aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-03-21 00:04:47 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-03-21 00:04:47 -0400
commit3b59bf081622b6446db77ad06c93fe23677bc533 (patch)
tree3f4bb5a27c90cc86994a1f6d3c53fbf9208003cb /net/bluetooth
parente45836fafe157df137a837093037f741ad8f4c90 (diff)
parentbbdb32cb5b73597386913d052165423b9d736145 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Pull networking merge from David Miller: "1) Move ixgbe driver over to purely page based buffering on receive. From Alexander Duyck. 2) Add receive packet steering support to e1000e, from Bruce Allan. 3) Convert TCP MD5 support over to RCU, from Eric Dumazet. 4) Reduce cpu usage in handling out-of-order TCP packets on modern systems, also from Eric Dumazet. 5) Support the IP{,V6}_UNICAST_IF socket options, making the wine folks happy, from Erich Hoover. 6) Support VLAN trunking from guests in hyperv driver, from Haiyang Zhang. 7) Support byte-queue-limtis in r8169, from Igor Maravic. 8) Outline code intended for IP_RECVTOS in IP_PKTOPTIONS existed but was never properly implemented, Jiri Benc fixed that. 9) 64-bit statistics support in r8169 and 8139too, from Junchang Wang. 10) Support kernel side dump filtering by ctmark in netfilter ctnetlink, from Pablo Neira Ayuso. 11) Support byte-queue-limits in gianfar driver, from Paul Gortmaker. 12) Add new peek socket options to assist with socket migration, from Pavel Emelyanov. 13) Add sch_plug packet scheduler whose queue is controlled by userland daemons using explicit freeze and release commands. From Shriram Rajagopalan. 14) Fix FCOE checksum offload handling on transmit, from Yi Zou." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1846 commits) Fix pppol2tp getsockname() Remove printk from rds_sendmsg ipv6: fix incorrent ipv6 ipsec packet fragment cpsw: Hook up default ndo_change_mtu. net: qmi_wwan: fix build error due to cdc-wdm dependecy netdev: driver: ethernet: Add TI CPSW driver netdev: driver: ethernet: add cpsw address lookup engine support phy: add am79c874 PHY support mlx4_core: fix race on comm channel bonding: send igmp report for its master fs_enet: Add MPC5125 FEC support and PHY interface selection net: bpf_jit: fix BPF_S_LDX_B_MSH compilation net: update the usage of CHECKSUM_UNNECESSARY fcoe: use CHECKSUM_UNNECESSARY instead of CHECKSUM_PARTIAL on tx net: do not do gso for CHECKSUM_UNNECESSARY in netif_needs_gso ixgbe: Fix issues with SR-IOV loopback when flow control is disabled net/hyperv: Fix the code handling tx busy ixgbe: fix namespace issues when FCoE/DCB is not enabled rtlwifi: Remove unused ETH_ADDR_LEN defines igbvf: Use ETH_ALEN ... Fix up fairly trivial conflicts in drivers/isdn/gigaset/interface.c and drivers/net/usb/{Kconfig,qmi_wwan.c} as per David.
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/Kconfig1
-rw-r--r--net/bluetooth/bnep/sock.c6
-rw-r--r--net/bluetooth/cmtp/sock.c6
-rw-r--r--net/bluetooth/hci_conn.c73
-rw-r--r--net/bluetooth/hci_core.c645
-rw-r--r--net/bluetooth/hci_event.c631
-rw-r--r--net/bluetooth/hci_sock.c469
-rw-r--r--net/bluetooth/hci_sysfs.c53
-rw-r--r--net/bluetooth/hidp/sock.c6
-rw-r--r--net/bluetooth/l2cap_core.c641
-rw-r--r--net/bluetooth/l2cap_sock.c54
-rw-r--r--net/bluetooth/lib.c27
-rw-r--r--net/bluetooth/mgmt.c2647
-rw-r--r--net/bluetooth/rfcomm/tty.c6
-rw-r--r--net/bluetooth/smp.c108
15 files changed, 3585 insertions, 1788 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 9ec85eb8853d..3537d385035e 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -29,7 +29,6 @@ menuconfig BT
29 BNEP Module (Bluetooth Network Encapsulation Protocol) 29 BNEP Module (Bluetooth Network Encapsulation Protocol)
30 CMTP Module (CAPI Message Transport Protocol) 30 CMTP Module (CAPI Message Transport Protocol)
31 HIDP Module (Human Interface Device Protocol) 31 HIDP Module (Human Interface Device Protocol)
32 SMP Module (Security Manager Protocol)
33 32
34 Say Y here to compile Bluetooth support into the kernel or say M to 33 Say Y here to compile Bluetooth support into the kernel or say M to
35 compile it as module (bluetooth). 34 compile it as module (bluetooth).
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 17800b1d28ea..9f9c8dcd8af0 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -143,10 +143,10 @@ static int bnep_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigne
143{ 143{
144 if (cmd == BNEPGETCONNLIST) { 144 if (cmd == BNEPGETCONNLIST) {
145 struct bnep_connlist_req cl; 145 struct bnep_connlist_req cl;
146 uint32_t uci; 146 u32 uci;
147 int err; 147 int err;
148 148
149 if (get_user(cl.cnum, (uint32_t __user *) arg) || 149 if (get_user(cl.cnum, (u32 __user *) arg) ||
150 get_user(uci, (u32 __user *) (arg + 4))) 150 get_user(uci, (u32 __user *) (arg + 4)))
151 return -EFAULT; 151 return -EFAULT;
152 152
@@ -157,7 +157,7 @@ static int bnep_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigne
157 157
158 err = bnep_get_connlist(&cl); 158 err = bnep_get_connlist(&cl);
159 159
160 if (!err && put_user(cl.cnum, (uint32_t __user *) arg)) 160 if (!err && put_user(cl.cnum, (u32 __user *) arg))
161 err = -EFAULT; 161 err = -EFAULT;
162 162
163 return err; 163 return err;
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 3f2dd5c25ae5..1230faaac29b 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -137,10 +137,10 @@ static int cmtp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigne
137{ 137{
138 if (cmd == CMTPGETCONNLIST) { 138 if (cmd == CMTPGETCONNLIST) {
139 struct cmtp_connlist_req cl; 139 struct cmtp_connlist_req cl;
140 uint32_t uci; 140 u32 uci;
141 int err; 141 int err;
142 142
143 if (get_user(cl.cnum, (uint32_t __user *) arg) || 143 if (get_user(cl.cnum, (u32 __user *) arg) ||
144 get_user(uci, (u32 __user *) (arg + 4))) 144 get_user(uci, (u32 __user *) (arg + 4)))
145 return -EFAULT; 145 return -EFAULT;
146 146
@@ -151,7 +151,7 @@ static int cmtp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigne
151 151
152 err = cmtp_get_connlist(&cl); 152 err = cmtp_get_connlist(&cl);
153 153
154 if (!err && put_user(cl.cnum, (uint32_t __user *) arg)) 154 if (!err && put_user(cl.cnum, (u32 __user *) arg))
155 err = -EFAULT; 155 err = -EFAULT;
156 156
157 return err; 157 return err;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 07bc69ed9498..947172bf1621 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -35,7 +35,6 @@
35#include <linux/init.h> 35#include <linux/init.h>
36#include <linux/skbuff.h> 36#include <linux/skbuff.h>
37#include <linux/interrupt.h> 37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h> 38#include <net/sock.h>
40 39
41#include <asm/system.h> 40#include <asm/system.h>
@@ -51,7 +50,7 @@ static void hci_le_connect(struct hci_conn *conn)
51 struct hci_cp_le_create_conn cp; 50 struct hci_cp_le_create_conn cp;
52 51
53 conn->state = BT_CONNECT; 52 conn->state = BT_CONNECT;
54 conn->out = 1; 53 conn->out = true;
55 conn->link_mode |= HCI_LM_MASTER; 54 conn->link_mode |= HCI_LM_MASTER;
56 conn->sec_level = BT_SECURITY_LOW; 55 conn->sec_level = BT_SECURITY_LOW;
57 56
@@ -80,10 +79,10 @@ void hci_acl_connect(struct hci_conn *conn)
80 struct inquiry_entry *ie; 79 struct inquiry_entry *ie;
81 struct hci_cp_create_conn cp; 80 struct hci_cp_create_conn cp;
82 81
83 BT_DBG("%p", conn); 82 BT_DBG("hcon %p", conn);
84 83
85 conn->state = BT_CONNECT; 84 conn->state = BT_CONNECT;
86 conn->out = 1; 85 conn->out = true;
87 86
88 conn->link_mode = HCI_LM_MASTER; 87 conn->link_mode = HCI_LM_MASTER;
89 88
@@ -105,7 +104,8 @@ void hci_acl_connect(struct hci_conn *conn)
105 } 104 }
106 105
107 memcpy(conn->dev_class, ie->data.dev_class, 3); 106 memcpy(conn->dev_class, ie->data.dev_class, 3);
108 conn->ssp_mode = ie->data.ssp_mode; 107 if (ie->data.ssp_mode > 0)
108 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
109 } 109 }
110 110
111 cp.pkt_type = cpu_to_le16(conn->pkt_type); 111 cp.pkt_type = cpu_to_le16(conn->pkt_type);
@@ -151,7 +151,7 @@ void hci_add_sco(struct hci_conn *conn, __u16 handle)
151 BT_DBG("%p", conn); 151 BT_DBG("%p", conn);
152 152
153 conn->state = BT_CONNECT; 153 conn->state = BT_CONNECT;
154 conn->out = 1; 154 conn->out = true;
155 155
156 conn->attempt++; 156 conn->attempt++;
157 157
@@ -169,7 +169,7 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
169 BT_DBG("%p", conn); 169 BT_DBG("%p", conn);
170 170
171 conn->state = BT_CONNECT; 171 conn->state = BT_CONNECT;
172 conn->out = 1; 172 conn->out = true;
173 173
174 conn->attempt++; 174 conn->attempt++;
175 175
@@ -279,16 +279,13 @@ static void hci_conn_timeout(struct work_struct *work)
279{ 279{
280 struct hci_conn *conn = container_of(work, struct hci_conn, 280 struct hci_conn *conn = container_of(work, struct hci_conn,
281 disc_work.work); 281 disc_work.work);
282 struct hci_dev *hdev = conn->hdev;
283 __u8 reason; 282 __u8 reason;
284 283
285 BT_DBG("conn %p state %d", conn, conn->state); 284 BT_DBG("conn %p state %s", conn, state_to_string(conn->state));
286 285
287 if (atomic_read(&conn->refcnt)) 286 if (atomic_read(&conn->refcnt))
288 return; 287 return;
289 288
290 hci_dev_lock(hdev);
291
292 switch (conn->state) { 289 switch (conn->state) {
293 case BT_CONNECT: 290 case BT_CONNECT:
294 case BT_CONNECT2: 291 case BT_CONNECT2:
@@ -308,8 +305,6 @@ static void hci_conn_timeout(struct work_struct *work)
308 conn->state = BT_CLOSED; 305 conn->state = BT_CLOSED;
309 break; 306 break;
310 } 307 }
311
312 hci_dev_unlock(hdev);
313} 308}
314 309
315/* Enter sniff mode */ 310/* Enter sniff mode */
@@ -337,7 +332,7 @@ static void hci_conn_enter_sniff_mode(struct hci_conn *conn)
337 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp); 332 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
338 } 333 }
339 334
340 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 335 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
341 struct hci_cp_sniff_mode cp; 336 struct hci_cp_sniff_mode cp;
342 cp.handle = cpu_to_le16(conn->handle); 337 cp.handle = cpu_to_le16(conn->handle);
343 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval); 338 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
@@ -372,7 +367,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
372 367
373 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 368 BT_DBG("%s dst %s", hdev->name, batostr(dst));
374 369
375 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 370 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
376 if (!conn) 371 if (!conn)
377 return NULL; 372 return NULL;
378 373
@@ -386,7 +381,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
386 conn->remote_auth = 0xff; 381 conn->remote_auth = 0xff;
387 conn->key_type = 0xff; 382 conn->key_type = 0xff;
388 383
389 conn->power_save = 1; 384 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
390 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 385 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
391 386
392 switch (type) { 387 switch (type) {
@@ -407,7 +402,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
407 402
408 skb_queue_head_init(&conn->data_q); 403 skb_queue_head_init(&conn->data_q);
409 404
410 INIT_LIST_HEAD(&conn->chan_list);; 405 INIT_LIST_HEAD(&conn->chan_list);
411 406
412 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); 407 INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
413 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn); 408 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
@@ -555,7 +550,7 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
555 if (!acl) { 550 if (!acl) {
556 acl = hci_conn_add(hdev, ACL_LINK, dst); 551 acl = hci_conn_add(hdev, ACL_LINK, dst);
557 if (!acl) 552 if (!acl)
558 return NULL; 553 return ERR_PTR(-ENOMEM);
559 } 554 }
560 555
561 hci_conn_hold(acl); 556 hci_conn_hold(acl);
@@ -575,7 +570,7 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
575 sco = hci_conn_add(hdev, type, dst); 570 sco = hci_conn_add(hdev, type, dst);
576 if (!sco) { 571 if (!sco) {
577 hci_conn_put(acl); 572 hci_conn_put(acl);
578 return NULL; 573 return ERR_PTR(-ENOMEM);
579 } 574 }
580 } 575 }
581 576
@@ -586,12 +581,12 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
586 581
587 if (acl->state == BT_CONNECTED && 582 if (acl->state == BT_CONNECTED &&
588 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 583 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
589 acl->power_save = 1; 584 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
590 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); 585 hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON);
591 586
592 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { 587 if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->flags)) {
593 /* defer SCO setup until mode change completed */ 588 /* defer SCO setup until mode change completed */
594 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->pend); 589 set_bit(HCI_CONN_SCO_SETUP_PEND, &acl->flags);
595 return sco; 590 return sco;
596 } 591 }
597 592
@@ -607,8 +602,7 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
607{ 602{
608 BT_DBG("conn %p", conn); 603 BT_DBG("conn %p", conn);
609 604
610 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 605 if (hci_conn_ssp_enabled(conn) && !(conn->link_mode & HCI_LM_ENCRYPT))
611 !(conn->link_mode & HCI_LM_ENCRYPT))
612 return 0; 606 return 0;
613 607
614 return 1; 608 return 1;
@@ -633,17 +627,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
633 627
634 conn->auth_type = auth_type; 628 conn->auth_type = auth_type;
635 629
636 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 630 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
637 struct hci_cp_auth_requested cp; 631 struct hci_cp_auth_requested cp;
638 632
639 /* encrypt must be pending if auth is also pending */ 633 /* encrypt must be pending if auth is also pending */
640 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 634 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
641 635
642 cp.handle = cpu_to_le16(conn->handle); 636 cp.handle = cpu_to_le16(conn->handle);
643 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 637 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
644 sizeof(cp), &cp); 638 sizeof(cp), &cp);
645 if (conn->key_type != 0xff) 639 if (conn->key_type != 0xff)
646 set_bit(HCI_CONN_REAUTH_PEND, &conn->pend); 640 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
647 } 641 }
648 642
649 return 0; 643 return 0;
@@ -654,7 +648,7 @@ static void hci_conn_encrypt(struct hci_conn *conn)
654{ 648{
655 BT_DBG("conn %p", conn); 649 BT_DBG("conn %p", conn);
656 650
657 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 651 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
658 struct hci_cp_set_conn_encrypt cp; 652 struct hci_cp_set_conn_encrypt cp;
659 cp.handle = cpu_to_le16(conn->handle); 653 cp.handle = cpu_to_le16(conn->handle);
660 cp.encrypt = 0x01; 654 cp.encrypt = 0x01;
@@ -674,8 +668,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
674 668
675 /* For non 2.1 devices and low security level we don't need the link 669 /* For non 2.1 devices and low security level we don't need the link
676 key. */ 670 key. */
677 if (sec_level == BT_SECURITY_LOW && 671 if (sec_level == BT_SECURITY_LOW && !hci_conn_ssp_enabled(conn))
678 (!conn->ssp_mode || !conn->hdev->ssp_mode))
679 return 1; 672 return 1;
680 673
681 /* For other security levels we need the link key. */ 674 /* For other security levels we need the link key. */
@@ -704,7 +697,7 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
704 goto encrypt; 697 goto encrypt;
705 698
706auth: 699auth:
707 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 700 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
708 return 0; 701 return 0;
709 702
710 if (!hci_conn_auth(conn, sec_level, auth_type)) 703 if (!hci_conn_auth(conn, sec_level, auth_type))
@@ -739,7 +732,7 @@ int hci_conn_change_link_key(struct hci_conn *conn)
739{ 732{
740 BT_DBG("conn %p", conn); 733 BT_DBG("conn %p", conn);
741 734
742 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 735 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
743 struct hci_cp_change_conn_link_key cp; 736 struct hci_cp_change_conn_link_key cp;
744 cp.handle = cpu_to_le16(conn->handle); 737 cp.handle = cpu_to_le16(conn->handle);
745 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, 738 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
@@ -758,7 +751,7 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role)
758 if (!role && conn->link_mode & HCI_LM_MASTER) 751 if (!role && conn->link_mode & HCI_LM_MASTER)
759 return 1; 752 return 1;
760 753
761 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) { 754 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->flags)) {
762 struct hci_cp_switch_role cp; 755 struct hci_cp_switch_role cp;
763 bacpy(&cp.bdaddr, &conn->dst); 756 bacpy(&cp.bdaddr, &conn->dst);
764 cp.role = role; 757 cp.role = role;
@@ -782,10 +775,10 @@ void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active)
782 if (conn->mode != HCI_CM_SNIFF) 775 if (conn->mode != HCI_CM_SNIFF)
783 goto timer; 776 goto timer;
784 777
785 if (!conn->power_save && !force_active) 778 if (!test_bit(HCI_CONN_POWER_SAVE, &conn->flags) && !force_active)
786 goto timer; 779 goto timer;
787 780
788 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 781 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
789 struct hci_cp_exit_sniff_mode cp; 782 struct hci_cp_exit_sniff_mode cp;
790 cp.handle = cpu_to_le16(conn->handle); 783 cp.handle = cpu_to_le16(conn->handle);
791 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp); 784 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
@@ -801,11 +794,11 @@ timer:
801void hci_conn_hash_flush(struct hci_dev *hdev) 794void hci_conn_hash_flush(struct hci_dev *hdev)
802{ 795{
803 struct hci_conn_hash *h = &hdev->conn_hash; 796 struct hci_conn_hash *h = &hdev->conn_hash;
804 struct hci_conn *c; 797 struct hci_conn *c, *n;
805 798
806 BT_DBG("hdev %s", hdev->name); 799 BT_DBG("hdev %s", hdev->name);
807 800
808 list_for_each_entry_rcu(c, &h->list, list) { 801 list_for_each_entry_safe(c, n, &h->list, list) {
809 c->state = BT_CLOSED; 802 c->state = BT_CLOSED;
810 803
811 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM); 804 hci_proto_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
@@ -950,7 +943,7 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
950 943
951 BT_DBG("%s conn %p", hdev->name, conn); 944 BT_DBG("%s conn %p", hdev->name, conn);
952 945
953 chan = kzalloc(sizeof(struct hci_chan), GFP_ATOMIC); 946 chan = kzalloc(sizeof(struct hci_chan), GFP_KERNEL);
954 if (!chan) 947 if (!chan)
955 return NULL; 948 return NULL;
956 949
@@ -981,10 +974,10 @@ int hci_chan_del(struct hci_chan *chan)
981 974
982void hci_chan_list_flush(struct hci_conn *conn) 975void hci_chan_list_flush(struct hci_conn *conn)
983{ 976{
984 struct hci_chan *chan; 977 struct hci_chan *chan, *n;
985 978
986 BT_DBG("conn %p", conn); 979 BT_DBG("conn %p", conn);
987 980
988 list_for_each_entry_rcu(chan, &conn->chan_list, list) 981 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
989 hci_chan_del(chan); 982 hci_chan_del(chan);
990} 983}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 5aeb62491198..59ec99eb739b 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -40,7 +40,6 @@
40#include <linux/skbuff.h> 40#include <linux/skbuff.h>
41#include <linux/workqueue.h> 41#include <linux/workqueue.h>
42#include <linux/interrupt.h> 42#include <linux/interrupt.h>
43#include <linux/notifier.h>
44#include <linux/rfkill.h> 43#include <linux/rfkill.h>
45#include <linux/timer.h> 44#include <linux/timer.h>
46#include <linux/crypto.h> 45#include <linux/crypto.h>
@@ -55,8 +54,6 @@
55 54
56#define AUTO_OFF_TIMEOUT 2000 55#define AUTO_OFF_TIMEOUT 2000
57 56
58bool enable_hs;
59
60static void hci_rx_work(struct work_struct *work); 57static void hci_rx_work(struct work_struct *work);
61static void hci_cmd_work(struct work_struct *work); 58static void hci_cmd_work(struct work_struct *work);
62static void hci_tx_work(struct work_struct *work); 59static void hci_tx_work(struct work_struct *work);
@@ -69,24 +66,11 @@ DEFINE_RWLOCK(hci_dev_list_lock);
69LIST_HEAD(hci_cb_list); 66LIST_HEAD(hci_cb_list);
70DEFINE_RWLOCK(hci_cb_list_lock); 67DEFINE_RWLOCK(hci_cb_list_lock);
71 68
72/* HCI notifiers list */
73static ATOMIC_NOTIFIER_HEAD(hci_notifier);
74
75/* ---- HCI notifications ---- */ 69/* ---- HCI notifications ---- */
76 70
77int hci_register_notifier(struct notifier_block *nb)
78{
79 return atomic_notifier_chain_register(&hci_notifier, nb);
80}
81
82int hci_unregister_notifier(struct notifier_block *nb)
83{
84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
85}
86
87static void hci_notify(struct hci_dev *hdev, int event) 71static void hci_notify(struct hci_dev *hdev, int event)
88{ 72{
89 atomic_notifier_call_chain(&hci_notifier, event, hdev); 73 hci_sock_dev_event(hdev, event);
90} 74}
91 75
92/* ---- HCI requests ---- */ 76/* ---- HCI requests ---- */
@@ -98,8 +82,28 @@ void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
98 /* If this is the init phase check if the completed command matches 82 /* If this is the init phase check if the completed command matches
99 * the last init command, and if not just return. 83 * the last init command, and if not just return.
100 */ 84 */
101 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) 85 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
86 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
87 struct sk_buff *skb;
88
89 /* Some CSR based controllers generate a spontaneous
90 * reset complete event during init and any pending
91 * command will never be completed. In such a case we
92 * need to resend whatever was the last sent
93 * command.
94 */
95
96 if (cmd != HCI_OP_RESET || sent->opcode == HCI_OP_RESET)
97 return;
98
99 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
100 if (skb) {
101 skb_queue_head(&hdev->cmd_q, skb);
102 queue_work(hdev->workqueue, &hdev->cmd_work);
103 }
104
102 return; 105 return;
106 }
103 107
104 if (hdev->req_status == HCI_REQ_PEND) { 108 if (hdev->req_status == HCI_REQ_PEND) {
105 hdev->req_result = result; 109 hdev->req_result = result;
@@ -355,72 +359,209 @@ struct hci_dev *hci_dev_get(int index)
355} 359}
356 360
357/* ---- Inquiry support ---- */ 361/* ---- Inquiry support ---- */
358static void inquiry_cache_flush(struct hci_dev *hdev) 362
363bool hci_discovery_active(struct hci_dev *hdev)
359{ 364{
360 struct inquiry_cache *cache = &hdev->inq_cache; 365 struct discovery_state *discov = &hdev->discovery;
361 struct inquiry_entry *next = cache->list, *e; 366
367 switch (discov->state) {
368 case DISCOVERY_FINDING:
369 case DISCOVERY_RESOLVING:
370 return true;
371
372 default:
373 return false;
374 }
375}
376
377void hci_discovery_set_state(struct hci_dev *hdev, int state)
378{
379 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
380
381 if (hdev->discovery.state == state)
382 return;
383
384 switch (state) {
385 case DISCOVERY_STOPPED:
386 if (hdev->discovery.state != DISCOVERY_STARTING)
387 mgmt_discovering(hdev, 0);
388 hdev->discovery.type = 0;
389 break;
390 case DISCOVERY_STARTING:
391 break;
392 case DISCOVERY_FINDING:
393 mgmt_discovering(hdev, 1);
394 break;
395 case DISCOVERY_RESOLVING:
396 break;
397 case DISCOVERY_STOPPING:
398 break;
399 }
400
401 hdev->discovery.state = state;
402}
362 403
363 BT_DBG("cache %p", cache); 404static void inquiry_cache_flush(struct hci_dev *hdev)
405{
406 struct discovery_state *cache = &hdev->discovery;
407 struct inquiry_entry *p, *n;
364 408
365 cache->list = NULL; 409 list_for_each_entry_safe(p, n, &cache->all, all) {
366 while ((e = next)) { 410 list_del(&p->all);
367 next = e->next; 411 kfree(p);
368 kfree(e);
369 } 412 }
413
414 INIT_LIST_HEAD(&cache->unknown);
415 INIT_LIST_HEAD(&cache->resolve);
370} 416}
371 417
372struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) 418struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
373{ 419{
374 struct inquiry_cache *cache = &hdev->inq_cache; 420 struct discovery_state *cache = &hdev->discovery;
375 struct inquiry_entry *e; 421 struct inquiry_entry *e;
376 422
377 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 423 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
378 424
379 for (e = cache->list; e; e = e->next) 425 list_for_each_entry(e, &cache->all, all) {
426 if (!bacmp(&e->data.bdaddr, bdaddr))
427 return e;
428 }
429
430 return NULL;
431}
432
433struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
434 bdaddr_t *bdaddr)
435{
436 struct discovery_state *cache = &hdev->discovery;
437 struct inquiry_entry *e;
438
439 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
440
441 list_for_each_entry(e, &cache->unknown, list) {
442 if (!bacmp(&e->data.bdaddr, bdaddr))
443 return e;
444 }
445
446 return NULL;
447}
448
449struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
450 bdaddr_t *bdaddr,
451 int state)
452{
453 struct discovery_state *cache = &hdev->discovery;
454 struct inquiry_entry *e;
455
456 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
457
458 list_for_each_entry(e, &cache->resolve, list) {
459 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
460 return e;
380 if (!bacmp(&e->data.bdaddr, bdaddr)) 461 if (!bacmp(&e->data.bdaddr, bdaddr))
462 return e;
463 }
464
465 return NULL;
466}
467
468void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
469 struct inquiry_entry *ie)
470{
471 struct discovery_state *cache = &hdev->discovery;
472 struct list_head *pos = &cache->resolve;
473 struct inquiry_entry *p;
474
475 list_del(&ie->list);
476
477 list_for_each_entry(p, &cache->resolve, list) {
478 if (p->name_state != NAME_PENDING &&
479 abs(p->data.rssi) >= abs(ie->data.rssi))
381 break; 480 break;
382 return e; 481 pos = &p->list;
482 }
483
484 list_add(&ie->list, pos);
383} 485}
384 486
385void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) 487bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
488 bool name_known, bool *ssp)
386{ 489{
387 struct inquiry_cache *cache = &hdev->inq_cache; 490 struct discovery_state *cache = &hdev->discovery;
388 struct inquiry_entry *ie; 491 struct inquiry_entry *ie;
389 492
390 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 493 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
391 494
495 if (ssp)
496 *ssp = data->ssp_mode;
497
392 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); 498 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
393 if (!ie) { 499 if (ie) {
394 /* Entry not in the cache. Add new one. */ 500 if (ie->data.ssp_mode && ssp)
395 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); 501 *ssp = true;
396 if (!ie) 502
397 return; 503 if (ie->name_state == NAME_NEEDED &&
504 data->rssi != ie->data.rssi) {
505 ie->data.rssi = data->rssi;
506 hci_inquiry_cache_update_resolve(hdev, ie);
507 }
398 508
399 ie->next = cache->list; 509 goto update;
400 cache->list = ie; 510 }
511
512 /* Entry not in the cache. Add new one. */
513 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
514 if (!ie)
515 return false;
516
517 list_add(&ie->all, &cache->all);
518
519 if (name_known) {
520 ie->name_state = NAME_KNOWN;
521 } else {
522 ie->name_state = NAME_NOT_KNOWN;
523 list_add(&ie->list, &cache->unknown);
524 }
525
526update:
527 if (name_known && ie->name_state != NAME_KNOWN &&
528 ie->name_state != NAME_PENDING) {
529 ie->name_state = NAME_KNOWN;
530 list_del(&ie->list);
401 } 531 }
402 532
403 memcpy(&ie->data, data, sizeof(*data)); 533 memcpy(&ie->data, data, sizeof(*data));
404 ie->timestamp = jiffies; 534 ie->timestamp = jiffies;
405 cache->timestamp = jiffies; 535 cache->timestamp = jiffies;
536
537 if (ie->name_state == NAME_NOT_KNOWN)
538 return false;
539
540 return true;
406} 541}
407 542
408static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf) 543static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
409{ 544{
410 struct inquiry_cache *cache = &hdev->inq_cache; 545 struct discovery_state *cache = &hdev->discovery;
411 struct inquiry_info *info = (struct inquiry_info *) buf; 546 struct inquiry_info *info = (struct inquiry_info *) buf;
412 struct inquiry_entry *e; 547 struct inquiry_entry *e;
413 int copied = 0; 548 int copied = 0;
414 549
415 for (e = cache->list; e && copied < num; e = e->next, copied++) { 550 list_for_each_entry(e, &cache->all, all) {
416 struct inquiry_data *data = &e->data; 551 struct inquiry_data *data = &e->data;
552
553 if (copied >= num)
554 break;
555
417 bacpy(&info->bdaddr, &data->bdaddr); 556 bacpy(&info->bdaddr, &data->bdaddr);
418 info->pscan_rep_mode = data->pscan_rep_mode; 557 info->pscan_rep_mode = data->pscan_rep_mode;
419 info->pscan_period_mode = data->pscan_period_mode; 558 info->pscan_period_mode = data->pscan_period_mode;
420 info->pscan_mode = data->pscan_mode; 559 info->pscan_mode = data->pscan_mode;
421 memcpy(info->dev_class, data->dev_class, 3); 560 memcpy(info->dev_class, data->dev_class, 3);
422 info->clock_offset = data->clock_offset; 561 info->clock_offset = data->clock_offset;
562
423 info++; 563 info++;
564 copied++;
424 } 565 }
425 566
426 BT_DBG("cache %p, copied %d", cache, copied); 567 BT_DBG("cache %p, copied %d", cache, copied);
@@ -567,7 +708,7 @@ int hci_dev_open(__u16 dev)
567 hci_dev_hold(hdev); 708 hci_dev_hold(hdev);
568 set_bit(HCI_UP, &hdev->flags); 709 set_bit(HCI_UP, &hdev->flags);
569 hci_notify(hdev, HCI_DEV_UP); 710 hci_notify(hdev, HCI_DEV_UP);
570 if (!test_bit(HCI_SETUP, &hdev->flags)) { 711 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
571 hci_dev_lock(hdev); 712 hci_dev_lock(hdev);
572 mgmt_powered(hdev, 1); 713 mgmt_powered(hdev, 1);
573 hci_dev_unlock(hdev); 714 hci_dev_unlock(hdev);
@@ -603,6 +744,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
603{ 744{
604 BT_DBG("%s %p", hdev->name, hdev); 745 BT_DBG("%s %p", hdev->name, hdev);
605 746
747 cancel_work_sync(&hdev->le_scan);
748
606 hci_req_cancel(hdev, ENODEV); 749 hci_req_cancel(hdev, ENODEV);
607 hci_req_lock(hdev); 750 hci_req_lock(hdev);
608 751
@@ -619,14 +762,14 @@ static int hci_dev_do_close(struct hci_dev *hdev)
619 if (hdev->discov_timeout > 0) { 762 if (hdev->discov_timeout > 0) {
620 cancel_delayed_work(&hdev->discov_off); 763 cancel_delayed_work(&hdev->discov_off);
621 hdev->discov_timeout = 0; 764 hdev->discov_timeout = 0;
765 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
622 } 766 }
623 767
624 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags)) 768 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
625 cancel_delayed_work(&hdev->power_off);
626
627 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
628 cancel_delayed_work(&hdev->service_cache); 769 cancel_delayed_work(&hdev->service_cache);
629 770
771 cancel_delayed_work_sync(&hdev->le_scan_disable);
772
630 hci_dev_lock(hdev); 773 hci_dev_lock(hdev);
631 inquiry_cache_flush(hdev); 774 inquiry_cache_flush(hdev);
632 hci_conn_hash_flush(hdev); 775 hci_conn_hash_flush(hdev);
@@ -667,13 +810,18 @@ static int hci_dev_do_close(struct hci_dev *hdev)
667 * and no tasks are scheduled. */ 810 * and no tasks are scheduled. */
668 hdev->close(hdev); 811 hdev->close(hdev);
669 812
670 hci_dev_lock(hdev); 813 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
671 mgmt_powered(hdev, 0); 814 hci_dev_lock(hdev);
672 hci_dev_unlock(hdev); 815 mgmt_powered(hdev, 0);
816 hci_dev_unlock(hdev);
817 }
673 818
674 /* Clear flags */ 819 /* Clear flags */
675 hdev->flags = 0; 820 hdev->flags = 0;
676 821
822 memset(hdev->eir, 0, sizeof(hdev->eir));
823 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
824
677 hci_req_unlock(hdev); 825 hci_req_unlock(hdev);
678 826
679 hci_dev_put(hdev); 827 hci_dev_put(hdev);
@@ -688,7 +836,12 @@ int hci_dev_close(__u16 dev)
688 hdev = hci_dev_get(dev); 836 hdev = hci_dev_get(dev);
689 if (!hdev) 837 if (!hdev)
690 return -ENODEV; 838 return -ENODEV;
839
840 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
841 cancel_delayed_work(&hdev->power_off);
842
691 err = hci_dev_do_close(hdev); 843 err = hci_dev_do_close(hdev);
844
692 hci_dev_put(hdev); 845 hci_dev_put(hdev);
693 return err; 846 return err;
694} 847}
@@ -847,11 +1000,11 @@ int hci_get_dev_list(void __user *arg)
847 1000
848 read_lock(&hci_dev_list_lock); 1001 read_lock(&hci_dev_list_lock);
849 list_for_each_entry(hdev, &hci_dev_list, list) { 1002 list_for_each_entry(hdev, &hci_dev_list, list) {
850 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags)) 1003 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
851 cancel_delayed_work(&hdev->power_off); 1004 cancel_delayed_work(&hdev->power_off);
852 1005
853 if (!test_bit(HCI_MGMT, &hdev->flags)) 1006 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
854 set_bit(HCI_PAIRABLE, &hdev->flags); 1007 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
855 1008
856 (dr + n)->dev_id = hdev->id; 1009 (dr + n)->dev_id = hdev->id;
857 (dr + n)->dev_opt = hdev->flags; 1010 (dr + n)->dev_opt = hdev->flags;
@@ -883,11 +1036,11 @@ int hci_get_dev_info(void __user *arg)
883 if (!hdev) 1036 if (!hdev)
884 return -ENODEV; 1037 return -ENODEV;
885 1038
886 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags)) 1039 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
887 cancel_delayed_work_sync(&hdev->power_off); 1040 cancel_delayed_work_sync(&hdev->power_off);
888 1041
889 if (!test_bit(HCI_MGMT, &hdev->flags)) 1042 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
890 set_bit(HCI_PAIRABLE, &hdev->flags); 1043 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
891 1044
892 strcpy(di.name, hdev->name); 1045 strcpy(di.name, hdev->name);
893 di.bdaddr = hdev->bdaddr; 1046 di.bdaddr = hdev->bdaddr;
@@ -967,11 +1120,11 @@ static void hci_power_on(struct work_struct *work)
967 if (hci_dev_open(hdev->id) < 0) 1120 if (hci_dev_open(hdev->id) < 0)
968 return; 1121 return;
969 1122
970 if (test_bit(HCI_AUTO_OFF, &hdev->flags)) 1123 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
971 schedule_delayed_work(&hdev->power_off, 1124 schedule_delayed_work(&hdev->power_off,
972 msecs_to_jiffies(AUTO_OFF_TIMEOUT)); 1125 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
973 1126
974 if (test_and_clear_bit(HCI_SETUP, &hdev->flags)) 1127 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
975 mgmt_index_added(hdev); 1128 mgmt_index_added(hdev);
976} 1129}
977 1130
@@ -982,9 +1135,7 @@ static void hci_power_off(struct work_struct *work)
982 1135
983 BT_DBG("%s", hdev->name); 1136 BT_DBG("%s", hdev->name);
984 1137
985 clear_bit(HCI_AUTO_OFF, &hdev->flags); 1138 hci_dev_do_close(hdev);
986
987 hci_dev_close(hdev->id);
988} 1139}
989 1140
990static void hci_discov_off(struct work_struct *work) 1141static void hci_discov_off(struct work_struct *work)
@@ -1037,6 +1188,18 @@ int hci_link_keys_clear(struct hci_dev *hdev)
1037 return 0; 1188 return 0;
1038} 1189}
1039 1190
1191int hci_smp_ltks_clear(struct hci_dev *hdev)
1192{
1193 struct smp_ltk *k, *tmp;
1194
1195 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1196 list_del(&k->list);
1197 kfree(k);
1198 }
1199
1200 return 0;
1201}
1202
1040struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) 1203struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1041{ 1204{
1042 struct link_key *k; 1205 struct link_key *k;
@@ -1084,44 +1247,38 @@ static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1084 return 0; 1247 return 0;
1085} 1248}
1086 1249
1087struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) 1250struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1088{ 1251{
1089 struct link_key *k; 1252 struct smp_ltk *k;
1090 1253
1091 list_for_each_entry(k, &hdev->link_keys, list) { 1254 list_for_each_entry(k, &hdev->long_term_keys, list) {
1092 struct key_master_id *id; 1255 if (k->ediv != ediv ||
1093 1256 memcmp(rand, k->rand, sizeof(k->rand)))
1094 if (k->type != HCI_LK_SMP_LTK)
1095 continue; 1257 continue;
1096 1258
1097 if (k->dlen != sizeof(*id)) 1259 return k;
1098 continue;
1099
1100 id = (void *) &k->data;
1101 if (id->ediv == ediv &&
1102 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1103 return k;
1104 } 1260 }
1105 1261
1106 return NULL; 1262 return NULL;
1107} 1263}
1108EXPORT_SYMBOL(hci_find_ltk); 1264EXPORT_SYMBOL(hci_find_ltk);
1109 1265
1110struct link_key *hci_find_link_key_type(struct hci_dev *hdev, 1266struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1111 bdaddr_t *bdaddr, u8 type) 1267 u8 addr_type)
1112{ 1268{
1113 struct link_key *k; 1269 struct smp_ltk *k;
1114 1270
1115 list_for_each_entry(k, &hdev->link_keys, list) 1271 list_for_each_entry(k, &hdev->long_term_keys, list)
1116 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0) 1272 if (addr_type == k->bdaddr_type &&
1273 bacmp(bdaddr, &k->bdaddr) == 0)
1117 return k; 1274 return k;
1118 1275
1119 return NULL; 1276 return NULL;
1120} 1277}
1121EXPORT_SYMBOL(hci_find_link_key_type); 1278EXPORT_SYMBOL(hci_find_ltk_by_addr);
1122 1279
1123int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, 1280int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1124 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) 1281 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1125{ 1282{
1126 struct link_key *key, *old_key; 1283 struct link_key *key, *old_key;
1127 u8 old_key_type, persistent; 1284 u8 old_key_type, persistent;
@@ -1175,40 +1332,39 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1175 return 0; 1332 return 0;
1176} 1333}
1177 1334
1178int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr, 1335int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1179 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16]) 1336 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, u16
1337 ediv, u8 rand[8])
1180{ 1338{
1181 struct link_key *key, *old_key; 1339 struct smp_ltk *key, *old_key;
1182 struct key_master_id *id;
1183 u8 old_key_type;
1184 1340
1185 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr)); 1341 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1342 return 0;
1186 1343
1187 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK); 1344 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1188 if (old_key) { 1345 if (old_key)
1189 key = old_key; 1346 key = old_key;
1190 old_key_type = old_key->type; 1347 else {
1191 } else { 1348 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1192 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1193 if (!key) 1349 if (!key)
1194 return -ENOMEM; 1350 return -ENOMEM;
1195 list_add(&key->list, &hdev->link_keys); 1351 list_add(&key->list, &hdev->long_term_keys);
1196 old_key_type = 0xff;
1197 } 1352 }
1198 1353
1199 key->dlen = sizeof(*id);
1200
1201 bacpy(&key->bdaddr, bdaddr); 1354 bacpy(&key->bdaddr, bdaddr);
1202 memcpy(key->val, ltk, sizeof(key->val)); 1355 key->bdaddr_type = addr_type;
1203 key->type = HCI_LK_SMP_LTK; 1356 memcpy(key->val, tk, sizeof(key->val));
1204 key->pin_len = key_size; 1357 key->authenticated = authenticated;
1358 key->ediv = ediv;
1359 key->enc_size = enc_size;
1360 key->type = type;
1361 memcpy(key->rand, rand, sizeof(key->rand));
1205 1362
1206 id = (void *) &key->data; 1363 if (!new_key)
1207 id->ediv = ediv; 1364 return 0;
1208 memcpy(id->rand, rand, sizeof(id->rand));
1209 1365
1210 if (new_key) 1366 if (type & HCI_SMP_LTK)
1211 mgmt_new_link_key(hdev, key, old_key_type); 1367 mgmt_new_ltk(hdev, key, 1);
1212 1368
1213 return 0; 1369 return 0;
1214} 1370}
@@ -1229,6 +1385,23 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1229 return 0; 1385 return 0;
1230} 1386}
1231 1387
1388int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1389{
1390 struct smp_ltk *k, *tmp;
1391
1392 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1393 if (bacmp(bdaddr, &k->bdaddr))
1394 continue;
1395
1396 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1397
1398 list_del(&k->list);
1399 kfree(k);
1400 }
1401
1402 return 0;
1403}
1404
1232/* HCI command timer function */ 1405/* HCI command timer function */
1233static void hci_cmd_timer(unsigned long arg) 1406static void hci_cmd_timer(unsigned long arg)
1234{ 1407{
@@ -1240,7 +1413,7 @@ static void hci_cmd_timer(unsigned long arg)
1240} 1413}
1241 1414
1242struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev, 1415struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1243 bdaddr_t *bdaddr) 1416 bdaddr_t *bdaddr)
1244{ 1417{
1245 struct oob_data *data; 1418 struct oob_data *data;
1246 1419
@@ -1280,7 +1453,7 @@ int hci_remote_oob_data_clear(struct hci_dev *hdev)
1280} 1453}
1281 1454
1282int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, 1455int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1283 u8 *randomizer) 1456 u8 *randomizer)
1284{ 1457{
1285 struct oob_data *data; 1458 struct oob_data *data;
1286 1459
@@ -1303,8 +1476,7 @@ int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1303 return 0; 1476 return 0;
1304} 1477}
1305 1478
1306struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, 1479struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1307 bdaddr_t *bdaddr)
1308{ 1480{
1309 struct bdaddr_list *b; 1481 struct bdaddr_list *b;
1310 1482
@@ -1331,7 +1503,7 @@ int hci_blacklist_clear(struct hci_dev *hdev)
1331 return 0; 1503 return 0;
1332} 1504}
1333 1505
1334int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr) 1506int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1335{ 1507{
1336 struct bdaddr_list *entry; 1508 struct bdaddr_list *entry;
1337 1509
@@ -1349,10 +1521,10 @@ int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1349 1521
1350 list_add(&entry->list, &hdev->blacklist); 1522 list_add(&entry->list, &hdev->blacklist);
1351 1523
1352 return mgmt_device_blocked(hdev, bdaddr); 1524 return mgmt_device_blocked(hdev, bdaddr, type);
1353} 1525}
1354 1526
1355int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr) 1527int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1356{ 1528{
1357 struct bdaddr_list *entry; 1529 struct bdaddr_list *entry;
1358 1530
@@ -1366,13 +1538,13 @@ int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1366 list_del(&entry->list); 1538 list_del(&entry->list);
1367 kfree(entry); 1539 kfree(entry);
1368 1540
1369 return mgmt_device_unblocked(hdev, bdaddr); 1541 return mgmt_device_unblocked(hdev, bdaddr, type);
1370} 1542}
1371 1543
1372static void hci_clear_adv_cache(struct work_struct *work) 1544static void hci_clear_adv_cache(struct work_struct *work)
1373{ 1545{
1374 struct hci_dev *hdev = container_of(work, struct hci_dev, 1546 struct hci_dev *hdev = container_of(work, struct hci_dev,
1375 adv_work.work); 1547 adv_work.work);
1376 1548
1377 hci_dev_lock(hdev); 1549 hci_dev_lock(hdev);
1378 1550
@@ -1415,11 +1587,7 @@ static inline int is_connectable_adv(u8 evt_type)
1415} 1587}
1416 1588
1417int hci_add_adv_entry(struct hci_dev *hdev, 1589int hci_add_adv_entry(struct hci_dev *hdev,
1418 struct hci_ev_le_advertising_info *ev) 1590 struct hci_ev_le_advertising_info *ev) { struct adv_entry *entry; if (!is_connectable_adv(ev->evt_type))
1419{
1420 struct adv_entry *entry;
1421
1422 if (!is_connectable_adv(ev->evt_type))
1423 return -EINVAL; 1591 return -EINVAL;
1424 1592
1425 /* Only new entries should be added to adv_entries. So, if 1593 /* Only new entries should be added to adv_entries. So, if
@@ -1427,7 +1595,7 @@ int hci_add_adv_entry(struct hci_dev *hdev,
1427 if (hci_find_adv_entry(hdev, &ev->bdaddr)) 1595 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1428 return 0; 1596 return 0;
1429 1597
1430 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 1598 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1431 if (!entry) 1599 if (!entry)
1432 return -ENOMEM; 1600 return -ENOMEM;
1433 1601
@@ -1442,16 +1610,116 @@ int hci_add_adv_entry(struct hci_dev *hdev,
1442 return 0; 1610 return 0;
1443} 1611}
1444 1612
1613static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1614{
1615 struct le_scan_params *param = (struct le_scan_params *) opt;
1616 struct hci_cp_le_set_scan_param cp;
1617
1618 memset(&cp, 0, sizeof(cp));
1619 cp.type = param->type;
1620 cp.interval = cpu_to_le16(param->interval);
1621 cp.window = cpu_to_le16(param->window);
1622
1623 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1624}
1625
1626static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1627{
1628 struct hci_cp_le_set_scan_enable cp;
1629
1630 memset(&cp, 0, sizeof(cp));
1631 cp.enable = 1;
1632
1633 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1634}
1635
1636static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1637 u16 window, int timeout)
1638{
1639 long timeo = msecs_to_jiffies(3000);
1640 struct le_scan_params param;
1641 int err;
1642
1643 BT_DBG("%s", hdev->name);
1644
1645 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1646 return -EINPROGRESS;
1647
1648 param.type = type;
1649 param.interval = interval;
1650 param.window = window;
1651
1652 hci_req_lock(hdev);
1653
1654 err = __hci_request(hdev, le_scan_param_req, (unsigned long) &param,
1655 timeo);
1656 if (!err)
1657 err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1658
1659 hci_req_unlock(hdev);
1660
1661 if (err < 0)
1662 return err;
1663
1664 schedule_delayed_work(&hdev->le_scan_disable,
1665 msecs_to_jiffies(timeout));
1666
1667 return 0;
1668}
1669
1670static void le_scan_disable_work(struct work_struct *work)
1671{
1672 struct hci_dev *hdev = container_of(work, struct hci_dev,
1673 le_scan_disable.work);
1674 struct hci_cp_le_set_scan_enable cp;
1675
1676 BT_DBG("%s", hdev->name);
1677
1678 memset(&cp, 0, sizeof(cp));
1679
1680 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1681}
1682
1683static void le_scan_work(struct work_struct *work)
1684{
1685 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1686 struct le_scan_params *param = &hdev->le_scan_params;
1687
1688 BT_DBG("%s", hdev->name);
1689
1690 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1691 param->timeout);
1692}
1693
1694int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1695 int timeout)
1696{
1697 struct le_scan_params *param = &hdev->le_scan_params;
1698
1699 BT_DBG("%s", hdev->name);
1700
1701 if (work_busy(&hdev->le_scan))
1702 return -EINPROGRESS;
1703
1704 param->type = type;
1705 param->interval = interval;
1706 param->window = window;
1707 param->timeout = timeout;
1708
1709 queue_work(system_long_wq, &hdev->le_scan);
1710
1711 return 0;
1712}
1713
1445/* Register HCI device */ 1714/* Register HCI device */
1446int hci_register_dev(struct hci_dev *hdev) 1715int hci_register_dev(struct hci_dev *hdev)
1447{ 1716{
1448 struct list_head *head = &hci_dev_list, *p; 1717 struct list_head *head = &hci_dev_list, *p;
1449 int i, id, error; 1718 int i, id, error;
1450 1719
1451 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name, 1720 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1452 hdev->bus, hdev->owner);
1453 1721
1454 if (!hdev->open || !hdev->close || !hdev->destruct) 1722 if (!hdev->open || !hdev->close)
1455 return -EINVAL; 1723 return -EINVAL;
1456 1724
1457 /* Do not allow HCI_AMP devices to register at index 0, 1725 /* Do not allow HCI_AMP devices to register at index 0,
@@ -1472,7 +1740,6 @@ int hci_register_dev(struct hci_dev *hdev)
1472 hdev->id = id; 1740 hdev->id = id;
1473 list_add_tail(&hdev->list, head); 1741 list_add_tail(&hdev->list, head);
1474 1742
1475 atomic_set(&hdev->refcnt, 1);
1476 mutex_init(&hdev->lock); 1743 mutex_init(&hdev->lock);
1477 1744
1478 hdev->flags = 0; 1745 hdev->flags = 0;
@@ -1503,7 +1770,7 @@ int hci_register_dev(struct hci_dev *hdev)
1503 init_waitqueue_head(&hdev->req_wait_q); 1770 init_waitqueue_head(&hdev->req_wait_q);
1504 mutex_init(&hdev->req_lock); 1771 mutex_init(&hdev->req_lock);
1505 1772
1506 inquiry_cache_init(hdev); 1773 discovery_init(hdev);
1507 1774
1508 hci_conn_hash_init(hdev); 1775 hci_conn_hash_init(hdev);
1509 1776
@@ -1514,6 +1781,7 @@ int hci_register_dev(struct hci_dev *hdev)
1514 INIT_LIST_HEAD(&hdev->uuids); 1781 INIT_LIST_HEAD(&hdev->uuids);
1515 1782
1516 INIT_LIST_HEAD(&hdev->link_keys); 1783 INIT_LIST_HEAD(&hdev->link_keys);
1784 INIT_LIST_HEAD(&hdev->long_term_keys);
1517 1785
1518 INIT_LIST_HEAD(&hdev->remote_oob_data); 1786 INIT_LIST_HEAD(&hdev->remote_oob_data);
1519 1787
@@ -1529,6 +1797,10 @@ int hci_register_dev(struct hci_dev *hdev)
1529 1797
1530 atomic_set(&hdev->promisc, 0); 1798 atomic_set(&hdev->promisc, 0);
1531 1799
1800 INIT_WORK(&hdev->le_scan, le_scan_work);
1801
1802 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1803
1532 write_unlock(&hci_dev_list_lock); 1804 write_unlock(&hci_dev_list_lock);
1533 1805
1534 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND | 1806 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
@@ -1551,11 +1823,12 @@ int hci_register_dev(struct hci_dev *hdev)
1551 } 1823 }
1552 } 1824 }
1553 1825
1554 set_bit(HCI_AUTO_OFF, &hdev->flags); 1826 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1555 set_bit(HCI_SETUP, &hdev->flags); 1827 set_bit(HCI_SETUP, &hdev->dev_flags);
1556 schedule_work(&hdev->power_on); 1828 schedule_work(&hdev->power_on);
1557 1829
1558 hci_notify(hdev, HCI_DEV_REG); 1830 hci_notify(hdev, HCI_DEV_REG);
1831 hci_dev_hold(hdev);
1559 1832
1560 return id; 1833 return id;
1561 1834
@@ -1587,7 +1860,7 @@ void hci_unregister_dev(struct hci_dev *hdev)
1587 kfree_skb(hdev->reassembly[i]); 1860 kfree_skb(hdev->reassembly[i]);
1588 1861
1589 if (!test_bit(HCI_INIT, &hdev->flags) && 1862 if (!test_bit(HCI_INIT, &hdev->flags) &&
1590 !test_bit(HCI_SETUP, &hdev->flags)) { 1863 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1591 hci_dev_lock(hdev); 1864 hci_dev_lock(hdev);
1592 mgmt_index_removed(hdev); 1865 mgmt_index_removed(hdev);
1593 hci_dev_unlock(hdev); 1866 hci_dev_unlock(hdev);
@@ -1614,11 +1887,12 @@ void hci_unregister_dev(struct hci_dev *hdev)
1614 hci_blacklist_clear(hdev); 1887 hci_blacklist_clear(hdev);
1615 hci_uuids_clear(hdev); 1888 hci_uuids_clear(hdev);
1616 hci_link_keys_clear(hdev); 1889 hci_link_keys_clear(hdev);
1890 hci_smp_ltks_clear(hdev);
1617 hci_remote_oob_data_clear(hdev); 1891 hci_remote_oob_data_clear(hdev);
1618 hci_adv_entries_clear(hdev); 1892 hci_adv_entries_clear(hdev);
1619 hci_dev_unlock(hdev); 1893 hci_dev_unlock(hdev);
1620 1894
1621 __hci_dev_put(hdev); 1895 hci_dev_put(hdev);
1622} 1896}
1623EXPORT_SYMBOL(hci_unregister_dev); 1897EXPORT_SYMBOL(hci_unregister_dev);
1624 1898
@@ -1706,7 +1980,7 @@ static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1706 1980
1707 while (count) { 1981 while (count) {
1708 scb = (void *) skb->cb; 1982 scb = (void *) skb->cb;
1709 len = min(scb->expect, (__u16)count); 1983 len = min_t(uint, scb->expect, count);
1710 1984
1711 memcpy(skb_put(skb, len), data, len); 1985 memcpy(skb_put(skb, len), data, len);
1712 1986
@@ -1862,11 +2136,15 @@ static int hci_send_frame(struct sk_buff *skb)
1862 2136
1863 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 2137 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1864 2138
1865 if (atomic_read(&hdev->promisc)) { 2139 /* Time stamp */
1866 /* Time stamp */ 2140 __net_timestamp(skb);
1867 __net_timestamp(skb); 2141
2142 /* Send copy to monitor */
2143 hci_send_to_monitor(hdev, skb);
1868 2144
1869 hci_send_to_sock(hdev, skb, NULL); 2145 if (atomic_read(&hdev->promisc)) {
2146 /* Send copy to the sockets */
2147 hci_send_to_sock(hdev, skb);
1870 } 2148 }
1871 2149
1872 /* Get rid of skb owner, prior to sending to the driver. */ 2150 /* Get rid of skb owner, prior to sending to the driver. */
@@ -2235,26 +2513,31 @@ static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2235 2513
2236} 2514}
2237 2515
2238static inline void hci_sched_acl(struct hci_dev *hdev) 2516static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2239{ 2517{
2240 struct hci_chan *chan; 2518 /* Calculate count of blocks used by this packet */
2241 struct sk_buff *skb; 2519 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2242 int quote; 2520}
2243 unsigned int cnt;
2244
2245 BT_DBG("%s", hdev->name);
2246
2247 if (!hci_conn_num(hdev, ACL_LINK))
2248 return;
2249 2521
2522static inline void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2523{
2250 if (!test_bit(HCI_RAW, &hdev->flags)) { 2524 if (!test_bit(HCI_RAW, &hdev->flags)) {
2251 /* ACL tx timeout must be longer than maximum 2525 /* ACL tx timeout must be longer than maximum
2252 * link supervision timeout (40.9 seconds) */ 2526 * link supervision timeout (40.9 seconds) */
2253 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45)) 2527 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2528 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT)))
2254 hci_link_tx_to(hdev, ACL_LINK); 2529 hci_link_tx_to(hdev, ACL_LINK);
2255 } 2530 }
2531}
2532
2533static inline void hci_sched_acl_pkt(struct hci_dev *hdev)
2534{
2535 unsigned int cnt = hdev->acl_cnt;
2536 struct hci_chan *chan;
2537 struct sk_buff *skb;
2538 int quote;
2256 2539
2257 cnt = hdev->acl_cnt; 2540 __check_timeout(hdev, cnt);
2258 2541
2259 while (hdev->acl_cnt && 2542 while (hdev->acl_cnt &&
2260 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) { 2543 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
@@ -2270,7 +2553,7 @@ static inline void hci_sched_acl(struct hci_dev *hdev)
2270 skb = skb_dequeue(&chan->data_q); 2553 skb = skb_dequeue(&chan->data_q);
2271 2554
2272 hci_conn_enter_active_mode(chan->conn, 2555 hci_conn_enter_active_mode(chan->conn,
2273 bt_cb(skb)->force_active); 2556 bt_cb(skb)->force_active);
2274 2557
2275 hci_send_frame(skb); 2558 hci_send_frame(skb);
2276 hdev->acl_last_tx = jiffies; 2559 hdev->acl_last_tx = jiffies;
@@ -2285,6 +2568,70 @@ static inline void hci_sched_acl(struct hci_dev *hdev)
2285 hci_prio_recalculate(hdev, ACL_LINK); 2568 hci_prio_recalculate(hdev, ACL_LINK);
2286} 2569}
2287 2570
2571static inline void hci_sched_acl_blk(struct hci_dev *hdev)
2572{
2573 unsigned int cnt = hdev->block_cnt;
2574 struct hci_chan *chan;
2575 struct sk_buff *skb;
2576 int quote;
2577
2578 __check_timeout(hdev, cnt);
2579
2580 while (hdev->block_cnt > 0 &&
2581 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2582 u32 priority = (skb_peek(&chan->data_q))->priority;
2583 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2584 int blocks;
2585
2586 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2587 skb->len, skb->priority);
2588
2589 /* Stop if priority has changed */
2590 if (skb->priority < priority)
2591 break;
2592
2593 skb = skb_dequeue(&chan->data_q);
2594
2595 blocks = __get_blocks(hdev, skb);
2596 if (blocks > hdev->block_cnt)
2597 return;
2598
2599 hci_conn_enter_active_mode(chan->conn,
2600 bt_cb(skb)->force_active);
2601
2602 hci_send_frame(skb);
2603 hdev->acl_last_tx = jiffies;
2604
2605 hdev->block_cnt -= blocks;
2606 quote -= blocks;
2607
2608 chan->sent += blocks;
2609 chan->conn->sent += blocks;
2610 }
2611 }
2612
2613 if (cnt != hdev->block_cnt)
2614 hci_prio_recalculate(hdev, ACL_LINK);
2615}
2616
2617static inline void hci_sched_acl(struct hci_dev *hdev)
2618{
2619 BT_DBG("%s", hdev->name);
2620
2621 if (!hci_conn_num(hdev, ACL_LINK))
2622 return;
2623
2624 switch (hdev->flow_ctl_mode) {
2625 case HCI_FLOW_CTL_MODE_PACKET_BASED:
2626 hci_sched_acl_pkt(hdev);
2627 break;
2628
2629 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2630 hci_sched_acl_blk(hdev);
2631 break;
2632 }
2633}
2634
2288/* Schedule SCO */ 2635/* Schedule SCO */
2289static inline void hci_sched_sco(struct hci_dev *hdev) 2636static inline void hci_sched_sco(struct hci_dev *hdev)
2290{ 2637{
@@ -2482,9 +2829,12 @@ static void hci_rx_work(struct work_struct *work)
2482 BT_DBG("%s", hdev->name); 2829 BT_DBG("%s", hdev->name);
2483 2830
2484 while ((skb = skb_dequeue(&hdev->rx_q))) { 2831 while ((skb = skb_dequeue(&hdev->rx_q))) {
2832 /* Send copy to monitor */
2833 hci_send_to_monitor(hdev, skb);
2834
2485 if (atomic_read(&hdev->promisc)) { 2835 if (atomic_read(&hdev->promisc)) {
2486 /* Send copy to the sockets */ 2836 /* Send copy to the sockets */
2487 hci_send_to_sock(hdev, skb, NULL); 2837 hci_send_to_sock(hdev, skb);
2488 } 2838 }
2489 2839
2490 if (test_bit(HCI_RAW, &hdev->flags)) { 2840 if (test_bit(HCI_RAW, &hdev->flags)) {
@@ -2568,6 +2918,8 @@ int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2568 if (test_bit(HCI_INQUIRY, &hdev->flags)) 2918 if (test_bit(HCI_INQUIRY, &hdev->flags))
2569 return -EINPROGRESS; 2919 return -EINPROGRESS;
2570 2920
2921 inquiry_cache_flush(hdev);
2922
2571 memset(&cp, 0, sizeof(cp)); 2923 memset(&cp, 0, sizeof(cp));
2572 memcpy(&cp.lap, lap, sizeof(cp.lap)); 2924 memcpy(&cp.lap, lap, sizeof(cp.lap));
2573 cp.length = length; 2925 cp.length = length;
@@ -2584,6 +2936,3 @@ int hci_cancel_inquiry(struct hci_dev *hdev)
2584 2936
2585 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 2937 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2586} 2938}
2587
2588module_param(enable_hs, bool, 0644);
2589MODULE_PARM_DESC(enable_hs, "Enable High Speed");
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 001307f81057..badb7851d116 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -35,7 +35,6 @@
35#include <linux/init.h> 35#include <linux/init.h>
36#include <linux/skbuff.h> 36#include <linux/skbuff.h>
37#include <linux/interrupt.h> 37#include <linux/interrupt.h>
38#include <linux/notifier.h>
39#include <net/sock.h> 38#include <net/sock.h>
40 39
41#include <asm/system.h> 40#include <asm/system.h>
@@ -45,8 +44,6 @@
45#include <net/bluetooth/bluetooth.h> 44#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h> 45#include <net/bluetooth/hci_core.h>
47 46
48static bool enable_le;
49
50/* Handle HCI Event packets */ 47/* Handle HCI Event packets */
51 48
52static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) 49static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
@@ -65,7 +62,7 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
65 clear_bit(HCI_INQUIRY, &hdev->flags); 62 clear_bit(HCI_INQUIRY, &hdev->flags);
66 63
67 hci_dev_lock(hdev); 64 hci_dev_lock(hdev);
68 mgmt_discovering(hdev, 0); 65 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
69 hci_dev_unlock(hdev); 66 hci_dev_unlock(hdev);
70 67
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 68 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
@@ -195,7 +192,10 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
195 192
196 hci_req_complete(hdev, HCI_OP_RESET, status); 193 hci_req_complete(hdev, HCI_OP_RESET, status);
197 194
198 hdev->dev_flags = 0; 195 /* Reset all non-persistent flags */
196 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS));
197
198 hdev->discovery.state = DISCOVERY_STOPPED;
199} 199}
200 200
201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 201static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -211,13 +211,14 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
211 211
212 hci_dev_lock(hdev); 212 hci_dev_lock(hdev);
213 213
214 if (test_bit(HCI_MGMT, &hdev->flags)) 214 if (test_bit(HCI_MGMT, &hdev->dev_flags))
215 mgmt_set_local_name_complete(hdev, sent, status); 215 mgmt_set_local_name_complete(hdev, sent, status);
216 216 else if (!status)
217 if (status == 0)
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH); 217 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
219 218
220 hci_dev_unlock(hdev); 219 hci_dev_unlock(hdev);
220
221 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
221} 222}
222 223
223static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 224static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -229,7 +230,8 @@ static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
229 if (rp->status) 230 if (rp->status)
230 return; 231 return;
231 232
232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH); 233 if (test_bit(HCI_SETUP, &hdev->dev_flags))
234 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
233} 235}
234 236
235static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) 237static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
@@ -252,6 +254,9 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
252 clear_bit(HCI_AUTH, &hdev->flags); 254 clear_bit(HCI_AUTH, &hdev->flags);
253 } 255 }
254 256
257 if (test_bit(HCI_MGMT, &hdev->dev_flags))
258 mgmt_auth_enable_complete(hdev, status);
259
255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status); 260 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
256} 261}
257 262
@@ -349,14 +354,19 @@ static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
349 354
350 BT_DBG("%s status 0x%x", hdev->name, status); 355 BT_DBG("%s status 0x%x", hdev->name, status);
351 356
352 if (status)
353 return;
354
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 357 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
356 if (!sent) 358 if (!sent)
357 return; 359 return;
358 360
359 memcpy(hdev->dev_class, sent, 3); 361 hci_dev_lock(hdev);
362
363 if (status == 0)
364 memcpy(hdev->dev_class, sent, 3);
365
366 if (test_bit(HCI_MGMT, &hdev->dev_flags))
367 mgmt_set_class_of_dev_complete(hdev, sent, status);
368
369 hci_dev_unlock(hdev);
360} 370}
361 371
362static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 372static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
@@ -419,18 +429,6 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status); 429 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
420} 430}
421 431
422static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
423{
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->ssp_mode = rp->mode;
432}
433
434static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 432static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
435{ 433{
436 __u8 status = *((__u8 *) skb->data); 434 __u8 status = *((__u8 *) skb->data);
@@ -438,14 +436,18 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
438 436
439 BT_DBG("%s status 0x%x", hdev->name, status); 437 BT_DBG("%s status 0x%x", hdev->name, status);
440 438
441 if (status)
442 return;
443
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE); 439 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
445 if (!sent) 440 if (!sent)
446 return; 441 return;
447 442
448 hdev->ssp_mode = *((__u8 *) sent); 443 if (test_bit(HCI_MGMT, &hdev->dev_flags))
444 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
445 else if (!status) {
446 if (*((u8 *) sent))
447 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
448 else
449 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
450 }
449} 451}
450 452
451static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 453static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
@@ -540,20 +542,6 @@ static void hci_setup_event_mask(struct hci_dev *hdev)
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 542 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
541} 543}
542 544
543static void hci_set_le_support(struct hci_dev *hdev)
544{
545 struct hci_cp_write_le_host_supported cp;
546
547 memset(&cp, 0, sizeof(cp));
548
549 if (enable_le) {
550 cp.le = 1;
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
552 }
553
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
555}
556
557static void hci_setup(struct hci_dev *hdev) 545static void hci_setup(struct hci_dev *hdev)
558{ 546{
559 if (hdev->dev_type != HCI_BREDR) 547 if (hdev->dev_type != HCI_BREDR)
@@ -565,8 +553,18 @@ static void hci_setup(struct hci_dev *hdev)
565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL); 553 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
566 554
567 if (hdev->features[6] & LMP_SIMPLE_PAIR) { 555 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
568 u8 mode = 0x01; 556 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode); 557 u8 mode = 0x01;
558 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
559 sizeof(mode), &mode);
560 } else {
561 struct hci_cp_write_eir cp;
562
563 memset(hdev->eir, 0, sizeof(hdev->eir));
564 memset(&cp, 0, sizeof(cp));
565
566 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
567 }
570 } 568 }
571 569
572 if (hdev->features[3] & LMP_RSSI_INQ) 570 if (hdev->features[3] & LMP_RSSI_INQ)
@@ -579,12 +577,15 @@ static void hci_setup(struct hci_dev *hdev)
579 struct hci_cp_read_local_ext_features cp; 577 struct hci_cp_read_local_ext_features cp;
580 578
581 cp.page = 0x01; 579 cp.page = 0x01;
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, 580 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
583 sizeof(cp), &cp); 581 &cp);
584 } 582 }
585 583
586 if (hdev->features[4] & LMP_LE) 584 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
587 hci_set_le_support(hdev); 585 u8 enable = 1;
586 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
587 &enable);
588 }
588} 589}
589 590
590static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 591static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
@@ -594,7 +595,7 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
594 BT_DBG("%s status 0x%x", hdev->name, rp->status); 595 BT_DBG("%s status 0x%x", hdev->name, rp->status);
595 596
596 if (rp->status) 597 if (rp->status)
597 return; 598 goto done;
598 599
599 hdev->hci_ver = rp->hci_ver; 600 hdev->hci_ver = rp->hci_ver;
600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev); 601 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
@@ -608,6 +609,9 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
608 609
609 if (test_bit(HCI_INIT, &hdev->flags)) 610 if (test_bit(HCI_INIT, &hdev->flags))
610 hci_setup(hdev); 611 hci_setup(hdev);
612
613done:
614 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
611} 615}
612 616
613static void hci_setup_link_policy(struct hci_dev *hdev) 617static void hci_setup_link_policy(struct hci_dev *hdev)
@@ -624,8 +628,8 @@ static void hci_setup_link_policy(struct hci_dev *hdev)
624 link_policy |= HCI_LP_PARK; 628 link_policy |= HCI_LP_PARK;
625 629
626 link_policy = cpu_to_le16(link_policy); 630 link_policy = cpu_to_le16(link_policy);
627 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 631 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(link_policy),
628 sizeof(link_policy), &link_policy); 632 &link_policy);
629} 633}
630 634
631static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb) 635static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
@@ -701,6 +705,22 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb
701 hdev->features[6], hdev->features[7]); 705 hdev->features[6], hdev->features[7]);
702} 706}
703 707
708static void hci_set_le_support(struct hci_dev *hdev)
709{
710 struct hci_cp_write_le_host_supported cp;
711
712 memset(&cp, 0, sizeof(cp));
713
714 if (enable_le && test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
715 cp.le = 1;
716 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
717 }
718
719 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
720 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
721 &cp);
722}
723
704static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 724static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
705 struct sk_buff *skb) 725 struct sk_buff *skb)
706{ 726{
@@ -709,7 +729,7 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
709 BT_DBG("%s status 0x%x", hdev->name, rp->status); 729 BT_DBG("%s status 0x%x", hdev->name, rp->status);
710 730
711 if (rp->status) 731 if (rp->status)
712 return; 732 goto done;
713 733
714 switch (rp->page) { 734 switch (rp->page) {
715 case 0: 735 case 0:
@@ -720,6 +740,10 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
720 break; 740 break;
721 } 741 }
722 742
743 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
744 hci_set_le_support(hdev);
745
746done:
723 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); 747 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
724} 748}
725 749
@@ -890,7 +914,7 @@ static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
890 914
891 hci_dev_lock(hdev); 915 hci_dev_lock(hdev);
892 916
893 if (test_bit(HCI_MGMT, &hdev->flags)) 917 if (test_bit(HCI_MGMT, &hdev->dev_flags))
894 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status); 918 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
895 919
896 if (rp->status != 0) 920 if (rp->status != 0)
@@ -916,7 +940,7 @@ static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
916 940
917 hci_dev_lock(hdev); 941 hci_dev_lock(hdev);
918 942
919 if (test_bit(HCI_MGMT, &hdev->flags)) 943 if (test_bit(HCI_MGMT, &hdev->dev_flags))
920 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr, 944 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
921 rp->status); 945 rp->status);
922 946
@@ -951,9 +975,9 @@ static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
951 975
952 hci_dev_lock(hdev); 976 hci_dev_lock(hdev);
953 977
954 if (test_bit(HCI_MGMT, &hdev->flags)) 978 if (test_bit(HCI_MGMT, &hdev->dev_flags))
955 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, 979 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
956 rp->status); 980 rp->status);
957 981
958 hci_dev_unlock(hdev); 982 hci_dev_unlock(hdev);
959} 983}
@@ -967,9 +991,9 @@ static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
967 991
968 hci_dev_lock(hdev); 992 hci_dev_lock(hdev);
969 993
970 if (test_bit(HCI_MGMT, &hdev->flags)) 994 if (test_bit(HCI_MGMT, &hdev->dev_flags))
971 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr, 995 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
972 rp->status); 996 ACL_LINK, 0, rp->status);
973 997
974 hci_dev_unlock(hdev); 998 hci_dev_unlock(hdev);
975} 999}
@@ -982,9 +1006,9 @@ static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
982 1006
983 hci_dev_lock(hdev); 1007 hci_dev_lock(hdev);
984 1008
985 if (test_bit(HCI_MGMT, &hdev->flags)) 1009 if (test_bit(HCI_MGMT, &hdev->dev_flags))
986 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, 1010 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
987 rp->status); 1011 0, rp->status);
988 1012
989 hci_dev_unlock(hdev); 1013 hci_dev_unlock(hdev);
990} 1014}
@@ -998,9 +1022,9 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
998 1022
999 hci_dev_lock(hdev); 1023 hci_dev_lock(hdev);
1000 1024
1001 if (test_bit(HCI_MGMT, &hdev->flags)) 1025 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1002 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr, 1026 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1003 rp->status); 1027 ACL_LINK, 0, rp->status);
1004 1028
1005 hci_dev_unlock(hdev); 1029 hci_dev_unlock(hdev);
1006} 1030}
@@ -1023,6 +1047,15 @@ static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1023 __u8 status = *((__u8 *) skb->data); 1047 __u8 status = *((__u8 *) skb->data);
1024 1048
1025 BT_DBG("%s status 0x%x", hdev->name, status); 1049 BT_DBG("%s status 0x%x", hdev->name, status);
1050
1051 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1052
1053 if (status) {
1054 hci_dev_lock(hdev);
1055 mgmt_start_discovery_failed(hdev, status);
1056 hci_dev_unlock(hdev);
1057 return;
1058 }
1026} 1059}
1027 1060
1028static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, 1061static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
@@ -1033,28 +1066,47 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1033 1066
1034 BT_DBG("%s status 0x%x", hdev->name, status); 1067 BT_DBG("%s status 0x%x", hdev->name, status);
1035 1068
1036 if (status)
1037 return;
1038
1039 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); 1069 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1040 if (!cp) 1070 if (!cp)
1041 return; 1071 return;
1042 1072
1043 switch (cp->enable) { 1073 switch (cp->enable) {
1044 case LE_SCANNING_ENABLED: 1074 case LE_SCANNING_ENABLED:
1075 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1076
1077 if (status) {
1078 hci_dev_lock(hdev);
1079 mgmt_start_discovery_failed(hdev, status);
1080 hci_dev_unlock(hdev);
1081 return;
1082 }
1083
1045 set_bit(HCI_LE_SCAN, &hdev->dev_flags); 1084 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1046 1085
1047 cancel_delayed_work_sync(&hdev->adv_work); 1086 cancel_delayed_work_sync(&hdev->adv_work);
1048 1087
1049 hci_dev_lock(hdev); 1088 hci_dev_lock(hdev);
1050 hci_adv_entries_clear(hdev); 1089 hci_adv_entries_clear(hdev);
1090 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1051 hci_dev_unlock(hdev); 1091 hci_dev_unlock(hdev);
1052 break; 1092 break;
1053 1093
1054 case LE_SCANNING_DISABLED: 1094 case LE_SCANNING_DISABLED:
1095 if (status)
1096 return;
1097
1055 clear_bit(HCI_LE_SCAN, &hdev->dev_flags); 1098 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1056 1099
1057 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT); 1100 schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
1101
1102 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED) {
1103 mgmt_interleaved_discovery(hdev);
1104 } else {
1105 hci_dev_lock(hdev);
1106 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1107 hci_dev_unlock(hdev);
1108 }
1109
1058 break; 1110 break;
1059 1111
1060 default: 1112 default:
@@ -1090,16 +1142,27 @@ static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1090static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev, 1142static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1091 struct sk_buff *skb) 1143 struct sk_buff *skb)
1092{ 1144{
1093 struct hci_cp_read_local_ext_features cp; 1145 struct hci_cp_write_le_host_supported *sent;
1094 __u8 status = *((__u8 *) skb->data); 1146 __u8 status = *((__u8 *) skb->data);
1095 1147
1096 BT_DBG("%s status 0x%x", hdev->name, status); 1148 BT_DBG("%s status 0x%x", hdev->name, status);
1097 1149
1098 if (status) 1150 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1151 if (!sent)
1099 return; 1152 return;
1100 1153
1101 cp.page = 0x01; 1154 if (!status) {
1102 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp); 1155 if (sent->le)
1156 hdev->host_features[0] |= LMP_HOST_LE;
1157 else
1158 hdev->host_features[0] &= ~LMP_HOST_LE;
1159 }
1160
1161 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1162 !test_bit(HCI_INIT, &hdev->flags))
1163 mgmt_le_enable_complete(hdev, sent->le, status);
1164
1165 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1103} 1166}
1104 1167
1105static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1168static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
@@ -1110,7 +1173,7 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1110 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1173 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1111 hci_conn_check_pending(hdev); 1174 hci_conn_check_pending(hdev);
1112 hci_dev_lock(hdev); 1175 hci_dev_lock(hdev);
1113 if (test_bit(HCI_MGMT, &hdev->flags)) 1176 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1114 mgmt_start_discovery_failed(hdev, status); 1177 mgmt_start_discovery_failed(hdev, status);
1115 hci_dev_unlock(hdev); 1178 hci_dev_unlock(hdev);
1116 return; 1179 return;
@@ -1119,7 +1182,7 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1119 set_bit(HCI_INQUIRY, &hdev->flags); 1182 set_bit(HCI_INQUIRY, &hdev->flags);
1120 1183
1121 hci_dev_lock(hdev); 1184 hci_dev_lock(hdev);
1122 mgmt_discovering(hdev, 1); 1185 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1123 hci_dev_unlock(hdev); 1186 hci_dev_unlock(hdev);
1124} 1187}
1125 1188
@@ -1153,7 +1216,7 @@ static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1153 if (!conn) { 1216 if (!conn) {
1154 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr); 1217 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1155 if (conn) { 1218 if (conn) {
1156 conn->out = 1; 1219 conn->out = true;
1157 conn->link_mode |= HCI_LM_MASTER; 1220 conn->link_mode |= HCI_LM_MASTER;
1158 } else 1221 } else
1159 BT_ERR("No memory for new connection"); 1222 BT_ERR("No memory for new connection");
@@ -1263,7 +1326,7 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1263 1326
1264 /* Only request authentication for SSP connections or non-SSP 1327 /* Only request authentication for SSP connections or non-SSP
1265 * devices with sec_level HIGH or if MITM protection is requested */ 1328 * devices with sec_level HIGH or if MITM protection is requested */
1266 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && 1329 if (!hci_conn_ssp_enabled(conn) &&
1267 conn->pending_sec_level != BT_SECURITY_HIGH && 1330 conn->pending_sec_level != BT_SECURITY_HIGH &&
1268 !(conn->auth_type & 0x01)) 1331 !(conn->auth_type & 0x01))
1269 return 0; 1332 return 0;
@@ -1271,6 +1334,73 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1271 return 1; 1334 return 1;
1272} 1335}
1273 1336
1337static inline int hci_resolve_name(struct hci_dev *hdev,
1338 struct inquiry_entry *e)
1339{
1340 struct hci_cp_remote_name_req cp;
1341
1342 memset(&cp, 0, sizeof(cp));
1343
1344 bacpy(&cp.bdaddr, &e->data.bdaddr);
1345 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1346 cp.pscan_mode = e->data.pscan_mode;
1347 cp.clock_offset = e->data.clock_offset;
1348
1349 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1350}
1351
1352static bool hci_resolve_next_name(struct hci_dev *hdev)
1353{
1354 struct discovery_state *discov = &hdev->discovery;
1355 struct inquiry_entry *e;
1356
1357 if (list_empty(&discov->resolve))
1358 return false;
1359
1360 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1361 if (hci_resolve_name(hdev, e) == 0) {
1362 e->name_state = NAME_PENDING;
1363 return true;
1364 }
1365
1366 return false;
1367}
1368
1369static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1370 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1371{
1372 struct discovery_state *discov = &hdev->discovery;
1373 struct inquiry_entry *e;
1374
1375 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1376 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1377 name_len, conn->dev_class);
1378
1379 if (discov->state == DISCOVERY_STOPPED)
1380 return;
1381
1382 if (discov->state == DISCOVERY_STOPPING)
1383 goto discov_complete;
1384
1385 if (discov->state != DISCOVERY_RESOLVING)
1386 return;
1387
1388 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1389 if (e) {
1390 e->name_state = NAME_KNOWN;
1391 list_del(&e->list);
1392 if (name)
1393 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1394 e->data.rssi, name, name_len);
1395 }
1396
1397 if (hci_resolve_next_name(hdev))
1398 return;
1399
1400discov_complete:
1401 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1402}
1403
1274static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 1404static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1275{ 1405{
1276 struct hci_cp_remote_name_req *cp; 1406 struct hci_cp_remote_name_req *cp;
@@ -1290,13 +1420,17 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1290 hci_dev_lock(hdev); 1420 hci_dev_lock(hdev);
1291 1421
1292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1422 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1423
1424 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1425 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1426
1293 if (!conn) 1427 if (!conn)
1294 goto unlock; 1428 goto unlock;
1295 1429
1296 if (!hci_outgoing_auth_needed(hdev, conn)) 1430 if (!hci_outgoing_auth_needed(hdev, conn))
1297 goto unlock; 1431 goto unlock;
1298 1432
1299 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 1433 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1300 struct hci_cp_auth_requested cp; 1434 struct hci_cp_auth_requested cp;
1301 cp.handle = __cpu_to_le16(conn->handle); 1435 cp.handle = __cpu_to_le16(conn->handle);
1302 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1436 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
@@ -1413,9 +1547,9 @@ static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1413 1547
1414 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1548 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1415 if (conn) { 1549 if (conn) {
1416 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1550 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1417 1551
1418 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1552 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1419 hci_sco_setup(conn, status); 1553 hci_sco_setup(conn, status);
1420 } 1554 }
1421 1555
@@ -1440,15 +1574,37 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1440 1574
1441 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 1575 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1442 if (conn) { 1576 if (conn) {
1443 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 1577 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1444 1578
1445 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 1579 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1446 hci_sco_setup(conn, status); 1580 hci_sco_setup(conn, status);
1447 } 1581 }
1448 1582
1449 hci_dev_unlock(hdev); 1583 hci_dev_unlock(hdev);
1450} 1584}
1451 1585
1586static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1587{
1588 struct hci_cp_disconnect *cp;
1589 struct hci_conn *conn;
1590
1591 if (!status)
1592 return;
1593
1594 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1595 if (!cp)
1596 return;
1597
1598 hci_dev_lock(hdev);
1599
1600 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1601 if (conn)
1602 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1603 conn->dst_type, status);
1604
1605 hci_dev_unlock(hdev);
1606}
1607
1452static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status) 1608static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1453{ 1609{
1454 struct hci_cp_le_create_conn *cp; 1610 struct hci_cp_le_create_conn *cp;
@@ -1478,7 +1634,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1478 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr); 1634 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1479 if (conn) { 1635 if (conn) {
1480 conn->dst_type = cp->peer_addr_type; 1636 conn->dst_type = cp->peer_addr_type;
1481 conn->out = 1; 1637 conn->out = true;
1482 } else { 1638 } else {
1483 BT_ERR("No memory for new connection"); 1639 BT_ERR("No memory for new connection");
1484 } 1640 }
@@ -1496,6 +1652,8 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1496static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1652static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1497{ 1653{
1498 __u8 status = *((__u8 *) skb->data); 1654 __u8 status = *((__u8 *) skb->data);
1655 struct discovery_state *discov = &hdev->discovery;
1656 struct inquiry_entry *e;
1499 1657
1500 BT_DBG("%s status %d", hdev->name, status); 1658 BT_DBG("%s status %d", hdev->name, status);
1501 1659
@@ -1506,8 +1664,28 @@ static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff
1506 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1664 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1507 return; 1665 return;
1508 1666
1667 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1668 return;
1669
1509 hci_dev_lock(hdev); 1670 hci_dev_lock(hdev);
1510 mgmt_discovering(hdev, 0); 1671
1672 if (discov->state != DISCOVERY_FINDING)
1673 goto unlock;
1674
1675 if (list_empty(&discov->resolve)) {
1676 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1677 goto unlock;
1678 }
1679
1680 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1681 if (e && hci_resolve_name(hdev, e) == 0) {
1682 e->name_state = NAME_PENDING;
1683 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1684 } else {
1685 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1686 }
1687
1688unlock:
1511 hci_dev_unlock(hdev); 1689 hci_dev_unlock(hdev);
1512} 1690}
1513 1691
@@ -1525,6 +1703,8 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
1525 hci_dev_lock(hdev); 1703 hci_dev_lock(hdev);
1526 1704
1527 for (; num_rsp; num_rsp--, info++) { 1705 for (; num_rsp; num_rsp--, info++) {
1706 bool name_known, ssp;
1707
1528 bacpy(&data.bdaddr, &info->bdaddr); 1708 bacpy(&data.bdaddr, &info->bdaddr);
1529 data.pscan_rep_mode = info->pscan_rep_mode; 1709 data.pscan_rep_mode = info->pscan_rep_mode;
1530 data.pscan_period_mode = info->pscan_period_mode; 1710 data.pscan_period_mode = info->pscan_period_mode;
@@ -1533,9 +1713,11 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
1533 data.clock_offset = info->clock_offset; 1713 data.clock_offset = info->clock_offset;
1534 data.rssi = 0x00; 1714 data.rssi = 0x00;
1535 data.ssp_mode = 0x00; 1715 data.ssp_mode = 0x00;
1536 hci_inquiry_cache_update(hdev, &data); 1716
1717 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1537 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 1718 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1538 info->dev_class, 0, NULL); 1719 info->dev_class, 0, !name_known, ssp, NULL,
1720 0);
1539 } 1721 }
1540 1722
1541 hci_dev_unlock(hdev); 1723 hci_dev_unlock(hdev);
@@ -1569,8 +1751,6 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1569 conn->state = BT_CONFIG; 1751 conn->state = BT_CONFIG;
1570 hci_conn_hold(conn); 1752 hci_conn_hold(conn);
1571 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1753 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1572 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1573 conn->dst_type);
1574 } else 1754 } else
1575 conn->state = BT_CONNECTED; 1755 conn->state = BT_CONNECTED;
1576 1756
@@ -1588,7 +1768,7 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1588 struct hci_cp_read_remote_features cp; 1768 struct hci_cp_read_remote_features cp;
1589 cp.handle = ev->handle; 1769 cp.handle = ev->handle;
1590 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, 1770 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1591 sizeof(cp), &cp); 1771 sizeof(cp), &cp);
1592 } 1772 }
1593 1773
1594 /* Set packet type for incoming connection */ 1774 /* Set packet type for incoming connection */
@@ -1596,14 +1776,14 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1596 struct hci_cp_change_conn_ptype cp; 1776 struct hci_cp_change_conn_ptype cp;
1597 cp.handle = ev->handle; 1777 cp.handle = ev->handle;
1598 cp.pkt_type = cpu_to_le16(conn->pkt_type); 1778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1599 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, 1779 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1600 sizeof(cp), &cp); 1780 &cp);
1601 } 1781 }
1602 } else { 1782 } else {
1603 conn->state = BT_CLOSED; 1783 conn->state = BT_CLOSED;
1604 if (conn->type == ACL_LINK) 1784 if (conn->type == ACL_LINK)
1605 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type, 1785 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1606 conn->dst_type, ev->status); 1786 conn->dst_type, ev->status);
1607 } 1787 }
1608 1788
1609 if (conn->type == ACL_LINK) 1789 if (conn->type == ACL_LINK)
@@ -1668,8 +1848,8 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
1668 else 1848 else
1669 cp.role = 0x01; /* Remain slave */ 1849 cp.role = 0x01; /* Remain slave */
1670 1850
1671 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, 1851 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1672 sizeof(cp), &cp); 1852 &cp);
1673 } else { 1853 } else {
1674 struct hci_cp_accept_sync_conn_req cp; 1854 struct hci_cp_accept_sync_conn_req cp;
1675 1855
@@ -1683,7 +1863,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
1683 cp.retrans_effort = 0xff; 1863 cp.retrans_effort = 0xff;
1684 1864
1685 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 1865 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1686 sizeof(cp), &cp); 1866 sizeof(cp), &cp);
1687 } 1867 }
1688 } else { 1868 } else {
1689 /* Connection rejected */ 1869 /* Connection rejected */
@@ -1711,12 +1891,14 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff
1711 if (ev->status == 0) 1891 if (ev->status == 0)
1712 conn->state = BT_CLOSED; 1892 conn->state = BT_CLOSED;
1713 1893
1714 if (conn->type == ACL_LINK || conn->type == LE_LINK) { 1894 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1895 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1715 if (ev->status != 0) 1896 if (ev->status != 0)
1716 mgmt_disconnect_failed(hdev, &conn->dst, ev->status); 1897 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1898 conn->dst_type, ev->status);
1717 else 1899 else
1718 mgmt_disconnected(hdev, &conn->dst, conn->type, 1900 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1719 conn->dst_type); 1901 conn->dst_type);
1720 } 1902 }
1721 1903
1722 if (ev->status == 0) { 1904 if (ev->status == 0) {
@@ -1742,22 +1924,23 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1742 goto unlock; 1924 goto unlock;
1743 1925
1744 if (!ev->status) { 1926 if (!ev->status) {
1745 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) && 1927 if (!hci_conn_ssp_enabled(conn) &&
1746 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) { 1928 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1747 BT_INFO("re-auth of legacy device is not possible."); 1929 BT_INFO("re-auth of legacy device is not possible.");
1748 } else { 1930 } else {
1749 conn->link_mode |= HCI_LM_AUTH; 1931 conn->link_mode |= HCI_LM_AUTH;
1750 conn->sec_level = conn->pending_sec_level; 1932 conn->sec_level = conn->pending_sec_level;
1751 } 1933 }
1752 } else { 1934 } else {
1753 mgmt_auth_failed(hdev, &conn->dst, ev->status); 1935 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1936 ev->status);
1754 } 1937 }
1755 1938
1756 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1939 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1757 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend); 1940 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1758 1941
1759 if (conn->state == BT_CONFIG) { 1942 if (conn->state == BT_CONFIG) {
1760 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) { 1943 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1761 struct hci_cp_set_conn_encrypt cp; 1944 struct hci_cp_set_conn_encrypt cp;
1762 cp.handle = ev->handle; 1945 cp.handle = ev->handle;
1763 cp.encrypt = 0x01; 1946 cp.encrypt = 0x01;
@@ -1776,7 +1959,7 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1776 hci_conn_put(conn); 1959 hci_conn_put(conn);
1777 } 1960 }
1778 1961
1779 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1962 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1780 if (!ev->status) { 1963 if (!ev->status) {
1781 struct hci_cp_set_conn_encrypt cp; 1964 struct hci_cp_set_conn_encrypt cp;
1782 cp.handle = ev->handle; 1965 cp.handle = ev->handle;
@@ -1784,7 +1967,7 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1784 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), 1967 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1785 &cp); 1968 &cp);
1786 } else { 1969 } else {
1787 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1970 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1788 hci_encrypt_cfm(conn, ev->status, 0x00); 1971 hci_encrypt_cfm(conn, ev->status, 0x00);
1789 } 1972 }
1790 } 1973 }
@@ -1804,17 +1987,25 @@ static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb
1804 1987
1805 hci_dev_lock(hdev); 1988 hci_dev_lock(hdev);
1806 1989
1807 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1808 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1809
1810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1990 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1991
1992 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1993 goto check_auth;
1994
1995 if (ev->status == 0)
1996 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
1997 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
1998 else
1999 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2000
2001check_auth:
1811 if (!conn) 2002 if (!conn)
1812 goto unlock; 2003 goto unlock;
1813 2004
1814 if (!hci_outgoing_auth_needed(hdev, conn)) 2005 if (!hci_outgoing_auth_needed(hdev, conn))
1815 goto unlock; 2006 goto unlock;
1816 2007
1817 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 2008 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1818 struct hci_cp_auth_requested cp; 2009 struct hci_cp_auth_requested cp;
1819 cp.handle = __cpu_to_le16(conn->handle); 2010 cp.handle = __cpu_to_le16(conn->handle);
1820 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 2011 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
@@ -1845,7 +2036,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
1845 conn->link_mode &= ~HCI_LM_ENCRYPT; 2036 conn->link_mode &= ~HCI_LM_ENCRYPT;
1846 } 2037 }
1847 2038
1848 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 2039 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
1849 2040
1850 if (conn->state == BT_CONFIG) { 2041 if (conn->state == BT_CONFIG) {
1851 if (!ev->status) 2042 if (!ev->status)
@@ -1874,7 +2065,7 @@ static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct
1874 if (!ev->status) 2065 if (!ev->status)
1875 conn->link_mode |= HCI_LM_SECURE; 2066 conn->link_mode |= HCI_LM_SECURE;
1876 2067
1877 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 2068 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1878 2069
1879 hci_key_change_cfm(conn, ev->status); 2070 hci_key_change_cfm(conn, ev->status);
1880 } 2071 }
@@ -1916,7 +2107,10 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
1916 bacpy(&cp.bdaddr, &conn->dst); 2107 bacpy(&cp.bdaddr, &conn->dst);
1917 cp.pscan_rep_mode = 0x02; 2108 cp.pscan_rep_mode = 0x02;
1918 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2109 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1919 } 2110 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2111 mgmt_device_connected(hdev, &conn->dst, conn->type,
2112 conn->dst_type, 0, NULL, 0,
2113 conn->dev_class);
1920 2114
1921 if (!hci_outgoing_auth_needed(hdev, conn)) { 2115 if (!hci_outgoing_auth_needed(hdev, conn)) {
1922 conn->state = BT_CONNECTED; 2116 conn->state = BT_CONNECTED;
@@ -2024,10 +2218,6 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
2024 hci_cc_host_buffer_size(hdev, skb); 2218 hci_cc_host_buffer_size(hdev, skb);
2025 break; 2219 break;
2026 2220
2027 case HCI_OP_READ_SSP_MODE:
2028 hci_cc_read_ssp_mode(hdev, skb);
2029 break;
2030
2031 case HCI_OP_WRITE_SSP_MODE: 2221 case HCI_OP_WRITE_SSP_MODE:
2032 hci_cc_write_ssp_mode(hdev, skb); 2222 hci_cc_write_ssp_mode(hdev, skb);
2033 break; 2223 break;
@@ -2213,8 +2403,7 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2213 break; 2403 break;
2214 2404
2215 case HCI_OP_DISCONNECT: 2405 case HCI_OP_DISCONNECT:
2216 if (ev->status != 0) 2406 hci_cs_disconnect(hdev, ev->status);
2217 mgmt_disconnect_failed(hdev, NULL, ev->status);
2218 break; 2407 break;
2219 2408
2220 case HCI_OP_LE_CREATE_CONN: 2409 case HCI_OP_LE_CREATE_CONN:
@@ -2258,7 +2447,7 @@ static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb
2258 conn->link_mode |= HCI_LM_MASTER; 2447 conn->link_mode |= HCI_LM_MASTER;
2259 } 2448 }
2260 2449
2261 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend); 2450 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2262 2451
2263 hci_role_switch_cfm(conn, ev->status, ev->role); 2452 hci_role_switch_cfm(conn, ev->status, ev->role);
2264 } 2453 }
@@ -2332,6 +2521,56 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
2332 queue_work(hdev->workqueue, &hdev->tx_work); 2521 queue_work(hdev->workqueue, &hdev->tx_work);
2333} 2522}
2334 2523
2524static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2525 struct sk_buff *skb)
2526{
2527 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2528 int i;
2529
2530 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2531 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2532 return;
2533 }
2534
2535 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2536 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2537 BT_DBG("%s bad parameters", hdev->name);
2538 return;
2539 }
2540
2541 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2542 ev->num_hndl);
2543
2544 for (i = 0; i < ev->num_hndl; i++) {
2545 struct hci_comp_blocks_info *info = &ev->handles[i];
2546 struct hci_conn *conn;
2547 __u16 handle, block_count;
2548
2549 handle = __le16_to_cpu(info->handle);
2550 block_count = __le16_to_cpu(info->blocks);
2551
2552 conn = hci_conn_hash_lookup_handle(hdev, handle);
2553 if (!conn)
2554 continue;
2555
2556 conn->sent -= block_count;
2557
2558 switch (conn->type) {
2559 case ACL_LINK:
2560 hdev->block_cnt += block_count;
2561 if (hdev->block_cnt > hdev->num_blocks)
2562 hdev->block_cnt = hdev->num_blocks;
2563 break;
2564
2565 default:
2566 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2567 break;
2568 }
2569 }
2570
2571 queue_work(hdev->workqueue, &hdev->tx_work);
2572}
2573
2335static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 2574static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2336{ 2575{
2337 struct hci_ev_mode_change *ev = (void *) skb->data; 2576 struct hci_ev_mode_change *ev = (void *) skb->data;
@@ -2346,14 +2585,14 @@ static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb
2346 conn->mode = ev->mode; 2585 conn->mode = ev->mode;
2347 conn->interval = __le16_to_cpu(ev->interval); 2586 conn->interval = __le16_to_cpu(ev->interval);
2348 2587
2349 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 2588 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2350 if (conn->mode == HCI_CM_ACTIVE) 2589 if (conn->mode == HCI_CM_ACTIVE)
2351 conn->power_save = 1; 2590 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2352 else 2591 else
2353 conn->power_save = 0; 2592 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2354 } 2593 }
2355 2594
2356 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend)) 2595 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2357 hci_sco_setup(conn, ev->status); 2596 hci_sco_setup(conn, ev->status);
2358 } 2597 }
2359 2598
@@ -2379,10 +2618,10 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
2379 hci_conn_put(conn); 2618 hci_conn_put(conn);
2380 } 2619 }
2381 2620
2382 if (!test_bit(HCI_PAIRABLE, &hdev->flags)) 2621 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2383 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2622 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2384 sizeof(ev->bdaddr), &ev->bdaddr); 2623 sizeof(ev->bdaddr), &ev->bdaddr);
2385 else if (test_bit(HCI_MGMT, &hdev->flags)) { 2624 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2386 u8 secure; 2625 u8 secure;
2387 2626
2388 if (conn->pending_sec_level == BT_SECURITY_HIGH) 2627 if (conn->pending_sec_level == BT_SECURITY_HIGH)
@@ -2406,7 +2645,7 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
2406 2645
2407 BT_DBG("%s", hdev->name); 2646 BT_DBG("%s", hdev->name);
2408 2647
2409 if (!test_bit(HCI_LINK_KEYS, &hdev->flags)) 2648 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2410 return; 2649 return;
2411 2650
2412 hci_dev_lock(hdev); 2651 hci_dev_lock(hdev);
@@ -2421,7 +2660,7 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
2421 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2660 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2422 batostr(&ev->bdaddr)); 2661 batostr(&ev->bdaddr));
2423 2662
2424 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && 2663 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2425 key->type == HCI_LK_DEBUG_COMBINATION) { 2664 key->type == HCI_LK_DEBUG_COMBINATION) {
2426 BT_DBG("%s ignoring debug key", hdev->name); 2665 BT_DBG("%s ignoring debug key", hdev->name);
2427 goto not_found; 2666 goto not_found;
@@ -2483,7 +2722,7 @@ static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff
2483 hci_conn_put(conn); 2722 hci_conn_put(conn);
2484 } 2723 }
2485 2724
2486 if (test_bit(HCI_LINK_KEYS, &hdev->flags)) 2725 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2487 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key, 2726 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2488 ev->key_type, pin_len); 2727 ev->key_type, pin_len);
2489 2728
@@ -2551,6 +2790,7 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
2551{ 2790{
2552 struct inquiry_data data; 2791 struct inquiry_data data;
2553 int num_rsp = *((__u8 *) skb->data); 2792 int num_rsp = *((__u8 *) skb->data);
2793 bool name_known, ssp;
2554 2794
2555 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2795 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2556 2796
@@ -2572,10 +2812,12 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
2572 data.clock_offset = info->clock_offset; 2812 data.clock_offset = info->clock_offset;
2573 data.rssi = info->rssi; 2813 data.rssi = info->rssi;
2574 data.ssp_mode = 0x00; 2814 data.ssp_mode = 0x00;
2575 hci_inquiry_cache_update(hdev, &data); 2815
2816 name_known = hci_inquiry_cache_update(hdev, &data,
2817 false, &ssp);
2576 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2818 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2577 info->dev_class, info->rssi, 2819 info->dev_class, info->rssi,
2578 NULL); 2820 !name_known, ssp, NULL, 0);
2579 } 2821 }
2580 } else { 2822 } else {
2581 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 2823 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
@@ -2589,10 +2831,11 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
2589 data.clock_offset = info->clock_offset; 2831 data.clock_offset = info->clock_offset;
2590 data.rssi = info->rssi; 2832 data.rssi = info->rssi;
2591 data.ssp_mode = 0x00; 2833 data.ssp_mode = 0x00;
2592 hci_inquiry_cache_update(hdev, &data); 2834 name_known = hci_inquiry_cache_update(hdev, &data,
2835 false, &ssp);
2593 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2836 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2594 info->dev_class, info->rssi, 2837 info->dev_class, info->rssi,
2595 NULL); 2838 !name_known, ssp, NULL, 0);
2596 } 2839 }
2597 } 2840 }
2598 2841
@@ -2617,9 +2860,10 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
2617 2860
2618 ie = hci_inquiry_cache_lookup(hdev, &conn->dst); 2861 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2619 if (ie) 2862 if (ie)
2620 ie->data.ssp_mode = (ev->features[0] & 0x01); 2863 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2621 2864
2622 conn->ssp_mode = (ev->features[0] & 0x01); 2865 if (ev->features[0] & LMP_HOST_SSP)
2866 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2623 } 2867 }
2624 2868
2625 if (conn->state != BT_CONFIG) 2869 if (conn->state != BT_CONFIG)
@@ -2631,7 +2875,10 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
2631 bacpy(&cp.bdaddr, &conn->dst); 2875 bacpy(&cp.bdaddr, &conn->dst);
2632 cp.pscan_rep_mode = 0x02; 2876 cp.pscan_rep_mode = 0x02;
2633 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp); 2877 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2634 } 2878 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2879 mgmt_device_connected(hdev, &conn->dst, conn->type,
2880 conn->dst_type, 0, NULL, 0,
2881 conn->dev_class);
2635 2882
2636 if (!hci_outgoing_auth_needed(hdev, conn)) { 2883 if (!hci_outgoing_auth_needed(hdev, conn)) {
2637 conn->state = BT_CONNECTED; 2884 conn->state = BT_CONNECTED;
@@ -2724,6 +2971,8 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
2724 hci_dev_lock(hdev); 2971 hci_dev_lock(hdev);
2725 2972
2726 for (; num_rsp; num_rsp--, info++) { 2973 for (; num_rsp; num_rsp--, info++) {
2974 bool name_known, ssp;
2975
2727 bacpy(&data.bdaddr, &info->bdaddr); 2976 bacpy(&data.bdaddr, &info->bdaddr);
2728 data.pscan_rep_mode = info->pscan_rep_mode; 2977 data.pscan_rep_mode = info->pscan_rep_mode;
2729 data.pscan_period_mode = info->pscan_period_mode; 2978 data.pscan_period_mode = info->pscan_period_mode;
@@ -2732,9 +2981,19 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
2732 data.clock_offset = info->clock_offset; 2981 data.clock_offset = info->clock_offset;
2733 data.rssi = info->rssi; 2982 data.rssi = info->rssi;
2734 data.ssp_mode = 0x01; 2983 data.ssp_mode = 0x01;
2735 hci_inquiry_cache_update(hdev, &data); 2984
2985 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2986 name_known = eir_has_data_type(info->data,
2987 sizeof(info->data),
2988 EIR_NAME_COMPLETE);
2989 else
2990 name_known = true;
2991
2992 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
2993 &ssp);
2736 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00, 2994 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2737 info->dev_class, info->rssi, info->data); 2995 info->dev_class, info->rssi, !name_known,
2996 ssp, info->data, sizeof(info->data));
2738 } 2997 }
2739 2998
2740 hci_dev_unlock(hdev); 2999 hci_dev_unlock(hdev);
@@ -2774,19 +3033,22 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
2774 3033
2775 hci_conn_hold(conn); 3034 hci_conn_hold(conn);
2776 3035
2777 if (!test_bit(HCI_MGMT, &hdev->flags)) 3036 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2778 goto unlock; 3037 goto unlock;
2779 3038
2780 if (test_bit(HCI_PAIRABLE, &hdev->flags) || 3039 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
2781 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 3040 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2782 struct hci_cp_io_capability_reply cp; 3041 struct hci_cp_io_capability_reply cp;
2783 3042
2784 bacpy(&cp.bdaddr, &ev->bdaddr); 3043 bacpy(&cp.bdaddr, &ev->bdaddr);
2785 cp.capability = conn->io_capability; 3044 /* Change the IO capability from KeyboardDisplay
3045 * to DisplayYesNo as it is not supported by BT spec. */
3046 cp.capability = (conn->io_capability == 0x04) ?
3047 0x01 : conn->io_capability;
2786 conn->auth_type = hci_get_auth_req(conn); 3048 conn->auth_type = hci_get_auth_req(conn);
2787 cp.authentication = conn->auth_type; 3049 cp.authentication = conn->auth_type;
2788 3050
2789 if ((conn->out == 0x01 || conn->remote_oob == 0x01) && 3051 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
2790 hci_find_remote_oob_data(hdev, &conn->dst)) 3052 hci_find_remote_oob_data(hdev, &conn->dst))
2791 cp.oob_data = 0x01; 3053 cp.oob_data = 0x01;
2792 else 3054 else
@@ -2822,8 +3084,9 @@ static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *s
2822 goto unlock; 3084 goto unlock;
2823 3085
2824 conn->remote_cap = ev->capability; 3086 conn->remote_cap = ev->capability;
2825 conn->remote_oob = ev->oob_data;
2826 conn->remote_auth = ev->authentication; 3087 conn->remote_auth = ev->authentication;
3088 if (ev->oob_data)
3089 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
2827 3090
2828unlock: 3091unlock:
2829 hci_dev_unlock(hdev); 3092 hci_dev_unlock(hdev);
@@ -2840,7 +3103,7 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2840 3103
2841 hci_dev_lock(hdev); 3104 hci_dev_lock(hdev);
2842 3105
2843 if (!test_bit(HCI_MGMT, &hdev->flags)) 3106 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2844 goto unlock; 3107 goto unlock;
2845 3108
2846 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 3109 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
@@ -2869,7 +3132,7 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2869 /* If we're not the initiators request authorization to 3132 /* If we're not the initiators request authorization to
2870 * proceed from user space (mgmt_user_confirm with 3133 * proceed from user space (mgmt_user_confirm with
2871 * confirm_hint set to 1). */ 3134 * confirm_hint set to 1). */
2872 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 3135 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2873 BT_DBG("Confirming auto-accept as acceptor"); 3136 BT_DBG("Confirming auto-accept as acceptor");
2874 confirm_hint = 1; 3137 confirm_hint = 1;
2875 goto confirm; 3138 goto confirm;
@@ -2890,8 +3153,8 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2890 } 3153 }
2891 3154
2892confirm: 3155confirm:
2893 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey, 3156 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
2894 confirm_hint); 3157 confirm_hint);
2895 3158
2896unlock: 3159unlock:
2897 hci_dev_unlock(hdev); 3160 hci_dev_unlock(hdev);
@@ -2906,8 +3169,8 @@ static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2906 3169
2907 hci_dev_lock(hdev); 3170 hci_dev_lock(hdev);
2908 3171
2909 if (test_bit(HCI_MGMT, &hdev->flags)) 3172 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2910 mgmt_user_passkey_request(hdev, &ev->bdaddr); 3173 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
2911 3174
2912 hci_dev_unlock(hdev); 3175 hci_dev_unlock(hdev);
2913} 3176}
@@ -2930,8 +3193,9 @@ static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_
2930 * initiated the authentication. A traditional auth_complete 3193 * initiated the authentication. A traditional auth_complete
2931 * event gets always produced as initiator and is also mapped to 3194 * event gets always produced as initiator and is also mapped to
2932 * the mgmt_auth_failed event */ 3195 * the mgmt_auth_failed event */
2933 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0) 3196 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
2934 mgmt_auth_failed(hdev, &conn->dst, ev->status); 3197 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3198 ev->status);
2935 3199
2936 hci_conn_put(conn); 3200 hci_conn_put(conn);
2937 3201
@@ -2950,13 +3214,13 @@ static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_
2950 3214
2951 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3215 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2952 if (ie) 3216 if (ie)
2953 ie->data.ssp_mode = (ev->features[0] & 0x01); 3217 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2954 3218
2955 hci_dev_unlock(hdev); 3219 hci_dev_unlock(hdev);
2956} 3220}
2957 3221
2958static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev, 3222static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2959 struct sk_buff *skb) 3223 struct sk_buff *skb)
2960{ 3224{
2961 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data; 3225 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2962 struct oob_data *data; 3226 struct oob_data *data;
@@ -2965,7 +3229,7 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2965 3229
2966 hci_dev_lock(hdev); 3230 hci_dev_lock(hdev);
2967 3231
2968 if (!test_bit(HCI_MGMT, &hdev->flags)) 3232 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2969 goto unlock; 3233 goto unlock;
2970 3234
2971 data = hci_find_remote_oob_data(hdev, &ev->bdaddr); 3235 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
@@ -3020,7 +3284,9 @@ static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff
3020 goto unlock; 3284 goto unlock;
3021 } 3285 }
3022 3286
3023 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type); 3287 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3288 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3289 conn->dst_type, 0, NULL, 0, NULL);
3024 3290
3025 conn->sec_level = BT_SECURITY_LOW; 3291 conn->sec_level = BT_SECURITY_LOW;
3026 conn->handle = __le16_to_cpu(ev->handle); 3292 conn->handle = __le16_to_cpu(ev->handle);
@@ -3040,6 +3306,7 @@ static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3040{ 3306{
3041 u8 num_reports = skb->data[0]; 3307 u8 num_reports = skb->data[0];
3042 void *ptr = &skb->data[1]; 3308 void *ptr = &skb->data[1];
3309 s8 rssi;
3043 3310
3044 hci_dev_lock(hdev); 3311 hci_dev_lock(hdev);
3045 3312
@@ -3048,6 +3315,10 @@ static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3048 3315
3049 hci_add_adv_entry(hdev, ev); 3316 hci_add_adv_entry(hdev, ev);
3050 3317
3318 rssi = ev->data[ev->length];
3319 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3320 NULL, rssi, 0, 1, ev->data, ev->length);
3321
3051 ptr += sizeof(*ev) + ev->length + 1; 3322 ptr += sizeof(*ev) + ev->length + 1;
3052 } 3323 }
3053 3324
@@ -3061,7 +3332,7 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3061 struct hci_cp_le_ltk_reply cp; 3332 struct hci_cp_le_ltk_reply cp;
3062 struct hci_cp_le_ltk_neg_reply neg; 3333 struct hci_cp_le_ltk_neg_reply neg;
3063 struct hci_conn *conn; 3334 struct hci_conn *conn;
3064 struct link_key *ltk; 3335 struct smp_ltk *ltk;
3065 3336
3066 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle)); 3337 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3067 3338
@@ -3077,10 +3348,17 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3077 3348
3078 memcpy(cp.ltk, ltk->val, sizeof(ltk->val)); 3349 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3079 cp.handle = cpu_to_le16(conn->handle); 3350 cp.handle = cpu_to_le16(conn->handle);
3080 conn->pin_length = ltk->pin_len; 3351
3352 if (ltk->authenticated)
3353 conn->sec_level = BT_SECURITY_HIGH;
3081 3354
3082 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 3355 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3083 3356
3357 if (ltk->type & HCI_SMP_STK) {
3358 list_del(&ltk->list);
3359 kfree(ltk);
3360 }
3361
3084 hci_dev_unlock(hdev); 3362 hci_dev_unlock(hdev);
3085 3363
3086 return; 3364 return;
@@ -3271,6 +3549,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3271 hci_remote_oob_data_request_evt(hdev, skb); 3549 hci_remote_oob_data_request_evt(hdev, skb);
3272 break; 3550 break;
3273 3551
3552 case HCI_EV_NUM_COMP_BLOCKS:
3553 hci_num_comp_blocks_evt(hdev, skb);
3554 break;
3555
3274 default: 3556 default:
3275 BT_DBG("%s event 0x%x", hdev->name, event); 3557 BT_DBG("%s event 0x%x", hdev->name, event);
3276 break; 3558 break;
@@ -3279,34 +3561,3 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3279 kfree_skb(skb); 3561 kfree_skb(skb);
3280 hdev->stat.evt_rx++; 3562 hdev->stat.evt_rx++;
3281} 3563}
3282
3283/* Generate internal stack event */
3284void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3285{
3286 struct hci_event_hdr *hdr;
3287 struct hci_ev_stack_internal *ev;
3288 struct sk_buff *skb;
3289
3290 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3291 if (!skb)
3292 return;
3293
3294 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3295 hdr->evt = HCI_EV_STACK_INTERNAL;
3296 hdr->plen = sizeof(*ev) + dlen;
3297
3298 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3299 ev->type = type;
3300 memcpy(ev->data, data, dlen);
3301
3302 bt_cb(skb)->incoming = 1;
3303 __net_timestamp(skb);
3304
3305 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3306 skb->dev = (void *) hdev;
3307 hci_send_to_sock(hdev, skb, NULL);
3308 kfree_skb(skb);
3309}
3310
3311module_param(enable_le, bool, 0644);
3312MODULE_PARM_DESC(enable_le, "Enable LE support");
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 0dcc96266779..63afd234283e 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -48,8 +48,9 @@
48 48
49#include <net/bluetooth/bluetooth.h> 49#include <net/bluetooth/bluetooth.h>
50#include <net/bluetooth/hci_core.h> 50#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/hci_mon.h>
51 52
52static bool enable_mgmt; 53static atomic_t monitor_promisc = ATOMIC_INIT(0);
53 54
54/* ----- HCI socket interface ----- */ 55/* ----- HCI socket interface ----- */
55 56
@@ -85,22 +86,20 @@ static struct bt_sock_list hci_sk_list = {
85}; 86};
86 87
87/* Send frame to RAW socket */ 88/* Send frame to RAW socket */
88void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb, 89void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
89 struct sock *skip_sk)
90{ 90{
91 struct sock *sk; 91 struct sock *sk;
92 struct hlist_node *node; 92 struct hlist_node *node;
93 struct sk_buff *skb_copy = NULL;
93 94
94 BT_DBG("hdev %p len %d", hdev, skb->len); 95 BT_DBG("hdev %p len %d", hdev, skb->len);
95 96
96 read_lock(&hci_sk_list.lock); 97 read_lock(&hci_sk_list.lock);
98
97 sk_for_each(sk, node, &hci_sk_list.head) { 99 sk_for_each(sk, node, &hci_sk_list.head) {
98 struct hci_filter *flt; 100 struct hci_filter *flt;
99 struct sk_buff *nskb; 101 struct sk_buff *nskb;
100 102
101 if (sk == skip_sk)
102 continue;
103
104 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev) 103 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev)
105 continue; 104 continue;
106 105
@@ -108,12 +107,9 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
108 if (skb->sk == sk) 107 if (skb->sk == sk)
109 continue; 108 continue;
110 109
111 if (bt_cb(skb)->channel != hci_pi(sk)->channel) 110 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW)
112 continue; 111 continue;
113 112
114 if (bt_cb(skb)->channel == HCI_CHANNEL_CONTROL)
115 goto clone;
116
117 /* Apply filter */ 113 /* Apply filter */
118 flt = &hci_pi(sk)->filter; 114 flt = &hci_pi(sk)->filter;
119 115
@@ -137,21 +133,303 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
137 continue; 133 continue;
138 } 134 }
139 135
140clone: 136 if (!skb_copy) {
137 /* Create a private copy with headroom */
138 skb_copy = __pskb_copy(skb, 1, GFP_ATOMIC);
139 if (!skb_copy)
140 continue;
141
142 /* Put type byte before the data */
143 memcpy(skb_push(skb_copy, 1), &bt_cb(skb)->pkt_type, 1);
144 }
145
146 nskb = skb_clone(skb_copy, GFP_ATOMIC);
147 if (!nskb)
148 continue;
149
150 if (sock_queue_rcv_skb(sk, nskb))
151 kfree_skb(nskb);
152 }
153
154 read_unlock(&hci_sk_list.lock);
155
156 kfree_skb(skb_copy);
157}
158
159/* Send frame to control socket */
160void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk)
161{
162 struct sock *sk;
163 struct hlist_node *node;
164
165 BT_DBG("len %d", skb->len);
166
167 read_lock(&hci_sk_list.lock);
168
169 sk_for_each(sk, node, &hci_sk_list.head) {
170 struct sk_buff *nskb;
171
172 /* Skip the original socket */
173 if (sk == skip_sk)
174 continue;
175
176 if (sk->sk_state != BT_BOUND)
177 continue;
178
179 if (hci_pi(sk)->channel != HCI_CHANNEL_CONTROL)
180 continue;
181
141 nskb = skb_clone(skb, GFP_ATOMIC); 182 nskb = skb_clone(skb, GFP_ATOMIC);
142 if (!nskb) 183 if (!nskb)
143 continue; 184 continue;
144 185
145 /* Put type byte before the data */ 186 if (sock_queue_rcv_skb(sk, nskb))
146 if (bt_cb(skb)->channel == HCI_CHANNEL_RAW) 187 kfree_skb(nskb);
147 memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1); 188 }
189
190 read_unlock(&hci_sk_list.lock);
191}
192
193/* Send frame to monitor socket */
194void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb)
195{
196 struct sock *sk;
197 struct hlist_node *node;
198 struct sk_buff *skb_copy = NULL;
199 __le16 opcode;
200
201 if (!atomic_read(&monitor_promisc))
202 return;
203
204 BT_DBG("hdev %p len %d", hdev, skb->len);
205
206 switch (bt_cb(skb)->pkt_type) {
207 case HCI_COMMAND_PKT:
208 opcode = __constant_cpu_to_le16(HCI_MON_COMMAND_PKT);
209 break;
210 case HCI_EVENT_PKT:
211 opcode = __constant_cpu_to_le16(HCI_MON_EVENT_PKT);
212 break;
213 case HCI_ACLDATA_PKT:
214 if (bt_cb(skb)->incoming)
215 opcode = __constant_cpu_to_le16(HCI_MON_ACL_RX_PKT);
216 else
217 opcode = __constant_cpu_to_le16(HCI_MON_ACL_TX_PKT);
218 break;
219 case HCI_SCODATA_PKT:
220 if (bt_cb(skb)->incoming)
221 opcode = __constant_cpu_to_le16(HCI_MON_SCO_RX_PKT);
222 else
223 opcode = __constant_cpu_to_le16(HCI_MON_SCO_TX_PKT);
224 break;
225 default:
226 return;
227 }
228
229 read_lock(&hci_sk_list.lock);
230
231 sk_for_each(sk, node, &hci_sk_list.head) {
232 struct sk_buff *nskb;
233
234 if (sk->sk_state != BT_BOUND)
235 continue;
236
237 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
238 continue;
239
240 if (!skb_copy) {
241 struct hci_mon_hdr *hdr;
242
243 /* Create a private copy with headroom */
244 skb_copy = __pskb_copy(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC);
245 if (!skb_copy)
246 continue;
247
248 /* Put header before the data */
249 hdr = (void *) skb_push(skb_copy, HCI_MON_HDR_SIZE);
250 hdr->opcode = opcode;
251 hdr->index = cpu_to_le16(hdev->id);
252 hdr->len = cpu_to_le16(skb->len);
253 }
254
255 nskb = skb_clone(skb_copy, GFP_ATOMIC);
256 if (!nskb)
257 continue;
258
259 if (sock_queue_rcv_skb(sk, nskb))
260 kfree_skb(nskb);
261 }
262
263 read_unlock(&hci_sk_list.lock);
264
265 kfree_skb(skb_copy);
266}
267
268static void send_monitor_event(struct sk_buff *skb)
269{
270 struct sock *sk;
271 struct hlist_node *node;
272
273 BT_DBG("len %d", skb->len);
274
275 read_lock(&hci_sk_list.lock);
276
277 sk_for_each(sk, node, &hci_sk_list.head) {
278 struct sk_buff *nskb;
279
280 if (sk->sk_state != BT_BOUND)
281 continue;
282
283 if (hci_pi(sk)->channel != HCI_CHANNEL_MONITOR)
284 continue;
285
286 nskb = skb_clone(skb, GFP_ATOMIC);
287 if (!nskb)
288 continue;
148 289
149 if (sock_queue_rcv_skb(sk, nskb)) 290 if (sock_queue_rcv_skb(sk, nskb))
150 kfree_skb(nskb); 291 kfree_skb(nskb);
151 } 292 }
293
152 read_unlock(&hci_sk_list.lock); 294 read_unlock(&hci_sk_list.lock);
153} 295}
154 296
297static struct sk_buff *create_monitor_event(struct hci_dev *hdev, int event)
298{
299 struct hci_mon_hdr *hdr;
300 struct hci_mon_new_index *ni;
301 struct sk_buff *skb;
302 __le16 opcode;
303
304 switch (event) {
305 case HCI_DEV_REG:
306 skb = bt_skb_alloc(HCI_MON_NEW_INDEX_SIZE, GFP_ATOMIC);
307 if (!skb)
308 return NULL;
309
310 ni = (void *) skb_put(skb, HCI_MON_NEW_INDEX_SIZE);
311 ni->type = hdev->dev_type;
312 ni->bus = hdev->bus;
313 bacpy(&ni->bdaddr, &hdev->bdaddr);
314 memcpy(ni->name, hdev->name, 8);
315
316 opcode = __constant_cpu_to_le16(HCI_MON_NEW_INDEX);
317 break;
318
319 case HCI_DEV_UNREG:
320 skb = bt_skb_alloc(0, GFP_ATOMIC);
321 if (!skb)
322 return NULL;
323
324 opcode = __constant_cpu_to_le16(HCI_MON_DEL_INDEX);
325 break;
326
327 default:
328 return NULL;
329 }
330
331 __net_timestamp(skb);
332
333 hdr = (void *) skb_push(skb, HCI_MON_HDR_SIZE);
334 hdr->opcode = opcode;
335 hdr->index = cpu_to_le16(hdev->id);
336 hdr->len = cpu_to_le16(skb->len - HCI_MON_HDR_SIZE);
337
338 return skb;
339}
340
341static void send_monitor_replay(struct sock *sk)
342{
343 struct hci_dev *hdev;
344
345 read_lock(&hci_dev_list_lock);
346
347 list_for_each_entry(hdev, &hci_dev_list, list) {
348 struct sk_buff *skb;
349
350 skb = create_monitor_event(hdev, HCI_DEV_REG);
351 if (!skb)
352 continue;
353
354 if (sock_queue_rcv_skb(sk, skb))
355 kfree_skb(skb);
356 }
357
358 read_unlock(&hci_dev_list_lock);
359}
360
361/* Generate internal stack event */
362static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
363{
364 struct hci_event_hdr *hdr;
365 struct hci_ev_stack_internal *ev;
366 struct sk_buff *skb;
367
368 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
369 if (!skb)
370 return;
371
372 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
373 hdr->evt = HCI_EV_STACK_INTERNAL;
374 hdr->plen = sizeof(*ev) + dlen;
375
376 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
377 ev->type = type;
378 memcpy(ev->data, data, dlen);
379
380 bt_cb(skb)->incoming = 1;
381 __net_timestamp(skb);
382
383 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
384 skb->dev = (void *) hdev;
385 hci_send_to_sock(hdev, skb);
386 kfree_skb(skb);
387}
388
389void hci_sock_dev_event(struct hci_dev *hdev, int event)
390{
391 struct hci_ev_si_device ev;
392
393 BT_DBG("hdev %s event %d", hdev->name, event);
394
395 /* Send event to monitor */
396 if (atomic_read(&monitor_promisc)) {
397 struct sk_buff *skb;
398
399 skb = create_monitor_event(hdev, event);
400 if (skb) {
401 send_monitor_event(skb);
402 kfree_skb(skb);
403 }
404 }
405
406 /* Send event to sockets */
407 ev.event = event;
408 ev.dev_id = hdev->id;
409 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
410
411 if (event == HCI_DEV_UNREG) {
412 struct sock *sk;
413 struct hlist_node *node;
414
415 /* Detach sockets from device */
416 read_lock(&hci_sk_list.lock);
417 sk_for_each(sk, node, &hci_sk_list.head) {
418 bh_lock_sock_nested(sk);
419 if (hci_pi(sk)->hdev == hdev) {
420 hci_pi(sk)->hdev = NULL;
421 sk->sk_err = EPIPE;
422 sk->sk_state = BT_OPEN;
423 sk->sk_state_change(sk);
424
425 hci_dev_put(hdev);
426 }
427 bh_unlock_sock(sk);
428 }
429 read_unlock(&hci_sk_list.lock);
430 }
431}
432
155static int hci_sock_release(struct socket *sock) 433static int hci_sock_release(struct socket *sock)
156{ 434{
157 struct sock *sk = sock->sk; 435 struct sock *sk = sock->sk;
@@ -164,6 +442,9 @@ static int hci_sock_release(struct socket *sock)
164 442
165 hdev = hci_pi(sk)->hdev; 443 hdev = hci_pi(sk)->hdev;
166 444
445 if (hci_pi(sk)->channel == HCI_CHANNEL_MONITOR)
446 atomic_dec(&monitor_promisc);
447
167 bt_sock_unlink(&hci_sk_list, sk); 448 bt_sock_unlink(&hci_sk_list, sk);
168 449
169 if (hdev) { 450 if (hdev) {
@@ -190,7 +471,7 @@ static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
190 471
191 hci_dev_lock(hdev); 472 hci_dev_lock(hdev);
192 473
193 err = hci_blacklist_add(hdev, &bdaddr); 474 err = hci_blacklist_add(hdev, &bdaddr, 0);
194 475
195 hci_dev_unlock(hdev); 476 hci_dev_unlock(hdev);
196 477
@@ -207,7 +488,7 @@ static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
207 488
208 hci_dev_lock(hdev); 489 hci_dev_lock(hdev);
209 490
210 err = hci_blacklist_del(hdev, &bdaddr); 491 err = hci_blacklist_del(hdev, &bdaddr, 0);
211 492
212 hci_dev_unlock(hdev); 493 hci_dev_unlock(hdev);
213 494
@@ -340,34 +621,69 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
340 if (haddr.hci_family != AF_BLUETOOTH) 621 if (haddr.hci_family != AF_BLUETOOTH)
341 return -EINVAL; 622 return -EINVAL;
342 623
343 if (haddr.hci_channel > HCI_CHANNEL_CONTROL)
344 return -EINVAL;
345
346 if (haddr.hci_channel == HCI_CHANNEL_CONTROL) {
347 if (!enable_mgmt)
348 return -EINVAL;
349 set_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags);
350 }
351
352 lock_sock(sk); 624 lock_sock(sk);
353 625
354 if (sk->sk_state == BT_BOUND || hci_pi(sk)->hdev) { 626 if (sk->sk_state == BT_BOUND) {
355 err = -EALREADY; 627 err = -EALREADY;
356 goto done; 628 goto done;
357 } 629 }
358 630
359 if (haddr.hci_dev != HCI_DEV_NONE) { 631 switch (haddr.hci_channel) {
360 hdev = hci_dev_get(haddr.hci_dev); 632 case HCI_CHANNEL_RAW:
361 if (!hdev) { 633 if (hci_pi(sk)->hdev) {
362 err = -ENODEV; 634 err = -EALREADY;
363 goto done; 635 goto done;
364 } 636 }
365 637
366 atomic_inc(&hdev->promisc); 638 if (haddr.hci_dev != HCI_DEV_NONE) {
639 hdev = hci_dev_get(haddr.hci_dev);
640 if (!hdev) {
641 err = -ENODEV;
642 goto done;
643 }
644
645 atomic_inc(&hdev->promisc);
646 }
647
648 hci_pi(sk)->hdev = hdev;
649 break;
650
651 case HCI_CHANNEL_CONTROL:
652 if (haddr.hci_dev != HCI_DEV_NONE) {
653 err = -EINVAL;
654 goto done;
655 }
656
657 if (!capable(CAP_NET_ADMIN)) {
658 err = -EPERM;
659 goto done;
660 }
661
662 break;
663
664 case HCI_CHANNEL_MONITOR:
665 if (haddr.hci_dev != HCI_DEV_NONE) {
666 err = -EINVAL;
667 goto done;
668 }
669
670 if (!capable(CAP_NET_RAW)) {
671 err = -EPERM;
672 goto done;
673 }
674
675 send_monitor_replay(sk);
676
677 atomic_inc(&monitor_promisc);
678 break;
679
680 default:
681 err = -EINVAL;
682 goto done;
367 } 683 }
368 684
685
369 hci_pi(sk)->channel = haddr.hci_channel; 686 hci_pi(sk)->channel = haddr.hci_channel;
370 hci_pi(sk)->hdev = hdev;
371 sk->sk_state = BT_BOUND; 687 sk->sk_state = BT_BOUND;
372 688
373done: 689done:
@@ -461,7 +777,15 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
461 skb_reset_transport_header(skb); 777 skb_reset_transport_header(skb);
462 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 778 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
463 779
464 hci_sock_cmsg(sk, msg, skb); 780 switch (hci_pi(sk)->channel) {
781 case HCI_CHANNEL_RAW:
782 hci_sock_cmsg(sk, msg, skb);
783 break;
784 case HCI_CHANNEL_CONTROL:
785 case HCI_CHANNEL_MONITOR:
786 sock_recv_timestamp(msg, sk, skb);
787 break;
788 }
465 789
466 skb_free_datagram(sk, skb); 790 skb_free_datagram(sk, skb);
467 791
@@ -495,6 +819,9 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
495 case HCI_CHANNEL_CONTROL: 819 case HCI_CHANNEL_CONTROL:
496 err = mgmt_control(sk, msg, len); 820 err = mgmt_control(sk, msg, len);
497 goto done; 821 goto done;
822 case HCI_CHANNEL_MONITOR:
823 err = -EOPNOTSUPP;
824 goto done;
498 default: 825 default:
499 err = -EINVAL; 826 err = -EINVAL;
500 goto done; 827 goto done;
@@ -574,6 +901,11 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char
574 901
575 lock_sock(sk); 902 lock_sock(sk);
576 903
904 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
905 err = -EINVAL;
906 goto done;
907 }
908
577 switch (optname) { 909 switch (optname) {
578 case HCI_DATA_DIR: 910 case HCI_DATA_DIR:
579 if (get_user(opt, (int __user *)optval)) { 911 if (get_user(opt, (int __user *)optval)) {
@@ -636,6 +968,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, char
636 break; 968 break;
637 } 969 }
638 970
971done:
639 release_sock(sk); 972 release_sock(sk);
640 return err; 973 return err;
641} 974}
@@ -644,11 +977,20 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
644{ 977{
645 struct hci_ufilter uf; 978 struct hci_ufilter uf;
646 struct sock *sk = sock->sk; 979 struct sock *sk = sock->sk;
647 int len, opt; 980 int len, opt, err = 0;
981
982 BT_DBG("sk %p, opt %d", sk, optname);
648 983
649 if (get_user(len, optlen)) 984 if (get_user(len, optlen))
650 return -EFAULT; 985 return -EFAULT;
651 986
987 lock_sock(sk);
988
989 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) {
990 err = -EINVAL;
991 goto done;
992 }
993
652 switch (optname) { 994 switch (optname) {
653 case HCI_DATA_DIR: 995 case HCI_DATA_DIR:
654 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR) 996 if (hci_pi(sk)->cmsg_mask & HCI_CMSG_DIR)
@@ -657,7 +999,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
657 opt = 0; 999 opt = 0;
658 1000
659 if (put_user(opt, optval)) 1001 if (put_user(opt, optval))
660 return -EFAULT; 1002 err = -EFAULT;
661 break; 1003 break;
662 1004
663 case HCI_TIME_STAMP: 1005 case HCI_TIME_STAMP:
@@ -667,7 +1009,7 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
667 opt = 0; 1009 opt = 0;
668 1010
669 if (put_user(opt, optval)) 1011 if (put_user(opt, optval))
670 return -EFAULT; 1012 err = -EFAULT;
671 break; 1013 break;
672 1014
673 case HCI_FILTER: 1015 case HCI_FILTER:
@@ -682,15 +1024,17 @@ static int hci_sock_getsockopt(struct socket *sock, int level, int optname, char
682 1024
683 len = min_t(unsigned int, len, sizeof(uf)); 1025 len = min_t(unsigned int, len, sizeof(uf));
684 if (copy_to_user(optval, &uf, len)) 1026 if (copy_to_user(optval, &uf, len))
685 return -EFAULT; 1027 err = -EFAULT;
686 break; 1028 break;
687 1029
688 default: 1030 default:
689 return -ENOPROTOOPT; 1031 err = -ENOPROTOOPT;
690 break; 1032 break;
691 } 1033 }
692 1034
693 return 0; 1035done:
1036 release_sock(sk);
1037 return err;
694} 1038}
695 1039
696static const struct proto_ops hci_sock_ops = { 1040static const struct proto_ops hci_sock_ops = {
@@ -748,52 +1092,12 @@ static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
748 return 0; 1092 return 0;
749} 1093}
750 1094
751static int hci_sock_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
752{
753 struct hci_dev *hdev = (struct hci_dev *) ptr;
754 struct hci_ev_si_device ev;
755
756 BT_DBG("hdev %s event %ld", hdev->name, event);
757
758 /* Send event to sockets */
759 ev.event = event;
760 ev.dev_id = hdev->id;
761 hci_si_event(NULL, HCI_EV_SI_DEVICE, sizeof(ev), &ev);
762
763 if (event == HCI_DEV_UNREG) {
764 struct sock *sk;
765 struct hlist_node *node;
766
767 /* Detach sockets from device */
768 read_lock(&hci_sk_list.lock);
769 sk_for_each(sk, node, &hci_sk_list.head) {
770 bh_lock_sock_nested(sk);
771 if (hci_pi(sk)->hdev == hdev) {
772 hci_pi(sk)->hdev = NULL;
773 sk->sk_err = EPIPE;
774 sk->sk_state = BT_OPEN;
775 sk->sk_state_change(sk);
776
777 hci_dev_put(hdev);
778 }
779 bh_unlock_sock(sk);
780 }
781 read_unlock(&hci_sk_list.lock);
782 }
783
784 return NOTIFY_DONE;
785}
786
787static const struct net_proto_family hci_sock_family_ops = { 1095static const struct net_proto_family hci_sock_family_ops = {
788 .family = PF_BLUETOOTH, 1096 .family = PF_BLUETOOTH,
789 .owner = THIS_MODULE, 1097 .owner = THIS_MODULE,
790 .create = hci_sock_create, 1098 .create = hci_sock_create,
791}; 1099};
792 1100
793static struct notifier_block hci_sock_nblock = {
794 .notifier_call = hci_sock_dev_event
795};
796
797int __init hci_sock_init(void) 1101int __init hci_sock_init(void)
798{ 1102{
799 int err; 1103 int err;
@@ -806,8 +1110,6 @@ int __init hci_sock_init(void)
806 if (err < 0) 1110 if (err < 0)
807 goto error; 1111 goto error;
808 1112
809 hci_register_notifier(&hci_sock_nblock);
810
811 BT_INFO("HCI socket layer initialized"); 1113 BT_INFO("HCI socket layer initialized");
812 1114
813 return 0; 1115 return 0;
@@ -823,10 +1125,5 @@ void hci_sock_cleanup(void)
823 if (bt_sock_unregister(BTPROTO_HCI) < 0) 1125 if (bt_sock_unregister(BTPROTO_HCI) < 0)
824 BT_ERR("HCI socket unregistration failed"); 1126 BT_ERR("HCI socket unregistration failed");
825 1127
826 hci_unregister_notifier(&hci_sock_nblock);
827
828 proto_unregister(&hci_sk_proto); 1128 proto_unregister(&hci_sk_proto);
829} 1129}
830
831module_param(enable_mgmt, bool, 0644);
832MODULE_PARM_DESC(enable_mgmt, "Enable Management interface");
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 521095614235..bc154298979a 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -33,19 +33,19 @@ static inline char *link_typetostr(int type)
33 33
34static ssize_t show_link_type(struct device *dev, struct device_attribute *attr, char *buf) 34static ssize_t show_link_type(struct device *dev, struct device_attribute *attr, char *buf)
35{ 35{
36 struct hci_conn *conn = dev_get_drvdata(dev); 36 struct hci_conn *conn = to_hci_conn(dev);
37 return sprintf(buf, "%s\n", link_typetostr(conn->type)); 37 return sprintf(buf, "%s\n", link_typetostr(conn->type));
38} 38}
39 39
40static ssize_t show_link_address(struct device *dev, struct device_attribute *attr, char *buf) 40static ssize_t show_link_address(struct device *dev, struct device_attribute *attr, char *buf)
41{ 41{
42 struct hci_conn *conn = dev_get_drvdata(dev); 42 struct hci_conn *conn = to_hci_conn(dev);
43 return sprintf(buf, "%s\n", batostr(&conn->dst)); 43 return sprintf(buf, "%s\n", batostr(&conn->dst));
44} 44}
45 45
46static ssize_t show_link_features(struct device *dev, struct device_attribute *attr, char *buf) 46static ssize_t show_link_features(struct device *dev, struct device_attribute *attr, char *buf)
47{ 47{
48 struct hci_conn *conn = dev_get_drvdata(dev); 48 struct hci_conn *conn = to_hci_conn(dev);
49 49
50 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", 50 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
51 conn->features[0], conn->features[1], 51 conn->features[0], conn->features[1],
@@ -79,8 +79,8 @@ static const struct attribute_group *bt_link_groups[] = {
79 79
80static void bt_link_release(struct device *dev) 80static void bt_link_release(struct device *dev)
81{ 81{
82 void *data = dev_get_drvdata(dev); 82 struct hci_conn *conn = to_hci_conn(dev);
83 kfree(data); 83 kfree(conn);
84} 84}
85 85
86static struct device_type bt_link = { 86static struct device_type bt_link = {
@@ -120,8 +120,6 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
120 120
121 dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle); 121 dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle);
122 122
123 dev_set_drvdata(&conn->dev, conn);
124
125 if (device_add(&conn->dev) < 0) { 123 if (device_add(&conn->dev) < 0) {
126 BT_ERR("Failed to register connection device"); 124 BT_ERR("Failed to register connection device");
127 return; 125 return;
@@ -189,19 +187,19 @@ static inline char *host_typetostr(int type)
189 187
190static ssize_t show_bus(struct device *dev, struct device_attribute *attr, char *buf) 188static ssize_t show_bus(struct device *dev, struct device_attribute *attr, char *buf)
191{ 189{
192 struct hci_dev *hdev = dev_get_drvdata(dev); 190 struct hci_dev *hdev = to_hci_dev(dev);
193 return sprintf(buf, "%s\n", host_bustostr(hdev->bus)); 191 return sprintf(buf, "%s\n", host_bustostr(hdev->bus));
194} 192}
195 193
196static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf) 194static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf)
197{ 195{
198 struct hci_dev *hdev = dev_get_drvdata(dev); 196 struct hci_dev *hdev = to_hci_dev(dev);
199 return sprintf(buf, "%s\n", host_typetostr(hdev->dev_type)); 197 return sprintf(buf, "%s\n", host_typetostr(hdev->dev_type));
200} 198}
201 199
202static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf) 200static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf)
203{ 201{
204 struct hci_dev *hdev = dev_get_drvdata(dev); 202 struct hci_dev *hdev = to_hci_dev(dev);
205 char name[HCI_MAX_NAME_LENGTH + 1]; 203 char name[HCI_MAX_NAME_LENGTH + 1];
206 int i; 204 int i;
207 205
@@ -214,20 +212,20 @@ static ssize_t show_name(struct device *dev, struct device_attribute *attr, char
214 212
215static ssize_t show_class(struct device *dev, struct device_attribute *attr, char *buf) 213static ssize_t show_class(struct device *dev, struct device_attribute *attr, char *buf)
216{ 214{
217 struct hci_dev *hdev = dev_get_drvdata(dev); 215 struct hci_dev *hdev = to_hci_dev(dev);
218 return sprintf(buf, "0x%.2x%.2x%.2x\n", 216 return sprintf(buf, "0x%.2x%.2x%.2x\n",
219 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]); 217 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
220} 218}
221 219
222static ssize_t show_address(struct device *dev, struct device_attribute *attr, char *buf) 220static ssize_t show_address(struct device *dev, struct device_attribute *attr, char *buf)
223{ 221{
224 struct hci_dev *hdev = dev_get_drvdata(dev); 222 struct hci_dev *hdev = to_hci_dev(dev);
225 return sprintf(buf, "%s\n", batostr(&hdev->bdaddr)); 223 return sprintf(buf, "%s\n", batostr(&hdev->bdaddr));
226} 224}
227 225
228static ssize_t show_features(struct device *dev, struct device_attribute *attr, char *buf) 226static ssize_t show_features(struct device *dev, struct device_attribute *attr, char *buf)
229{ 227{
230 struct hci_dev *hdev = dev_get_drvdata(dev); 228 struct hci_dev *hdev = to_hci_dev(dev);
231 229
232 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", 230 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
233 hdev->features[0], hdev->features[1], 231 hdev->features[0], hdev->features[1],
@@ -238,31 +236,31 @@ static ssize_t show_features(struct device *dev, struct device_attribute *attr,
238 236
239static ssize_t show_manufacturer(struct device *dev, struct device_attribute *attr, char *buf) 237static ssize_t show_manufacturer(struct device *dev, struct device_attribute *attr, char *buf)
240{ 238{
241 struct hci_dev *hdev = dev_get_drvdata(dev); 239 struct hci_dev *hdev = to_hci_dev(dev);
242 return sprintf(buf, "%d\n", hdev->manufacturer); 240 return sprintf(buf, "%d\n", hdev->manufacturer);
243} 241}
244 242
245static ssize_t show_hci_version(struct device *dev, struct device_attribute *attr, char *buf) 243static ssize_t show_hci_version(struct device *dev, struct device_attribute *attr, char *buf)
246{ 244{
247 struct hci_dev *hdev = dev_get_drvdata(dev); 245 struct hci_dev *hdev = to_hci_dev(dev);
248 return sprintf(buf, "%d\n", hdev->hci_ver); 246 return sprintf(buf, "%d\n", hdev->hci_ver);
249} 247}
250 248
251static ssize_t show_hci_revision(struct device *dev, struct device_attribute *attr, char *buf) 249static ssize_t show_hci_revision(struct device *dev, struct device_attribute *attr, char *buf)
252{ 250{
253 struct hci_dev *hdev = dev_get_drvdata(dev); 251 struct hci_dev *hdev = to_hci_dev(dev);
254 return sprintf(buf, "%d\n", hdev->hci_rev); 252 return sprintf(buf, "%d\n", hdev->hci_rev);
255} 253}
256 254
257static ssize_t show_idle_timeout(struct device *dev, struct device_attribute *attr, char *buf) 255static ssize_t show_idle_timeout(struct device *dev, struct device_attribute *attr, char *buf)
258{ 256{
259 struct hci_dev *hdev = dev_get_drvdata(dev); 257 struct hci_dev *hdev = to_hci_dev(dev);
260 return sprintf(buf, "%d\n", hdev->idle_timeout); 258 return sprintf(buf, "%d\n", hdev->idle_timeout);
261} 259}
262 260
263static ssize_t store_idle_timeout(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 261static ssize_t store_idle_timeout(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
264{ 262{
265 struct hci_dev *hdev = dev_get_drvdata(dev); 263 struct hci_dev *hdev = to_hci_dev(dev);
266 unsigned int val; 264 unsigned int val;
267 int rv; 265 int rv;
268 266
@@ -280,13 +278,13 @@ static ssize_t store_idle_timeout(struct device *dev, struct device_attribute *a
280 278
281static ssize_t show_sniff_max_interval(struct device *dev, struct device_attribute *attr, char *buf) 279static ssize_t show_sniff_max_interval(struct device *dev, struct device_attribute *attr, char *buf)
282{ 280{
283 struct hci_dev *hdev = dev_get_drvdata(dev); 281 struct hci_dev *hdev = to_hci_dev(dev);
284 return sprintf(buf, "%d\n", hdev->sniff_max_interval); 282 return sprintf(buf, "%d\n", hdev->sniff_max_interval);
285} 283}
286 284
287static ssize_t store_sniff_max_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 285static ssize_t store_sniff_max_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
288{ 286{
289 struct hci_dev *hdev = dev_get_drvdata(dev); 287 struct hci_dev *hdev = to_hci_dev(dev);
290 u16 val; 288 u16 val;
291 int rv; 289 int rv;
292 290
@@ -304,13 +302,13 @@ static ssize_t store_sniff_max_interval(struct device *dev, struct device_attrib
304 302
305static ssize_t show_sniff_min_interval(struct device *dev, struct device_attribute *attr, char *buf) 303static ssize_t show_sniff_min_interval(struct device *dev, struct device_attribute *attr, char *buf)
306{ 304{
307 struct hci_dev *hdev = dev_get_drvdata(dev); 305 struct hci_dev *hdev = to_hci_dev(dev);
308 return sprintf(buf, "%d\n", hdev->sniff_min_interval); 306 return sprintf(buf, "%d\n", hdev->sniff_min_interval);
309} 307}
310 308
311static ssize_t store_sniff_min_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 309static ssize_t store_sniff_min_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
312{ 310{
313 struct hci_dev *hdev = dev_get_drvdata(dev); 311 struct hci_dev *hdev = to_hci_dev(dev);
314 u16 val; 312 u16 val;
315 int rv; 313 int rv;
316 314
@@ -370,8 +368,9 @@ static const struct attribute_group *bt_host_groups[] = {
370 368
371static void bt_host_release(struct device *dev) 369static void bt_host_release(struct device *dev)
372{ 370{
373 void *data = dev_get_drvdata(dev); 371 struct hci_dev *hdev = to_hci_dev(dev);
374 kfree(data); 372 kfree(hdev);
373 module_put(THIS_MODULE);
375} 374}
376 375
377static struct device_type bt_host = { 376static struct device_type bt_host = {
@@ -383,12 +382,12 @@ static struct device_type bt_host = {
383static int inquiry_cache_show(struct seq_file *f, void *p) 382static int inquiry_cache_show(struct seq_file *f, void *p)
384{ 383{
385 struct hci_dev *hdev = f->private; 384 struct hci_dev *hdev = f->private;
386 struct inquiry_cache *cache = &hdev->inq_cache; 385 struct discovery_state *cache = &hdev->discovery;
387 struct inquiry_entry *e; 386 struct inquiry_entry *e;
388 387
389 hci_dev_lock(hdev); 388 hci_dev_lock(hdev);
390 389
391 for (e = cache->list; e; e = e->next) { 390 list_for_each_entry(e, &cache->all, all) {
392 struct inquiry_data *data = &e->data; 391 struct inquiry_data *data = &e->data;
393 seq_printf(f, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n", 392 seq_printf(f, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
394 batostr(&data->bdaddr), 393 batostr(&data->bdaddr),
@@ -523,7 +522,7 @@ void hci_init_sysfs(struct hci_dev *hdev)
523 dev->type = &bt_host; 522 dev->type = &bt_host;
524 dev->class = bt_class; 523 dev->class = bt_class;
525 524
526 dev_set_drvdata(dev, hdev); 525 __module_get(THIS_MODULE);
527 device_initialize(dev); 526 device_initialize(dev);
528} 527}
529 528
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 178ac7f127ad..73a32d705c1f 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -160,10 +160,10 @@ static int hidp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigne
160{ 160{
161 if (cmd == HIDPGETCONNLIST) { 161 if (cmd == HIDPGETCONNLIST) {
162 struct hidp_connlist_req cl; 162 struct hidp_connlist_req cl;
163 uint32_t uci; 163 u32 uci;
164 int err; 164 int err;
165 165
166 if (get_user(cl.cnum, (uint32_t __user *) arg) || 166 if (get_user(cl.cnum, (u32 __user *) arg) ||
167 get_user(uci, (u32 __user *) (arg + 4))) 167 get_user(uci, (u32 __user *) (arg + 4)))
168 return -EFAULT; 168 return -EFAULT;
169 169
@@ -174,7 +174,7 @@ static int hidp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigne
174 174
175 err = hidp_get_connlist(&cl); 175 err = hidp_get_connlist(&cl);
176 176
177 if (!err && put_user(cl.cnum, (uint32_t __user *) arg)) 177 if (!err && put_user(cl.cnum, (u32 __user *) arg))
178 err = -EFAULT; 178 err = -EFAULT;
179 179
180 return err; 180 return err;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 32d338c30e65..3e450f4a3125 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -73,42 +73,28 @@ static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
73static void l2cap_send_disconn_req(struct l2cap_conn *conn, 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err); 74 struct l2cap_chan *chan, int err);
75 75
76static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
77
78/* ---- L2CAP channels ---- */ 76/* ---- L2CAP channels ---- */
79 77
80static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
81{ 79{
82 struct l2cap_chan *c, *r = NULL; 80 struct l2cap_chan *c;
83
84 rcu_read_lock();
85 81
86 list_for_each_entry_rcu(c, &conn->chan_l, list) { 82 list_for_each_entry(c, &conn->chan_l, list) {
87 if (c->dcid == cid) { 83 if (c->dcid == cid)
88 r = c; 84 return c;
89 break;
90 }
91 } 85 }
92 86 return NULL;
93 rcu_read_unlock();
94 return r;
95} 87}
96 88
97static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 89static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
98{ 90{
99 struct l2cap_chan *c, *r = NULL; 91 struct l2cap_chan *c;
100
101 rcu_read_lock();
102 92
103 list_for_each_entry_rcu(c, &conn->chan_l, list) { 93 list_for_each_entry(c, &conn->chan_l, list) {
104 if (c->scid == cid) { 94 if (c->scid == cid)
105 r = c; 95 return c;
106 break;
107 }
108 } 96 }
109 97 return NULL;
110 rcu_read_unlock();
111 return r;
112} 98}
113 99
114/* Find channel with given SCID. 100/* Find channel with given SCID.
@@ -117,36 +103,32 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 ci
117{ 103{
118 struct l2cap_chan *c; 104 struct l2cap_chan *c;
119 105
106 mutex_lock(&conn->chan_lock);
120 c = __l2cap_get_chan_by_scid(conn, cid); 107 c = __l2cap_get_chan_by_scid(conn, cid);
121 if (c) 108 mutex_unlock(&conn->chan_lock);
122 lock_sock(c->sk); 109
123 return c; 110 return c;
124} 111}
125 112
126static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 113static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
127{ 114{
128 struct l2cap_chan *c, *r = NULL; 115 struct l2cap_chan *c;
129
130 rcu_read_lock();
131 116
132 list_for_each_entry_rcu(c, &conn->chan_l, list) { 117 list_for_each_entry(c, &conn->chan_l, list) {
133 if (c->ident == ident) { 118 if (c->ident == ident)
134 r = c; 119 return c;
135 break;
136 }
137 } 120 }
138 121 return NULL;
139 rcu_read_unlock();
140 return r;
141} 122}
142 123
143static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 124static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
144{ 125{
145 struct l2cap_chan *c; 126 struct l2cap_chan *c;
146 127
128 mutex_lock(&conn->chan_lock);
147 c = __l2cap_get_chan_by_ident(conn, ident); 129 c = __l2cap_get_chan_by_ident(conn, ident);
148 if (c) 130 mutex_unlock(&conn->chan_lock);
149 lock_sock(c->sk); 131
150 return c; 132 return c;
151} 133}
152 134
@@ -217,51 +199,51 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
217 return 0; 199 return 0;
218} 200}
219 201
220static char *state_to_string(int state) 202static void __l2cap_state_change(struct l2cap_chan *chan, int state)
221{ 203{
222 switch(state) { 204 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
223 case BT_CONNECTED: 205 state_to_string(state));
224 return "BT_CONNECTED";
225 case BT_OPEN:
226 return "BT_OPEN";
227 case BT_BOUND:
228 return "BT_BOUND";
229 case BT_LISTEN:
230 return "BT_LISTEN";
231 case BT_CONNECT:
232 return "BT_CONNECT";
233 case BT_CONNECT2:
234 return "BT_CONNECT2";
235 case BT_CONFIG:
236 return "BT_CONFIG";
237 case BT_DISCONN:
238 return "BT_DISCONN";
239 case BT_CLOSED:
240 return "BT_CLOSED";
241 }
242 206
243 return "invalid state"; 207 chan->state = state;
208 chan->ops->state_change(chan->data, state);
244} 209}
245 210
246static void l2cap_state_change(struct l2cap_chan *chan, int state) 211static void l2cap_state_change(struct l2cap_chan *chan, int state)
247{ 212{
248 BT_DBG("%p %s -> %s", chan, state_to_string(chan->state), 213 struct sock *sk = chan->sk;
249 state_to_string(state));
250 214
251 chan->state = state; 215 lock_sock(sk);
252 chan->ops->state_change(chan->data, state); 216 __l2cap_state_change(chan, state);
217 release_sock(sk);
218}
219
220static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
221{
222 struct sock *sk = chan->sk;
223
224 sk->sk_err = err;
225}
226
227static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
228{
229 struct sock *sk = chan->sk;
230
231 lock_sock(sk);
232 __l2cap_chan_set_err(chan, err);
233 release_sock(sk);
253} 234}
254 235
255static void l2cap_chan_timeout(struct work_struct *work) 236static void l2cap_chan_timeout(struct work_struct *work)
256{ 237{
257 struct l2cap_chan *chan = container_of(work, struct l2cap_chan, 238 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
258 chan_timer.work); 239 chan_timer.work);
259 struct sock *sk = chan->sk; 240 struct l2cap_conn *conn = chan->conn;
260 int reason; 241 int reason;
261 242
262 BT_DBG("chan %p state %d", chan, chan->state); 243 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
263 244
264 lock_sock(sk); 245 mutex_lock(&conn->chan_lock);
246 l2cap_chan_lock(chan);
265 247
266 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) 248 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
267 reason = ECONNREFUSED; 249 reason = ECONNREFUSED;
@@ -273,9 +255,11 @@ static void l2cap_chan_timeout(struct work_struct *work)
273 255
274 l2cap_chan_close(chan, reason); 256 l2cap_chan_close(chan, reason);
275 257
276 release_sock(sk); 258 l2cap_chan_unlock(chan);
277 259
278 chan->ops->close(chan->data); 260 chan->ops->close(chan->data);
261 mutex_unlock(&conn->chan_lock);
262
279 l2cap_chan_put(chan); 263 l2cap_chan_put(chan);
280} 264}
281 265
@@ -287,6 +271,8 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk)
287 if (!chan) 271 if (!chan)
288 return NULL; 272 return NULL;
289 273
274 mutex_init(&chan->lock);
275
290 chan->sk = sk; 276 chan->sk = sk;
291 277
292 write_lock(&chan_list_lock); 278 write_lock(&chan_list_lock);
@@ -313,7 +299,7 @@ void l2cap_chan_destroy(struct l2cap_chan *chan)
313 l2cap_chan_put(chan); 299 l2cap_chan_put(chan);
314} 300}
315 301
316static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 302void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
317{ 303{
318 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 304 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
319 chan->psm, chan->dcid); 305 chan->psm, chan->dcid);
@@ -322,7 +308,8 @@ static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
322 308
323 chan->conn = conn; 309 chan->conn = conn;
324 310
325 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { 311 switch (chan->chan_type) {
312 case L2CAP_CHAN_CONN_ORIENTED:
326 if (conn->hcon->type == LE_LINK) { 313 if (conn->hcon->type == LE_LINK) {
327 /* LE connection */ 314 /* LE connection */
328 chan->omtu = L2CAP_LE_DEFAULT_MTU; 315 chan->omtu = L2CAP_LE_DEFAULT_MTU;
@@ -333,12 +320,16 @@ static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
333 chan->scid = l2cap_alloc_cid(conn); 320 chan->scid = l2cap_alloc_cid(conn);
334 chan->omtu = L2CAP_DEFAULT_MTU; 321 chan->omtu = L2CAP_DEFAULT_MTU;
335 } 322 }
336 } else if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { 323 break;
324
325 case L2CAP_CHAN_CONN_LESS:
337 /* Connectionless socket */ 326 /* Connectionless socket */
338 chan->scid = L2CAP_CID_CONN_LESS; 327 chan->scid = L2CAP_CID_CONN_LESS;
339 chan->dcid = L2CAP_CID_CONN_LESS; 328 chan->dcid = L2CAP_CID_CONN_LESS;
340 chan->omtu = L2CAP_DEFAULT_MTU; 329 chan->omtu = L2CAP_DEFAULT_MTU;
341 } else { 330 break;
331
332 default:
342 /* Raw socket can send/recv signalling messages only */ 333 /* Raw socket can send/recv signalling messages only */
343 chan->scid = L2CAP_CID_SIGNALING; 334 chan->scid = L2CAP_CID_SIGNALING;
344 chan->dcid = L2CAP_CID_SIGNALING; 335 chan->dcid = L2CAP_CID_SIGNALING;
@@ -354,11 +345,16 @@ static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
354 345
355 l2cap_chan_hold(chan); 346 l2cap_chan_hold(chan);
356 347
357 list_add_rcu(&chan->list, &conn->chan_l); 348 list_add(&chan->list, &conn->chan_l);
349}
350
351void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
352{
353 mutex_lock(&conn->chan_lock);
354 __l2cap_chan_add(conn, chan);
355 mutex_unlock(&conn->chan_lock);
358} 356}
359 357
360/* Delete channel.
361 * Must be called on the locked socket. */
362static void l2cap_chan_del(struct l2cap_chan *chan, int err) 358static void l2cap_chan_del(struct l2cap_chan *chan, int err)
363{ 359{
364 struct sock *sk = chan->sk; 360 struct sock *sk = chan->sk;
@@ -371,8 +367,7 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err)
371 367
372 if (conn) { 368 if (conn) {
373 /* Delete from channel list */ 369 /* Delete from channel list */
374 list_del_rcu(&chan->list); 370 list_del(&chan->list);
375 synchronize_rcu();
376 371
377 l2cap_chan_put(chan); 372 l2cap_chan_put(chan);
378 373
@@ -380,11 +375,13 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err)
380 hci_conn_put(conn->hcon); 375 hci_conn_put(conn->hcon);
381 } 376 }
382 377
383 l2cap_state_change(chan, BT_CLOSED); 378 lock_sock(sk);
379
380 __l2cap_state_change(chan, BT_CLOSED);
384 sock_set_flag(sk, SOCK_ZAPPED); 381 sock_set_flag(sk, SOCK_ZAPPED);
385 382
386 if (err) 383 if (err)
387 sk->sk_err = err; 384 __l2cap_chan_set_err(chan, err);
388 385
389 if (parent) { 386 if (parent) {
390 bt_accept_unlink(sk); 387 bt_accept_unlink(sk);
@@ -392,6 +389,8 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err)
392 } else 389 } else
393 sk->sk_state_change(sk); 390 sk->sk_state_change(sk);
394 391
392 release_sock(sk);
393
395 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) && 394 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
396 test_bit(CONF_INPUT_DONE, &chan->conf_state))) 395 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
397 return; 396 return;
@@ -423,10 +422,12 @@ static void l2cap_chan_cleanup_listen(struct sock *parent)
423 /* Close not yet accepted channels */ 422 /* Close not yet accepted channels */
424 while ((sk = bt_accept_dequeue(parent, NULL))) { 423 while ((sk = bt_accept_dequeue(parent, NULL))) {
425 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 424 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
425
426 l2cap_chan_lock(chan);
426 __clear_chan_timer(chan); 427 __clear_chan_timer(chan);
427 lock_sock(sk);
428 l2cap_chan_close(chan, ECONNRESET); 428 l2cap_chan_close(chan, ECONNRESET);
429 release_sock(sk); 429 l2cap_chan_unlock(chan);
430
430 chan->ops->close(chan->data); 431 chan->ops->close(chan->data);
431 } 432 }
432} 433}
@@ -436,14 +437,17 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
436 struct l2cap_conn *conn = chan->conn; 437 struct l2cap_conn *conn = chan->conn;
437 struct sock *sk = chan->sk; 438 struct sock *sk = chan->sk;
438 439
439 BT_DBG("chan %p state %d socket %p", chan, chan->state, sk->sk_socket); 440 BT_DBG("chan %p state %s sk %p", chan,
441 state_to_string(chan->state), sk);
440 442
441 switch (chan->state) { 443 switch (chan->state) {
442 case BT_LISTEN: 444 case BT_LISTEN:
445 lock_sock(sk);
443 l2cap_chan_cleanup_listen(sk); 446 l2cap_chan_cleanup_listen(sk);
444 447
445 l2cap_state_change(chan, BT_CLOSED); 448 __l2cap_state_change(chan, BT_CLOSED);
446 sock_set_flag(sk, SOCK_ZAPPED); 449 sock_set_flag(sk, SOCK_ZAPPED);
450 release_sock(sk);
447 break; 451 break;
448 452
449 case BT_CONNECTED: 453 case BT_CONNECTED:
@@ -486,7 +490,9 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
486 break; 490 break;
487 491
488 default: 492 default:
493 lock_sock(sk);
489 sock_set_flag(sk, SOCK_ZAPPED); 494 sock_set_flag(sk, SOCK_ZAPPED);
495 release_sock(sk);
490 break; 496 break;
491 } 497 }
492} 498}
@@ -661,6 +667,21 @@ static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
661 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); 667 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
662} 668}
663 669
670static void l2cap_send_conn_req(struct l2cap_chan *chan)
671{
672 struct l2cap_conn *conn = chan->conn;
673 struct l2cap_conn_req req;
674
675 req.scid = cpu_to_le16(chan->scid);
676 req.psm = chan->psm;
677
678 chan->ident = l2cap_get_ident(conn);
679
680 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
681
682 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
683}
684
664static void l2cap_do_start(struct l2cap_chan *chan) 685static void l2cap_do_start(struct l2cap_chan *chan)
665{ 686{
666 struct l2cap_conn *conn = chan->conn; 687 struct l2cap_conn *conn = chan->conn;
@@ -670,17 +691,8 @@ static void l2cap_do_start(struct l2cap_chan *chan)
670 return; 691 return;
671 692
672 if (l2cap_chan_check_security(chan) && 693 if (l2cap_chan_check_security(chan) &&
673 __l2cap_no_conn_pending(chan)) { 694 __l2cap_no_conn_pending(chan))
674 struct l2cap_conn_req req; 695 l2cap_send_conn_req(chan);
675 req.scid = cpu_to_le16(chan->scid);
676 req.psm = chan->psm;
677
678 chan->ident = l2cap_get_ident(conn);
679 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
680
681 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
682 sizeof(req), &req);
683 }
684 } else { 696 } else {
685 struct l2cap_info_req req; 697 struct l2cap_info_req req;
686 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 698 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
@@ -688,8 +700,7 @@ static void l2cap_do_start(struct l2cap_chan *chan)
688 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 700 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
689 conn->info_ident = l2cap_get_ident(conn); 701 conn->info_ident = l2cap_get_ident(conn);
690 702
691 schedule_delayed_work(&conn->info_timer, 703 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
692 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
693 704
694 l2cap_send_cmd(conn, conn->info_ident, 705 l2cap_send_cmd(conn, conn->info_ident,
695 L2CAP_INFO_REQ, sizeof(req), &req); 706 L2CAP_INFO_REQ, sizeof(req), &req);
@@ -714,14 +725,12 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
714 725
715static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err) 726static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
716{ 727{
717 struct sock *sk; 728 struct sock *sk = chan->sk;
718 struct l2cap_disconn_req req; 729 struct l2cap_disconn_req req;
719 730
720 if (!conn) 731 if (!conn)
721 return; 732 return;
722 733
723 sk = chan->sk;
724
725 if (chan->mode == L2CAP_MODE_ERTM) { 734 if (chan->mode == L2CAP_MODE_ERTM) {
726 __clear_retrans_timer(chan); 735 __clear_retrans_timer(chan);
727 __clear_monitor_timer(chan); 736 __clear_monitor_timer(chan);
@@ -733,56 +742,47 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
733 l2cap_send_cmd(conn, l2cap_get_ident(conn), 742 l2cap_send_cmd(conn, l2cap_get_ident(conn),
734 L2CAP_DISCONN_REQ, sizeof(req), &req); 743 L2CAP_DISCONN_REQ, sizeof(req), &req);
735 744
736 l2cap_state_change(chan, BT_DISCONN); 745 lock_sock(sk);
737 sk->sk_err = err; 746 __l2cap_state_change(chan, BT_DISCONN);
747 __l2cap_chan_set_err(chan, err);
748 release_sock(sk);
738} 749}
739 750
740/* ---- L2CAP connections ---- */ 751/* ---- L2CAP connections ---- */
741static void l2cap_conn_start(struct l2cap_conn *conn) 752static void l2cap_conn_start(struct l2cap_conn *conn)
742{ 753{
743 struct l2cap_chan *chan; 754 struct l2cap_chan *chan, *tmp;
744 755
745 BT_DBG("conn %p", conn); 756 BT_DBG("conn %p", conn);
746 757
747 rcu_read_lock(); 758 mutex_lock(&conn->chan_lock);
748 759
749 list_for_each_entry_rcu(chan, &conn->chan_l, list) { 760 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
750 struct sock *sk = chan->sk; 761 struct sock *sk = chan->sk;
751 762
752 bh_lock_sock(sk); 763 l2cap_chan_lock(chan);
753 764
754 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { 765 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
755 bh_unlock_sock(sk); 766 l2cap_chan_unlock(chan);
756 continue; 767 continue;
757 } 768 }
758 769
759 if (chan->state == BT_CONNECT) { 770 if (chan->state == BT_CONNECT) {
760 struct l2cap_conn_req req;
761
762 if (!l2cap_chan_check_security(chan) || 771 if (!l2cap_chan_check_security(chan) ||
763 !__l2cap_no_conn_pending(chan)) { 772 !__l2cap_no_conn_pending(chan)) {
764 bh_unlock_sock(sk); 773 l2cap_chan_unlock(chan);
765 continue; 774 continue;
766 } 775 }
767 776
768 if (!l2cap_mode_supported(chan->mode, conn->feat_mask) 777 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
769 && test_bit(CONF_STATE2_DEVICE, 778 && test_bit(CONF_STATE2_DEVICE,
770 &chan->conf_state)) { 779 &chan->conf_state)) {
771 /* l2cap_chan_close() calls list_del(chan)
772 * so release the lock */
773 l2cap_chan_close(chan, ECONNRESET); 780 l2cap_chan_close(chan, ECONNRESET);
774 bh_unlock_sock(sk); 781 l2cap_chan_unlock(chan);
775 continue; 782 continue;
776 } 783 }
777 784
778 req.scid = cpu_to_le16(chan->scid); 785 l2cap_send_conn_req(chan);
779 req.psm = chan->psm;
780
781 chan->ident = l2cap_get_ident(conn);
782 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
783
784 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
785 sizeof(req), &req);
786 786
787 } else if (chan->state == BT_CONNECT2) { 787 } else if (chan->state == BT_CONNECT2) {
788 struct l2cap_conn_rsp rsp; 788 struct l2cap_conn_rsp rsp;
@@ -791,6 +791,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
791 rsp.dcid = cpu_to_le16(chan->scid); 791 rsp.dcid = cpu_to_le16(chan->scid);
792 792
793 if (l2cap_chan_check_security(chan)) { 793 if (l2cap_chan_check_security(chan)) {
794 lock_sock(sk);
794 if (bt_sk(sk)->defer_setup) { 795 if (bt_sk(sk)->defer_setup) {
795 struct sock *parent = bt_sk(sk)->parent; 796 struct sock *parent = bt_sk(sk)->parent;
796 rsp.result = cpu_to_le16(L2CAP_CR_PEND); 797 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
@@ -799,10 +800,11 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
799 parent->sk_data_ready(parent, 0); 800 parent->sk_data_ready(parent, 0);
800 801
801 } else { 802 } else {
802 l2cap_state_change(chan, BT_CONFIG); 803 __l2cap_state_change(chan, BT_CONFIG);
803 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 804 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
804 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 805 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
805 } 806 }
807 release_sock(sk);
806 } else { 808 } else {
807 rsp.result = cpu_to_le16(L2CAP_CR_PEND); 809 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
808 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); 810 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
@@ -813,7 +815,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
813 815
814 if (test_bit(CONF_REQ_SENT, &chan->conf_state) || 816 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
815 rsp.result != L2CAP_CR_SUCCESS) { 817 rsp.result != L2CAP_CR_SUCCESS) {
816 bh_unlock_sock(sk); 818 l2cap_chan_unlock(chan);
817 continue; 819 continue;
818 } 820 }
819 821
@@ -823,10 +825,10 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
823 chan->num_conf_req++; 825 chan->num_conf_req++;
824 } 826 }
825 827
826 bh_unlock_sock(sk); 828 l2cap_chan_unlock(chan);
827 } 829 }
828 830
829 rcu_read_unlock(); 831 mutex_unlock(&conn->chan_lock);
830} 832}
831 833
832/* Find socket with cid and source bdaddr. 834/* Find socket with cid and source bdaddr.
@@ -902,28 +904,34 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
902 904
903 __set_chan_timer(chan, sk->sk_sndtimeo); 905 __set_chan_timer(chan, sk->sk_sndtimeo);
904 906
905 l2cap_state_change(chan, BT_CONNECTED); 907 __l2cap_state_change(chan, BT_CONNECTED);
906 parent->sk_data_ready(parent, 0); 908 parent->sk_data_ready(parent, 0);
907 909
908clean: 910clean:
909 release_sock(parent); 911 release_sock(parent);
910} 912}
911 913
912static void l2cap_chan_ready(struct sock *sk) 914static void l2cap_chan_ready(struct l2cap_chan *chan)
913{ 915{
914 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 916 struct sock *sk = chan->sk;
915 struct sock *parent = bt_sk(sk)->parent; 917 struct sock *parent;
918
919 lock_sock(sk);
920
921 parent = bt_sk(sk)->parent;
916 922
917 BT_DBG("sk %p, parent %p", sk, parent); 923 BT_DBG("sk %p, parent %p", sk, parent);
918 924
919 chan->conf_state = 0; 925 chan->conf_state = 0;
920 __clear_chan_timer(chan); 926 __clear_chan_timer(chan);
921 927
922 l2cap_state_change(chan, BT_CONNECTED); 928 __l2cap_state_change(chan, BT_CONNECTED);
923 sk->sk_state_change(sk); 929 sk->sk_state_change(sk);
924 930
925 if (parent) 931 if (parent)
926 parent->sk_data_ready(parent, 0); 932 parent->sk_data_ready(parent, 0);
933
934 release_sock(sk);
927} 935}
928 936
929static void l2cap_conn_ready(struct l2cap_conn *conn) 937static void l2cap_conn_ready(struct l2cap_conn *conn)
@@ -938,29 +946,31 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
938 if (conn->hcon->out && conn->hcon->type == LE_LINK) 946 if (conn->hcon->out && conn->hcon->type == LE_LINK)
939 smp_conn_security(conn, conn->hcon->pending_sec_level); 947 smp_conn_security(conn, conn->hcon->pending_sec_level);
940 948
941 rcu_read_lock(); 949 mutex_lock(&conn->chan_lock);
942 950
943 list_for_each_entry_rcu(chan, &conn->chan_l, list) { 951 list_for_each_entry(chan, &conn->chan_l, list) {
944 struct sock *sk = chan->sk;
945 952
946 bh_lock_sock(sk); 953 l2cap_chan_lock(chan);
947 954
948 if (conn->hcon->type == LE_LINK) { 955 if (conn->hcon->type == LE_LINK) {
949 if (smp_conn_security(conn, chan->sec_level)) 956 if (smp_conn_security(conn, chan->sec_level))
950 l2cap_chan_ready(sk); 957 l2cap_chan_ready(chan);
951 958
952 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { 959 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
960 struct sock *sk = chan->sk;
953 __clear_chan_timer(chan); 961 __clear_chan_timer(chan);
954 l2cap_state_change(chan, BT_CONNECTED); 962 lock_sock(sk);
963 __l2cap_state_change(chan, BT_CONNECTED);
955 sk->sk_state_change(sk); 964 sk->sk_state_change(sk);
965 release_sock(sk);
956 966
957 } else if (chan->state == BT_CONNECT) 967 } else if (chan->state == BT_CONNECT)
958 l2cap_do_start(chan); 968 l2cap_do_start(chan);
959 969
960 bh_unlock_sock(sk); 970 l2cap_chan_unlock(chan);
961 } 971 }
962 972
963 rcu_read_unlock(); 973 mutex_unlock(&conn->chan_lock);
964} 974}
965 975
966/* Notify sockets that we cannot guaranty reliability anymore */ 976/* Notify sockets that we cannot guaranty reliability anymore */
@@ -970,16 +980,14 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
970 980
971 BT_DBG("conn %p", conn); 981 BT_DBG("conn %p", conn);
972 982
973 rcu_read_lock(); 983 mutex_lock(&conn->chan_lock);
974
975 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
976 struct sock *sk = chan->sk;
977 984
985 list_for_each_entry(chan, &conn->chan_l, list) {
978 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 986 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
979 sk->sk_err = err; 987 __l2cap_chan_set_err(chan, err);
980 } 988 }
981 989
982 rcu_read_unlock(); 990 mutex_unlock(&conn->chan_lock);
983} 991}
984 992
985static void l2cap_info_timeout(struct work_struct *work) 993static void l2cap_info_timeout(struct work_struct *work)
@@ -997,7 +1005,6 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
997{ 1005{
998 struct l2cap_conn *conn = hcon->l2cap_data; 1006 struct l2cap_conn *conn = hcon->l2cap_data;
999 struct l2cap_chan *chan, *l; 1007 struct l2cap_chan *chan, *l;
1000 struct sock *sk;
1001 1008
1002 if (!conn) 1009 if (!conn)
1003 return; 1010 return;
@@ -1006,21 +1013,27 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1006 1013
1007 kfree_skb(conn->rx_skb); 1014 kfree_skb(conn->rx_skb);
1008 1015
1016 mutex_lock(&conn->chan_lock);
1017
1009 /* Kill channels */ 1018 /* Kill channels */
1010 list_for_each_entry_safe(chan, l, &conn->chan_l, list) { 1019 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
1011 sk = chan->sk; 1020 l2cap_chan_lock(chan);
1012 lock_sock(sk); 1021
1013 l2cap_chan_del(chan, err); 1022 l2cap_chan_del(chan, err);
1014 release_sock(sk); 1023
1024 l2cap_chan_unlock(chan);
1025
1015 chan->ops->close(chan->data); 1026 chan->ops->close(chan->data);
1016 } 1027 }
1017 1028
1029 mutex_unlock(&conn->chan_lock);
1030
1018 hci_chan_del(conn->hchan); 1031 hci_chan_del(conn->hchan);
1019 1032
1020 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) 1033 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
1021 cancel_delayed_work_sync(&conn->info_timer); 1034 cancel_delayed_work_sync(&conn->info_timer);
1022 1035
1023 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) { 1036 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
1024 cancel_delayed_work_sync(&conn->security_timer); 1037 cancel_delayed_work_sync(&conn->security_timer);
1025 smp_chan_destroy(conn); 1038 smp_chan_destroy(conn);
1026 } 1039 }
@@ -1072,6 +1085,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1072 conn->feat_mask = 0; 1085 conn->feat_mask = 0;
1073 1086
1074 spin_lock_init(&conn->lock); 1087 spin_lock_init(&conn->lock);
1088 mutex_init(&conn->chan_lock);
1075 1089
1076 INIT_LIST_HEAD(&conn->chan_l); 1090 INIT_LIST_HEAD(&conn->chan_l);
1077 1091
@@ -1139,7 +1153,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *d
1139 1153
1140 hci_dev_lock(hdev); 1154 hci_dev_lock(hdev);
1141 1155
1142 lock_sock(sk); 1156 l2cap_chan_lock(chan);
1143 1157
1144 /* PSM must be odd and lsb of upper byte must be 0 */ 1158 /* PSM must be odd and lsb of upper byte must be 0 */
1145 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid && 1159 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
@@ -1166,17 +1180,21 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *d
1166 goto done; 1180 goto done;
1167 } 1181 }
1168 1182
1183 lock_sock(sk);
1184
1169 switch (sk->sk_state) { 1185 switch (sk->sk_state) {
1170 case BT_CONNECT: 1186 case BT_CONNECT:
1171 case BT_CONNECT2: 1187 case BT_CONNECT2:
1172 case BT_CONFIG: 1188 case BT_CONFIG:
1173 /* Already connecting */ 1189 /* Already connecting */
1174 err = 0; 1190 err = 0;
1191 release_sock(sk);
1175 goto done; 1192 goto done;
1176 1193
1177 case BT_CONNECTED: 1194 case BT_CONNECTED:
1178 /* Already connected */ 1195 /* Already connected */
1179 err = -EISCONN; 1196 err = -EISCONN;
1197 release_sock(sk);
1180 goto done; 1198 goto done;
1181 1199
1182 case BT_OPEN: 1200 case BT_OPEN:
@@ -1186,11 +1204,15 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *d
1186 1204
1187 default: 1205 default:
1188 err = -EBADFD; 1206 err = -EBADFD;
1207 release_sock(sk);
1189 goto done; 1208 goto done;
1190 } 1209 }
1191 1210
1192 /* Set destination address and psm */ 1211 /* Set destination address and psm */
1193 bacpy(&bt_sk(sk)->dst, dst); 1212 bacpy(&bt_sk(sk)->dst, dst);
1213
1214 release_sock(sk);
1215
1194 chan->psm = psm; 1216 chan->psm = psm;
1195 chan->dcid = cid; 1217 chan->dcid = cid;
1196 1218
@@ -1218,7 +1240,9 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *d
1218 /* Update source addr of the socket */ 1240 /* Update source addr of the socket */
1219 bacpy(src, conn->src); 1241 bacpy(src, conn->src);
1220 1242
1243 l2cap_chan_unlock(chan);
1221 l2cap_chan_add(conn, chan); 1244 l2cap_chan_add(conn, chan);
1245 l2cap_chan_lock(chan);
1222 1246
1223 l2cap_state_change(chan, BT_CONNECT); 1247 l2cap_state_change(chan, BT_CONNECT);
1224 __set_chan_timer(chan, sk->sk_sndtimeo); 1248 __set_chan_timer(chan, sk->sk_sndtimeo);
@@ -1235,6 +1259,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *d
1235 err = 0; 1259 err = 0;
1236 1260
1237done: 1261done:
1262 l2cap_chan_unlock(chan);
1238 hci_dev_unlock(hdev); 1263 hci_dev_unlock(hdev);
1239 hci_dev_put(hdev); 1264 hci_dev_put(hdev);
1240 return err; 1265 return err;
@@ -1276,14 +1301,14 @@ static void l2cap_monitor_timeout(struct work_struct *work)
1276{ 1301{
1277 struct l2cap_chan *chan = container_of(work, struct l2cap_chan, 1302 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1278 monitor_timer.work); 1303 monitor_timer.work);
1279 struct sock *sk = chan->sk;
1280 1304
1281 BT_DBG("chan %p", chan); 1305 BT_DBG("chan %p", chan);
1282 1306
1283 lock_sock(sk); 1307 l2cap_chan_lock(chan);
1308
1284 if (chan->retry_count >= chan->remote_max_tx) { 1309 if (chan->retry_count >= chan->remote_max_tx) {
1285 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED); 1310 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
1286 release_sock(sk); 1311 l2cap_chan_unlock(chan);
1287 return; 1312 return;
1288 } 1313 }
1289 1314
@@ -1291,25 +1316,26 @@ static void l2cap_monitor_timeout(struct work_struct *work)
1291 __set_monitor_timer(chan); 1316 __set_monitor_timer(chan);
1292 1317
1293 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); 1318 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
1294 release_sock(sk); 1319 l2cap_chan_unlock(chan);
1295} 1320}
1296 1321
1297static void l2cap_retrans_timeout(struct work_struct *work) 1322static void l2cap_retrans_timeout(struct work_struct *work)
1298{ 1323{
1299 struct l2cap_chan *chan = container_of(work, struct l2cap_chan, 1324 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1300 retrans_timer.work); 1325 retrans_timer.work);
1301 struct sock *sk = chan->sk;
1302 1326
1303 BT_DBG("chan %p", chan); 1327 BT_DBG("chan %p", chan);
1304 1328
1305 lock_sock(sk); 1329 l2cap_chan_lock(chan);
1330
1306 chan->retry_count = 1; 1331 chan->retry_count = 1;
1307 __set_monitor_timer(chan); 1332 __set_monitor_timer(chan);
1308 1333
1309 set_bit(CONN_WAIT_F, &chan->conn_state); 1334 set_bit(CONN_WAIT_F, &chan->conn_state);
1310 1335
1311 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); 1336 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
1312 release_sock(sk); 1337
1338 l2cap_chan_unlock(chan);
1313} 1339}
1314 1340
1315static void l2cap_drop_acked_frames(struct l2cap_chan *chan) 1341static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
@@ -1450,17 +1476,19 @@ static int l2cap_ertm_send(struct l2cap_chan *chan)
1450 1476
1451 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); 1477 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1452 1478
1453 if (bt_cb(skb)->retries == 1) 1479 if (bt_cb(skb)->retries == 1) {
1454 chan->unacked_frames++; 1480 chan->unacked_frames++;
1455 1481
1482 if (!nsent++)
1483 __clear_ack_timer(chan);
1484 }
1485
1456 chan->frames_sent++; 1486 chan->frames_sent++;
1457 1487
1458 if (skb_queue_is_last(&chan->tx_q, skb)) 1488 if (skb_queue_is_last(&chan->tx_q, skb))
1459 chan->tx_send_head = NULL; 1489 chan->tx_send_head = NULL;
1460 else 1490 else
1461 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb); 1491 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1462
1463 nsent++;
1464 } 1492 }
1465 1493
1466 return nsent; 1494 return nsent;
@@ -1478,7 +1506,7 @@ static int l2cap_retransmit_frames(struct l2cap_chan *chan)
1478 return ret; 1506 return ret;
1479} 1507}
1480 1508
1481static void l2cap_send_ack(struct l2cap_chan *chan) 1509static void __l2cap_send_ack(struct l2cap_chan *chan)
1482{ 1510{
1483 u32 control = 0; 1511 u32 control = 0;
1484 1512
@@ -1498,6 +1526,12 @@ static void l2cap_send_ack(struct l2cap_chan *chan)
1498 l2cap_send_sframe(chan, control); 1526 l2cap_send_sframe(chan, control);
1499} 1527}
1500 1528
1529static void l2cap_send_ack(struct l2cap_chan *chan)
1530{
1531 __clear_ack_timer(chan);
1532 __l2cap_send_ack(chan);
1533}
1534
1501static void l2cap_send_srejtail(struct l2cap_chan *chan) 1535static void l2cap_send_srejtail(struct l2cap_chan *chan)
1502{ 1536{
1503 struct srej_list *tail; 1537 struct srej_list *tail;
@@ -1512,9 +1546,11 @@ static void l2cap_send_srejtail(struct l2cap_chan *chan)
1512 l2cap_send_sframe(chan, control); 1546 l2cap_send_sframe(chan, control);
1513} 1547}
1514 1548
1515static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb) 1549static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1550 struct msghdr *msg, int len,
1551 int count, struct sk_buff *skb)
1516{ 1552{
1517 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; 1553 struct l2cap_conn *conn = chan->conn;
1518 struct sk_buff **frag; 1554 struct sk_buff **frag;
1519 int err, sent = 0; 1555 int err, sent = 0;
1520 1556
@@ -1529,7 +1565,10 @@ static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, in
1529 while (len) { 1565 while (len) {
1530 count = min_t(unsigned int, conn->mtu, len); 1566 count = min_t(unsigned int, conn->mtu, len);
1531 1567
1532 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err); 1568 *frag = chan->ops->alloc_skb(chan, count,
1569 msg->msg_flags & MSG_DONTWAIT,
1570 &err);
1571
1533 if (!*frag) 1572 if (!*frag)
1534 return err; 1573 return err;
1535 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) 1574 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
@@ -1550,17 +1589,18 @@ static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1550 struct msghdr *msg, size_t len, 1589 struct msghdr *msg, size_t len,
1551 u32 priority) 1590 u32 priority)
1552{ 1591{
1553 struct sock *sk = chan->sk;
1554 struct l2cap_conn *conn = chan->conn; 1592 struct l2cap_conn *conn = chan->conn;
1555 struct sk_buff *skb; 1593 struct sk_buff *skb;
1556 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE; 1594 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1557 struct l2cap_hdr *lh; 1595 struct l2cap_hdr *lh;
1558 1596
1559 BT_DBG("sk %p len %d priority %u", sk, (int)len, priority); 1597 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1560 1598
1561 count = min_t(unsigned int, (conn->mtu - hlen), len); 1599 count = min_t(unsigned int, (conn->mtu - hlen), len);
1562 skb = bt_skb_send_alloc(sk, count + hlen, 1600
1563 msg->msg_flags & MSG_DONTWAIT, &err); 1601 skb = chan->ops->alloc_skb(chan, count + hlen,
1602 msg->msg_flags & MSG_DONTWAIT, &err);
1603
1564 if (!skb) 1604 if (!skb)
1565 return ERR_PTR(err); 1605 return ERR_PTR(err);
1566 1606
@@ -1572,7 +1612,7 @@ static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1572 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1612 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1573 put_unaligned_le16(chan->psm, skb_put(skb, 2)); 1613 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1574 1614
1575 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1615 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1576 if (unlikely(err < 0)) { 1616 if (unlikely(err < 0)) {
1577 kfree_skb(skb); 1617 kfree_skb(skb);
1578 return ERR_PTR(err); 1618 return ERR_PTR(err);
@@ -1584,17 +1624,18 @@ static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1584 struct msghdr *msg, size_t len, 1624 struct msghdr *msg, size_t len,
1585 u32 priority) 1625 u32 priority)
1586{ 1626{
1587 struct sock *sk = chan->sk;
1588 struct l2cap_conn *conn = chan->conn; 1627 struct l2cap_conn *conn = chan->conn;
1589 struct sk_buff *skb; 1628 struct sk_buff *skb;
1590 int err, count, hlen = L2CAP_HDR_SIZE; 1629 int err, count, hlen = L2CAP_HDR_SIZE;
1591 struct l2cap_hdr *lh; 1630 struct l2cap_hdr *lh;
1592 1631
1593 BT_DBG("sk %p len %d", sk, (int)len); 1632 BT_DBG("chan %p len %d", chan, (int)len);
1594 1633
1595 count = min_t(unsigned int, (conn->mtu - hlen), len); 1634 count = min_t(unsigned int, (conn->mtu - hlen), len);
1596 skb = bt_skb_send_alloc(sk, count + hlen, 1635
1597 msg->msg_flags & MSG_DONTWAIT, &err); 1636 skb = chan->ops->alloc_skb(chan, count + hlen,
1637 msg->msg_flags & MSG_DONTWAIT, &err);
1638
1598 if (!skb) 1639 if (!skb)
1599 return ERR_PTR(err); 1640 return ERR_PTR(err);
1600 1641
@@ -1605,7 +1646,7 @@ static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1605 lh->cid = cpu_to_le16(chan->dcid); 1646 lh->cid = cpu_to_le16(chan->dcid);
1606 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1647 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1607 1648
1608 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1649 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1609 if (unlikely(err < 0)) { 1650 if (unlikely(err < 0)) {
1610 kfree_skb(skb); 1651 kfree_skb(skb);
1611 return ERR_PTR(err); 1652 return ERR_PTR(err);
@@ -1617,13 +1658,12 @@ static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1617 struct msghdr *msg, size_t len, 1658 struct msghdr *msg, size_t len,
1618 u32 control, u16 sdulen) 1659 u32 control, u16 sdulen)
1619{ 1660{
1620 struct sock *sk = chan->sk;
1621 struct l2cap_conn *conn = chan->conn; 1661 struct l2cap_conn *conn = chan->conn;
1622 struct sk_buff *skb; 1662 struct sk_buff *skb;
1623 int err, count, hlen; 1663 int err, count, hlen;
1624 struct l2cap_hdr *lh; 1664 struct l2cap_hdr *lh;
1625 1665
1626 BT_DBG("sk %p len %d", sk, (int)len); 1666 BT_DBG("chan %p len %d", chan, (int)len);
1627 1667
1628 if (!conn) 1668 if (!conn)
1629 return ERR_PTR(-ENOTCONN); 1669 return ERR_PTR(-ENOTCONN);
@@ -1640,8 +1680,10 @@ static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1640 hlen += L2CAP_FCS_SIZE; 1680 hlen += L2CAP_FCS_SIZE;
1641 1681
1642 count = min_t(unsigned int, (conn->mtu - hlen), len); 1682 count = min_t(unsigned int, (conn->mtu - hlen), len);
1643 skb = bt_skb_send_alloc(sk, count + hlen, 1683
1644 msg->msg_flags & MSG_DONTWAIT, &err); 1684 skb = chan->ops->alloc_skb(chan, count + hlen,
1685 msg->msg_flags & MSG_DONTWAIT, &err);
1686
1645 if (!skb) 1687 if (!skb)
1646 return ERR_PTR(err); 1688 return ERR_PTR(err);
1647 1689
@@ -1655,7 +1697,7 @@ static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1655 if (sdulen) 1697 if (sdulen)
1656 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE)); 1698 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1657 1699
1658 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb); 1700 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1659 if (unlikely(err < 0)) { 1701 if (unlikely(err < 0)) {
1660 kfree_skb(skb); 1702 kfree_skb(skb);
1661 return ERR_PTR(err); 1703 return ERR_PTR(err);
@@ -1801,9 +1843,9 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1801 1843
1802 BT_DBG("conn %p", conn); 1844 BT_DBG("conn %p", conn);
1803 1845
1804 rcu_read_lock(); 1846 mutex_lock(&conn->chan_lock);
1805 1847
1806 list_for_each_entry_rcu(chan, &conn->chan_l, list) { 1848 list_for_each_entry(chan, &conn->chan_l, list) {
1807 struct sock *sk = chan->sk; 1849 struct sock *sk = chan->sk;
1808 if (chan->chan_type != L2CAP_CHAN_RAW) 1850 if (chan->chan_type != L2CAP_CHAN_RAW)
1809 continue; 1851 continue;
@@ -1819,7 +1861,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1819 kfree_skb(nskb); 1861 kfree_skb(nskb);
1820 } 1862 }
1821 1863
1822 rcu_read_unlock(); 1864 mutex_unlock(&conn->chan_lock);
1823} 1865}
1824 1866
1825/* ---- L2CAP signalling commands ---- */ 1867/* ---- L2CAP signalling commands ---- */
@@ -1987,9 +2029,13 @@ static void l2cap_ack_timeout(struct work_struct *work)
1987 2029
1988 BT_DBG("chan %p", chan); 2030 BT_DBG("chan %p", chan);
1989 2031
1990 lock_sock(chan->sk); 2032 l2cap_chan_lock(chan);
1991 l2cap_send_ack(chan); 2033
1992 release_sock(chan->sk); 2034 __l2cap_send_ack(chan);
2035
2036 l2cap_chan_unlock(chan);
2037
2038 l2cap_chan_put(chan);
1993} 2039}
1994 2040
1995static inline void l2cap_ertm_init(struct l2cap_chan *chan) 2041static inline void l2cap_ertm_init(struct l2cap_chan *chan)
@@ -2607,6 +2653,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2607 2653
2608 parent = pchan->sk; 2654 parent = pchan->sk;
2609 2655
2656 mutex_lock(&conn->chan_lock);
2610 lock_sock(parent); 2657 lock_sock(parent);
2611 2658
2612 /* Check if the ACL is secure enough (if not SDP) */ 2659 /* Check if the ACL is secure enough (if not SDP) */
@@ -2647,7 +2694,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2647 2694
2648 bt_accept_enqueue(parent, sk); 2695 bt_accept_enqueue(parent, sk);
2649 2696
2650 l2cap_chan_add(conn, chan); 2697 __l2cap_chan_add(conn, chan);
2651 2698
2652 dcid = chan->scid; 2699 dcid = chan->scid;
2653 2700
@@ -2658,28 +2705,29 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
2658 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 2705 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2659 if (l2cap_chan_check_security(chan)) { 2706 if (l2cap_chan_check_security(chan)) {
2660 if (bt_sk(sk)->defer_setup) { 2707 if (bt_sk(sk)->defer_setup) {
2661 l2cap_state_change(chan, BT_CONNECT2); 2708 __l2cap_state_change(chan, BT_CONNECT2);
2662 result = L2CAP_CR_PEND; 2709 result = L2CAP_CR_PEND;
2663 status = L2CAP_CS_AUTHOR_PEND; 2710 status = L2CAP_CS_AUTHOR_PEND;
2664 parent->sk_data_ready(parent, 0); 2711 parent->sk_data_ready(parent, 0);
2665 } else { 2712 } else {
2666 l2cap_state_change(chan, BT_CONFIG); 2713 __l2cap_state_change(chan, BT_CONFIG);
2667 result = L2CAP_CR_SUCCESS; 2714 result = L2CAP_CR_SUCCESS;
2668 status = L2CAP_CS_NO_INFO; 2715 status = L2CAP_CS_NO_INFO;
2669 } 2716 }
2670 } else { 2717 } else {
2671 l2cap_state_change(chan, BT_CONNECT2); 2718 __l2cap_state_change(chan, BT_CONNECT2);
2672 result = L2CAP_CR_PEND; 2719 result = L2CAP_CR_PEND;
2673 status = L2CAP_CS_AUTHEN_PEND; 2720 status = L2CAP_CS_AUTHEN_PEND;
2674 } 2721 }
2675 } else { 2722 } else {
2676 l2cap_state_change(chan, BT_CONNECT2); 2723 __l2cap_state_change(chan, BT_CONNECT2);
2677 result = L2CAP_CR_PEND; 2724 result = L2CAP_CR_PEND;
2678 status = L2CAP_CS_NO_INFO; 2725 status = L2CAP_CS_NO_INFO;
2679 } 2726 }
2680 2727
2681response: 2728response:
2682 release_sock(parent); 2729 release_sock(parent);
2730 mutex_unlock(&conn->chan_lock);
2683 2731
2684sendresp: 2732sendresp:
2685 rsp.scid = cpu_to_le16(scid); 2733 rsp.scid = cpu_to_le16(scid);
@@ -2695,8 +2743,7 @@ sendresp:
2695 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 2743 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2696 conn->info_ident = l2cap_get_ident(conn); 2744 conn->info_ident = l2cap_get_ident(conn);
2697 2745
2698 schedule_delayed_work(&conn->info_timer, 2746 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
2699 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2700 2747
2701 l2cap_send_cmd(conn, conn->info_ident, 2748 l2cap_send_cmd(conn, conn->info_ident,
2702 L2CAP_INFO_REQ, sizeof(info), &info); 2749 L2CAP_INFO_REQ, sizeof(info), &info);
@@ -2719,27 +2766,36 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2719 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 2766 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2720 u16 scid, dcid, result, status; 2767 u16 scid, dcid, result, status;
2721 struct l2cap_chan *chan; 2768 struct l2cap_chan *chan;
2722 struct sock *sk;
2723 u8 req[128]; 2769 u8 req[128];
2770 int err;
2724 2771
2725 scid = __le16_to_cpu(rsp->scid); 2772 scid = __le16_to_cpu(rsp->scid);
2726 dcid = __le16_to_cpu(rsp->dcid); 2773 dcid = __le16_to_cpu(rsp->dcid);
2727 result = __le16_to_cpu(rsp->result); 2774 result = __le16_to_cpu(rsp->result);
2728 status = __le16_to_cpu(rsp->status); 2775 status = __le16_to_cpu(rsp->status);
2729 2776
2730 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status); 2777 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2778 dcid, scid, result, status);
2779
2780 mutex_lock(&conn->chan_lock);
2731 2781
2732 if (scid) { 2782 if (scid) {
2733 chan = l2cap_get_chan_by_scid(conn, scid); 2783 chan = __l2cap_get_chan_by_scid(conn, scid);
2734 if (!chan) 2784 if (!chan) {
2735 return -EFAULT; 2785 err = -EFAULT;
2786 goto unlock;
2787 }
2736 } else { 2788 } else {
2737 chan = l2cap_get_chan_by_ident(conn, cmd->ident); 2789 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2738 if (!chan) 2790 if (!chan) {
2739 return -EFAULT; 2791 err = -EFAULT;
2792 goto unlock;
2793 }
2740 } 2794 }
2741 2795
2742 sk = chan->sk; 2796 err = 0;
2797
2798 l2cap_chan_lock(chan);
2743 2799
2744 switch (result) { 2800 switch (result) {
2745 case L2CAP_CR_SUCCESS: 2801 case L2CAP_CR_SUCCESS:
@@ -2765,8 +2821,12 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
2765 break; 2821 break;
2766 } 2822 }
2767 2823
2768 release_sock(sk); 2824 l2cap_chan_unlock(chan);
2769 return 0; 2825
2826unlock:
2827 mutex_unlock(&conn->chan_lock);
2828
2829 return err;
2770} 2830}
2771 2831
2772static inline void set_default_fcs(struct l2cap_chan *chan) 2832static inline void set_default_fcs(struct l2cap_chan *chan)
@@ -2786,7 +2846,6 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2786 u16 dcid, flags; 2846 u16 dcid, flags;
2787 u8 rsp[64]; 2847 u8 rsp[64];
2788 struct l2cap_chan *chan; 2848 struct l2cap_chan *chan;
2789 struct sock *sk;
2790 int len; 2849 int len;
2791 2850
2792 dcid = __le16_to_cpu(req->dcid); 2851 dcid = __le16_to_cpu(req->dcid);
@@ -2798,7 +2857,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2798 if (!chan) 2857 if (!chan)
2799 return -ENOENT; 2858 return -ENOENT;
2800 2859
2801 sk = chan->sk; 2860 l2cap_chan_lock(chan);
2802 2861
2803 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) { 2862 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
2804 struct l2cap_cmd_rej_cid rej; 2863 struct l2cap_cmd_rej_cid rej;
@@ -2860,7 +2919,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2860 if (chan->mode == L2CAP_MODE_ERTM) 2919 if (chan->mode == L2CAP_MODE_ERTM)
2861 l2cap_ertm_init(chan); 2920 l2cap_ertm_init(chan);
2862 2921
2863 l2cap_chan_ready(sk); 2922 l2cap_chan_ready(chan);
2864 goto unlock; 2923 goto unlock;
2865 } 2924 }
2866 2925
@@ -2887,7 +2946,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2887 } 2946 }
2888 2947
2889unlock: 2948unlock:
2890 release_sock(sk); 2949 l2cap_chan_unlock(chan);
2891 return 0; 2950 return 0;
2892} 2951}
2893 2952
@@ -2896,7 +2955,6 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2896 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 2955 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2897 u16 scid, flags, result; 2956 u16 scid, flags, result;
2898 struct l2cap_chan *chan; 2957 struct l2cap_chan *chan;
2899 struct sock *sk;
2900 int len = cmd->len - sizeof(*rsp); 2958 int len = cmd->len - sizeof(*rsp);
2901 2959
2902 scid = __le16_to_cpu(rsp->scid); 2960 scid = __le16_to_cpu(rsp->scid);
@@ -2910,7 +2968,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2910 if (!chan) 2968 if (!chan)
2911 return 0; 2969 return 0;
2912 2970
2913 sk = chan->sk; 2971 l2cap_chan_lock(chan);
2914 2972
2915 switch (result) { 2973 switch (result) {
2916 case L2CAP_CONF_SUCCESS: 2974 case L2CAP_CONF_SUCCESS:
@@ -2969,9 +3027,9 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2969 } 3027 }
2970 3028
2971 default: 3029 default:
2972 sk->sk_err = ECONNRESET; 3030 l2cap_chan_set_err(chan, ECONNRESET);
2973 __set_chan_timer(chan, 3031
2974 msecs_to_jiffies(L2CAP_DISC_REJ_TIMEOUT)); 3032 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
2975 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3033 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2976 goto done; 3034 goto done;
2977 } 3035 }
@@ -2991,11 +3049,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2991 if (chan->mode == L2CAP_MODE_ERTM) 3049 if (chan->mode == L2CAP_MODE_ERTM)
2992 l2cap_ertm_init(chan); 3050 l2cap_ertm_init(chan);
2993 3051
2994 l2cap_chan_ready(sk); 3052 l2cap_chan_ready(chan);
2995 } 3053 }
2996 3054
2997done: 3055done:
2998 release_sock(sk); 3056 l2cap_chan_unlock(chan);
2999 return 0; 3057 return 0;
3000} 3058}
3001 3059
@@ -3012,9 +3070,15 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3012 3070
3013 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid); 3071 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3014 3072
3015 chan = l2cap_get_chan_by_scid(conn, dcid); 3073 mutex_lock(&conn->chan_lock);
3016 if (!chan) 3074
3075 chan = __l2cap_get_chan_by_scid(conn, dcid);
3076 if (!chan) {
3077 mutex_unlock(&conn->chan_lock);
3017 return 0; 3078 return 0;
3079 }
3080
3081 l2cap_chan_lock(chan);
3018 3082
3019 sk = chan->sk; 3083 sk = chan->sk;
3020 3084
@@ -3022,12 +3086,18 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3022 rsp.scid = cpu_to_le16(chan->dcid); 3086 rsp.scid = cpu_to_le16(chan->dcid);
3023 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); 3087 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3024 3088
3089 lock_sock(sk);
3025 sk->sk_shutdown = SHUTDOWN_MASK; 3090 sk->sk_shutdown = SHUTDOWN_MASK;
3091 release_sock(sk);
3026 3092
3027 l2cap_chan_del(chan, ECONNRESET); 3093 l2cap_chan_del(chan, ECONNRESET);
3028 release_sock(sk); 3094
3095 l2cap_chan_unlock(chan);
3029 3096
3030 chan->ops->close(chan->data); 3097 chan->ops->close(chan->data);
3098
3099 mutex_unlock(&conn->chan_lock);
3100
3031 return 0; 3101 return 0;
3032} 3102}
3033 3103
@@ -3036,23 +3106,30 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3036 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 3106 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3037 u16 dcid, scid; 3107 u16 dcid, scid;
3038 struct l2cap_chan *chan; 3108 struct l2cap_chan *chan;
3039 struct sock *sk;
3040 3109
3041 scid = __le16_to_cpu(rsp->scid); 3110 scid = __le16_to_cpu(rsp->scid);
3042 dcid = __le16_to_cpu(rsp->dcid); 3111 dcid = __le16_to_cpu(rsp->dcid);
3043 3112
3044 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid); 3113 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3045 3114
3046 chan = l2cap_get_chan_by_scid(conn, scid); 3115 mutex_lock(&conn->chan_lock);
3047 if (!chan) 3116
3117 chan = __l2cap_get_chan_by_scid(conn, scid);
3118 if (!chan) {
3119 mutex_unlock(&conn->chan_lock);
3048 return 0; 3120 return 0;
3121 }
3049 3122
3050 sk = chan->sk; 3123 l2cap_chan_lock(chan);
3051 3124
3052 l2cap_chan_del(chan, 0); 3125 l2cap_chan_del(chan, 0);
3053 release_sock(sk); 3126
3127 l2cap_chan_unlock(chan);
3054 3128
3055 chan->ops->close(chan->data); 3129 chan->ops->close(chan->data);
3130
3131 mutex_unlock(&conn->chan_lock);
3132
3056 return 0; 3133 return 0;
3057} 3134}
3058 3135
@@ -3132,7 +3209,8 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3132 return 0; 3209 return 0;
3133 } 3210 }
3134 3211
3135 if (type == L2CAP_IT_FEAT_MASK) { 3212 switch (type) {
3213 case L2CAP_IT_FEAT_MASK:
3136 conn->feat_mask = get_unaligned_le32(rsp->data); 3214 conn->feat_mask = get_unaligned_le32(rsp->data);
3137 3215
3138 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) { 3216 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
@@ -3149,11 +3227,15 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3149 3227
3150 l2cap_conn_start(conn); 3228 l2cap_conn_start(conn);
3151 } 3229 }
3152 } else if (type == L2CAP_IT_FIXED_CHAN) { 3230 break;
3231
3232 case L2CAP_IT_FIXED_CHAN:
3233 conn->fixed_chan_mask = rsp->data[0];
3153 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 3234 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3154 conn->info_ident = 0; 3235 conn->info_ident = 0;
3155 3236
3156 l2cap_conn_start(conn); 3237 l2cap_conn_start(conn);
3238 break;
3157 } 3239 }
3158 3240
3159 return 0; 3241 return 0;
@@ -3713,19 +3795,11 @@ static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u3
3713 3795
3714static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan) 3796static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
3715{ 3797{
3716 u32 control;
3717
3718 BT_DBG("chan %p, Enter local busy", chan); 3798 BT_DBG("chan %p, Enter local busy", chan);
3719 3799
3720 set_bit(CONN_LOCAL_BUSY, &chan->conn_state); 3800 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3721 3801
3722 control = __set_reqseq(chan, chan->buffer_seq); 3802 __set_ack_timer(chan);
3723 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
3724 l2cap_send_sframe(chan, control);
3725
3726 set_bit(CONN_RNR_SENT, &chan->conn_state);
3727
3728 __clear_ack_timer(chan);
3729} 3803}
3730 3804
3731static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan) 3805static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
@@ -3865,8 +3939,11 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_cont
3865 goto drop; 3939 goto drop;
3866 } 3940 }
3867 3941
3868 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) 3942 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3943 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3944 l2cap_send_ack(chan);
3869 goto drop; 3945 goto drop;
3946 }
3870 3947
3871 if (tx_seq == chan->expected_tx_seq) 3948 if (tx_seq == chan->expected_tx_seq)
3872 goto expected; 3949 goto expected;
@@ -3927,15 +4004,15 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_cont
3927 __skb_queue_head_init(&chan->srej_q); 4004 __skb_queue_head_init(&chan->srej_q);
3928 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar); 4005 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
3929 4006
3930 set_bit(CONN_SEND_PBIT, &chan->conn_state); 4007 /* Set P-bit only if there are some I-frames to ack. */
4008 if (__clear_ack_timer(chan))
4009 set_bit(CONN_SEND_PBIT, &chan->conn_state);
3931 4010
3932 err = l2cap_send_srejframe(chan, tx_seq); 4011 err = l2cap_send_srejframe(chan, tx_seq);
3933 if (err < 0) { 4012 if (err < 0) {
3934 l2cap_send_disconn_req(chan->conn, chan, -err); 4013 l2cap_send_disconn_req(chan->conn, chan, -err);
3935 return err; 4014 return err;
3936 } 4015 }
3937
3938 __clear_ack_timer(chan);
3939 } 4016 }
3940 return 0; 4017 return 0;
3941 4018
@@ -4135,9 +4212,8 @@ static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_cont
4135 return 0; 4212 return 0;
4136} 4213}
4137 4214
4138static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb) 4215static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
4139{ 4216{
4140 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
4141 u32 control; 4217 u32 control;
4142 u16 req_seq; 4218 u16 req_seq;
4143 int len, next_tx_seq_offset, req_seq_offset; 4219 int len, next_tx_seq_offset, req_seq_offset;
@@ -4205,7 +4281,6 @@ drop:
4205static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 4281static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4206{ 4282{
4207 struct l2cap_chan *chan; 4283 struct l2cap_chan *chan;
4208 struct sock *sk = NULL;
4209 u32 control; 4284 u32 control;
4210 u16 tx_seq; 4285 u16 tx_seq;
4211 int len; 4286 int len;
@@ -4213,10 +4288,12 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4213 chan = l2cap_get_chan_by_scid(conn, cid); 4288 chan = l2cap_get_chan_by_scid(conn, cid);
4214 if (!chan) { 4289 if (!chan) {
4215 BT_DBG("unknown cid 0x%4.4x", cid); 4290 BT_DBG("unknown cid 0x%4.4x", cid);
4216 goto drop; 4291 /* Drop packet and return */
4292 kfree_skb(skb);
4293 return 0;
4217 } 4294 }
4218 4295
4219 sk = chan->sk; 4296 l2cap_chan_lock(chan);
4220 4297
4221 BT_DBG("chan %p, len %d", chan, skb->len); 4298 BT_DBG("chan %p, len %d", chan, skb->len);
4222 4299
@@ -4238,7 +4315,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
4238 break; 4315 break;
4239 4316
4240 case L2CAP_MODE_ERTM: 4317 case L2CAP_MODE_ERTM:
4241 l2cap_ertm_data_rcv(sk, skb); 4318 l2cap_ertm_data_rcv(chan, skb);
4242 4319
4243 goto done; 4320 goto done;
4244 4321
@@ -4287,26 +4364,20 @@ drop:
4287 kfree_skb(skb); 4364 kfree_skb(skb);
4288 4365
4289done: 4366done:
4290 if (sk) 4367 l2cap_chan_unlock(chan);
4291 release_sock(sk);
4292 4368
4293 return 0; 4369 return 0;
4294} 4370}
4295 4371
4296static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb) 4372static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
4297{ 4373{
4298 struct sock *sk = NULL;
4299 struct l2cap_chan *chan; 4374 struct l2cap_chan *chan;
4300 4375
4301 chan = l2cap_global_chan_by_psm(0, psm, conn->src); 4376 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4302 if (!chan) 4377 if (!chan)
4303 goto drop; 4378 goto drop;
4304 4379
4305 sk = chan->sk; 4380 BT_DBG("chan %p, len %d", chan, skb->len);
4306
4307 lock_sock(sk);
4308
4309 BT_DBG("sk %p, len %d", sk, skb->len);
4310 4381
4311 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) 4382 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
4312 goto drop; 4383 goto drop;
@@ -4315,31 +4386,23 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str
4315 goto drop; 4386 goto drop;
4316 4387
4317 if (!chan->ops->recv(chan->data, skb)) 4388 if (!chan->ops->recv(chan->data, skb))
4318 goto done; 4389 return 0;
4319 4390
4320drop: 4391drop:
4321 kfree_skb(skb); 4392 kfree_skb(skb);
4322 4393
4323done:
4324 if (sk)
4325 release_sock(sk);
4326 return 0; 4394 return 0;
4327} 4395}
4328 4396
4329static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb) 4397static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
4330{ 4398{
4331 struct sock *sk = NULL;
4332 struct l2cap_chan *chan; 4399 struct l2cap_chan *chan;
4333 4400
4334 chan = l2cap_global_chan_by_scid(0, cid, conn->src); 4401 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4335 if (!chan) 4402 if (!chan)
4336 goto drop; 4403 goto drop;
4337 4404
4338 sk = chan->sk; 4405 BT_DBG("chan %p, len %d", chan, skb->len);
4339
4340 lock_sock(sk);
4341
4342 BT_DBG("sk %p, len %d", sk, skb->len);
4343 4406
4344 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) 4407 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
4345 goto drop; 4408 goto drop;
@@ -4348,14 +4411,11 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct
4348 goto drop; 4411 goto drop;
4349 4412
4350 if (!chan->ops->recv(chan->data, skb)) 4413 if (!chan->ops->recv(chan->data, skb))
4351 goto done; 4414 return 0;
4352 4415
4353drop: 4416drop:
4354 kfree_skb(skb); 4417 kfree_skb(skb);
4355 4418
4356done:
4357 if (sk)
4358 release_sock(sk);
4359 return 0; 4419 return 0;
4360} 4420}
4361 4421
@@ -4479,8 +4539,7 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
4479 if (encrypt == 0x00) { 4539 if (encrypt == 0x00) {
4480 if (chan->sec_level == BT_SECURITY_MEDIUM) { 4540 if (chan->sec_level == BT_SECURITY_MEDIUM) {
4481 __clear_chan_timer(chan); 4541 __clear_chan_timer(chan);
4482 __set_chan_timer(chan, 4542 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4483 msecs_to_jiffies(L2CAP_ENC_TIMEOUT));
4484 } else if (chan->sec_level == BT_SECURITY_HIGH) 4543 } else if (chan->sec_level == BT_SECURITY_HIGH)
4485 l2cap_chan_close(chan, ECONNREFUSED); 4544 l2cap_chan_close(chan, ECONNREFUSED);
4486 } else { 4545 } else {
@@ -4504,57 +4563,49 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4504 cancel_delayed_work(&conn->security_timer); 4563 cancel_delayed_work(&conn->security_timer);
4505 } 4564 }
4506 4565
4507 rcu_read_lock(); 4566 mutex_lock(&conn->chan_lock);
4508
4509 list_for_each_entry_rcu(chan, &conn->chan_l, list) {
4510 struct sock *sk = chan->sk;
4511 4567
4512 bh_lock_sock(sk); 4568 list_for_each_entry(chan, &conn->chan_l, list) {
4569 l2cap_chan_lock(chan);
4513 4570
4514 BT_DBG("chan->scid %d", chan->scid); 4571 BT_DBG("chan->scid %d", chan->scid);
4515 4572
4516 if (chan->scid == L2CAP_CID_LE_DATA) { 4573 if (chan->scid == L2CAP_CID_LE_DATA) {
4517 if (!status && encrypt) { 4574 if (!status && encrypt) {
4518 chan->sec_level = hcon->sec_level; 4575 chan->sec_level = hcon->sec_level;
4519 l2cap_chan_ready(sk); 4576 l2cap_chan_ready(chan);
4520 } 4577 }
4521 4578
4522 bh_unlock_sock(sk); 4579 l2cap_chan_unlock(chan);
4523 continue; 4580 continue;
4524 } 4581 }
4525 4582
4526 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) { 4583 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
4527 bh_unlock_sock(sk); 4584 l2cap_chan_unlock(chan);
4528 continue; 4585 continue;
4529 } 4586 }
4530 4587
4531 if (!status && (chan->state == BT_CONNECTED || 4588 if (!status && (chan->state == BT_CONNECTED ||
4532 chan->state == BT_CONFIG)) { 4589 chan->state == BT_CONFIG)) {
4533 l2cap_check_encryption(chan, encrypt); 4590 l2cap_check_encryption(chan, encrypt);
4534 bh_unlock_sock(sk); 4591 l2cap_chan_unlock(chan);
4535 continue; 4592 continue;
4536 } 4593 }
4537 4594
4538 if (chan->state == BT_CONNECT) { 4595 if (chan->state == BT_CONNECT) {
4539 if (!status) { 4596 if (!status) {
4540 struct l2cap_conn_req req; 4597 l2cap_send_conn_req(chan);
4541 req.scid = cpu_to_le16(chan->scid);
4542 req.psm = chan->psm;
4543
4544 chan->ident = l2cap_get_ident(conn);
4545 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
4546
4547 l2cap_send_cmd(conn, chan->ident,
4548 L2CAP_CONN_REQ, sizeof(req), &req);
4549 } else { 4598 } else {
4550 __clear_chan_timer(chan); 4599 __clear_chan_timer(chan);
4551 __set_chan_timer(chan, 4600 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
4552 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
4553 } 4601 }
4554 } else if (chan->state == BT_CONNECT2) { 4602 } else if (chan->state == BT_CONNECT2) {
4603 struct sock *sk = chan->sk;
4555 struct l2cap_conn_rsp rsp; 4604 struct l2cap_conn_rsp rsp;
4556 __u16 res, stat; 4605 __u16 res, stat;
4557 4606
4607 lock_sock(sk);
4608
4558 if (!status) { 4609 if (!status) {
4559 if (bt_sk(sk)->defer_setup) { 4610 if (bt_sk(sk)->defer_setup) {
4560 struct sock *parent = bt_sk(sk)->parent; 4611 struct sock *parent = bt_sk(sk)->parent;
@@ -4563,18 +4614,19 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4563 if (parent) 4614 if (parent)
4564 parent->sk_data_ready(parent, 0); 4615 parent->sk_data_ready(parent, 0);
4565 } else { 4616 } else {
4566 l2cap_state_change(chan, BT_CONFIG); 4617 __l2cap_state_change(chan, BT_CONFIG);
4567 res = L2CAP_CR_SUCCESS; 4618 res = L2CAP_CR_SUCCESS;
4568 stat = L2CAP_CS_NO_INFO; 4619 stat = L2CAP_CS_NO_INFO;
4569 } 4620 }
4570 } else { 4621 } else {
4571 l2cap_state_change(chan, BT_DISCONN); 4622 __l2cap_state_change(chan, BT_DISCONN);
4572 __set_chan_timer(chan, 4623 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
4573 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
4574 res = L2CAP_CR_SEC_BLOCK; 4624 res = L2CAP_CR_SEC_BLOCK;
4575 stat = L2CAP_CS_NO_INFO; 4625 stat = L2CAP_CS_NO_INFO;
4576 } 4626 }
4577 4627
4628 release_sock(sk);
4629
4578 rsp.scid = cpu_to_le16(chan->dcid); 4630 rsp.scid = cpu_to_le16(chan->dcid);
4579 rsp.dcid = cpu_to_le16(chan->scid); 4631 rsp.dcid = cpu_to_le16(chan->scid);
4580 rsp.result = cpu_to_le16(res); 4632 rsp.result = cpu_to_le16(res);
@@ -4583,10 +4635,10 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4583 sizeof(rsp), &rsp); 4635 sizeof(rsp), &rsp);
4584 } 4636 }
4585 4637
4586 bh_unlock_sock(sk); 4638 l2cap_chan_unlock(chan);
4587 } 4639 }
4588 4640
4589 rcu_read_unlock(); 4641 mutex_unlock(&conn->chan_lock);
4590 4642
4591 return 0; 4643 return 0;
4592} 4644}
@@ -4647,6 +4699,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4647 4699
4648 if (chan && chan->sk) { 4700 if (chan && chan->sk) {
4649 struct sock *sk = chan->sk; 4701 struct sock *sk = chan->sk;
4702 lock_sock(sk);
4650 4703
4651 if (chan->imtu < len - L2CAP_HDR_SIZE) { 4704 if (chan->imtu < len - L2CAP_HDR_SIZE) {
4652 BT_ERR("Frame exceeding recv MTU (len %d, " 4705 BT_ERR("Frame exceeding recv MTU (len %d, "
@@ -4717,7 +4770,7 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
4717 c->state, __le16_to_cpu(c->psm), 4770 c->state, __le16_to_cpu(c->psm),
4718 c->scid, c->dcid, c->imtu, c->omtu, 4771 c->scid, c->dcid, c->imtu, c->omtu,
4719 c->sec_level, c->mode); 4772 c->sec_level, c->mode);
4720} 4773 }
4721 4774
4722 read_unlock(&chan_list_lock); 4775 read_unlock(&chan_list_lock);
4723 4776
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 401d9428ae4c..c4fe583b0af6 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -125,13 +125,15 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
125 125
126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr); 126 err = l2cap_chan_connect(chan, la.l2_psm, la.l2_cid, &la.l2_bdaddr);
127 if (err) 127 if (err)
128 goto done; 128 return err;
129
130 lock_sock(sk);
129 131
130 err = bt_sock_wait_state(sk, BT_CONNECTED, 132 err = bt_sock_wait_state(sk, BT_CONNECTED,
131 sock_sndtimeo(sk, flags & O_NONBLOCK)); 133 sock_sndtimeo(sk, flags & O_NONBLOCK));
132done: 134
133 if (sock_owned_by_user(sk)) 135 release_sock(sk);
134 release_sock(sk); 136
135 return err; 137 return err;
136} 138}
137 139
@@ -783,7 +785,7 @@ static void l2cap_sock_kill(struct sock *sk)
783 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 785 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
784 return; 786 return;
785 787
786 BT_DBG("sk %p state %d", sk, sk->sk_state); 788 BT_DBG("sk %p state %s", sk, state_to_string(sk->sk_state));
787 789
788 /* Kill poor orphan */ 790 /* Kill poor orphan */
789 791
@@ -795,7 +797,8 @@ static void l2cap_sock_kill(struct sock *sk)
795static int l2cap_sock_shutdown(struct socket *sock, int how) 797static int l2cap_sock_shutdown(struct socket *sock, int how)
796{ 798{
797 struct sock *sk = sock->sk; 799 struct sock *sk = sock->sk;
798 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 800 struct l2cap_chan *chan;
801 struct l2cap_conn *conn;
799 int err = 0; 802 int err = 0;
800 803
801 BT_DBG("sock %p, sk %p", sock, sk); 804 BT_DBG("sock %p, sk %p", sock, sk);
@@ -803,13 +806,24 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
803 if (!sk) 806 if (!sk)
804 return 0; 807 return 0;
805 808
809 chan = l2cap_pi(sk)->chan;
810 conn = chan->conn;
811
812 if (conn)
813 mutex_lock(&conn->chan_lock);
814
815 l2cap_chan_lock(chan);
806 lock_sock(sk); 816 lock_sock(sk);
817
807 if (!sk->sk_shutdown) { 818 if (!sk->sk_shutdown) {
808 if (chan->mode == L2CAP_MODE_ERTM) 819 if (chan->mode == L2CAP_MODE_ERTM)
809 err = __l2cap_wait_ack(sk); 820 err = __l2cap_wait_ack(sk);
810 821
811 sk->sk_shutdown = SHUTDOWN_MASK; 822 sk->sk_shutdown = SHUTDOWN_MASK;
823
824 release_sock(sk);
812 l2cap_chan_close(chan, 0); 825 l2cap_chan_close(chan, 0);
826 lock_sock(sk);
813 827
814 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 828 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
815 err = bt_sock_wait_state(sk, BT_CLOSED, 829 err = bt_sock_wait_state(sk, BT_CLOSED,
@@ -820,6 +834,11 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
820 err = -sk->sk_err; 834 err = -sk->sk_err;
821 835
822 release_sock(sk); 836 release_sock(sk);
837 l2cap_chan_unlock(chan);
838
839 if (conn)
840 mutex_unlock(&conn->chan_lock);
841
823 return err; 842 return err;
824} 843}
825 844
@@ -862,8 +881,12 @@ static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
862 struct sock *sk = data; 881 struct sock *sk = data;
863 struct l2cap_pinfo *pi = l2cap_pi(sk); 882 struct l2cap_pinfo *pi = l2cap_pi(sk);
864 883
865 if (pi->rx_busy_skb) 884 lock_sock(sk);
866 return -ENOMEM; 885
886 if (pi->rx_busy_skb) {
887 err = -ENOMEM;
888 goto done;
889 }
867 890
868 err = sock_queue_rcv_skb(sk, skb); 891 err = sock_queue_rcv_skb(sk, skb);
869 892
@@ -882,6 +905,9 @@ static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb)
882 err = 0; 905 err = 0;
883 } 906 }
884 907
908done:
909 release_sock(sk);
910
885 return err; 911 return err;
886} 912}
887 913
@@ -899,12 +925,22 @@ static void l2cap_sock_state_change_cb(void *data, int state)
899 sk->sk_state = state; 925 sk->sk_state = state;
900} 926}
901 927
928static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
929 unsigned long len, int nb,
930 int *err)
931{
932 struct sock *sk = chan->sk;
933
934 return bt_skb_send_alloc(sk, len, nb, err);
935}
936
902static struct l2cap_ops l2cap_chan_ops = { 937static struct l2cap_ops l2cap_chan_ops = {
903 .name = "L2CAP Socket Interface", 938 .name = "L2CAP Socket Interface",
904 .new_connection = l2cap_sock_new_connection_cb, 939 .new_connection = l2cap_sock_new_connection_cb,
905 .recv = l2cap_sock_recv_cb, 940 .recv = l2cap_sock_recv_cb,
906 .close = l2cap_sock_close_cb, 941 .close = l2cap_sock_close_cb,
907 .state_change = l2cap_sock_state_change_cb, 942 .state_change = l2cap_sock_state_change_cb,
943 .alloc_skb = l2cap_sock_alloc_skb_cb,
908}; 944};
909 945
910static void l2cap_sock_destruct(struct sock *sk) 946static void l2cap_sock_destruct(struct sock *sk)
@@ -1004,7 +1040,7 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
1004 INIT_LIST_HEAD(&bt_sk(sk)->accept_q); 1040 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1005 1041
1006 sk->sk_destruct = l2cap_sock_destruct; 1042 sk->sk_destruct = l2cap_sock_destruct;
1007 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT); 1043 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1008 1044
1009 sock_reset_flag(sk, SOCK_ZAPPED); 1045 sock_reset_flag(sk, SOCK_ZAPPED);
1010 1046
diff --git a/net/bluetooth/lib.c b/net/bluetooth/lib.c
index 86a6bed229df..506628876f36 100644
--- a/net/bluetooth/lib.c
+++ b/net/bluetooth/lib.c
@@ -24,6 +24,8 @@
24 24
25/* Bluetooth kernel library. */ 25/* Bluetooth kernel library. */
26 26
27#define pr_fmt(fmt) "Bluetooth: " fmt
28
27#include <linux/module.h> 29#include <linux/module.h>
28 30
29#include <linux/kernel.h> 31#include <linux/kernel.h>
@@ -151,7 +153,26 @@ int bt_to_errno(__u16 code)
151} 153}
152EXPORT_SYMBOL(bt_to_errno); 154EXPORT_SYMBOL(bt_to_errno);
153 155
154int bt_printk(const char *level, const char *format, ...) 156int bt_info(const char *format, ...)
157{
158 struct va_format vaf;
159 va_list args;
160 int r;
161
162 va_start(args, format);
163
164 vaf.fmt = format;
165 vaf.va = &args;
166
167 r = pr_info("%pV", &vaf);
168
169 va_end(args);
170
171 return r;
172}
173EXPORT_SYMBOL(bt_info);
174
175int bt_err(const char *format, ...)
155{ 176{
156 struct va_format vaf; 177 struct va_format vaf;
157 va_list args; 178 va_list args;
@@ -162,10 +183,10 @@ int bt_printk(const char *level, const char *format, ...)
162 vaf.fmt = format; 183 vaf.fmt = format;
163 vaf.va = &args; 184 vaf.va = &args;
164 185
165 r = printk("%sBluetooth: %pV\n", level, &vaf); 186 r = pr_err("%pV", &vaf);
166 187
167 va_end(args); 188 va_end(args);
168 189
169 return r; 190 return r;
170} 191}
171EXPORT_SYMBOL(bt_printk); 192EXPORT_SYMBOL(bt_err);
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index bc8e59dda78e..7fcff8887131 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1,6 +1,8 @@
1/* 1/*
2 BlueZ - Bluetooth protocol stack for Linux 2 BlueZ - Bluetooth protocol stack for Linux
3
3 Copyright (C) 2010 Nokia Corporation 4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
4 6
5 This program is free software; you can redistribute it and/or modify 7 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as 8 it under the terms of the GNU General Public License version 2 as
@@ -32,12 +34,92 @@
32#include <net/bluetooth/mgmt.h> 34#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/smp.h> 35#include <net/bluetooth/smp.h>
34 36
35#define MGMT_VERSION 0 37bool enable_hs;
36#define MGMT_REVISION 1 38bool enable_le;
39
40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
42
43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115
116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
37 118
38#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 119#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
39 120
40#define SERVICE_CACHE_TIMEOUT (5 * 1000) 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
41 123
42struct pending_cmd { 124struct pending_cmd {
43 struct list_head list; 125 struct list_head list;
@@ -151,8 +233,8 @@ static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
151 return err; 233 return err;
152} 234}
153 235
154static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
155 size_t rp_len) 237 void *rp, size_t rp_len)
156{ 238{
157 struct sk_buff *skb; 239 struct sk_buff *skb;
158 struct mgmt_hdr *hdr; 240 struct mgmt_hdr *hdr;
@@ -173,6 +255,7 @@ static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
173 255
174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode); 257 put_unaligned_le16(cmd, &ev->opcode);
258 ev->status = status;
176 259
177 if (rp) 260 if (rp)
178 memcpy(ev->data, rp, rp_len); 261 memcpy(ev->data, rp, rp_len);
@@ -181,10 +264,11 @@ static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
181 if (err < 0) 264 if (err < 0)
182 kfree_skb(skb); 265 kfree_skb(skb);
183 266
184 return err;; 267 return err;
185} 268}
186 269
187static int read_version(struct sock *sk) 270static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
271 u16 data_len)
188{ 272{
189 struct mgmt_rp_read_version rp; 273 struct mgmt_rp_read_version rp;
190 274
@@ -193,11 +277,46 @@ static int read_version(struct sock *sk)
193 rp.version = MGMT_VERSION; 277 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision); 278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
195 279
196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
197 sizeof(rp)); 281 sizeof(rp));
282}
283
284static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
285 u16 data_len)
286{
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
290 u16 *opcode;
291 size_t rp_size;
292 int i, err;
293
294 BT_DBG("sock %p", sk);
295
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
297
298 rp = kmalloc(rp_size, GFP_KERNEL);
299 if (!rp)
300 return -ENOMEM;
301
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
304
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
307
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
310
311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
312 rp_size);
313 kfree(rp);
314
315 return err;
198} 316}
199 317
200static int read_index_list(struct sock *sk) 318static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
319 u16 data_len)
201{ 320{
202 struct mgmt_rp_read_index_list *rp; 321 struct mgmt_rp_read_index_list *rp;
203 struct list_head *p; 322 struct list_head *p;
@@ -226,10 +345,7 @@ static int read_index_list(struct sock *sk)
226 345
227 i = 0; 346 i = 0;
228 list_for_each_entry(d, &hci_dev_list, list) { 347 list_for_each_entry(d, &hci_dev_list, list) {
229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags)) 348 if (test_bit(HCI_SETUP, &d->dev_flags))
230 cancel_delayed_work(&d->power_off);
231
232 if (test_bit(HCI_SETUP, &d->flags))
233 continue; 349 continue;
234 350
235 put_unaligned_le16(d->id, &rp->index[i++]); 351 put_unaligned_le16(d->id, &rp->index[i++]);
@@ -238,8 +354,8 @@ static int read_index_list(struct sock *sk)
238 354
239 read_unlock(&hci_dev_list_lock); 355 read_unlock(&hci_dev_list_lock);
240 356
241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
242 rp_len); 358 rp_len);
243 359
244 kfree(rp); 360 kfree(rp);
245 361
@@ -264,8 +380,13 @@ static u32 get_supported_settings(struct hci_dev *hdev)
264 settings |= MGMT_SETTING_LINK_SECURITY; 380 settings |= MGMT_SETTING_LINK_SECURITY;
265 } 381 }
266 382
267 if (hdev->features[4] & LMP_LE) 383 if (enable_hs)
268 settings |= MGMT_SETTING_LE; 384 settings |= MGMT_SETTING_HS;
385
386 if (enable_le) {
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
389 }
269 390
270 return settings; 391 return settings;
271} 392}
@@ -274,47 +395,36 @@ static u32 get_current_settings(struct hci_dev *hdev)
274{ 395{
275 u32 settings = 0; 396 u32 settings = 0;
276 397
277 if (test_bit(HCI_UP, &hdev->flags)) 398 if (hdev_is_powered(hdev))
278 settings |= MGMT_SETTING_POWERED; 399 settings |= MGMT_SETTING_POWERED;
279 else
280 return settings;
281 400
282 if (test_bit(HCI_PSCAN, &hdev->flags)) 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
283 settings |= MGMT_SETTING_CONNECTABLE; 402 settings |= MGMT_SETTING_CONNECTABLE;
284 403
285 if (test_bit(HCI_ISCAN, &hdev->flags)) 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
286 settings |= MGMT_SETTING_DISCOVERABLE; 405 settings |= MGMT_SETTING_DISCOVERABLE;
287 406
288 if (test_bit(HCI_PAIRABLE, &hdev->flags)) 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
289 settings |= MGMT_SETTING_PAIRABLE; 408 settings |= MGMT_SETTING_PAIRABLE;
290 409
291 if (!(hdev->features[4] & LMP_NO_BREDR)) 410 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR; 411 settings |= MGMT_SETTING_BREDR;
293 412
294 if (hdev->host_features[0] & LMP_HOST_LE) 413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
295 settings |= MGMT_SETTING_LE; 414 settings |= MGMT_SETTING_LE;
296 415
297 if (test_bit(HCI_AUTH, &hdev->flags)) 416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
298 settings |= MGMT_SETTING_LINK_SECURITY; 417 settings |= MGMT_SETTING_LINK_SECURITY;
299 418
300 if (hdev->ssp_mode > 0) 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
301 settings |= MGMT_SETTING_SSP; 420 settings |= MGMT_SETTING_SSP;
302 421
422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
303 return settings; 425 return settings;
304} 426}
305 427
306#define EIR_FLAGS 0x01 /* flags */
307#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
308#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
309#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
310#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
311#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
312#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
313#define EIR_NAME_SHORT 0x08 /* shortened local name */
314#define EIR_NAME_COMPLETE 0x09 /* complete local name */
315#define EIR_TX_POWER 0x0A /* transmit power level */
316#define EIR_DEVICE_ID 0x10 /* device ID */
317
318#define PNP_INFO_SVCLASS_ID 0x1200 428#define PNP_INFO_SVCLASS_ID 0x1200
319 429
320static u8 bluetooth_base_uuid[] = { 430static u8 bluetooth_base_uuid[] = {
@@ -425,13 +535,16 @@ static int update_eir(struct hci_dev *hdev)
425{ 535{
426 struct hci_cp_write_eir cp; 536 struct hci_cp_write_eir cp;
427 537
538 if (!hdev_is_powered(hdev))
539 return 0;
540
428 if (!(hdev->features[6] & LMP_EXT_INQ)) 541 if (!(hdev->features[6] & LMP_EXT_INQ))
429 return 0; 542 return 0;
430 543
431 if (hdev->ssp_mode == 0) 544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
432 return 0; 545 return 0;
433 546
434 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
435 return 0; 548 return 0;
436 549
437 memset(&cp, 0, sizeof(cp)); 550 memset(&cp, 0, sizeof(cp));
@@ -460,10 +573,14 @@ static u8 get_service_classes(struct hci_dev *hdev)
460static int update_class(struct hci_dev *hdev) 573static int update_class(struct hci_dev *hdev)
461{ 574{
462 u8 cod[3]; 575 u8 cod[3];
576 int err;
463 577
464 BT_DBG("%s", hdev->name); 578 BT_DBG("%s", hdev->name);
465 579
466 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 580 if (!hdev_is_powered(hdev))
581 return 0;
582
583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
467 return 0; 584 return 0;
468 585
469 cod[0] = hdev->minor_class; 586 cod[0] = hdev->minor_class;
@@ -473,15 +590,19 @@ static int update_class(struct hci_dev *hdev)
473 if (memcmp(cod, hdev->dev_class, 3) == 0) 590 if (memcmp(cod, hdev->dev_class, 3) == 0)
474 return 0; 591 return 0;
475 592
476 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
594 if (err == 0)
595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
596
597 return err;
477} 598}
478 599
479static void service_cache_off(struct work_struct *work) 600static void service_cache_off(struct work_struct *work)
480{ 601{
481 struct hci_dev *hdev = container_of(work, struct hci_dev, 602 struct hci_dev *hdev = container_of(work, struct hci_dev,
482 service_cache.work); 603 service_cache.work);
483 604
484 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) 605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
485 return; 606 return;
486 607
487 hci_dev_lock(hdev); 608 hci_dev_lock(hdev);
@@ -492,36 +613,30 @@ static void service_cache_off(struct work_struct *work)
492 hci_dev_unlock(hdev); 613 hci_dev_unlock(hdev);
493} 614}
494 615
495static void mgmt_init_hdev(struct hci_dev *hdev) 616static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
496{ 617{
497 if (!test_and_set_bit(HCI_MGMT, &hdev->flags)) 618 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
498 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 619 return;
620
621 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
499 622
500 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->flags)) 623 /* Non-mgmt controlled devices get this bit set
501 schedule_delayed_work(&hdev->service_cache, 624 * implicitly so that pairing works for them, however
502 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT)); 625 * for mgmt we require user-space to explicitly enable
626 * it
627 */
628 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
503} 629}
504 630
505static int read_controller_info(struct sock *sk, u16 index) 631static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
632 void *data, u16 data_len)
506{ 633{
507 struct mgmt_rp_read_info rp; 634 struct mgmt_rp_read_info rp;
508 struct hci_dev *hdev;
509
510 BT_DBG("sock %p hci%u", sk, index);
511
512 hdev = hci_dev_get(index);
513 if (!hdev)
514 return cmd_status(sk, index, MGMT_OP_READ_INFO,
515 MGMT_STATUS_INVALID_PARAMS);
516 635
517 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags)) 636 BT_DBG("sock %p %s", sk, hdev->name);
518 cancel_delayed_work_sync(&hdev->power_off);
519 637
520 hci_dev_lock(hdev); 638 hci_dev_lock(hdev);
521 639
522 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
523 mgmt_init_hdev(hdev);
524
525 memset(&rp, 0, sizeof(rp)); 640 memset(&rp, 0, sizeof(rp));
526 641
527 bacpy(&rp.bdaddr, &hdev->bdaddr); 642 bacpy(&rp.bdaddr, &hdev->bdaddr);
@@ -536,11 +651,12 @@ static int read_controller_info(struct sock *sk, u16 index)
536 memcpy(rp.dev_class, hdev->dev_class, 3); 651 memcpy(rp.dev_class, hdev->dev_class, 3);
537 652
538 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
654 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
539 655
540 hci_dev_unlock(hdev); 656 hci_dev_unlock(hdev);
541 hci_dev_put(hdev);
542 657
543 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 658 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
659 sizeof(rp));
544} 660}
545 661
546static void mgmt_pending_free(struct pending_cmd *cmd) 662static void mgmt_pending_free(struct pending_cmd *cmd)
@@ -551,8 +667,8 @@ static void mgmt_pending_free(struct pending_cmd *cmd)
551} 667}
552 668
553static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 669static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
554 struct hci_dev *hdev, 670 struct hci_dev *hdev, void *data,
555 void *data, u16 len) 671 u16 len)
556{ 672{
557 struct pending_cmd *cmd; 673 struct pending_cmd *cmd;
558 674
@@ -581,8 +697,8 @@ static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
581} 697}
582 698
583static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 699static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
584 void (*cb)(struct pending_cmd *cmd, void *data), 700 void (*cb)(struct pending_cmd *cmd, void *data),
585 void *data) 701 void *data)
586{ 702{
587 struct list_head *p, *n; 703 struct list_head *p, *n;
588 704
@@ -620,40 +736,39 @@ static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
620{ 736{
621 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 737 __le32 settings = cpu_to_le32(get_current_settings(hdev));
622 738
623 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings)); 739 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
740 sizeof(settings));
624} 741}
625 742
626static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 743static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
744 u16 len)
627{ 745{
628 struct mgmt_mode *cp; 746 struct mgmt_mode *cp = data;
629 struct hci_dev *hdev;
630 struct pending_cmd *cmd; 747 struct pending_cmd *cmd;
631 int err, up; 748 int err;
632
633 cp = (void *) data;
634 749
635 BT_DBG("request for hci%u", index); 750 BT_DBG("request for %s", hdev->name);
636 751
637 if (len != sizeof(*cp)) 752 hci_dev_lock(hdev);
638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
640 753
641 hdev = hci_dev_get(index); 754 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
642 if (!hdev) 755 cancel_delayed_work(&hdev->power_off);
643 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
644 MGMT_STATUS_INVALID_PARAMS);
645 756
646 hci_dev_lock(hdev); 757 if (cp->val) {
758 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
759 mgmt_powered(hdev, 1);
760 goto failed;
761 }
762 }
647 763
648 up = test_bit(HCI_UP, &hdev->flags); 764 if (!!cp->val == hdev_is_powered(hdev)) {
649 if ((cp->val && up) || (!cp->val && !up)) {
650 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 765 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
651 goto failed; 766 goto failed;
652 } 767 }
653 768
654 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 769 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
655 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, 770 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
656 MGMT_STATUS_BUSY); 771 MGMT_STATUS_BUSY);
657 goto failed; 772 goto failed;
658 } 773 }
659 774
@@ -672,49 +787,115 @@ static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
672 787
673failed: 788failed:
674 hci_dev_unlock(hdev); 789 hci_dev_unlock(hdev);
675 hci_dev_put(hdev);
676 return err; 790 return err;
677} 791}
678 792
679static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 793static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
680 u16 len) 794 struct sock *skip_sk)
681{ 795{
682 struct mgmt_cp_set_discoverable *cp; 796 struct sk_buff *skb;
683 struct hci_dev *hdev; 797 struct mgmt_hdr *hdr;
798
799 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
800 if (!skb)
801 return -ENOMEM;
802
803 hdr = (void *) skb_put(skb, sizeof(*hdr));
804 hdr->opcode = cpu_to_le16(event);
805 if (hdev)
806 hdr->index = cpu_to_le16(hdev->id);
807 else
808 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
809 hdr->len = cpu_to_le16(data_len);
810
811 if (data)
812 memcpy(skb_put(skb, data_len), data, data_len);
813
814 /* Time stamp */
815 __net_timestamp(skb);
816
817 hci_send_to_control(skb, skip_sk);
818 kfree_skb(skb);
819
820 return 0;
821}
822
823static int new_settings(struct hci_dev *hdev, struct sock *skip)
824{
825 __le32 ev;
826
827 ev = cpu_to_le32(get_current_settings(hdev));
828
829 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
830}
831
832static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
833 u16 len)
834{
835 struct mgmt_cp_set_discoverable *cp = data;
684 struct pending_cmd *cmd; 836 struct pending_cmd *cmd;
837 u16 timeout;
685 u8 scan; 838 u8 scan;
686 int err; 839 int err;
687 840
688 cp = (void *) data; 841 BT_DBG("request for %s", hdev->name);
689
690 BT_DBG("request for hci%u", index);
691 842
692 if (len != sizeof(*cp)) 843 timeout = get_unaligned_le16(&cp->timeout);
693 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 844 if (!cp->val && timeout > 0)
694 MGMT_STATUS_INVALID_PARAMS); 845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
695 846 MGMT_STATUS_INVALID_PARAMS);
696 hdev = hci_dev_get(index);
697 if (!hdev)
698 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
699 MGMT_STATUS_INVALID_PARAMS);
700 847
701 hci_dev_lock(hdev); 848 hci_dev_lock(hdev);
702 849
703 if (!test_bit(HCI_UP, &hdev->flags)) { 850 if (!hdev_is_powered(hdev) && timeout > 0) {
704 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 851 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
705 MGMT_STATUS_NOT_POWERED); 852 MGMT_STATUS_NOT_POWERED);
706 goto failed; 853 goto failed;
707 } 854 }
708 855
709 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
710 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
711 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
712 MGMT_STATUS_BUSY); 859 MGMT_STATUS_BUSY);
713 goto failed; 860 goto failed;
714 } 861 }
715 862
716 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 863 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
717 test_bit(HCI_PSCAN, &hdev->flags)) { 864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
865 MGMT_STATUS_REJECTED);
866 goto failed;
867 }
868
869 if (!hdev_is_powered(hdev)) {
870 bool changed = false;
871
872 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
873 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
874 changed = true;
875 }
876
877 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
878 if (err < 0)
879 goto failed;
880
881 if (changed)
882 err = new_settings(hdev, sk);
883
884 goto failed;
885 }
886
887 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
888 if (hdev->discov_timeout > 0) {
889 cancel_delayed_work(&hdev->discov_off);
890 hdev->discov_timeout = 0;
891 }
892
893 if (cp->val && timeout > 0) {
894 hdev->discov_timeout = timeout;
895 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
896 msecs_to_jiffies(hdev->discov_timeout * 1000));
897 }
898
718 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 899 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
719 goto failed; 900 goto failed;
720 } 901 }
@@ -737,53 +918,56 @@ static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
737 mgmt_pending_remove(cmd); 918 mgmt_pending_remove(cmd);
738 919
739 if (cp->val) 920 if (cp->val)
740 hdev->discov_timeout = get_unaligned_le16(&cp->timeout); 921 hdev->discov_timeout = timeout;
741 922
742failed: 923failed:
743 hci_dev_unlock(hdev); 924 hci_dev_unlock(hdev);
744 hci_dev_put(hdev);
745
746 return err; 925 return err;
747} 926}
748 927
749static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 928static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
750 u16 len) 929 u16 len)
751{ 930{
752 struct mgmt_mode *cp; 931 struct mgmt_mode *cp = data;
753 struct hci_dev *hdev;
754 struct pending_cmd *cmd; 932 struct pending_cmd *cmd;
755 u8 scan; 933 u8 scan;
756 int err; 934 int err;
757 935
758 cp = (void *) data; 936 BT_DBG("request for %s", hdev->name);
759 937
760 BT_DBG("request for hci%u", index); 938 hci_dev_lock(hdev);
761 939
762 if (len != sizeof(*cp)) 940 if (!hdev_is_powered(hdev)) {
763 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 941 bool changed = false;
764 MGMT_STATUS_INVALID_PARAMS);
765 942
766 hdev = hci_dev_get(index); 943 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
767 if (!hdev) 944 changed = true;
768 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
769 MGMT_STATUS_INVALID_PARAMS);
770 945
771 hci_dev_lock(hdev); 946 if (cp->val) {
947 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
948 } else {
949 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
950 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
951 }
952
953 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
954 if (err < 0)
955 goto failed;
956
957 if (changed)
958 err = new_settings(hdev, sk);
772 959
773 if (!test_bit(HCI_UP, &hdev->flags)) {
774 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
775 MGMT_STATUS_NOT_POWERED);
776 goto failed; 960 goto failed;
777 } 961 }
778 962
779 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 963 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
780 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 964 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
781 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 965 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
782 MGMT_STATUS_BUSY); 966 MGMT_STATUS_BUSY);
783 goto failed; 967 goto failed;
784 } 968 }
785 969
786 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 970 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
787 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 971 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
788 goto failed; 972 goto failed;
789 } 973 }
@@ -794,116 +978,282 @@ static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
794 goto failed; 978 goto failed;
795 } 979 }
796 980
797 if (cp->val) 981 if (cp->val) {
798 scan = SCAN_PAGE; 982 scan = SCAN_PAGE;
799 else 983 } else {
800 scan = 0; 984 scan = 0;
801 985
986 if (test_bit(HCI_ISCAN, &hdev->flags) &&
987 hdev->discov_timeout > 0)
988 cancel_delayed_work(&hdev->discov_off);
989 }
990
802 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 991 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
803 if (err < 0) 992 if (err < 0)
804 mgmt_pending_remove(cmd); 993 mgmt_pending_remove(cmd);
805 994
806failed: 995failed:
807 hci_dev_unlock(hdev); 996 hci_dev_unlock(hdev);
808 hci_dev_put(hdev);
809
810 return err; 997 return err;
811} 998}
812 999
813static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, 1000static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
814 u16 data_len, struct sock *skip_sk) 1001 u16 len)
815{ 1002{
816 struct sk_buff *skb; 1003 struct mgmt_mode *cp = data;
817 struct mgmt_hdr *hdr; 1004 int err;
818 1005
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 1006 BT_DBG("request for %s", hdev->name);
820 if (!skb)
821 return -ENOMEM;
822 1007
823 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 1008 hci_dev_lock(hdev);
824 1009
825 hdr = (void *) skb_put(skb, sizeof(*hdr)); 1010 if (cp->val)
826 hdr->opcode = cpu_to_le16(event); 1011 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
827 if (hdev)
828 hdr->index = cpu_to_le16(hdev->id);
829 else 1012 else
830 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 1013 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
831 hdr->len = cpu_to_le16(data_len);
832 1014
833 if (data) 1015 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
834 memcpy(skb_put(skb, data_len), data, data_len); 1016 if (err < 0)
1017 goto failed;
835 1018
836 hci_send_to_sock(NULL, skb, skip_sk); 1019 err = new_settings(hdev, sk);
837 kfree_skb(skb);
838 1020
839 return 0; 1021failed:
1022 hci_dev_unlock(hdev);
1023 return err;
840} 1024}
841 1025
842static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 1026static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
843 u16 len) 1027 u16 len)
844{ 1028{
845 struct mgmt_mode *cp; 1029 struct mgmt_mode *cp = data;
846 struct hci_dev *hdev; 1030 struct pending_cmd *cmd;
847 __le32 ev; 1031 u8 val;
848 int err; 1032 int err;
849 1033
850 cp = (void *) data; 1034 BT_DBG("request for %s", hdev->name);
851 1035
852 BT_DBG("request for hci%u", index); 1036 hci_dev_lock(hdev);
853 1037
854 if (len != sizeof(*cp)) 1038 if (!hdev_is_powered(hdev)) {
855 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 1039 bool changed = false;
856 MGMT_STATUS_INVALID_PARAMS);
857 1040
858 hdev = hci_dev_get(index); 1041 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
859 if (!hdev) 1042 &hdev->dev_flags)) {
860 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 1043 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
861 MGMT_STATUS_INVALID_PARAMS); 1044 changed = true;
1045 }
862 1046
863 hci_dev_lock(hdev); 1047 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1048 if (err < 0)
1049 goto failed;
864 1050
865 if (cp->val) 1051 if (changed)
866 set_bit(HCI_PAIRABLE, &hdev->flags); 1052 err = new_settings(hdev, sk);
867 else
868 clear_bit(HCI_PAIRABLE, &hdev->flags);
869 1053
870 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
871 if (err < 0)
872 goto failed; 1054 goto failed;
1055 }
873 1056
874 ev = cpu_to_le32(get_current_settings(hdev)); 1057 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1058 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1059 MGMT_STATUS_BUSY);
1060 goto failed;
1061 }
1062
1063 val = !!cp->val;
1064
1065 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1066 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1067 goto failed;
1068 }
1069
1070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1071 if (!cmd) {
1072 err = -ENOMEM;
1073 goto failed;
1074 }
875 1075
876 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk); 1076 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1077 if (err < 0) {
1078 mgmt_pending_remove(cmd);
1079 goto failed;
1080 }
877 1081
878failed: 1082failed:
879 hci_dev_unlock(hdev); 1083 hci_dev_unlock(hdev);
880 hci_dev_put(hdev); 1084 return err;
1085}
1086
1087static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1088{
1089 struct mgmt_mode *cp = data;
1090 struct pending_cmd *cmd;
1091 u8 val;
1092 int err;
1093
1094 BT_DBG("request for %s", hdev->name);
1095
1096 hci_dev_lock(hdev);
1097
1098 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1100 MGMT_STATUS_NOT_SUPPORTED);
1101 goto failed;
1102 }
1103
1104 val = !!cp->val;
1105
1106 if (!hdev_is_powered(hdev)) {
1107 bool changed = false;
1108
1109 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1110 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1111 changed = true;
1112 }
1113
1114 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1115 if (err < 0)
1116 goto failed;
1117
1118 if (changed)
1119 err = new_settings(hdev, sk);
881 1120
1121 goto failed;
1122 }
1123
1124 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1126 MGMT_STATUS_BUSY);
1127 goto failed;
1128 }
1129
1130 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1132 goto failed;
1133 }
1134
1135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1136 if (!cmd) {
1137 err = -ENOMEM;
1138 goto failed;
1139 }
1140
1141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1142 if (err < 0) {
1143 mgmt_pending_remove(cmd);
1144 goto failed;
1145 }
1146
1147failed:
1148 hci_dev_unlock(hdev);
882 return err; 1149 return err;
883} 1150}
884 1151
885static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 1152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
886{ 1153{
887 struct mgmt_cp_add_uuid *cp; 1154 struct mgmt_mode *cp = data;
888 struct hci_dev *hdev; 1155
889 struct bt_uuid *uuid; 1156 BT_DBG("request for %s", hdev->name);
1157
1158 if (!enable_hs)
1159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1160 MGMT_STATUS_NOT_SUPPORTED);
1161
1162 if (cp->val)
1163 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1164 else
1165 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1166
1167 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1168}
1169
1170static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1171{
1172 struct mgmt_mode *cp = data;
1173 struct hci_cp_write_le_host_supported hci_cp;
1174 struct pending_cmd *cmd;
890 int err; 1175 int err;
1176 u8 val, enabled;
1177
1178 BT_DBG("request for %s", hdev->name);
891 1179
892 cp = (void *) data; 1180 hci_dev_lock(hdev);
893 1181
894 BT_DBG("request for hci%u", index); 1182 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1184 MGMT_STATUS_NOT_SUPPORTED);
1185 goto unlock;
1186 }
895 1187
896 if (len != sizeof(*cp)) 1188 val = !!cp->val;
897 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 1189 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
898 MGMT_STATUS_INVALID_PARAMS); 1190
1191 if (!hdev_is_powered(hdev) || val == enabled) {
1192 bool changed = false;
1193
1194 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1195 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1196 changed = true;
1197 }
899 1198
900 hdev = hci_dev_get(index); 1199 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
901 if (!hdev) 1200 if (err < 0)
902 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 1201 goto unlock;
903 MGMT_STATUS_INVALID_PARAMS); 1202
1203 if (changed)
1204 err = new_settings(hdev, sk);
1205
1206 goto unlock;
1207 }
1208
1209 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1210 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1211 MGMT_STATUS_BUSY);
1212 goto unlock;
1213 }
1214
1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1216 if (!cmd) {
1217 err = -ENOMEM;
1218 goto unlock;
1219 }
1220
1221 memset(&hci_cp, 0, sizeof(hci_cp));
1222
1223 if (val) {
1224 hci_cp.le = val;
1225 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1226 }
1227
1228 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1229 &hci_cp);
1230 if (err < 0) {
1231 mgmt_pending_remove(cmd);
1232 goto unlock;
1233 }
1234
1235unlock:
1236 hci_dev_unlock(hdev);
1237 return err;
1238}
1239
1240static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1241{
1242 struct mgmt_cp_add_uuid *cp = data;
1243 struct pending_cmd *cmd;
1244 struct bt_uuid *uuid;
1245 int err;
1246
1247 BT_DBG("request for %s", hdev->name);
904 1248
905 hci_dev_lock(hdev); 1249 hci_dev_lock(hdev);
906 1250
1251 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1252 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1253 MGMT_STATUS_BUSY);
1254 goto failed;
1255 }
1256
907 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 1257 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
908 if (!uuid) { 1258 if (!uuid) {
909 err = -ENOMEM; 1259 err = -ENOMEM;
@@ -923,41 +1273,65 @@ static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
923 if (err < 0) 1273 if (err < 0)
924 goto failed; 1274 goto failed;
925 1275
926 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 1276 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1278 hdev->dev_class, 3);
1279 goto failed;
1280 }
1281
1282 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1283 if (!cmd) {
1284 err = -ENOMEM;
1285 goto failed;
1286 }
927 1287
928failed: 1288failed:
929 hci_dev_unlock(hdev); 1289 hci_dev_unlock(hdev);
930 hci_dev_put(hdev);
931
932 return err; 1290 return err;
933} 1291}
934 1292
935static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 1293static bool enable_service_cache(struct hci_dev *hdev)
936{ 1294{
937 struct list_head *p, *n; 1295 if (!hdev_is_powered(hdev))
938 struct mgmt_cp_remove_uuid *cp; 1296 return false;
939 struct hci_dev *hdev;
940 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
941 int err, found;
942 1297
943 cp = (void *) data; 1298 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1299 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1300 return true;
1301 }
944 1302
945 BT_DBG("request for hci%u", index); 1303 return false;
1304}
946 1305
947 if (len != sizeof(*cp)) 1306static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
948 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 1307 u16 len)
949 MGMT_STATUS_INVALID_PARAMS); 1308{
1309 struct mgmt_cp_remove_uuid *cp = data;
1310 struct pending_cmd *cmd;
1311 struct list_head *p, *n;
1312 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1313 int err, found;
950 1314
951 hdev = hci_dev_get(index); 1315 BT_DBG("request for %s", hdev->name);
952 if (!hdev)
953 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
954 MGMT_STATUS_INVALID_PARAMS);
955 1316
956 hci_dev_lock(hdev); 1317 hci_dev_lock(hdev);
957 1318
1319 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1320 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1321 MGMT_STATUS_BUSY);
1322 goto unlock;
1323 }
1324
958 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 1325 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
959 err = hci_uuids_clear(hdev); 1326 err = hci_uuids_clear(hdev);
960 goto unlock; 1327
1328 if (enable_service_cache(hdev)) {
1329 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1330 0, hdev->dev_class, 3);
1331 goto unlock;
1332 }
1333
1334 goto update_class;
961 } 1335 }
962 1336
963 found = 0; 1337 found = 0;
@@ -973,11 +1347,12 @@ static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
973 } 1347 }
974 1348
975 if (found == 0) { 1349 if (found == 0) {
976 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 1350 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
977 MGMT_STATUS_INVALID_PARAMS); 1351 MGMT_STATUS_INVALID_PARAMS);
978 goto unlock; 1352 goto unlock;
979 } 1353 }
980 1354
1355update_class:
981 err = update_class(hdev); 1356 err = update_class(hdev);
982 if (err < 0) 1357 if (err < 0)
983 goto unlock; 1358 goto unlock;
@@ -986,41 +1361,50 @@ static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
986 if (err < 0) 1361 if (err < 0)
987 goto unlock; 1362 goto unlock;
988 1363
989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 1364 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1366 hdev->dev_class, 3);
1367 goto unlock;
1368 }
1369
1370 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1371 if (!cmd) {
1372 err = -ENOMEM;
1373 goto unlock;
1374 }
990 1375
991unlock: 1376unlock:
992 hci_dev_unlock(hdev); 1377 hci_dev_unlock(hdev);
993 hci_dev_put(hdev);
994
995 return err; 1378 return err;
996} 1379}
997 1380
998static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 1381static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
999 u16 len) 1382 u16 len)
1000{ 1383{
1001 struct hci_dev *hdev; 1384 struct mgmt_cp_set_dev_class *cp = data;
1002 struct mgmt_cp_set_dev_class *cp; 1385 struct pending_cmd *cmd;
1003 int err; 1386 int err;
1004 1387
1005 cp = (void *) data; 1388 BT_DBG("request for %s", hdev->name);
1006
1007 BT_DBG("request for hci%u", index);
1008
1009 if (len != sizeof(*cp))
1010 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1011 MGMT_STATUS_INVALID_PARAMS);
1012
1013 hdev = hci_dev_get(index);
1014 if (!hdev)
1015 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1016 MGMT_STATUS_INVALID_PARAMS);
1017 1389
1018 hci_dev_lock(hdev); 1390 hci_dev_lock(hdev);
1019 1391
1392 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1394 MGMT_STATUS_BUSY);
1395 goto unlock;
1396 }
1397
1020 hdev->major_class = cp->major; 1398 hdev->major_class = cp->major;
1021 hdev->minor_class = cp->minor; 1399 hdev->minor_class = cp->minor;
1022 1400
1023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) { 1401 if (!hdev_is_powered(hdev)) {
1402 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1403 hdev->dev_class, 3);
1404 goto unlock;
1405 }
1406
1407 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1024 hci_dev_unlock(hdev); 1408 hci_dev_unlock(hdev);
1025 cancel_delayed_work_sync(&hdev->service_cache); 1409 cancel_delayed_work_sync(&hdev->service_cache);
1026 hci_dev_lock(hdev); 1410 hci_dev_lock(hdev);
@@ -1028,30 +1412,33 @@ static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
1028 } 1412 }
1029 1413
1030 err = update_class(hdev); 1414 err = update_class(hdev);
1415 if (err < 0)
1416 goto unlock;
1031 1417
1032 if (err == 0) 1418 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1033 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 1419 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1420 hdev->dev_class, 3);
1421 goto unlock;
1422 }
1034 1423
1035 hci_dev_unlock(hdev); 1424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1036 hci_dev_put(hdev); 1425 if (!cmd) {
1426 err = -ENOMEM;
1427 goto unlock;
1428 }
1037 1429
1430unlock:
1431 hci_dev_unlock(hdev);
1038 return err; 1432 return err;
1039} 1433}
1040 1434
1041static int load_link_keys(struct sock *sk, u16 index, unsigned char *data, 1435static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1042 u16 len) 1436 u16 len)
1043{ 1437{
1044 struct hci_dev *hdev; 1438 struct mgmt_cp_load_link_keys *cp = data;
1045 struct mgmt_cp_load_link_keys *cp;
1046 u16 key_count, expected_len; 1439 u16 key_count, expected_len;
1047 int i; 1440 int i;
1048 1441
1049 cp = (void *) data;
1050
1051 if (len < sizeof(*cp))
1052 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1053 MGMT_STATUS_INVALID_PARAMS);
1054
1055 key_count = get_unaligned_le16(&cp->key_count); 1442 key_count = get_unaligned_le16(&cp->key_count);
1056 1443
1057 expected_len = sizeof(*cp) + key_count * 1444 expected_len = sizeof(*cp) + key_count *
@@ -1059,92 +1446,103 @@ static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1059 if (expected_len != len) { 1446 if (expected_len != len) {
1060 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1447 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1061 len, expected_len); 1448 len, expected_len);
1062 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1449 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1063 MGMT_STATUS_INVALID_PARAMS); 1450 MGMT_STATUS_INVALID_PARAMS);
1064 } 1451 }
1065 1452
1066 hdev = hci_dev_get(index); 1453 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1067 if (!hdev)
1068 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1069 MGMT_STATUS_INVALID_PARAMS);
1070
1071 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1072 key_count); 1454 key_count);
1073 1455
1074 hci_dev_lock(hdev); 1456 hci_dev_lock(hdev);
1075 1457
1076 hci_link_keys_clear(hdev); 1458 hci_link_keys_clear(hdev);
1077 1459
1078 set_bit(HCI_LINK_KEYS, &hdev->flags); 1460 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1079 1461
1080 if (cp->debug_keys) 1462 if (cp->debug_keys)
1081 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 1463 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1082 else 1464 else
1083 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 1465 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1084 1466
1085 for (i = 0; i < key_count; i++) { 1467 for (i = 0; i < key_count; i++) {
1086 struct mgmt_link_key_info *key = &cp->keys[i]; 1468 struct mgmt_link_key_info *key = &cp->keys[i];
1087 1469
1088 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 1470 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1089 key->pin_len); 1471 key->type, key->pin_len);
1090 } 1472 }
1091 1473
1092 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0); 1474 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1093 1475
1094 hci_dev_unlock(hdev); 1476 hci_dev_unlock(hdev);
1095 hci_dev_put(hdev);
1096 1477
1097 return 0; 1478 return 0;
1098} 1479}
1099 1480
1100static int remove_keys(struct sock *sk, u16 index, unsigned char *data, 1481static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1101 u16 len) 1482 u8 addr_type, struct sock *skip_sk)
1102{ 1483{
1103 struct hci_dev *hdev; 1484 struct mgmt_ev_device_unpaired ev;
1104 struct mgmt_cp_remove_keys *cp; 1485
1105 struct mgmt_rp_remove_keys rp; 1486 bacpy(&ev.addr.bdaddr, bdaddr);
1487 ev.addr.type = addr_type;
1488
1489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1490 skip_sk);
1491}
1492
1493static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1494 u16 len)
1495{
1496 struct mgmt_cp_unpair_device *cp = data;
1497 struct mgmt_rp_unpair_device rp;
1106 struct hci_cp_disconnect dc; 1498 struct hci_cp_disconnect dc;
1107 struct pending_cmd *cmd; 1499 struct pending_cmd *cmd;
1108 struct hci_conn *conn; 1500 struct hci_conn *conn;
1109 int err; 1501 int err;
1110 1502
1111 cp = (void *) data;
1112
1113 if (len != sizeof(*cp))
1114 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1115 MGMT_STATUS_INVALID_PARAMS);
1116
1117 hdev = hci_dev_get(index);
1118 if (!hdev)
1119 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1120 MGMT_STATUS_INVALID_PARAMS);
1121
1122 hci_dev_lock(hdev); 1503 hci_dev_lock(hdev);
1123 1504
1124 memset(&rp, 0, sizeof(rp)); 1505 memset(&rp, 0, sizeof(rp));
1125 bacpy(&rp.bdaddr, &cp->bdaddr); 1506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1126 rp.status = MGMT_STATUS_FAILED; 1507 rp.addr.type = cp->addr.type;
1127 1508
1128 err = hci_remove_link_key(hdev, &cp->bdaddr); 1509 if (!hdev_is_powered(hdev)) {
1129 if (err < 0) { 1510 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1130 rp.status = MGMT_STATUS_NOT_PAIRED; 1511 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1131 goto unlock; 1512 goto unlock;
1132 } 1513 }
1133 1514
1134 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) { 1515 if (cp->addr.type == MGMT_ADDR_BREDR)
1135 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1516 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1136 sizeof(rp)); 1517 else
1518 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1519
1520 if (err < 0) {
1521 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1522 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1137 goto unlock; 1523 goto unlock;
1138 } 1524 }
1139 1525
1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1526 if (cp->disconnect) {
1527 if (cp->addr.type == MGMT_ADDR_BREDR)
1528 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1529 &cp->addr.bdaddr);
1530 else
1531 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1532 &cp->addr.bdaddr);
1533 } else {
1534 conn = NULL;
1535 }
1536
1141 if (!conn) { 1537 if (!conn) {
1142 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1143 sizeof(rp)); 1539 &rp, sizeof(rp));
1540 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1144 goto unlock; 1541 goto unlock;
1145 } 1542 }
1146 1543
1147 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp)); 1544 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1545 sizeof(*cp));
1148 if (!cmd) { 1546 if (!cmd) {
1149 err = -ENOMEM; 1547 err = -ENOMEM;
1150 goto unlock; 1548 goto unlock;
@@ -1157,19 +1555,14 @@ static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1157 mgmt_pending_remove(cmd); 1555 mgmt_pending_remove(cmd);
1158 1556
1159unlock: 1557unlock:
1160 if (err < 0)
1161 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1162 sizeof(rp));
1163 hci_dev_unlock(hdev); 1558 hci_dev_unlock(hdev);
1164 hci_dev_put(hdev);
1165
1166 return err; 1559 return err;
1167} 1560}
1168 1561
1169static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1562static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1563 u16 len)
1170{ 1564{
1171 struct hci_dev *hdev; 1565 struct mgmt_cp_disconnect *cp = data;
1172 struct mgmt_cp_disconnect *cp;
1173 struct hci_cp_disconnect dc; 1566 struct hci_cp_disconnect dc;
1174 struct pending_cmd *cmd; 1567 struct pending_cmd *cmd;
1175 struct hci_conn *conn; 1568 struct hci_conn *conn;
@@ -1177,38 +1570,28 @@ static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1177 1570
1178 BT_DBG(""); 1571 BT_DBG("");
1179 1572
1180 cp = (void *) data;
1181
1182 if (len != sizeof(*cp))
1183 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1184 MGMT_STATUS_INVALID_PARAMS);
1185
1186 hdev = hci_dev_get(index);
1187 if (!hdev)
1188 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189 MGMT_STATUS_INVALID_PARAMS);
1190
1191 hci_dev_lock(hdev); 1573 hci_dev_lock(hdev);
1192 1574
1193 if (!test_bit(HCI_UP, &hdev->flags)) { 1575 if (!test_bit(HCI_UP, &hdev->flags)) {
1194 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1576 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1195 MGMT_STATUS_NOT_POWERED); 1577 MGMT_STATUS_NOT_POWERED);
1196 goto failed; 1578 goto failed;
1197 } 1579 }
1198 1580
1199 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1581 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1200 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1582 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1201 MGMT_STATUS_BUSY); 1583 MGMT_STATUS_BUSY);
1202 goto failed; 1584 goto failed;
1203 } 1585 }
1204 1586
1205 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1587 if (cp->addr.type == MGMT_ADDR_BREDR)
1206 if (!conn) 1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1207 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1589 else
1590 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1208 1591
1209 if (!conn) { 1592 if (!conn) {
1210 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1593 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1211 MGMT_STATUS_NOT_CONNECTED); 1594 MGMT_STATUS_NOT_CONNECTED);
1212 goto failed; 1595 goto failed;
1213 } 1596 }
1214 1597
@@ -1227,8 +1610,6 @@ static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1227 1610
1228failed: 1611failed:
1229 hci_dev_unlock(hdev); 1612 hci_dev_unlock(hdev);
1230 hci_dev_put(hdev);
1231
1232 return err; 1613 return err;
1233} 1614}
1234 1615
@@ -1251,41 +1632,42 @@ static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1251 } 1632 }
1252} 1633}
1253 1634
1254static int get_connections(struct sock *sk, u16 index) 1635static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1636 u16 data_len)
1255{ 1637{
1256 struct mgmt_rp_get_connections *rp; 1638 struct mgmt_rp_get_connections *rp;
1257 struct hci_dev *hdev;
1258 struct hci_conn *c; 1639 struct hci_conn *c;
1259 struct list_head *p;
1260 size_t rp_len; 1640 size_t rp_len;
1261 u16 count; 1641 int err;
1262 int i, err; 1642 u16 i;
1263 1643
1264 BT_DBG(""); 1644 BT_DBG("");
1265 1645
1266 hdev = hci_dev_get(index);
1267 if (!hdev)
1268 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1269 MGMT_STATUS_INVALID_PARAMS);
1270
1271 hci_dev_lock(hdev); 1646 hci_dev_lock(hdev);
1272 1647
1273 count = 0; 1648 if (!hdev_is_powered(hdev)) {
1274 list_for_each(p, &hdev->conn_hash.list) { 1649 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1275 count++; 1650 MGMT_STATUS_NOT_POWERED);
1651 goto unlock;
1276 } 1652 }
1277 1653
1278 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info)); 1654 i = 0;
1655 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1656 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1657 i++;
1658 }
1659
1660 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1279 rp = kmalloc(rp_len, GFP_ATOMIC); 1661 rp = kmalloc(rp_len, GFP_ATOMIC);
1280 if (!rp) { 1662 if (!rp) {
1281 err = -ENOMEM; 1663 err = -ENOMEM;
1282 goto unlock; 1664 goto unlock;
1283 } 1665 }
1284 1666
1285 put_unaligned_le16(count, &rp->conn_count);
1286
1287 i = 0; 1667 i = 0;
1288 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1668 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1669 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1670 continue;
1289 bacpy(&rp->addr[i].bdaddr, &c->dst); 1671 bacpy(&rp->addr[i].bdaddr, &c->dst);
1290 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type); 1672 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1291 if (rp->addr[i].type == MGMT_ADDR_INVALID) 1673 if (rp->addr[i].type == MGMT_ADDR_INVALID)
@@ -1293,85 +1675,77 @@ static int get_connections(struct sock *sk, u16 index)
1293 i++; 1675 i++;
1294 } 1676 }
1295 1677
1678 put_unaligned_le16(i, &rp->conn_count);
1679
1296 /* Recalculate length in case of filtered SCO connections, etc */ 1680 /* Recalculate length in case of filtered SCO connections, etc */
1297 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1681 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1298 1682
1299 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1683 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1684 rp_len);
1300 1685
1301unlock:
1302 kfree(rp); 1686 kfree(rp);
1687
1688unlock:
1303 hci_dev_unlock(hdev); 1689 hci_dev_unlock(hdev);
1304 hci_dev_put(hdev);
1305 return err; 1690 return err;
1306} 1691}
1307 1692
1308static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1693static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1309 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1694 struct mgmt_cp_pin_code_neg_reply *cp)
1310{ 1695{
1311 struct pending_cmd *cmd; 1696 struct pending_cmd *cmd;
1312 int err; 1697 int err;
1313 1698
1314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1699 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1315 sizeof(*cp)); 1700 sizeof(*cp));
1316 if (!cmd) 1701 if (!cmd)
1317 return -ENOMEM; 1702 return -ENOMEM;
1318 1703
1319 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1704 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1320 &cp->bdaddr); 1705 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1321 if (err < 0) 1706 if (err < 0)
1322 mgmt_pending_remove(cmd); 1707 mgmt_pending_remove(cmd);
1323 1708
1324 return err; 1709 return err;
1325} 1710}
1326 1711
1327static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1712static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1328 u16 len) 1713 u16 len)
1329{ 1714{
1330 struct hci_dev *hdev;
1331 struct hci_conn *conn; 1715 struct hci_conn *conn;
1332 struct mgmt_cp_pin_code_reply *cp; 1716 struct mgmt_cp_pin_code_reply *cp = data;
1333 struct mgmt_cp_pin_code_neg_reply ncp;
1334 struct hci_cp_pin_code_reply reply; 1717 struct hci_cp_pin_code_reply reply;
1335 struct pending_cmd *cmd; 1718 struct pending_cmd *cmd;
1336 int err; 1719 int err;
1337 1720
1338 BT_DBG(""); 1721 BT_DBG("");
1339 1722
1340 cp = (void *) data;
1341
1342 if (len != sizeof(*cp))
1343 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1344 MGMT_STATUS_INVALID_PARAMS);
1345
1346 hdev = hci_dev_get(index);
1347 if (!hdev)
1348 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1349 MGMT_STATUS_INVALID_PARAMS);
1350
1351 hci_dev_lock(hdev); 1723 hci_dev_lock(hdev);
1352 1724
1353 if (!test_bit(HCI_UP, &hdev->flags)) { 1725 if (!hdev_is_powered(hdev)) {
1354 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1726 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1355 MGMT_STATUS_NOT_POWERED); 1727 MGMT_STATUS_NOT_POWERED);
1356 goto failed; 1728 goto failed;
1357 } 1729 }
1358 1730
1359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1731 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1360 if (!conn) { 1732 if (!conn) {
1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1733 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1362 MGMT_STATUS_NOT_CONNECTED); 1734 MGMT_STATUS_NOT_CONNECTED);
1363 goto failed; 1735 goto failed;
1364 } 1736 }
1365 1737
1366 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1738 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1367 bacpy(&ncp.bdaddr, &cp->bdaddr); 1739 struct mgmt_cp_pin_code_neg_reply ncp;
1740
1741 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1368 1742
1369 BT_ERR("PIN code is not 16 bytes long"); 1743 BT_ERR("PIN code is not 16 bytes long");
1370 1744
1371 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1745 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1372 if (err >= 0) 1746 if (err >= 0)
1373 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1747 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1374 MGMT_STATUS_INVALID_PARAMS); 1748 MGMT_STATUS_INVALID_PARAMS);
1375 1749
1376 goto failed; 1750 goto failed;
1377 } 1751 }
@@ -1382,7 +1756,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1382 goto failed; 1756 goto failed;
1383 } 1757 }
1384 1758
1385 bacpy(&reply.bdaddr, &cp->bdaddr); 1759 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1386 reply.pin_len = cp->pin_len; 1760 reply.pin_len = cp->pin_len;
1387 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1761 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1388 1762
@@ -1392,67 +1766,39 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1392 1766
1393failed: 1767failed:
1394 hci_dev_unlock(hdev); 1768 hci_dev_unlock(hdev);
1395 hci_dev_put(hdev);
1396
1397 return err; 1769 return err;
1398} 1770}
1399 1771
1400static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1772static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1401 u16 len) 1773 void *data, u16 len)
1402{ 1774{
1403 struct hci_dev *hdev; 1775 struct mgmt_cp_pin_code_neg_reply *cp = data;
1404 struct mgmt_cp_pin_code_neg_reply *cp;
1405 int err; 1776 int err;
1406 1777
1407 BT_DBG(""); 1778 BT_DBG("");
1408 1779
1409 cp = (void *) data;
1410
1411 if (len != sizeof(*cp))
1412 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1413 MGMT_STATUS_INVALID_PARAMS);
1414
1415 hdev = hci_dev_get(index);
1416 if (!hdev)
1417 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1418 MGMT_STATUS_INVALID_PARAMS);
1419
1420 hci_dev_lock(hdev); 1780 hci_dev_lock(hdev);
1421 1781
1422 if (!test_bit(HCI_UP, &hdev->flags)) { 1782 if (!hdev_is_powered(hdev)) {
1423 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1783 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1424 MGMT_STATUS_NOT_POWERED); 1784 MGMT_STATUS_NOT_POWERED);
1425 goto failed; 1785 goto failed;
1426 } 1786 }
1427 1787
1428 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1788 err = send_pin_code_neg_reply(sk, hdev, cp);
1429 1789
1430failed: 1790failed:
1431 hci_dev_unlock(hdev); 1791 hci_dev_unlock(hdev);
1432 hci_dev_put(hdev);
1433
1434 return err; 1792 return err;
1435} 1793}
1436 1794
1437static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1795static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1438 u16 len) 1796 u16 len)
1439{ 1797{
1440 struct hci_dev *hdev; 1798 struct mgmt_cp_set_io_capability *cp = data;
1441 struct mgmt_cp_set_io_capability *cp;
1442 1799
1443 BT_DBG(""); 1800 BT_DBG("");
1444 1801
1445 cp = (void *) data;
1446
1447 if (len != sizeof(*cp))
1448 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1449 MGMT_STATUS_INVALID_PARAMS);
1450
1451 hdev = hci_dev_get(index);
1452 if (!hdev)
1453 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1454 MGMT_STATUS_INVALID_PARAMS);
1455
1456 hci_dev_lock(hdev); 1802 hci_dev_lock(hdev);
1457 1803
1458 hdev->io_capability = cp->io_capability; 1804 hdev->io_capability = cp->io_capability;
@@ -1461,9 +1807,9 @@ static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1461 hdev->io_capability); 1807 hdev->io_capability);
1462 1808
1463 hci_dev_unlock(hdev); 1809 hci_dev_unlock(hdev);
1464 hci_dev_put(hdev);
1465 1810
1466 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1811 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1812 0);
1467} 1813}
1468 1814
1469static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1815static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
@@ -1491,9 +1837,9 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
1491 1837
1492 bacpy(&rp.addr.bdaddr, &conn->dst); 1838 bacpy(&rp.addr.bdaddr, &conn->dst);
1493 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type); 1839 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1494 rp.status = status;
1495 1840
1496 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1841 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1842 &rp, sizeof(rp));
1497 1843
1498 /* So we don't get further callbacks for this connection */ 1844 /* So we don't get further callbacks for this connection */
1499 conn->connect_cfm_cb = NULL; 1845 conn->connect_cfm_cb = NULL;
@@ -1515,13 +1861,13 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1515 if (!cmd) 1861 if (!cmd)
1516 BT_DBG("Unable to find a pending command"); 1862 BT_DBG("Unable to find a pending command");
1517 else 1863 else
1518 pairing_complete(cmd, status); 1864 pairing_complete(cmd, mgmt_status(status));
1519} 1865}
1520 1866
1521static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1867static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1868 u16 len)
1522{ 1869{
1523 struct hci_dev *hdev; 1870 struct mgmt_cp_pair_device *cp = data;
1524 struct mgmt_cp_pair_device *cp;
1525 struct mgmt_rp_pair_device rp; 1871 struct mgmt_rp_pair_device rp;
1526 struct pending_cmd *cmd; 1872 struct pending_cmd *cmd;
1527 u8 sec_level, auth_type; 1873 u8 sec_level, auth_type;
@@ -1530,19 +1876,14 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1530 1876
1531 BT_DBG(""); 1877 BT_DBG("");
1532 1878
1533 cp = (void *) data;
1534
1535 if (len != sizeof(*cp))
1536 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1537 MGMT_STATUS_INVALID_PARAMS);
1538
1539 hdev = hci_dev_get(index);
1540 if (!hdev)
1541 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1542 MGMT_STATUS_INVALID_PARAMS);
1543
1544 hci_dev_lock(hdev); 1879 hci_dev_lock(hdev);
1545 1880
1881 if (!hdev_is_powered(hdev)) {
1882 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1883 MGMT_STATUS_NOT_POWERED);
1884 goto unlock;
1885 }
1886
1546 sec_level = BT_SECURITY_MEDIUM; 1887 sec_level = BT_SECURITY_MEDIUM;
1547 if (cp->io_cap == 0x03) 1888 if (cp->io_cap == 0x03)
1548 auth_type = HCI_AT_DEDICATED_BONDING; 1889 auth_type = HCI_AT_DEDICATED_BONDING;
@@ -1551,27 +1892,26 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1551 1892
1552 if (cp->addr.type == MGMT_ADDR_BREDR) 1893 if (cp->addr.type == MGMT_ADDR_BREDR)
1553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level, 1894 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1554 auth_type); 1895 auth_type);
1555 else 1896 else
1556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level, 1897 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1557 auth_type); 1898 auth_type);
1558 1899
1559 memset(&rp, 0, sizeof(rp)); 1900 memset(&rp, 0, sizeof(rp));
1560 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1901 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1561 rp.addr.type = cp->addr.type; 1902 rp.addr.type = cp->addr.type;
1562 1903
1563 if (IS_ERR(conn)) { 1904 if (IS_ERR(conn)) {
1564 rp.status = -PTR_ERR(conn); 1905 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1565 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1906 MGMT_STATUS_CONNECT_FAILED, &rp,
1566 &rp, sizeof(rp)); 1907 sizeof(rp));
1567 goto unlock; 1908 goto unlock;
1568 } 1909 }
1569 1910
1570 if (conn->connect_cfm_cb) { 1911 if (conn->connect_cfm_cb) {
1571 hci_conn_put(conn); 1912 hci_conn_put(conn);
1572 rp.status = EBUSY; 1913 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1573 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1914 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1574 &rp, sizeof(rp));
1575 goto unlock; 1915 goto unlock;
1576 } 1916 }
1577 1917
@@ -1599,58 +1939,88 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1599 1939
1600unlock: 1940unlock:
1601 hci_dev_unlock(hdev); 1941 hci_dev_unlock(hdev);
1602 hci_dev_put(hdev);
1603
1604 return err; 1942 return err;
1605} 1943}
1606 1944
1607static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr, 1945static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1608 u16 mgmt_op, u16 hci_op, __le32 passkey) 1946 u16 len)
1609{ 1947{
1948 struct mgmt_addr_info *addr = data;
1610 struct pending_cmd *cmd; 1949 struct pending_cmd *cmd;
1611 struct hci_dev *hdev;
1612 struct hci_conn *conn; 1950 struct hci_conn *conn;
1613 int err; 1951 int err;
1614 1952
1615 hdev = hci_dev_get(index); 1953 BT_DBG("");
1616 if (!hdev)
1617 return cmd_status(sk, index, mgmt_op,
1618 MGMT_STATUS_INVALID_PARAMS);
1619 1954
1620 hci_dev_lock(hdev); 1955 hci_dev_lock(hdev);
1621 1956
1622 if (!test_bit(HCI_UP, &hdev->flags)) { 1957 if (!hdev_is_powered(hdev)) {
1623 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED); 1958 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1959 MGMT_STATUS_NOT_POWERED);
1960 goto unlock;
1961 }
1962
1963 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1964 if (!cmd) {
1965 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1966 MGMT_STATUS_INVALID_PARAMS);
1967 goto unlock;
1968 }
1969
1970 conn = cmd->user_data;
1971
1972 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1973 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1974 MGMT_STATUS_INVALID_PARAMS);
1975 goto unlock;
1976 }
1977
1978 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1979
1980 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1981 addr, sizeof(*addr));
1982unlock:
1983 hci_dev_unlock(hdev);
1984 return err;
1985}
1986
1987static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1988 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1989 u16 hci_op, __le32 passkey)
1990{
1991 struct pending_cmd *cmd;
1992 struct hci_conn *conn;
1993 int err;
1994
1995 hci_dev_lock(hdev);
1996
1997 if (!hdev_is_powered(hdev)) {
1998 err = cmd_status(sk, hdev->id, mgmt_op,
1999 MGMT_STATUS_NOT_POWERED);
1624 goto done; 2000 goto done;
1625 } 2001 }
1626 2002
1627 /* 2003 if (type == MGMT_ADDR_BREDR)
1628 * Check for an existing ACL link, if present pair via 2004 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1629 * HCI commands. 2005 else
1630 *
1631 * If no ACL link is present, check for an LE link and if
1632 * present, pair via the SMP engine.
1633 *
1634 * If neither ACL nor LE links are present, fail with error.
1635 */
1636 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1637 if (!conn) {
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 2006 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1639 if (!conn) {
1640 err = cmd_status(sk, index, mgmt_op,
1641 MGMT_STATUS_NOT_CONNECTED);
1642 goto done;
1643 }
1644 2007
2008 if (!conn) {
2009 err = cmd_status(sk, hdev->id, mgmt_op,
2010 MGMT_STATUS_NOT_CONNECTED);
2011 goto done;
2012 }
2013
2014 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1645 /* Continue with pairing via SMP */ 2015 /* Continue with pairing via SMP */
1646 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 2016 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1647 2017
1648 if (!err) 2018 if (!err)
1649 err = cmd_status(sk, index, mgmt_op, 2019 err = cmd_status(sk, hdev->id, mgmt_op,
1650 MGMT_STATUS_SUCCESS); 2020 MGMT_STATUS_SUCCESS);
1651 else 2021 else
1652 err = cmd_status(sk, index, mgmt_op, 2022 err = cmd_status(sk, hdev->id, mgmt_op,
1653 MGMT_STATUS_FAILED); 2023 MGMT_STATUS_FAILED);
1654 2024
1655 goto done; 2025 goto done;
1656 } 2026 }
@@ -1676,94 +2046,96 @@ static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1676 2046
1677done: 2047done:
1678 hci_dev_unlock(hdev); 2048 hci_dev_unlock(hdev);
1679 hci_dev_put(hdev);
1680
1681 return err; 2049 return err;
1682} 2050}
1683 2051
1684static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len) 2052static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2053 u16 len)
1685{ 2054{
1686 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 2055 struct mgmt_cp_user_confirm_reply *cp = data;
1687 2056
1688 BT_DBG(""); 2057 BT_DBG("");
1689 2058
1690 if (len != sizeof(*cp)) 2059 if (len != sizeof(*cp))
1691 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY, 2060 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
1692 MGMT_STATUS_INVALID_PARAMS); 2061 MGMT_STATUS_INVALID_PARAMS);
1693 2062
1694 return user_pairing_resp(sk, index, &cp->bdaddr, 2063 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
1695 MGMT_OP_USER_CONFIRM_REPLY, 2064 MGMT_OP_USER_CONFIRM_REPLY,
1696 HCI_OP_USER_CONFIRM_REPLY, 0); 2065 HCI_OP_USER_CONFIRM_REPLY, 0);
1697} 2066}
1698 2067
1699static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data, 2068static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
1700 u16 len) 2069 void *data, u16 len)
1701{ 2070{
1702 struct mgmt_cp_user_confirm_neg_reply *cp = data; 2071 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1703 2072
1704 BT_DBG(""); 2073 BT_DBG("");
1705 2074
1706 if (len != sizeof(*cp)) 2075 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
1707 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY, 2076 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1708 MGMT_STATUS_INVALID_PARAMS); 2077 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1709
1710 return user_pairing_resp(sk, index, &cp->bdaddr,
1711 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1712 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1713} 2078}
1714 2079
1715static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len) 2080static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2081 u16 len)
1716{ 2082{
1717 struct mgmt_cp_user_passkey_reply *cp = (void *) data; 2083 struct mgmt_cp_user_passkey_reply *cp = data;
1718 2084
1719 BT_DBG(""); 2085 BT_DBG("");
1720 2086
1721 if (len != sizeof(*cp)) 2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
1722 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY, 2088 MGMT_OP_USER_PASSKEY_REPLY,
1723 EINVAL); 2089 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1724
1725 return user_pairing_resp(sk, index, &cp->bdaddr,
1726 MGMT_OP_USER_PASSKEY_REPLY,
1727 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1728} 2090}
1729 2091
1730static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data, 2092static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
1731 u16 len) 2093 void *data, u16 len)
1732{ 2094{
1733 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data; 2095 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1734 2096
1735 BT_DBG(""); 2097 BT_DBG("");
1736 2098
1737 if (len != sizeof(*cp)) 2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
1738 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY, 2100 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1739 EINVAL); 2101 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2102}
2103
2104static int update_name(struct hci_dev *hdev, const char *name)
2105{
2106 struct hci_cp_write_local_name cp;
1740 2107
1741 return user_pairing_resp(sk, index, &cp->bdaddr, 2108 memcpy(cp.name, name, sizeof(cp.name));
1742 MGMT_OP_USER_PASSKEY_NEG_REPLY, 2109
1743 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 2110 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
1744} 2111}
1745 2112
1746static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 2113static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
1747 u16 len) 2114 u16 len)
1748{ 2115{
1749 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 2116 struct mgmt_cp_set_local_name *cp = data;
1750 struct hci_cp_write_local_name hci_cp;
1751 struct hci_dev *hdev;
1752 struct pending_cmd *cmd; 2117 struct pending_cmd *cmd;
1753 int err; 2118 int err;
1754 2119
1755 BT_DBG(""); 2120 BT_DBG("");
1756 2121
1757 if (len != sizeof(*mgmt_cp)) 2122 hci_dev_lock(hdev);
1758 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1759 MGMT_STATUS_INVALID_PARAMS);
1760 2123
1761 hdev = hci_dev_get(index); 2124 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
1762 if (!hdev)
1763 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1764 MGMT_STATUS_INVALID_PARAMS);
1765 2125
1766 hci_dev_lock(hdev); 2126 if (!hdev_is_powered(hdev)) {
2127 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2128
2129 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2130 data, len);
2131 if (err < 0)
2132 goto failed;
2133
2134 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2135 sk);
2136
2137 goto failed;
2138 }
1767 2139
1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 2140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1769 if (!cmd) { 2141 if (!cmd) {
@@ -1771,49 +2143,40 @@ static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1771 goto failed; 2143 goto failed;
1772 } 2144 }
1773 2145
1774 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 2146 err = update_name(hdev, cp->name);
1775 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1776 &hci_cp);
1777 if (err < 0) 2147 if (err < 0)
1778 mgmt_pending_remove(cmd); 2148 mgmt_pending_remove(cmd);
1779 2149
1780failed: 2150failed:
1781 hci_dev_unlock(hdev); 2151 hci_dev_unlock(hdev);
1782 hci_dev_put(hdev);
1783
1784 return err; 2152 return err;
1785} 2153}
1786 2154
1787static int read_local_oob_data(struct sock *sk, u16 index) 2155static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2156 void *data, u16 data_len)
1788{ 2157{
1789 struct hci_dev *hdev;
1790 struct pending_cmd *cmd; 2158 struct pending_cmd *cmd;
1791 int err; 2159 int err;
1792 2160
1793 BT_DBG("hci%u", index); 2161 BT_DBG("%s", hdev->name);
1794
1795 hdev = hci_dev_get(index);
1796 if (!hdev)
1797 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1798 MGMT_STATUS_INVALID_PARAMS);
1799 2162
1800 hci_dev_lock(hdev); 2163 hci_dev_lock(hdev);
1801 2164
1802 if (!test_bit(HCI_UP, &hdev->flags)) { 2165 if (!hdev_is_powered(hdev)) {
1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2166 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
1804 MGMT_STATUS_NOT_POWERED); 2167 MGMT_STATUS_NOT_POWERED);
1805 goto unlock; 2168 goto unlock;
1806 } 2169 }
1807 2170
1808 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 2171 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1809 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2172 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
1810 MGMT_STATUS_NOT_SUPPORTED); 2173 MGMT_STATUS_NOT_SUPPORTED);
1811 goto unlock; 2174 goto unlock;
1812 } 2175 }
1813 2176
1814 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1815 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
1816 MGMT_STATUS_BUSY); 2179 MGMT_STATUS_BUSY);
1817 goto unlock; 2180 goto unlock;
1818 } 2181 }
1819 2182
@@ -1829,104 +2192,112 @@ static int read_local_oob_data(struct sock *sk, u16 index)
1829 2192
1830unlock: 2193unlock:
1831 hci_dev_unlock(hdev); 2194 hci_dev_unlock(hdev);
1832 hci_dev_put(hdev);
1833
1834 return err; 2195 return err;
1835} 2196}
1836 2197
1837static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 2198static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
1838 u16 len) 2199 void *data, u16 len)
1839{ 2200{
1840 struct hci_dev *hdev; 2201 struct mgmt_cp_add_remote_oob_data *cp = data;
1841 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 2202 u8 status;
1842 int err; 2203 int err;
1843 2204
1844 BT_DBG("hci%u ", index); 2205 BT_DBG("%s ", hdev->name);
1845
1846 if (len != sizeof(*cp))
1847 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1848 MGMT_STATUS_INVALID_PARAMS);
1849
1850 hdev = hci_dev_get(index);
1851 if (!hdev)
1852 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1853 MGMT_STATUS_INVALID_PARAMS);
1854 2206
1855 hci_dev_lock(hdev); 2207 hci_dev_lock(hdev);
1856 2208
1857 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 2209 if (!hdev_is_powered(hdev)) {
1858 cp->randomizer); 2210 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2211 MGMT_STATUS_NOT_POWERED, &cp->addr,
2212 sizeof(cp->addr));
2213 goto unlock;
2214 }
2215
2216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2217 cp->randomizer);
1859 if (err < 0) 2218 if (err < 0)
1860 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 2219 status = MGMT_STATUS_FAILED;
1861 MGMT_STATUS_FAILED);
1862 else 2220 else
1863 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 2221 status = 0;
1864 0);
1865 2222
1866 hci_dev_unlock(hdev); 2223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
1867 hci_dev_put(hdev); 2224 &cp->addr, sizeof(cp->addr));
1868 2225
2226unlock:
2227 hci_dev_unlock(hdev);
1869 return err; 2228 return err;
1870} 2229}
1871 2230
1872static int remove_remote_oob_data(struct sock *sk, u16 index, 2231static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
1873 unsigned char *data, u16 len) 2232 void *data, u16 len)
1874{ 2233{
1875 struct hci_dev *hdev; 2234 struct mgmt_cp_remove_remote_oob_data *cp = data;
1876 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 2235 u8 status;
1877 int err; 2236 int err;
1878 2237
1879 BT_DBG("hci%u ", index); 2238 BT_DBG("%s", hdev->name);
1880 2239
1881 if (len != sizeof(*cp)) 2240 hci_dev_lock(hdev);
1882 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2241
1883 MGMT_STATUS_INVALID_PARAMS); 2242 if (!hdev_is_powered(hdev)) {
2243 err = cmd_complete(sk, hdev->id,
2244 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2245 MGMT_STATUS_NOT_POWERED, &cp->addr,
2246 sizeof(cp->addr));
2247 goto unlock;
2248 }
2249
2250 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2251 if (err < 0)
2252 status = MGMT_STATUS_INVALID_PARAMS;
2253 else
2254 status = 0;
1884 2255
1885 hdev = hci_dev_get(index); 2256 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1886 if (!hdev) 2257 status, &cp->addr, sizeof(cp->addr));
1887 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2258
1888 MGMT_STATUS_INVALID_PARAMS); 2259unlock:
2260 hci_dev_unlock(hdev);
2261 return err;
2262}
2263
2264int mgmt_interleaved_discovery(struct hci_dev *hdev)
2265{
2266 int err;
2267
2268 BT_DBG("%s", hdev->name);
1889 2269
1890 hci_dev_lock(hdev); 2270 hci_dev_lock(hdev);
1891 2271
1892 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 2272 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
1893 if (err < 0) 2273 if (err < 0)
1894 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 2274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1895 MGMT_STATUS_INVALID_PARAMS);
1896 else
1897 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1898 NULL, 0);
1899 2275
1900 hci_dev_unlock(hdev); 2276 hci_dev_unlock(hdev);
1901 hci_dev_put(hdev);
1902 2277
1903 return err; 2278 return err;
1904} 2279}
1905 2280
1906static int start_discovery(struct sock *sk, u16 index, 2281static int start_discovery(struct sock *sk, struct hci_dev *hdev,
1907 unsigned char *data, u16 len) 2282 void *data, u16 len)
1908{ 2283{
1909 struct mgmt_cp_start_discovery *cp = (void *) data; 2284 struct mgmt_cp_start_discovery *cp = data;
1910 struct pending_cmd *cmd; 2285 struct pending_cmd *cmd;
1911 struct hci_dev *hdev;
1912 int err; 2286 int err;
1913 2287
1914 BT_DBG("hci%u", index); 2288 BT_DBG("%s", hdev->name);
1915
1916 if (len != sizeof(*cp))
1917 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1918 MGMT_STATUS_INVALID_PARAMS);
1919
1920 hdev = hci_dev_get(index);
1921 if (!hdev)
1922 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923 MGMT_STATUS_INVALID_PARAMS);
1924 2289
1925 hci_dev_lock(hdev); 2290 hci_dev_lock(hdev);
1926 2291
1927 if (!test_bit(HCI_UP, &hdev->flags)) { 2292 if (!hdev_is_powered(hdev)) {
1928 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 2293 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
1929 MGMT_STATUS_NOT_POWERED); 2294 MGMT_STATUS_NOT_POWERED);
2295 goto failed;
2296 }
2297
2298 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2299 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2300 MGMT_STATUS_BUSY);
1930 goto failed; 2301 goto failed;
1931 } 2302 }
1932 2303
@@ -1936,137 +2307,217 @@ static int start_discovery(struct sock *sk, u16 index,
1936 goto failed; 2307 goto failed;
1937 } 2308 }
1938 2309
1939 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 2310 hdev->discovery.type = cp->type;
2311
2312 switch (hdev->discovery.type) {
2313 case DISCOV_TYPE_BREDR:
2314 if (lmp_bredr_capable(hdev))
2315 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2316 else
2317 err = -ENOTSUPP;
2318 break;
2319
2320 case DISCOV_TYPE_LE:
2321 if (lmp_host_le_capable(hdev))
2322 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2323 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2324 else
2325 err = -ENOTSUPP;
2326 break;
2327
2328 case DISCOV_TYPE_INTERLEAVED:
2329 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2330 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2331 LE_SCAN_WIN,
2332 LE_SCAN_TIMEOUT_BREDR_LE);
2333 else
2334 err = -ENOTSUPP;
2335 break;
2336
2337 default:
2338 err = -EINVAL;
2339 }
2340
1940 if (err < 0) 2341 if (err < 0)
1941 mgmt_pending_remove(cmd); 2342 mgmt_pending_remove(cmd);
2343 else
2344 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
1942 2345
1943failed: 2346failed:
1944 hci_dev_unlock(hdev); 2347 hci_dev_unlock(hdev);
1945 hci_dev_put(hdev);
1946
1947 return err; 2348 return err;
1948} 2349}
1949 2350
1950static int stop_discovery(struct sock *sk, u16 index) 2351static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2352 u16 len)
1951{ 2353{
1952 struct hci_dev *hdev; 2354 struct mgmt_cp_stop_discovery *mgmt_cp = data;
1953 struct pending_cmd *cmd; 2355 struct pending_cmd *cmd;
2356 struct hci_cp_remote_name_req_cancel cp;
2357 struct inquiry_entry *e;
1954 int err; 2358 int err;
1955 2359
1956 BT_DBG("hci%u", index); 2360 BT_DBG("%s", hdev->name);
1957
1958 hdev = hci_dev_get(index);
1959 if (!hdev)
1960 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1961 MGMT_STATUS_INVALID_PARAMS);
1962 2361
1963 hci_dev_lock(hdev); 2362 hci_dev_lock(hdev);
1964 2363
2364 if (!hci_discovery_active(hdev)) {
2365 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2366 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2367 sizeof(mgmt_cp->type));
2368 goto unlock;
2369 }
2370
2371 if (hdev->discovery.type != mgmt_cp->type) {
2372 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2373 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2374 sizeof(mgmt_cp->type));
2375 goto unlock;
2376 }
2377
1965 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 2378 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1966 if (!cmd) { 2379 if (!cmd) {
1967 err = -ENOMEM; 2380 err = -ENOMEM;
1968 goto failed; 2381 goto unlock;
2382 }
2383
2384 if (hdev->discovery.state == DISCOVERY_FINDING) {
2385 err = hci_cancel_inquiry(hdev);
2386 if (err < 0)
2387 mgmt_pending_remove(cmd);
2388 else
2389 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2390 goto unlock;
2391 }
2392
2393 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2394 if (!e) {
2395 mgmt_pending_remove(cmd);
2396 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
2397 &mgmt_cp->type, sizeof(mgmt_cp->type));
2398 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2399 goto unlock;
1969 } 2400 }
1970 2401
1971 err = hci_cancel_inquiry(hdev); 2402 bacpy(&cp.bdaddr, &e->data.bdaddr);
2403 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2404 &cp);
1972 if (err < 0) 2405 if (err < 0)
1973 mgmt_pending_remove(cmd); 2406 mgmt_pending_remove(cmd);
2407 else
2408 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1974 2409
1975failed: 2410unlock:
1976 hci_dev_unlock(hdev); 2411 hci_dev_unlock(hdev);
1977 hci_dev_put(hdev);
1978
1979 return err; 2412 return err;
1980} 2413}
1981 2414
1982static int block_device(struct sock *sk, u16 index, unsigned char *data, 2415static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
1983 u16 len) 2416 u16 len)
1984{ 2417{
1985 struct hci_dev *hdev; 2418 struct mgmt_cp_confirm_name *cp = data;
1986 struct mgmt_cp_block_device *cp = (void *) data; 2419 struct inquiry_entry *e;
1987 int err; 2420 int err;
1988 2421
1989 BT_DBG("hci%u", index); 2422 BT_DBG("%s", hdev->name);
1990 2423
1991 if (len != sizeof(*cp)) 2424 hci_dev_lock(hdev);
1992 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2425
1993 MGMT_STATUS_INVALID_PARAMS); 2426 if (!hci_discovery_active(hdev)) {
2427 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2428 MGMT_STATUS_FAILED);
2429 goto failed;
2430 }
1994 2431
1995 hdev = hci_dev_get(index); 2432 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
1996 if (!hdev) 2433 if (!e) {
1997 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2434 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
1998 MGMT_STATUS_INVALID_PARAMS); 2435 MGMT_STATUS_INVALID_PARAMS);
2436 goto failed;
2437 }
2438
2439 if (cp->name_known) {
2440 e->name_state = NAME_KNOWN;
2441 list_del(&e->list);
2442 } else {
2443 e->name_state = NAME_NEEDED;
2444 hci_inquiry_cache_update_resolve(hdev, e);
2445 }
2446
2447 err = 0;
2448
2449failed:
2450 hci_dev_unlock(hdev);
2451 return err;
2452}
2453
2454static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2455 u16 len)
2456{
2457 struct mgmt_cp_block_device *cp = data;
2458 u8 status;
2459 int err;
2460
2461 BT_DBG("%s", hdev->name);
1999 2462
2000 hci_dev_lock(hdev); 2463 hci_dev_lock(hdev);
2001 2464
2002 err = hci_blacklist_add(hdev, &cp->bdaddr); 2465 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2003 if (err < 0) 2466 if (err < 0)
2004 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2467 status = MGMT_STATUS_FAILED;
2005 MGMT_STATUS_FAILED);
2006 else 2468 else
2007 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 2469 status = 0;
2008 NULL, 0); 2470
2471 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2472 &cp->addr, sizeof(cp->addr));
2009 2473
2010 hci_dev_unlock(hdev); 2474 hci_dev_unlock(hdev);
2011 hci_dev_put(hdev);
2012 2475
2013 return err; 2476 return err;
2014} 2477}
2015 2478
2016static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 2479static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2017 u16 len) 2480 u16 len)
2018{ 2481{
2019 struct hci_dev *hdev; 2482 struct mgmt_cp_unblock_device *cp = data;
2020 struct mgmt_cp_unblock_device *cp = (void *) data; 2483 u8 status;
2021 int err; 2484 int err;
2022 2485
2023 BT_DBG("hci%u", index); 2486 BT_DBG("%s", hdev->name);
2024
2025 if (len != sizeof(*cp))
2026 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2027 MGMT_STATUS_INVALID_PARAMS);
2028
2029 hdev = hci_dev_get(index);
2030 if (!hdev)
2031 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2032 MGMT_STATUS_INVALID_PARAMS);
2033 2487
2034 hci_dev_lock(hdev); 2488 hci_dev_lock(hdev);
2035 2489
2036 err = hci_blacklist_del(hdev, &cp->bdaddr); 2490 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2037
2038 if (err < 0) 2491 if (err < 0)
2039 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2492 status = MGMT_STATUS_INVALID_PARAMS;
2040 MGMT_STATUS_INVALID_PARAMS);
2041 else 2493 else
2042 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2494 status = 0;
2043 NULL, 0); 2495
2496 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2497 &cp->addr, sizeof(cp->addr));
2044 2498
2045 hci_dev_unlock(hdev); 2499 hci_dev_unlock(hdev);
2046 hci_dev_put(hdev);
2047 2500
2048 return err; 2501 return err;
2049} 2502}
2050 2503
2051static int set_fast_connectable(struct sock *sk, u16 index, 2504static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2052 unsigned char *data, u16 len) 2505 void *data, u16 len)
2053{ 2506{
2054 struct hci_dev *hdev; 2507 struct mgmt_mode *cp = data;
2055 struct mgmt_mode *cp = (void *) data;
2056 struct hci_cp_write_page_scan_activity acp; 2508 struct hci_cp_write_page_scan_activity acp;
2057 u8 type; 2509 u8 type;
2058 int err; 2510 int err;
2059 2511
2060 BT_DBG("hci%u", index); 2512 BT_DBG("%s", hdev->name);
2061 2513
2062 if (len != sizeof(*cp)) 2514 if (!hdev_is_powered(hdev))
2063 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2515 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2064 MGMT_STATUS_INVALID_PARAMS); 2516 MGMT_STATUS_NOT_POWERED);
2065 2517
2066 hdev = hci_dev_get(index); 2518 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2067 if (!hdev) 2519 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2068 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2520 MGMT_STATUS_REJECTED);
2069 MGMT_STATUS_INVALID_PARAMS);
2070 2521
2071 hci_dev_lock(hdev); 2522 hci_dev_lock(hdev);
2072 2523
@@ -2080,35 +2531,128 @@ static int set_fast_connectable(struct sock *sk, u16 index,
2080 2531
2081 acp.window = 0x0012; /* default 11.25 msec page scan window */ 2532 acp.window = 0x0012; /* default 11.25 msec page scan window */
2082 2533
2083 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 2534 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2084 sizeof(acp), &acp); 2535 &acp);
2085 if (err < 0) { 2536 if (err < 0) {
2086 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2537 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2087 MGMT_STATUS_FAILED); 2538 MGMT_STATUS_FAILED);
2088 goto done; 2539 goto done;
2089 } 2540 }
2090 2541
2091 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2542 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2092 if (err < 0) { 2543 if (err < 0) {
2093 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2544 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2094 MGMT_STATUS_FAILED); 2545 MGMT_STATUS_FAILED);
2095 goto done; 2546 goto done;
2096 } 2547 }
2097 2548
2098 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2549 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2099 NULL, 0); 2550 NULL, 0);
2100done: 2551done:
2101 hci_dev_unlock(hdev); 2552 hci_dev_unlock(hdev);
2102 hci_dev_put(hdev);
2103
2104 return err; 2553 return err;
2105} 2554}
2106 2555
2556static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2557 void *cp_data, u16 len)
2558{
2559 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2560 u16 key_count, expected_len;
2561 int i;
2562
2563 key_count = get_unaligned_le16(&cp->key_count);
2564
2565 expected_len = sizeof(*cp) + key_count *
2566 sizeof(struct mgmt_ltk_info);
2567 if (expected_len != len) {
2568 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2569 len, expected_len);
2570 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2571 EINVAL);
2572 }
2573
2574 BT_DBG("%s key_count %u", hdev->name, key_count);
2575
2576 hci_dev_lock(hdev);
2577
2578 hci_smp_ltks_clear(hdev);
2579
2580 for (i = 0; i < key_count; i++) {
2581 struct mgmt_ltk_info *key = &cp->keys[i];
2582 u8 type;
2583
2584 if (key->master)
2585 type = HCI_SMP_LTK;
2586 else
2587 type = HCI_SMP_LTK_SLAVE;
2588
2589 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2590 type, 0, key->authenticated, key->val,
2591 key->enc_size, key->ediv, key->rand);
2592 }
2593
2594 hci_dev_unlock(hdev);
2595
2596 return 0;
2597}
2598
2599struct mgmt_handler {
2600 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2601 u16 data_len);
2602 bool var_len;
2603 size_t data_len;
2604} mgmt_handlers[] = {
2605 { NULL }, /* 0x0000 (no command) */
2606 { read_version, false, MGMT_READ_VERSION_SIZE },
2607 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2608 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2609 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2610 { set_powered, false, MGMT_SETTING_SIZE },
2611 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2612 { set_connectable, false, MGMT_SETTING_SIZE },
2613 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2614 { set_pairable, false, MGMT_SETTING_SIZE },
2615 { set_link_security, false, MGMT_SETTING_SIZE },
2616 { set_ssp, false, MGMT_SETTING_SIZE },
2617 { set_hs, false, MGMT_SETTING_SIZE },
2618 { set_le, false, MGMT_SETTING_SIZE },
2619 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2620 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2621 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2622 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2623 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2624 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2625 { disconnect, false, MGMT_DISCONNECT_SIZE },
2626 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2627 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2628 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2629 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2630 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2631 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2632 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2633 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2634 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2635 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2636 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2637 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2638 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2639 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2640 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2641 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2642 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2643 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2644 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2645};
2646
2647
2107int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2648int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2108{ 2649{
2109 unsigned char *buf; 2650 void *buf;
2651 u8 *cp;
2110 struct mgmt_hdr *hdr; 2652 struct mgmt_hdr *hdr;
2111 u16 opcode, index, len; 2653 u16 opcode, index, len;
2654 struct hci_dev *hdev = NULL;
2655 struct mgmt_handler *handler;
2112 int err; 2656 int err;
2113 2657
2114 BT_DBG("got %zu bytes", msglen); 2658 BT_DBG("got %zu bytes", msglen);
@@ -2125,7 +2669,7 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2125 goto done; 2669 goto done;
2126 } 2670 }
2127 2671
2128 hdr = (struct mgmt_hdr *) buf; 2672 hdr = buf;
2129 opcode = get_unaligned_le16(&hdr->opcode); 2673 opcode = get_unaligned_le16(&hdr->opcode);
2130 index = get_unaligned_le16(&hdr->index); 2674 index = get_unaligned_le16(&hdr->index);
2131 len = get_unaligned_le16(&hdr->len); 2675 len = get_unaligned_le16(&hdr->len);
@@ -2135,117 +2679,54 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2135 goto done; 2679 goto done;
2136 } 2680 }
2137 2681
2138 switch (opcode) { 2682 if (index != MGMT_INDEX_NONE) {
2139 case MGMT_OP_READ_VERSION: 2683 hdev = hci_dev_get(index);
2140 err = read_version(sk); 2684 if (!hdev) {
2141 break; 2685 err = cmd_status(sk, index, opcode,
2142 case MGMT_OP_READ_INDEX_LIST: 2686 MGMT_STATUS_INVALID_INDEX);
2143 err = read_index_list(sk); 2687 goto done;
2144 break; 2688 }
2145 case MGMT_OP_READ_INFO: 2689 }
2146 err = read_controller_info(sk, index); 2690
2147 break; 2691 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2148 case MGMT_OP_SET_POWERED: 2692 mgmt_handlers[opcode].func == NULL) {
2149 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2150 break;
2151 case MGMT_OP_SET_DISCOVERABLE:
2152 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2153 break;
2154 case MGMT_OP_SET_CONNECTABLE:
2155 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2156 break;
2157 case MGMT_OP_SET_FAST_CONNECTABLE:
2158 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2159 len);
2160 break;
2161 case MGMT_OP_SET_PAIRABLE:
2162 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2163 break;
2164 case MGMT_OP_ADD_UUID:
2165 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2166 break;
2167 case MGMT_OP_REMOVE_UUID:
2168 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2169 break;
2170 case MGMT_OP_SET_DEV_CLASS:
2171 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2172 break;
2173 case MGMT_OP_LOAD_LINK_KEYS:
2174 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2175 break;
2176 case MGMT_OP_REMOVE_KEYS:
2177 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2178 break;
2179 case MGMT_OP_DISCONNECT:
2180 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2181 break;
2182 case MGMT_OP_GET_CONNECTIONS:
2183 err = get_connections(sk, index);
2184 break;
2185 case MGMT_OP_PIN_CODE_REPLY:
2186 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2187 break;
2188 case MGMT_OP_PIN_CODE_NEG_REPLY:
2189 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2190 break;
2191 case MGMT_OP_SET_IO_CAPABILITY:
2192 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2193 break;
2194 case MGMT_OP_PAIR_DEVICE:
2195 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2196 break;
2197 case MGMT_OP_USER_CONFIRM_REPLY:
2198 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2199 break;
2200 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2201 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2202 len);
2203 break;
2204 case MGMT_OP_USER_PASSKEY_REPLY:
2205 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2206 break;
2207 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2208 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2209 len);
2210 break;
2211 case MGMT_OP_SET_LOCAL_NAME:
2212 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2213 break;
2214 case MGMT_OP_READ_LOCAL_OOB_DATA:
2215 err = read_local_oob_data(sk, index);
2216 break;
2217 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2218 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2219 break;
2220 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2221 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2222 len);
2223 break;
2224 case MGMT_OP_START_DISCOVERY:
2225 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2226 break;
2227 case MGMT_OP_STOP_DISCOVERY:
2228 err = stop_discovery(sk, index);
2229 break;
2230 case MGMT_OP_BLOCK_DEVICE:
2231 err = block_device(sk, index, buf + sizeof(*hdr), len);
2232 break;
2233 case MGMT_OP_UNBLOCK_DEVICE:
2234 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2235 break;
2236 default:
2237 BT_DBG("Unknown op %u", opcode); 2693 BT_DBG("Unknown op %u", opcode);
2238 err = cmd_status(sk, index, opcode, 2694 err = cmd_status(sk, index, opcode,
2239 MGMT_STATUS_UNKNOWN_COMMAND); 2695 MGMT_STATUS_UNKNOWN_COMMAND);
2240 break; 2696 goto done;
2697 }
2698
2699 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2700 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2701 err = cmd_status(sk, index, opcode,
2702 MGMT_STATUS_INVALID_INDEX);
2703 goto done;
2241 } 2704 }
2242 2705
2706 handler = &mgmt_handlers[opcode];
2707
2708 if ((handler->var_len && len < handler->data_len) ||
2709 (!handler->var_len && len != handler->data_len)) {
2710 err = cmd_status(sk, index, opcode,
2711 MGMT_STATUS_INVALID_PARAMS);
2712 goto done;
2713 }
2714
2715 if (hdev)
2716 mgmt_init_hdev(sk, hdev);
2717
2718 cp = buf + sizeof(*hdr);
2719
2720 err = handler->func(sk, hdev, cp, len);
2243 if (err < 0) 2721 if (err < 0)
2244 goto done; 2722 goto done;
2245 2723
2246 err = msglen; 2724 err = msglen;
2247 2725
2248done: 2726done:
2727 if (hdev)
2728 hci_dev_put(hdev);
2729
2249 kfree(buf); 2730 kfree(buf);
2250 return err; 2731 return err;
2251} 2732}
@@ -2265,7 +2746,7 @@ int mgmt_index_added(struct hci_dev *hdev)
2265 2746
2266int mgmt_index_removed(struct hci_dev *hdev) 2747int mgmt_index_removed(struct hci_dev *hdev)
2267{ 2748{
2268 u8 status = ENODEV; 2749 u8 status = MGMT_STATUS_INVALID_INDEX;
2269 2750
2270 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2751 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2271 2752
@@ -2273,9 +2754,9 @@ int mgmt_index_removed(struct hci_dev *hdev)
2273} 2754}
2274 2755
2275struct cmd_lookup { 2756struct cmd_lookup {
2276 u8 val;
2277 struct sock *sk; 2757 struct sock *sk;
2278 struct hci_dev *hdev; 2758 struct hci_dev *hdev;
2759 u8 mgmt_status;
2279}; 2760};
2280 2761
2281static void settings_rsp(struct pending_cmd *cmd, void *data) 2762static void settings_rsp(struct pending_cmd *cmd, void *data)
@@ -2296,63 +2777,91 @@ static void settings_rsp(struct pending_cmd *cmd, void *data)
2296 2777
2297int mgmt_powered(struct hci_dev *hdev, u8 powered) 2778int mgmt_powered(struct hci_dev *hdev, u8 powered)
2298{ 2779{
2299 struct cmd_lookup match = { powered, NULL, hdev }; 2780 struct cmd_lookup match = { NULL, hdev };
2300 __le32 ev; 2781 int err;
2301 int ret; 2782
2783 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2784 return 0;
2302 2785
2303 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2786 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2304 2787
2305 if (!powered) { 2788 if (powered) {
2306 u8 status = ENETDOWN; 2789 u8 scan = 0;
2790
2791 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2792 scan |= SCAN_PAGE;
2793 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2794 scan |= SCAN_INQUIRY;
2795
2796 if (scan)
2797 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2798
2799 update_class(hdev);
2800 update_name(hdev, hdev->dev_name);
2801 update_eir(hdev);
2802 } else {
2803 u8 status = MGMT_STATUS_NOT_POWERED;
2307 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2804 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2308 } 2805 }
2309 2806
2310 ev = cpu_to_le32(get_current_settings(hdev)); 2807 err = new_settings(hdev, match.sk);
2311
2312 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2313 match.sk);
2314 2808
2315 if (match.sk) 2809 if (match.sk)
2316 sock_put(match.sk); 2810 sock_put(match.sk);
2317 2811
2318 return ret; 2812 return err;
2319} 2813}
2320 2814
2321int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2815int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2322{ 2816{
2323 struct cmd_lookup match = { discoverable, NULL, hdev }; 2817 struct cmd_lookup match = { NULL, hdev };
2324 __le32 ev; 2818 bool changed = false;
2325 int ret; 2819 int err = 0;
2326 2820
2327 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match); 2821 if (discoverable) {
2822 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2823 changed = true;
2824 } else {
2825 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2826 changed = true;
2827 }
2328 2828
2329 ev = cpu_to_le32(get_current_settings(hdev)); 2829 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2830 &match);
2831
2832 if (changed)
2833 err = new_settings(hdev, match.sk);
2330 2834
2331 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2332 match.sk);
2333 if (match.sk) 2835 if (match.sk)
2334 sock_put(match.sk); 2836 sock_put(match.sk);
2335 2837
2336 return ret; 2838 return err;
2337} 2839}
2338 2840
2339int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2841int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2340{ 2842{
2341 __le32 ev; 2843 struct cmd_lookup match = { NULL, hdev };
2342 struct cmd_lookup match = { connectable, NULL, hdev }; 2844 bool changed = false;
2343 int ret; 2845 int err = 0;
2344 2846
2345 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 2847 if (connectable) {
2346 &match); 2848 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2849 changed = true;
2850 } else {
2851 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2852 changed = true;
2853 }
2347 2854
2348 ev = cpu_to_le32(get_current_settings(hdev)); 2855 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2856 &match);
2349 2857
2350 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk); 2858 if (changed)
2859 err = new_settings(hdev, match.sk);
2351 2860
2352 if (match.sk) 2861 if (match.sk)
2353 sock_put(match.sk); 2862 sock_put(match.sk);
2354 2863
2355 return ret; 2864 return err;
2356} 2865}
2357 2866
2358int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2867int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
@@ -2361,24 +2870,24 @@ int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2361 2870
2362 if (scan & SCAN_PAGE) 2871 if (scan & SCAN_PAGE)
2363 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2872 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2364 cmd_status_rsp, &mgmt_err); 2873 cmd_status_rsp, &mgmt_err);
2365 2874
2366 if (scan & SCAN_INQUIRY) 2875 if (scan & SCAN_INQUIRY)
2367 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2876 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2368 cmd_status_rsp, &mgmt_err); 2877 cmd_status_rsp, &mgmt_err);
2369 2878
2370 return 0; 2879 return 0;
2371} 2880}
2372 2881
2373int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2882int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, u8 persistent)
2374 u8 persistent)
2375{ 2883{
2376 struct mgmt_ev_new_link_key ev; 2884 struct mgmt_ev_new_link_key ev;
2377 2885
2378 memset(&ev, 0, sizeof(ev)); 2886 memset(&ev, 0, sizeof(ev));
2379 2887
2380 ev.store_hint = persistent; 2888 ev.store_hint = persistent;
2381 bacpy(&ev.key.bdaddr, &key->bdaddr); 2889 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2890 ev.key.addr.type = MGMT_ADDR_BREDR;
2382 ev.key.type = key->type; 2891 ev.key.type = key->type;
2383 memcpy(ev.key.val, key->val, 16); 2892 memcpy(ev.key.val, key->val, 16);
2384 ev.key.pin_len = key->pin_len; 2893 ev.key.pin_len = key->pin_len;
@@ -2386,15 +2895,54 @@ int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2386 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2895 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2387} 2896}
2388 2897
2389int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2898int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2390 u8 addr_type)
2391{ 2899{
2392 struct mgmt_addr_info ev; 2900 struct mgmt_ev_new_long_term_key ev;
2393 2901
2394 bacpy(&ev.bdaddr, bdaddr); 2902 memset(&ev, 0, sizeof(ev));
2395 ev.type = link_to_mgmt(link_type, addr_type);
2396 2903
2397 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL); 2904 ev.store_hint = persistent;
2905 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2906 ev.key.addr.type = key->bdaddr_type;
2907 ev.key.authenticated = key->authenticated;
2908 ev.key.enc_size = key->enc_size;
2909 ev.key.ediv = key->ediv;
2910
2911 if (key->type == HCI_SMP_LTK)
2912 ev.key.master = 1;
2913
2914 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2915 memcpy(ev.key.val, key->val, sizeof(key->val));
2916
2917 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2918 NULL);
2919}
2920
2921int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2922 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2923 u8 *dev_class)
2924{
2925 char buf[512];
2926 struct mgmt_ev_device_connected *ev = (void *) buf;
2927 u16 eir_len = 0;
2928
2929 bacpy(&ev->addr.bdaddr, bdaddr);
2930 ev->addr.type = link_to_mgmt(link_type, addr_type);
2931
2932 ev->flags = __cpu_to_le32(flags);
2933
2934 if (name_len > 0)
2935 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2936 name, name_len);
2937
2938 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2939 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2940 EIR_CLASS_OF_DEV, dev_class, 3);
2941
2942 put_unaligned_le16(eir_len, &ev->eir_len);
2943
2944 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2945 sizeof(*ev) + eir_len, NULL);
2398} 2946}
2399 2947
2400static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2948static void disconnect_rsp(struct pending_cmd *cmd, void *data)
@@ -2403,10 +2951,11 @@ static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2403 struct sock **sk = data; 2951 struct sock **sk = data;
2404 struct mgmt_rp_disconnect rp; 2952 struct mgmt_rp_disconnect rp;
2405 2953
2406 bacpy(&rp.bdaddr, &cp->bdaddr); 2954 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2407 rp.status = 0; 2955 rp.addr.type = cp->addr.type;
2408 2956
2409 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2957 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2958 sizeof(rp));
2410 2959
2411 *sk = cmd->sk; 2960 *sk = cmd->sk;
2412 sock_hold(*sk); 2961 sock_hold(*sk);
@@ -2414,25 +2963,25 @@ static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2414 mgmt_pending_remove(cmd); 2963 mgmt_pending_remove(cmd);
2415} 2964}
2416 2965
2417static void remove_keys_rsp(struct pending_cmd *cmd, void *data) 2966static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2418{ 2967{
2419 u8 *status = data; 2968 struct hci_dev *hdev = data;
2420 struct mgmt_cp_remove_keys *cp = cmd->param; 2969 struct mgmt_cp_unpair_device *cp = cmd->param;
2421 struct mgmt_rp_remove_keys rp; 2970 struct mgmt_rp_unpair_device rp;
2422 2971
2423 memset(&rp, 0, sizeof(rp)); 2972 memset(&rp, 0, sizeof(rp));
2424 bacpy(&rp.bdaddr, &cp->bdaddr); 2973 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2425 if (status != NULL) 2974 rp.addr.type = cp->addr.type;
2426 rp.status = *status;
2427 2975
2428 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp, 2976 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2429 sizeof(rp)); 2977
2978 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
2430 2979
2431 mgmt_pending_remove(cmd); 2980 mgmt_pending_remove(cmd);
2432} 2981}
2433 2982
2434int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2983int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2435 u8 addr_type) 2984 u8 link_type, u8 addr_type)
2436{ 2985{
2437 struct mgmt_addr_info ev; 2986 struct mgmt_addr_info ev;
2438 struct sock *sk = NULL; 2987 struct sock *sk = NULL;
@@ -2443,45 +2992,44 @@ int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2443 bacpy(&ev.bdaddr, bdaddr); 2992 bacpy(&ev.bdaddr, bdaddr);
2444 ev.type = link_to_mgmt(link_type, addr_type); 2993 ev.type = link_to_mgmt(link_type, addr_type);
2445 2994
2446 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 2995 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2996 sk);
2447 2997
2448 if (sk) 2998 if (sk)
2449 sock_put(sk); 2999 sock_put(sk);
2450 3000
2451 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL); 3001 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3002 hdev);
2452 3003
2453 return err; 3004 return err;
2454} 3005}
2455 3006
2456int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 3007int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3008 u8 link_type, u8 addr_type, u8 status)
2457{ 3009{
3010 struct mgmt_rp_disconnect rp;
2458 struct pending_cmd *cmd; 3011 struct pending_cmd *cmd;
2459 u8 mgmt_err = mgmt_status(status);
2460 int err; 3012 int err;
2461 3013
2462 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3014 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2463 if (!cmd) 3015 if (!cmd)
2464 return -ENOENT; 3016 return -ENOENT;
2465 3017
2466 if (bdaddr) { 3018 bacpy(&rp.addr.bdaddr, bdaddr);
2467 struct mgmt_rp_disconnect rp; 3019 rp.addr.type = link_to_mgmt(link_type, addr_type);
2468 3020
2469 bacpy(&rp.bdaddr, bdaddr); 3021 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2470 rp.status = status; 3022 mgmt_status(status), &rp, sizeof(rp));
2471
2472 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2473 &rp, sizeof(rp));
2474 } else
2475 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2476 mgmt_err);
2477 3023
2478 mgmt_pending_remove(cmd); 3024 mgmt_pending_remove(cmd);
2479 3025
3026 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3027 hdev);
2480 return err; 3028 return err;
2481} 3029}
2482 3030
2483int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3031int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2484 u8 addr_type, u8 status) 3032 u8 addr_type, u8 status)
2485{ 3033{
2486 struct mgmt_ev_connect_failed ev; 3034 struct mgmt_ev_connect_failed ev;
2487 3035
@@ -2496,15 +3044,16 @@ int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2496{ 3044{
2497 struct mgmt_ev_pin_code_request ev; 3045 struct mgmt_ev_pin_code_request ev;
2498 3046
2499 bacpy(&ev.bdaddr, bdaddr); 3047 bacpy(&ev.addr.bdaddr, bdaddr);
3048 ev.addr.type = MGMT_ADDR_BREDR;
2500 ev.secure = secure; 3049 ev.secure = secure;
2501 3050
2502 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 3051 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2503 NULL); 3052 NULL);
2504} 3053}
2505 3054
2506int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3055int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2507 u8 status) 3056 u8 status)
2508{ 3057{
2509 struct pending_cmd *cmd; 3058 struct pending_cmd *cmd;
2510 struct mgmt_rp_pin_code_reply rp; 3059 struct mgmt_rp_pin_code_reply rp;
@@ -2514,11 +3063,11 @@ int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2514 if (!cmd) 3063 if (!cmd)
2515 return -ENOENT; 3064 return -ENOENT;
2516 3065
2517 bacpy(&rp.bdaddr, bdaddr); 3066 bacpy(&rp.addr.bdaddr, bdaddr);
2518 rp.status = mgmt_status(status); 3067 rp.addr.type = MGMT_ADDR_BREDR;
2519 3068
2520 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp, 3069 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2521 sizeof(rp)); 3070 mgmt_status(status), &rp, sizeof(rp));
2522 3071
2523 mgmt_pending_remove(cmd); 3072 mgmt_pending_remove(cmd);
2524 3073
@@ -2526,7 +3075,7 @@ int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2526} 3075}
2527 3076
2528int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3077int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2529 u8 status) 3078 u8 status)
2530{ 3079{
2531 struct pending_cmd *cmd; 3080 struct pending_cmd *cmd;
2532 struct mgmt_rp_pin_code_reply rp; 3081 struct mgmt_rp_pin_code_reply rp;
@@ -2536,11 +3085,11 @@ int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2536 if (!cmd) 3085 if (!cmd)
2537 return -ENOENT; 3086 return -ENOENT;
2538 3087
2539 bacpy(&rp.bdaddr, bdaddr); 3088 bacpy(&rp.addr.bdaddr, bdaddr);
2540 rp.status = mgmt_status(status); 3089 rp.addr.type = MGMT_ADDR_BREDR;
2541 3090
2542 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 3091 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
2543 sizeof(rp)); 3092 mgmt_status(status), &rp, sizeof(rp));
2544 3093
2545 mgmt_pending_remove(cmd); 3094 mgmt_pending_remove(cmd);
2546 3095
@@ -2548,34 +3097,39 @@ int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2548} 3097}
2549 3098
2550int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 3099int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2551 __le32 value, u8 confirm_hint) 3100 u8 link_type, u8 addr_type, __le32 value,
3101 u8 confirm_hint)
2552{ 3102{
2553 struct mgmt_ev_user_confirm_request ev; 3103 struct mgmt_ev_user_confirm_request ev;
2554 3104
2555 BT_DBG("%s", hdev->name); 3105 BT_DBG("%s", hdev->name);
2556 3106
2557 bacpy(&ev.bdaddr, bdaddr); 3107 bacpy(&ev.addr.bdaddr, bdaddr);
3108 ev.addr.type = link_to_mgmt(link_type, addr_type);
2558 ev.confirm_hint = confirm_hint; 3109 ev.confirm_hint = confirm_hint;
2559 put_unaligned_le32(value, &ev.value); 3110 put_unaligned_le32(value, &ev.value);
2560 3111
2561 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 3112 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2562 NULL); 3113 NULL);
2563} 3114}
2564 3115
2565int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr) 3116int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3117 u8 link_type, u8 addr_type)
2566{ 3118{
2567 struct mgmt_ev_user_passkey_request ev; 3119 struct mgmt_ev_user_passkey_request ev;
2568 3120
2569 BT_DBG("%s", hdev->name); 3121 BT_DBG("%s", hdev->name);
2570 3122
2571 bacpy(&ev.bdaddr, bdaddr); 3123 bacpy(&ev.addr.bdaddr, bdaddr);
3124 ev.addr.type = link_to_mgmt(link_type, addr_type);
2572 3125
2573 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 3126 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2574 NULL); 3127 NULL);
2575} 3128}
2576 3129
2577static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3130static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2578 u8 status, u8 opcode) 3131 u8 link_type, u8 addr_type, u8 status,
3132 u8 opcode)
2579{ 3133{
2580 struct pending_cmd *cmd; 3134 struct pending_cmd *cmd;
2581 struct mgmt_rp_user_confirm_reply rp; 3135 struct mgmt_rp_user_confirm_reply rp;
@@ -2585,9 +3139,10 @@ static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2585 if (!cmd) 3139 if (!cmd)
2586 return -ENOENT; 3140 return -ENOENT;
2587 3141
2588 bacpy(&rp.bdaddr, bdaddr); 3142 bacpy(&rp.addr.bdaddr, bdaddr);
2589 rp.status = mgmt_status(status); 3143 rp.addr.type = link_to_mgmt(link_type, addr_type);
2590 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp)); 3144 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3145 &rp, sizeof(rp));
2591 3146
2592 mgmt_pending_remove(cmd); 3147 mgmt_pending_remove(cmd);
2593 3148
@@ -2595,72 +3150,215 @@ static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2595} 3150}
2596 3151
2597int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3152int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2598 u8 status) 3153 u8 link_type, u8 addr_type, u8 status)
2599{ 3154{
2600 return user_pairing_resp_complete(hdev, bdaddr, status, 3155 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2601 MGMT_OP_USER_CONFIRM_REPLY); 3156 status, MGMT_OP_USER_CONFIRM_REPLY);
2602} 3157}
2603 3158
2604int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, 3159int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2605 bdaddr_t *bdaddr, u8 status) 3160 u8 link_type, u8 addr_type, u8 status)
2606{ 3161{
2607 return user_pairing_resp_complete(hdev, bdaddr, status, 3162 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2608 MGMT_OP_USER_CONFIRM_NEG_REPLY); 3163 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
2609} 3164}
2610 3165
2611int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 3166int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2612 u8 status) 3167 u8 link_type, u8 addr_type, u8 status)
2613{ 3168{
2614 return user_pairing_resp_complete(hdev, bdaddr, status, 3169 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2615 MGMT_OP_USER_PASSKEY_REPLY); 3170 status, MGMT_OP_USER_PASSKEY_REPLY);
2616} 3171}
2617 3172
2618int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, 3173int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2619 bdaddr_t *bdaddr, u8 status) 3174 u8 link_type, u8 addr_type, u8 status)
2620{ 3175{
2621 return user_pairing_resp_complete(hdev, bdaddr, status, 3176 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2622 MGMT_OP_USER_PASSKEY_NEG_REPLY); 3177 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
2623} 3178}
2624 3179
2625int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 3180int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3181 u8 addr_type, u8 status)
2626{ 3182{
2627 struct mgmt_ev_auth_failed ev; 3183 struct mgmt_ev_auth_failed ev;
2628 3184
2629 bacpy(&ev.bdaddr, bdaddr); 3185 bacpy(&ev.addr.bdaddr, bdaddr);
3186 ev.addr.type = link_to_mgmt(link_type, addr_type);
2630 ev.status = mgmt_status(status); 3187 ev.status = mgmt_status(status);
2631 3188
2632 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 3189 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2633} 3190}
2634 3191
3192int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3193{
3194 struct cmd_lookup match = { NULL, hdev };
3195 bool changed = false;
3196 int err = 0;
3197
3198 if (status) {
3199 u8 mgmt_err = mgmt_status(status);
3200 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3201 cmd_status_rsp, &mgmt_err);
3202 return 0;
3203 }
3204
3205 if (test_bit(HCI_AUTH, &hdev->flags)) {
3206 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3207 changed = true;
3208 } else {
3209 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3210 changed = true;
3211 }
3212
3213 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3214 &match);
3215
3216 if (changed)
3217 err = new_settings(hdev, match.sk);
3218
3219 if (match.sk)
3220 sock_put(match.sk);
3221
3222 return err;
3223}
3224
3225static int clear_eir(struct hci_dev *hdev)
3226{
3227 struct hci_cp_write_eir cp;
3228
3229 if (!(hdev->features[6] & LMP_EXT_INQ))
3230 return 0;
3231
3232 memset(hdev->eir, 0, sizeof(hdev->eir));
3233
3234 memset(&cp, 0, sizeof(cp));
3235
3236 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3237}
3238
3239int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3240{
3241 struct cmd_lookup match = { NULL, hdev };
3242 bool changed = false;
3243 int err = 0;
3244
3245 if (status) {
3246 u8 mgmt_err = mgmt_status(status);
3247
3248 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3249 &hdev->dev_flags))
3250 err = new_settings(hdev, NULL);
3251
3252 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3253 &mgmt_err);
3254
3255 return err;
3256 }
3257
3258 if (enable) {
3259 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3260 changed = true;
3261 } else {
3262 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3263 changed = true;
3264 }
3265
3266 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3267
3268 if (changed)
3269 err = new_settings(hdev, match.sk);
3270
3271 if (match.sk)
3272 sock_put(match.sk);
3273
3274 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3275 update_eir(hdev);
3276 else
3277 clear_eir(hdev);
3278
3279 return err;
3280}
3281
3282static void class_rsp(struct pending_cmd *cmd, void *data)
3283{
3284 struct cmd_lookup *match = data;
3285
3286 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3287 match->hdev->dev_class, 3);
3288
3289 list_del(&cmd->list);
3290
3291 if (match->sk == NULL) {
3292 match->sk = cmd->sk;
3293 sock_hold(match->sk);
3294 }
3295
3296 mgmt_pending_free(cmd);
3297}
3298
3299int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3300 u8 status)
3301{
3302 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3303 int err = 0;
3304
3305 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3306
3307 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3308 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3309 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3310
3311 if (!status)
3312 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3313 3, NULL);
3314
3315 if (match.sk)
3316 sock_put(match.sk);
3317
3318 return err;
3319}
3320
2635int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 3321int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2636{ 3322{
2637 struct pending_cmd *cmd; 3323 struct pending_cmd *cmd;
2638 struct mgmt_cp_set_local_name ev; 3324 struct mgmt_cp_set_local_name ev;
2639 int err; 3325 bool changed = false;
3326 int err = 0;
3327
3328 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3329 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3330 changed = true;
3331 }
2640 3332
2641 memset(&ev, 0, sizeof(ev)); 3333 memset(&ev, 0, sizeof(ev));
2642 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 3334 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3335 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
2643 3336
2644 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 3337 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2645 if (!cmd) 3338 if (!cmd)
2646 goto send_event; 3339 goto send_event;
2647 3340
3341 /* Always assume that either the short or the complete name has
3342 * changed if there was a pending mgmt command */
3343 changed = true;
3344
2648 if (status) { 3345 if (status) {
2649 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3346 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2650 mgmt_status(status)); 3347 mgmt_status(status));
2651 goto failed; 3348 goto failed;
2652 } 3349 }
2653 3350
2654 update_eir(hdev); 3351 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
2655 3352 sizeof(ev));
2656 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2657 sizeof(ev));
2658 if (err < 0) 3353 if (err < 0)
2659 goto failed; 3354 goto failed;
2660 3355
2661send_event: 3356send_event:
2662 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 3357 if (changed)
2663 cmd ? cmd->sk : NULL); 3358 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3359 sizeof(ev), cmd ? cmd->sk : NULL);
3360
3361 update_eir(hdev);
2664 3362
2665failed: 3363failed:
2666 if (cmd) 3364 if (cmd)
@@ -2669,7 +3367,7 @@ failed:
2669} 3367}
2670 3368
2671int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 3369int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2672 u8 *randomizer, u8 status) 3370 u8 *randomizer, u8 status)
2673{ 3371{
2674 struct pending_cmd *cmd; 3372 struct pending_cmd *cmd;
2675 int err; 3373 int err;
@@ -2681,9 +3379,8 @@ int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2681 return -ENOENT; 3379 return -ENOENT;
2682 3380
2683 if (status) { 3381 if (status) {
2684 err = cmd_status(cmd->sk, hdev->id, 3382 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2685 MGMT_OP_READ_LOCAL_OOB_DATA, 3383 mgmt_status(status));
2686 mgmt_status(status));
2687 } else { 3384 } else {
2688 struct mgmt_rp_read_local_oob_data rp; 3385 struct mgmt_rp_read_local_oob_data rp;
2689 3386
@@ -2691,8 +3388,8 @@ int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2691 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 3388 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2692 3389
2693 err = cmd_complete(cmd->sk, hdev->id, 3390 err = cmd_complete(cmd->sk, hdev->id,
2694 MGMT_OP_READ_LOCAL_OOB_DATA, 3391 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
2695 &rp, sizeof(rp)); 3392 sizeof(rp));
2696 } 3393 }
2697 3394
2698 mgmt_pending_remove(cmd); 3395 mgmt_pending_remove(cmd);
@@ -2700,48 +3397,120 @@ int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2700 return err; 3397 return err;
2701} 3398}
2702 3399
3400int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3401{
3402 struct cmd_lookup match = { NULL, hdev };
3403 bool changed = false;
3404 int err = 0;
3405
3406 if (status) {
3407 u8 mgmt_err = mgmt_status(status);
3408
3409 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3410 &hdev->dev_flags))
3411 err = new_settings(hdev, NULL);
3412
3413 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3414 cmd_status_rsp, &mgmt_err);
3415
3416 return err;
3417 }
3418
3419 if (enable) {
3420 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3421 changed = true;
3422 } else {
3423 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3424 changed = true;
3425 }
3426
3427 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3428
3429 if (changed)
3430 err = new_settings(hdev, match.sk);
3431
3432 if (match.sk)
3433 sock_put(match.sk);
3434
3435 return err;
3436}
3437
2703int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 3438int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2704 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir) 3439 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3440 ssp, u8 *eir, u16 eir_len)
2705{ 3441{
2706 struct mgmt_ev_device_found ev; 3442 char buf[512];
3443 struct mgmt_ev_device_found *ev = (void *) buf;
3444 size_t ev_size;
2707 3445
2708 memset(&ev, 0, sizeof(ev)); 3446 /* Leave 5 bytes for a potential CoD field */
3447 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3448 return -EINVAL;
2709 3449
2710 bacpy(&ev.addr.bdaddr, bdaddr); 3450 memset(buf, 0, sizeof(buf));
2711 ev.addr.type = link_to_mgmt(link_type, addr_type); 3451
2712 ev.rssi = rssi; 3452 bacpy(&ev->addr.bdaddr, bdaddr);
3453 ev->addr.type = link_to_mgmt(link_type, addr_type);
3454 ev->rssi = rssi;
3455 if (cfm_name)
3456 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3457 if (!ssp)
3458 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3459
3460 if (eir_len > 0)
3461 memcpy(ev->eir, eir, eir_len);
2713 3462
2714 if (eir) 3463 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2715 memcpy(ev.eir, eir, sizeof(ev.eir)); 3464 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3465 dev_class, 3);
2716 3466
2717 if (dev_class) 3467 put_unaligned_le16(eir_len, &ev->eir_len);
2718 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2719 3468
2720 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL); 3469 ev_size = sizeof(*ev) + eir_len;
3470
3471 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
2721} 3472}
2722 3473
2723int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name) 3474int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3475 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
2724{ 3476{
2725 struct mgmt_ev_remote_name ev; 3477 struct mgmt_ev_device_found *ev;
3478 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3479 u16 eir_len;
2726 3480
2727 memset(&ev, 0, sizeof(ev)); 3481 ev = (struct mgmt_ev_device_found *) buf;
2728 3482
2729 bacpy(&ev.bdaddr, bdaddr); 3483 memset(buf, 0, sizeof(buf));
2730 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 3484
3485 bacpy(&ev->addr.bdaddr, bdaddr);
3486 ev->addr.type = link_to_mgmt(link_type, addr_type);
3487 ev->rssi = rssi;
3488
3489 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3490 name_len);
3491
3492 put_unaligned_le16(eir_len, &ev->eir_len);
2731 3493
2732 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL); 3494 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3495 sizeof(*ev) + eir_len, NULL);
2733} 3496}
2734 3497
2735int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 3498int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2736{ 3499{
2737 struct pending_cmd *cmd; 3500 struct pending_cmd *cmd;
3501 u8 type;
2738 int err; 3502 int err;
2739 3503
3504 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3505
2740 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3506 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2741 if (!cmd) 3507 if (!cmd)
2742 return -ENOENT; 3508 return -ENOENT;
2743 3509
2744 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); 3510 type = hdev->discovery.type;
3511
3512 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3513 &type, sizeof(type));
2745 mgmt_pending_remove(cmd); 3514 mgmt_pending_remove(cmd);
2746 3515
2747 return err; 3516 return err;
@@ -2756,7 +3525,8 @@ int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2756 if (!cmd) 3525 if (!cmd)
2757 return -ENOENT; 3526 return -ENOENT;
2758 3527
2759 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); 3528 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3529 &hdev->discovery.type, sizeof(hdev->discovery.type));
2760 mgmt_pending_remove(cmd); 3530 mgmt_pending_remove(cmd);
2761 3531
2762 return err; 3532 return err;
@@ -2764,44 +3534,61 @@ int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2764 3534
2765int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 3535int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2766{ 3536{
3537 struct mgmt_ev_discovering ev;
2767 struct pending_cmd *cmd; 3538 struct pending_cmd *cmd;
2768 3539
3540 BT_DBG("%s discovering %u", hdev->name, discovering);
3541
2769 if (discovering) 3542 if (discovering)
2770 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 3543 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2771 else 3544 else
2772 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 3545 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2773 3546
2774 if (cmd != NULL) { 3547 if (cmd != NULL) {
2775 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0); 3548 u8 type = hdev->discovery.type;
3549
3550 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3551 sizeof(type));
2776 mgmt_pending_remove(cmd); 3552 mgmt_pending_remove(cmd);
2777 } 3553 }
2778 3554
2779 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering, 3555 memset(&ev, 0, sizeof(ev));
2780 sizeof(discovering), NULL); 3556 ev.type = hdev->discovery.type;
3557 ev.discovering = discovering;
3558
3559 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
2781} 3560}
2782 3561
2783int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 3562int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2784{ 3563{
2785 struct pending_cmd *cmd; 3564 struct pending_cmd *cmd;
2786 struct mgmt_ev_device_blocked ev; 3565 struct mgmt_ev_device_blocked ev;
2787 3566
2788 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 3567 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2789 3568
2790 bacpy(&ev.bdaddr, bdaddr); 3569 bacpy(&ev.addr.bdaddr, bdaddr);
3570 ev.addr.type = type;
2791 3571
2792 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 3572 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2793 cmd ? cmd->sk : NULL); 3573 cmd ? cmd->sk : NULL);
2794} 3574}
2795 3575
2796int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 3576int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2797{ 3577{
2798 struct pending_cmd *cmd; 3578 struct pending_cmd *cmd;
2799 struct mgmt_ev_device_unblocked ev; 3579 struct mgmt_ev_device_unblocked ev;
2800 3580
2801 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 3581 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2802 3582
2803 bacpy(&ev.bdaddr, bdaddr); 3583 bacpy(&ev.addr.bdaddr, bdaddr);
3584 ev.addr.type = type;
2804 3585
2805 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 3586 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2806 cmd ? cmd->sk : NULL); 3587 cmd ? cmd->sk : NULL);
2807} 3588}
3589
3590module_param(enable_hs, bool, 0644);
3591MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3592
3593module_param(enable_le, bool, 0644);
3594MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 7adb03ca51c2..4bf54b377255 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -196,7 +196,7 @@ static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL);
196static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) 196static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
197{ 197{
198 struct rfcomm_dev *dev, *entry; 198 struct rfcomm_dev *dev, *entry;
199 struct list_head *head = &rfcomm_dev_list, *p; 199 struct list_head *head = &rfcomm_dev_list;
200 int err = 0; 200 int err = 0;
201 201
202 BT_DBG("id %d channel %d", req->dev_id, req->channel); 202 BT_DBG("id %d channel %d", req->dev_id, req->channel);
@@ -215,7 +215,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
215 break; 215 break;
216 216
217 dev->id++; 217 dev->id++;
218 head = p; 218 head = &entry->list;
219 } 219 }
220 } else { 220 } else {
221 dev->id = req->dev_id; 221 dev->id = req->dev_id;
@@ -229,7 +229,7 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
229 if (entry->id > dev->id - 1) 229 if (entry->id > dev->id - 1)
230 break; 230 break;
231 231
232 head = p; 232 head = &entry->list;
233 } 233 }
234 } 234 }
235 235
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 32c47de30344..deb119875fd9 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -29,7 +29,7 @@
29#include <linux/scatterlist.h> 29#include <linux/scatterlist.h>
30#include <crypto/b128ops.h> 30#include <crypto/b128ops.h>
31 31
32#define SMP_TIMEOUT 30000 /* 30 seconds */ 32#define SMP_TIMEOUT msecs_to_jiffies(30000)
33 33
34static inline void swap128(u8 src[16], u8 dst[16]) 34static inline void swap128(u8 src[16], u8 dst[16])
35{ 35{
@@ -186,8 +186,7 @@ static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data)
186 hci_send_acl(conn->hchan, skb, 0); 186 hci_send_acl(conn->hchan, skb, 0);
187 187
188 cancel_delayed_work_sync(&conn->security_timer); 188 cancel_delayed_work_sync(&conn->security_timer);
189 schedule_delayed_work(&conn->security_timer, 189 schedule_delayed_work(&conn->security_timer, SMP_TIMEOUT);
190 msecs_to_jiffies(SMP_TIMEOUT));
191} 190}
192 191
193static __u8 authreq_to_seclevel(__u8 authreq) 192static __u8 authreq_to_seclevel(__u8 authreq)
@@ -217,7 +216,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
217{ 216{
218 u8 dist_keys = 0; 217 u8 dist_keys = 0;
219 218
220 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) { 219 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) {
221 dist_keys = SMP_DIST_ENC_KEY; 220 dist_keys = SMP_DIST_ENC_KEY;
222 authreq |= SMP_AUTH_BONDING; 221 authreq |= SMP_AUTH_BONDING;
223 } else { 222 } else {
@@ -250,21 +249,27 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
250 (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 249 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
251 return SMP_ENC_KEY_SIZE; 250 return SMP_ENC_KEY_SIZE;
252 251
253 smp->smp_key_size = max_key_size; 252 smp->enc_key_size = max_key_size;
254 253
255 return 0; 254 return 0;
256} 255}
257 256
258static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send) 257static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
259{ 258{
259 struct hci_conn *hcon = conn->hcon;
260
260 if (send) 261 if (send)
261 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 262 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
262 &reason); 263 &reason);
263 264
264 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->pend); 265 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags);
265 mgmt_auth_failed(conn->hcon->hdev, conn->dst, reason); 266 mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
266 cancel_delayed_work_sync(&conn->security_timer); 267 hcon->dst_type, reason);
267 smp_chan_destroy(conn); 268
269 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
270 cancel_delayed_work_sync(&conn->security_timer);
271 smp_chan_destroy(conn);
272 }
268} 273}
269 274
270#define JUST_WORKS 0x00 275#define JUST_WORKS 0x00
@@ -305,7 +310,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
305 remote_io > SMP_IO_KEYBOARD_DISPLAY) 310 remote_io > SMP_IO_KEYBOARD_DISPLAY)
306 method = JUST_WORKS; 311 method = JUST_WORKS;
307 else 312 else
308 method = gen_method[local_io][remote_io]; 313 method = gen_method[remote_io][local_io];
309 314
310 /* If not bonding, don't ask user to confirm a Zero TK */ 315 /* If not bonding, don't ask user to confirm a Zero TK */
311 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM) 316 if (!(auth & SMP_AUTH_BONDING) && method == JUST_CFM)
@@ -346,9 +351,11 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
346 hci_dev_lock(hcon->hdev); 351 hci_dev_lock(hcon->hdev);
347 352
348 if (method == REQ_PASSKEY) 353 if (method == REQ_PASSKEY)
349 ret = mgmt_user_passkey_request(hcon->hdev, conn->dst); 354 ret = mgmt_user_passkey_request(hcon->hdev, conn->dst,
355 hcon->type, hcon->dst_type);
350 else 356 else
351 ret = mgmt_user_confirm_request(hcon->hdev, conn->dst, 357 ret = mgmt_user_confirm_request(hcon->hdev, conn->dst,
358 hcon->type, hcon->dst_type,
352 cpu_to_le32(passkey), 0); 359 cpu_to_le32(passkey), 0);
353 360
354 hci_dev_unlock(hcon->hdev); 361 hci_dev_unlock(hcon->hdev);
@@ -377,12 +384,11 @@ static void confirm_work(struct work_struct *work)
377 384
378 if (conn->hcon->out) 385 if (conn->hcon->out)
379 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0, 386 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0,
380 conn->src, conn->hcon->dst_type, conn->dst, 387 conn->src, conn->hcon->dst_type, conn->dst, res);
381 res);
382 else 388 else
383 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 389 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
384 conn->hcon->dst_type, conn->dst, 0, conn->src, 390 conn->hcon->dst_type, conn->dst, 0, conn->src,
385 res); 391 res);
386 if (ret) { 392 if (ret) {
387 reason = SMP_UNSPECIFIED; 393 reason = SMP_UNSPECIFIED;
388 goto error; 394 goto error;
@@ -417,12 +423,10 @@ static void random_work(struct work_struct *work)
417 423
418 if (hcon->out) 424 if (hcon->out)
419 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0, 425 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0,
420 conn->src, hcon->dst_type, conn->dst, 426 conn->src, hcon->dst_type, conn->dst, res);
421 res);
422 else 427 else
423 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 428 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
424 hcon->dst_type, conn->dst, 0, conn->src, 429 hcon->dst_type, conn->dst, 0, conn->src, res);
425 res);
426 if (ret) { 430 if (ret) {
427 reason = SMP_UNSPECIFIED; 431 reason = SMP_UNSPECIFIED;
428 goto error; 432 goto error;
@@ -446,16 +450,16 @@ static void random_work(struct work_struct *work)
446 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key); 450 smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
447 swap128(key, stk); 451 swap128(key, stk);
448 452
449 memset(stk + smp->smp_key_size, 0, 453 memset(stk + smp->enc_key_size, 0,
450 SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size); 454 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
451 455
452 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) { 456 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
453 reason = SMP_UNSPECIFIED; 457 reason = SMP_UNSPECIFIED;
454 goto error; 458 goto error;
455 } 459 }
456 460
457 hci_le_start_enc(hcon, ediv, rand, stk); 461 hci_le_start_enc(hcon, ediv, rand, stk);
458 hcon->enc_key_size = smp->smp_key_size; 462 hcon->enc_key_size = smp->enc_key_size;
459 } else { 463 } else {
460 u8 stk[16], r[16], rand[8]; 464 u8 stk[16], r[16], rand[8];
461 __le16 ediv; 465 __le16 ediv;
@@ -469,11 +473,12 @@ static void random_work(struct work_struct *work)
469 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key); 473 smp_s1(tfm, smp->tk, smp->prnd, smp->rrnd, key);
470 swap128(key, stk); 474 swap128(key, stk);
471 475
472 memset(stk + smp->smp_key_size, 0, 476 memset(stk + smp->enc_key_size, 0,
473 SMP_MAX_ENC_KEY_SIZE - smp->smp_key_size); 477 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
474 478
475 hci_add_ltk(hcon->hdev, 0, conn->dst, smp->smp_key_size, 479 hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type,
476 ediv, rand, stk); 480 HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size,
481 ediv, rand);
477 } 482 }
478 483
479 return; 484 return;
@@ -506,7 +511,7 @@ void smp_chan_destroy(struct l2cap_conn *conn)
506{ 511{
507 struct smp_chan *smp = conn->smp_chan; 512 struct smp_chan *smp = conn->smp_chan;
508 513
509 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend); 514 BUG_ON(!smp);
510 515
511 if (smp->tfm) 516 if (smp->tfm)
512 crypto_free_blkcipher(smp->tfm); 517 crypto_free_blkcipher(smp->tfm);
@@ -571,7 +576,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
571 if (conn->hcon->link_mode & HCI_LM_MASTER) 576 if (conn->hcon->link_mode & HCI_LM_MASTER)
572 return SMP_CMD_NOTSUPP; 577 return SMP_CMD_NOTSUPP;
573 578
574 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend)) 579 if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
575 smp = smp_chan_create(conn); 580 smp = smp_chan_create(conn);
576 581
577 smp = conn->smp_chan; 582 smp = conn->smp_chan;
@@ -584,6 +589,8 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
584 if (req->auth_req & SMP_AUTH_BONDING) 589 if (req->auth_req & SMP_AUTH_BONDING)
585 auth = req->auth_req; 590 auth = req->auth_req;
586 591
592 conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
593
587 build_pairing_cmd(conn, req, &rsp, auth); 594 build_pairing_cmd(conn, req, &rsp, auth);
588 595
589 key_size = min(req->max_key_size, rsp.max_key_size); 596 key_size = min(req->max_key_size, rsp.max_key_size);
@@ -698,23 +705,18 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
698 705
699static u8 smp_ltk_encrypt(struct l2cap_conn *conn) 706static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
700{ 707{
701 struct link_key *key; 708 struct smp_ltk *key;
702 struct key_master_id *master;
703 struct hci_conn *hcon = conn->hcon; 709 struct hci_conn *hcon = conn->hcon;
704 710
705 key = hci_find_link_key_type(hcon->hdev, conn->dst, 711 key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type);
706 HCI_LK_SMP_LTK);
707 if (!key) 712 if (!key)
708 return 0; 713 return 0;
709 714
710 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, 715 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
711 &hcon->pend))
712 return 1; 716 return 1;
713 717
714 master = (void *) key->data; 718 hci_le_start_enc(hcon, key->ediv, key->rand, key->val);
715 hci_le_start_enc(hcon, master->ediv, master->rand, 719 hcon->enc_key_size = key->enc_size;
716 key->val);
717 hcon->enc_key_size = key->pin_len;
718 720
719 return 1; 721 return 1;
720 722
@@ -733,7 +735,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
733 if (smp_ltk_encrypt(conn)) 735 if (smp_ltk_encrypt(conn))
734 return 0; 736 return 0;
735 737
736 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) 738 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
737 return 0; 739 return 0;
738 740
739 smp = smp_chan_create(conn); 741 smp = smp_chan_create(conn);
@@ -772,7 +774,7 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
772 if (smp_ltk_encrypt(conn)) 774 if (smp_ltk_encrypt(conn))
773 goto done; 775 goto done;
774 776
775 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) 777 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
776 return 0; 778 return 0;
777 779
778 smp = smp_chan_create(conn); 780 smp = smp_chan_create(conn);
@@ -817,13 +819,19 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
817{ 819{
818 struct smp_cmd_master_ident *rp = (void *) skb->data; 820 struct smp_cmd_master_ident *rp = (void *) skb->data;
819 struct smp_chan *smp = conn->smp_chan; 821 struct smp_chan *smp = conn->smp_chan;
822 struct hci_dev *hdev = conn->hcon->hdev;
823 struct hci_conn *hcon = conn->hcon;
824 u8 authenticated;
820 825
821 skb_pull(skb, sizeof(*rp)); 826 skb_pull(skb, sizeof(*rp));
822 827
823 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size, 828 hci_dev_lock(hdev);
824 rp->ediv, rp->rand, smp->tk); 829 authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH);
825 830 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
831 HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size,
832 rp->ediv, rp->rand);
826 smp_distribute_keys(conn, 1); 833 smp_distribute_keys(conn, 1);
834 hci_dev_unlock(hdev);
827 835
828 return 0; 836 return 0;
829} 837}
@@ -908,7 +916,7 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
908 916
909 BT_DBG("conn %p force %d", conn, force); 917 BT_DBG("conn %p force %d", conn, force);
910 918
911 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend)) 919 if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
912 return 0; 920 return 0;
913 921
914 rsp = (void *) &smp->prsp[1]; 922 rsp = (void *) &smp->prsp[1];
@@ -933,6 +941,8 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
933 if (*keydist & SMP_DIST_ENC_KEY) { 941 if (*keydist & SMP_DIST_ENC_KEY) {
934 struct smp_cmd_encrypt_info enc; 942 struct smp_cmd_encrypt_info enc;
935 struct smp_cmd_master_ident ident; 943 struct smp_cmd_master_ident ident;
944 struct hci_conn *hcon = conn->hcon;
945 u8 authenticated;
936 __le16 ediv; 946 __le16 ediv;
937 947
938 get_random_bytes(enc.ltk, sizeof(enc.ltk)); 948 get_random_bytes(enc.ltk, sizeof(enc.ltk));
@@ -941,8 +951,10 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
941 951
942 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 952 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
943 953
944 hci_add_ltk(conn->hcon->hdev, 1, conn->dst, smp->smp_key_size, 954 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
945 ediv, ident.rand, enc.ltk); 955 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type,
956 HCI_SMP_LTK_SLAVE, 1, authenticated,
957 enc.ltk, smp->enc_key_size, ediv, ident.rand);
946 958
947 ident.ediv = cpu_to_le16(ediv); 959 ident.ediv = cpu_to_le16(ediv);
948 960
@@ -982,7 +994,7 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
982 } 994 }
983 995
984 if (conn->hcon->out || force) { 996 if (conn->hcon->out || force) {
985 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->pend); 997 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
986 cancel_delayed_work_sync(&conn->security_timer); 998 cancel_delayed_work_sync(&conn->security_timer);
987 smp_chan_destroy(conn); 999 smp_chan_destroy(conn);
988 } 1000 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-01 06:37:14 -0500