struct l2cap_chan *chan) 955static bool __amp_capable(struct l2cap_chan *chan)
956{
957 struct l2cap_conn *conn = chan->conn;
958
959 if (enable_hs &&
960 chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED &&
961 conn->fixed_chan_mask & L2CAP_FC_A2MP)
962 return true;
963 else
964 return false;
965}
966
967void l2cap_send_conn_req(struct l2cap_chan *chan)
950{ 968{
951 struct l2cap_conn *conn = chan->conn; 969 struct l2cap_conn *conn = chan->conn;
952 struct l2cap_conn_req req; 970 struct l2cap_conn_req req;
@@ -972,6 +990,16 @@ static void l2cap_chan_ready(struct l2cap_chan *chan)
972 chan->ops->ready(chan); 990 chan->ops->ready(chan);
973} 991}
974 992
993static void l2cap_start_connection(struct l2cap_chan *chan)
994{
995 if (__amp_capable(chan)) {
996 BT_DBG("chan %p AMP capable: discover AMPs", chan);
997 a2mp_discover_amp(chan);
998 } else {
999 l2cap_send_conn_req(chan);
1000 }
1001}
1002
975static void l2cap_do_start(struct l2cap_chan *chan) 1003static void l2cap_do_start(struct l2cap_chan *chan)
976{ 1004{
977 struct l2cap_conn *conn = chan->conn; 1005 struct l2cap_conn *conn = chan->conn;
@@ -986,8 +1014,9 @@ static void l2cap_do_start(struct l2cap_chan *chan)
986 return; 1014 return;
987 1015
988 if (l2cap_chan_check_security(chan) && 1016 if (l2cap_chan_check_security(chan) &&
989 __l2cap_no_conn_pending(chan)) 1017 __l2cap_no_conn_pending(chan)) {
990 l2cap_send_conn_req(chan); 1018 l2cap_start_connection(chan);
1019 }
991 } else { 1020 } else {
992 struct l2cap_info_req req; 1021 struct l2cap_info_req req;
993 req.type = __constant_cpu_to_le16(L2CAP_IT_FEAT_MASK); 1022 req.type = __constant_cpu_to_le16(L2CAP_IT_FEAT_MASK);
@@ -997,8 +1026,8 @@ static void l2cap_do_start(struct l2cap_chan *chan)
997 1026
998 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); 1027 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
999 1028
1000 l2cap_send_cmd(conn, conn->info_ident, 1029 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
1001 L2CAP_INFO_REQ, sizeof(req), &req); 1030 sizeof(req), &req);
1002 } 1031 }
1003} 1032}
1004 1033
@@ -1018,7 +1047,8 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1018 } 1047 }
1019} 1048}
1020 1049
1021static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err) 1050static void l2cap_send_disconn_req(struct l2cap_conn *conn,
1051 struct l2cap_chan *chan, int err)
1022{ 1052{
1023 struct sock *sk = chan->sk; 1053 struct sock *sk = chan->sk;
1024 struct l2cap_disconn_req req; 1054 struct l2cap_disconn_req req;
@@ -1033,14 +1063,14 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
1033 } 1063 }
1034 1064
1035 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) { 1065 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) {
1036 __l2cap_state_change(chan, BT_DISCONN); 1066 l2cap_state_change(chan, BT_DISCONN);
1037 return; 1067 return;
1038 } 1068 }
1039 1069
1040 req.dcid = cpu_to_le16(chan->dcid); 1070 req.dcid = cpu_to_le16(chan->dcid);
1041 req.scid = cpu_to_le16(chan->scid); 1071 req.scid = cpu_to_le16(chan->scid);
1042 l2cap_send_cmd(conn, l2cap_get_ident(conn), 1072 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_DISCONN_REQ,
1043 L2CAP_DISCONN_REQ, sizeof(req), &req); 1073 sizeof(req), &req);
1044 1074
1045 lock_sock(sk); 1075 lock_sock(sk);
1046 __l2cap_state_change(chan, BT_DISCONN); 1076 __l2cap_state_change(chan, BT_DISCONN);
@@ -1069,20 +1099,20 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1069 1099
1070 if (chan->state == BT_CONNECT) { 1100 if (chan->state == BT_CONNECT) {
1071 if (!l2cap_chan_check_security(chan) || 1101 if (!l2cap_chan_check_security(chan) ||
1072 !__l2cap_no_conn_pending(chan)) { 1102 !__l2cap_no_conn_pending(chan)) {
1073 l2cap_chan_unlock(chan); 1103 l2cap_chan_unlock(chan);
1074 continue; 1104 continue;
1075 } 1105 }
1076 1106
1077 if (!l2cap_mode_supported(chan->mode, conn->feat_mask) 1107 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1078 && test_bit(CONF_STATE2_DEVICE, 1108 && test_bit(CONF_STATE2_DEVICE,
1079 &chan->conf_state)) { 1109 &chan->conf_state)) {
1080 l2cap_chan_close(chan, ECONNRESET); 1110 l2cap_chan_close(chan, ECONNRESET);
1081 l2cap_chan_unlock(chan); 1111 l2cap_chan_unlock(chan);
1082 continue; 1112 continue;
1083 } 1113 }
1084 1114
1085 l2cap_send_conn_req(chan); 1115 l2cap_start_connection(chan);
1086 1116
1087 } else if (chan->state == BT_CONNECT2) { 1117 } else if (chan->state == BT_CONNECT2) {
1088 struct l2cap_conn_rsp rsp; 1118 struct l2cap_conn_rsp rsp;
@@ -1094,11 +1124,9 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1094 lock_sock(sk); 1124 lock_sock(sk);
1095 if (test_bit(BT_SK_DEFER_SETUP, 1125 if (test_bit(BT_SK_DEFER_SETUP,
1096 &bt_sk(sk)->flags)) { 1126 &bt_sk(sk)->flags)) {
1097 struct sock *parent = bt_sk(sk)->parent;
1098 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND); 1127 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND);
1099 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND); 1128 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
1100 if (parent) 1129 chan->ops->defer(chan);
1101 parent->sk_data_ready(parent, 0);
1102 1130
1103 } else { 1131 } else {
1104 __l2cap_state_change(chan, BT_CONFIG); 1132 __l2cap_state_change(chan, BT_CONFIG);
@@ -1112,17 +1140,17 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1112 } 1140 }
1113 1141
1114 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 1142 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1115 sizeof(rsp), &rsp); 1143 sizeof(rsp), &rsp);
1116 1144
1117 if (test_bit(CONF_REQ_SENT, &chan->conf_state) || 1145 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
1118 rsp.result != L2CAP_CR_SUCCESS) { 1146 rsp.result != L2CAP_CR_SUCCESS) {
1119 l2cap_chan_unlock(chan); 1147 l2cap_chan_unlock(chan);
1120 continue; 1148 continue;
1121 } 1149 }
1122 1150
1123 set_bit(CONF_REQ_SENT, &chan->conf_state); 1151 set_bit(CONF_REQ_SENT, &chan->conf_state);
1124 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1152 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1125 l2cap_build_conf_req(chan, buf), buf); 1153 l2cap_build_conf_req(chan, buf), buf);
1126 chan->num_conf_req++; 1154 chan->num_conf_req++;
1127 } 1155 }
1128 1156
@@ -1204,8 +1232,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1204 bacpy(&bt_sk(sk)->src, conn->src); 1232 bacpy(&bt_sk(sk)->src, conn->src);
1205 bacpy(&bt_sk(sk)->dst, conn->dst); 1233 bacpy(&bt_sk(sk)->dst, conn->dst);
1206 1234
1207 bt_accept_enqueue(parent, sk);
1208
1209 l2cap_chan_add(conn, chan); 1235 l2cap_chan_add(conn, chan);
1210 1236
1211 l2cap_chan_ready(chan); 1237 l2cap_chan_ready(chan);
@@ -1270,7 +1296,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1270 1296
1271 list_for_each_entry(chan, &conn->chan_l, list) { 1297 list_for_each_entry(chan, &conn->chan_l, list) {
1272 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 1298 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
1273 __l2cap_chan_set_err(chan, err); 1299 l2cap_chan_set_err(chan, err);
1274 } 1300 }
1275 1301
1276 mutex_unlock(&conn->chan_lock); 1302 mutex_unlock(&conn->chan_lock);
@@ -1279,7 +1305,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1279static void l2cap_info_timeout(struct work_struct *work) 1305static void l2cap_info_timeout(struct work_struct *work)
1280{ 1306{
1281 struct l2cap_conn *conn = container_of(work, struct l2cap_conn, 1307 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1282 info_timer.work); 1308 info_timer.work);
1283 1309
1284 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 1310 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1285 conn->info_ident = 0; 1311 conn->info_ident = 0;
@@ -1333,7 +1359,7 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1333static void security_timeout(struct work_struct *work) 1359static void security_timeout(struct work_struct *work)
1334{ 1360{
1335 struct l2cap_conn *conn = container_of(work, struct l2cap_conn, 1361 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1336 security_timer.work); 1362 security_timer.work);
1337 1363
1338 BT_DBG("conn %p", conn); 1364 BT_DBG("conn %p", conn);
1339 1365
@@ -1355,7 +1381,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1355 if (!hchan) 1381 if (!hchan)
1356 return NULL; 1382 return NULL;
1357 1383
1358 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC); 1384 conn = kzalloc(sizeof(struct l2cap_conn), GFP_KERNEL);
1359 if (!conn) { 1385 if (!conn) {
1360 hci_chan_del(hchan); 1386 hci_chan_del(hchan);
1361 return NULL; 1387 return NULL;
@@ -1367,10 +1393,22 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1367 1393
1368 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); 1394 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
1369 1395
1370 if (hcon->hdev->le_mtu && hcon->type == LE_LINK) 1396 switch (hcon->type) {
1371 conn->mtu = hcon->hdev->le_mtu; 1397 case AMP_LINK:
1372 else 1398 conn->mtu = hcon->hdev->block_mtu;
1399 break;
1400
1401 case LE_LINK:
1402 if (hcon->hdev->le_mtu) {
1403 conn->mtu = hcon->hdev->le_mtu;
1404 break;
1405 }
1406 /* fall through */
1407
1408 default:
1373 conn->mtu = hcon->hdev->acl_mtu; 1409 conn->mtu = hcon->hdev->acl_mtu;
1410 break;
1411 }
1374 1412
1375 conn->src = &hcon->hdev->bdaddr; 1413 conn->src = &hcon->hdev->bdaddr;
1376 conn->dst = &hcon->dst; 1414 conn->dst = &hcon->dst;
@@ -1448,7 +1486,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1448 __u8 auth_type; 1486 __u8 auth_type;
1449 int err; 1487 int err;
1450 1488
1451 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst), 1489 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", src, dst,
1452 dst_type, __le16_to_cpu(psm)); 1490 dst_type, __le16_to_cpu(psm));
1453 1491
1454 hdev = hci_get_route(dst, src); 1492 hdev = hci_get_route(dst, src);
@@ -1461,7 +1499,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1461 1499
1462 /* PSM must be odd and lsb of upper byte must be 0 */ 1500 /* PSM must be odd and lsb of upper byte must be 0 */
1463 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid && 1501 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1464 chan->chan_type != L2CAP_CHAN_RAW) { 1502 chan->chan_type != L2CAP_CHAN_RAW) {
1465 err = -EINVAL; 1503 err = -EINVAL;
1466 goto done; 1504 goto done;
1467 } 1505 }
@@ -1770,7 +1808,7 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1770 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq); 1808 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
1771 if (!skb) { 1809 if (!skb) {
1772 BT_DBG("Error: Can't retransmit seq %d, frame missing", 1810 BT_DBG("Error: Can't retransmit seq %d, frame missing",
1773 seq); 1811 seq);
1774 continue; 1812 continue;
1775 } 1813 }
1776 1814
@@ -1795,9 +1833,9 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1795 /* Cloned sk_buffs are read-only, so we need a 1833 /* Cloned sk_buffs are read-only, so we need a
1796 * writeable copy 1834 * writeable copy
1797 */ 1835 */
1798 tx_skb = skb_copy(skb, GFP_ATOMIC); 1836 tx_skb = skb_copy(skb, GFP_KERNEL);
1799 } else { 1837 } else {
1800 tx_skb = skb_clone(skb, GFP_ATOMIC); 1838 tx_skb = skb_clone(skb, GFP_KERNEL);
1801 } 1839 }
1802 1840
1803 if (!tx_skb) { 1841 if (!tx_skb) {
@@ -1855,7 +1893,7 @@ static void l2cap_retransmit_all(struct l2cap_chan *chan,
1855 if (chan->unacked_frames) { 1893 if (chan->unacked_frames) {
1856 skb_queue_walk(&chan->tx_q, skb) { 1894 skb_queue_walk(&chan->tx_q, skb) {
1857 if (bt_cb(skb)->control.txseq == control->reqseq || 1895 if (bt_cb(skb)->control.txseq == control->reqseq ||
1858 skb == chan->tx_send_head) 1896 skb == chan->tx_send_head)
1859 break; 1897 break;
1860 } 1898 }
1861 1899
@@ -2156,7 +2194,7 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2156} 2194}
2157 2195
2158int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, 2196int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2159 u32 priority) 2197 u32 priority)
2160{ 2198{
2161 struct sk_buff *skb; 2199 struct sk_buff *skb;
2162 int err; 2200 int err;
@@ -2543,7 +2581,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2543 /* Don't send frame to the socket it came from */ 2581 /* Don't send frame to the socket it came from */
2544 if (skb->sk == sk) 2582 if (skb->sk == sk)
2545 continue; 2583 continue;
2546 nskb = skb_clone(skb, GFP_ATOMIC); 2584 nskb = skb_clone(skb, GFP_KERNEL);
2547 if (!nskb) 2585 if (!nskb)
2548 continue; 2586 continue;
2549 2587
@@ -2569,7 +2607,7 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2569 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; 2607 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2570 count = min_t(unsigned int, conn->mtu, len); 2608 count = min_t(unsigned int, conn->mtu, len);
2571 2609
2572 skb = bt_skb_alloc(count, GFP_ATOMIC); 2610 skb = bt_skb_alloc(count, GFP_KERNEL);
2573 if (!skb) 2611 if (!skb)
2574 return NULL; 2612 return NULL;
2575 2613
@@ -2599,7 +2637,7 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2599 while (len) { 2637 while (len) {
2600 count = min_t(unsigned int, conn->mtu, len); 2638 count = min_t(unsigned int, conn->mtu, len);
2601 2639
2602 *frag = bt_skb_alloc(count, GFP_ATOMIC); 2640 *frag = bt_skb_alloc(count, GFP_KERNEL);
2603 if (!*frag) 2641 if (!*frag)
2604 goto fail; 2642 goto fail;
2605 2643
@@ -2618,7 +2656,8 @@ fail:
2618 return NULL; 2656 return NULL;
2619} 2657}
2620 2658
2621static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val) 2659static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen,
2660 unsigned long *val)
2622{ 2661{
2623 struct l2cap_conf_opt *opt = *ptr; 2662 struct l2cap_conf_opt *opt = *ptr;
2624 int len; 2663 int len;
@@ -2692,7 +2731,7 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2692 efs.msdu = cpu_to_le16(chan->local_msdu); 2731 efs.msdu = cpu_to_le16(chan->local_msdu);
2693 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); 2732 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2694 efs.acc_lat = __constant_cpu_to_le32(L2CAP_DEFAULT_ACC_LAT); 2733 efs.acc_lat = __constant_cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2695 efs.flush_to = __constant_cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO); 2734 efs.flush_to = __constant_cpu_to_le32(L2CAP_EFS_DEFAULT_FLUSH_TO);
2696 break; 2735 break;
2697 2736
2698 case L2CAP_MODE_STREAMING: 2737 case L2CAP_MODE_STREAMING:
@@ -2709,7 +2748,7 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2709 } 2748 }
2710 2749
2711 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs), 2750 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2712 (unsigned long) &efs); 2751 (unsigned long) &efs);
2713} 2752}
2714 2753
2715static void l2cap_ack_timeout(struct work_struct *work) 2754static void l2cap_ack_timeout(struct work_struct *work)
@@ -2798,13 +2837,13 @@ static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2798static inline void l2cap_txwin_setup(struct l2cap_chan *chan) 2837static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2799{ 2838{
2800 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW && 2839 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
2801 __l2cap_ews_supported(chan)) { 2840 __l2cap_ews_supported(chan)) {
2802 /* use extended control field */ 2841 /* use extended control field */
2803 set_bit(FLAG_EXT_CTRL, &chan->flags); 2842 set_bit(FLAG_EXT_CTRL, &chan->flags);
2804 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; 2843 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2805 } else { 2844 } else {
2806 chan->tx_win = min_t(u16, chan->tx_win, 2845 chan->tx_win = min_t(u16, chan->tx_win,
2807 L2CAP_DEFAULT_TX_WINDOW); 2846 L2CAP_DEFAULT_TX_WINDOW);
2808 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 2847 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2809 } 2848 }
2810 chan->ack_win = chan->tx_win; 2849 chan->ack_win = chan->tx_win;
@@ -2844,7 +2883,7 @@ done:
2844 switch (chan->mode) { 2883 switch (chan->mode) {
2845 case L2CAP_MODE_BASIC: 2884 case L2CAP_MODE_BASIC:
2846 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) && 2885 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2847 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING)) 2886 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
2848 break; 2887 break;
2849 2888
2850 rfc.mode = L2CAP_MODE_BASIC; 2889 rfc.mode = L2CAP_MODE_BASIC;
@@ -2855,7 +2894,7 @@ done:
2855 rfc.max_pdu_size = 0; 2894 rfc.max_pdu_size = 0;
2856 2895
2857 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 2896 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2858 (unsigned long) &rfc); 2897 (unsigned long) &rfc);
2859 break; 2898 break;
2860 2899
2861 case L2CAP_MODE_ERTM: 2900 case L2CAP_MODE_ERTM:
@@ -2865,18 +2904,17 @@ done:
2865 rfc.monitor_timeout = 0; 2904 rfc.monitor_timeout = 0;
2866 2905
2867 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - 2906 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2868 L2CAP_EXT_HDR_SIZE - 2907 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
2869 L2CAP_SDULEN_SIZE - 2908 L2CAP_FCS_SIZE);
2870 L2CAP_FCS_SIZE);
2871 rfc.max_pdu_size = cpu_to_le16(size); 2909 rfc.max_pdu_size = cpu_to_le16(size);
2872 2910
2873 l2cap_txwin_setup(chan); 2911 l2cap_txwin_setup(chan);
2874 2912
2875 rfc.txwin_size = min_t(u16, chan->tx_win, 2913 rfc.txwin_size = min_t(u16, chan->tx_win,
2876 L2CAP_DEFAULT_TX_WINDOW); 2914 L2CAP_DEFAULT_TX_WINDOW);
2877 2915
2878 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 2916 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2879 (unsigned long) &rfc); 2917 (unsigned long) &rfc);
2880 2918
2881 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 2919 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2882 l2cap_add_opt_efs(&ptr, chan); 2920 l2cap_add_opt_efs(&ptr, chan);
@@ -2885,14 +2923,14 @@ done:
2885 break; 2923 break;
2886 2924
2887 if (chan->fcs == L2CAP_FCS_NONE || 2925 if (chan->fcs == L2CAP_FCS_NONE ||
2888 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 2926 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
2889 chan->fcs = L2CAP_FCS_NONE; 2927 chan->fcs = L2CAP_FCS_NONE;
2890 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 2928 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
2891 } 2929 }
2892 2930
2893 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) 2931 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2894 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2, 2932 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2895 chan->tx_win); 2933 chan->tx_win);
2896 break; 2934 break;
2897 2935
2898 case L2CAP_MODE_STREAMING: 2936 case L2CAP_MODE_STREAMING:
@@ -2904,13 +2942,12 @@ done:
2904 rfc.monitor_timeout = 0; 2942 rfc.monitor_timeout = 0;
2905 2943
2906 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - 2944 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2907 L2CAP_EXT_HDR_SIZE - 2945 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
2908 L2CAP_SDULEN_SIZE - 2946 L2CAP_FCS_SIZE);
2909 L2CAP_FCS_SIZE);
2910 rfc.max_pdu_size = cpu_to_le16(size); 2947 rfc.max_pdu_size = cpu_to_le16(size);
2911 2948
2912 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 2949 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2913 (unsigned long) &rfc); 2950 (unsigned long) &rfc);
2914 2951
2915 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 2952 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2916 l2cap_add_opt_efs(&ptr, chan); 2953 l2cap_add_opt_efs(&ptr, chan);
@@ -2919,7 +2956,7 @@ done:
2919 break; 2956 break;
2920 2957
2921 if (chan->fcs == L2CAP_FCS_NONE || 2958 if (chan->fcs == L2CAP_FCS_NONE ||
2922 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 2959 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
2923 chan->fcs = L2CAP_FCS_NONE; 2960 chan->fcs = L2CAP_FCS_NONE;
2924 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 2961 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
2925 } 2962 }
@@ -3011,7 +3048,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
3011 case L2CAP_MODE_ERTM: 3048 case L2CAP_MODE_ERTM:
3012 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { 3049 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
3013 chan->mode = l2cap_select_mode(rfc.mode, 3050 chan->mode = l2cap_select_mode(rfc.mode,
3014 chan->conn->feat_mask); 3051 chan->conn->feat_mask);
3015 break; 3052 break;
3016 } 3053 }
3017 3054
@@ -3036,8 +3073,8 @@ done:
3036 if (chan->num_conf_rsp == 1) 3073 if (chan->num_conf_rsp == 1)
3037 return -ECONNREFUSED; 3074 return -ECONNREFUSED;
3038 3075
3039 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3076 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3040 sizeof(rfc), (unsigned long) &rfc); 3077 (unsigned long) &rfc);
3041 } 3078 }
3042 3079
3043 if (result == L2CAP_CONF_SUCCESS) { 3080 if (result == L2CAP_CONF_SUCCESS) {
@@ -3054,8 +3091,8 @@ done:
3054 3091
3055 if (remote_efs) { 3092 if (remote_efs) {
3056 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && 3093 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3057 efs.stype != L2CAP_SERV_NOTRAFIC && 3094 efs.stype != L2CAP_SERV_NOTRAFIC &&
3058 efs.stype != chan->local_stype) { 3095 efs.stype != chan->local_stype) {
3059 3096
3060 result = L2CAP_CONF_UNACCEPT; 3097 result = L2CAP_CONF_UNACCEPT;
3061 3098
@@ -3063,8 +3100,8 @@ done:
3063 return -ECONNREFUSED; 3100 return -ECONNREFUSED;
3064 3101
3065 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3102 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3066 sizeof(efs), 3103 sizeof(efs),
3067 (unsigned long) &efs); 3104 (unsigned long) &efs);
3068 } else { 3105 } else {
3069 /* Send PENDING Conf Rsp */ 3106 /* Send PENDING Conf Rsp */
3070 result = L2CAP_CONF_PENDING; 3107 result = L2CAP_CONF_PENDING;
@@ -3087,10 +3124,8 @@ done:
3087 chan->remote_max_tx = rfc.max_transmit; 3124 chan->remote_max_tx = rfc.max_transmit;
3088 3125
3089 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), 3126 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3090 chan->conn->mtu - 3127 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3091 L2CAP_EXT_HDR_SIZE - 3128 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
3092 L2CAP_SDULEN_SIZE -
3093 L2CAP_FCS_SIZE);
3094 rfc.max_pdu_size = cpu_to_le16(size); 3129 rfc.max_pdu_size = cpu_to_le16(size);
3095 chan->remote_mps = size; 3130 chan->remote_mps = size;
3096 3131
@@ -3102,36 +3137,35 @@ done:
3102 set_bit(CONF_MODE_DONE, &chan->conf_state); 3137 set_bit(CONF_MODE_DONE, &chan->conf_state);
3103 3138
3104 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3139 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3105 sizeof(rfc), (unsigned long) &rfc); 3140 sizeof(rfc), (unsigned long) &rfc);
3106 3141
3107 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3142 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3108 chan->remote_id = efs.id; 3143 chan->remote_id = efs.id;
3109 chan->remote_stype = efs.stype; 3144 chan->remote_stype = efs.stype;
3110 chan->remote_msdu = le16_to_cpu(efs.msdu); 3145 chan->remote_msdu = le16_to_cpu(efs.msdu);
3111 chan->remote_flush_to = 3146 chan->remote_flush_to =
3112 le32_to_cpu(efs.flush_to); 3147 le32_to_cpu(efs.flush_to);
3113 chan->remote_acc_lat = 3148 chan->remote_acc_lat =
3114 le32_to_cpu(efs.acc_lat); 3149 le32_to_cpu(efs.acc_lat);
3115 chan->remote_sdu_itime = 3150 chan->remote_sdu_itime =
3116 le32_to_cpu(efs.sdu_itime); 3151 le32_to_cpu(efs.sdu_itime);
3117 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3152 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3118 sizeof(efs), (unsigned long) &efs); 3153 sizeof(efs),
3154 (unsigned long) &efs);
3119 } 3155 }
3120 break; 3156 break;
3121 3157
3122 case L2CAP_MODE_STREAMING: 3158 case L2CAP_MODE_STREAMING:
3123 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), 3159 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3124 chan->conn->mtu - 3160 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3125 L2CAP_EXT_HDR_SIZE - 3161 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
3126 L2CAP_SDULEN_SIZE -
3127 L2CAP_FCS_SIZE);
3128 rfc.max_pdu_size = cpu_to_le16(size); 3162 rfc.max_pdu_size = cpu_to_le16(size);
3129 chan->remote_mps = size; 3163 chan->remote_mps = size;
3130 3164
3131 set_bit(CONF_MODE_DONE, &chan->conf_state); 3165 set_bit(CONF_MODE_DONE, &chan->conf_state);
3132 3166
3133 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3167 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3134 sizeof(rfc), (unsigned long) &rfc); 3168 (unsigned long) &rfc);
3135 3169
3136 break; 3170 break;
3137 3171
@@ -3152,7 +3186,8 @@ done:
3152 return ptr - data; 3186 return ptr - data;
3153} 3187}
3154 3188
3155static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result) 3189static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3190 void *data, u16 *result)
3156{ 3191{
3157 struct l2cap_conf_req *req = data; 3192 struct l2cap_conf_req *req = data;
3158 void *ptr = req->data; 3193 void *ptr = req->data;
@@ -3179,7 +3214,7 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3179 case L2CAP_CONF_FLUSH_TO: 3214 case L2CAP_CONF_FLUSH_TO:
3180 chan->flush_to = val; 3215 chan->flush_to = val;
3181 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 3216 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
3182 2, chan->flush_to); 3217 2, chan->flush_to);
3183 break; 3218 break;
3184 3219
3185 case L2CAP_CONF_RFC: 3220 case L2CAP_CONF_RFC:
@@ -3187,13 +3222,13 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3187 memcpy(&rfc, (void *)val, olen); 3222 memcpy(&rfc, (void *)val, olen);
3188 3223
3189 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && 3224 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3190 rfc.mode != chan->mode) 3225 rfc.mode != chan->mode)
3191 return -ECONNREFUSED; 3226 return -ECONNREFUSED;
3192 3227
3193 chan->fcs = 0; 3228 chan->fcs = 0;
3194 3229
3195 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3230 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3196 sizeof(rfc), (unsigned long) &rfc); 3231 sizeof(rfc), (unsigned long) &rfc);
3197 break; 3232 break;
3198 3233
3199 case L2CAP_CONF_EWS: 3234 case L2CAP_CONF_EWS:
@@ -3207,12 +3242,12 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3207 memcpy(&efs, (void *)val, olen); 3242 memcpy(&efs, (void *)val, olen);
3208 3243
3209 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && 3244 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3210 efs.stype != L2CAP_SERV_NOTRAFIC && 3245 efs.stype != L2CAP_SERV_NOTRAFIC &&
3211 efs.stype != chan->local_stype) 3246 efs.stype != chan->local_stype)
3212 return -ECONNREFUSED; 3247 return -ECONNREFUSED;
3213 3248
3214 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3249 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
3215 sizeof(efs), (unsigned long) &efs); 3250 (unsigned long) &efs);
3216 break; 3251 break;
3217 } 3252 }
3218 } 3253 }
@@ -3235,10 +3270,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3235 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3270 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3236 chan->local_msdu = le16_to_cpu(efs.msdu); 3271 chan->local_msdu = le16_to_cpu(efs.msdu);
3237 chan->local_sdu_itime = 3272 chan->local_sdu_itime =
3238 le32_to_cpu(efs.sdu_itime); 3273 le32_to_cpu(efs.sdu_itime);
3239 chan->local_acc_lat = le32_to_cpu(efs.acc_lat); 3274 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3240 chan->local_flush_to = 3275 chan->local_flush_to =
3241 le32_to_cpu(efs.flush_to); 3276 le32_to_cpu(efs.flush_to);
3242 } 3277 }
3243 break; 3278 break;
3244 3279
@@ -3253,7 +3288,8 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3253 return ptr - data; 3288 return ptr - data;
3254} 3289}
3255 3290
3256static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags) 3291static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3292 u16 result, u16 flags)
3257{ 3293{
3258 struct l2cap_conf_rsp *rsp = data; 3294 struct l2cap_conf_rsp *rsp = data;
3259 void *ptr = rsp->data; 3295 void *ptr = rsp->data;
@@ -3277,14 +3313,13 @@ void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
3277 rsp.dcid = cpu_to_le16(chan->scid); 3313 rsp.dcid = cpu_to_le16(chan->scid);
3278 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS); 3314 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS);
3279 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 3315 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
3280 l2cap_send_cmd(conn, chan->ident, 3316 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3281 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3282 3317
3283 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) 3318 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
3284 return; 3319 return;
3285 3320
3286 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3321 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3287 l2cap_build_conf_req(chan, buf), buf); 3322 l2cap_build_conf_req(chan, buf), buf);
3288 chan->num_conf_req++; 3323 chan->num_conf_req++;
3289} 3324}
3290 3325
@@ -3339,7 +3374,8 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3339 } 3374 }
3340} 3375}
3341 3376
3342static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3377static inline int l2cap_command_rej(struct l2cap_conn *conn,
3378 struct l2cap_cmd_hdr *cmd, u8 *data)
3343{ 3379{
3344 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data; 3380 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
3345 3381
@@ -3347,7 +3383,7 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
3347 return 0; 3383 return 0;
3348 3384
3349 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && 3385 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3350 cmd->ident == conn->info_ident) { 3386 cmd->ident == conn->info_ident) {
3351 cancel_delayed_work(&conn->info_timer); 3387 cancel_delayed_work(&conn->info_timer);
3352 3388
3353 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 3389 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
@@ -3359,7 +3395,8 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
3359 return 0; 3395 return 0;
3360} 3396}
3361 3397
3362static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3398static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd,
3399 u8 *data, u8 rsp_code, u8 amp_id)
3363{ 3400{
3364 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 3401 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3365 struct l2cap_conn_rsp rsp; 3402 struct l2cap_conn_rsp rsp;
@@ -3386,7 +3423,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3386 3423
3387 /* Check if the ACL is secure enough (if not SDP) */ 3424 /* Check if the ACL is secure enough (if not SDP) */
3388 if (psm != __constant_cpu_to_le16(L2CAP_PSM_SDP) && 3425 if (psm != __constant_cpu_to_le16(L2CAP_PSM_SDP) &&
3389 !hci_conn_check_link_mode(conn->hcon)) { 3426 !hci_conn_check_link_mode(conn->hcon)) {
3390 conn->disc_reason = HCI_ERROR_AUTH_FAILURE; 3427 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
3391 result = L2CAP_CR_SEC_BLOCK; 3428 result = L2CAP_CR_SEC_BLOCK;
3392 goto response; 3429 goto response;
@@ -3411,8 +3448,6 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3411 chan->psm = psm; 3448 chan->psm = psm;
3412 chan->dcid = scid; 3449 chan->dcid = scid;
3413 3450
3414 bt_accept_enqueue(parent, sk);
3415
3416 __l2cap_chan_add(conn, chan); 3451 __l2cap_chan_add(conn, chan);
3417 3452
3418 dcid = chan->scid; 3453 dcid = chan->scid;
@@ -3427,7 +3462,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3427 __l2cap_state_change(chan, BT_CONNECT2); 3462 __l2cap_state_change(chan, BT_CONNECT2);
3428 result = L2CAP_CR_PEND; 3463 result = L2CAP_CR_PEND;
3429 status = L2CAP_CS_AUTHOR_PEND; 3464 status = L2CAP_CS_AUTHOR_PEND;
3430 parent->sk_data_ready(parent, 0); 3465 chan->ops->defer(chan);
3431 } else { 3466 } else {
3432 __l2cap_state_change(chan, BT_CONFIG); 3467 __l2cap_state_change(chan, BT_CONFIG);
3433 result = L2CAP_CR_SUCCESS; 3468 result = L2CAP_CR_SUCCESS;
@@ -3453,7 +3488,7 @@ sendresp:
3453 rsp.dcid = cpu_to_le16(dcid); 3488 rsp.dcid = cpu_to_le16(dcid);
3454 rsp.result = cpu_to_le16(result); 3489 rsp.result = cpu_to_le16(result);
3455 rsp.status = cpu_to_le16(status); 3490 rsp.status = cpu_to_le16(status);
3456 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3491 l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp);
3457 3492
3458 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { 3493 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3459 struct l2cap_info_req info; 3494 struct l2cap_info_req info;
@@ -3464,23 +3499,29 @@ sendresp:
3464 3499
3465 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); 3500 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
3466 3501
3467 l2cap_send_cmd(conn, conn->info_ident, 3502 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
3468 L2CAP_INFO_REQ, sizeof(info), &info); 3503 sizeof(info), &info);
3469 } 3504 }
3470 3505
3471 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) && 3506 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
3472 result == L2CAP_CR_SUCCESS) { 3507 result == L2CAP_CR_SUCCESS) {
3473 u8 buf[128]; 3508 u8 buf[128];
3474 set_bit(CONF_REQ_SENT, &chan->conf_state); 3509 set_bit(CONF_REQ_SENT, &chan->conf_state);
3475 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3510 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3476 l2cap_build_conf_req(chan, buf), buf); 3511 l2cap_build_conf_req(chan, buf), buf);
3477 chan->num_conf_req++; 3512 chan->num_conf_req++;
3478 } 3513 }
3514}
3479 3515
3516static int l2cap_connect_req(struct l2cap_conn *conn,
3517 struct l2cap_cmd_hdr *cmd, u8 *data)
3518{
3519 l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0);
3480 return 0; 3520 return 0;
3481} 3521}
3482 3522
3483static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3523static inline int l2cap_connect_rsp(struct l2cap_conn *conn,
3524 struct l2cap_cmd_hdr *cmd, u8 *data)
3484{ 3525{
3485 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 3526 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3486 u16 scid, dcid, result, status; 3527 u16 scid, dcid, result, status;
@@ -3494,7 +3535,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
3494 status = __le16_to_cpu(rsp->status); 3535 status = __le16_to_cpu(rsp->status);
3495 3536
3496 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", 3537 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3497 dcid, scid, result, status); 3538 dcid, scid, result, status);
3498 3539
3499 mutex_lock(&conn->chan_lock); 3540 mutex_lock(&conn->chan_lock);
3500 3541
@@ -3527,7 +3568,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
3527 break; 3568 break;
3528 3569
3529 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3570 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3530 l2cap_build_conf_req(chan, req), req); 3571 l2cap_build_conf_req(chan, req), req);
3531 chan->num_conf_req++; 3572 chan->num_conf_req++;
3532 break; 3573 break;
3533 3574
@@ -3559,7 +3600,25 @@ static inline void set_default_fcs(struct l2cap_chan *chan)
3559 chan->fcs = L2CAP_FCS_CRC16; 3600 chan->fcs = L2CAP_FCS_CRC16;
3560} 3601}
3561 3602
3562static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 3603static void l2cap_send_efs_conf_rsp(struct l2cap_chan *chan, void *data,
3604 u8 ident, u16 flags)
3605{
3606 struct l2cap_conn *conn = chan->conn;
3607
3608 BT_DBG("conn %p chan %p ident %d flags 0x%4.4x", conn, chan, ident,
3609 flags);
3610
3611 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3612 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3613
3614 l2cap_send_cmd(conn, ident, L2CAP_CONF_RSP,
3615 l2cap_build_conf_rsp(chan, data,
3616 L2CAP_CONF_SUCCESS, flags), data);
3617}
3618
3619static inline int l2cap_config_req(struct l2cap_conn *conn,
3620 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3621 u8 *data)
3563{ 3622{
3564 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 3623 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3565 u16 dcid, flags; 3624 u16 dcid, flags;
@@ -3584,7 +3643,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3584 rej.dcid = cpu_to_le16(chan->dcid); 3643 rej.dcid = cpu_to_le16(chan->dcid);
3585 3644
3586 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, 3645 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3587 sizeof(rej), &rej); 3646 sizeof(rej), &rej);
3588 goto unlock; 3647 goto unlock;
3589 } 3648 }
3590 3649
@@ -3592,8 +3651,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3592 len = cmd_len - sizeof(*req); 3651 len = cmd_len - sizeof(*req);
3593 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) { 3652 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
3594 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3653 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3595 l2cap_build_conf_rsp(chan, rsp, 3654 l2cap_build_conf_rsp(chan, rsp,
3596 L2CAP_CONF_REJECT, flags), rsp); 3655 L2CAP_CONF_REJECT, flags), rsp);
3597 goto unlock; 3656 goto unlock;
3598 } 3657 }
3599 3658
@@ -3604,8 +3663,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3604 if (flags & L2CAP_CONF_FLAG_CONTINUATION) { 3663 if (flags & L2CAP_CONF_FLAG_CONTINUATION) {
3605 /* Incomplete config. Send empty response. */ 3664 /* Incomplete config. Send empty response. */
3606 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3665 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3607 l2cap_build_conf_rsp(chan, rsp, 3666 l2cap_build_conf_rsp(chan, rsp,
3608 L2CAP_CONF_SUCCESS, flags), rsp); 3667 L2CAP_CONF_SUCCESS, flags), rsp);
3609 goto unlock; 3668 goto unlock;
3610 } 3669 }
3611 3670
@@ -3643,23 +3702,22 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3643 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) { 3702 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
3644 u8 buf[64]; 3703 u8 buf[64];
3645 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3704 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3646 l2cap_build_conf_req(chan, buf), buf); 3705 l2cap_build_conf_req(chan, buf), buf);
3647 chan->num_conf_req++; 3706 chan->num_conf_req++;
3648 } 3707 }
3649 3708
3650 /* Got Conf Rsp PENDING from remote side and asume we sent 3709 /* Got Conf Rsp PENDING from remote side and asume we sent
3651 Conf Rsp PENDING in the code above */ 3710 Conf Rsp PENDING in the code above */
3652 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) && 3711 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3653 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { 3712 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3654 3713
3655 /* check compatibility */ 3714 /* check compatibility */
3656 3715
3657 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); 3716 /* Send rsp for BR/EDR channel */
3658 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); 3717 if (!chan->ctrl_id)
3659 3718 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags);
3660 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3719 else
3661 l2cap_build_conf_rsp(chan, rsp, 3720 chan->ident = cmd->ident;
3662 L2CAP_CONF_SUCCESS, flags), rsp);
3663 } 3721 }
3664 3722
3665unlock: 3723unlock:
@@ -3667,7 +3725,8 @@ unlock:
3667 return err; 3725 return err;
3668} 3726}
3669 3727
3670static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3728static inline int l2cap_config_rsp(struct l2cap_conn *conn,
3729 struct l2cap_cmd_hdr *cmd, u8 *data)
3671{ 3730{
3672 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 3731 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3673 u16 scid, flags, result; 3732 u16 scid, flags, result;
@@ -3699,7 +3758,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3699 char buf[64]; 3758 char buf[64];
3700 3759
3701 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 3760 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3702 buf, &result); 3761 buf, &result);
3703 if (len < 0) { 3762 if (len < 0) {
3704 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3763 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3705 goto done; 3764 goto done;
@@ -3707,12 +3766,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3707 3766
3708 /* check compatibility */ 3767 /* check compatibility */
3709 3768
3710 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); 3769 if (!chan->ctrl_id)
3711 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); 3770 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident,
3712 3771 0);
3713 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3772 else
3714 l2cap_build_conf_rsp(chan, buf, 3773 chan->ident = cmd->ident;
3715 L2CAP_CONF_SUCCESS, 0x0000), buf);
3716 } 3774 }
3717 goto done; 3775 goto done;
3718 3776
@@ -3728,14 +3786,14 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3728 /* throw out any old stored conf requests */ 3786 /* throw out any old stored conf requests */
3729 result = L2CAP_CONF_SUCCESS; 3787 result = L2CAP_CONF_SUCCESS;
3730 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 3788 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3731 req, &result); 3789 req, &result);
3732 if (len < 0) { 3790 if (len < 0) {
3733 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3791 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3734 goto done; 3792 goto done;
3735 } 3793 }
3736 3794
3737 l2cap_send_cmd(conn, l2cap_get_ident(conn), 3795 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3738 L2CAP_CONF_REQ, len, req); 3796 L2CAP_CONF_REQ, len, req);
3739 chan->num_conf_req++; 3797 chan->num_conf_req++;
3740 if (result != L2CAP_CONF_SUCCESS) 3798 if (result != L2CAP_CONF_SUCCESS)
3741 goto done; 3799 goto done;
@@ -3773,7 +3831,8 @@ done:
3773 return err; 3831 return err;
3774} 3832}
3775 3833
3776static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3834static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
3835 struct l2cap_cmd_hdr *cmd, u8 *data)
3777{ 3836{
3778 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 3837 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3779 struct l2cap_disconn_rsp rsp; 3838 struct l2cap_disconn_rsp rsp;
@@ -3819,7 +3878,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3819 return 0; 3878 return 0;
3820} 3879}
3821 3880
3822static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3881static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
3882 struct l2cap_cmd_hdr *cmd, u8 *data)
3823{ 3883{
3824 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 3884 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3825 u16 dcid, scid; 3885 u16 dcid, scid;
@@ -3853,7 +3913,8 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3853 return 0; 3913 return 0;
3854} 3914}
3855 3915
3856static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3916static inline int l2cap_information_req(struct l2cap_conn *conn,
3917 struct l2cap_cmd_hdr *cmd, u8 *data)
3857{ 3918{
3858 struct l2cap_info_req *req = (struct l2cap_info_req *) data; 3919 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3859 u16 type; 3920 u16 type;
@@ -3870,14 +3931,14 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3870 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS); 3931 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS);
3871 if (!disable_ertm) 3932 if (!disable_ertm)
3872 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 3933 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3873 | L2CAP_FEAT_FCS; 3934 | L2CAP_FEAT_FCS;
3874 if (enable_hs) 3935 if (enable_hs)
3875 feat_mask |= L2CAP_FEAT_EXT_FLOW 3936 feat_mask |= L2CAP_FEAT_EXT_FLOW
3876 | L2CAP_FEAT_EXT_WINDOW; 3937 | L2CAP_FEAT_EXT_WINDOW;
3877 3938
3878 put_unaligned_le32(feat_mask, rsp->data); 3939 put_unaligned_le32(feat_mask, rsp->data);
3879 l2cap_send_cmd(conn, cmd->ident, 3940 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
3880 L2CAP_INFO_RSP, sizeof(buf), buf); 3941 buf);
3881 } else if (type == L2CAP_IT_FIXED_CHAN) { 3942 } else if (type == L2CAP_IT_FIXED_CHAN) {
3882 u8 buf[12]; 3943 u8 buf[12];
3883 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 3944 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
@@ -3890,20 +3951,21 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3890 rsp->type = __constant_cpu_to_le16(L2CAP_IT_FIXED_CHAN); 3951 rsp->type = __constant_cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3891 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS); 3952 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS);
3892 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan)); 3953 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
3893 l2cap_send_cmd(conn, cmd->ident, 3954 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
3894 L2CAP_INFO_RSP, sizeof(buf), buf); 3955 buf);
3895 } else { 3956 } else {
3896 struct l2cap_info_rsp rsp; 3957 struct l2cap_info_rsp rsp;
3897 rsp.type = cpu_to_le16(type); 3958 rsp.type = cpu_to_le16(type);
3898 rsp.result = __constant_cpu_to_le16(L2CAP_IR_NOTSUPP); 3959 rsp.result = __constant_cpu_to_le16(L2CAP_IR_NOTSUPP);
3899 l2cap_send_cmd(conn, cmd->ident, 3960 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp),
3900 L2CAP_INFO_RSP, sizeof(rsp), &rsp); 3961 &rsp);
3901 } 3962 }
3902 3963
3903 return 0; 3964 return 0;
3904} 3965}
3905 3966
3906static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3967static inline int l2cap_information_rsp(struct l2cap_conn *conn,
3968 struct l2cap_cmd_hdr *cmd, u8 *data)
3907{ 3969{
3908 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data; 3970 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3909 u16 type, result; 3971 u16 type, result;
@@ -3915,7 +3977,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3915 3977
3916 /* L2CAP Info req/rsp are unbound to channels, add extra checks */ 3978 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3917 if (cmd->ident != conn->info_ident || 3979 if (cmd->ident != conn->info_ident ||
3918 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) 3980 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3919 return 0; 3981 return 0;
3920 3982
3921 cancel_delayed_work(&conn->info_timer); 3983 cancel_delayed_work(&conn->info_timer);
@@ -3940,7 +4002,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3940 conn->info_ident = l2cap_get_ident(conn); 4002 conn->info_ident = l2cap_get_ident(conn);
3941 4003
3942 l2cap_send_cmd(conn, conn->info_ident, 4004 l2cap_send_cmd(conn, conn->info_ident,
3943 L2CAP_INFO_REQ, sizeof(req), &req); 4005 L2CAP_INFO_REQ, sizeof(req), &req);
3944 } else { 4006 } else {
3945 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 4007 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3946 conn->info_ident = 0; 4008 conn->info_ident = 0;
@@ -3962,8 +4024,8 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3962} 4024}
3963 4025
3964static inline int l2cap_create_channel_req(struct l2cap_conn *conn, 4026static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3965 struct l2cap_cmd_hdr *cmd, u16 cmd_len, 4027 struct l2cap_cmd_hdr *cmd,
3966 void *data) 4028 u16 cmd_len, void *data)
3967{ 4029{
3968 struct l2cap_create_chan_req *req = data; 4030 struct l2cap_create_chan_req *req = data;
3969 struct l2cap_create_chan_rsp rsp; 4031 struct l2cap_create_chan_rsp rsp;
@@ -3993,7 +4055,8 @@ static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3993} 4055}
3994 4056
3995static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn, 4057static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3996 struct l2cap_cmd_hdr *cmd, void *data) 4058 struct l2cap_cmd_hdr *cmd,
4059 void *data)
3997{ 4060{
3998 BT_DBG("conn %p", conn); 4061 BT_DBG("conn %p", conn);
3999 4062
@@ -4126,7 +4189,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4126} 4189}
4127 4190
4128static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency, 4191static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
4129 u16 to_multiplier) 4192 u16 to_multiplier)
4130{ 4193{
4131 u16 max_latency; 4194 u16 max_latency;
4132 4195
@@ -4147,7 +4210,8 @@ static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
4147} 4210}
4148 4211
4149static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, 4212static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4150 struct l2cap_cmd_hdr *cmd, u8 *data) 4213 struct l2cap_cmd_hdr *cmd,
4214 u8 *data)
4151{ 4215{
4152 struct hci_conn *hcon = conn->hcon; 4216 struct hci_conn *hcon = conn->hcon;
4153 struct l2cap_conn_param_update_req *req; 4217 struct l2cap_conn_param_update_req *req;
@@ -4169,7 +4233,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4169 to_multiplier = __le16_to_cpu(req->to_multiplier); 4233 to_multiplier = __le16_to_cpu(req->to_multiplier);
4170 4234
4171 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x", 4235 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4172 min, max, latency, to_multiplier); 4236 min, max, latency, to_multiplier);
4173 4237
4174 memset(&rsp, 0, sizeof(rsp)); 4238 memset(&rsp, 0, sizeof(rsp));
4175 4239
@@ -4180,7 +4244,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4180 rsp.result = __constant_cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED); 4244 rsp.result = __constant_cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4181 4245
4182 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP, 4246 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4183 sizeof(rsp), &rsp); 4247 sizeof(rsp), &rsp);
4184 4248
4185 if (!err) 4249 if (!err)
4186 hci_le_conn_update(hcon, min, max, latency, to_multiplier); 4250 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
@@ -4189,7 +4253,8 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4189} 4253}
4190 4254
4191static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, 4255static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4192 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 4256 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4257 u8 *data)
4193{ 4258{
4194 int err = 0; 4259 int err = 0;
4195 4260
@@ -4203,6 +4268,7 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4203 break; 4268 break;
4204 4269
4205 case L2CAP_CONN_RSP: 4270 case L2CAP_CONN_RSP:
4271 case L2CAP_CREATE_CHAN_RSP:
4206 err = l2cap_connect_rsp(conn, cmd, data); 4272 err = l2cap_connect_rsp(conn, cmd, data);
4207 break; 4273 break;
4208 4274
@@ -4241,10 +4307,6 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4241 err = l2cap_create_channel_req(conn, cmd, cmd_len, data); 4307 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4242 break; 4308 break;
4243 4309
4244 case L2CAP_CREATE_CHAN_RSP:
4245 err = l2cap_create_channel_rsp(conn, cmd, data);
4246 break;
4247
4248 case L2CAP_MOVE_CHAN_REQ: 4310 case L2CAP_MOVE_CHAN_REQ:
4249 err = l2cap_move_channel_req(conn, cmd, cmd_len, data); 4311 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4250 break; 4312 break;
@@ -4271,7 +4333,7 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4271} 4333}
4272 4334
4273static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn, 4335static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4274 struct l2cap_cmd_hdr *cmd, u8 *data) 4336 struct l2cap_cmd_hdr *cmd, u8 *data)
4275{ 4337{
4276 switch (cmd->code) { 4338 switch (cmd->code) {
4277 case L2CAP_COMMAND_REJ: 4339 case L2CAP_COMMAND_REJ:
@@ -4290,7 +4352,7 @@ static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4290} 4352}
4291 4353
4292static inline void l2cap_sig_channel(struct l2cap_conn *conn, 4354static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4293 struct sk_buff *skb) 4355 struct sk_buff *skb)
4294{ 4356{
4295 u8 *data = skb->data; 4357 u8 *data = skb->data;
4296 int len = skb->len; 4358 int len = skb->len;
@@ -4307,7 +4369,8 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4307 4369
4308 cmd_len = le16_to_cpu(cmd.len); 4370 cmd_len = le16_to_cpu(cmd.len);
4309 4371
4310 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident); 4372 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len,
4373 cmd.ident);
4311 4374
4312 if (cmd_len > len || !cmd.ident) { 4375 if (cmd_len > len || !cmd.ident) {
4313 BT_DBG("corrupted command"); 4376 BT_DBG("corrupted command");
@@ -4326,7 +4389,8 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4326 4389
4327 /* FIXME: Map err to a valid reason */ 4390 /* FIXME: Map err to a valid reason */
4328 rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); 4391 rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
4329 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); 4392 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ,
4393 sizeof(rej), &rej);
4330 } 4394 }
4331 4395
4332 data += cmd_len; 4396 data += cmd_len;
@@ -4391,8 +4455,8 @@ static void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
4391 } 4455 }
4392} 4456}
4393 4457
4394static void append_skb_frag(struct sk_buff *skb, 4458static void append_skb_frag(struct sk_buff *skb, struct sk_buff *new_frag,
4395 struct sk_buff *new_frag, struct sk_buff **last_frag) 4459 struct sk_buff **last_frag)
4396{ 4460{
4397 /* skb->len reflects data in skb as well as all fragments 4461 /* skb->len reflects data in skb as well as all fragments
4398 * skb->data_len reflects only data in fragments 4462 * skb->data_len reflects only data in fragments
@@ -4641,7 +4705,7 @@ static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4641 4705
4642 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { 4706 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
4643 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= 4707 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
4644 chan->tx_win) { 4708 chan->tx_win) {
4645 /* See notes below regarding "double poll" and 4709 /* See notes below regarding "double poll" and
4646 * invalid packets. 4710 * invalid packets.
4647 */ 4711 */
@@ -4682,8 +4746,7 @@ static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4682 } 4746 }
4683 4747
4684 if (__seq_offset(chan, txseq, chan->last_acked_seq) < 4748 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
4685 __seq_offset(chan, chan->expected_tx_seq, 4749 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) {
4686 chan->last_acked_seq)){
4687 BT_DBG("Duplicate - expected_tx_seq later than txseq"); 4750 BT_DBG("Duplicate - expected_tx_seq later than txseq");
4688 return L2CAP_TXSEQ_DUPLICATE; 4751 return L2CAP_TXSEQ_DUPLICATE;
4689 } 4752 }
@@ -5323,7 +5386,7 @@ int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
5323 int exact = 0, lm1 = 0, lm2 = 0; 5386 int exact = 0, lm1 = 0, lm2 = 0;
5324 struct l2cap_chan *c; 5387 struct l2cap_chan *c;
5325 5388
5326 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 5389 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
5327 5390
5328 /* Find listening sockets and check their link_mode */ 5391 /* Find listening sockets and check their link_mode */
5329 read_lock(&chan_list_lock); 5392 read_lock(&chan_list_lock);
@@ -5353,7 +5416,7 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
5353{ 5416{
5354 struct l2cap_conn *conn; 5417 struct l2cap_conn *conn;
5355 5418
5356 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 5419 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
5357 5420
5358 if (!status) { 5421 if (!status) {
5359 conn = l2cap_conn_add(hcon, status); 5422 conn = l2cap_conn_add(hcon, status);
@@ -5443,7 +5506,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5443 } 5506 }
5444 5507
5445 if (!status && (chan->state == BT_CONNECTED || 5508 if (!status && (chan->state == BT_CONNECTED ||
5446 chan->state == BT_CONFIG)) { 5509 chan->state == BT_CONFIG)) {
5447 struct sock *sk = chan->sk; 5510 struct sock *sk = chan->sk;
5448 5511
5449 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 5512 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
@@ -5456,7 +5519,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5456 5519
5457 if (chan->state == BT_CONNECT) { 5520 if (chan->state == BT_CONNECT) {
5458 if (!status) { 5521 if (!status) {
5459 l2cap_send_conn_req(chan); 5522 l2cap_start_connection(chan);
5460 } else { 5523 } else {
5461 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT); 5524 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
5462 } 5525 }
@@ -5470,11 +5533,9 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5470 if (!status) { 5533 if (!status) {
5471 if (test_bit(BT_SK_DEFER_SETUP, 5534 if (test_bit(BT_SK_DEFER_SETUP,
5472 &bt_sk(sk)->flags)) { 5535 &bt_sk(sk)->flags)) {
5473 struct sock *parent = bt_sk(sk)->parent;
5474 res = L2CAP_CR_PEND; 5536 res = L2CAP_CR_PEND;
5475 stat = L2CAP_CS_AUTHOR_PEND; 5537 stat = L2CAP_CS_AUTHOR_PEND;
5476 if (parent) 5538 chan->ops->defer(chan);
5477 parent->sk_data_ready(parent, 0);
5478 } else { 5539 } else {
5479 __l2cap_state_change(chan, BT_CONFIG); 5540 __l2cap_state_change(chan, BT_CONFIG);
5480 res = L2CAP_CR_SUCCESS; 5541 res = L2CAP_CR_SUCCESS;
@@ -5494,7 +5555,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5494 rsp.result = cpu_to_le16(res); 5555 rsp.result = cpu_to_le16(res);
5495 rsp.status = cpu_to_le16(stat); 5556 rsp.status = cpu_to_le16(stat);
5496 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 5557 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5497 sizeof(rsp), &rsp); 5558 sizeof(rsp), &rsp);
5498 5559
5499 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) && 5560 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) &&
5500 res == L2CAP_CR_SUCCESS) { 5561 res == L2CAP_CR_SUCCESS) {
@@ -5519,6 +5580,12 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5519int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 5580int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5520{ 5581{
5521 struct l2cap_conn *conn = hcon->l2cap_data; 5582 struct l2cap_conn *conn = hcon->l2cap_data;
5583 struct l2cap_hdr *hdr;
5584 int len;
5585
5586 /* For AMP controller do not create l2cap conn */
5587 if (!conn && hcon->hdev->dev_type != HCI_BREDR)
5588 goto drop;
5522 5589
5523 if (!conn) 5590 if (!conn)
5524 conn = l2cap_conn_add(hcon, 0); 5591 conn = l2cap_conn_add(hcon, 0);
@@ -5528,10 +5595,10 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5528 5595
5529 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags); 5596 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5530 5597
5531 if (!(flags & ACL_CONT)) { 5598 switch (flags) {
5532 struct l2cap_hdr *hdr; 5599 case ACL_START:
5533 int len; 5600 case ACL_START_NO_FLUSH:
5534 5601 case ACL_COMPLETE:
5535 if (conn->rx_len) { 5602 if (conn->rx_len) {
5536 BT_ERR("Unexpected start frame (len %d)", skb->len); 5603 BT_ERR("Unexpected start frame (len %d)", skb->len);
5537 kfree_skb(conn->rx_skb); 5604 kfree_skb(conn->rx_skb);
@@ -5560,20 +5627,22 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5560 5627
5561 if (skb->len > len) { 5628 if (skb->len > len) {
5562 BT_ERR("Frame is too long (len %d, expected len %d)", 5629 BT_ERR("Frame is too long (len %d, expected len %d)",
5563 skb->len, len); 5630 skb->len, len);
5564 l2cap_conn_unreliable(conn, ECOMM); 5631 l2cap_conn_unreliable(conn, ECOMM);
5565 goto drop; 5632 goto drop;
5566 } 5633 }
5567 5634
5568 /* Allocate skb for the complete frame (with header) */ 5635 /* Allocate skb for the complete frame (with header) */
5569 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC); 5636 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
5570 if (!conn->rx_skb) 5637 if (!conn->rx_skb)
5571 goto drop; 5638 goto drop;
5572 5639
5573 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 5640 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
5574 skb->len); 5641 skb->len);
5575 conn->rx_len = len - skb->len; 5642 conn->rx_len = len - skb->len;
5576 } else { 5643 break;
5644
5645 case ACL_CONT:
5577 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len); 5646 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5578 5647
5579 if (!conn->rx_len) { 5648 if (!conn->rx_len) {
@@ -5584,7 +5653,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5584 5653
5585 if (skb->len > conn->rx_len) { 5654 if (skb->len > conn->rx_len) {
5586 BT_ERR("Fragment is too long (len %d, expected %d)", 5655 BT_ERR("Fragment is too long (len %d, expected %d)",
5587 skb->len, conn->rx_len); 5656 skb->len, conn->rx_len);
5588 kfree_skb(conn->rx_skb); 5657 kfree_skb(conn->rx_skb);
5589 conn->rx_skb = NULL; 5658 conn->rx_skb = NULL;
5590 conn->rx_len = 0; 5659 conn->rx_len = 0;
@@ -5593,7 +5662,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5593 } 5662 }
5594 5663
5595 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 5664 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
5596 skb->len); 5665 skb->len);
5597 conn->rx_len -= skb->len; 5666 conn->rx_len -= skb->len;
5598 5667
5599 if (!conn->rx_len) { 5668 if (!conn->rx_len) {
@@ -5601,6 +5670,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5601 l2cap_recv_frame(conn, conn->rx_skb); 5670 l2cap_recv_frame(conn, conn->rx_skb);
5602 conn->rx_skb = NULL; 5671 conn->rx_skb = NULL;
5603 } 5672 }
5673 break;
5604 } 5674 }
5605 5675
5606drop: 5676drop:
@@ -5617,12 +5687,11 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
5617 list_for_each_entry(c, &chan_list, global_l) { 5687 list_for_each_entry(c, &chan_list, global_l) {
5618 struct sock *sk = c->sk; 5688 struct sock *sk = c->sk;
5619 5689
5620 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", 5690 seq_printf(f, "%pMR %pMR %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
5621 batostr(&bt_sk(sk)->src), 5691 &bt_sk(sk)->src, &bt_sk(sk)->dst,
5622 batostr(&bt_sk(sk)->dst), 5692 c->state, __le16_to_cpu(c->psm),
5623 c->state, __le16_to_cpu(c->psm), 5693 c->scid, c->dcid, c->imtu, c->omtu,
5624 c->scid, c->dcid, c->imtu, c->omtu, 5694 c->sec_level, c->mode);
5625 c->sec_level, c->mode);
5626 } 5695 }
5627 5696
5628 read_unlock(&chan_list_lock); 5697 read_unlock(&chan_list_lock);
@@ -5653,8 +5722,8 @@ int __init l2cap_init(void)
5653 return err; 5722 return err;
5654 5723
5655 if (bt_debugfs) { 5724 if (bt_debugfs) {
5656 l2cap_debugfs = debugfs_create_file("l2cap", 0444, 5725 l2cap_debugfs = debugfs_create_file("l2cap", 0444, bt_debugfs,
5657 bt_debugfs, NULL, &l2cap_debugfs_fops); 5726 NULL, &l2cap_debugfs_fops);
5658 if (!l2cap_debugfs) 5727 if (!l2cap_debugfs)
5659 BT_ERR("Failed to create L2CAP debug file"); 5728 BT_ERR("Failed to create L2CAP debug file");
5660 } 5729 }
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 083f2bf065d..89f1472939e 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -40,7 +40,8 @@ static struct bt_sock_list l2cap_sk_list = {
40 40
41static const struct proto_ops l2cap_sock_ops; 41static const struct proto_ops l2cap_sock_ops;
42static void l2cap_sock_init(struct sock *sk, struct sock *parent); 42static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio);
44 45
45static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
46{ 47{
@@ -106,7 +107,8 @@ done:
106 return err; 107 return err;
107} 108}
108 109
109static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 110static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
111 int alen, int flags)
110{ 112{
111 struct sock *sk = sock->sk; 113 struct sock *sk = sock->sk;
112 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 114 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -134,7 +136,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
134 lock_sock(sk); 136 lock_sock(sk);
135 137
136 err = bt_sock_wait_state(sk, BT_CONNECTED, 138 err = bt_sock_wait_state(sk, BT_CONNECTED,
137 sock_sndtimeo(sk, flags & O_NONBLOCK)); 139 sock_sndtimeo(sk, flags & O_NONBLOCK));
138 140
139 release_sock(sk); 141 release_sock(sk);
140 142
@@ -185,7 +187,8 @@ done:
185 return err; 187 return err;
186} 188}
187 189
188static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 190static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
191 int flags)
189{ 192{
190 DECLARE_WAITQUEUE(wait, current); 193 DECLARE_WAITQUEUE(wait, current);
191 struct sock *sk = sock->sk, *nsk; 194 struct sock *sk = sock->sk, *nsk;
@@ -241,7 +244,8 @@ done:
241 return err; 244 return err;
242} 245}
243 246
244static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 247static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
248 int *len, int peer)
245{ 249{
246 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
247 struct sock *sk = sock->sk; 251 struct sock *sk = sock->sk;
@@ -266,7 +270,8 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
266 return 0; 270 return 0;
267} 271}
268 272
269static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 273static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
274 char __user *optval, int __user *optlen)
270{ 275{
271 struct sock *sk = sock->sk; 276 struct sock *sk = sock->sk;
272 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 277 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -309,7 +314,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
309 break; 314 break;
310 case BT_SECURITY_HIGH: 315 case BT_SECURITY_HIGH:
311 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 316 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
312 L2CAP_LM_SECURE; 317 L2CAP_LM_SECURE;
313 break; 318 break;
314 default: 319 default:
315 opt = 0; 320 opt = 0;
@@ -353,7 +358,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
353 return err; 358 return err;
354} 359}
355 360
356static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 361static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
362 char __user *optval, int __user *optlen)
357{ 363{
358 struct sock *sk = sock->sk; 364 struct sock *sk = sock->sk;
359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -377,19 +383,20 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
377 switch (optname) { 383 switch (optname) {
378 case BT_SECURITY: 384 case BT_SECURITY:
379 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 385 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
380 chan->chan_type != L2CAP_CHAN_RAW) { 386 chan->chan_type != L2CAP_CHAN_RAW) {
381 err = -EINVAL; 387 err = -EINVAL;
382 break; 388 break;
383 } 389 }
384 390
385 memset(&sec, 0, sizeof(sec)); 391 memset(&sec, 0, sizeof(sec));
386 if (chan->conn) 392 if (chan->conn) {
387 sec.level = chan->conn->hcon->sec_level; 393 sec.level = chan->conn->hcon->sec_level;
388 else
389 sec.level = chan->sec_level;
390 394
391 if (sk->sk_state == BT_CONNECTED) 395 if (sk->sk_state == BT_CONNECTED)
392 sec.key_size = chan->conn->hcon->enc_key_size; 396 sec.key_size = chan->conn->hcon->enc_key_size;
397 } else {
398 sec.level = chan->sec_level;
399 }
393 400
394 len = min_t(unsigned int, len, sizeof(sec)); 401 len = min_t(unsigned int, len, sizeof(sec));
395 if (copy_to_user(optval, (char *) &sec, len)) 402 if (copy_to_user(optval, (char *) &sec, len))
@@ -411,14 +418,14 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
411 418
412 case BT_FLUSHABLE: 419 case BT_FLUSHABLE:
413 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 420 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
414 (u32 __user *) optval)) 421 (u32 __user *) optval))
415 err = -EFAULT; 422 err = -EFAULT;
416 423
417 break; 424 break;
418 425
419 case BT_POWER: 426 case BT_POWER:
420 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 427 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
421 && sk->sk_type != SOCK_RAW) { 428 && sk->sk_type != SOCK_RAW) {
422 err = -EINVAL; 429 err = -EINVAL;
423 break; 430 break;
424 } 431 }
@@ -466,7 +473,8 @@ static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
466 return true; 473 return true;
467} 474}
468 475
469static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 476static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
477 char __user *optval, unsigned int optlen)
470{ 478{
471 struct sock *sk = sock->sk; 479 struct sock *sk = sock->sk;
472 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 480 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -529,6 +537,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
529 chan->fcs = opts.fcs; 537 chan->fcs = opts.fcs;
530 chan->max_tx = opts.max_tx; 538 chan->max_tx = opts.max_tx;
531 chan->tx_win = opts.txwin_size; 539 chan->tx_win = opts.txwin_size;
540 chan->flush_to = opts.flush_to;
532 break; 541 break;
533 542
534 case L2CAP_LM: 543 case L2CAP_LM:
@@ -564,7 +573,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
564 return err; 573 return err;
565} 574}
566 575
567static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 576static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
577 char __user *optval, unsigned int optlen)
568{ 578{
569 struct sock *sk = sock->sk; 579 struct sock *sk = sock->sk;
570 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 580 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -587,7 +597,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
587 switch (optname) { 597 switch (optname) {
588 case BT_SECURITY: 598 case BT_SECURITY:
589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 599 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
590 chan->chan_type != L2CAP_CHAN_RAW) { 600 chan->chan_type != L2CAP_CHAN_RAW) {
591 err = -EINVAL; 601 err = -EINVAL;
592 break; 602 break;
593 } 603 }
@@ -601,7 +611,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
601 } 611 }
602 612
603 if (sec.level < BT_SECURITY_LOW || 613 if (sec.level < BT_SECURITY_LOW ||
604 sec.level > BT_SECURITY_HIGH) { 614 sec.level > BT_SECURITY_HIGH) {
605 err = -EINVAL; 615 err = -EINVAL;
606 break; 616 break;
607 } 617 }
@@ -627,7 +637,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
627 637
628 /* or for ACL link */ 638 /* or for ACL link */
629 } else if ((sk->sk_state == BT_CONNECT2 && 639 } else if ((sk->sk_state == BT_CONNECT2 &&
630 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 640 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
631 sk->sk_state == BT_CONNECTED) { 641 sk->sk_state == BT_CONNECTED) {
632 if (!l2cap_chan_check_security(chan)) 642 if (!l2cap_chan_check_security(chan))
633 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 643 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
@@ -684,7 +694,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
684 694
685 case BT_POWER: 695 case BT_POWER:
686 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 696 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
687 chan->chan_type != L2CAP_CHAN_RAW) { 697 chan->chan_type != L2CAP_CHAN_RAW) {
688 err = -EINVAL; 698 err = -EINVAL;
689 break; 699 break;
690 } 700 }
@@ -720,7 +730,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
720 } 730 }
721 731
722 if (chan->mode != L2CAP_MODE_ERTM && 732 if (chan->mode != L2CAP_MODE_ERTM &&
723 chan->mode != L2CAP_MODE_STREAMING) { 733 chan->mode != L2CAP_MODE_STREAMING) {
724 err = -EOPNOTSUPP; 734 err = -EOPNOTSUPP;
725 break; 735 break;
726 } 736 }
@@ -737,7 +747,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
737 return err; 747 return err;
738} 748}
739 749
740static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 750static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
751 struct msghdr *msg, size_t len)
741{ 752{
742 struct sock *sk = sock->sk; 753 struct sock *sk = sock->sk;
743 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 754 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -762,7 +773,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
762 return err; 773 return err;
763} 774}
764 775
765static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 776static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
777 struct msghdr *msg, size_t len, int flags)
766{ 778{
767 struct sock *sk = sock->sk; 779 struct sock *sk = sock->sk;
768 struct l2cap_pinfo *pi = l2cap_pi(sk); 780 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -866,7 +878,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
866 878
867 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 879 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
868 err = bt_sock_wait_state(sk, BT_CLOSED, 880 err = bt_sock_wait_state(sk, BT_CLOSED,
869 sk->sk_lingertime); 881 sk->sk_lingertime);
870 } 882 }
871 883
872 if (!err && sk->sk_err) 884 if (!err && sk->sk_err)
@@ -930,7 +942,7 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
930 } 942 }
931 943
932 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 944 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
933 GFP_ATOMIC); 945 GFP_ATOMIC);
934 if (!sk) 946 if (!sk)
935 return NULL; 947 return NULL;
936 948
@@ -938,6 +950,8 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
938 950
939 l2cap_sock_init(sk, parent); 951 l2cap_sock_init(sk, parent);
940 952
953 bt_accept_enqueue(parent, sk);
954
941 return l2cap_pi(sk)->chan; 955 return l2cap_pi(sk)->chan;
942} 956}
943 957
@@ -1068,6 +1082,15 @@ static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1068 release_sock(sk); 1082 release_sock(sk);
1069} 1083}
1070 1084
1085static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1086{
1087 struct sock *sk = chan->data;
1088 struct sock *parent = bt_sk(sk)->parent;
1089
1090 if (parent)
1091 parent->sk_data_ready(parent, 0);
1092}
1093
1071static struct l2cap_ops l2cap_chan_ops = { 1094static struct l2cap_ops l2cap_chan_ops = {
1072 .name = "L2CAP Socket Interface", 1095 .name = "L2CAP Socket Interface",
1073 .new_connection = l2cap_sock_new_connection_cb, 1096 .new_connection = l2cap_sock_new_connection_cb,
@@ -1076,6 +1099,7 @@ static struct l2cap_ops l2cap_chan_ops = {
1076 .teardown = l2cap_sock_teardown_cb, 1099 .teardown = l2cap_sock_teardown_cb,
1077 .state_change = l2cap_sock_state_change_cb, 1100 .state_change = l2cap_sock_state_change_cb,
1078 .ready = l2cap_sock_ready_cb, 1101 .ready = l2cap_sock_ready_cb,
1102 .defer = l2cap_sock_defer_cb,
1079 .alloc_skb = l2cap_sock_alloc_skb_cb, 1103 .alloc_skb = l2cap_sock_alloc_skb_cb,
1080}; 1104};
1081 1105
@@ -1083,7 +1107,8 @@ static void l2cap_sock_destruct(struct sock *sk)
1083{ 1107{
1084 BT_DBG("sk %p", sk); 1108 BT_DBG("sk %p", sk);
1085 1109
1086 l2cap_chan_put(l2cap_pi(sk)->chan); 1110 if (l2cap_pi(sk)->chan)
1111 l2cap_chan_put(l2cap_pi(sk)->chan);
1087 if (l2cap_pi(sk)->rx_busy_skb) { 1112 if (l2cap_pi(sk)->rx_busy_skb) {
1088 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1113 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1089 l2cap_pi(sk)->rx_busy_skb = NULL; 1114 l2cap_pi(sk)->rx_busy_skb = NULL;
@@ -1159,7 +1184,8 @@ static struct proto l2cap_proto = {
1159 .obj_size = sizeof(struct l2cap_pinfo) 1184 .obj_size = sizeof(struct l2cap_pinfo)
1160}; 1185};
1161 1186
1162static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1187static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1188 int proto, gfp_t prio)
1163{ 1189{
1164 struct sock *sk; 1190 struct sock *sk;
1165 struct l2cap_chan *chan; 1191 struct l2cap_chan *chan;
@@ -1204,7 +1230,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1204 sock->state = SS_UNCONNECTED; 1230 sock->state = SS_UNCONNECTED;
1205 1231
1206 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1232 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1207 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1233 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1208 return -ESOCKTNOSUPPORT; 1234 return -ESOCKTNOSUPPORT;
1209 1235
1210 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1236 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
@@ -1261,7 +1287,8 @@ int __init l2cap_init_sockets(void)
1261 goto error; 1287 goto error;
1262 } 1288 }
1263 1289
1264 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL); 1290 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list,
1291 NULL);
1265 if (err < 0) { 1292 if (err < 0) {
1266 BT_ERR("Failed to create L2CAP proc file"); 1293 BT_ERR("Failed to create L2CAP proc file");
1267 bt_sock_unregister(BTPROTO_L2CAP); 1294 bt_sock_unregister(BTPROTO_L2CAP);
diff --git a/net/bluetooth/lib.c b/net/bluetooth/lib.c
index e1c97527e16..b3fbc73516c 100644
--- a/net/bluetooth/lib.c
+++ b/net/bluetooth/lib.c
@@ -41,20 +41,6 @@ void baswap(bdaddr_t *dst, bdaddr_t *src)
41} 41}
42EXPORT_SYMBOL(baswap); 42EXPORT_SYMBOL(baswap);
43 43
44char *batostr(bdaddr_t *ba)
45{
46 static char str[2][18];
47 static int i = 1;
48
49 i ^= 1;
50 sprintf(str[i], "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
51 ba->b[5], ba->b[4], ba->b[3],
52 ba->b[2], ba->b[1], ba->b[0]);
53
54 return str[i];
55}
56EXPORT_SYMBOL(batostr);
57
58/* Bluetooth error codes to Unix errno mapping */ 44/* Bluetooth error codes to Unix errno mapping */
59int bt_to_errno(__u16 code) 45int bt_to_errno(__u16 code)
60{ 46{
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index aa2ea0a8142..399e5024b5b 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3125,6 +3125,9 @@ int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3125 struct pending_cmd *cmd; 3125 struct pending_cmd *cmd;
3126 int err; 3126 int err;
3127 3127
3128 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3129 hdev);
3130
3128 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3131 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3129 if (!cmd) 3132 if (!cmd)
3130 return -ENOENT; 3133 return -ENOENT;
@@ -3137,8 +3140,6 @@ int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3137 3140
3138 mgmt_pending_remove(cmd); 3141 mgmt_pending_remove(cmd);
3139 3142
3140 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3141 hdev);
3142 return err; 3143 return err;
3143} 3144}
3144 3145
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index c75107ef892..201fdf73720 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -377,8 +377,8 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
377 int err = 0; 377 int err = 0;
378 u8 dlci; 378 u8 dlci;
379 379
380 BT_DBG("dlc %p state %ld %s %s channel %d", 380 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
381 d, d->state, batostr(src), batostr(dst), channel); 381 d, d->state, src, dst, channel);
382 382
383 if (channel < 1 || channel > 30) 383 if (channel < 1 || channel > 30)
384 return -EINVAL; 384 return -EINVAL;
@@ -676,7 +676,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
676 struct socket *sock; 676 struct socket *sock;
677 struct sock *sk; 677 struct sock *sk;
678 678
679 BT_DBG("%s %s", batostr(src), batostr(dst)); 679 BT_DBG("%pMR -> %pMR", src, dst);
680 680
681 *err = rfcomm_l2sock_create(&sock); 681 *err = rfcomm_l2sock_create(&sock);
682 if (*err < 0) 682 if (*err < 0)
@@ -709,7 +709,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
709 709
710 bacpy(&addr.l2_bdaddr, dst); 710 bacpy(&addr.l2_bdaddr, dst);
711 addr.l2_family = AF_BLUETOOTH; 711 addr.l2_family = AF_BLUETOOTH;
712 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 712 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
713 addr.l2_cid = 0; 713 addr.l2_cid = 0;
714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
715 if (*err == 0 || *err == -EINPROGRESS) 715 if (*err == 0 || *err == -EINPROGRESS)
@@ -1987,7 +1987,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1987 /* Bind socket */ 1987 /* Bind socket */
1988 bacpy(&addr.l2_bdaddr, ba); 1988 bacpy(&addr.l2_bdaddr, ba);
1989 addr.l2_family = AF_BLUETOOTH; 1989 addr.l2_family = AF_BLUETOOTH;
1990 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1990 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1991 addr.l2_cid = 0; 1991 addr.l2_cid = 0;
1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1993 if (err < 0) { 1993 if (err < 0) {
@@ -2125,11 +2125,10 @@ static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2125 list_for_each_entry(d, &s->dlcs, list) { 2125 list_for_each_entry(d, &s->dlcs, list) {
2126 struct sock *sk = s->sock->sk; 2126 struct sock *sk = s->sock->sk;
2127 2127
2128 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2128 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2129 batostr(&bt_sk(sk)->src), 2129 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2130 batostr(&bt_sk(sk)->dst), 2130 d->state, d->dlci, d->mtu,
2131 d->state, d->dlci, d->mtu, 2131 d->rx_credits, d->tx_credits);
2132 d->rx_credits, d->tx_credits);
2133 } 2132 }
2134 } 2133 }
2135 2134
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index b3226f3658c..4ddef57d03a 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -334,7 +334,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
334 struct sock *sk = sock->sk; 334 struct sock *sk = sock->sk;
335 int err = 0; 335 int err = 0;
336 336
337 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 337 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
338 338
339 if (!addr || addr->sa_family != AF_BLUETOOTH) 339 if (!addr || addr->sa_family != AF_BLUETOOTH)
340 return -EINVAL; 340 return -EINVAL;
@@ -975,10 +975,9 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
975 read_lock(&rfcomm_sk_list.lock); 975 read_lock(&rfcomm_sk_list.lock);
976 976
977 sk_for_each(sk, node, &rfcomm_sk_list.head) { 977 sk_for_each(sk, node, &rfcomm_sk_list.head) {
978 seq_printf(f, "%s %s %d %d\n", 978 seq_printf(f, "%pMR %pMR %d %d\n",
979 batostr(&bt_sk(sk)->src), 979 &bt_sk(sk)->src, &bt_sk(sk)->dst,
980 batostr(&bt_sk(sk)->dst), 980 sk->sk_state, rfcomm_pi(sk)->channel);
981 sk->sk_state, rfcomm_pi(sk)->channel);
982 } 981 }
983 982
984 read_unlock(&rfcomm_sk_list.lock); 983 read_unlock(&rfcomm_sk_list.lock);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index ccc248791d5..bd6fd0f43d2 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -166,7 +166,7 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
166static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 166static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
167{ 167{
168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
169 return sprintf(buf, "%s\n", batostr(&dev->dst)); 169 return sprintf(buf, "%pMR\n", &dev->dst);
170} 170}
171 171
172static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 172static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
@@ -663,8 +663,8 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
663 if (!dev) 663 if (!dev)
664 return -ENODEV; 664 return -ENODEV;
665 665
666 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 666 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
667 dev->channel, dev->port.count); 667 dev->channel, dev->port.count);
668 668
669 spin_lock_irqsave(&dev->port.lock, flags); 669 spin_lock_irqsave(&dev->port.lock, flags);
670 if (++dev->port.count > 1) { 670 if (++dev->port.count > 1) {
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index dc42b917aaa..450cdcd88e5 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -172,7 +172,7 @@ static int sco_connect(struct sock *sk)
172 struct hci_dev *hdev; 172 struct hci_dev *hdev;
173 int err, type; 173 int err, type;
174 174
175 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 175 BT_DBG("%pMR -> %pMR", src, dst);
176 176
177 hdev = hci_get_route(dst, src); 177 hdev = hci_get_route(dst, src);
178 if (!hdev) 178 if (!hdev)
@@ -460,7 +460,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
460 struct sock *sk = sock->sk; 460 struct sock *sk = sock->sk;
461 int err = 0; 461 int err = 0;
462 462
463 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr)); 463 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
464 464
465 if (!addr || addr->sa_family != AF_BLUETOOTH) 465 if (!addr || addr->sa_family != AF_BLUETOOTH)
466 return -EINVAL; 466 return -EINVAL;
@@ -893,7 +893,7 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
893 struct hlist_node *node; 893 struct hlist_node *node;
894 int lm = 0; 894 int lm = 0;
895 895
896 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 896 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
897 897
898 /* Find listening sockets */ 898 /* Find listening sockets */
899 read_lock(&sco_sk_list.lock); 899 read_lock(&sco_sk_list.lock);
@@ -914,7 +914,7 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
914 914
915void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 915void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
916{ 916{
917 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 917 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
918 if (!status) { 918 if (!status) {
919 struct sco_conn *conn; 919 struct sco_conn *conn;
920 920
@@ -959,8 +959,8 @@ static int sco_debugfs_show(struct seq_file *f, void *p)
959 read_lock(&sco_sk_list.lock); 959 read_lock(&sco_sk_list.lock);
960 960
961 sk_for_each(sk, node, &sco_sk_list.head) { 961 sk_for_each(sk, node, &sco_sk_list.head) {
962 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), 962 seq_printf(f, "%pMR %pMR %d\n", &bt_sk(sk)->src,
963 batostr(&bt_sk(sk)->dst), sk->sk_state); 963 &bt_sk(sk)->dst, sk->sk_state);
964 } 964 }
965 965
966 read_unlock(&sco_sk_list.lock); 966 read_unlock(&sco_sk_list.lock);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 8c225ef349c..9176bc17595 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -32,6 +32,8 @@
32 32
33#define SMP_TIMEOUT msecs_to_jiffies(30000) 33#define SMP_TIMEOUT msecs_to_jiffies(30000)
34 34
35#define AUTH_REQ_MASK 0x07
36
35static inline void swap128(u8 src[16], u8 dst[16]) 37static inline void swap128(u8 src[16], u8 dst[16])
36{ 38{
37 int i; 39 int i;
@@ -165,7 +167,7 @@ static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
165 167
166 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 168 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
167 lh->len = cpu_to_le16(sizeof(code) + dlen); 169 lh->len = cpu_to_le16(sizeof(code) + dlen);
168 lh->cid = cpu_to_le16(L2CAP_CID_SMP); 170 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
169 171
170 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code)); 172 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
171 173
@@ -230,7 +232,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
230 req->max_key_size = SMP_MAX_ENC_KEY_SIZE; 232 req->max_key_size = SMP_MAX_ENC_KEY_SIZE;
231 req->init_key_dist = 0; 233 req->init_key_dist = 0;
232 req->resp_key_dist = dist_keys; 234 req->resp_key_dist = dist_keys;
233 req->auth_req = authreq; 235 req->auth_req = (authreq & AUTH_REQ_MASK);
234 return; 236 return;
235 } 237 }
236 238
@@ -239,7 +241,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
239 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; 241 rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE;
240 rsp->init_key_dist = 0; 242 rsp->init_key_dist = 0;
241 rsp->resp_key_dist = req->resp_key_dist & dist_keys; 243 rsp->resp_key_dist = req->resp_key_dist & dist_keys;
242 rsp->auth_req = authreq; 244 rsp->auth_req = (authreq & AUTH_REQ_MASK);
243} 245}
244 246
245static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) 247static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 3d5332e367f..c7386b2b767 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -1110,7 +1110,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1110 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; 1110 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
1111 sdata->u.ibss.ibss_join_req = jiffies; 1111 sdata->u.ibss.ibss_join_req = jiffies;
1112 1112
1113 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); 1113 memcpy(sdata->u.ibss.ssid, params->ssid, params->ssid_len);
1114 sdata->u.ibss.ssid_len = params->ssid_len; 1114 sdata->u.ibss.ssid_len = params->ssid_len;
1115 1115
1116 mutex_unlock(&sdata->u.ibss.mtx); 1116 mutex_unlock(&sdata->u.ibss.mtx);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 944c6cf53eb..1a6fe135f20 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -840,7 +840,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
840 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 840 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
841 if (info->control.vif == &sdata->vif) { 841 if (info->control.vif == &sdata->vif) {
842 __skb_unlink(skb, &local->pending[i]); 842 __skb_unlink(skb, &local->pending[i]);
843 dev_kfree_skb_irq(skb); 843 ieee80211_free_txskb(&local->hw, skb);
844 } 844 }
845 } 845 }
846 } 846 }
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 2bdf7769506..1d1fdf0791f 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3177,26 +3177,37 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3177 ht_cfreq, ht_oper->primary_chan, 3177 ht_cfreq, ht_oper->primary_chan,
3178 cbss->channel->band); 3178 cbss->channel->band);
3179 ht_oper = NULL; 3179 ht_oper = NULL;
3180 } else {
3181 channel_type = NL80211_CHAN_HT20;
3180 } 3182 }
3181 } 3183 }
3182 3184
3183 if (ht_oper) { 3185 if (ht_oper && sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
3186 /*
3187 * cfg80211 already verified that the channel itself can
3188 * be used, but it didn't check that we can do the right
3189 * HT type, so do that here as well. If HT40 isn't allowed
3190 * on this channel, disable 40 MHz operation.
3191 */
3184 const u8 *ht_cap_ie; 3192 const u8 *ht_cap_ie;
3185 const struct ieee80211_ht_cap *ht_cap; 3193 const struct ieee80211_ht_cap *ht_cap;
3186 u8 chains = 1; 3194 u8 chains = 1;
3187 3195
3188 channel_type = NL80211_CHAN_HT20; 3196 channel_type = NL80211_CHAN_HT20;
3189 3197
3190 if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 3198 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
3191 switch (ht_oper->ht_param & 3199 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
3192 IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 3200 if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40PLUS)
3193 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 3201 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3202 else
3194 channel_type = NL80211_CHAN_HT40PLUS; 3203 channel_type = NL80211_CHAN_HT40PLUS;
3195 break; 3204 break;
3196 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 3205 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
3206 if (cbss->channel->flags & IEEE80211_CHAN_NO_HT40MINUS)
3207 ifmgd->flags |= IEEE80211_STA_DISABLE_40MHZ;
3208 else
3197 channel_type = NL80211_CHAN_HT40MINUS; 3209 channel_type = NL80211_CHAN_HT40MINUS;
3198 break; 3210 break;
3199 }
3200 } 3211 }
3201 3212
3202 ht_cap_ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, 3213 ht_cap_ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY,
@@ -3648,6 +3659,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3648{ 3659{
3649 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3660 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3650 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3661 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3662 bool tx = !req->local_state_change;
3651 3663
3652 mutex_lock(&ifmgd->mtx); 3664 mutex_lock(&ifmgd->mtx);
3653 3665
@@ -3664,12 +3676,12 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
3664 if (ifmgd->associated && 3676 if (ifmgd->associated &&
3665 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { 3677 ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
3666 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3678 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3667 req->reason_code, true, frame_buf); 3679 req->reason_code, tx, frame_buf);
3668 } else { 3680 } else {
3669 drv_mgd_prepare_tx(sdata->local, sdata); 3681 drv_mgd_prepare_tx(sdata->local, sdata);
3670 ieee80211_send_deauth_disassoc(sdata, req->bssid, 3682 ieee80211_send_deauth_disassoc(sdata, req->bssid,
3671 IEEE80211_STYPE_DEAUTH, 3683 IEEE80211_STYPE_DEAUTH,
3672 req->reason_code, true, 3684 req->reason_code, tx,
3673 frame_buf); 3685 frame_buf);
3674 } 3686 }
3675 3687
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index c0a1f53e68a..38b382682ca 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -525,6 +525,11 @@ static ieee80211_rx_result ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
525 525
526 if (ieee80211_is_action(hdr->frame_control)) { 526 if (ieee80211_is_action(hdr->frame_control)) {
527 u8 category; 527 u8 category;
528
529 /* make sure category field is present */
530 if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE)
531 return RX_DROP_MONITOR;
532
528 mgmt = (struct ieee80211_mgmt *)hdr; 533 mgmt = (struct ieee80211_mgmt *)hdr;
529 category = mgmt->u.action.category; 534 category = mgmt->u.action.category;
530 if (category != WLAN_CATEGORY_MESH_ACTION && 535 if (category != WLAN_CATEGORY_MESH_ACTION &&
@@ -875,14 +880,16 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
875 */ 880 */
876 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION && 881 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
877 ieee80211_is_data_present(hdr->frame_control)) { 882 ieee80211_is_data_present(hdr->frame_control)) {
878 u16 ethertype; 883 unsigned int hdrlen;
879 u8 *payload; 884 __be16 ethertype;
880 885
881 payload = rx->skb->data + 886 hdrlen = ieee80211_hdrlen(hdr->frame_control);
882 ieee80211_hdrlen(hdr->frame_control); 887
883 ethertype = (payload[6] << 8) | payload[7]; 888 if (rx->skb->len < hdrlen + 8)
884 if (cpu_to_be16(ethertype) == 889 return RX_DROP_MONITOR;
885 rx->sdata->control_port_protocol) 890
891 skb_copy_bits(rx->skb, hdrlen + 6, &ethertype, 2);
892 if (ethertype == rx->sdata->control_port_protocol)
886 return RX_CONTINUE; 893 return RX_CONTINUE;
887 } 894 }
888 895
@@ -1459,11 +1466,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1459 1466
1460 hdr = (struct ieee80211_hdr *)rx->skb->data; 1467 hdr = (struct ieee80211_hdr *)rx->skb->data;
1461 fc = hdr->frame_control; 1468 fc = hdr->frame_control;
1469
1470 if (ieee80211_is_ctl(fc))
1471 return RX_CONTINUE;
1472
1462 sc = le16_to_cpu(hdr->seq_ctrl); 1473 sc = le16_to_cpu(hdr->seq_ctrl);
1463 frag = sc & IEEE80211_SCTL_FRAG; 1474 frag = sc & IEEE80211_SCTL_FRAG;
1464 1475
1465 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || 1476 if (likely((!ieee80211_has_morefrags(fc) && frag == 0) ||
1466 (rx->skb)->len < 24 ||
1467 is_multicast_ether_addr(hdr->addr1))) { 1477 is_multicast_ether_addr(hdr->addr1))) {
1468 /* not fragmented */ 1478 /* not fragmented */
1469 goto out; 1479 goto out;
@@ -1882,6 +1892,20 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1882 1892
1883 hdr = (struct ieee80211_hdr *) skb->data; 1893 hdr = (struct ieee80211_hdr *) skb->data;
1884 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1894 hdrlen = ieee80211_hdrlen(hdr->frame_control);
1895
1896 /* make sure fixed part of mesh header is there, also checks skb len */
1897 if (!pskb_may_pull(rx->skb, hdrlen + 6))
1898 return RX_DROP_MONITOR;
1899
1900 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1901
1902 /* make sure full mesh header is there, also checks skb len */
1903 if (!pskb_may_pull(rx->skb,
1904 hdrlen + ieee80211_get_mesh_hdrlen(mesh_hdr)))
1905 return RX_DROP_MONITOR;
1906
1907 /* reload pointers */
1908 hdr = (struct ieee80211_hdr *) skb->data;
1885 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen); 1909 mesh_hdr = (struct ieee80211s_hdr *) (skb->data + hdrlen);
1886 1910
1887 /* frame is in RMC, don't forward */ 1911 /* frame is in RMC, don't forward */
@@ -1890,7 +1914,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1890 mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata)) 1914 mesh_rmc_check(hdr->addr3, mesh_hdr, rx->sdata))
1891 return RX_DROP_MONITOR; 1915 return RX_DROP_MONITOR;
1892 1916
1893 if (!ieee80211_is_data(hdr->frame_control)) 1917 if (!ieee80211_is_data(hdr->frame_control) ||
1918 !(status->rx_flags & IEEE80211_RX_RA_MATCH))
1894 return RX_CONTINUE; 1919 return RX_CONTINUE;
1895 1920
1896 if (!mesh_hdr->ttl) 1921 if (!mesh_hdr->ttl)
@@ -1904,9 +1929,12 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1904 if (is_multicast_ether_addr(hdr->addr1)) { 1929 if (is_multicast_ether_addr(hdr->addr1)) {
1905 mpp_addr = hdr->addr3; 1930 mpp_addr = hdr->addr3;
1906 proxied_addr = mesh_hdr->eaddr1; 1931 proxied_addr = mesh_hdr->eaddr1;
1907 } else { 1932 } else if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6) {
1933 /* has_a4 already checked in ieee80211_rx_mesh_check */
1908 mpp_addr = hdr->addr4; 1934 mpp_addr = hdr->addr4;
1909 proxied_addr = mesh_hdr->eaddr2; 1935 proxied_addr = mesh_hdr->eaddr2;
1936 } else {
1937 return RX_DROP_MONITOR;
1910 } 1938 }
1911 1939
1912 rcu_read_lock(); 1940 rcu_read_lock();
@@ -1934,12 +1962,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1934 } 1962 }
1935 skb_set_queue_mapping(skb, q); 1963 skb_set_queue_mapping(skb, q);
1936 1964
1937 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1938 goto out;
1939
1940 if (!--mesh_hdr->ttl) { 1965 if (!--mesh_hdr->ttl) {
1941 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl); 1966 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_ttl);
1942 return RX_DROP_MONITOR; 1967 goto out;
1943 } 1968 }
1944 1969
1945 if (!ifmsh->mshcfg.dot11MeshForwarding) 1970 if (!ifmsh->mshcfg.dot11MeshForwarding)
@@ -2346,6 +2371,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2346 } 2371 }
2347 break; 2372 break;
2348 case WLAN_CATEGORY_SELF_PROTECTED: 2373 case WLAN_CATEGORY_SELF_PROTECTED:
2374 if (len < (IEEE80211_MIN_ACTION_SIZE +
2375 sizeof(mgmt->u.action.u.self_prot.action_code)))
2376 break;
2377
2349 switch (mgmt->u.action.u.self_prot.action_code) { 2378 switch (mgmt->u.action.u.self_prot.action_code) {
2350 case WLAN_SP_MESH_PEERING_OPEN: 2379 case WLAN_SP_MESH_PEERING_OPEN:
2351 case WLAN_SP_MESH_PEERING_CLOSE: 2380 case WLAN_SP_MESH_PEERING_CLOSE:
@@ -2364,6 +2393,10 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2364 } 2393 }
2365 break; 2394 break;
2366 case WLAN_CATEGORY_MESH_ACTION: 2395 case WLAN_CATEGORY_MESH_ACTION:
2396 if (len < (IEEE80211_MIN_ACTION_SIZE +
2397 sizeof(mgmt->u.action.u.mesh_action.action_code)))
2398 break;
2399
2367 if (!ieee80211_vif_is_mesh(&sdata->vif)) 2400 if (!ieee80211_vif_is_mesh(&sdata->vif))
2368 break; 2401 break;
2369 if (mesh_action_is_path_sel(mgmt) && 2402 if (mesh_action_is_path_sel(mgmt) &&
@@ -2905,10 +2938,15 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2905 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc)) 2938 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
2906 local->dot11ReceivedFragmentCount++; 2939 local->dot11ReceivedFragmentCount++;
2907 2940
2908 if (ieee80211_is_mgmt(fc)) 2941 if (ieee80211_is_mgmt(fc)) {
2909 err = skb_linearize(skb); 2942 /* drop frame if too short for header */
2910 else 2943 if (skb->len < ieee80211_hdrlen(fc))
2944 err = -ENOBUFS;
2945 else
2946 err = skb_linearize(skb);
2947 } else {
2911 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc)); 2948 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc));
2949 }
2912 2950
2913 if (err) { 2951 if (err) {
2914 dev_kfree_skb(skb); 2952 dev_kfree_skb(skb);
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index daf55e1e0fd..f7bb54f9ab7 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -664,7 +664,7 @@ static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
664 */ 664 */
665 if (!skb) 665 if (!skb)
666 break; 666 break;
667 dev_kfree_skb(skb); 667 ieee80211_free_txskb(&local->hw, skb);
668 } 668 }
669 669
670 /* 670 /*
@@ -693,7 +693,7 @@ static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
693 local->total_ps_buffered--; 693 local->total_ps_buffered--;
694 ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n", 694 ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n",
695 sta->sta.addr); 695 sta->sta.addr);
696 dev_kfree_skb(skb); 696 ieee80211_free_txskb(&local->hw, skb);
697 } 697 }
698 698
699 /* 699 /*
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index dd0e6f20fc5..6636d396231 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -406,7 +406,7 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
406 int queue = info->hw_queue; 406 int queue = info->hw_queue;
407 407
408 if (WARN_ON(!info->control.vif)) { 408 if (WARN_ON(!info->control.vif)) {
409 kfree_skb(skb); 409 ieee80211_free_txskb(&local->hw, skb);
410 return; 410 return;
411 } 411 }
412 412
@@ -431,7 +431,7 @@ void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
431 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 431 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
432 432
433 if (WARN_ON(!info->control.vif)) { 433 if (WARN_ON(!info->control.vif)) {
434 kfree_skb(skb); 434 ieee80211_free_txskb(&local->hw, skb);
435 continue; 435 continue;
436 } 436 }
437 437
@@ -643,13 +643,41 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
643 break; 643 break;
644 } 644 }
645 645
646 if (id != WLAN_EID_VENDOR_SPECIFIC && 646 switch (id) {
647 id != WLAN_EID_QUIET && 647 case WLAN_EID_SSID:
648 test_bit(id, seen_elems)) { 648 case WLAN_EID_SUPP_RATES:
649 elems->parse_error = true; 649 case WLAN_EID_FH_PARAMS:
650 left -= elen; 650 case WLAN_EID_DS_PARAMS:
651 pos += elen; 651 case WLAN_EID_CF_PARAMS:
652 continue; 652 case WLAN_EID_TIM:
653 case WLAN_EID_IBSS_PARAMS:
654 case WLAN_EID_CHALLENGE:
655 case WLAN_EID_RSN:
656 case WLAN_EID_ERP_INFO:
657 case WLAN_EID_EXT_SUPP_RATES:
658 case WLAN_EID_HT_CAPABILITY:
659 case WLAN_EID_HT_OPERATION:
660 case WLAN_EID_VHT_CAPABILITY:
661 case WLAN_EID_VHT_OPERATION:
662 case WLAN_EID_MESH_ID:
663 case WLAN_EID_MESH_CONFIG:
664 case WLAN_EID_PEER_MGMT:
665 case WLAN_EID_PREQ:
666 case WLAN_EID_PREP:
667 case WLAN_EID_PERR:
668 case WLAN_EID_RANN:
669 case WLAN_EID_CHANNEL_SWITCH:
670 case WLAN_EID_EXT_CHANSWITCH_ANN:
671 case WLAN_EID_COUNTRY:
672 case WLAN_EID_PWR_CONSTRAINT:
673 case WLAN_EID_TIMEOUT_INTERVAL:
674 if (test_bit(id, seen_elems)) {
675 elems->parse_error = true;
676 left -= elen;
677 pos += elen;
678 continue;
679 }
680 break;
653 } 681 }
654 682
655 if (calc_crc && id < 64 && (filter & (1ULL << id))) 683 if (calc_crc && id < 64 && (filter & (1ULL << id)))
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index bdb53aba888..8bd2f5c6a56 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -106,7 +106,8 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
106 if (status->flag & RX_FLAG_MMIC_ERROR) 106 if (status->flag & RX_FLAG_MMIC_ERROR)
107 goto mic_fail; 107 goto mic_fail;
108 108
109 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key) 109 if (!(status->flag & RX_FLAG_IV_STRIPPED) && rx->key &&
110 rx->key->conf.cipher == WLAN_CIPHER_SUITE_TKIP)
110 goto update_iv; 111 goto update_iv;
111 112
112 return RX_CONTINUE; 113 return RX_CONTINUE;
@@ -545,14 +546,19 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
545 546
546static void bip_aad(struct sk_buff *skb, u8 *aad) 547static void bip_aad(struct sk_buff *skb, u8 *aad)
547{ 548{
549 __le16 mask_fc;
550 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
551
548 /* BIP AAD: FC(masked) || A1 || A2 || A3 */ 552 /* BIP AAD: FC(masked) || A1 || A2 || A3 */
549 553
550 /* FC type/subtype */ 554 /* FC type/subtype */
551 aad[0] = skb->data[0];
552 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 555 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
553 aad[1] = skb->data[1] & ~(BIT(4) | BIT(5) | BIT(6)); 556 mask_fc = hdr->frame_control;
557 mask_fc &= ~cpu_to_le16(IEEE80211_FCTL_RETRY | IEEE80211_FCTL_PM |
558 IEEE80211_FCTL_MOREDATA);
559 put_unaligned(mask_fc, (__le16 *) &aad[0]);
554 /* A1 || A2 || A3 */ 560 /* A1 || A2 || A3 */
555 memcpy(aad + 2, skb->data + 4, 3 * ETH_ALEN); 561 memcpy(aad + 2, &hdr->addr1, 3 * ETH_ALEN);
556} 562}
557 563
558 564
diff --git a/net/nfc/Kconfig b/net/nfc/Kconfig
index 8d8d9bc4b6f..60c3bbb63e8 100644
--- a/net/nfc/Kconfig
+++ b/net/nfc/Kconfig
@@ -3,8 +3,8 @@
3# 3#
4 4
5menuconfig NFC 5menuconfig NFC
6 depends on NET && EXPERIMENTAL 6 depends on NET
7 tristate "NFC subsystem support (EXPERIMENTAL)" 7 tristate "NFC subsystem support"
8 default n 8 default n
9 help 9 help
10 Say Y here if you want to build support for NFC (Near field 10 Say Y here if you want to build support for NFC (Near field
diff --git a/net/nfc/core.c b/net/nfc/core.c
index 479bee36dc3..aa64ea44167 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -40,6 +40,9 @@
40int nfc_devlist_generation; 40int nfc_devlist_generation;
41DEFINE_MUTEX(nfc_devlist_mutex); 41DEFINE_MUTEX(nfc_devlist_mutex);
42 42
43/* NFC device ID bitmap */
44static DEFINE_IDA(nfc_index_ida);
45
43/** 46/**
44 * nfc_dev_up - turn on the NFC device 47 * nfc_dev_up - turn on the NFC device
45 * 48 *
@@ -181,6 +184,7 @@ int nfc_stop_poll(struct nfc_dev *dev)
181 184
182 dev->ops->stop_poll(dev); 185 dev->ops->stop_poll(dev);
183 dev->polling = false; 186 dev->polling = false;
187 dev->rf_mode = NFC_RF_NONE;
184 188
185error: 189error:
186 device_unlock(&dev->dev); 190 device_unlock(&dev->dev);
@@ -194,7 +198,7 @@ static struct nfc_target *nfc_find_target(struct nfc_dev *dev, u32 target_idx)
194 if (dev->n_targets == 0) 198 if (dev->n_targets == 0)
195 return NULL; 199 return NULL;
196 200
197 for (i = 0; i < dev->n_targets ; i++) { 201 for (i = 0; i < dev->n_targets; i++) {
198 if (dev->targets[i].idx == target_idx) 202 if (dev->targets[i].idx == target_idx)
199 return &dev->targets[i]; 203 return &dev->targets[i];
200 } 204 }
@@ -274,12 +278,14 @@ int nfc_dep_link_down(struct nfc_dev *dev)
274 if (!rc) { 278 if (!rc) {
275 dev->dep_link_up = false; 279 dev->dep_link_up = false;
276 dev->active_target = NULL; 280 dev->active_target = NULL;
281 dev->rf_mode = NFC_RF_NONE;
277 nfc_llcp_mac_is_down(dev); 282 nfc_llcp_mac_is_down(dev);
278 nfc_genl_dep_link_down_event(dev); 283 nfc_genl_dep_link_down_event(dev);
279 } 284 }
280 285
281error: 286error:
282 device_unlock(&dev->dev); 287 device_unlock(&dev->dev);
288
283 return rc; 289 return rc;
284} 290}
285 291
@@ -503,6 +509,7 @@ EXPORT_SYMBOL(nfc_tm_activated);
503int nfc_tm_deactivated(struct nfc_dev *dev) 509int nfc_tm_deactivated(struct nfc_dev *dev)
504{ 510{
505 dev->dep_link_up = false; 511 dev->dep_link_up = false;
512 dev->rf_mode = NFC_RF_NONE;
506 513
507 return nfc_genl_tm_deactivated(dev); 514 return nfc_genl_tm_deactivated(dev);
508} 515}
@@ -697,6 +704,8 @@ static void nfc_check_pres_work(struct work_struct *work)
697 704
698 if (dev->active_target && timer_pending(&dev->check_pres_timer) == 0) { 705 if (dev->active_target && timer_pending(&dev->check_pres_timer) == 0) {
699 rc = dev->ops->check_presence(dev, dev->active_target); 706 rc = dev->ops->check_presence(dev, dev->active_target);
707 if (rc == -EOPNOTSUPP)
708 goto exit;
700 if (!rc) { 709 if (!rc) {
701 mod_timer(&dev->check_pres_timer, jiffies + 710 mod_timer(&dev->check_pres_timer, jiffies +
702 msecs_to_jiffies(NFC_CHECK_PRES_FREQ_MS)); 711 msecs_to_jiffies(NFC_CHECK_PRES_FREQ_MS));
@@ -708,6 +717,7 @@ static void nfc_check_pres_work(struct work_struct *work)
708 } 717 }
709 } 718 }
710 719
720exit:
711 device_unlock(&dev->dev); 721 device_unlock(&dev->dev);
712} 722}
713 723
@@ -753,7 +763,6 @@ struct nfc_dev *nfc_allocate_device(struct nfc_ops *ops,
753 u32 supported_protocols, 763 u32 supported_protocols,
754 int tx_headroom, int tx_tailroom) 764 int tx_headroom, int tx_tailroom)
755{ 765{
756 static atomic_t dev_no = ATOMIC_INIT(0);
757 struct nfc_dev *dev; 766 struct nfc_dev *dev;
758 767
759 if (!ops->start_poll || !ops->stop_poll || !ops->activate_target || 768 if (!ops->start_poll || !ops->stop_poll || !ops->activate_target ||
@@ -767,11 +776,6 @@ struct nfc_dev *nfc_allocate_device(struct nfc_ops *ops,
767 if (!dev) 776 if (!dev)
768 return NULL; 777 return NULL;
769 778
770 dev->dev.class = &nfc_class;
771 dev->idx = atomic_inc_return(&dev_no) - 1;
772 dev_set_name(&dev->dev, "nfc%d", dev->idx);
773 device_initialize(&dev->dev);
774
775 dev->ops = ops; 779 dev->ops = ops;
776 dev->supported_protocols = supported_protocols; 780 dev->supported_protocols = supported_protocols;
777 dev->tx_headroom = tx_headroom; 781 dev->tx_headroom = tx_headroom;
@@ -779,6 +783,7 @@ struct nfc_dev *nfc_allocate_device(struct nfc_ops *ops,
779 783
780 nfc_genl_data_init(&dev->genl_data); 784 nfc_genl_data_init(&dev->genl_data);
781 785
786 dev->rf_mode = NFC_RF_NONE;
782 787
783 /* first generation must not be 0 */ 788 /* first generation must not be 0 */
784 dev->targets_generation = 1; 789 dev->targets_generation = 1;
@@ -806,6 +811,14 @@ int nfc_register_device(struct nfc_dev *dev)
806 811
807 pr_debug("dev_name=%s\n", dev_name(&dev->dev)); 812 pr_debug("dev_name=%s\n", dev_name(&dev->dev));
808 813
814 dev->idx = ida_simple_get(&nfc_index_ida, 0, 0, GFP_KERNEL);
815 if (dev->idx < 0)
816 return dev->idx;
817
818 dev->dev.class = &nfc_class;
819 dev_set_name(&dev->dev, "nfc%d", dev->idx);
820 device_initialize(&dev->dev);
821
809 mutex_lock(&nfc_devlist_mutex); 822 mutex_lock(&nfc_devlist_mutex);
810 nfc_devlist_generation++; 823 nfc_devlist_generation++;
811 rc = device_add(&dev->dev); 824 rc = device_add(&dev->dev);
@@ -834,10 +847,12 @@ EXPORT_SYMBOL(nfc_register_device);
834 */ 847 */
835void nfc_unregister_device(struct nfc_dev *dev) 848void nfc_unregister_device(struct nfc_dev *dev)
836{ 849{
837 int rc; 850 int rc, id;
838 851
839 pr_debug("dev_name=%s\n", dev_name(&dev->dev)); 852 pr_debug("dev_name=%s\n", dev_name(&dev->dev));
840 853
854 id = dev->idx;
855
841 mutex_lock(&nfc_devlist_mutex); 856 mutex_lock(&nfc_devlist_mutex);
842 nfc_devlist_generation++; 857 nfc_devlist_generation++;
843 858
@@ -856,6 +871,8 @@ void nfc_unregister_device(struct nfc_dev *dev)
856 pr_debug("The userspace won't be notified that the device %s was removed\n", 871 pr_debug("The userspace won't be notified that the device %s was removed\n",
857 dev_name(&dev->dev)); 872 dev_name(&dev->dev));
858 873
874 ida_simple_remove(&nfc_index_ida, id);
875
859} 876}
860EXPORT_SYMBOL(nfc_unregister_device); 877EXPORT_SYMBOL(nfc_unregister_device);
861 878
diff --git a/net/nfc/hci/command.c b/net/nfc/hci/command.c
index 71c6a7086b8..07659cfd6d7 100644
--- a/net/nfc/hci/command.c
+++ b/net/nfc/hci/command.c
@@ -257,16 +257,16 @@ static u8 nfc_hci_create_pipe(struct nfc_hci_dev *hdev, u8 dest_host,
257 *result = nfc_hci_execute_cmd(hdev, NFC_HCI_ADMIN_PIPE, 257 *result = nfc_hci_execute_cmd(hdev, NFC_HCI_ADMIN_PIPE,
258 NFC_HCI_ADM_CREATE_PIPE, 258 NFC_HCI_ADM_CREATE_PIPE,
259 (u8 *) &params, sizeof(params), &skb); 259 (u8 *) &params, sizeof(params), &skb);
260 if (*result == 0) { 260 if (*result < 0)
261 resp = (struct hci_create_pipe_resp *)skb->data; 261 return NFC_HCI_INVALID_PIPE;
262 pipe = resp->pipe;
263 kfree_skb(skb);
264 262
265 pr_debug("pipe created=%d\n", pipe); 263 resp = (struct hci_create_pipe_resp *)skb->data;
264 pipe = resp->pipe;
265 kfree_skb(skb);
266 266
267 return pipe; 267 pr_debug("pipe created=%d\n", pipe);
268 } else 268
269 return NFC_HCI_INVALID_PIPE; 269 return pipe;
270} 270}
271 271
272static int nfc_hci_delete_pipe(struct nfc_hci_dev *hdev, u8 pipe) 272static int nfc_hci_delete_pipe(struct nfc_hci_dev *hdev, u8 pipe)
@@ -279,8 +279,6 @@ static int nfc_hci_delete_pipe(struct nfc_hci_dev *hdev, u8 pipe)
279 279
280static int nfc_hci_clear_all_pipes(struct nfc_hci_dev *hdev) 280static int nfc_hci_clear_all_pipes(struct nfc_hci_dev *hdev)
281{ 281{
282 int r;
283
284 u8 param[2]; 282 u8 param[2];
285 283
286 /* TODO: Find out what the identity reference data is 284 /* TODO: Find out what the identity reference data is
@@ -288,10 +286,8 @@ static int nfc_hci_clear_all_pipes(struct nfc_hci_dev *hdev)
288 286
289 pr_debug("\n"); 287 pr_debug("\n");
290 288
291 r = nfc_hci_execute_cmd(hdev, NFC_HCI_ADMIN_PIPE, 289 return nfc_hci_execute_cmd(hdev, NFC_HCI_ADMIN_PIPE,
292 NFC_HCI_ADM_CLEAR_ALL_PIPE, param, 2, NULL); 290 NFC_HCI_ADM_CLEAR_ALL_PIPE, param, 2, NULL);
293
294 return 0;
295} 291}
296 292
297int nfc_hci_disconnect_gate(struct nfc_hci_dev *hdev, u8 gate) 293int nfc_hci_disconnect_gate(struct nfc_hci_dev *hdev, u8 gate)
diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
index 5fbb6e40793..bc571b0efb9 100644
--- a/net/nfc/hci/core.c
+++ b/net/nfc/hci/core.c
@@ -65,8 +65,9 @@ static void nfc_hci_msg_tx_work(struct work_struct *work)
65 -ETIME); 65 -ETIME);
66 kfree(hdev->cmd_pending_msg); 66 kfree(hdev->cmd_pending_msg);
67 hdev->cmd_pending_msg = NULL; 67 hdev->cmd_pending_msg = NULL;
68 } else 68 } else {
69 goto exit; 69 goto exit;
70 }
70 } 71 }
71 72
72next_msg: 73next_msg:
@@ -182,7 +183,7 @@ static u32 nfc_hci_sak_to_protocol(u8 sak)
182 } 183 }
183} 184}
184 185
185static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate) 186int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
186{ 187{
187 struct nfc_target *targets; 188 struct nfc_target *targets;
188 struct sk_buff *atqa_skb = NULL; 189 struct sk_buff *atqa_skb = NULL;
@@ -263,7 +264,9 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
263 break; 264 break;
264 } 265 }
265 266
266 targets->hci_reader_gate = gate; 267 /* if driver set the new gate, we will skip the old one */
268 if (targets->hci_reader_gate == 0x00)
269 targets->hci_reader_gate = gate;
267 270
268 r = nfc_targets_found(hdev->ndev, targets, 1); 271 r = nfc_targets_found(hdev->ndev, targets, 1);
269 272
@@ -275,6 +278,7 @@ exit:
275 278
276 return r; 279 return r;
277} 280}
281EXPORT_SYMBOL(nfc_hci_target_discovered);
278 282
279void nfc_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event, 283void nfc_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
280 struct sk_buff *skb) 284 struct sk_buff *skb)
@@ -307,8 +311,13 @@ void nfc_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
307 nfc_hci_pipe2gate(hdev, pipe)); 311 nfc_hci_pipe2gate(hdev, pipe));
308 break; 312 break;
309 default: 313 default:
310 /* TODO: Unknown events are hardware specific 314 if (hdev->ops->event_received) {
311 * pass them to the driver (needs a new hci_ops) */ 315 hdev->ops->event_received(hdev,
316 nfc_hci_pipe2gate(hdev, pipe),
317 event, skb);
318 return;
319 }
320
312 break; 321 break;
313 } 322 }
314 323
@@ -527,7 +536,8 @@ static int hci_start_poll(struct nfc_dev *nfc_dev,
527 return hdev->ops->start_poll(hdev, im_protocols, tm_protocols); 536 return hdev->ops->start_poll(hdev, im_protocols, tm_protocols);
528 else 537 else
529 return nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE, 538 return nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
530 NFC_HCI_EVT_READER_REQUESTED, NULL, 0); 539 NFC_HCI_EVT_READER_REQUESTED,
540 NULL, 0);
531} 541}
532 542
533static void hci_stop_poll(struct nfc_dev *nfc_dev) 543static void hci_stop_poll(struct nfc_dev *nfc_dev)
@@ -538,6 +548,28 @@ static void hci_stop_poll(struct nfc_dev *nfc_dev)
538 NFC_HCI_EVT_END_OPERATION, NULL, 0); 548 NFC_HCI_EVT_END_OPERATION, NULL, 0);
539} 549}
540 550
551static int hci_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
552 __u8 comm_mode, __u8 *gb, size_t gb_len)
553{
554 struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
555
556 if (hdev->ops->dep_link_up)
557 return hdev->ops->dep_link_up(hdev, target, comm_mode,
558 gb, gb_len);
559
560 return 0;
561}
562
563static int hci_dep_link_down(struct nfc_dev *nfc_dev)
564{
565 struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
566
567 if (hdev->ops->dep_link_down)
568 return hdev->ops->dep_link_down(hdev);
569
570 return 0;
571}
572
541static int hci_activate_target(struct nfc_dev *nfc_dev, 573static int hci_activate_target(struct nfc_dev *nfc_dev,
542 struct nfc_target *target, u32 protocol) 574 struct nfc_target *target, u32 protocol)
543{ 575{
@@ -586,8 +618,8 @@ static int hci_transceive(struct nfc_dev *nfc_dev, struct nfc_target *target,
586 switch (target->hci_reader_gate) { 618 switch (target->hci_reader_gate) {
587 case NFC_HCI_RF_READER_A_GATE: 619 case NFC_HCI_RF_READER_A_GATE:
588 case NFC_HCI_RF_READER_B_GATE: 620 case NFC_HCI_RF_READER_B_GATE:
589 if (hdev->ops->data_exchange) { 621 if (hdev->ops->im_transceive) {
590 r = hdev->ops->data_exchange(hdev, target, skb, cb, 622 r = hdev->ops->im_transceive(hdev, target, skb, cb,
591 cb_context); 623 cb_context);
592 if (r <= 0) /* handled */ 624 if (r <= 0) /* handled */
593 break; 625 break;
@@ -604,14 +636,14 @@ static int hci_transceive(struct nfc_dev *nfc_dev, struct nfc_target *target,
604 skb->len, hci_transceive_cb, hdev); 636 skb->len, hci_transceive_cb, hdev);
605 break; 637 break;
606 default: 638 default:
607 if (hdev->ops->data_exchange) { 639 if (hdev->ops->im_transceive) {
608 r = hdev->ops->data_exchange(hdev, target, skb, cb, 640 r = hdev->ops->im_transceive(hdev, target, skb, cb,
609 cb_context); 641 cb_context);
610 if (r == 1) 642 if (r == 1)
611 r = -ENOTSUPP; 643 r = -ENOTSUPP;
612 } 644 } else {
613 else
614 r = -ENOTSUPP; 645 r = -ENOTSUPP;
646 }
615 break; 647 break;
616 } 648 }
617 649
@@ -620,6 +652,16 @@ static int hci_transceive(struct nfc_dev *nfc_dev, struct nfc_target *target,
620 return r; 652 return r;
621} 653}
622 654
655static int hci_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
656{
657 struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
658
659 if (hdev->ops->tm_send)
660 return hdev->ops->tm_send(hdev, skb);
661 else
662 return -ENOTSUPP;
663}
664
623static int hci_check_presence(struct nfc_dev *nfc_dev, 665static int hci_check_presence(struct nfc_dev *nfc_dev,
624 struct nfc_target *target) 666 struct nfc_target *target)
625{ 667{
@@ -723,9 +765,12 @@ static struct nfc_ops hci_nfc_ops = {
723 .dev_down = hci_dev_down, 765 .dev_down = hci_dev_down,
724 .start_poll = hci_start_poll, 766 .start_poll = hci_start_poll,
725 .stop_poll = hci_stop_poll, 767 .stop_poll = hci_stop_poll,
768 .dep_link_up = hci_dep_link_up,
769 .dep_link_down = hci_dep_link_down,
726 .activate_target = hci_activate_target, 770 .activate_target = hci_activate_target,
727 .deactivate_target = hci_deactivate_target, 771 .deactivate_target = hci_deactivate_target,
728 .im_transceive = hci_transceive, 772 .im_transceive = hci_transceive,
773 .tm_send = hci_tm_send,
729 .check_presence = hci_check_presence, 774 .check_presence = hci_check_presence,
730}; 775};
731 776
@@ -848,7 +893,7 @@ void nfc_hci_driver_failure(struct nfc_hci_dev *hdev, int err)
848} 893}
849EXPORT_SYMBOL(nfc_hci_driver_failure); 894EXPORT_SYMBOL(nfc_hci_driver_failure);
850 895
851void inline nfc_hci_recv_frame(struct nfc_hci_dev *hdev, struct sk_buff *skb) 896void nfc_hci_recv_frame(struct nfc_hci_dev *hdev, struct sk_buff *skb)
852{ 897{
853 nfc_llc_rcv_from_drv(hdev->llc, skb); 898 nfc_llc_rcv_from_drv(hdev->llc, skb);
854} 899}
diff --git a/net/nfc/hci/llc.c b/net/nfc/hci/llc.c
index ae1205ded87..fe5e966e5b8 100644
--- a/net/nfc/hci/llc.c
+++ b/net/nfc/hci/llc.c
@@ -72,7 +72,7 @@ int nfc_llc_register(const char *name, struct nfc_llc_ops *ops)
72 llc_engine->ops = ops; 72 llc_engine->ops = ops;
73 73
74 INIT_LIST_HEAD(&llc_engine->entry); 74 INIT_LIST_HEAD(&llc_engine->entry);
75 list_add_tail (&llc_engine->entry, &llc_engines); 75 list_add_tail(&llc_engine->entry, &llc_engines);
76 76
77 return 0; 77 return 0;
78} 78}
diff --git a/net/nfc/hci/llc_shdlc.c b/net/nfc/hci/llc_shdlc.c
index 01cbc72943c..27b313befc3 100644
--- a/net/nfc/hci/llc_shdlc.c
+++ b/net/nfc/hci/llc_shdlc.c
@@ -634,9 +634,9 @@ static void llc_shdlc_sm_work(struct work_struct *work)
634 r = llc_shdlc_connect_initiate(shdlc); 634 r = llc_shdlc_connect_initiate(shdlc);
635 else 635 else
636 r = -ETIME; 636 r = -ETIME;
637 if (r < 0) 637 if (r < 0) {
638 llc_shdlc_connect_complete(shdlc, r); 638 llc_shdlc_connect_complete(shdlc, r);
639 else { 639 } else {
640 mod_timer(&shdlc->connect_timer, jiffies + 640 mod_timer(&shdlc->connect_timer, jiffies +
641 msecs_to_jiffies(SHDLC_CONNECT_VALUE_MS)); 641 msecs_to_jiffies(SHDLC_CONNECT_VALUE_MS));
642 642
@@ -682,9 +682,8 @@ static void llc_shdlc_sm_work(struct work_struct *work)
682 llc_shdlc_handle_send_queue(shdlc); 682 llc_shdlc_handle_send_queue(shdlc);
683 } 683 }
684 684
685 if (shdlc->hard_fault) { 685 if (shdlc->hard_fault)
686 shdlc->llc_failure(shdlc->hdev, shdlc->hard_fault); 686 shdlc->llc_failure(shdlc->hdev, shdlc->hard_fault);
687 }
688 break; 687 break;
689 default: 688 default:
690 break; 689 break;
diff --git a/net/nfc/llcp/Kconfig b/net/nfc/llcp/Kconfig
index fbf5e815090..a1a41cd6825 100644
--- a/net/nfc/llcp/Kconfig
+++ b/net/nfc/llcp/Kconfig
@@ -1,6 +1,6 @@
1config NFC_LLCP 1config NFC_LLCP
2 depends on NFC && EXPERIMENTAL 2 depends on NFC
3 bool "NFC LLCP support (EXPERIMENTAL)" 3 bool "NFC LLCP support"
4 default n 4 default n
5 help 5 help
6 Say Y here if you want to build support for a kernel NFC LLCP 6 Say Y here if you want to build support for a kernel NFC LLCP
diff --git a/net/nfc/llcp/commands.c b/net/nfc/llcp/commands.c
index c45ccd6c094..ed2d17312d6 100644
--- a/net/nfc/llcp/commands.c
+++ b/net/nfc/llcp/commands.c
@@ -261,7 +261,6 @@ int nfc_llcp_disconnect(struct nfc_llcp_sock *sock)
261 struct sk_buff *skb; 261 struct sk_buff *skb;
262 struct nfc_dev *dev; 262 struct nfc_dev *dev;
263 struct nfc_llcp_local *local; 263 struct nfc_llcp_local *local;
264 u16 size = 0;
265 264
266 pr_debug("Sending DISC\n"); 265 pr_debug("Sending DISC\n");
267 266
@@ -273,17 +272,10 @@ int nfc_llcp_disconnect(struct nfc_llcp_sock *sock)
273 if (dev == NULL) 272 if (dev == NULL)
274 return -ENODEV; 273 return -ENODEV;
275 274
276 size += LLCP_HEADER_SIZE; 275 skb = llcp_allocate_pdu(sock, LLCP_PDU_DISC, 0);
277 size += dev->tx_headroom + dev->tx_tailroom + NFC_HEADER_SIZE;
278
279 skb = alloc_skb(size, GFP_ATOMIC);
280 if (skb == NULL) 276 if (skb == NULL)
281 return -ENOMEM; 277 return -ENOMEM;
282 278
283 skb_reserve(skb, dev->tx_headroom + NFC_HEADER_SIZE);
284
285 skb = llcp_add_header(skb, sock->dsap, sock->ssap, LLCP_PDU_DISC);
286
287 skb_queue_tail(&local->tx_queue, skb); 279 skb_queue_tail(&local->tx_queue, skb);
288 280
289 return 0; 281 return 0;
@@ -324,8 +316,7 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
324 struct sk_buff *skb; 316 struct sk_buff *skb;
325 u8 *service_name_tlv = NULL, service_name_tlv_length; 317 u8 *service_name_tlv = NULL, service_name_tlv_length;
326 u8 *miux_tlv = NULL, miux_tlv_length; 318 u8 *miux_tlv = NULL, miux_tlv_length;
327 u8 *rw_tlv = NULL, rw_tlv_length, rw; 319 u8 *rw_tlv = NULL, rw_tlv_length;
328 __be16 miux;
329 int err; 320 int err;
330 u16 size = 0; 321 u16 size = 0;
331 322
@@ -343,13 +334,11 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
343 size += service_name_tlv_length; 334 size += service_name_tlv_length;
344 } 335 }
345 336
346 miux = cpu_to_be16(LLCP_MAX_MIUX); 337 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0,
347 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
348 &miux_tlv_length); 338 &miux_tlv_length);
349 size += miux_tlv_length; 339 size += miux_tlv_length;
350 340
351 rw = LLCP_MAX_RW; 341 rw_tlv = nfc_llcp_build_tlv(LLCP_TLV_RW, &local->rw, 0, &rw_tlv_length);
352 rw_tlv = nfc_llcp_build_tlv(LLCP_TLV_RW, &rw, 0, &rw_tlv_length);
353 size += rw_tlv_length; 342 size += rw_tlv_length;
354 343
355 pr_debug("SKB size %d SN length %zu\n", size, sock->service_name_len); 344 pr_debug("SKB size %d SN length %zu\n", size, sock->service_name_len);
@@ -386,8 +375,7 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock)
386 struct nfc_llcp_local *local; 375 struct nfc_llcp_local *local;
387 struct sk_buff *skb; 376 struct sk_buff *skb;
388 u8 *miux_tlv = NULL, miux_tlv_length; 377 u8 *miux_tlv = NULL, miux_tlv_length;
389 u8 *rw_tlv = NULL, rw_tlv_length, rw; 378 u8 *rw_tlv = NULL, rw_tlv_length;
390 __be16 miux;
391 int err; 379 int err;
392 u16 size = 0; 380 u16 size = 0;
393 381
@@ -397,13 +385,11 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock)
397 if (local == NULL) 385 if (local == NULL)
398 return -ENODEV; 386 return -ENODEV;
399 387
400 miux = cpu_to_be16(LLCP_MAX_MIUX); 388 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0,
401 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
402 &miux_tlv_length); 389 &miux_tlv_length);
403 size += miux_tlv_length; 390 size += miux_tlv_length;
404 391
405 rw = LLCP_MAX_RW; 392 rw_tlv = nfc_llcp_build_tlv(LLCP_TLV_RW, &local->rw, 0, &rw_tlv_length);
406 rw_tlv = nfc_llcp_build_tlv(LLCP_TLV_RW, &rw, 0, &rw_tlv_length);
407 size += rw_tlv_length; 393 size += rw_tlv_length;
408 394
409 skb = llcp_allocate_pdu(sock, LLCP_PDU_CC, size); 395 skb = llcp_allocate_pdu(sock, LLCP_PDU_CC, size);
@@ -428,6 +414,52 @@ error_tlv:
428 return err; 414 return err;
429} 415}
430 416
417int nfc_llcp_send_snl(struct nfc_llcp_local *local, u8 tid, u8 sap)
418{
419 struct sk_buff *skb;
420 struct nfc_dev *dev;
421 u8 *sdres_tlv = NULL, sdres_tlv_length, sdres[2];
422 u16 size = 0;
423
424 pr_debug("Sending SNL tid 0x%x sap 0x%x\n", tid, sap);
425
426 if (local == NULL)
427 return -ENODEV;
428
429 dev = local->dev;
430 if (dev == NULL)
431 return -ENODEV;
432
433 sdres[0] = tid;
434 sdres[1] = sap;
435 sdres_tlv = nfc_llcp_build_tlv(LLCP_TLV_SDRES, sdres, 0,
436 &sdres_tlv_length);
437 if (sdres_tlv == NULL)
438 return -ENOMEM;
439
440 size += LLCP_HEADER_SIZE;
441 size += dev->tx_headroom + dev->tx_tailroom + NFC_HEADER_SIZE;
442 size += sdres_tlv_length;
443
444 skb = alloc_skb(size, GFP_KERNEL);
445 if (skb == NULL) {
446 kfree(sdres_tlv);
447 return -ENOMEM;
448 }
449
450 skb_reserve(skb, dev->tx_headroom + NFC_HEADER_SIZE);
451
452 skb = llcp_add_header(skb, LLCP_SAP_SDP, LLCP_SAP_SDP, LLCP_PDU_SNL);
453
454 memcpy(skb_put(skb, sdres_tlv_length), sdres_tlv, sdres_tlv_length);
455
456 skb_queue_tail(&local->tx_queue, skb);
457
458 kfree(sdres_tlv);
459
460 return 0;
461}
462
431int nfc_llcp_send_dm(struct nfc_llcp_local *local, u8 ssap, u8 dsap, u8 reason) 463int nfc_llcp_send_dm(struct nfc_llcp_local *local, u8 ssap, u8 dsap, u8 reason)
432{ 464{
433 struct sk_buff *skb; 465 struct sk_buff *skb;
@@ -541,6 +573,52 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
541 return len; 573 return len;
542} 574}
543 575
576int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
577 struct msghdr *msg, size_t len)
578{
579 struct sk_buff *pdu;
580 struct nfc_llcp_local *local;
581 size_t frag_len = 0, remaining_len;
582 u8 *msg_ptr;
583 int err;
584
585 pr_debug("Send UI frame len %zd\n", len);
586
587 local = sock->local;
588 if (local == NULL)
589 return -ENODEV;
590
591 remaining_len = len;
592 msg_ptr = (u8 *) msg->msg_iov;
593
594 while (remaining_len > 0) {
595
596 frag_len = min_t(size_t, sock->miu, remaining_len);
597
598 pr_debug("Fragment %zd bytes remaining %zd",
599 frag_len, remaining_len);
600
601 pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT,
602 frag_len + LLCP_HEADER_SIZE, &err);
603 if (pdu == NULL) {
604 pr_err("Could not allocate PDU\n");
605 continue;
606 }
607
608 pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI);
609
610 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
611
612 /* No need to check for the peer RW for UI frames */
613 skb_queue_tail(&local->tx_queue, pdu);
614
615 remaining_len -= frag_len;
616 msg_ptr += frag_len;
617 }
618
619 return len;
620}
621
544int nfc_llcp_send_rr(struct nfc_llcp_sock *sock) 622int nfc_llcp_send_rr(struct nfc_llcp_sock *sock)
545{ 623{
546 struct sk_buff *skb; 624 struct sk_buff *skb;
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index cc10d073c33..f6804532047 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -45,12 +45,38 @@ void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk)
45 write_unlock(&l->lock); 45 write_unlock(&l->lock);
46} 46}
47 47
48static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
49{
50 struct nfc_llcp_local *local = sock->local;
51 struct sk_buff *s, *tmp;
52
53 pr_debug("%p\n", &sock->sk);
54
55 skb_queue_purge(&sock->tx_queue);
56 skb_queue_purge(&sock->tx_pending_queue);
57 skb_queue_purge(&sock->tx_backlog_queue);
58
59 if (local == NULL)
60 return;
61
62 /* Search for local pending SKBs that are related to this socket */
63 skb_queue_walk_safe(&local->tx_queue, s, tmp) {
64 if (s->sk != &sock->sk)
65 continue;
66
67 skb_unlink(s, &local->tx_queue);
68 kfree_skb(s);
69 }
70}
71
48static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen) 72static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
49{ 73{
50 struct sock *sk; 74 struct sock *sk;
51 struct hlist_node *node, *tmp; 75 struct hlist_node *node, *tmp;
52 struct nfc_llcp_sock *llcp_sock; 76 struct nfc_llcp_sock *llcp_sock;
53 77
78 skb_queue_purge(&local->tx_queue);
79
54 write_lock(&local->sockets.lock); 80 write_lock(&local->sockets.lock);
55 81
56 sk_for_each_safe(sk, node, tmp, &local->sockets.head) { 82 sk_for_each_safe(sk, node, tmp, &local->sockets.head) {
@@ -58,6 +84,8 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
58 84
59 bh_lock_sock(sk); 85 bh_lock_sock(sk);
60 86
87 nfc_llcp_socket_purge(llcp_sock);
88
61 if (sk->sk_state == LLCP_CONNECTED) 89 if (sk->sk_state == LLCP_CONNECTED)
62 nfc_put_device(llcp_sock->dev); 90 nfc_put_device(llcp_sock->dev);
63 91
@@ -65,7 +93,8 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
65 struct nfc_llcp_sock *lsk, *n; 93 struct nfc_llcp_sock *lsk, *n;
66 struct sock *accept_sk; 94 struct sock *accept_sk;
67 95
68 list_for_each_entry_safe(lsk, n, &llcp_sock->accept_queue, 96 list_for_each_entry_safe(lsk, n,
97 &llcp_sock->accept_queue,
69 accept_queue) { 98 accept_queue) {
70 accept_sk = &lsk->sk; 99 accept_sk = &lsk->sk;
71 bh_lock_sock(accept_sk); 100 bh_lock_sock(accept_sk);
@@ -85,6 +114,16 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
85 } 114 }
86 } 115 }
87 116
117 /*
118 * If we have a connection less socket bound, we keep it alive
119 * if the device is still present.
120 */
121 if (sk->sk_state == LLCP_BOUND && sk->sk_type == SOCK_DGRAM &&
122 listen == true) {
123 bh_unlock_sock(sk);
124 continue;
125 }
126
88 sk->sk_state = LLCP_CLOSED; 127 sk->sk_state = LLCP_CLOSED;
89 128
90 bh_unlock_sock(sk); 129 bh_unlock_sock(sk);
@@ -134,7 +173,7 @@ static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local,
134{ 173{
135 struct sock *sk; 174 struct sock *sk;
136 struct hlist_node *node; 175 struct hlist_node *node;
137 struct nfc_llcp_sock *llcp_sock; 176 struct nfc_llcp_sock *llcp_sock, *tmp_sock;
138 177
139 pr_debug("ssap dsap %d %d\n", ssap, dsap); 178 pr_debug("ssap dsap %d %d\n", ssap, dsap);
140 179
@@ -146,10 +185,12 @@ static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local,
146 llcp_sock = NULL; 185 llcp_sock = NULL;
147 186
148 sk_for_each(sk, node, &local->sockets.head) { 187 sk_for_each(sk, node, &local->sockets.head) {
149 llcp_sock = nfc_llcp_sock(sk); 188 tmp_sock = nfc_llcp_sock(sk);
150 189
151 if (llcp_sock->ssap == ssap && llcp_sock->dsap == dsap) 190 if (tmp_sock->ssap == ssap && tmp_sock->dsap == dsap) {
191 llcp_sock = tmp_sock;
152 break; 192 break;
193 }
153 } 194 }
154 195
155 read_unlock(&local->sockets.lock); 196 read_unlock(&local->sockets.lock);
@@ -249,7 +290,12 @@ struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local,
249 290
250 pr_debug("llcp sock %p\n", tmp_sock); 291 pr_debug("llcp sock %p\n", tmp_sock);
251 292
252 if (tmp_sock->sk.sk_state != LLCP_LISTEN) 293 if (tmp_sock->sk.sk_type == SOCK_STREAM &&
294 tmp_sock->sk.sk_state != LLCP_LISTEN)
295 continue;
296
297 if (tmp_sock->sk.sk_type == SOCK_DGRAM &&
298 tmp_sock->sk.sk_state != LLCP_BOUND)
253 continue; 299 continue;
254 300
255 if (tmp_sock->service_name == NULL || 301 if (tmp_sock->service_name == NULL ||
@@ -421,10 +467,9 @@ static u8 nfc_llcp_reserve_sdp_ssap(struct nfc_llcp_local *local)
421static int nfc_llcp_build_gb(struct nfc_llcp_local *local) 467static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
422{ 468{
423 u8 *gb_cur, *version_tlv, version, version_length; 469 u8 *gb_cur, *version_tlv, version, version_length;
424 u8 *lto_tlv, lto, lto_length; 470 u8 *lto_tlv, lto_length;
425 u8 *wks_tlv, wks_length; 471 u8 *wks_tlv, wks_length;
426 u8 *miux_tlv, miux_length; 472 u8 *miux_tlv, miux_length;
427 __be16 miux;
428 u8 gb_len = 0; 473 u8 gb_len = 0;
429 int ret = 0; 474 int ret = 0;
430 475
@@ -433,9 +478,7 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
433 1, &version_length); 478 1, &version_length);
434 gb_len += version_length; 479 gb_len += version_length;
435 480
436 /* 1500 ms */ 481 lto_tlv = nfc_llcp_build_tlv(LLCP_TLV_LTO, &local->lto, 1, &lto_length);
437 lto = 150;
438 lto_tlv = nfc_llcp_build_tlv(LLCP_TLV_LTO, &lto, 1, &lto_length);
439 gb_len += lto_length; 482 gb_len += lto_length;
440 483
441 pr_debug("Local wks 0x%lx\n", local->local_wks); 484 pr_debug("Local wks 0x%lx\n", local->local_wks);
@@ -443,8 +486,7 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
443 &wks_length); 486 &wks_length);
444 gb_len += wks_length; 487 gb_len += wks_length;
445 488
446 miux = cpu_to_be16(LLCP_MAX_MIUX); 489 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0,
447 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
448 &miux_length); 490 &miux_length);
449 gb_len += miux_length; 491 gb_len += miux_length;
450 492
@@ -610,7 +652,10 @@ static void nfc_llcp_tx_work(struct work_struct *work)
610 if (skb != NULL) { 652 if (skb != NULL) {
611 sk = skb->sk; 653 sk = skb->sk;
612 llcp_sock = nfc_llcp_sock(sk); 654 llcp_sock = nfc_llcp_sock(sk);
613 if (llcp_sock != NULL) { 655
656 if (llcp_sock == NULL && nfc_llcp_ptype(skb) == LLCP_PDU_I) {
657 nfc_llcp_send_symm(local->dev);
658 } else {
614 int ret; 659 int ret;
615 660
616 pr_debug("Sending pending skb\n"); 661 pr_debug("Sending pending skb\n");
@@ -629,8 +674,6 @@ static void nfc_llcp_tx_work(struct work_struct *work)
629 skb_queue_tail(&llcp_sock->tx_pending_queue, 674 skb_queue_tail(&llcp_sock->tx_pending_queue,
630 skb); 675 skb);
631 } 676 }
632 } else {
633 nfc_llcp_send_symm(local->dev);
634 } 677 }
635 } else { 678 } else {
636 nfc_llcp_send_symm(local->dev); 679 nfc_llcp_send_symm(local->dev);
@@ -704,6 +747,39 @@ static u8 *nfc_llcp_connect_sn(struct sk_buff *skb, size_t *sn_len)
704 return NULL; 747 return NULL;
705} 748}
706 749
750static void nfc_llcp_recv_ui(struct nfc_llcp_local *local,
751 struct sk_buff *skb)
752{
753 struct nfc_llcp_sock *llcp_sock;
754 struct nfc_llcp_ui_cb *ui_cb;
755 u8 dsap, ssap;
756
757 dsap = nfc_llcp_dsap(skb);
758 ssap = nfc_llcp_ssap(skb);
759
760 ui_cb = nfc_llcp_ui_skb_cb(skb);
761 ui_cb->dsap = dsap;
762 ui_cb->ssap = ssap;
763
764 printk("%s %d %d\n", __func__, dsap, ssap);
765
766 pr_debug("%d %d\n", dsap, ssap);
767
768 /* We're looking for a bound socket, not a client one */
769 llcp_sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
770 if (llcp_sock == NULL || llcp_sock->sk.sk_type != SOCK_DGRAM)
771 return;
772
773 /* There is no sequence with UI frames */
774 skb_pull(skb, LLCP_HEADER_SIZE);
775 if (sock_queue_rcv_skb(&llcp_sock->sk, skb)) {
776 pr_err("receive queue is full\n");
777 skb_queue_head(&llcp_sock->tx_backlog_queue, skb);
778 }
779
780 nfc_llcp_sock_put(llcp_sock);
781}
782
707static void nfc_llcp_recv_connect(struct nfc_llcp_local *local, 783static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
708 struct sk_buff *skb) 784 struct sk_buff *skb)
709{ 785{
@@ -823,9 +899,6 @@ static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
823fail: 899fail:
824 /* Send DM */ 900 /* Send DM */
825 nfc_llcp_send_dm(local, dsap, ssap, reason); 901 nfc_llcp_send_dm(local, dsap, ssap, reason);
826
827 return;
828
829} 902}
830 903
831int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock) 904int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
@@ -953,6 +1026,9 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
953 1026
954 sk = &llcp_sock->sk; 1027 sk = &llcp_sock->sk;
955 lock_sock(sk); 1028 lock_sock(sk);
1029
1030 nfc_llcp_socket_purge(llcp_sock);
1031
956 if (sk->sk_state == LLCP_CLOSED) { 1032 if (sk->sk_state == LLCP_CLOSED) {
957 release_sock(sk); 1033 release_sock(sk);
958 nfc_llcp_sock_put(llcp_sock); 1034 nfc_llcp_sock_put(llcp_sock);
@@ -1027,7 +1103,7 @@ static void nfc_llcp_recv_dm(struct nfc_llcp_local *local, struct sk_buff *skb)
1027 } 1103 }
1028 1104
1029 if (llcp_sock == NULL) { 1105 if (llcp_sock == NULL) {
1030 pr_err("Invalid DM\n"); 1106 pr_debug("Already closed\n");
1031 return; 1107 return;
1032 } 1108 }
1033 1109
@@ -1038,8 +1114,100 @@ static void nfc_llcp_recv_dm(struct nfc_llcp_local *local, struct sk_buff *skb)
1038 sk->sk_state_change(sk); 1114 sk->sk_state_change(sk);
1039 1115
1040 nfc_llcp_sock_put(llcp_sock); 1116 nfc_llcp_sock_put(llcp_sock);
1117}
1041 1118
1042 return; 1119static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
1120 struct sk_buff *skb)
1121{
1122 struct nfc_llcp_sock *llcp_sock;
1123 u8 dsap, ssap, *tlv, type, length, tid, sap;
1124 u16 tlv_len, offset;
1125 char *service_name;
1126 size_t service_name_len;
1127
1128 dsap = nfc_llcp_dsap(skb);
1129 ssap = nfc_llcp_ssap(skb);
1130
1131 pr_debug("%d %d\n", dsap, ssap);
1132
1133 if (dsap != LLCP_SAP_SDP || ssap != LLCP_SAP_SDP) {
1134 pr_err("Wrong SNL SAP\n");
1135 return;
1136 }
1137
1138 tlv = &skb->data[LLCP_HEADER_SIZE];
1139 tlv_len = skb->len - LLCP_HEADER_SIZE;
1140 offset = 0;
1141
1142 while (offset < tlv_len) {
1143 type = tlv[0];
1144 length = tlv[1];
1145
1146 switch (type) {
1147 case LLCP_TLV_SDREQ:
1148 tid = tlv[2];
1149 service_name = (char *) &tlv[3];
1150 service_name_len = length - 1;
1151
1152 pr_debug("Looking for %.16s\n", service_name);
1153
1154 if (service_name_len == strlen("urn:nfc:sn:sdp") &&
1155 !strncmp(service_name, "urn:nfc:sn:sdp",
1156 service_name_len)) {
1157 sap = 1;
1158 goto send_snl;
1159 }
1160
1161 llcp_sock = nfc_llcp_sock_from_sn(local, service_name,
1162 service_name_len);
1163 if (!llcp_sock) {
1164 sap = 0;
1165 goto send_snl;
1166 }
1167
1168 /*
1169 * We found a socket but its ssap has not been reserved
1170 * yet. We need to assign it for good and send a reply.
1171 * The ssap will be freed when the socket is closed.
1172 */
1173 if (llcp_sock->ssap == LLCP_SDP_UNBOUND) {
1174 atomic_t *client_count;
1175
1176 sap = nfc_llcp_reserve_sdp_ssap(local);
1177
1178 pr_debug("Reserving %d\n", sap);
1179
1180 if (sap == LLCP_SAP_MAX) {
1181 sap = 0;
1182 goto send_snl;
1183 }
1184
1185 client_count =
1186 &local->local_sdp_cnt[sap -
1187 LLCP_WKS_NUM_SAP];
1188
1189 atomic_inc(client_count);
1190
1191 llcp_sock->ssap = sap;
1192 llcp_sock->reserved_ssap = sap;
1193 } else {
1194 sap = llcp_sock->ssap;
1195 }
1196
1197 pr_debug("%p %d\n", llcp_sock, sap);
1198
1199send_snl:
1200 nfc_llcp_send_snl(local, tid, sap);
1201 break;
1202
1203 default:
1204 pr_err("Invalid SNL tlv value 0x%x\n", type);
1205 break;
1206 }
1207
1208 offset += length + 2;
1209 tlv += length + 2;
1210 }
1043} 1211}
1044 1212
1045static void nfc_llcp_rx_work(struct work_struct *work) 1213static void nfc_llcp_rx_work(struct work_struct *work)
@@ -1072,6 +1240,11 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1072 pr_debug("SYMM\n"); 1240 pr_debug("SYMM\n");
1073 break; 1241 break;
1074 1242
1243 case LLCP_PDU_UI:
1244 pr_debug("UI\n");
1245 nfc_llcp_recv_ui(local, skb);
1246 break;
1247
1075 case LLCP_PDU_CONNECT: 1248 case LLCP_PDU_CONNECT:
1076 pr_debug("CONNECT\n"); 1249 pr_debug("CONNECT\n");
1077 nfc_llcp_recv_connect(local, skb); 1250 nfc_llcp_recv_connect(local, skb);
@@ -1092,6 +1265,11 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1092 nfc_llcp_recv_dm(local, skb); 1265 nfc_llcp_recv_dm(local, skb);
1093 break; 1266 break;
1094 1267
1268 case LLCP_PDU_SNL:
1269 pr_debug("SNL\n");
1270 nfc_llcp_recv_snl(local, skb);
1271 break;
1272
1095 case LLCP_PDU_I: 1273 case LLCP_PDU_I:
1096 case LLCP_PDU_RR: 1274 case LLCP_PDU_RR:
1097 case LLCP_PDU_RNR: 1275 case LLCP_PDU_RNR:
@@ -1104,8 +1282,6 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1104 schedule_work(&local->tx_work); 1282 schedule_work(&local->tx_work);
1105 kfree_skb(local->rx_pending); 1283 kfree_skb(local->rx_pending);
1106 local->rx_pending = NULL; 1284 local->rx_pending = NULL;
1107
1108 return;
1109} 1285}
1110 1286
1111void nfc_llcp_recv(void *data, struct sk_buff *skb, int err) 1287void nfc_llcp_recv(void *data, struct sk_buff *skb, int err)
@@ -1121,8 +1297,6 @@ void nfc_llcp_recv(void *data, struct sk_buff *skb, int err)
1121 local->rx_pending = skb_get(skb); 1297 local->rx_pending = skb_get(skb);
1122 del_timer(&local->link_timer); 1298 del_timer(&local->link_timer);
1123 schedule_work(&local->rx_work); 1299 schedule_work(&local->rx_work);
1124
1125 return;
1126} 1300}
1127 1301
1128int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb) 1302int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb)
@@ -1205,6 +1379,10 @@ int nfc_llcp_register_device(struct nfc_dev *ndev)
1205 rwlock_init(&local->connecting_sockets.lock); 1379 rwlock_init(&local->connecting_sockets.lock);
1206 rwlock_init(&local->raw_sockets.lock); 1380 rwlock_init(&local->raw_sockets.lock);
1207 1381
1382 local->lto = 150; /* 1500 ms */
1383 local->rw = LLCP_MAX_RW;
1384 local->miux = cpu_to_be16(LLCP_MAX_MIUX);
1385
1208 nfc_llcp_build_gb(local); 1386 nfc_llcp_build_gb(local);
1209 1387
1210 local->remote_miu = LLCP_DEFAULT_MIU; 1388 local->remote_miu = LLCP_DEFAULT_MIU;
diff --git a/net/nfc/llcp/llcp.h b/net/nfc/llcp/llcp.h
index fdb2d24e60b..0d62366f8cc 100644
--- a/net/nfc/llcp/llcp.h
+++ b/net/nfc/llcp/llcp.h
@@ -64,6 +64,9 @@ struct nfc_llcp_local {
64 u32 target_idx; 64 u32 target_idx;
65 u8 rf_mode; 65 u8 rf_mode;
66 u8 comm_mode; 66 u8 comm_mode;
67 u8 lto;
68 u8 rw;
69 __be16 miux;
67 unsigned long local_wks; /* Well known services */ 70 unsigned long local_wks; /* Well known services */
68 unsigned long local_sdp; /* Local services */ 71 unsigned long local_sdp; /* Local services */
69 unsigned long local_sap; /* Local SAPs, not available for discovery */ 72 unsigned long local_sap; /* Local SAPs, not available for discovery */
@@ -124,6 +127,13 @@ struct nfc_llcp_sock {
124 struct sock *parent; 127 struct sock *parent;
125}; 128};
126 129
130struct nfc_llcp_ui_cb {
131 __u8 dsap;
132 __u8 ssap;
133};
134
135#define nfc_llcp_ui_skb_cb(__skb) ((struct nfc_llcp_ui_cb *)&((__skb)->cb[0]))
136
127#define nfc_llcp_sock(sk) ((struct nfc_llcp_sock *) (sk)) 137#define nfc_llcp_sock(sk) ((struct nfc_llcp_sock *) (sk))
128#define nfc_llcp_dev(sk) (nfc_llcp_sock((sk))->dev) 138#define nfc_llcp_dev(sk) (nfc_llcp_sock((sk))->dev)
129 139
@@ -209,10 +219,13 @@ int nfc_llcp_disconnect(struct nfc_llcp_sock *sock);
209int nfc_llcp_send_symm(struct nfc_dev *dev); 219int nfc_llcp_send_symm(struct nfc_dev *dev);
210int nfc_llcp_send_connect(struct nfc_llcp_sock *sock); 220int nfc_llcp_send_connect(struct nfc_llcp_sock *sock);
211int nfc_llcp_send_cc(struct nfc_llcp_sock *sock); 221int nfc_llcp_send_cc(struct nfc_llcp_sock *sock);
222int nfc_llcp_send_snl(struct nfc_llcp_local *local, u8 tid, u8 sap);
212int nfc_llcp_send_dm(struct nfc_llcp_local *local, u8 ssap, u8 dsap, u8 reason); 223int nfc_llcp_send_dm(struct nfc_llcp_local *local, u8 ssap, u8 dsap, u8 reason);
213int nfc_llcp_send_disconnect(struct nfc_llcp_sock *sock); 224int nfc_llcp_send_disconnect(struct nfc_llcp_sock *sock);
214int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, 225int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
215 struct msghdr *msg, size_t len); 226 struct msghdr *msg, size_t len);
227int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
228 struct msghdr *msg, size_t len);
216int nfc_llcp_send_rr(struct nfc_llcp_sock *sock); 229int nfc_llcp_send_rr(struct nfc_llcp_sock *sock);
217 230
218/* Socket API */ 231/* Socket API */
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 63e4cdc9237..0fa1e92ceac 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -205,8 +205,8 @@ static int llcp_sock_listen(struct socket *sock, int backlog)
205 205
206 lock_sock(sk); 206 lock_sock(sk);
207 207
208 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) 208 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM) ||
209 || sk->sk_state != LLCP_BOUND) { 209 sk->sk_state != LLCP_BOUND) {
210 ret = -EBADFD; 210 ret = -EBADFD;
211 goto error; 211 goto error;
212 } 212 }
@@ -608,6 +608,25 @@ static int llcp_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
608 608
609 lock_sock(sk); 609 lock_sock(sk);
610 610
611 if (sk->sk_type == SOCK_DGRAM) {
612 struct sockaddr_nfc_llcp *addr =
613 (struct sockaddr_nfc_llcp *)msg->msg_name;
614
615 if (msg->msg_namelen < sizeof(*addr)) {
616 release_sock(sk);
617
618 pr_err("Invalid socket address length %d\n",
619 msg->msg_namelen);
620
621 return -EINVAL;
622 }
623
624 release_sock(sk);
625
626 return nfc_llcp_send_ui_frame(llcp_sock, addr->dsap, addr->ssap,
627 msg, len);
628 }
629
611 if (sk->sk_state != LLCP_CONNECTED) { 630 if (sk->sk_state != LLCP_CONNECTED) {
612 release_sock(sk); 631 release_sock(sk);
613 return -ENOTCONN; 632 return -ENOTCONN;
@@ -663,11 +682,28 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
663 return -EFAULT; 682 return -EFAULT;
664 } 683 }
665 684
685 if (sk->sk_type == SOCK_DGRAM && msg->msg_name) {
686 struct nfc_llcp_ui_cb *ui_cb = nfc_llcp_ui_skb_cb(skb);
687 struct sockaddr_nfc_llcp sockaddr;
688
689 pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap);
690
691 sockaddr.sa_family = AF_NFC;
692 sockaddr.nfc_protocol = NFC_PROTO_NFC_DEP;
693 sockaddr.dsap = ui_cb->dsap;
694 sockaddr.ssap = ui_cb->ssap;
695
696 memcpy(msg->msg_name, &sockaddr, sizeof(sockaddr));
697 msg->msg_namelen = sizeof(sockaddr);
698 }
699
666 /* Mark read part of skb as used */ 700 /* Mark read part of skb as used */
667 if (!(flags & MSG_PEEK)) { 701 if (!(flags & MSG_PEEK)) {
668 702
669 /* SOCK_STREAM: re-queue skb if it contains unreceived data */ 703 /* SOCK_STREAM: re-queue skb if it contains unreceived data */
670 if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_RAW) { 704 if (sk->sk_type == SOCK_STREAM ||
705 sk->sk_type == SOCK_DGRAM ||
706 sk->sk_type == SOCK_RAW) {
671 skb_pull(skb, copied); 707 skb_pull(skb, copied);
672 if (skb->len) { 708 if (skb->len) {
673 skb_queue_head(&sk->sk_receive_queue, skb); 709 skb_queue_head(&sk->sk_receive_queue, skb);
diff --git a/net/nfc/nci/Kconfig b/net/nfc/nci/Kconfig
index decdc49b26d..6d69b5f0f19 100644
--- a/net/nfc/nci/Kconfig
+++ b/net/nfc/nci/Kconfig
@@ -1,6 +1,6 @@
1config NFC_NCI 1config NFC_NCI
2 depends on NFC && EXPERIMENTAL 2 depends on NFC
3 tristate "NCI protocol support (EXPERIMENTAL)" 3 tristate "NCI protocol support"
4 default n 4 default n
5 help 5 help
6 NCI (NFC Controller Interface) is a communication protocol between 6 NCI (NFC Controller Interface) is a communication protocol between
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index acf9abb7d99..5f98dc1bf03 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -205,10 +205,10 @@ static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt)
205 cmd.num_disc_configs = 0; 205 cmd.num_disc_configs = 0;
206 206
207 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) && 207 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) &&
208 (protocols & NFC_PROTO_JEWEL_MASK 208 (protocols & NFC_PROTO_JEWEL_MASK ||
209 || protocols & NFC_PROTO_MIFARE_MASK 209 protocols & NFC_PROTO_MIFARE_MASK ||
210 || protocols & NFC_PROTO_ISO14443_MASK 210 protocols & NFC_PROTO_ISO14443_MASK ||
211 || protocols & NFC_PROTO_NFC_DEP_MASK)) { 211 protocols & NFC_PROTO_NFC_DEP_MASK)) {
212 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode = 212 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
213 NCI_NFC_A_PASSIVE_POLL_MODE; 213 NCI_NFC_A_PASSIVE_POLL_MODE;
214 cmd.disc_configs[cmd.num_disc_configs].frequency = 1; 214 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
@@ -224,8 +224,8 @@ static void nci_rf_discover_req(struct nci_dev *ndev, unsigned long opt)
224 } 224 }
225 225
226 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) && 226 if ((cmd.num_disc_configs < NCI_MAX_NUM_RF_CONFIGS) &&
227 (protocols & NFC_PROTO_FELICA_MASK 227 (protocols & NFC_PROTO_FELICA_MASK ||
228 || protocols & NFC_PROTO_NFC_DEP_MASK)) { 228 protocols & NFC_PROTO_NFC_DEP_MASK)) {
229 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode = 229 cmd.disc_configs[cmd.num_disc_configs].rf_tech_and_mode =
230 NCI_NFC_F_PASSIVE_POLL_MODE; 230 NCI_NFC_F_PASSIVE_POLL_MODE;
231 cmd.disc_configs[cmd.num_disc_configs].frequency = 1; 231 cmd.disc_configs[cmd.num_disc_configs].frequency = 1;
@@ -414,13 +414,13 @@ static int nci_set_local_general_bytes(struct nfc_dev *nfc_dev)
414 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev); 414 struct nci_dev *ndev = nfc_get_drvdata(nfc_dev);
415 struct nci_set_config_param param; 415 struct nci_set_config_param param;
416 __u8 local_gb[NFC_MAX_GT_LEN]; 416 __u8 local_gb[NFC_MAX_GT_LEN];
417 int i, rc = 0; 417 int i;
418 418
419 param.val = nfc_get_local_general_bytes(nfc_dev, &param.len); 419 param.val = nfc_get_local_general_bytes(nfc_dev, &param.len);
420 if ((param.val == NULL) || (param.len == 0)) 420 if ((param.val == NULL) || (param.len == 0))
421 return rc; 421 return 0;
422 422
423 if (param.len > NCI_MAX_PARAM_LEN) 423 if (param.len > NFC_MAX_GT_LEN)
424 return -EINVAL; 424 return -EINVAL;
425 425
426 for (i = 0; i < param.len; i++) 426 for (i = 0; i < param.len; i++)
@@ -429,10 +429,8 @@ static int nci_set_local_general_bytes(struct nfc_dev *nfc_dev)
429 param.id = NCI_PN_ATR_REQ_GEN_BYTES; 429 param.id = NCI_PN_ATR_REQ_GEN_BYTES;
430 param.val = local_gb; 430 param.val = local_gb;
431 431
432 rc = nci_request(ndev, nci_set_config_req, (unsigned long)&param, 432 return nci_request(ndev, nci_set_config_req, (unsigned long)&param,
433 msecs_to_jiffies(NCI_SET_CONFIG_TIMEOUT)); 433 msecs_to_jiffies(NCI_SET_CONFIG_TIMEOUT));
434
435 return rc;
436} 434}
437 435
438static int nci_start_poll(struct nfc_dev *nfc_dev, 436static int nci_start_poll(struct nfc_dev *nfc_dev,
@@ -579,7 +577,6 @@ static void nci_deactivate_target(struct nfc_dev *nfc_dev,
579 } 577 }
580} 578}
581 579
582
583static int nci_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target, 580static int nci_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
584 __u8 comm_mode, __u8 *gb, size_t gb_len) 581 __u8 comm_mode, __u8 *gb, size_t gb_len)
585{ 582{
@@ -806,8 +803,8 @@ int nci_recv_frame(struct sk_buff *skb)
806 803
807 pr_debug("len %d\n", skb->len); 804 pr_debug("len %d\n", skb->len);
808 805
809 if (!ndev || (!test_bit(NCI_UP, &ndev->flags) 806 if (!ndev || (!test_bit(NCI_UP, &ndev->flags) &&
810 && !test_bit(NCI_INIT, &ndev->flags))) { 807 !test_bit(NCI_INIT, &ndev->flags))) {
811 kfree_skb(skb); 808 kfree_skb(skb);
812 return -ENXIO; 809 return -ENXIO;
813 } 810 }
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index c1b5285cbde..3568ae16786 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -29,6 +29,8 @@
29 29
30#include "nfc.h" 30#include "nfc.h"
31 31
32#include "llcp/llcp.h"
33
32static struct genl_multicast_group nfc_genl_event_mcgrp = { 34static struct genl_multicast_group nfc_genl_event_mcgrp = {
33 .name = NFC_GENL_MCAST_EVENT_NAME, 35 .name = NFC_GENL_MCAST_EVENT_NAME,
34}; 36};
@@ -364,7 +366,8 @@ static int nfc_genl_send_device(struct sk_buff *msg, struct nfc_dev *dev,
364 if (nla_put_string(msg, NFC_ATTR_DEVICE_NAME, nfc_device_name(dev)) || 366 if (nla_put_string(msg, NFC_ATTR_DEVICE_NAME, nfc_device_name(dev)) ||
365 nla_put_u32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx) || 367 nla_put_u32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx) ||
366 nla_put_u32(msg, NFC_ATTR_PROTOCOLS, dev->supported_protocols) || 368 nla_put_u32(msg, NFC_ATTR_PROTOCOLS, dev->supported_protocols) ||
367 nla_put_u8(msg, NFC_ATTR_DEVICE_POWERED, dev->dev_up)) 369 nla_put_u8(msg, NFC_ATTR_DEVICE_POWERED, dev->dev_up) ||
370 nla_put_u8(msg, NFC_ATTR_RF_MODE, dev->rf_mode))
368 goto nla_put_failure; 371 goto nla_put_failure;
369 372
370 return genlmsg_end(msg, hdr); 373 return genlmsg_end(msg, hdr);
@@ -590,7 +593,7 @@ static int nfc_genl_start_poll(struct sk_buff *skb, struct genl_info *info)
590 if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || 593 if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
591 ((!info->attrs[NFC_ATTR_IM_PROTOCOLS] && 594 ((!info->attrs[NFC_ATTR_IM_PROTOCOLS] &&
592 !info->attrs[NFC_ATTR_PROTOCOLS]) && 595 !info->attrs[NFC_ATTR_PROTOCOLS]) &&
593 !info->attrs[NFC_ATTR_TM_PROTOCOLS])) 596 !info->attrs[NFC_ATTR_TM_PROTOCOLS]))
594 return -EINVAL; 597 return -EINVAL;
595 598
596 idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); 599 idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
@@ -715,6 +718,146 @@ static int nfc_genl_dep_link_down(struct sk_buff *skb, struct genl_info *info)
715 return rc; 718 return rc;
716} 719}
717 720
721static int nfc_genl_send_params(struct sk_buff *msg,
722 struct nfc_llcp_local *local,
723 u32 portid, u32 seq)
724{
725 void *hdr;
726
727 hdr = genlmsg_put(msg, portid, seq, &nfc_genl_family, 0,
728 NFC_CMD_LLC_GET_PARAMS);
729 if (!hdr)
730 return -EMSGSIZE;
731
732 if (nla_put_u32(msg, NFC_ATTR_DEVICE_INDEX, local->dev->idx) ||
733 nla_put_u8(msg, NFC_ATTR_LLC_PARAM_LTO, local->lto) ||
734 nla_put_u8(msg, NFC_ATTR_LLC_PARAM_RW, local->rw) ||
735 nla_put_u16(msg, NFC_ATTR_LLC_PARAM_MIUX, be16_to_cpu(local->miux)))
736 goto nla_put_failure;
737
738 return genlmsg_end(msg, hdr);
739
740nla_put_failure:
741
742 genlmsg_cancel(msg, hdr);
743 return -EMSGSIZE;
744}
745
746static int nfc_genl_llc_get_params(struct sk_buff *skb, struct genl_info *info)
747{
748 struct nfc_dev *dev;
749 struct nfc_llcp_local *local;
750 int rc = 0;
751 struct sk_buff *msg = NULL;
752 u32 idx;
753
754 if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
755 return -EINVAL;
756
757 idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
758
759 dev = nfc_get_device(idx);
760 if (!dev)
761 return -ENODEV;
762
763 device_lock(&dev->dev);
764
765 local = nfc_llcp_find_local(dev);
766 if (!local) {
767 rc = -ENODEV;
768 goto exit;
769 }
770
771 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
772 if (!msg) {
773 rc = -ENOMEM;
774 goto exit;
775 }
776
777 rc = nfc_genl_send_params(msg, local, info->snd_portid, info->snd_seq);
778
779exit:
780 device_unlock(&dev->dev);
781
782 nfc_put_device(dev);
783
784 if (rc < 0) {
785 if (msg)
786 nlmsg_free(msg);
787
788 return rc;
789 }
790
791 return genlmsg_reply(msg, info);
792}
793
794static int nfc_genl_llc_set_params(struct sk_buff *skb, struct genl_info *info)
795{
796 struct nfc_dev *dev;
797 struct nfc_llcp_local *local;
798 u8 rw = 0;
799 u16 miux = 0;
800 u32 idx;
801 int rc = 0;
802
803 if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
804 (!info->attrs[NFC_ATTR_LLC_PARAM_LTO] &&
805 !info->attrs[NFC_ATTR_LLC_PARAM_RW] &&
806 !info->attrs[NFC_ATTR_LLC_PARAM_MIUX]))
807 return -EINVAL;
808
809 if (info->attrs[NFC_ATTR_LLC_PARAM_RW]) {
810 rw = nla_get_u8(info->attrs[NFC_ATTR_LLC_PARAM_RW]);
811
812 if (rw > LLCP_MAX_RW)
813 return -EINVAL;
814 }
815
816 if (info->attrs[NFC_ATTR_LLC_PARAM_MIUX]) {
817 miux = nla_get_u16(info->attrs[NFC_ATTR_LLC_PARAM_MIUX]);
818
819 if (miux > LLCP_MAX_MIUX)
820 return -EINVAL;
821 }
822
823 idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
824
825 dev = nfc_get_device(idx);
826 if (!dev)
827 return -ENODEV;
828
829 device_lock(&dev->dev);
830
831 local = nfc_llcp_find_local(dev);
832 if (!local) {
833 nfc_put_device(dev);
834 rc = -ENODEV;
835 goto exit;
836 }
837
838 if (info->attrs[NFC_ATTR_LLC_PARAM_LTO]) {
839 if (dev->dep_link_up) {
840 rc = -EINPROGRESS;
841 goto exit;
842 }
843
844 local->lto = nla_get_u8(info->attrs[NFC_ATTR_LLC_PARAM_LTO]);
845 }
846
847 if (info->attrs[NFC_ATTR_LLC_PARAM_RW])
848 local->rw = rw;
849
850 if (info->attrs[NFC_ATTR_LLC_PARAM_MIUX])
851 local->miux = cpu_to_be16(miux);
852
853exit:
854 device_unlock(&dev->dev);
855
856 nfc_put_device(dev);
857
858 return rc;
859}
860
718static struct genl_ops nfc_genl_ops[] = { 861static struct genl_ops nfc_genl_ops[] = {
719 { 862 {
720 .cmd = NFC_CMD_GET_DEVICE, 863 .cmd = NFC_CMD_GET_DEVICE,
@@ -759,6 +902,16 @@ static struct genl_ops nfc_genl_ops[] = {
759 .done = nfc_genl_dump_targets_done, 902 .done = nfc_genl_dump_targets_done,
760 .policy = nfc_genl_policy, 903 .policy = nfc_genl_policy,
761 }, 904 },
905 {
906 .cmd = NFC_CMD_LLC_GET_PARAMS,
907 .doit = nfc_genl_llc_get_params,
908 .policy = nfc_genl_policy,
909 },
910 {
911 .cmd = NFC_CMD_LLC_SET_PARAMS,
912 .doit = nfc_genl_llc_set_params,
913 .policy = nfc_genl_policy,
914 },
762}; 915};
763 916
764 917
diff --git a/net/nfc/nfc.h b/net/nfc/nfc.h
index c5e42b79a41..87d914d2876 100644
--- a/net/nfc/nfc.h
+++ b/net/nfc/nfc.h
@@ -56,6 +56,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev);
56int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len); 56int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len);
57u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len); 57u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len);
58int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb); 58int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb);
59struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev);
59int __init nfc_llcp_init(void); 60int __init nfc_llcp_init(void);
60void nfc_llcp_exit(void); 61void nfc_llcp_exit(void);
61 62
@@ -97,6 +98,11 @@ static inline int nfc_llcp_data_received(struct nfc_dev *dev,
97 return 0; 98 return 0;
98} 99}
99 100
101static inline struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev)
102{
103 return NULL;
104}
105
100static inline int nfc_llcp_init(void) 106static inline int nfc_llcp_init(void)
101{ 107{
102 return 0; 108 return 0;
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index 8b8a6a2b2ba..313bf1bc848 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -256,7 +256,6 @@ static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock,
256 return rc ? : copied; 256 return rc ? : copied;
257} 257}
258 258
259
260static const struct proto_ops rawsock_ops = { 259static const struct proto_ops rawsock_ops = {
261 .family = PF_NFC, 260 .family = PF_NFC,
262 .owner = THIS_MODULE, 261 .owner = THIS_MODULE,
diff --git a/net/wireless/core.c b/net/wireless/core.c
index ce1ad776dfb..26711f46a3b 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -529,8 +529,7 @@ int wiphy_register(struct wiphy *wiphy)
529 for (i = 0; i < sband->n_channels; i++) { 529 for (i = 0; i < sband->n_channels; i++) {
530 sband->channels[i].orig_flags = 530 sband->channels[i].orig_flags =
531 sband->channels[i].flags; 531 sband->channels[i].flags;
532 sband->channels[i].orig_mag = 532 sband->channels[i].orig_mag = INT_MAX;
533 sband->channels[i].max_antenna_gain;
534 sband->channels[i].orig_mpwr = 533 sband->channels[i].orig_mpwr =
535 sband->channels[i].max_power; 534 sband->channels[i].max_power;
536 sband->channels[i].band = band; 535 sband->channels[i].band = band;
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 46aeafce08d..4bfd14f7c59 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -473,20 +473,14 @@ int __cfg80211_mlme_deauth(struct cfg80211_registered_device *rdev,
473 .reason_code = reason, 473 .reason_code = reason,
474 .ie = ie, 474 .ie = ie,
475 .ie_len = ie_len, 475 .ie_len = ie_len,
476 .local_state_change = local_state_change,
476 }; 477 };
477 478
478 ASSERT_WDEV_LOCK(wdev); 479 ASSERT_WDEV_LOCK(wdev);
479 480
480 if (local_state_change) { 481 if (local_state_change && (!wdev->current_bss ||
481 if (wdev->current_bss && 482 !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
482 ether_addr_equal(wdev->current_bss->pub.bssid, bssid)) {
483 cfg80211_unhold_bss(wdev->current_bss);
484 cfg80211_put_bss(&wdev->current_bss->pub);
485 wdev->current_bss = NULL;
486 }
487
488 return 0; 483 return 0;
489 }
490 484
491 return rdev_deauth(rdev, dev, &req); 485 return rdev_deauth(rdev, dev, &req);
492} 486}
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 3b8cbbc214d..bcc7d7ee5a5 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -908,7 +908,7 @@ static void handle_channel(struct wiphy *wiphy,
908 map_regdom_flags(reg_rule->flags) | bw_flags; 908 map_regdom_flags(reg_rule->flags) | bw_flags;
909 chan->max_antenna_gain = chan->orig_mag = 909 chan->max_antenna_gain = chan->orig_mag =
910 (int) MBI_TO_DBI(power_rule->max_antenna_gain); 910 (int) MBI_TO_DBI(power_rule->max_antenna_gain);
911 chan->max_power = chan->orig_mpwr = 911 chan->max_reg_power = chan->max_power = chan->orig_mpwr =
912 (int) MBM_TO_DBM(power_rule->max_eirp); 912 (int) MBM_TO_DBM(power_rule->max_eirp);
913 return; 913 return;
914 } 914 }
@@ -1331,7 +1331,8 @@ static void handle_channel_custom(struct wiphy *wiphy,
1331 1331
1332 chan->flags |= map_regdom_flags(reg_rule->flags) | bw_flags; 1332 chan->flags |= map_regdom_flags(reg_rule->flags) | bw_flags;
1333 chan->max_antenna_gain = (int) MBI_TO_DBI(power_rule->max_antenna_gain); 1333 chan->max_antenna_gain = (int) MBI_TO_DBI(power_rule->max_antenna_gain);
1334 chan->max_power = (int) MBM_TO_DBM(power_rule->max_eirp); 1334 chan->max_reg_power = chan->max_power =
1335 (int) MBM_TO_DBM(power_rule->max_eirp);
1335} 1336}
1336 1337
1337static void handle_band_custom(struct wiphy *wiphy, enum ieee80211_band band, 1338static void handle_band_custom(struct wiphy *wiphy, enum ieee80211_band band,
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 343f13c1d31..5b6c1df72f3 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -311,23 +311,21 @@ unsigned int ieee80211_get_hdrlen_from_skb(const struct sk_buff *skb)
311} 311}
312EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 312EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb);
313 313
314static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) 314unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
315{ 315{
316 int ae = meshhdr->flags & MESH_FLAGS_AE; 316 int ae = meshhdr->flags & MESH_FLAGS_AE;
317 /* 7.1.3.5a.2 */ 317 /* 802.11-2012, 8.2.4.7.3 */
318 switch (ae) { 318 switch (ae) {
319 default:
319 case 0: 320 case 0:
320 return 6; 321 return 6;
321 case MESH_FLAGS_AE_A4: 322 case MESH_FLAGS_AE_A4:
322 return 12; 323 return 12;
323 case MESH_FLAGS_AE_A5_A6: 324 case MESH_FLAGS_AE_A5_A6:
324 return 18; 325 return 18;
325 case (MESH_FLAGS_AE_A4 | MESH_FLAGS_AE_A5_A6):
326 return 24;
327 default:
328 return 6;
329 } 326 }
330} 327}
328EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen);
331 329
332int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, 330int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
333 enum nl80211_iftype iftype) 331 enum nl80211_iftype iftype)
@@ -375,6 +373,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
375 /* make sure meshdr->flags is on the linear part */ 373 /* make sure meshdr->flags is on the linear part */
376 if (!pskb_may_pull(skb, hdrlen + 1)) 374 if (!pskb_may_pull(skb, hdrlen + 1))
377 return -1; 375 return -1;
376 if (meshdr->flags & MESH_FLAGS_AE_A4)
377 return -1;
378 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { 378 if (meshdr->flags & MESH_FLAGS_AE_A5_A6) {
379 skb_copy_bits(skb, hdrlen + 379 skb_copy_bits(skb, hdrlen +
380 offsetof(struct ieee80211s_hdr, eaddr1), 380 offsetof(struct ieee80211s_hdr, eaddr1),
@@ -399,6 +399,8 @@ int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
399 /* make sure meshdr->flags is on the linear part */ 399 /* make sure meshdr->flags is on the linear part */
400 if (!pskb_may_pull(skb, hdrlen + 1)) 400 if (!pskb_may_pull(skb, hdrlen + 1))
401 return -1; 401 return -1;
402 if (meshdr->flags & MESH_FLAGS_AE_A5_A6)
403 return -1;
402 if (meshdr->flags & MESH_FLAGS_AE_A4) 404 if (meshdr->flags & MESH_FLAGS_AE_A4)
403 skb_copy_bits(skb, hdrlen + 405 skb_copy_bits(skb, hdrlen +
404 offsetof(struct ieee80211s_hdr, eaddr1), 406 offsetof(struct ieee80211s_hdr, eaddr1),
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-31 15:14:48 -0400