aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2012-07-18 14:53:10 -0400
committerJohn W. Linville <linville@tuxdriver.com>2012-07-18 14:53:10 -0400
commit0cd06647b7c24f6633e32a505930a9aa70138c22 (patch)
tree8f2ca456dfd2c8deddf8dfb5d50a0db5b7dda916
parente8c7b335faca2cbce715da3b0e1663d75d422f5b (diff)
parente0482103c22957b413db4c4ba35eca3b1e99751d (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Diffstat
-rw-r--r--drivers/bluetooth/Kconfig12
-rw-r--r--drivers/bluetooth/Makefile1
-rw-r--r--drivers/bluetooth/bluecard_cs.c6
-rw-r--r--drivers/bluetooth/bt3c_cs.c2
-rw-r--r--drivers/bluetooth/btmrvl_main.c8
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c3
-rw-r--r--drivers/bluetooth/btuart_cs.c2
-rw-r--r--drivers/bluetooth/dtl1_cs.c18
-rw-r--r--drivers/bluetooth/hci_h5.c747
-rw-r--r--drivers/bluetooth/hci_ldisc.c66
-rw-r--r--drivers/bluetooth/hci_uart.h10
-rw-r--r--include/net/bluetooth/hci.h11
-rw-r--r--include/net/bluetooth/hci_core.h8
-rw-r--r--include/net/bluetooth/l2cap.h5
-rw-r--r--include/net/bluetooth/mgmt.h2
-rw-r--r--net/bluetooth/a2mp.c4
-rw-r--r--net/bluetooth/hci_conn.c47
-rw-r--r--net/bluetooth/hci_core.c77
-rw-r--r--net/bluetooth/hci_event.c170
-rw-r--r--net/bluetooth/l2cap_core.c151
-rw-r--r--net/bluetooth/mgmt.c60
21 files changed, 1124 insertions, 286 deletions
diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig
index 5ccf142ef0b8..e9f203eadb1f 100644
--- a/drivers/bluetooth/Kconfig
+++ b/drivers/bluetooth/Kconfig
@@ -81,6 +81,18 @@ config BT_HCIUART_LL
81 81
82 Say Y here to compile support for HCILL protocol. 82 Say Y here to compile support for HCILL protocol.
83 83
84config BT_HCIUART_3WIRE
85 bool "Three-wire UART (H5) protocol support"
86 depends on BT_HCIUART
87 help
88 The HCI Three-wire UART Transport Layer makes it possible to
89 user the Bluetooth HCI over a serial port interface. The HCI
90 Three-wire UART Transport Layer assumes that the UART
91 communication may have bit errors, overrun errors or burst
92 errors and thereby making CTS/RTS lines unnecessary.
93
94 Say Y here to compile support for Three-wire UART protocol.
95
84config BT_HCIBCM203X 96config BT_HCIBCM203X
85 tristate "HCI BCM203x USB driver" 97 tristate "HCI BCM203x USB driver"
86 depends on USB 98 depends on USB
diff --git a/drivers/bluetooth/Makefile b/drivers/bluetooth/Makefile
index f4460f4f4b78..4afae20df512 100644
--- a/drivers/bluetooth/Makefile
+++ b/drivers/bluetooth/Makefile
@@ -28,4 +28,5 @@ hci_uart-$(CONFIG_BT_HCIUART_H4) += hci_h4.o
28hci_uart-$(CONFIG_BT_HCIUART_BCSP) += hci_bcsp.o 28hci_uart-$(CONFIG_BT_HCIUART_BCSP) += hci_bcsp.o
29hci_uart-$(CONFIG_BT_HCIUART_LL) += hci_ll.o 29hci_uart-$(CONFIG_BT_HCIUART_LL) += hci_ll.o
30hci_uart-$(CONFIG_BT_HCIUART_ATH3K) += hci_ath.o 30hci_uart-$(CONFIG_BT_HCIUART_ATH3K) += hci_ath.o
31hci_uart-$(CONFIG_BT_HCIUART_3WIRE) += hci_h5.o
31hci_uart-objs := $(hci_uart-y) 32hci_uart-objs := $(hci_uart-y)
diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c
index 585c88e01893..66c3a6770c41 100644
--- a/drivers/bluetooth/bluecard_cs.c
+++ b/drivers/bluetooth/bluecard_cs.c
@@ -621,7 +621,6 @@ static int bluecard_hci_flush(struct hci_dev *hdev)
621static int bluecard_hci_open(struct hci_dev *hdev) 621static int bluecard_hci_open(struct hci_dev *hdev)
622{ 622{
623 bluecard_info_t *info = hci_get_drvdata(hdev); 623 bluecard_info_t *info = hci_get_drvdata(hdev);
624 unsigned int iobase = info->p_dev->resource[0]->start;
625 624
626 if (test_bit(CARD_HAS_PCCARD_ID, &(info->hw_state))) 625 if (test_bit(CARD_HAS_PCCARD_ID, &(info->hw_state)))
627 bluecard_hci_set_baud_rate(hdev, DEFAULT_BAUD_RATE); 626 bluecard_hci_set_baud_rate(hdev, DEFAULT_BAUD_RATE);
@@ -630,6 +629,8 @@ static int bluecard_hci_open(struct hci_dev *hdev)
630 return 0; 629 return 0;
631 630
632 if (test_bit(CARD_HAS_PCCARD_ID, &(info->hw_state))) { 631 if (test_bit(CARD_HAS_PCCARD_ID, &(info->hw_state))) {
632 unsigned int iobase = info->p_dev->resource[0]->start;
633
633 /* Enable LED */ 634 /* Enable LED */
634 outb(0x08 | 0x20, iobase + 0x30); 635 outb(0x08 | 0x20, iobase + 0x30);
635 } 636 }
@@ -641,7 +642,6 @@ static int bluecard_hci_open(struct hci_dev *hdev)
641static int bluecard_hci_close(struct hci_dev *hdev) 642static int bluecard_hci_close(struct hci_dev *hdev)
642{ 643{
643 bluecard_info_t *info = hci_get_drvdata(hdev); 644 bluecard_info_t *info = hci_get_drvdata(hdev);
644 unsigned int iobase = info->p_dev->resource[0]->start;
645 645
646 if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags))) 646 if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
647 return 0; 647 return 0;
@@ -649,6 +649,8 @@ static int bluecard_hci_close(struct hci_dev *hdev)
649 bluecard_hci_flush(hdev); 649 bluecard_hci_flush(hdev);
650 650
651 if (test_bit(CARD_HAS_PCCARD_ID, &(info->hw_state))) { 651 if (test_bit(CARD_HAS_PCCARD_ID, &(info->hw_state))) {
652 unsigned int iobase = info->p_dev->resource[0]->start;
653
652 /* Disable LED */ 654 /* Disable LED */
653 outb(0x00, iobase + 0x30); 655 outb(0x00, iobase + 0x30);
654 } 656 }
diff --git a/drivers/bluetooth/bt3c_cs.c b/drivers/bluetooth/bt3c_cs.c
index b2b0fbbb43b5..8925b6d672a6 100644
--- a/drivers/bluetooth/bt3c_cs.c
+++ b/drivers/bluetooth/bt3c_cs.c
@@ -664,7 +664,7 @@ static int bt3c_check_config(struct pcmcia_device *p_dev, void *priv_data)
664{ 664{
665 int *try = priv_data; 665 int *try = priv_data;
666 666
667 if (try == 0) 667 if (!try)
668 p_dev->io_lines = 16; 668 p_dev->io_lines = 16;
669 669
670 if ((p_dev->resource[0]->end != 8) || (p_dev->resource[0]->start == 0)) 670 if ((p_dev->resource[0]->end != 8) || (p_dev->resource[0]->start == 0))
diff --git a/drivers/bluetooth/btmrvl_main.c b/drivers/bluetooth/btmrvl_main.c
index dc304def8400..3a4343b3bd6d 100644
--- a/drivers/bluetooth/btmrvl_main.c
+++ b/drivers/bluetooth/btmrvl_main.c
@@ -47,10 +47,11 @@ EXPORT_SYMBOL_GPL(btmrvl_interrupt);
47bool btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb) 47bool btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb)
48{ 48{
49 struct hci_event_hdr *hdr = (void *) skb->data; 49 struct hci_event_hdr *hdr = (void *) skb->data;
50 struct hci_ev_cmd_complete *ec;
51 u16 opcode, ocf, ogf;
52 50
53 if (hdr->evt == HCI_EV_CMD_COMPLETE) { 51 if (hdr->evt == HCI_EV_CMD_COMPLETE) {
52 struct hci_ev_cmd_complete *ec;
53 u16 opcode, ocf, ogf;
54
54 ec = (void *) (skb->data + HCI_EVENT_HDR_SIZE); 55 ec = (void *) (skb->data + HCI_EVENT_HDR_SIZE);
55 opcode = __le16_to_cpu(ec->opcode); 56 opcode = __le16_to_cpu(ec->opcode);
56 ocf = hci_opcode_ocf(opcode); 57 ocf = hci_opcode_ocf(opcode);
@@ -64,7 +65,8 @@ bool btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb)
64 } 65 }
65 66
66 if (ogf == OGF) { 67 if (ogf == OGF) {
67 BT_DBG("vendor event skipped: ogf 0x%4.4x", ogf); 68 BT_DBG("vendor event skipped: ogf 0x%4.4x ocf 0x%4.4x",
69 ogf, ocf);
68 kfree_skb(skb); 70 kfree_skb(skb);
69 return false; 71 return false;
70 } 72 }
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
index cf7588edba0d..6a9e9717d3ab 100644
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -568,8 +568,9 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
568 if (type == HCI_EVENT_PKT) { 568 if (type == HCI_EVENT_PKT) {
569 if (btmrvl_check_evtpkt(priv, skb)) 569 if (btmrvl_check_evtpkt(priv, skb))
570 hci_recv_frame(skb); 570 hci_recv_frame(skb);
571 } else 571 } else {
572 hci_recv_frame(skb); 572 hci_recv_frame(skb);
573 }
573 574
574 hdev->stat.byte_rx += buf_len; 575 hdev->stat.byte_rx += buf_len;
575 break; 576 break;
diff --git a/drivers/bluetooth/btuart_cs.c b/drivers/bluetooth/btuart_cs.c
index 65b8d996840c..21e803a6a281 100644
--- a/drivers/bluetooth/btuart_cs.c
+++ b/drivers/bluetooth/btuart_cs.c
@@ -593,7 +593,7 @@ static int btuart_check_config(struct pcmcia_device *p_dev, void *priv_data)
593{ 593{
594 int *try = priv_data; 594 int *try = priv_data;
595 595
596 if (try == 0) 596 if (!try)
597 p_dev->io_lines = 16; 597 p_dev->io_lines = 16;
598 598
599 if ((p_dev->resource[0]->end != 8) || (p_dev->resource[0]->start == 0)) 599 if ((p_dev->resource[0]->end != 8) || (p_dev->resource[0]->start == 0))
diff --git a/drivers/bluetooth/dtl1_cs.c b/drivers/bluetooth/dtl1_cs.c
index b1b37ccd3cd4..97a7784db4a2 100644
--- a/drivers/bluetooth/dtl1_cs.c
+++ b/drivers/bluetooth/dtl1_cs.c
@@ -586,29 +586,31 @@ static int dtl1_confcheck(struct pcmcia_device *p_dev, void *priv_data)
586static int dtl1_config(struct pcmcia_device *link) 586static int dtl1_config(struct pcmcia_device *link)
587{ 587{
588 dtl1_info_t *info = link->priv; 588 dtl1_info_t *info = link->priv;
589 int i; 589 int ret;
590 590
591 /* Look for a generic full-sized window */ 591 /* Look for a generic full-sized window */
592 link->resource[0]->end = 8; 592 link->resource[0]->end = 8;
593 if (pcmcia_loop_config(link, dtl1_confcheck, NULL) < 0) 593 ret = pcmcia_loop_config(link, dtl1_confcheck, NULL);
594 if (ret)
594 goto failed; 595 goto failed;
595 596
596 i = pcmcia_request_irq(link, dtl1_interrupt); 597 ret = pcmcia_request_irq(link, dtl1_interrupt);
597 if (i != 0) 598 if (ret)
598 goto failed; 599 goto failed;
599 600
600 i = pcmcia_enable_device(link); 601 ret = pcmcia_enable_device(link);
601 if (i != 0) 602 if (ret)
602 goto failed; 603 goto failed;
603 604
604 if (dtl1_open(info) != 0) 605 ret = dtl1_open(info);
606 if (ret)
605 goto failed; 607 goto failed;
606 608
607 return 0; 609 return 0;
608 610
609failed: 611failed:
610 dtl1_detach(link); 612 dtl1_detach(link);
611 return -ENODEV; 613 return ret;
612} 614}
613 615
614static const struct pcmcia_device_id dtl1_ids[] = { 616static const struct pcmcia_device_id dtl1_ids[] = {
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
new file mode 100644
index 000000000000..b6154d5a07a5
--- /dev/null
+++ b/drivers/bluetooth/hci_h5.c
@@ -0,0 +1,747 @@
1/*
2 *
3 * Bluetooth HCI Three-wire UART driver
4 *
5 * Copyright (C) 2012 Intel Corporation
6 *
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 *
22 */
23
24#include <linux/kernel.h>
25#include <linux/errno.h>
26#include <linux/skbuff.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30
31#include "hci_uart.h"
32
33#define HCI_3WIRE_ACK_PKT 0
34#define HCI_3WIRE_LINK_PKT 15
35
36/* Sliding window size */
37#define H5_TX_WIN_MAX 4
38
39#define H5_ACK_TIMEOUT msecs_to_jiffies(250)
40#define H5_SYNC_TIMEOUT msecs_to_jiffies(100)
41
42/*
43 * Maximum Three-wire packet:
44 * 4 byte header + max value for 12-bit length + 2 bytes for CRC
45 */
46#define H5_MAX_LEN (4 + 0xfff + 2)
47
48/* Convenience macros for reading Three-wire header values */
49#define H5_HDR_SEQ(hdr) ((hdr)[0] & 0x07)
50#define H5_HDR_ACK(hdr) (((hdr)[0] >> 3) & 0x07)
51#define H5_HDR_CRC(hdr) (((hdr)[0] >> 6) & 0x01)
52#define H5_HDR_RELIABLE(hdr) (((hdr)[0] >> 7) & 0x01)
53#define H5_HDR_PKT_TYPE(hdr) ((hdr)[1] & 0x0f)
54#define H5_HDR_LEN(hdr) ((((hdr)[1] >> 4) & 0xff) + ((hdr)[2] << 4))
55
56#define SLIP_DELIMITER 0xc0
57#define SLIP_ESC 0xdb
58#define SLIP_ESC_DELIM 0xdc
59#define SLIP_ESC_ESC 0xdd
60
61/* H5 state flags */
62enum {
63 H5_RX_ESC, /* SLIP escape mode */
64 H5_TX_ACK_REQ, /* Pending ack to send */
65};
66
67struct h5 {
68 struct sk_buff_head unack; /* Unack'ed packets queue */
69 struct sk_buff_head rel; /* Reliable packets queue */
70 struct sk_buff_head unrel; /* Unreliable packets queue */
71
72 unsigned long flags;
73
74 struct sk_buff *rx_skb; /* Receive buffer */
75 size_t rx_pending; /* Expecting more bytes */
76 u8 rx_ack; /* Last ack number received */
77
78 int (*rx_func) (struct hci_uart *hu, u8 c);
79
80 struct timer_list timer; /* Retransmission timer */
81
82 u8 tx_seq; /* Next seq number to send */
83 u8 tx_ack; /* Next ack number to send */
84 u8 tx_win; /* Sliding window size */
85
86 enum {
87 H5_UNINITIALIZED,
88 H5_INITIALIZED,
89 H5_ACTIVE,
90 } state;
91
92 enum {
93 H5_AWAKE,
94 H5_SLEEPING,
95 H5_WAKING_UP,
96 } sleep;
97};
98
99static void h5_reset_rx(struct h5 *h5);
100
101static void h5_link_control(struct hci_uart *hu, const void *data, size_t len)
102{
103 struct h5 *h5 = hu->priv;
104 struct sk_buff *nskb;
105
106 nskb = alloc_skb(3, GFP_ATOMIC);
107 if (!nskb)
108 return;
109
110 bt_cb(nskb)->pkt_type = HCI_3WIRE_LINK_PKT;
111
112 memcpy(skb_put(nskb, len), data, len);
113
114 skb_queue_tail(&h5->unrel, nskb);
115}
116
117static u8 h5_cfg_field(struct h5 *h5)
118{
119 u8 field = 0;
120
121 /* Sliding window size (first 3 bits) */
122 field |= (h5->tx_win & 7);
123
124 return field;
125}
126
127static void h5_timed_event(unsigned long arg)
128{
129 const unsigned char sync_req[] = { 0x01, 0x7e };
130 unsigned char conf_req[] = { 0x03, 0xfc, 0x01 };
131 struct hci_uart *hu = (struct hci_uart *) arg;
132 struct h5 *h5 = hu->priv;
133 struct sk_buff *skb;
134 unsigned long flags;
135
136 BT_DBG("%s", hu->hdev->name);
137
138 if (h5->state == H5_UNINITIALIZED)
139 h5_link_control(hu, sync_req, sizeof(sync_req));
140
141 if (h5->state == H5_INITIALIZED) {
142 conf_req[2] = h5_cfg_field(h5);
143 h5_link_control(hu, conf_req, sizeof(conf_req));
144 }
145
146 if (h5->state != H5_ACTIVE) {
147 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
148 goto wakeup;
149 }
150
151 if (h5->sleep != H5_AWAKE) {
152 h5->sleep = H5_SLEEPING;
153 goto wakeup;
154 }
155
156 BT_DBG("hu %p retransmitting %u pkts", hu, h5->unack.qlen);
157
158 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
159
160 while ((skb = __skb_dequeue_tail(&h5->unack)) != NULL) {
161 h5->tx_seq = (h5->tx_seq - 1) & 0x07;
162 skb_queue_head(&h5->rel, skb);
163 }
164
165 spin_unlock_irqrestore(&h5->unack.lock, flags);
166
167wakeup:
168 hci_uart_tx_wakeup(hu);
169}
170
171static int h5_open(struct hci_uart *hu)
172{
173 struct h5 *h5;
174 const unsigned char sync[] = { 0x01, 0x7e };
175
176 BT_DBG("hu %p", hu);
177
178 h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
179 if (!h5)
180 return -ENOMEM;
181
182 hu->priv = h5;
183
184 skb_queue_head_init(&h5->unack);
185 skb_queue_head_init(&h5->rel);
186 skb_queue_head_init(&h5->unrel);
187
188 h5_reset_rx(h5);
189
190 init_timer(&h5->timer);
191 h5->timer.function = h5_timed_event;
192 h5->timer.data = (unsigned long) hu;
193
194 h5->tx_win = H5_TX_WIN_MAX;
195
196 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
197
198 /* Send initial sync request */
199 h5_link_control(hu, sync, sizeof(sync));
200 mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT);
201
202 return 0;
203}
204
205static int h5_close(struct hci_uart *hu)
206{
207 struct h5 *h5 = hu->priv;
208
209 skb_queue_purge(&h5->unack);
210 skb_queue_purge(&h5->rel);
211 skb_queue_purge(&h5->unrel);
212
213 del_timer(&h5->timer);
214
215 kfree(h5);
216
217 return 0;
218}
219
220static void h5_pkt_cull(struct h5 *h5)
221{
222 struct sk_buff *skb, *tmp;
223 unsigned long flags;
224 int i, to_remove;
225 u8 seq;
226
227 spin_lock_irqsave(&h5->unack.lock, flags);
228
229 to_remove = skb_queue_len(&h5->unack);
230 if (to_remove == 0)
231 goto unlock;
232
233 seq = h5->tx_seq;
234
235 while (to_remove > 0) {
236 if (h5->rx_ack == seq)
237 break;
238
239 to_remove--;
240 seq = (seq - 1) % 8;
241 }
242
243 if (seq != h5->rx_ack)
244 BT_ERR("Controller acked invalid packet");
245
246 i = 0;
247 skb_queue_walk_safe(&h5->unack, skb, tmp) {
248 if (i++ >= to_remove)
249 break;
250
251 __skb_unlink(skb, &h5->unack);
252 kfree_skb(skb);
253 }
254
255 if (skb_queue_empty(&h5->unack))
256 del_timer(&h5->timer);
257
258unlock:
259 spin_unlock_irqrestore(&h5->unack.lock, flags);
260}
261
262static void h5_handle_internal_rx(struct hci_uart *hu)
263{
264 struct h5 *h5 = hu->priv;
265 const unsigned char sync_req[] = { 0x01, 0x7e };
266 const unsigned char sync_rsp[] = { 0x02, 0x7d };
267 unsigned char conf_req[] = { 0x03, 0xfc, 0x01 };
268 const unsigned char conf_rsp[] = { 0x04, 0x7b };
269 const unsigned char wakeup_req[] = { 0x05, 0xfa };
270 const unsigned char woken_req[] = { 0x06, 0xf9 };
271 const unsigned char sleep_req[] = { 0x07, 0x78 };
272 const unsigned char *hdr = h5->rx_skb->data;
273 const unsigned char *data = &h5->rx_skb->data[4];
274
275 BT_DBG("%s", hu->hdev->name);
276
277 if (H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT)
278 return;
279
280 if (H5_HDR_LEN(hdr) < 2)
281 return;
282
283 conf_req[2] = h5_cfg_field(h5);
284
285 if (memcmp(data, sync_req, 2) == 0) {
286 h5_link_control(hu, sync_rsp, 2);
287 } else if (memcmp(data, sync_rsp, 2) == 0) {
288 h5->state = H5_INITIALIZED;
289 h5_link_control(hu, conf_req, 3);
290 } else if (memcmp(data, conf_req, 2) == 0) {
291 h5_link_control(hu, conf_rsp, 2);
292 h5_link_control(hu, conf_req, 3);
293 } else if (memcmp(data, conf_rsp, 2) == 0) {
294 if (H5_HDR_LEN(hdr) > 2)
295 h5->tx_win = (data[2] & 7);
296 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win);
297 h5->state = H5_ACTIVE;
298 hci_uart_init_ready(hu);
299 return;
300 } else if (memcmp(data, sleep_req, 2) == 0) {
301 BT_DBG("Peer went to sleep");
302 h5->sleep = H5_SLEEPING;
303 return;
304 } else if (memcmp(data, woken_req, 2) == 0) {
305 BT_DBG("Peer woke up");
306 h5->sleep = H5_AWAKE;
307 } else if (memcmp(data, wakeup_req, 2) == 0) {
308 BT_DBG("Peer requested wakeup");
309 h5_link_control(hu, woken_req, 2);
310 h5->sleep = H5_AWAKE;
311 } else {
312 BT_DBG("Link Control: 0x%02hhx 0x%02hhx", data[0], data[1]);
313 return;
314 }
315
316 hci_uart_tx_wakeup(hu);
317}
318
319static void h5_complete_rx_pkt(struct hci_uart *hu)
320{
321 struct h5 *h5 = hu->priv;
322 const unsigned char *hdr = h5->rx_skb->data;
323
324 if (H5_HDR_RELIABLE(hdr)) {
325 h5->tx_ack = (h5->tx_ack + 1) % 8;
326 set_bit(H5_TX_ACK_REQ, &h5->flags);
327 hci_uart_tx_wakeup(hu);
328 }
329
330 h5->rx_ack = H5_HDR_ACK(hdr);
331
332 h5_pkt_cull(h5);
333
334 switch (H5_HDR_PKT_TYPE(hdr)) {
335 case HCI_EVENT_PKT:
336 case HCI_ACLDATA_PKT:
337 case HCI_SCODATA_PKT:
338 bt_cb(h5->rx_skb)->pkt_type = H5_HDR_PKT_TYPE(hdr);
339
340 /* Remove Three-wire header */
341 skb_pull(h5->rx_skb, 4);
342
343 hci_recv_frame(h5->rx_skb);
344 h5->rx_skb = NULL;
345
346 break;
347
348 default:
349 h5_handle_internal_rx(hu);
350 break;
351 }
352
353 h5_reset_rx(h5);
354}
355
356static int h5_rx_crc(struct hci_uart *hu, unsigned char c)
357{
358 struct h5 *h5 = hu->priv;
359
360 h5_complete_rx_pkt(hu);
361 h5_reset_rx(h5);
362
363 return 0;
364}
365
366static int h5_rx_payload(struct hci_uart *hu, unsigned char c)
367{
368 struct h5 *h5 = hu->priv;
369 const unsigned char *hdr = h5->rx_skb->data;
370
371 if (H5_HDR_CRC(hdr)) {
372 h5->rx_func = h5_rx_crc;
373 h5->rx_pending = 2;
374 } else {
375 h5_complete_rx_pkt(hu);
376 h5_reset_rx(h5);
377 }
378
379 return 0;
380}
381
382static int h5_rx_3wire_hdr(struct hci_uart *hu, unsigned char c)
383{
384 struct h5 *h5 = hu->priv;
385 const unsigned char *hdr = h5->rx_skb->data;
386
387 BT_DBG("%s rx: seq %u ack %u crc %u rel %u type %u len %u",
388 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
389 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
390 H5_HDR_LEN(hdr));
391
392 if (((hdr[0] + hdr[1] + hdr[2] + hdr[3]) & 0xff) != 0xff) {
393 BT_ERR("Invalid header checksum");
394 h5_reset_rx(h5);
395 return 0;
396 }
397
398 if (H5_HDR_RELIABLE(hdr) && H5_HDR_SEQ(hdr) != h5->tx_ack) {
399 BT_ERR("Out-of-order packet arrived (%u != %u)",
400 H5_HDR_SEQ(hdr), h5->tx_ack);
401 h5_reset_rx(h5);
402 return 0;
403 }
404
405 if (h5->state != H5_ACTIVE &&
406 H5_HDR_PKT_TYPE(hdr) != HCI_3WIRE_LINK_PKT) {
407 BT_ERR("Non-link packet received in non-active state");
408 h5_reset_rx(h5);
409 }
410
411 h5->rx_func = h5_rx_payload;
412 h5->rx_pending = H5_HDR_LEN(hdr);
413
414 return 0;
415}
416
417static int h5_rx_pkt_start(struct hci_uart *hu, unsigned char c)
418{
419 struct h5 *h5 = hu->priv;
420
421 if (c == SLIP_DELIMITER)
422 return 1;
423
424 h5->rx_func = h5_rx_3wire_hdr;
425 h5->rx_pending = 4;
426
427 h5->rx_skb = bt_skb_alloc(H5_MAX_LEN, GFP_ATOMIC);
428 if (!h5->rx_skb) {
429 BT_ERR("Can't allocate mem for new packet");
430 h5_reset_rx(h5);
431 return -ENOMEM;
432 }
433
434 h5->rx_skb->dev = (void *) hu->hdev;
435
436 return 0;
437}
438
439static int h5_rx_delimiter(struct hci_uart *hu, unsigned char c)
440{
441 struct h5 *h5 = hu->priv;
442
443 if (c == SLIP_DELIMITER)
444 h5->rx_func = h5_rx_pkt_start;
445
446 return 1;
447}
448
449static void h5_unslip_one_byte(struct h5 *h5, unsigned char c)
450{
451 const u8 delim = SLIP_DELIMITER, esc = SLIP_ESC;
452 const u8 *byte = &c;
453
454 if (!test_bit(H5_RX_ESC, &h5->flags) && c == SLIP_ESC) {
455 set_bit(H5_RX_ESC, &h5->flags);
456 return;
457 }
458
459 if (test_and_clear_bit(H5_RX_ESC, &h5->flags)) {
460 switch (c) {
461 case SLIP_ESC_DELIM:
462 byte = &delim;
463 break;
464 case SLIP_ESC_ESC:
465 byte = &esc;
466 break;
467 default:
468 BT_ERR("Invalid esc byte 0x%02hhx", c);
469 h5_reset_rx(h5);
470 return;
471 }
472 }
473
474 memcpy(skb_put(h5->rx_skb, 1), byte, 1);
475 h5->rx_pending--;
476
477 BT_DBG("unsliped 0x%02hhx, rx_pending %zu", *byte, h5->rx_pending);
478}
479
480static void h5_reset_rx(struct h5 *h5)
481{
482 if (h5->rx_skb) {
483 kfree_skb(h5->rx_skb);
484 h5->rx_skb = NULL;
485 }
486
487 h5->rx_func = h5_rx_delimiter;
488 h5->rx_pending = 0;
489 clear_bit(H5_RX_ESC, &h5->flags);
490}
491
492static int h5_recv(struct hci_uart *hu, void *data, int count)
493{
494 struct h5 *h5 = hu->priv;
495 unsigned char *ptr = data;
496
497 BT_DBG("%s pending %zu count %d", hu->hdev->name, h5->rx_pending,
498 count);
499
500 while (count > 0) {
501 int processed;
502
503 if (h5->rx_pending > 0) {
504 if (*ptr == SLIP_DELIMITER) {
505 BT_ERR("Too short H5 packet");
506 h5_reset_rx(h5);
507 continue;
508 }
509
510 h5_unslip_one_byte(h5, *ptr);
511
512 ptr++; count--;
513 continue;
514 }
515
516 processed = h5->rx_func(hu, *ptr);
517 if (processed < 0)
518 return processed;
519
520 ptr += processed;
521 count -= processed;
522 }
523
524 return 0;
525}
526
527static int h5_enqueue(struct hci_uart *hu, struct sk_buff *skb)
528{
529 struct h5 *h5 = hu->priv;
530
531 if (skb->len > 0xfff) {
532 BT_ERR("Packet too long (%u bytes)", skb->len);
533 kfree_skb(skb);
534 return 0;
535 }
536
537 if (h5->state != H5_ACTIVE) {
538 BT_ERR("Ignoring HCI data in non-active state");
539 kfree_skb(skb);
540 return 0;
541 }
542
543 switch (bt_cb(skb)->pkt_type) {
544 case HCI_ACLDATA_PKT:
545 case HCI_COMMAND_PKT:
546 skb_queue_tail(&h5->rel, skb);
547 break;
548
549 case HCI_SCODATA_PKT:
550 skb_queue_tail(&h5->unrel, skb);
551 break;
552
553 default:
554 BT_ERR("Unknown packet type %u", bt_cb(skb)->pkt_type);
555 kfree_skb(skb);
556 break;
557 }
558
559 return 0;
560}
561
562static void h5_slip_delim(struct sk_buff *skb)
563{
564 const char delim = SLIP_DELIMITER;
565
566 memcpy(skb_put(skb, 1), &delim, 1);
567}
568
569static void h5_slip_one_byte(struct sk_buff *skb, u8 c)
570{
571 const char esc_delim[2] = { SLIP_ESC, SLIP_ESC_DELIM };
572 const char esc_esc[2] = { SLIP_ESC, SLIP_ESC_ESC };
573
574 switch (c) {
575 case SLIP_DELIMITER:
576 memcpy(skb_put(skb, 2), &esc_delim, 2);
577 break;
578 case SLIP_ESC:
579 memcpy(skb_put(skb, 2), &esc_esc, 2);
580 break;
581 default:
582 memcpy(skb_put(skb, 1), &c, 1);
583 }
584}
585
586static bool valid_packet_type(u8 type)
587{
588 switch (type) {
589 case HCI_ACLDATA_PKT:
590 case HCI_COMMAND_PKT:
591 case HCI_SCODATA_PKT:
592 case HCI_3WIRE_LINK_PKT:
593 case HCI_3WIRE_ACK_PKT:
594 return true;
595 default:
596 return false;
597 }
598}
599
600static struct sk_buff *h5_prepare_pkt(struct hci_uart *hu, u8 pkt_type,
601 const u8 *data, size_t len)
602{
603 struct h5 *h5 = hu->priv;
604 struct sk_buff *nskb;
605 u8 hdr[4];
606 int i;
607
608 if (!valid_packet_type(pkt_type)) {
609 BT_ERR("Unknown packet type %u", pkt_type);
610 return NULL;
611 }
612
613 /*
614 * Max len of packet: (original len + 4 (H5 hdr) + 2 (crc)) * 2
615 * (because bytes 0xc0 and 0xdb are escaped, worst case is when
616 * the packet is all made of 0xc0 and 0xdb) + 2 (0xc0
617 * delimiters at start and end).
618 */
619 nskb = alloc_skb((len + 6) * 2 + 2, GFP_ATOMIC);
620 if (!nskb)
621 return NULL;
622
623 bt_cb(nskb)->pkt_type = pkt_type;
624
625 h5_slip_delim(nskb);
626
627 hdr[0] = h5->tx_ack << 3;
628 clear_bit(H5_TX_ACK_REQ, &h5->flags);
629
630 /* Reliable packet? */
631 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) {
632 hdr[0] |= 1 << 7;
633 hdr[0] |= h5->tx_seq;
634 h5->tx_seq = (h5->tx_seq + 1) % 8;
635 }
636
637 hdr[1] = pkt_type | ((len & 0x0f) << 4);
638 hdr[2] = len >> 4;
639 hdr[3] = ~((hdr[0] + hdr[1] + hdr[2]) & 0xff);
640
641 BT_DBG("%s tx: seq %u ack %u crc %u rel %u type %u len %u",
642 hu->hdev->name, H5_HDR_SEQ(hdr), H5_HDR_ACK(hdr),
643 H5_HDR_CRC(hdr), H5_HDR_RELIABLE(hdr), H5_HDR_PKT_TYPE(hdr),
644 H5_HDR_LEN(hdr));
645
646 for (i = 0; i < 4; i++)
647 h5_slip_one_byte(nskb, hdr[i]);
648
649 for (i = 0; i < len; i++)
650 h5_slip_one_byte(nskb, data[i]);
651
652 h5_slip_delim(nskb);
653
654 return nskb;
655}
656
657static struct sk_buff *h5_dequeue(struct hci_uart *hu)
658{
659 struct h5 *h5 = hu->priv;
660 unsigned long flags;
661 struct sk_buff *skb, *nskb;
662
663 if (h5->sleep != H5_AWAKE) {
664 const unsigned char wakeup_req[] = { 0x05, 0xfa };
665
666 if (h5->sleep == H5_WAKING_UP)
667 return NULL;
668
669 h5->sleep = H5_WAKING_UP;
670 BT_DBG("Sending wakeup request");
671
672 mod_timer(&h5->timer, jiffies + HZ / 100);
673 return h5_prepare_pkt(hu, HCI_3WIRE_LINK_PKT, wakeup_req, 2);
674 }
675
676 if ((skb = skb_dequeue(&h5->unrel)) != NULL) {
677 nskb = h5_prepare_pkt(hu, bt_cb(skb)->pkt_type,
678 skb->data, skb->len);
679 if (nskb) {
680 kfree_skb(skb);
681 return nskb;
682 }
683
684 skb_queue_head(&h5->unrel, skb);
685 BT_ERR("Could not dequeue pkt because alloc_skb failed");
686 }
687
688 spin_lock_irqsave_nested(&h5->unack.lock, flags, SINGLE_DEPTH_NESTING);
689
690 if (h5->unack.qlen >= h5->tx_win)
691 goto unlock;
692
693 if ((skb = skb_dequeue(&h5->rel)) != NULL) {
694 nskb = h5_prepare_pkt(hu, bt_cb(skb)->pkt_type,
695 skb->data, skb->len);
696 if (nskb) {
697 __skb_queue_tail(&h5->unack, skb);
698 mod_timer(&h5->timer, jiffies + H5_ACK_TIMEOUT);
699 spin_unlock_irqrestore(&h5->unack.lock, flags);
700 return nskb;
701 }
702
703 skb_queue_head(&h5->rel, skb);
704 BT_ERR("Could not dequeue pkt because alloc_skb failed");
705 }
706
707unlock:
708 spin_unlock_irqrestore(&h5->unack.lock, flags);
709
710 if (test_bit(H5_TX_ACK_REQ, &h5->flags))
711 return h5_prepare_pkt(hu, HCI_3WIRE_ACK_PKT, NULL, 0);
712
713 return NULL;
714}
715
716static int h5_flush(struct hci_uart *hu)
717{
718 BT_DBG("hu %p", hu);
719 return 0;
720}
721
722static struct hci_uart_proto h5p = {
723 .id = HCI_UART_3WIRE,
724 .open = h5_open,
725 .close = h5_close,
726 .recv = h5_recv,
727 .enqueue = h5_enqueue,
728 .dequeue = h5_dequeue,
729 .flush = h5_flush,
730};
731
732int __init h5_init(void)
733{
734 int err = hci_uart_register_proto(&h5p);
735
736 if (!err)
737 BT_INFO("HCI Three-wire UART (H5) protocol initialized");
738 else
739 BT_ERR("HCI Three-wire UART (H5) protocol init failed");
740
741 return err;
742}
743
744int __exit h5_deinit(void)
745{
746 return hci_uart_unregister_proto(&h5p);
747}
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index 2f9b796e106e..74e0966b3ead 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -156,6 +156,35 @@ restart:
156 return 0; 156 return 0;
157} 157}
158 158
159static void hci_uart_init_work(struct work_struct *work)
160{
161 struct hci_uart *hu = container_of(work, struct hci_uart, init_ready);
162 int err;
163
164 if (!test_and_clear_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
165 return;
166
167 err = hci_register_dev(hu->hdev);
168 if (err < 0) {
169 BT_ERR("Can't register HCI device");
170 hci_free_dev(hu->hdev);
171 hu->hdev = NULL;
172 hu->proto->close(hu);
173 }
174
175 set_bit(HCI_UART_REGISTERED, &hu->flags);
176}
177
178int hci_uart_init_ready(struct hci_uart *hu)
179{
180 if (!test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
181 return -EALREADY;
182
183 schedule_work(&hu->init_ready);
184
185 return 0;
186}
187
159/* ------- Interface to HCI layer ------ */ 188/* ------- Interface to HCI layer ------ */
160/* Initialize device */ 189/* Initialize device */
161static int hci_uart_open(struct hci_dev *hdev) 190static int hci_uart_open(struct hci_dev *hdev)
@@ -264,6 +293,8 @@ static int hci_uart_tty_open(struct tty_struct *tty)
264 hu->tty = tty; 293 hu->tty = tty;
265 tty->receive_room = 65536; 294 tty->receive_room = 65536;
266 295
296 INIT_WORK(&hu->init_ready, hci_uart_init_work);
297
267 spin_lock_init(&hu->rx_lock); 298 spin_lock_init(&hu->rx_lock);
268 299
269 /* Flush any pending characters in the driver and line discipline. */ 300 /* Flush any pending characters in the driver and line discipline. */
@@ -286,28 +317,30 @@ static int hci_uart_tty_open(struct tty_struct *tty)
286static void hci_uart_tty_close(struct tty_struct *tty) 317static void hci_uart_tty_close(struct tty_struct *tty)
287{ 318{
288 struct hci_uart *hu = (void *)tty->disc_data; 319 struct hci_uart *hu = (void *)tty->disc_data;
320 struct hci_dev *hdev;
289 321
290 BT_DBG("tty %p", tty); 322 BT_DBG("tty %p", tty);
291 323
292 /* Detach from the tty */ 324 /* Detach from the tty */
293 tty->disc_data = NULL; 325 tty->disc_data = NULL;
294 326
295 if (hu) { 327 if (!hu)
296 struct hci_dev *hdev = hu->hdev; 328 return;
297 329
298 if (hdev) 330 hdev = hu->hdev;
299 hci_uart_close(hdev); 331 if (hdev)
332 hci_uart_close(hdev);
300 333
301 if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) { 334 if (test_and_clear_bit(HCI_UART_PROTO_SET, &hu->flags)) {
302 if (hdev) { 335 if (hdev) {
336 if (test_bit(HCI_UART_REGISTERED, &hu->flags))
303 hci_unregister_dev(hdev); 337 hci_unregister_dev(hdev);
304 hci_free_dev(hdev); 338 hci_free_dev(hdev);
305 }
306 hu->proto->close(hu);
307 } 339 }
308 340 hu->proto->close(hu);
309 kfree(hu);
310 } 341 }
342
343 kfree(hu);
311} 344}
312 345
313/* hci_uart_tty_wakeup() 346/* hci_uart_tty_wakeup()
@@ -401,12 +434,17 @@ static int hci_uart_register_dev(struct hci_uart *hu)
401 else 434 else
402 hdev->dev_type = HCI_BREDR; 435 hdev->dev_type = HCI_BREDR;
403 436
437 if (test_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags))
438 return 0;
439
404 if (hci_register_dev(hdev) < 0) { 440 if (hci_register_dev(hdev) < 0) {
405 BT_ERR("Can't register HCI device"); 441 BT_ERR("Can't register HCI device");
406 hci_free_dev(hdev); 442 hci_free_dev(hdev);
407 return -ENODEV; 443 return -ENODEV;
408 } 444 }
409 445
446 set_bit(HCI_UART_REGISTERED, &hu->flags);
447
410 return 0; 448 return 0;
411} 449}
412 450
@@ -558,6 +596,9 @@ static int __init hci_uart_init(void)
558#ifdef CONFIG_BT_HCIUART_ATH3K 596#ifdef CONFIG_BT_HCIUART_ATH3K
559 ath_init(); 597 ath_init();
560#endif 598#endif
599#ifdef CONFIG_BT_HCIUART_3WIRE
600 h5_init();
601#endif
561 602
562 return 0; 603 return 0;
563} 604}
@@ -578,6 +619,9 @@ static void __exit hci_uart_exit(void)
578#ifdef CONFIG_BT_HCIUART_ATH3K 619#ifdef CONFIG_BT_HCIUART_ATH3K
579 ath_deinit(); 620 ath_deinit();
580#endif 621#endif
622#ifdef CONFIG_BT_HCIUART_3WIRE
623 h5_deinit();
624#endif
581 625
582 /* Release tty registration of line discipline */ 626 /* Release tty registration of line discipline */
583 if ((err = tty_unregister_ldisc(N_HCI))) 627 if ((err = tty_unregister_ldisc(N_HCI)))
diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h
index 6cf6ab22ad21..fffa61ff5cb1 100644
--- a/drivers/bluetooth/hci_uart.h
+++ b/drivers/bluetooth/hci_uart.h
@@ -47,6 +47,7 @@
47#define HCI_UART_RAW_DEVICE 0 47#define HCI_UART_RAW_DEVICE 0
48#define HCI_UART_RESET_ON_INIT 1 48#define HCI_UART_RESET_ON_INIT 1
49#define HCI_UART_CREATE_AMP 2 49#define HCI_UART_CREATE_AMP 2
50#define HCI_UART_INIT_PENDING 3
50 51
51struct hci_uart; 52struct hci_uart;
52 53
@@ -66,6 +67,8 @@ struct hci_uart {
66 unsigned long flags; 67 unsigned long flags;
67 unsigned long hdev_flags; 68 unsigned long hdev_flags;
68 69
70 struct work_struct init_ready;
71
69 struct hci_uart_proto *proto; 72 struct hci_uart_proto *proto;
70 void *priv; 73 void *priv;
71 74
@@ -76,6 +79,7 @@ struct hci_uart {
76 79
77/* HCI_UART proto flag bits */ 80/* HCI_UART proto flag bits */
78#define HCI_UART_PROTO_SET 0 81#define HCI_UART_PROTO_SET 0
82#define HCI_UART_REGISTERED 1
79 83
80/* TX states */ 84/* TX states */
81#define HCI_UART_SENDING 1 85#define HCI_UART_SENDING 1
@@ -84,6 +88,7 @@ struct hci_uart {
84int hci_uart_register_proto(struct hci_uart_proto *p); 88int hci_uart_register_proto(struct hci_uart_proto *p);
85int hci_uart_unregister_proto(struct hci_uart_proto *p); 89int hci_uart_unregister_proto(struct hci_uart_proto *p);
86int hci_uart_tx_wakeup(struct hci_uart *hu); 90int hci_uart_tx_wakeup(struct hci_uart *hu);
91int hci_uart_init_ready(struct hci_uart *hu);
87 92
88#ifdef CONFIG_BT_HCIUART_H4 93#ifdef CONFIG_BT_HCIUART_H4
89int h4_init(void); 94int h4_init(void);
@@ -104,3 +109,8 @@ int ll_deinit(void);
104int ath_init(void); 109int ath_init(void);
105int ath_deinit(void); 110int ath_deinit(void);
106#endif 111#endif
112
113#ifdef CONFIG_BT_HCIUART_3WIRE
114int h5_init(void);
115int h5_deinit(void);
116#endif
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 2a6b0b8b7120..ccd723e0f783 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -139,11 +139,12 @@ enum {
139#define HCIINQUIRY _IOR('H', 240, int) 139#define HCIINQUIRY _IOR('H', 240, int)
140 140
141/* HCI timeouts */ 141/* HCI timeouts */
142#define HCI_DISCONN_TIMEOUT (2000) /* 2 seconds */ 142#define HCI_DISCONN_TIMEOUT msecs_to_jiffies(2000) /* 2 seconds */
143#define HCI_PAIRING_TIMEOUT (60000) /* 60 seconds */ 143#define HCI_PAIRING_TIMEOUT msecs_to_jiffies(60000) /* 60 seconds */
144#define HCI_INIT_TIMEOUT (10000) /* 10 seconds */ 144#define HCI_INIT_TIMEOUT msecs_to_jiffies(10000) /* 10 seconds */
145#define HCI_CMD_TIMEOUT (1000) /* 1 seconds */ 145#define HCI_CMD_TIMEOUT msecs_to_jiffies(1000) /* 1 second */
146#define HCI_ACL_TX_TIMEOUT (45000) /* 45 seconds */ 146#define HCI_ACL_TX_TIMEOUT msecs_to_jiffies(45000) /* 45 seconds */
147#define HCI_AUTO_OFF_TIMEOUT msecs_to_jiffies(2000) /* 2 seconds */
147 148
148/* HCI data types */ 149/* HCI data types */
149#define HCI_COMMAND_PKT 0x01 150#define HCI_COMMAND_PKT 0x01
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 20fd57367ddc..475b8c04ba52 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -587,18 +587,24 @@ void hci_conn_put_device(struct hci_conn *conn);
587 587
588static inline void hci_conn_hold(struct hci_conn *conn) 588static inline void hci_conn_hold(struct hci_conn *conn)
589{ 589{
590 BT_DBG("hcon %p refcnt %d -> %d", conn, atomic_read(&conn->refcnt),
591 atomic_read(&conn->refcnt) + 1);
592
590 atomic_inc(&conn->refcnt); 593 atomic_inc(&conn->refcnt);
591 cancel_delayed_work(&conn->disc_work); 594 cancel_delayed_work(&conn->disc_work);
592} 595}
593 596
594static inline void hci_conn_put(struct hci_conn *conn) 597static inline void hci_conn_put(struct hci_conn *conn)
595{ 598{
599 BT_DBG("hcon %p refcnt %d -> %d", conn, atomic_read(&conn->refcnt),
600 atomic_read(&conn->refcnt) - 1);
601
596 if (atomic_dec_and_test(&conn->refcnt)) { 602 if (atomic_dec_and_test(&conn->refcnt)) {
597 unsigned long timeo; 603 unsigned long timeo;
598 if (conn->type == ACL_LINK || conn->type == LE_LINK) { 604 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
599 del_timer(&conn->idle_timer); 605 del_timer(&conn->idle_timer);
600 if (conn->state == BT_CONNECTED) { 606 if (conn->state == BT_CONNECTED) {
601 timeo = msecs_to_jiffies(conn->disc_timeout); 607 timeo = conn->disc_timeout;
602 if (!conn->out) 608 if (!conn->out)
603 timeo *= 2; 609 timeo *= 2;
604 } else { 610 } else {
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index d80e3f0691b4..a7679f8913d2 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -464,6 +464,7 @@ struct l2cap_chan {
464 464
465 __u16 tx_win; 465 __u16 tx_win;
466 __u16 tx_win_max; 466 __u16 tx_win_max;
467 __u16 ack_win;
467 __u8 max_tx; 468 __u8 max_tx;
468 __u16 retrans_timeout; 469 __u16 retrans_timeout;
469 __u16 monitor_timeout; 470 __u16 monitor_timeout;
@@ -672,11 +673,15 @@ enum {
672 673
673static inline void l2cap_chan_hold(struct l2cap_chan *c) 674static inline void l2cap_chan_hold(struct l2cap_chan *c)
674{ 675{
676 BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->refcnt));
677
675 atomic_inc(&c->refcnt); 678 atomic_inc(&c->refcnt);
676} 679}
677 680
678static inline void l2cap_chan_put(struct l2cap_chan *c) 681static inline void l2cap_chan_put(struct l2cap_chan *c)
679{ 682{
683 BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->refcnt));
684
680 if (atomic_dec_and_test(&c->refcnt)) 685 if (atomic_dec_and_test(&c->refcnt))
681 kfree(c); 686 kfree(c);
682} 687}
diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h
index 23fd0546fccb..4348ee8bda69 100644
--- a/include/net/bluetooth/mgmt.h
+++ b/include/net/bluetooth/mgmt.h
@@ -444,7 +444,7 @@ struct mgmt_ev_auth_failed {
444struct mgmt_ev_device_found { 444struct mgmt_ev_device_found {
445 struct mgmt_addr_info addr; 445 struct mgmt_addr_info addr;
446 __s8 rssi; 446 __s8 rssi;
447 __u8 flags[4]; 447 __le32 flags;
448 __le16 eir_len; 448 __le16 eir_len;
449 __u8 eir[0]; 449 __u8 eir[0];
450} __packed; 450} __packed;
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index fb93250b3938..4ff0bf3ba9a5 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -501,7 +501,7 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
501/* AMP Manager functions */ 501/* AMP Manager functions */
502void amp_mgr_get(struct amp_mgr *mgr) 502void amp_mgr_get(struct amp_mgr *mgr)
503{ 503{
504 BT_DBG("mgr %p", mgr); 504 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
505 505
506 kref_get(&mgr->kref); 506 kref_get(&mgr->kref);
507} 507}
@@ -517,7 +517,7 @@ static void amp_mgr_destroy(struct kref *kref)
517 517
518int amp_mgr_put(struct amp_mgr *mgr) 518int amp_mgr_put(struct amp_mgr *mgr)
519{ 519{
520 BT_DBG("mgr %p", mgr); 520 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
521 521
522 return kref_put(&mgr->kref, &amp_mgr_destroy); 522 return kref_put(&mgr->kref, &amp_mgr_destroy);
523} 523}
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2fcced377e50..5ad7da217474 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -107,7 +107,7 @@ static void hci_acl_connect_cancel(struct hci_conn *conn)
107{ 107{
108 struct hci_cp_create_conn_cancel cp; 108 struct hci_cp_create_conn_cancel cp;
109 109
110 BT_DBG("%p", conn); 110 BT_DBG("hcon %p", conn);
111 111
112 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2) 112 if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
113 return; 113 return;
@@ -120,7 +120,7 @@ void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
120{ 120{
121 struct hci_cp_disconnect cp; 121 struct hci_cp_disconnect cp;
122 122
123 BT_DBG("%p", conn); 123 BT_DBG("hcon %p", conn);
124 124
125 conn->state = BT_DISCONN; 125 conn->state = BT_DISCONN;
126 126
@@ -134,7 +134,7 @@ void hci_add_sco(struct hci_conn *conn, __u16 handle)
134 struct hci_dev *hdev = conn->hdev; 134 struct hci_dev *hdev = conn->hdev;
135 struct hci_cp_add_sco cp; 135 struct hci_cp_add_sco cp;
136 136
137 BT_DBG("%p", conn); 137 BT_DBG("hcon %p", conn);
138 138
139 conn->state = BT_CONNECT; 139 conn->state = BT_CONNECT;
140 conn->out = true; 140 conn->out = true;
@@ -152,7 +152,7 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
152 struct hci_dev *hdev = conn->hdev; 152 struct hci_dev *hdev = conn->hdev;
153 struct hci_cp_setup_sync_conn cp; 153 struct hci_cp_setup_sync_conn cp;
154 154
155 BT_DBG("%p", conn); 155 BT_DBG("hcon %p", conn);
156 156
157 conn->state = BT_CONNECT; 157 conn->state = BT_CONNECT;
158 conn->out = true; 158 conn->out = true;
@@ -196,7 +196,7 @@ void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
196 struct hci_dev *hdev = conn->hdev; 196 struct hci_dev *hdev = conn->hdev;
197 struct hci_cp_le_start_enc cp; 197 struct hci_cp_le_start_enc cp;
198 198
199 BT_DBG("%p", conn); 199 BT_DBG("hcon %p", conn);
200 200
201 memset(&cp, 0, sizeof(cp)); 201 memset(&cp, 0, sizeof(cp));
202 202
@@ -213,11 +213,11 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
213{ 213{
214 struct hci_conn *sco = conn->link; 214 struct hci_conn *sco = conn->link;
215 215
216 BT_DBG("%p", conn);
217
218 if (!sco) 216 if (!sco)
219 return; 217 return;
220 218
219 BT_DBG("hcon %p", conn);
220
221 if (!status) { 221 if (!status) {
222 if (lmp_esco_capable(conn->hdev)) 222 if (lmp_esco_capable(conn->hdev))
223 hci_setup_sync(sco, conn->handle); 223 hci_setup_sync(sco, conn->handle);
@@ -235,7 +235,7 @@ static void hci_conn_timeout(struct work_struct *work)
235 disc_work.work); 235 disc_work.work);
236 __u8 reason; 236 __u8 reason;
237 237
238 BT_DBG("conn %p state %s", conn, state_to_string(conn->state)); 238 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
239 239
240 if (atomic_read(&conn->refcnt)) 240 if (atomic_read(&conn->refcnt))
241 return; 241 return;
@@ -266,7 +266,7 @@ static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
266{ 266{
267 struct hci_dev *hdev = conn->hdev; 267 struct hci_dev *hdev = conn->hdev;
268 268
269 BT_DBG("conn %p mode %d", conn, conn->mode); 269 BT_DBG("hcon %p mode %d", conn, conn->mode);
270 270
271 if (test_bit(HCI_RAW, &hdev->flags)) 271 if (test_bit(HCI_RAW, &hdev->flags))
272 return; 272 return;
@@ -301,7 +301,7 @@ static void hci_conn_idle(unsigned long arg)
301{ 301{
302 struct hci_conn *conn = (void *) arg; 302 struct hci_conn *conn = (void *) arg;
303 303
304 BT_DBG("conn %p mode %d", conn, conn->mode); 304 BT_DBG("hcon %p mode %d", conn, conn->mode);
305 305
306 hci_conn_enter_sniff_mode(conn); 306 hci_conn_enter_sniff_mode(conn);
307} 307}
@@ -382,7 +382,7 @@ int hci_conn_del(struct hci_conn *conn)
382{ 382{
383 struct hci_dev *hdev = conn->hdev; 383 struct hci_dev *hdev = conn->hdev;
384 384
385 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 385 BT_DBG("%s hcon %p handle %d", hdev->name, conn, conn->handle);
386 386
387 del_timer(&conn->idle_timer); 387 del_timer(&conn->idle_timer);
388 388
@@ -442,7 +442,8 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
442 442
443 list_for_each_entry(d, &hci_dev_list, list) { 443 list_for_each_entry(d, &hci_dev_list, list) {
444 if (!test_bit(HCI_UP, &d->flags) || 444 if (!test_bit(HCI_UP, &d->flags) ||
445 test_bit(HCI_RAW, &d->flags)) 445 test_bit(HCI_RAW, &d->flags) ||
446 d->dev_type != HCI_BREDR)
446 continue; 447 continue;
447 448
448 /* Simple routing: 449 /* Simple routing:
@@ -557,7 +558,7 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
557/* Check link security requirement */ 558/* Check link security requirement */
558int hci_conn_check_link_mode(struct hci_conn *conn) 559int hci_conn_check_link_mode(struct hci_conn *conn)
559{ 560{
560 BT_DBG("conn %p", conn); 561 BT_DBG("hcon %p", conn);
561 562
562 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT)) 563 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
563 return 0; 564 return 0;
@@ -568,7 +569,7 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
568/* Authenticate remote device */ 569/* Authenticate remote device */
569static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 570static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
570{ 571{
571 BT_DBG("conn %p", conn); 572 BT_DBG("hcon %p", conn);
572 573
573 if (conn->pending_sec_level > sec_level) 574 if (conn->pending_sec_level > sec_level)
574 sec_level = conn->pending_sec_level; 575 sec_level = conn->pending_sec_level;
@@ -602,7 +603,7 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
602/* Encrypt the the link */ 603/* Encrypt the the link */
603static void hci_conn_encrypt(struct hci_conn *conn) 604static void hci_conn_encrypt(struct hci_conn *conn)
604{ 605{
605 BT_DBG("conn %p", conn); 606 BT_DBG("hcon %p", conn);
606 607
607 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 608 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
608 struct hci_cp_set_conn_encrypt cp; 609 struct hci_cp_set_conn_encrypt cp;
@@ -616,7 +617,7 @@ static void hci_conn_encrypt(struct hci_conn *conn)
616/* Enable security */ 617/* Enable security */
617int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) 618int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
618{ 619{
619 BT_DBG("conn %p", conn); 620 BT_DBG("hcon %p", conn);
620 621
621 /* For sdp we don't need the link key. */ 622 /* For sdp we don't need the link key. */
622 if (sec_level == BT_SECURITY_SDP) 623 if (sec_level == BT_SECURITY_SDP)
@@ -669,7 +670,7 @@ EXPORT_SYMBOL(hci_conn_security);
669/* Check secure link requirement */ 670/* Check secure link requirement */
670int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) 671int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level)
671{ 672{
672 BT_DBG("conn %p", conn); 673 BT_DBG("hcon %p", conn);
673 674
674 if (sec_level != BT_SECURITY_HIGH) 675 if (sec_level != BT_SECURITY_HIGH)
675 return 1; /* Accept if non-secure is required */ 676 return 1; /* Accept if non-secure is required */
@@ -684,7 +685,7 @@ EXPORT_SYMBOL(hci_conn_check_secure);
684/* Change link key */ 685/* Change link key */
685int hci_conn_change_link_key(struct hci_conn *conn) 686int hci_conn_change_link_key(struct hci_conn *conn)
686{ 687{
687 BT_DBG("conn %p", conn); 688 BT_DBG("hcon %p", conn);
688 689
689 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 690 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
690 struct hci_cp_change_conn_link_key cp; 691 struct hci_cp_change_conn_link_key cp;
@@ -699,7 +700,7 @@ int hci_conn_change_link_key(struct hci_conn *conn)
699/* Switch role */ 700/* Switch role */
700int hci_conn_switch_role(struct hci_conn *conn, __u8 role) 701int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
701{ 702{
702 BT_DBG("conn %p", conn); 703 BT_DBG("hcon %p", conn);
703 704
704 if (!role && conn->link_mode & HCI_LM_MASTER) 705 if (!role && conn->link_mode & HCI_LM_MASTER)
705 return 1; 706 return 1;
@@ -720,7 +721,7 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
720{ 721{
721 struct hci_dev *hdev = conn->hdev; 722 struct hci_dev *hdev = conn->hdev;
722 723
723 BT_DBG("conn %p mode %d", conn, conn->mode); 724 BT_DBG("hcon %p mode %d", conn, conn->mode);
724 725
725 if (test_bit(HCI_RAW, &hdev->flags)) 726 if (test_bit(HCI_RAW, &hdev->flags))
726 return; 727 return;
@@ -894,7 +895,7 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
894 struct hci_dev *hdev = conn->hdev; 895 struct hci_dev *hdev = conn->hdev;
895 struct hci_chan *chan; 896 struct hci_chan *chan;
896 897
897 BT_DBG("%s conn %p", hdev->name, conn); 898 BT_DBG("%s hcon %p", hdev->name, conn);
898 899
899 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL); 900 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
900 if (!chan) 901 if (!chan)
@@ -913,7 +914,7 @@ int hci_chan_del(struct hci_chan *chan)
913 struct hci_conn *conn = chan->conn; 914 struct hci_conn *conn = chan->conn;
914 struct hci_dev *hdev = conn->hdev; 915 struct hci_dev *hdev = conn->hdev;
915 916
916 BT_DBG("%s conn %p chan %p", hdev->name, conn, chan); 917 BT_DBG("%s hcon %p chan %p", hdev->name, conn, chan);
917 918
918 list_del_rcu(&chan->list); 919 list_del_rcu(&chan->list);
919 920
@@ -929,7 +930,7 @@ void hci_chan_list_flush(struct hci_conn *conn)
929{ 930{
930 struct hci_chan *chan, *n; 931 struct hci_chan *chan, *n;
931 932
932 BT_DBG("conn %p", conn); 933 BT_DBG("hcon %p", conn);
933 934
934 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 935 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
935 hci_chan_del(chan); 936 hci_chan_del(chan);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 08994ecc3b6a..d4de5db18d5a 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -33,8 +33,6 @@
33#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h> 34#include <net/bluetooth/hci_core.h>
35 35
36#define AUTO_OFF_TIMEOUT 2000
37
38static void hci_rx_work(struct work_struct *work); 36static void hci_rx_work(struct work_struct *work);
39static void hci_cmd_work(struct work_struct *work); 37static void hci_cmd_work(struct work_struct *work);
40static void hci_tx_work(struct work_struct *work); 38static void hci_tx_work(struct work_struct *work);
@@ -61,7 +59,7 @@ static void hci_notify(struct hci_dev *hdev, int event)
61 59
62void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result) 60void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
63{ 61{
64 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result); 62 BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
65 63
66 /* If this is the init phase check if the completed command matches 64 /* If this is the init phase check if the completed command matches
67 * the last init command, and if not just return. 65 * the last init command, and if not just return.
@@ -188,12 +186,6 @@ static void bredr_init(struct hci_dev *hdev)
188 186
189 /* Mandatory initialization */ 187 /* Mandatory initialization */
190 188
191 /* Reset */
192 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
193 set_bit(HCI_RESET, &hdev->flags);
194 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
195 }
196
197 /* Read Local Supported Features */ 189 /* Read Local Supported Features */
198 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 190 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
199 191
@@ -234,9 +226,6 @@ static void amp_init(struct hci_dev *hdev)
234{ 226{
235 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED; 227 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
236 228
237 /* Reset */
238 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
239
240 /* Read Local Version */ 229 /* Read Local Version */
241 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 230 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
242 231
@@ -262,6 +251,10 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
262 } 251 }
263 skb_queue_purge(&hdev->driver_init); 252 skb_queue_purge(&hdev->driver_init);
264 253
254 /* Reset */
255 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
256 hci_reset_req(hdev, 0);
257
265 switch (hdev->dev_type) { 258 switch (hdev->dev_type) {
266 case HCI_BREDR: 259 case HCI_BREDR:
267 bredr_init(hdev); 260 bredr_init(hdev);
@@ -690,12 +683,11 @@ int hci_dev_open(__u16 dev)
690 set_bit(HCI_INIT, &hdev->flags); 683 set_bit(HCI_INIT, &hdev->flags);
691 hdev->init_last_cmd = 0; 684 hdev->init_last_cmd = 0;
692 685
693 ret = __hci_request(hdev, hci_init_req, 0, 686 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
694 msecs_to_jiffies(HCI_INIT_TIMEOUT));
695 687
696 if (lmp_host_le_capable(hdev)) 688 if (lmp_host_le_capable(hdev))
697 ret = __hci_request(hdev, hci_le_init_req, 0, 689 ret = __hci_request(hdev, hci_le_init_req, 0,
698 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 690 HCI_INIT_TIMEOUT);
699 691
700 clear_bit(HCI_INIT, &hdev->flags); 692 clear_bit(HCI_INIT, &hdev->flags);
701 } 693 }
@@ -782,8 +774,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
782 if (!test_bit(HCI_RAW, &hdev->flags) && 774 if (!test_bit(HCI_RAW, &hdev->flags) &&
783 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 775 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
784 set_bit(HCI_INIT, &hdev->flags); 776 set_bit(HCI_INIT, &hdev->flags);
785 __hci_request(hdev, hci_reset_req, 0, 777 __hci_request(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
786 msecs_to_jiffies(250));
787 clear_bit(HCI_INIT, &hdev->flags); 778 clear_bit(HCI_INIT, &hdev->flags);
788 } 779 }
789 780
@@ -872,8 +863,7 @@ int hci_dev_reset(__u16 dev)
872 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0; 863 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
873 864
874 if (!test_bit(HCI_RAW, &hdev->flags)) 865 if (!test_bit(HCI_RAW, &hdev->flags))
875 ret = __hci_request(hdev, hci_reset_req, 0, 866 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
876 msecs_to_jiffies(HCI_INIT_TIMEOUT));
877 867
878done: 868done:
879 hci_req_unlock(hdev); 869 hci_req_unlock(hdev);
@@ -913,7 +903,7 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
913 switch (cmd) { 903 switch (cmd) {
914 case HCISETAUTH: 904 case HCISETAUTH:
915 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 905 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
916 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 906 HCI_INIT_TIMEOUT);
917 break; 907 break;
918 908
919 case HCISETENCRYPT: 909 case HCISETENCRYPT:
@@ -925,23 +915,23 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
925 if (!test_bit(HCI_AUTH, &hdev->flags)) { 915 if (!test_bit(HCI_AUTH, &hdev->flags)) {
926 /* Auth must be enabled first */ 916 /* Auth must be enabled first */
927 err = hci_request(hdev, hci_auth_req, dr.dev_opt, 917 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
928 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 918 HCI_INIT_TIMEOUT);
929 if (err) 919 if (err)
930 break; 920 break;
931 } 921 }
932 922
933 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt, 923 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
934 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 924 HCI_INIT_TIMEOUT);
935 break; 925 break;
936 926
937 case HCISETSCAN: 927 case HCISETSCAN:
938 err = hci_request(hdev, hci_scan_req, dr.dev_opt, 928 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
939 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 929 HCI_INIT_TIMEOUT);
940 break; 930 break;
941 931
942 case HCISETLINKPOL: 932 case HCISETLINKPOL:
943 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt, 933 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
944 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 934 HCI_INIT_TIMEOUT);
945 break; 935 break;
946 936
947 case HCISETLINKMODE: 937 case HCISETLINKMODE:
@@ -1091,8 +1081,7 @@ static void hci_power_on(struct work_struct *work)
1091 return; 1081 return;
1092 1082
1093 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1083 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1094 schedule_delayed_work(&hdev->power_off, 1084 schedule_delayed_work(&hdev->power_off, HCI_AUTO_OFF_TIMEOUT);
1095 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
1096 1085
1097 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 1086 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1098 mgmt_index_added(hdev); 1087 mgmt_index_added(hdev);
@@ -1369,11 +1358,19 @@ int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1369} 1358}
1370 1359
1371/* HCI command timer function */ 1360/* HCI command timer function */
1372static void hci_cmd_timer(unsigned long arg) 1361static void hci_cmd_timeout(unsigned long arg)
1373{ 1362{
1374 struct hci_dev *hdev = (void *) arg; 1363 struct hci_dev *hdev = (void *) arg;
1375 1364
1376 BT_ERR("%s command tx timeout", hdev->name); 1365 if (hdev->sent_cmd) {
1366 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1367 u16 opcode = __le16_to_cpu(sent->opcode);
1368
1369 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1370 } else {
1371 BT_ERR("%s command tx timeout", hdev->name);
1372 }
1373
1377 atomic_set(&hdev->cmd_cnt, 1); 1374 atomic_set(&hdev->cmd_cnt, 1);
1378 queue_work(hdev->workqueue, &hdev->cmd_work); 1375 queue_work(hdev->workqueue, &hdev->cmd_work);
1379} 1376}
@@ -1671,7 +1668,7 @@ struct hci_dev *hci_alloc_dev(void)
1671 1668
1672 init_waitqueue_head(&hdev->req_wait_q); 1669 init_waitqueue_head(&hdev->req_wait_q);
1673 1670
1674 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev); 1671 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
1675 1672
1676 hci_init_sysfs(hdev); 1673 hci_init_sysfs(hdev);
1677 discovery_init(hdev); 1674 discovery_init(hdev);
@@ -1746,8 +1743,11 @@ int hci_register_dev(struct hci_dev *hdev)
1746 } 1743 }
1747 } 1744 }
1748 1745
1749 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1750 set_bit(HCI_SETUP, &hdev->dev_flags); 1746 set_bit(HCI_SETUP, &hdev->dev_flags);
1747
1748 if (hdev->dev_type != HCI_AMP)
1749 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1750
1751 schedule_work(&hdev->power_on); 1751 schedule_work(&hdev->power_on);
1752 1752
1753 hci_notify(hdev, HCI_DEV_REG); 1753 hci_notify(hdev, HCI_DEV_REG);
@@ -2087,7 +2087,7 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2087 struct hci_command_hdr *hdr; 2087 struct hci_command_hdr *hdr;
2088 struct sk_buff *skb; 2088 struct sk_buff *skb;
2089 2089
2090 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen); 2090 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2091 2091
2092 skb = bt_skb_alloc(len, GFP_ATOMIC); 2092 skb = bt_skb_alloc(len, GFP_ATOMIC);
2093 if (!skb) { 2093 if (!skb) {
@@ -2129,7 +2129,7 @@ void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2129 if (hdr->opcode != cpu_to_le16(opcode)) 2129 if (hdr->opcode != cpu_to_le16(opcode))
2130 return NULL; 2130 return NULL;
2131 2131
2132 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 2132 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2133 2133
2134 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE; 2134 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2135} 2135}
@@ -2199,7 +2199,7 @@ void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2199 struct hci_conn *conn = chan->conn; 2199 struct hci_conn *conn = chan->conn;
2200 struct hci_dev *hdev = conn->hdev; 2200 struct hci_dev *hdev = conn->hdev;
2201 2201
2202 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags); 2202 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2203 2203
2204 skb->dev = (void *) hdev; 2204 skb->dev = (void *) hdev;
2205 2205
@@ -2455,7 +2455,7 @@ static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2455 /* ACL tx timeout must be longer than maximum 2455 /* ACL tx timeout must be longer than maximum
2456 * link supervision timeout (40.9 seconds) */ 2456 * link supervision timeout (40.9 seconds) */
2457 if (!cnt && time_after(jiffies, hdev->acl_last_tx + 2457 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2458 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT))) 2458 HCI_ACL_TX_TIMEOUT))
2459 hci_link_tx_to(hdev, ACL_LINK); 2459 hci_link_tx_to(hdev, ACL_LINK);
2460 } 2460 }
2461} 2461}
@@ -2699,7 +2699,7 @@ static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2699 flags = hci_flags(handle); 2699 flags = hci_flags(handle);
2700 handle = hci_handle(handle); 2700 handle = hci_handle(handle);
2701 2701
2702 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, 2702 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
2703 handle, flags); 2703 handle, flags);
2704 2704
2705 hdev->stat.acl_rx++; 2705 hdev->stat.acl_rx++;
@@ -2741,7 +2741,7 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2741 2741
2742 handle = __le16_to_cpu(hdr->handle); 2742 handle = __le16_to_cpu(hdr->handle);
2743 2743
2744 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle); 2744 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
2745 2745
2746 hdev->stat.sco_rx++; 2746 hdev->stat.sco_rx++;
2747 2747
@@ -2821,7 +2821,8 @@ static void hci_cmd_work(struct work_struct *work)
2821 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work); 2821 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2822 struct sk_buff *skb; 2822 struct sk_buff *skb;
2823 2823
2824 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt)); 2824 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
2825 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
2825 2826
2826 /* Send queued commands */ 2827 /* Send queued commands */
2827 if (atomic_read(&hdev->cmd_cnt)) { 2828 if (atomic_read(&hdev->cmd_cnt)) {
@@ -2839,7 +2840,7 @@ static void hci_cmd_work(struct work_struct *work)
2839 del_timer(&hdev->cmd_timer); 2840 del_timer(&hdev->cmd_timer);
2840 else 2841 else
2841 mod_timer(&hdev->cmd_timer, 2842 mod_timer(&hdev->cmd_timer,
2842 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT)); 2843 jiffies + HCI_CMD_TIMEOUT);
2843 } else { 2844 } else {
2844 skb_queue_head(&hdev->cmd_q, skb); 2845 skb_queue_head(&hdev->cmd_q, skb);
2845 queue_work(hdev->workqueue, &hdev->cmd_work); 2846 queue_work(hdev->workqueue, &hdev->cmd_work);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 1ba929c05d0d..41ff978a33f9 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -36,7 +36,7 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
36{ 36{
37 __u8 status = *((__u8 *) skb->data); 37 __u8 status = *((__u8 *) skb->data);
38 38
39 BT_DBG("%s status 0x%x", hdev->name, status); 39 BT_DBG("%s status 0x%2.2x", hdev->name, status);
40 40
41 if (status) { 41 if (status) {
42 hci_dev_lock(hdev); 42 hci_dev_lock(hdev);
@@ -60,7 +60,7 @@ static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
60{ 60{
61 __u8 status = *((__u8 *) skb->data); 61 __u8 status = *((__u8 *) skb->data);
62 62
63 BT_DBG("%s status 0x%x", hdev->name, status); 63 BT_DBG("%s status 0x%2.2x", hdev->name, status);
64 64
65 if (status) 65 if (status)
66 return; 66 return;
@@ -72,7 +72,7 @@ static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72{ 72{
73 __u8 status = *((__u8 *) skb->data); 73 __u8 status = *((__u8 *) skb->data);
74 74
75 BT_DBG("%s status 0x%x", hdev->name, status); 75 BT_DBG("%s status 0x%2.2x", hdev->name, status);
76 76
77 if (status) 77 if (status)
78 return; 78 return;
@@ -93,7 +93,7 @@ static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
93 struct hci_rp_role_discovery *rp = (void *) skb->data; 93 struct hci_rp_role_discovery *rp = (void *) skb->data;
94 struct hci_conn *conn; 94 struct hci_conn *conn;
95 95
96 BT_DBG("%s status 0x%x", hdev->name, rp->status); 96 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
97 97
98 if (rp->status) 98 if (rp->status)
99 return; 99 return;
@@ -116,7 +116,7 @@ static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
116 struct hci_rp_read_link_policy *rp = (void *) skb->data; 116 struct hci_rp_read_link_policy *rp = (void *) skb->data;
117 struct hci_conn *conn; 117 struct hci_conn *conn;
118 118
119 BT_DBG("%s status 0x%x", hdev->name, rp->status); 119 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
120 120
121 if (rp->status) 121 if (rp->status)
122 return; 122 return;
@@ -136,7 +136,7 @@ static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136 struct hci_conn *conn; 136 struct hci_conn *conn;
137 void *sent; 137 void *sent;
138 138
139 BT_DBG("%s status 0x%x", hdev->name, rp->status); 139 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
140 140
141 if (rp->status) 141 if (rp->status)
142 return; 142 return;
@@ -159,7 +159,7 @@ static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
159{ 159{
160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data; 160 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
161 161
162 BT_DBG("%s status 0x%x", hdev->name, rp->status); 162 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
163 163
164 if (rp->status) 164 if (rp->status)
165 return; 165 return;
@@ -173,7 +173,7 @@ static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 __u8 status = *((__u8 *) skb->data); 173 __u8 status = *((__u8 *) skb->data);
174 void *sent; 174 void *sent;
175 175
176 BT_DBG("%s status 0x%x", hdev->name, status); 176 BT_DBG("%s status 0x%2.2x", hdev->name, status);
177 177
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY); 178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 if (!sent) 179 if (!sent)
@@ -189,7 +189,7 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
189{ 189{
190 __u8 status = *((__u8 *) skb->data); 190 __u8 status = *((__u8 *) skb->data);
191 191
192 BT_DBG("%s status 0x%x", hdev->name, status); 192 BT_DBG("%s status 0x%2.2x", hdev->name, status);
193 193
194 clear_bit(HCI_RESET, &hdev->flags); 194 clear_bit(HCI_RESET, &hdev->flags);
195 195
@@ -207,7 +207,7 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
207 __u8 status = *((__u8 *) skb->data); 207 __u8 status = *((__u8 *) skb->data);
208 void *sent; 208 void *sent;
209 209
210 BT_DBG("%s status 0x%x", hdev->name, status); 210 BT_DBG("%s status 0x%2.2x", hdev->name, status);
211 211
212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 212 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
213 if (!sent) 213 if (!sent)
@@ -229,7 +229,7 @@ static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229{ 229{
230 struct hci_rp_read_local_name *rp = (void *) skb->data; 230 struct hci_rp_read_local_name *rp = (void *) skb->data;
231 231
232 BT_DBG("%s status 0x%x", hdev->name, rp->status); 232 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
233 233
234 if (rp->status) 234 if (rp->status)
235 return; 235 return;
@@ -243,7 +243,7 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
243 __u8 status = *((__u8 *) skb->data); 243 __u8 status = *((__u8 *) skb->data);
244 void *sent; 244 void *sent;
245 245
246 BT_DBG("%s status 0x%x", hdev->name, status); 246 BT_DBG("%s status 0x%2.2x", hdev->name, status);
247 247
248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE); 248 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
249 if (!sent) 249 if (!sent)
@@ -269,7 +269,7 @@ static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
269 __u8 status = *((__u8 *) skb->data); 269 __u8 status = *((__u8 *) skb->data);
270 void *sent; 270 void *sent;
271 271
272 BT_DBG("%s status 0x%x", hdev->name, status); 272 BT_DBG("%s status 0x%2.2x", hdev->name, status);
273 273
274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE); 274 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
275 if (!sent) 275 if (!sent)
@@ -293,7 +293,7 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293 int old_pscan, old_iscan; 293 int old_pscan, old_iscan;
294 void *sent; 294 void *sent;
295 295
296 BT_DBG("%s status 0x%x", hdev->name, status); 296 BT_DBG("%s status 0x%2.2x", hdev->name, status);
297 297
298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE); 298 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
299 if (!sent) 299 if (!sent)
@@ -340,7 +340,7 @@ static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
340{ 340{
341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data; 341 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
342 342
343 BT_DBG("%s status 0x%x", hdev->name, rp->status); 343 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
344 344
345 if (rp->status) 345 if (rp->status)
346 return; 346 return;
@@ -356,7 +356,7 @@ static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
356 __u8 status = *((__u8 *) skb->data); 356 __u8 status = *((__u8 *) skb->data);
357 void *sent; 357 void *sent;
358 358
359 BT_DBG("%s status 0x%x", hdev->name, status); 359 BT_DBG("%s status 0x%2.2x", hdev->name, status);
360 360
361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 361 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
362 if (!sent) 362 if (!sent)
@@ -378,7 +378,7 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
378 struct hci_rp_read_voice_setting *rp = (void *) skb->data; 378 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
379 __u16 setting; 379 __u16 setting;
380 380
381 BT_DBG("%s status 0x%x", hdev->name, rp->status); 381 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
382 382
383 if (rp->status) 383 if (rp->status)
384 return; 384 return;
@@ -390,7 +390,7 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
390 390
391 hdev->voice_setting = setting; 391 hdev->voice_setting = setting;
392 392
393 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 393 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
394 394
395 if (hdev->notify) 395 if (hdev->notify)
396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 396 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
@@ -403,7 +403,7 @@ static void hci_cc_write_voice_setting(struct hci_dev *hdev,
403 __u16 setting; 403 __u16 setting;
404 void *sent; 404 void *sent;
405 405
406 BT_DBG("%s status 0x%x", hdev->name, status); 406 BT_DBG("%s status 0x%2.2x", hdev->name, status);
407 407
408 if (status) 408 if (status)
409 return; 409 return;
@@ -419,7 +419,7 @@ static void hci_cc_write_voice_setting(struct hci_dev *hdev,
419 419
420 hdev->voice_setting = setting; 420 hdev->voice_setting = setting;
421 421
422 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 422 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
423 423
424 if (hdev->notify) 424 if (hdev->notify)
425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 425 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
@@ -429,7 +429,7 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
429{ 429{
430 __u8 status = *((__u8 *) skb->data); 430 __u8 status = *((__u8 *) skb->data);
431 431
432 BT_DBG("%s status 0x%x", hdev->name, status); 432 BT_DBG("%s status 0x%2.2x", hdev->name, status);
433 433
434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 434 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
435} 435}
@@ -439,7 +439,7 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439 __u8 status = *((__u8 *) skb->data); 439 __u8 status = *((__u8 *) skb->data);
440 void *sent; 440 void *sent;
441 441
442 BT_DBG("%s status 0x%x", hdev->name, status); 442 BT_DBG("%s status 0x%2.2x", hdev->name, status);
443 443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent) 445 if (!sent)
@@ -597,7 +597,7 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
597{ 597{
598 struct hci_rp_read_local_version *rp = (void *) skb->data; 598 struct hci_rp_read_local_version *rp = (void *) skb->data;
599 599
600 BT_DBG("%s status 0x%x", hdev->name, rp->status); 600 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
601 601
602 if (rp->status) 602 if (rp->status)
603 goto done; 603 goto done;
@@ -608,7 +608,7 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer); 608 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver); 609 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
610 610
611 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 611 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev); 612 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
613 613
614 if (test_bit(HCI_INIT, &hdev->flags)) 614 if (test_bit(HCI_INIT, &hdev->flags))
@@ -641,7 +641,7 @@ static void hci_cc_read_local_commands(struct hci_dev *hdev,
641{ 641{
642 struct hci_rp_read_local_commands *rp = (void *) skb->data; 642 struct hci_rp_read_local_commands *rp = (void *) skb->data;
643 643
644 BT_DBG("%s status 0x%x", hdev->name, rp->status); 644 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
645 645
646 if (rp->status) 646 if (rp->status)
647 goto done; 647 goto done;
@@ -660,7 +660,7 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
660{ 660{
661 struct hci_rp_read_local_features *rp = (void *) skb->data; 661 struct hci_rp_read_local_features *rp = (void *) skb->data;
662 662
663 BT_DBG("%s status 0x%x", hdev->name, rp->status); 663 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
664 664
665 if (rp->status) 665 if (rp->status)
666 return; 666 return;
@@ -732,7 +732,7 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
732{ 732{
733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data; 733 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
734 734
735 BT_DBG("%s status 0x%x", hdev->name, rp->status); 735 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
736 736
737 if (rp->status) 737 if (rp->status)
738 goto done; 738 goto done;
@@ -758,7 +758,7 @@ static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
758{ 758{
759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data; 759 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
760 760
761 BT_DBG("%s status 0x%x", hdev->name, rp->status); 761 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
762 762
763 if (rp->status) 763 if (rp->status)
764 return; 764 return;
@@ -772,7 +772,7 @@ static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
772{ 772{
773 struct hci_rp_read_buffer_size *rp = (void *) skb->data; 773 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
774 774
775 BT_DBG("%s status 0x%x", hdev->name, rp->status); 775 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
776 776
777 if (rp->status) 777 if (rp->status)
778 return; 778 return;
@@ -798,7 +798,7 @@ static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
798{ 798{
799 struct hci_rp_read_bd_addr *rp = (void *) skb->data; 799 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
800 800
801 BT_DBG("%s status 0x%x", hdev->name, rp->status); 801 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
802 802
803 if (!rp->status) 803 if (!rp->status)
804 bacpy(&hdev->bdaddr, &rp->bdaddr); 804 bacpy(&hdev->bdaddr, &rp->bdaddr);
@@ -811,7 +811,7 @@ static void hci_cc_read_data_block_size(struct hci_dev *hdev,
811{ 811{
812 struct hci_rp_read_data_block_size *rp = (void *) skb->data; 812 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
813 813
814 BT_DBG("%s status 0x%x", hdev->name, rp->status); 814 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
815 815
816 if (rp->status) 816 if (rp->status)
817 return; 817 return;
@@ -832,7 +832,7 @@ static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
832{ 832{
833 __u8 status = *((__u8 *) skb->data); 833 __u8 status = *((__u8 *) skb->data);
834 834
835 BT_DBG("%s status 0x%x", hdev->name, status); 835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
836 836
837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status); 837 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
838} 838}
@@ -842,7 +842,7 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
842{ 842{
843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data; 843 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
844 844
845 BT_DBG("%s status 0x%x", hdev->name, rp->status); 845 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
846 846
847 if (rp->status) 847 if (rp->status)
848 return; 848 return;
@@ -866,7 +866,7 @@ static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
866{ 866{
867 __u8 status = *((__u8 *) skb->data); 867 __u8 status = *((__u8 *) skb->data);
868 868
869 BT_DBG("%s status 0x%x", hdev->name, status); 869 BT_DBG("%s status 0x%2.2x", hdev->name, status);
870 870
871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status); 871 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
872} 872}
@@ -875,7 +875,7 @@ static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
875{ 875{
876 __u8 status = *((__u8 *) skb->data); 876 __u8 status = *((__u8 *) skb->data);
877 877
878 BT_DBG("%s status 0x%x", hdev->name, status); 878 BT_DBG("%s status 0x%2.2x", hdev->name, status);
879 879
880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status); 880 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
881} 881}
@@ -885,7 +885,7 @@ static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
885{ 885{
886 __u8 status = *((__u8 *) skb->data); 886 __u8 status = *((__u8 *) skb->data);
887 887
888 BT_DBG("%s status 0x%x", hdev->name, status); 888 BT_DBG("%s status 0x%2.2x", hdev->name, status);
889 889
890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status); 890 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
891} 891}
@@ -895,7 +895,7 @@ static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
895{ 895{
896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data; 896 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
897 897
898 BT_DBG("%s status 0x%x", hdev->name, rp->status); 898 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
899 899
900 if (!rp->status) 900 if (!rp->status)
901 hdev->inq_tx_power = rp->tx_power; 901 hdev->inq_tx_power = rp->tx_power;
@@ -907,7 +907,7 @@ static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
907{ 907{
908 __u8 status = *((__u8 *) skb->data); 908 __u8 status = *((__u8 *) skb->data);
909 909
910 BT_DBG("%s status 0x%x", hdev->name, status); 910 BT_DBG("%s status 0x%2.2x", hdev->name, status);
911 911
912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status); 912 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
913} 913}
@@ -918,7 +918,7 @@ static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
918 struct hci_cp_pin_code_reply *cp; 918 struct hci_cp_pin_code_reply *cp;
919 struct hci_conn *conn; 919 struct hci_conn *conn;
920 920
921 BT_DBG("%s status 0x%x", hdev->name, rp->status); 921 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
922 922
923 hci_dev_lock(hdev); 923 hci_dev_lock(hdev);
924 924
@@ -944,7 +944,7 @@ static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
944{ 944{
945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data; 945 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
946 946
947 BT_DBG("%s status 0x%x", hdev->name, rp->status); 947 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
948 948
949 hci_dev_lock(hdev); 949 hci_dev_lock(hdev);
950 950
@@ -960,7 +960,7 @@ static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
960{ 960{
961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data; 961 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
962 962
963 BT_DBG("%s status 0x%x", hdev->name, rp->status); 963 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
964 964
965 if (rp->status) 965 if (rp->status)
966 return; 966 return;
@@ -979,7 +979,7 @@ static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
979{ 979{
980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 980 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
981 981
982 BT_DBG("%s status 0x%x", hdev->name, rp->status); 982 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
983 983
984 hci_dev_lock(hdev); 984 hci_dev_lock(hdev);
985 985
@@ -995,7 +995,7 @@ static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
995{ 995{
996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 996 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
997 997
998 BT_DBG("%s status 0x%x", hdev->name, rp->status); 998 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
999 999
1000 hci_dev_lock(hdev); 1000 hci_dev_lock(hdev);
1001 1001
@@ -1010,7 +1010,7 @@ static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1010{ 1010{
1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1011 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1012 1012
1013 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1013 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1014 1014
1015 hci_dev_lock(hdev); 1015 hci_dev_lock(hdev);
1016 1016
@@ -1026,7 +1026,7 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1026{ 1026{
1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1027 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1028 1028
1029 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1029 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1030 1030
1031 hci_dev_lock(hdev); 1031 hci_dev_lock(hdev);
1032 1032
@@ -1042,7 +1042,7 @@ static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1042{ 1042{
1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data; 1043 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1044 1044
1045 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1045 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1046 1046
1047 hci_dev_lock(hdev); 1047 hci_dev_lock(hdev);
1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash, 1048 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
@@ -1054,7 +1054,7 @@ static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1054{ 1054{
1055 __u8 status = *((__u8 *) skb->data); 1055 __u8 status = *((__u8 *) skb->data);
1056 1056
1057 BT_DBG("%s status 0x%x", hdev->name, status); 1057 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1058 1058
1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status); 1059 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1060 1060
@@ -1072,7 +1072,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1072 struct hci_cp_le_set_scan_enable *cp; 1072 struct hci_cp_le_set_scan_enable *cp;
1073 __u8 status = *((__u8 *) skb->data); 1073 __u8 status = *((__u8 *) skb->data);
1074 1074
1075 BT_DBG("%s status 0x%x", hdev->name, status); 1075 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1076 1076
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); 1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1078 if (!cp) 1078 if (!cp)
@@ -1127,7 +1127,7 @@ static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1127{ 1127{
1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data; 1128 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1129 1129
1130 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1130 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1131 1131
1132 if (rp->status) 1132 if (rp->status)
1133 return; 1133 return;
@@ -1139,7 +1139,7 @@ static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{ 1139{
1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data; 1140 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1141 1141
1142 BT_DBG("%s status 0x%x", hdev->name, rp->status); 1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143 1143
1144 if (rp->status) 1144 if (rp->status)
1145 return; 1145 return;
@@ -1153,7 +1153,7 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1153 struct hci_cp_write_le_host_supported *sent; 1153 struct hci_cp_write_le_host_supported *sent;
1154 __u8 status = *((__u8 *) skb->data); 1154 __u8 status = *((__u8 *) skb->data);
1155 1155
1156 BT_DBG("%s status 0x%x", hdev->name, status); 1156 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1157 1157
1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED); 1158 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1159 if (!sent) 1159 if (!sent)
@@ -1175,7 +1175,7 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1175 1175
1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1176static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1177{ 1177{
1178 BT_DBG("%s status 0x%x", hdev->name, status); 1178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1179 1179
1180 if (status) { 1180 if (status) {
1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1181 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
@@ -1199,7 +1199,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1199 struct hci_cp_create_conn *cp; 1199 struct hci_cp_create_conn *cp;
1200 struct hci_conn *conn; 1200 struct hci_conn *conn;
1201 1201
1202 BT_DBG("%s status 0x%x", hdev->name, status); 1202 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1203 1203
1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN); 1204 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1205 if (!cp) 1205 if (!cp)
@@ -1209,7 +1209,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1209 1209
1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1211 1211
1212 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn); 1212 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn);
1213 1213
1214 if (status) { 1214 if (status) {
1215 if (conn && conn->state == BT_CONNECT) { 1215 if (conn && conn->state == BT_CONNECT) {
@@ -1240,7 +1240,7 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1240 struct hci_conn *acl, *sco; 1240 struct hci_conn *acl, *sco;
1241 __u16 handle; 1241 __u16 handle;
1242 1242
1243 BT_DBG("%s status 0x%x", hdev->name, status); 1243 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1244 1244
1245 if (!status) 1245 if (!status)
1246 return; 1246 return;
@@ -1251,7 +1251,7 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1251 1251
1252 handle = __le16_to_cpu(cp->handle); 1252 handle = __le16_to_cpu(cp->handle);
1253 1253
1254 BT_DBG("%s handle %d", hdev->name, handle); 1254 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1255 1255
1256 hci_dev_lock(hdev); 1256 hci_dev_lock(hdev);
1257 1257
@@ -1274,7 +1274,7 @@ static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1274 struct hci_cp_auth_requested *cp; 1274 struct hci_cp_auth_requested *cp;
1275 struct hci_conn *conn; 1275 struct hci_conn *conn;
1276 1276
1277 BT_DBG("%s status 0x%x", hdev->name, status); 1277 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1278 1278
1279 if (!status) 1279 if (!status)
1280 return; 1280 return;
@@ -1301,7 +1301,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1301 struct hci_cp_set_conn_encrypt *cp; 1301 struct hci_cp_set_conn_encrypt *cp;
1302 struct hci_conn *conn; 1302 struct hci_conn *conn;
1303 1303
1304 BT_DBG("%s status 0x%x", hdev->name, status); 1304 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1305 1305
1306 if (!status) 1306 if (!status)
1307 return; 1307 return;
@@ -1413,7 +1413,7 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1413 struct hci_cp_remote_name_req *cp; 1413 struct hci_cp_remote_name_req *cp;
1414 struct hci_conn *conn; 1414 struct hci_conn *conn;
1415 1415
1416 BT_DBG("%s status 0x%x", hdev->name, status); 1416 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1417 1417
1418 /* If successful wait for the name req complete event before 1418 /* If successful wait for the name req complete event before
1419 * checking for the need to do authentication */ 1419 * checking for the need to do authentication */
@@ -1452,7 +1452,7 @@ static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1452 struct hci_cp_read_remote_features *cp; 1452 struct hci_cp_read_remote_features *cp;
1453 struct hci_conn *conn; 1453 struct hci_conn *conn;
1454 1454
1455 BT_DBG("%s status 0x%x", hdev->name, status); 1455 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1456 1456
1457 if (!status) 1457 if (!status)
1458 return; 1458 return;
@@ -1479,7 +1479,7 @@ static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1479 struct hci_cp_read_remote_ext_features *cp; 1479 struct hci_cp_read_remote_ext_features *cp;
1480 struct hci_conn *conn; 1480 struct hci_conn *conn;
1481 1481
1482 BT_DBG("%s status 0x%x", hdev->name, status); 1482 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1483 1483
1484 if (!status) 1484 if (!status)
1485 return; 1485 return;
@@ -1507,7 +1507,7 @@ static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1507 struct hci_conn *acl, *sco; 1507 struct hci_conn *acl, *sco;
1508 __u16 handle; 1508 __u16 handle;
1509 1509
1510 BT_DBG("%s status 0x%x", hdev->name, status); 1510 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1511 1511
1512 if (!status) 1512 if (!status)
1513 return; 1513 return;
@@ -1518,7 +1518,7 @@ static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1518 1518
1519 handle = __le16_to_cpu(cp->handle); 1519 handle = __le16_to_cpu(cp->handle);
1520 1520
1521 BT_DBG("%s handle %d", hdev->name, handle); 1521 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1522 1522
1523 hci_dev_lock(hdev); 1523 hci_dev_lock(hdev);
1524 1524
@@ -1541,7 +1541,7 @@ static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1541 struct hci_cp_sniff_mode *cp; 1541 struct hci_cp_sniff_mode *cp;
1542 struct hci_conn *conn; 1542 struct hci_conn *conn;
1543 1543
1544 BT_DBG("%s status 0x%x", hdev->name, status); 1544 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1545 1545
1546 if (!status) 1546 if (!status)
1547 return; 1547 return;
@@ -1568,7 +1568,7 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1568 struct hci_cp_exit_sniff_mode *cp; 1568 struct hci_cp_exit_sniff_mode *cp;
1569 struct hci_conn *conn; 1569 struct hci_conn *conn;
1570 1570
1571 BT_DBG("%s status 0x%x", hdev->name, status); 1571 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1572 1572
1573 if (!status) 1573 if (!status)
1574 return; 1574 return;
@@ -1617,7 +1617,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1617 struct hci_cp_le_create_conn *cp; 1617 struct hci_cp_le_create_conn *cp;
1618 struct hci_conn *conn; 1618 struct hci_conn *conn;
1619 1619
1620 BT_DBG("%s status 0x%x", hdev->name, status); 1620 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1621 1621
1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); 1622 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1623 if (!cp) 1623 if (!cp)
@@ -1655,7 +1655,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1655 1655
1656static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) 1656static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657{ 1657{
1658 BT_DBG("%s status 0x%x", hdev->name, status); 1658 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1659} 1659}
1660 1660
1661static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1661static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1664,7 +1664,7 @@ static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1664 struct discovery_state *discov = &hdev->discovery; 1664 struct discovery_state *discov = &hdev->discovery;
1665 struct inquiry_entry *e; 1665 struct inquiry_entry *e;
1666 1666
1667 BT_DBG("%s status %d", hdev->name, status); 1667 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1668 1668
1669 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1669 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1670 1670
@@ -1893,7 +1893,7 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1893 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1893 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1894 struct hci_conn *conn; 1894 struct hci_conn *conn;
1895 1895
1896 BT_DBG("%s status %d", hdev->name, ev->status); 1896 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1897 1897
1898 hci_dev_lock(hdev); 1898 hci_dev_lock(hdev);
1899 1899
@@ -1930,7 +1930,7 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1930 struct hci_ev_auth_complete *ev = (void *) skb->data; 1930 struct hci_ev_auth_complete *ev = (void *) skb->data;
1931 struct hci_conn *conn; 1931 struct hci_conn *conn;
1932 1932
1933 BT_DBG("%s status %d", hdev->name, ev->status); 1933 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1934 1934
1935 hci_dev_lock(hdev); 1935 hci_dev_lock(hdev);
1936 1936
@@ -2035,7 +2035,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2035 struct hci_ev_encrypt_change *ev = (void *) skb->data; 2035 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2036 struct hci_conn *conn; 2036 struct hci_conn *conn;
2037 2037
2038 BT_DBG("%s status %d", hdev->name, ev->status); 2038 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2039 2039
2040 hci_dev_lock(hdev); 2040 hci_dev_lock(hdev);
2041 2041
@@ -2079,7 +2079,7 @@ static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2079 struct hci_ev_change_link_key_complete *ev = (void *) skb->data; 2079 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2080 struct hci_conn *conn; 2080 struct hci_conn *conn;
2081 2081
2082 BT_DBG("%s status %d", hdev->name, ev->status); 2082 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2083 2083
2084 hci_dev_lock(hdev); 2084 hci_dev_lock(hdev);
2085 2085
@@ -2102,7 +2102,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
2102 struct hci_ev_remote_features *ev = (void *) skb->data; 2102 struct hci_ev_remote_features *ev = (void *) skb->data;
2103 struct hci_conn *conn; 2103 struct hci_conn *conn;
2104 2104
2105 BT_DBG("%s status %d", hdev->name, ev->status); 2105 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2106 2106
2107 hci_dev_lock(hdev); 2107 hci_dev_lock(hdev);
2108 2108
@@ -2364,7 +2364,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2364 break; 2364 break;
2365 2365
2366 default: 2366 default:
2367 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 2367 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2368 break; 2368 break;
2369 } 2369 }
2370 2370
@@ -2445,7 +2445,7 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2445 break; 2445 break;
2446 2446
2447 default: 2447 default:
2448 BT_DBG("%s opcode 0x%x", hdev->name, opcode); 2448 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2449 break; 2449 break;
2450 } 2450 }
2451 2451
@@ -2464,7 +2464,7 @@ static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2464 struct hci_ev_role_change *ev = (void *) skb->data; 2464 struct hci_ev_role_change *ev = (void *) skb->data;
2465 struct hci_conn *conn; 2465 struct hci_conn *conn;
2466 2466
2467 BT_DBG("%s status %d", hdev->name, ev->status); 2467 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2468 2468
2469 hci_dev_lock(hdev); 2469 hci_dev_lock(hdev);
2470 2470
@@ -2605,7 +2605,7 @@ static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2605 struct hci_ev_mode_change *ev = (void *) skb->data; 2605 struct hci_ev_mode_change *ev = (void *) skb->data;
2606 struct hci_conn *conn; 2606 struct hci_conn *conn;
2607 2607
2608 BT_DBG("%s status %d", hdev->name, ev->status); 2608 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2609 2609
2610 hci_dev_lock(hdev); 2610 hci_dev_lock(hdev);
2611 2611
@@ -2763,7 +2763,7 @@ static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2763 struct hci_ev_clock_offset *ev = (void *) skb->data; 2763 struct hci_ev_clock_offset *ev = (void *) skb->data;
2764 struct hci_conn *conn; 2764 struct hci_conn *conn;
2765 2765
2766 BT_DBG("%s status %d", hdev->name, ev->status); 2766 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2767 2767
2768 hci_dev_lock(hdev); 2768 hci_dev_lock(hdev);
2769 2769
@@ -2786,7 +2786,7 @@ static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2786 struct hci_ev_pkt_type_change *ev = (void *) skb->data; 2786 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2787 struct hci_conn *conn; 2787 struct hci_conn *conn;
2788 2788
2789 BT_DBG("%s status %d", hdev->name, ev->status); 2789 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2790 2790
2791 hci_dev_lock(hdev); 2791 hci_dev_lock(hdev);
2792 2792
@@ -2930,7 +2930,7 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2930 struct hci_ev_sync_conn_complete *ev = (void *) skb->data; 2930 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2931 struct hci_conn *conn; 2931 struct hci_conn *conn;
2932 2932
2933 BT_DBG("%s status %d", hdev->name, ev->status); 2933 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2934 2934
2935 hci_dev_lock(hdev); 2935 hci_dev_lock(hdev);
2936 2936
@@ -2989,7 +2989,7 @@ static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2989{ 2989{
2990 struct hci_ev_sniff_subrate *ev = (void *) skb->data; 2990 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2991 2991
2992 BT_DBG("%s status %d", hdev->name, ev->status); 2992 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2993} 2993}
2994 2994
2995static void hci_extended_inquiry_result_evt(struct hci_dev *hdev, 2995static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
@@ -3046,7 +3046,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3046 struct hci_ev_key_refresh_complete *ev = (void *) skb->data; 3046 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3047 struct hci_conn *conn; 3047 struct hci_conn *conn;
3048 3048
3049 BT_DBG("%s status %u handle %u", hdev->name, ev->status, 3049 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3050 __le16_to_cpu(ev->handle)); 3050 __le16_to_cpu(ev->handle));
3051 3051
3052 hci_dev_lock(hdev); 3052 hci_dev_lock(hdev);
@@ -3346,7 +3346,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3346 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 3346 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3347 struct hci_conn *conn; 3347 struct hci_conn *conn;
3348 3348
3349 BT_DBG("%s status %d", hdev->name, ev->status); 3349 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3350 3350
3351 hci_dev_lock(hdev); 3351 hci_dev_lock(hdev);
3352 3352
@@ -3421,7 +3421,7 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3421 struct hci_conn *conn; 3421 struct hci_conn *conn;
3422 struct smp_ltk *ltk; 3422 struct smp_ltk *ltk;
3423 3423
3424 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle)); 3424 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3425 3425
3426 hci_dev_lock(hdev); 3426 hci_dev_lock(hdev);
3427 3427
@@ -3645,7 +3645,7 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3645 break; 3645 break;
3646 3646
3647 default: 3647 default:
3648 BT_DBG("%s event 0x%x", hdev->name, event); 3648 BT_DBG("%s event 0x%2.2x", hdev->name, event);
3649 break; 3649 break;
3650 } 3650 }
3651 3651
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index d42dfdc83ebb..a8964db04bfb 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -431,6 +431,7 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
431 chan->max_tx = L2CAP_DEFAULT_MAX_TX; 431 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; 432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
434 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW;
434 chan->sec_level = BT_SECURITY_LOW; 435 chan->sec_level = BT_SECURITY_LOW;
435 436
436 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 437 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
@@ -1657,7 +1658,7 @@ static void l2cap_streaming_send(struct l2cap_chan *chan,
1657 1658
1658 l2cap_do_send(chan, skb); 1659 l2cap_do_send(chan, skb);
1659 1660
1660 BT_DBG("Sent txseq %d", (int)control->txseq); 1661 BT_DBG("Sent txseq %u", control->txseq);
1661 1662
1662 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); 1663 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1663 chan->frames_sent++; 1664 chan->frames_sent++;
@@ -1722,11 +1723,11 @@ static int l2cap_ertm_send(struct l2cap_chan *chan)
1722 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb); 1723 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1723 1724
1724 l2cap_do_send(chan, tx_skb); 1725 l2cap_do_send(chan, tx_skb);
1725 BT_DBG("Sent txseq %d", (int)control->txseq); 1726 BT_DBG("Sent txseq %u", control->txseq);
1726 } 1727 }
1727 1728
1728 BT_DBG("Sent %d, %d unacked, %d in ERTM queue", sent, 1729 BT_DBG("Sent %d, %u unacked, %u in ERTM queue", sent,
1729 (int) chan->unacked_frames, skb_queue_len(&chan->tx_q)); 1730 chan->unacked_frames, skb_queue_len(&chan->tx_q));
1730 1731
1731 return sent; 1732 return sent;
1732} 1733}
@@ -1877,14 +1878,14 @@ static void l2cap_send_ack(struct l2cap_chan *chan)
1877 frames_to_ack = 0; 1878 frames_to_ack = 0;
1878 } 1879 }
1879 1880
1880 /* Ack now if the tx window is 3/4ths full. 1881 /* Ack now if the window is 3/4ths full.
1881 * Calculate without mul or div 1882 * Calculate without mul or div
1882 */ 1883 */
1883 threshold = chan->tx_win; 1884 threshold = chan->ack_win;
1884 threshold += threshold << 1; 1885 threshold += threshold << 1;
1885 threshold >>= 2; 1886 threshold >>= 2;
1886 1887
1887 BT_DBG("frames_to_ack %d, threshold %d", (int)frames_to_ack, 1888 BT_DBG("frames_to_ack %u, threshold %d", frames_to_ack,
1888 threshold); 1889 threshold);
1889 1890
1890 if (frames_to_ack >= threshold) { 1891 if (frames_to_ack >= threshold) {
@@ -1946,15 +1947,15 @@ static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1946} 1947}
1947 1948
1948static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, 1949static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1949 struct msghdr *msg, size_t len, 1950 struct msghdr *msg, size_t len,
1950 u32 priority) 1951 u32 priority)
1951{ 1952{
1952 struct l2cap_conn *conn = chan->conn; 1953 struct l2cap_conn *conn = chan->conn;
1953 struct sk_buff *skb; 1954 struct sk_buff *skb;
1954 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE; 1955 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1955 struct l2cap_hdr *lh; 1956 struct l2cap_hdr *lh;
1956 1957
1957 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority); 1958 BT_DBG("chan %p len %zu priority %u", chan, len, priority);
1958 1959
1959 count = min_t(unsigned int, (conn->mtu - hlen), len); 1960 count = min_t(unsigned int, (conn->mtu - hlen), len);
1960 1961
@@ -1980,15 +1981,15 @@ static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1980} 1981}
1981 1982
1982static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, 1983static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1983 struct msghdr *msg, size_t len, 1984 struct msghdr *msg, size_t len,
1984 u32 priority) 1985 u32 priority)
1985{ 1986{
1986 struct l2cap_conn *conn = chan->conn; 1987 struct l2cap_conn *conn = chan->conn;
1987 struct sk_buff *skb; 1988 struct sk_buff *skb;
1988 int err, count; 1989 int err, count;
1989 struct l2cap_hdr *lh; 1990 struct l2cap_hdr *lh;
1990 1991
1991 BT_DBG("chan %p len %d", chan, (int)len); 1992 BT_DBG("chan %p len %zu", chan, len);
1992 1993
1993 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len); 1994 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
1994 1995
@@ -2013,15 +2014,15 @@ static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
2013} 2014}
2014 2015
2015static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, 2016static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
2016 struct msghdr *msg, size_t len, 2017 struct msghdr *msg, size_t len,
2017 u16 sdulen) 2018 u16 sdulen)
2018{ 2019{
2019 struct l2cap_conn *conn = chan->conn; 2020 struct l2cap_conn *conn = chan->conn;
2020 struct sk_buff *skb; 2021 struct sk_buff *skb;
2021 int err, count, hlen; 2022 int err, count, hlen;
2022 struct l2cap_hdr *lh; 2023 struct l2cap_hdr *lh;
2023 2024
2024 BT_DBG("chan %p len %d", chan, (int)len); 2025 BT_DBG("chan %p len %zu", chan, len);
2025 2026
2026 if (!conn) 2027 if (!conn)
2027 return ERR_PTR(-ENOTCONN); 2028 return ERR_PTR(-ENOTCONN);
@@ -2075,7 +2076,7 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2075 size_t pdu_len; 2076 size_t pdu_len;
2076 u8 sar; 2077 u8 sar;
2077 2078
2078 BT_DBG("chan %p, msg %p, len %d", chan, msg, (int)len); 2079 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2079 2080
2080 /* It is critical that ERTM PDUs fit in a single HCI fragment, 2081 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2081 * so fragmented skbs are not used. The HCI layer's handling 2082 * so fragmented skbs are not used. The HCI layer's handling
@@ -2219,7 +2220,7 @@ static void l2cap_send_srej(struct l2cap_chan *chan, u16 txseq)
2219 struct l2cap_ctrl control; 2220 struct l2cap_ctrl control;
2220 u16 seq; 2221 u16 seq;
2221 2222
2222 BT_DBG("chan %p, txseq %d", chan, txseq); 2223 BT_DBG("chan %p, txseq %u", chan, txseq);
2223 2224
2224 memset(&control, 0, sizeof(control)); 2225 memset(&control, 0, sizeof(control));
2225 control.sframe = 1; 2226 control.sframe = 1;
@@ -2259,7 +2260,7 @@ static void l2cap_send_srej_list(struct l2cap_chan *chan, u16 txseq)
2259 u16 initial_head; 2260 u16 initial_head;
2260 u16 seq; 2261 u16 seq;
2261 2262
2262 BT_DBG("chan %p, txseq %d", chan, txseq); 2263 BT_DBG("chan %p, txseq %u", chan, txseq);
2263 2264
2264 memset(&control, 0, sizeof(control)); 2265 memset(&control, 0, sizeof(control));
2265 control.sframe = 1; 2266 control.sframe = 1;
@@ -2284,12 +2285,12 @@ static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2284 struct sk_buff *acked_skb; 2285 struct sk_buff *acked_skb;
2285 u16 ackseq; 2286 u16 ackseq;
2286 2287
2287 BT_DBG("chan %p, reqseq %d", chan, reqseq); 2288 BT_DBG("chan %p, reqseq %u", chan, reqseq);
2288 2289
2289 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq) 2290 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2290 return; 2291 return;
2291 2292
2292 BT_DBG("expected_ack_seq %d, unacked_frames %d", 2293 BT_DBG("expected_ack_seq %u, unacked_frames %u",
2293 chan->expected_ack_seq, chan->unacked_frames); 2294 chan->expected_ack_seq, chan->unacked_frames);
2294 2295
2295 for (ackseq = chan->expected_ack_seq; ackseq != reqseq; 2296 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
@@ -2308,7 +2309,7 @@ static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2308 if (chan->unacked_frames == 0) 2309 if (chan->unacked_frames == 0)
2309 __clear_retrans_timer(chan); 2310 __clear_retrans_timer(chan);
2310 2311
2311 BT_DBG("unacked_frames %d", (int) chan->unacked_frames); 2312 BT_DBG("unacked_frames %u", chan->unacked_frames);
2312} 2313}
2313 2314
2314static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan) 2315static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
@@ -2534,16 +2535,16 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2534} 2535}
2535 2536
2536/* ---- L2CAP signalling commands ---- */ 2537/* ---- L2CAP signalling commands ---- */
2537static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 2538static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2538 u8 code, u8 ident, u16 dlen, void *data) 2539 u8 ident, u16 dlen, void *data)
2539{ 2540{
2540 struct sk_buff *skb, **frag; 2541 struct sk_buff *skb, **frag;
2541 struct l2cap_cmd_hdr *cmd; 2542 struct l2cap_cmd_hdr *cmd;
2542 struct l2cap_hdr *lh; 2543 struct l2cap_hdr *lh;
2543 int len, count; 2544 int len, count;
2544 2545
2545 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", 2546 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %u",
2546 conn, code, ident, dlen); 2547 conn, code, ident, dlen);
2547 2548
2548 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; 2549 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2549 count = min_t(unsigned int, conn->mtu, len); 2550 count = min_t(unsigned int, conn->mtu, len);
@@ -2626,7 +2627,7 @@ static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned
2626 break; 2627 break;
2627 } 2628 }
2628 2629
2629 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val); 2630 BT_DBG("type 0x%2.2x len %u val 0x%lx", *type, opt->len, *val);
2630 return len; 2631 return len;
2631} 2632}
2632 2633
@@ -2634,7 +2635,7 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2634{ 2635{
2635 struct l2cap_conf_opt *opt = *ptr; 2636 struct l2cap_conf_opt *opt = *ptr;
2636 2637
2637 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val); 2638 BT_DBG("type 0x%2.2x len %u val 0x%lx", type, len, val);
2638 2639
2639 opt->type = type; 2640 opt->type = type;
2640 opt->len = len; 2641 opt->len = len;
@@ -2786,6 +2787,7 @@ static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2786 L2CAP_DEFAULT_TX_WINDOW); 2787 L2CAP_DEFAULT_TX_WINDOW);
2787 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 2788 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2788 } 2789 }
2790 chan->ack_win = chan->tx_win;
2789} 2791}
2790 2792
2791static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data) 2793static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
@@ -3175,10 +3177,9 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3175 break; 3177 break;
3176 3178
3177 case L2CAP_CONF_EWS: 3179 case L2CAP_CONF_EWS:
3178 chan->tx_win = min_t(u16, val, 3180 chan->ack_win = min_t(u16, val, chan->ack_win);
3179 L2CAP_DEFAULT_EXT_WINDOW);
3180 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2, 3181 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
3181 chan->tx_win); 3182 chan->tx_win);
3182 break; 3183 break;
3183 3184
3184 case L2CAP_CONF_EFS: 3185 case L2CAP_CONF_EFS:
@@ -3207,6 +3208,9 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3207 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 3208 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3208 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 3209 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3209 chan->mps = le16_to_cpu(rfc.max_pdu_size); 3210 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3211 if (!test_bit(FLAG_EXT_CTRL, &chan->flags))
3212 chan->ack_win = min_t(u16, chan->ack_win,
3213 rfc.txwin_size);
3210 3214
3211 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3215 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3212 chan->local_msdu = le16_to_cpu(efs.msdu); 3216 chan->local_msdu = le16_to_cpu(efs.msdu);
@@ -3268,7 +3272,17 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3268{ 3272{
3269 int type, olen; 3273 int type, olen;
3270 unsigned long val; 3274 unsigned long val;
3271 struct l2cap_conf_rfc rfc; 3275 /* Use sane default values in case a misbehaving remote device
3276 * did not send an RFC or extended window size option.
3277 */
3278 u16 txwin_ext = chan->ack_win;
3279 struct l2cap_conf_rfc rfc = {
3280 .mode = chan->mode,
3281 .retrans_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO),
3282 .monitor_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO),
3283 .max_pdu_size = cpu_to_le16(chan->imtu),
3284 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW),
3285 };
3272 3286
3273 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len); 3287 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
3274 3288
@@ -3278,32 +3292,27 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3278 while (len >= L2CAP_CONF_OPT_SIZE) { 3292 while (len >= L2CAP_CONF_OPT_SIZE) {
3279 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); 3293 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3280 3294
3281 if (type != L2CAP_CONF_RFC) 3295 switch (type) {
3282 continue; 3296 case L2CAP_CONF_RFC:
3283 3297 if (olen == sizeof(rfc))
3284 if (olen != sizeof(rfc)) 3298 memcpy(&rfc, (void *)val, olen);
3285 break; 3299 break;
3286 3300 case L2CAP_CONF_EWS:
3287 memcpy(&rfc, (void *)val, olen); 3301 txwin_ext = val;
3288 goto done; 3302 break;
3303 }
3289 } 3304 }
3290 3305
3291 /* Use sane default values in case a misbehaving remote device
3292 * did not send an RFC option.
3293 */
3294 rfc.mode = chan->mode;
3295 rfc.retrans_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3296 rfc.monitor_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3297 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
3298
3299 BT_ERR("Expected RFC option was not found, using defaults");
3300
3301done:
3302 switch (rfc.mode) { 3306 switch (rfc.mode) {
3303 case L2CAP_MODE_ERTM: 3307 case L2CAP_MODE_ERTM:
3304 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); 3308 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3305 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); 3309 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3306 chan->mps = le16_to_cpu(rfc.max_pdu_size); 3310 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3311 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3312 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext);
3313 else
3314 chan->ack_win = min_t(u16, chan->ack_win,
3315 rfc.txwin_size);
3307 break; 3316 break;
3308 case L2CAP_MODE_STREAMING: 3317 case L2CAP_MODE_STREAMING:
3309 chan->mps = le16_to_cpu(rfc.max_pdu_size); 3318 chan->mps = le16_to_cpu(rfc.max_pdu_size);
@@ -3949,7 +3958,7 @@ static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3949 psm = le16_to_cpu(req->psm); 3958 psm = le16_to_cpu(req->psm);
3950 scid = le16_to_cpu(req->scid); 3959 scid = le16_to_cpu(req->scid);
3951 3960
3952 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id); 3961 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id);
3953 3962
3954 /* Placeholder: Always reject */ 3963 /* Placeholder: Always reject */
3955 rsp.dcid = 0; 3964 rsp.dcid = 0;
@@ -3972,11 +3981,11 @@ static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3972} 3981}
3973 3982
3974static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident, 3983static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3975 u16 icid, u16 result) 3984 u16 icid, u16 result)
3976{ 3985{
3977 struct l2cap_move_chan_rsp rsp; 3986 struct l2cap_move_chan_rsp rsp;
3978 3987
3979 BT_DBG("icid %d, result %d", icid, result); 3988 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
3980 3989
3981 rsp.icid = cpu_to_le16(icid); 3990 rsp.icid = cpu_to_le16(icid);
3982 rsp.result = cpu_to_le16(result); 3991 rsp.result = cpu_to_le16(result);
@@ -3985,12 +3994,13 @@ static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3985} 3994}
3986 3995
3987static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn, 3996static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3988 struct l2cap_chan *chan, u16 icid, u16 result) 3997 struct l2cap_chan *chan,
3998 u16 icid, u16 result)
3989{ 3999{
3990 struct l2cap_move_chan_cfm cfm; 4000 struct l2cap_move_chan_cfm cfm;
3991 u8 ident; 4001 u8 ident;
3992 4002
3993 BT_DBG("icid %d, result %d", icid, result); 4003 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
3994 4004
3995 ident = l2cap_get_ident(conn); 4005 ident = l2cap_get_ident(conn);
3996 if (chan) 4006 if (chan)
@@ -4003,18 +4013,19 @@ static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
4003} 4013}
4004 4014
4005static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident, 4015static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
4006 u16 icid) 4016 u16 icid)
4007{ 4017{
4008 struct l2cap_move_chan_cfm_rsp rsp; 4018 struct l2cap_move_chan_cfm_rsp rsp;
4009 4019
4010 BT_DBG("icid %d", icid); 4020 BT_DBG("icid 0x%4.4x", icid);
4011 4021
4012 rsp.icid = cpu_to_le16(icid); 4022 rsp.icid = cpu_to_le16(icid);
4013 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp); 4023 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
4014} 4024}
4015 4025
4016static inline int l2cap_move_channel_req(struct l2cap_conn *conn, 4026static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4017 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4027 struct l2cap_cmd_hdr *cmd,
4028 u16 cmd_len, void *data)
4018{ 4029{
4019 struct l2cap_move_chan_req *req = data; 4030 struct l2cap_move_chan_req *req = data;
4020 u16 icid = 0; 4031 u16 icid = 0;
@@ -4025,7 +4036,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4025 4036
4026 icid = le16_to_cpu(req->icid); 4037 icid = le16_to_cpu(req->icid);
4027 4038
4028 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id); 4039 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id);
4029 4040
4030 if (!enable_hs) 4041 if (!enable_hs)
4031 return -EINVAL; 4042 return -EINVAL;
@@ -4037,7 +4048,8 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4037} 4048}
4038 4049
4039static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn, 4050static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4040 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4051 struct l2cap_cmd_hdr *cmd,
4052 u16 cmd_len, void *data)
4041{ 4053{
4042 struct l2cap_move_chan_rsp *rsp = data; 4054 struct l2cap_move_chan_rsp *rsp = data;
4043 u16 icid, result; 4055 u16 icid, result;
@@ -4048,7 +4060,7 @@ static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4048 icid = le16_to_cpu(rsp->icid); 4060 icid = le16_to_cpu(rsp->icid);
4049 result = le16_to_cpu(rsp->result); 4061 result = le16_to_cpu(rsp->result);
4050 4062
4051 BT_DBG("icid %d, result %d", icid, result); 4063 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
4052 4064
4053 /* Placeholder: Always unconfirmed */ 4065 /* Placeholder: Always unconfirmed */
4054 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED); 4066 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
@@ -4057,7 +4069,8 @@ static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4057} 4069}
4058 4070
4059static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn, 4071static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4060 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4072 struct l2cap_cmd_hdr *cmd,
4073 u16 cmd_len, void *data)
4061{ 4074{
4062 struct l2cap_move_chan_cfm *cfm = data; 4075 struct l2cap_move_chan_cfm *cfm = data;
4063 u16 icid, result; 4076 u16 icid, result;
@@ -4068,7 +4081,7 @@ static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4068 icid = le16_to_cpu(cfm->icid); 4081 icid = le16_to_cpu(cfm->icid);
4069 result = le16_to_cpu(cfm->result); 4082 result = le16_to_cpu(cfm->result);
4070 4083
4071 BT_DBG("icid %d, result %d", icid, result); 4084 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
4072 4085
4073 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); 4086 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
4074 4087
@@ -4076,7 +4089,8 @@ static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4076} 4089}
4077 4090
4078static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn, 4091static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4079 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data) 4092 struct l2cap_cmd_hdr *cmd,
4093 u16 cmd_len, void *data)
4080{ 4094{
4081 struct l2cap_move_chan_cfm_rsp *rsp = data; 4095 struct l2cap_move_chan_cfm_rsp *rsp = data;
4082 u16 icid; 4096 u16 icid;
@@ -4086,7 +4100,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4086 4100
4087 icid = le16_to_cpu(rsp->icid); 4101 icid = le16_to_cpu(rsp->icid);
4088 4102
4089 BT_DBG("icid %d", icid); 4103 BT_DBG("icid 0x%4.4x", icid);
4090 4104
4091 return 0; 4105 return 0;
4092} 4106}
@@ -5374,7 +5388,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5374 if (!conn) 5388 if (!conn)
5375 return 0; 5389 return 0;
5376 5390
5377 BT_DBG("conn %p", conn); 5391 BT_DBG("conn %p status 0x%2.2x encrypt %u", conn, status, encrypt);
5378 5392
5379 if (hcon->type == LE_LINK) { 5393 if (hcon->type == LE_LINK) {
5380 if (!status && encrypt) 5394 if (!status && encrypt)
@@ -5387,7 +5401,8 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5387 list_for_each_entry(chan, &conn->chan_l, list) { 5401 list_for_each_entry(chan, &conn->chan_l, list) {
5388 l2cap_chan_lock(chan); 5402 l2cap_chan_lock(chan);
5389 5403
5390 BT_DBG("chan->scid %d", chan->scid); 5404 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid,
5405 state_to_string(chan->state));
5391 5406
5392 if (chan->scid == L2CAP_CID_LE_DATA) { 5407 if (chan->scid == L2CAP_CID_LE_DATA) {
5393 if (!status && encrypt) { 5408 if (!status && encrypt) {
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a6e0f3d8da6c..ad6613d17ca6 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -210,7 +210,7 @@ static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
210 210
211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
212 212
213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
214 if (!skb) 214 if (!skb)
215 return -ENOMEM; 215 return -ENOMEM;
216 216
@@ -241,7 +241,7 @@ static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 241
242 BT_DBG("sock %p", sk); 242 BT_DBG("sock %p", sk);
243 243
244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
245 if (!skb) 245 if (!skb)
246 return -ENOMEM; 246 return -ENOMEM;
247 247
@@ -687,14 +687,14 @@ static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
687{ 687{
688 struct pending_cmd *cmd; 688 struct pending_cmd *cmd;
689 689
690 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 690 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
691 if (!cmd) 691 if (!cmd)
692 return NULL; 692 return NULL;
693 693
694 cmd->opcode = opcode; 694 cmd->opcode = opcode;
695 cmd->index = hdev->id; 695 cmd->index = hdev->id;
696 696
697 cmd->param = kmalloc(len, GFP_ATOMIC); 697 cmd->param = kmalloc(len, GFP_KERNEL);
698 if (!cmd->param) { 698 if (!cmd->param) {
699 kfree(cmd); 699 kfree(cmd);
700 return NULL; 700 return NULL;
@@ -812,7 +812,7 @@ static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
812 struct sk_buff *skb; 812 struct sk_buff *skb;
813 struct mgmt_hdr *hdr; 813 struct mgmt_hdr *hdr;
814 814
815 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 815 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
816 if (!skb) 816 if (!skb)
817 return -ENOMEM; 817 return -ENOMEM;
818 818
@@ -1268,7 +1268,7 @@ static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1268 goto failed; 1268 goto failed;
1269 } 1269 }
1270 1270
1271 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 1271 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1272 if (!uuid) { 1272 if (!uuid) {
1273 err = -ENOMEM; 1273 err = -ENOMEM;
1274 goto failed; 1274 goto failed;
@@ -1611,7 +1611,7 @@ static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1611 } 1611 }
1612 1612
1613 dc.handle = cpu_to_le16(conn->handle); 1613 dc.handle = cpu_to_le16(conn->handle);
1614 dc.reason = 0x13; /* Remote User Terminated Connection */ 1614 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1615 1615
1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1617 if (err < 0) 1617 if (err < 0)
@@ -1667,7 +1667,7 @@ static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1667 } 1667 }
1668 1668
1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1670 rp = kmalloc(rp_len, GFP_ATOMIC); 1670 rp = kmalloc(rp_len, GFP_KERNEL);
1671 if (!rp) { 1671 if (!rp) {
1672 err = -ENOMEM; 1672 err = -ENOMEM;
1673 goto unlock; 1673 goto unlock;
@@ -1778,29 +1778,6 @@ failed:
1778 return err; 1778 return err;
1779} 1779}
1780 1780
1781static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1782 void *data, u16 len)
1783{
1784 struct mgmt_cp_pin_code_neg_reply *cp = data;
1785 int err;
1786
1787 BT_DBG("");
1788
1789 hci_dev_lock(hdev);
1790
1791 if (!hdev_is_powered(hdev)) {
1792 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1793 MGMT_STATUS_NOT_POWERED);
1794 goto failed;
1795 }
1796
1797 err = send_pin_code_neg_reply(sk, hdev, cp);
1798
1799failed:
1800 hci_dev_unlock(hdev);
1801 return err;
1802}
1803
1804static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data, 1781static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1805 u16 len) 1782 u16 len)
1806{ 1783{
@@ -2083,6 +2060,18 @@ done:
2083 return err; 2060 return err;
2084} 2061}
2085 2062
2063static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2064 void *data, u16 len)
2065{
2066 struct mgmt_cp_pin_code_neg_reply *cp = data;
2067
2068 BT_DBG("");
2069
2070 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2071 MGMT_OP_PIN_CODE_NEG_REPLY,
2072 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2073}
2074
2086static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data, 2075static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2087 u16 len) 2076 u16 len)
2088{ 2077{
@@ -2607,8 +2596,8 @@ static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2607 if (cp->val) { 2596 if (cp->val) {
2608 type = PAGE_SCAN_TYPE_INTERLACED; 2597 type = PAGE_SCAN_TYPE_INTERLACED;
2609 2598
2610 /* 22.5 msec page scan interval */ 2599 /* 160 msec page scan interval */
2611 acp.interval = __constant_cpu_to_le16(0x0024); 2600 acp.interval = __constant_cpu_to_le16(0x0100);
2612 } else { 2601 } else {
2613 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2602 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2614 2603
@@ -3546,9 +3535,9 @@ int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3546 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3535 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3547 ev->rssi = rssi; 3536 ev->rssi = rssi;
3548 if (cfm_name) 3537 if (cfm_name)
3549 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME; 3538 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3550 if (!ssp) 3539 if (!ssp)
3551 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING; 3540 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3552 3541
3553 if (eir_len > 0) 3542 if (eir_len > 0)
3554 memcpy(ev->eir, eir, eir_len); 3543 memcpy(ev->eir, eir, eir_len);
@@ -3558,7 +3547,6 @@ int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3558 dev_class, 3); 3547 dev_class, 3);
3559 3548
3560 ev->eir_len = cpu_to_le16(eir_len); 3549 ev->eir_len = cpu_to_le16(eir_len);
3561
3562 ev_size = sizeof(*ev) + eir_len; 3550 ev_size = sizeof(*ev) + eir_len;
3563 3551
3564 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 3552 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-27 22:40:16 -0500