aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2013-08-22 14:27:31 -0400
committerJohn W. Linville <linville@tuxdriver.com>2013-08-22 14:27:31 -0400
commit69b307a48a5e10d5fd53dbbfae1c700da356bd5d (patch)
tree0a09cc42b3a592d19e5229a84c93f2b58f8c89d3 /net/bluetooth
parent24de851b79a414f0e1813eb131a7d90849cc22c2 (diff)
parent2dea632f9acad076370fe871d4ccc93868621403 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_conn.c62
-rw-r--r--net/bluetooth/hci_core.c14
-rw-r--r--net/bluetooth/hci_event.c29
-rw-r--r--net/bluetooth/hidp/core.c40
-rw-r--r--net/bluetooth/l2cap_core.c3
-rw-r--r--net/bluetooth/rfcomm/tty.c271
-rw-r--r--net/bluetooth/sco.c85
7 files changed, 304 insertions, 200 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 6c7f36379722..f0817121ec5e 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -31,6 +31,24 @@
31#include <net/bluetooth/a2mp.h> 31#include <net/bluetooth/a2mp.h>
32#include <net/bluetooth/smp.h> 32#include <net/bluetooth/smp.h>
33 33
34struct sco_param {
35 u16 pkt_type;
36 u16 max_latency;
37};
38
39static const struct sco_param sco_param_cvsd[] = {
40 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000a }, /* S3 */
41 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x0007 }, /* S2 */
42 { EDR_ESCO_MASK | ESCO_EV3, 0x0007 }, /* S1 */
43 { EDR_ESCO_MASK | ESCO_HV3, 0xffff }, /* D1 */
44 { EDR_ESCO_MASK | ESCO_HV1, 0xffff }, /* D0 */
45};
46
47static const struct sco_param sco_param_wideband[] = {
48 { EDR_ESCO_MASK & ~ESCO_2EV3, 0x000d }, /* T2 */
49 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
50};
51
34static void hci_le_create_connection(struct hci_conn *conn) 52static void hci_le_create_connection(struct hci_conn *conn)
35{ 53{
36 struct hci_dev *hdev = conn->hdev; 54 struct hci_dev *hdev = conn->hdev;
@@ -172,10 +190,11 @@ static void hci_add_sco(struct hci_conn *conn, __u16 handle)
172 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 190 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
173} 191}
174 192
175void hci_setup_sync(struct hci_conn *conn, __u16 handle) 193bool hci_setup_sync(struct hci_conn *conn, __u16 handle)
176{ 194{
177 struct hci_dev *hdev = conn->hdev; 195 struct hci_dev *hdev = conn->hdev;
178 struct hci_cp_setup_sync_conn cp; 196 struct hci_cp_setup_sync_conn cp;
197 const struct sco_param *param;
179 198
180 BT_DBG("hcon %p", conn); 199 BT_DBG("hcon %p", conn);
181 200
@@ -185,15 +204,35 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
185 conn->attempt++; 204 conn->attempt++;
186 205
187 cp.handle = cpu_to_le16(handle); 206 cp.handle = cpu_to_le16(handle);
188 cp.pkt_type = cpu_to_le16(conn->pkt_type);
189 207
190 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); 208 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
191 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); 209 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
192 cp.max_latency = __constant_cpu_to_le16(0xffff); 210 cp.voice_setting = cpu_to_le16(conn->setting);
193 cp.voice_setting = cpu_to_le16(hdev->voice_setting); 211
194 cp.retrans_effort = 0xff; 212 switch (conn->setting & SCO_AIRMODE_MASK) {
213 case SCO_AIRMODE_TRANSP:
214 if (conn->attempt > ARRAY_SIZE(sco_param_wideband))
215 return false;
216 cp.retrans_effort = 0x02;
217 param = &sco_param_wideband[conn->attempt - 1];
218 break;
219 case SCO_AIRMODE_CVSD:
220 if (conn->attempt > ARRAY_SIZE(sco_param_cvsd))
221 return false;
222 cp.retrans_effort = 0x01;
223 param = &sco_param_cvsd[conn->attempt - 1];
224 break;
225 default:
226 return false;
227 }
195 228
196 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp); 229 cp.pkt_type = __cpu_to_le16(param->pkt_type);
230 cp.max_latency = __cpu_to_le16(param->max_latency);
231
232 if (hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp) < 0)
233 return false;
234
235 return true;
197} 236}
198 237
199void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, 238void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
@@ -560,13 +599,13 @@ static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
560 return acl; 599 return acl;
561} 600}
562 601
563static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, 602struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
564 bdaddr_t *dst, u8 sec_level, u8 auth_type) 603 __u16 setting)
565{ 604{
566 struct hci_conn *acl; 605 struct hci_conn *acl;
567 struct hci_conn *sco; 606 struct hci_conn *sco;
568 607
569 acl = hci_connect_acl(hdev, dst, sec_level, auth_type); 608 acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING);
570 if (IS_ERR(acl)) 609 if (IS_ERR(acl))
571 return acl; 610 return acl;
572 611
@@ -584,6 +623,8 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
584 623
585 hci_conn_hold(sco); 624 hci_conn_hold(sco);
586 625
626 sco->setting = setting;
627
587 if (acl->state == BT_CONNECTED && 628 if (acl->state == BT_CONNECTED &&
588 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 629 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
589 set_bit(HCI_CONN_POWER_SAVE, &acl->flags); 630 set_bit(HCI_CONN_POWER_SAVE, &acl->flags);
@@ -612,9 +653,6 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
612 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type); 653 return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
613 case ACL_LINK: 654 case ACL_LINK:
614 return hci_connect_acl(hdev, dst, sec_level, auth_type); 655 return hci_connect_acl(hdev, dst, sec_level, auth_type);
615 case SCO_LINK:
616 case ESCO_LINK:
617 return hci_connect_sco(hdev, type, dst, sec_level, auth_type);
618 } 656 }
619 657
620 return ERR_PTR(-EINVAL); 658 return ERR_PTR(-EINVAL);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index cc27297da5a9..634debab4d54 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -454,6 +454,18 @@ static void hci_setup_event_mask(struct hci_request *req)
454 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 454 events[4] |= 0x04; /* Read Remote Extended Features Complete */
455 events[5] |= 0x08; /* Synchronous Connection Complete */ 455 events[5] |= 0x08; /* Synchronous Connection Complete */
456 events[5] |= 0x10; /* Synchronous Connection Changed */ 456 events[5] |= 0x10; /* Synchronous Connection Changed */
457 } else {
458 /* Use a different default for LE-only devices */
459 memset(events, 0, sizeof(events));
460 events[0] |= 0x10; /* Disconnection Complete */
461 events[0] |= 0x80; /* Encryption Change */
462 events[1] |= 0x08; /* Read Remote Version Information Complete */
463 events[1] |= 0x20; /* Command Complete */
464 events[1] |= 0x40; /* Command Status */
465 events[1] |= 0x80; /* Hardware Error */
466 events[2] |= 0x04; /* Number of Completed Packets */
467 events[3] |= 0x02; /* Data Buffer Overflow */
468 events[5] |= 0x80; /* Encryption Key Refresh Complete */
457 } 469 }
458 470
459 if (lmp_inq_rssi_capable(hdev)) 471 if (lmp_inq_rssi_capable(hdev))
@@ -608,7 +620,7 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
608 * as supported send it. If not supported assume that the controller 620 * as supported send it. If not supported assume that the controller
609 * does not have actual support for stored link keys which makes this 621 * does not have actual support for stored link keys which makes this
610 * command redundant anyway. 622 * command redundant anyway.
611 */ 623 */
612 if (hdev->commands[6] & 0x80) { 624 if (hdev->commands[6] & 0x80) {
613 struct hci_cp_delete_stored_link_key cp; 625 struct hci_cp_delete_stored_link_key cp;
614 626
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 0437200d92f4..94aab73f89d4 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2904,15 +2904,16 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2904 hci_conn_add_sysfs(conn); 2904 hci_conn_add_sysfs(conn);
2905 break; 2905 break;
2906 2906
2907 case 0x0d: /* Connection Rejected due to Limited Resources */
2907 case 0x11: /* Unsupported Feature or Parameter Value */ 2908 case 0x11: /* Unsupported Feature or Parameter Value */
2908 case 0x1c: /* SCO interval rejected */ 2909 case 0x1c: /* SCO interval rejected */
2909 case 0x1a: /* Unsupported Remote Feature */ 2910 case 0x1a: /* Unsupported Remote Feature */
2910 case 0x1f: /* Unspecified error */ 2911 case 0x1f: /* Unspecified error */
2911 if (conn->out && conn->attempt < 2) { 2912 if (conn->out) {
2912 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 2913 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2913 (hdev->esco_type & EDR_ESCO_MASK); 2914 (hdev->esco_type & EDR_ESCO_MASK);
2914 hci_setup_sync(conn, conn->link->handle); 2915 if (hci_setup_sync(conn, conn->link->handle))
2915 goto unlock; 2916 goto unlock;
2916 } 2917 }
2917 /* fall through */ 2918 /* fall through */
2918 2919
@@ -3024,17 +3025,20 @@ unlock:
3024static u8 hci_get_auth_req(struct hci_conn *conn) 3025static u8 hci_get_auth_req(struct hci_conn *conn)
3025{ 3026{
3026 /* If remote requests dedicated bonding follow that lead */ 3027 /* If remote requests dedicated bonding follow that lead */
3027 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) { 3028 if (conn->remote_auth == HCI_AT_DEDICATED_BONDING ||
3029 conn->remote_auth == HCI_AT_DEDICATED_BONDING_MITM) {
3028 /* If both remote and local IO capabilities allow MITM 3030 /* If both remote and local IO capabilities allow MITM
3029 * protection then require it, otherwise don't */ 3031 * protection then require it, otherwise don't */
3030 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03) 3032 if (conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT ||
3031 return 0x02; 3033 conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)
3034 return HCI_AT_DEDICATED_BONDING;
3032 else 3035 else
3033 return 0x03; 3036 return HCI_AT_DEDICATED_BONDING_MITM;
3034 } 3037 }
3035 3038
3036 /* If remote requests no-bonding follow that lead */ 3039 /* If remote requests no-bonding follow that lead */
3037 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01) 3040 if (conn->remote_auth == HCI_AT_NO_BONDING ||
3041 conn->remote_auth == HCI_AT_NO_BONDING_MITM)
3038 return conn->remote_auth | (conn->auth_type & 0x01); 3042 return conn->remote_auth | (conn->auth_type & 0x01);
3039 3043
3040 return conn->auth_type; 3044 return conn->auth_type;
@@ -3066,7 +3070,7 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3066 /* Change the IO capability from KeyboardDisplay 3070 /* Change the IO capability from KeyboardDisplay
3067 * to DisplayYesNo as it is not supported by BT spec. */ 3071 * to DisplayYesNo as it is not supported by BT spec. */
3068 cp.capability = (conn->io_capability == 0x04) ? 3072 cp.capability = (conn->io_capability == 0x04) ?
3069 0x01 : conn->io_capability; 3073 HCI_IO_DISPLAY_YESNO : conn->io_capability;
3070 conn->auth_type = hci_get_auth_req(conn); 3074 conn->auth_type = hci_get_auth_req(conn);
3071 cp.authentication = conn->auth_type; 3075 cp.authentication = conn->auth_type;
3072 3076
@@ -3140,7 +3144,8 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3140 * request. The only exception is when we're dedicated bonding 3144 * request. The only exception is when we're dedicated bonding
3141 * initiators (connect_cfm_cb set) since then we always have the MITM 3145 * initiators (connect_cfm_cb set) since then we always have the MITM
3142 * bit set. */ 3146 * bit set. */
3143 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) { 3147 if (!conn->connect_cfm_cb && loc_mitm &&
3148 conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) {
3144 BT_DBG("Rejecting request: remote device can't provide MITM"); 3149 BT_DBG("Rejecting request: remote device can't provide MITM");
3145 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, 3150 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3146 sizeof(ev->bdaddr), &ev->bdaddr); 3151 sizeof(ev->bdaddr), &ev->bdaddr);
@@ -3148,8 +3153,8 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3148 } 3153 }
3149 3154
3150 /* If no side requires MITM protection; auto-accept */ 3155 /* If no side requires MITM protection; auto-accept */
3151 if ((!loc_mitm || conn->remote_cap == 0x03) && 3156 if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
3152 (!rem_mitm || conn->io_capability == 0x03)) { 3157 (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
3153 3158
3154 /* If we're not the initiators request authorization to 3159 /* If we're not the initiators request authorization to
3155 * proceed from user space (mgmt_user_confirm with 3160 * proceed from user space (mgmt_user_confirm with
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 0c699cdc3696..13863de433a4 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -238,6 +238,31 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep
238 return hidp_send_intr_message(session, hdr, buf, rsize); 238 return hidp_send_intr_message(session, hdr, buf, rsize);
239} 239}
240 240
241static int hidp_hidinput_event(struct input_dev *dev, unsigned int type,
242 unsigned int code, int value)
243{
244 struct hid_device *hid = input_get_drvdata(dev);
245 struct hidp_session *session = hid->driver_data;
246 struct hid_field *field;
247 int offset;
248
249 BT_DBG("session %p type %d code %d value %d",
250 session, type, code, value);
251
252 if (type != EV_LED)
253 return -1;
254
255 offset = hidinput_find_field(hid, type, code, &field);
256 if (offset == -1) {
257 hid_warn(dev, "event field not found\n");
258 return -1;
259 }
260
261 hid_set_field(field, offset, value);
262
263 return hidp_send_report(session, field->report);
264}
265
241static int hidp_get_raw_report(struct hid_device *hid, 266static int hidp_get_raw_report(struct hid_device *hid,
242 unsigned char report_number, 267 unsigned char report_number,
243 unsigned char *data, size_t count, 268 unsigned char *data, size_t count,
@@ -678,20 +703,6 @@ static int hidp_parse(struct hid_device *hid)
678 703
679static int hidp_start(struct hid_device *hid) 704static int hidp_start(struct hid_device *hid)
680{ 705{
681 struct hidp_session *session = hid->driver_data;
682 struct hid_report *report;
683
684 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
685 return 0;
686
687 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
688 report_list, list)
689 hidp_send_report(session, report);
690
691 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
692 report_list, list)
693 hidp_send_report(session, report);
694
695 return 0; 706 return 0;
696} 707}
697 708
@@ -711,6 +722,7 @@ static struct hid_ll_driver hidp_hid_driver = {
711 .stop = hidp_stop, 722 .stop = hidp_stop,
712 .open = hidp_open, 723 .open = hidp_open,
713 .close = hidp_close, 724 .close = hidp_close,
725 .hidinput_input_event = hidp_hidinput_event,
714}; 726};
715 727
716/* This function sets up the hid device. It does not add it 728/* This function sets up the hid device. It does not add it
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 8c3499bec893..b3bb7bca8e60 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1415,8 +1415,9 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
1415 sk->sk_state_change(sk); 1415 sk->sk_state_change(sk);
1416 release_sock(sk); 1416 release_sock(sk);
1417 1417
1418 } else if (chan->state == BT_CONNECT) 1418 } else if (chan->state == BT_CONNECT) {
1419 l2cap_do_start(chan); 1419 l2cap_do_start(chan);
1420 }
1420 1421
1421 l2cap_chan_unlock(chan); 1422 l2cap_chan_unlock(chan);
1422 } 1423 }
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index b6e44ad6cca6..6d126faf145f 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -58,7 +58,6 @@ struct rfcomm_dev {
58 uint modem_status; 58 uint modem_status;
59 59
60 struct rfcomm_dlc *dlc; 60 struct rfcomm_dlc *dlc;
61 wait_queue_head_t wait;
62 61
63 struct device *tty_dev; 62 struct device *tty_dev;
64 63
@@ -76,13 +75,6 @@ static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig);
76 75
77/* ---- Device functions ---- */ 76/* ---- Device functions ---- */
78 77
79/*
80 * The reason this isn't actually a race, as you no doubt have a little voice
81 * screaming at you in your head, is that the refcount should never actually
82 * reach zero unless the device has already been taken off the list, in
83 * rfcomm_dev_del(). And if that's not true, we'll hit the BUG() in
84 * rfcomm_dev_destruct() anyway.
85 */
86static void rfcomm_dev_destruct(struct tty_port *port) 78static void rfcomm_dev_destruct(struct tty_port *port)
87{ 79{
88 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); 80 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
@@ -90,10 +82,9 @@ static void rfcomm_dev_destruct(struct tty_port *port)
90 82
91 BT_DBG("dev %p dlc %p", dev, dlc); 83 BT_DBG("dev %p dlc %p", dev, dlc);
92 84
93 /* Refcount should only hit zero when called from rfcomm_dev_del() 85 spin_lock(&rfcomm_dev_lock);
94 which will have taken us off the list. Everything else are 86 list_del(&dev->list);
95 refcounting bugs. */ 87 spin_unlock(&rfcomm_dev_lock);
96 BUG_ON(!list_empty(&dev->list));
97 88
98 rfcomm_dlc_lock(dlc); 89 rfcomm_dlc_lock(dlc);
99 /* Detach DLC if it's owned by this dev */ 90 /* Detach DLC if it's owned by this dev */
@@ -112,8 +103,39 @@ static void rfcomm_dev_destruct(struct tty_port *port)
112 module_put(THIS_MODULE); 103 module_put(THIS_MODULE);
113} 104}
114 105
106/* device-specific initialization: open the dlc */
107static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
108{
109 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
110
111 return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
112}
113
114/* we block the open until the dlc->state becomes BT_CONNECTED */
115static int rfcomm_dev_carrier_raised(struct tty_port *port)
116{
117 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
118
119 return (dev->dlc->state == BT_CONNECTED);
120}
121
122/* device-specific cleanup: close the dlc */
123static void rfcomm_dev_shutdown(struct tty_port *port)
124{
125 struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
126
127 if (dev->tty_dev->parent)
128 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
129
130 /* close the dlc */
131 rfcomm_dlc_close(dev->dlc, 0);
132}
133
115static const struct tty_port_operations rfcomm_port_ops = { 134static const struct tty_port_operations rfcomm_port_ops = {
116 .destruct = rfcomm_dev_destruct, 135 .destruct = rfcomm_dev_destruct,
136 .activate = rfcomm_dev_activate,
137 .shutdown = rfcomm_dev_shutdown,
138 .carrier_raised = rfcomm_dev_carrier_raised,
117}; 139};
118 140
119static struct rfcomm_dev *__rfcomm_dev_get(int id) 141static struct rfcomm_dev *__rfcomm_dev_get(int id)
@@ -236,7 +258,6 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
236 258
237 tty_port_init(&dev->port); 259 tty_port_init(&dev->port);
238 dev->port.ops = &rfcomm_port_ops; 260 dev->port.ops = &rfcomm_port_ops;
239 init_waitqueue_head(&dev->wait);
240 261
241 skb_queue_head_init(&dev->pending); 262 skb_queue_head_init(&dev->pending);
242 263
@@ -282,7 +303,9 @@ out:
282 dev->id, NULL); 303 dev->id, NULL);
283 if (IS_ERR(dev->tty_dev)) { 304 if (IS_ERR(dev->tty_dev)) {
284 err = PTR_ERR(dev->tty_dev); 305 err = PTR_ERR(dev->tty_dev);
306 spin_lock(&rfcomm_dev_lock);
285 list_del(&dev->list); 307 list_del(&dev->list);
308 spin_unlock(&rfcomm_dev_lock);
286 goto free; 309 goto free;
287 } 310 }
288 311
@@ -301,27 +324,6 @@ free:
301 return err; 324 return err;
302} 325}
303 326
304static void rfcomm_dev_del(struct rfcomm_dev *dev)
305{
306 unsigned long flags;
307 BT_DBG("dev %p", dev);
308
309 BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags));
310
311 spin_lock_irqsave(&dev->port.lock, flags);
312 if (dev->port.count > 0) {
313 spin_unlock_irqrestore(&dev->port.lock, flags);
314 return;
315 }
316 spin_unlock_irqrestore(&dev->port.lock, flags);
317
318 spin_lock(&rfcomm_dev_lock);
319 list_del_init(&dev->list);
320 spin_unlock(&rfcomm_dev_lock);
321
322 tty_port_put(&dev->port);
323}
324
325/* ---- Send buffer ---- */ 327/* ---- Send buffer ---- */
326static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) 328static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
327{ 329{
@@ -333,10 +335,9 @@ static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc)
333static void rfcomm_wfree(struct sk_buff *skb) 335static void rfcomm_wfree(struct sk_buff *skb)
334{ 336{
335 struct rfcomm_dev *dev = (void *) skb->sk; 337 struct rfcomm_dev *dev = (void *) skb->sk;
336 struct tty_struct *tty = dev->port.tty;
337 atomic_sub(skb->truesize, &dev->wmem_alloc); 338 atomic_sub(skb->truesize, &dev->wmem_alloc);
338 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags) && tty) 339 if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags))
339 tty_wakeup(tty); 340 tty_port_tty_wakeup(&dev->port);
340 tty_port_put(&dev->port); 341 tty_port_put(&dev->port);
341} 342}
342 343
@@ -410,6 +411,7 @@ static int rfcomm_release_dev(void __user *arg)
410{ 411{
411 struct rfcomm_dev_req req; 412 struct rfcomm_dev_req req;
412 struct rfcomm_dev *dev; 413 struct rfcomm_dev *dev;
414 struct tty_struct *tty;
413 415
414 if (copy_from_user(&req, arg, sizeof(req))) 416 if (copy_from_user(&req, arg, sizeof(req)))
415 return -EFAULT; 417 return -EFAULT;
@@ -429,11 +431,15 @@ static int rfcomm_release_dev(void __user *arg)
429 rfcomm_dlc_close(dev->dlc, 0); 431 rfcomm_dlc_close(dev->dlc, 0);
430 432
431 /* Shut down TTY synchronously before freeing rfcomm_dev */ 433 /* Shut down TTY synchronously before freeing rfcomm_dev */
432 if (dev->port.tty) 434 tty = tty_port_tty_get(&dev->port);
433 tty_vhangup(dev->port.tty); 435 if (tty) {
436 tty_vhangup(tty);
437 tty_kref_put(tty);
438 }
439
440 if (!test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags))
441 tty_port_put(&dev->port);
434 442
435 if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
436 rfcomm_dev_del(dev);
437 tty_port_put(&dev->port); 443 tty_port_put(&dev->port);
438 return 0; 444 return 0;
439} 445}
@@ -563,16 +569,21 @@ static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
563static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 569static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
564{ 570{
565 struct rfcomm_dev *dev = dlc->owner; 571 struct rfcomm_dev *dev = dlc->owner;
572 struct tty_struct *tty;
566 if (!dev) 573 if (!dev)
567 return; 574 return;
568 575
569 BT_DBG("dlc %p dev %p err %d", dlc, dev, err); 576 BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
570 577
571 dev->err = err; 578 dev->err = err;
572 wake_up_interruptible(&dev->wait); 579 if (dlc->state == BT_CONNECTED) {
580 device_move(dev->tty_dev, rfcomm_get_device(dev),
581 DPM_ORDER_DEV_AFTER_PARENT);
573 582
574 if (dlc->state == BT_CLOSED) { 583 wake_up_interruptible(&dev->port.open_wait);
575 if (!dev->port.tty) { 584 } else if (dlc->state == BT_CLOSED) {
585 tty = tty_port_tty_get(&dev->port);
586 if (!tty) {
576 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 587 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) {
577 /* Drop DLC lock here to avoid deadlock 588 /* Drop DLC lock here to avoid deadlock
578 * 1. rfcomm_dev_get will take rfcomm_dev_lock 589 * 1. rfcomm_dev_get will take rfcomm_dev_lock
@@ -580,6 +591,9 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
580 * rfcomm_dev_lock -> dlc lock 591 * rfcomm_dev_lock -> dlc lock
581 * 2. tty_port_put will deadlock if it's 592 * 2. tty_port_put will deadlock if it's
582 * the last reference 593 * the last reference
594 *
595 * FIXME: when we release the lock anything
596 * could happen to dev, even its destruction
583 */ 597 */
584 rfcomm_dlc_unlock(dlc); 598 rfcomm_dlc_unlock(dlc);
585 if (rfcomm_dev_get(dev->id) == NULL) { 599 if (rfcomm_dev_get(dev->id) == NULL) {
@@ -587,12 +601,17 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
587 return; 601 return;
588 } 602 }
589 603
590 rfcomm_dev_del(dev); 604 if (!test_and_set_bit(RFCOMM_TTY_RELEASED,
605 &dev->flags))
606 tty_port_put(&dev->port);
607
591 tty_port_put(&dev->port); 608 tty_port_put(&dev->port);
592 rfcomm_dlc_lock(dlc); 609 rfcomm_dlc_lock(dlc);
593 } 610 }
594 } else 611 } else {
595 tty_hangup(dev->port.tty); 612 tty_hangup(tty);
613 tty_kref_put(tty);
614 }
596 } 615 }
597} 616}
598 617
@@ -604,10 +623,8 @@ static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)
604 623
605 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig); 624 BT_DBG("dlc %p dev %p v24_sig 0x%02x", dlc, dev, v24_sig);
606 625
607 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV)) { 626 if ((dev->modem_status & TIOCM_CD) && !(v24_sig & RFCOMM_V24_DV))
608 if (dev->port.tty && !C_CLOCAL(dev->port.tty)) 627 tty_port_tty_hangup(&dev->port, true);
609 tty_hangup(dev->port.tty);
610 }
611 628
612 dev->modem_status = 629 dev->modem_status =
613 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | 630 ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) |
@@ -638,124 +655,92 @@ static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
638 tty_flip_buffer_push(&dev->port); 655 tty_flip_buffer_push(&dev->port);
639} 656}
640 657
641static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 658/* do the reverse of install, clearing the tty fields and releasing the
659 * reference to tty_port
660 */
661static void rfcomm_tty_cleanup(struct tty_struct *tty)
642{ 662{
643 DECLARE_WAITQUEUE(wait, current); 663 struct rfcomm_dev *dev = tty->driver_data;
644 struct rfcomm_dev *dev;
645 struct rfcomm_dlc *dlc;
646 unsigned long flags;
647 int err, id;
648 664
649 id = tty->index; 665 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
650 666
651 BT_DBG("tty %p id %d", tty, id); 667 rfcomm_dlc_lock(dev->dlc);
668 tty->driver_data = NULL;
669 rfcomm_dlc_unlock(dev->dlc);
652 670
653 /* We don't leak this refcount. For reasons which are not entirely 671 /*
654 clear, the TTY layer will call our ->close() method even if the 672 * purge the dlc->tx_queue to avoid circular dependencies
655 open fails. We decrease the refcount there, and decreasing it 673 * between dev and dlc
656 here too would cause breakage. */ 674 */
657 dev = rfcomm_dev_get(id); 675 skb_queue_purge(&dev->dlc->tx_queue);
658 if (!dev)
659 return -ENODEV;
660 676
661 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, 677 tty_port_put(&dev->port);
662 dev->channel, dev->port.count); 678}
663 679
664 spin_lock_irqsave(&dev->port.lock, flags); 680/* we acquire the tty_port reference since it's here the tty is first used
665 if (++dev->port.count > 1) { 681 * by setting the termios. We also populate the driver_data field and install
666 spin_unlock_irqrestore(&dev->port.lock, flags); 682 * the tty port
667 return 0; 683 */
668 } 684static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty)
669 spin_unlock_irqrestore(&dev->port.lock, flags); 685{
686 struct rfcomm_dev *dev;
687 struct rfcomm_dlc *dlc;
688 int err;
689
690 dev = rfcomm_dev_get(tty->index);
691 if (!dev)
692 return -ENODEV;
670 693
671 dlc = dev->dlc; 694 dlc = dev->dlc;
672 695
673 /* Attach TTY and open DLC */ 696 /* Attach TTY and open DLC */
674
675 rfcomm_dlc_lock(dlc); 697 rfcomm_dlc_lock(dlc);
676 tty->driver_data = dev; 698 tty->driver_data = dev;
677 dev->port.tty = tty;
678 rfcomm_dlc_unlock(dlc); 699 rfcomm_dlc_unlock(dlc);
679 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags); 700 set_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
680 701
681 err = rfcomm_dlc_open(dlc, &dev->src, &dev->dst, dev->channel); 702 /* install the tty_port */
682 if (err < 0) 703 err = tty_port_install(&dev->port, driver, tty);
683 return err; 704 if (err)
684 705 rfcomm_tty_cleanup(tty);
685 /* Wait for DLC to connect */
686 add_wait_queue(&dev->wait, &wait);
687 while (1) {
688 set_current_state(TASK_INTERRUPTIBLE);
689 706
690 if (dlc->state == BT_CLOSED) { 707 return err;
691 err = -dev->err; 708}
692 break;
693 }
694 709
695 if (dlc->state == BT_CONNECTED) 710static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
696 break; 711{
712 struct rfcomm_dev *dev = tty->driver_data;
713 int err;
697 714
698 if (signal_pending(current)) { 715 BT_DBG("tty %p id %d", tty, tty->index);
699 err = -EINTR;
700 break;
701 }
702 716
703 tty_unlock(tty); 717 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
704 schedule(); 718 dev->channel, dev->port.count);
705 tty_lock(tty);
706 }
707 set_current_state(TASK_RUNNING);
708 remove_wait_queue(&dev->wait, &wait);
709 719
710 if (err == 0) 720 err = tty_port_open(&dev->port, tty, filp);
711 device_move(dev->tty_dev, rfcomm_get_device(dev), 721 if (err)
712 DPM_ORDER_DEV_AFTER_PARENT); 722 return err;
713 723
724 /*
725 * FIXME: rfcomm should use proper flow control for
726 * received data. This hack will be unnecessary and can
727 * be removed when that's implemented
728 */
714 rfcomm_tty_copy_pending(dev); 729 rfcomm_tty_copy_pending(dev);
715 730
716 rfcomm_dlc_unthrottle(dev->dlc); 731 rfcomm_dlc_unthrottle(dev->dlc);
717 732
718 return err; 733 return 0;
719} 734}
720 735
721static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) 736static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
722{ 737{
723 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; 738 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
724 unsigned long flags;
725
726 if (!dev)
727 return;
728 739
729 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, 740 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
730 dev->port.count); 741 dev->port.count);
731 742
732 spin_lock_irqsave(&dev->port.lock, flags); 743 tty_port_close(&dev->port, tty, filp);
733 if (!--dev->port.count) {
734 spin_unlock_irqrestore(&dev->port.lock, flags);
735 if (dev->tty_dev->parent)
736 device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
737
738 /* Close DLC and dettach TTY */
739 rfcomm_dlc_close(dev->dlc, 0);
740
741 clear_bit(RFCOMM_TTY_ATTACHED, &dev->flags);
742
743 rfcomm_dlc_lock(dev->dlc);
744 tty->driver_data = NULL;
745 dev->port.tty = NULL;
746 rfcomm_dlc_unlock(dev->dlc);
747
748 if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) {
749 spin_lock(&rfcomm_dev_lock);
750 list_del_init(&dev->list);
751 spin_unlock(&rfcomm_dev_lock);
752
753 tty_port_put(&dev->port);
754 }
755 } else
756 spin_unlock_irqrestore(&dev->port.lock, flags);
757
758 tty_port_put(&dev->port);
759} 744}
760 745
761static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count) 746static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, int count)
@@ -1055,17 +1040,11 @@ static void rfcomm_tty_hangup(struct tty_struct *tty)
1055 1040
1056 BT_DBG("tty %p dev %p", tty, dev); 1041 BT_DBG("tty %p dev %p", tty, dev);
1057 1042
1058 if (!dev) 1043 tty_port_hangup(&dev->port);
1059 return;
1060
1061 rfcomm_tty_flush_buffer(tty);
1062 1044
1063 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 1045 if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags) &&
1064 if (rfcomm_dev_get(dev->id) == NULL) 1046 !test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags))
1065 return;
1066 rfcomm_dev_del(dev);
1067 tty_port_put(&dev->port); 1047 tty_port_put(&dev->port);
1068 }
1069} 1048}
1070 1049
1071static int rfcomm_tty_tiocmget(struct tty_struct *tty) 1050static int rfcomm_tty_tiocmget(struct tty_struct *tty)
@@ -1128,6 +1107,8 @@ static const struct tty_operations rfcomm_ops = {
1128 .wait_until_sent = rfcomm_tty_wait_until_sent, 1107 .wait_until_sent = rfcomm_tty_wait_until_sent,
1129 .tiocmget = rfcomm_tty_tiocmget, 1108 .tiocmget = rfcomm_tty_tiocmget,
1130 .tiocmset = rfcomm_tty_tiocmset, 1109 .tiocmset = rfcomm_tty_tiocmset,
1110 .install = rfcomm_tty_install,
1111 .cleanup = rfcomm_tty_cleanup,
1131}; 1112};
1132 1113
1133int __init rfcomm_init_ttys(void) 1114int __init rfcomm_init_ttys(void)
@@ -1146,7 +1127,7 @@ int __init rfcomm_init_ttys(void)
1146 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; 1127 rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1147 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1128 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1148 rfcomm_tty_driver->init_termios = tty_std_termios; 1129 rfcomm_tty_driver->init_termios = tty_std_termios;
1149 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1130 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1150 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; 1131 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1151 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1132 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1152 1133
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index e7bd4eea575c..96bd388d93a4 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -176,8 +176,13 @@ static int sco_connect(struct sock *sk)
176 else 176 else
177 type = SCO_LINK; 177 type = SCO_LINK;
178 178
179 hcon = hci_connect(hdev, type, dst, BDADDR_BREDR, BT_SECURITY_LOW, 179 if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT &&
180 HCI_AT_NO_BONDING); 180 (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) {
181 err = -EOPNOTSUPP;
182 goto done;
183 }
184
185 hcon = hci_connect_sco(hdev, type, dst, sco_pi(sk)->setting);
181 if (IS_ERR(hcon)) { 186 if (IS_ERR(hcon)) {
182 err = PTR_ERR(hcon); 187 err = PTR_ERR(hcon);
183 goto done; 188 goto done;
@@ -417,6 +422,8 @@ static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int pro
417 sk->sk_protocol = proto; 422 sk->sk_protocol = proto;
418 sk->sk_state = BT_OPEN; 423 sk->sk_state = BT_OPEN;
419 424
425 sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
426
420 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk); 427 setup_timer(&sk->sk_timer, sco_sock_timeout, (unsigned long)sk);
421 428
422 bt_sock_link(&sco_sk_list, sk); 429 bt_sock_link(&sco_sk_list, sk);
@@ -652,7 +659,7 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
652 return err; 659 return err;
653} 660}
654 661
655static void sco_conn_defer_accept(struct hci_conn *conn, int mask) 662static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting)
656{ 663{
657 struct hci_dev *hdev = conn->hdev; 664 struct hci_dev *hdev = conn->hdev;
658 665
@@ -664,11 +671,7 @@ static void sco_conn_defer_accept(struct hci_conn *conn, int mask)
664 struct hci_cp_accept_conn_req cp; 671 struct hci_cp_accept_conn_req cp;
665 672
666 bacpy(&cp.bdaddr, &conn->dst); 673 bacpy(&cp.bdaddr, &conn->dst);
667 674 cp.role = 0x00; /* Ignored */
668 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
669 cp.role = 0x00; /* Become master */
670 else
671 cp.role = 0x01; /* Remain slave */
672 675
673 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 676 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
674 } else { 677 } else {
@@ -679,9 +682,21 @@ static void sco_conn_defer_accept(struct hci_conn *conn, int mask)
679 682
680 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); 683 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
681 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); 684 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
682 cp.max_latency = __constant_cpu_to_le16(0xffff); 685 cp.content_format = cpu_to_le16(setting);
683 cp.content_format = cpu_to_le16(hdev->voice_setting); 686
684 cp.retrans_effort = 0xff; 687 switch (setting & SCO_AIRMODE_MASK) {
688 case SCO_AIRMODE_TRANSP:
689 if (conn->pkt_type & ESCO_2EV3)
690 cp.max_latency = __constant_cpu_to_le16(0x0008);
691 else
692 cp.max_latency = __constant_cpu_to_le16(0x000D);
693 cp.retrans_effort = 0x02;
694 break;
695 case SCO_AIRMODE_CVSD:
696 cp.max_latency = __constant_cpu_to_le16(0xffff);
697 cp.retrans_effort = 0xff;
698 break;
699 }
685 700
686 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 701 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
687 sizeof(cp), &cp); 702 sizeof(cp), &cp);
@@ -698,7 +713,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
698 713
699 if (sk->sk_state == BT_CONNECT2 && 714 if (sk->sk_state == BT_CONNECT2 &&
700 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 715 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
701 sco_conn_defer_accept(pi->conn->hcon, 0); 716 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
702 sk->sk_state = BT_CONFIG; 717 sk->sk_state = BT_CONFIG;
703 msg->msg_namelen = 0; 718 msg->msg_namelen = 0;
704 719
@@ -714,7 +729,8 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
714static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 729static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
715{ 730{
716 struct sock *sk = sock->sk; 731 struct sock *sk = sock->sk;
717 int err = 0; 732 int len, err = 0;
733 struct bt_voice voice;
718 u32 opt; 734 u32 opt;
719 735
720 BT_DBG("sk %p", sk); 736 BT_DBG("sk %p", sk);
@@ -740,6 +756,31 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char
740 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 756 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
741 break; 757 break;
742 758
759 case BT_VOICE:
760 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
761 sk->sk_state != BT_CONNECT2) {
762 err = -EINVAL;
763 break;
764 }
765
766 voice.setting = sco_pi(sk)->setting;
767
768 len = min_t(unsigned int, sizeof(voice), optlen);
769 if (copy_from_user((char *) &voice, optval, len)) {
770 err = -EFAULT;
771 break;
772 }
773
774 /* Explicitly check for these values */
775 if (voice.setting != BT_VOICE_TRANSPARENT &&
776 voice.setting != BT_VOICE_CVSD_16BIT) {
777 err = -EINVAL;
778 break;
779 }
780
781 sco_pi(sk)->setting = voice.setting;
782 break;
783
743 default: 784 default:
744 err = -ENOPROTOOPT; 785 err = -ENOPROTOOPT;
745 break; 786 break;
@@ -765,7 +806,9 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user
765 806
766 switch (optname) { 807 switch (optname) {
767 case SCO_OPTIONS: 808 case SCO_OPTIONS:
768 if (sk->sk_state != BT_CONNECTED) { 809 if (sk->sk_state != BT_CONNECTED &&
810 !(sk->sk_state == BT_CONNECT2 &&
811 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
769 err = -ENOTCONN; 812 err = -ENOTCONN;
770 break; 813 break;
771 } 814 }
@@ -781,7 +824,9 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user
781 break; 824 break;
782 825
783 case SCO_CONNINFO: 826 case SCO_CONNINFO:
784 if (sk->sk_state != BT_CONNECTED) { 827 if (sk->sk_state != BT_CONNECTED &&
828 !(sk->sk_state == BT_CONNECT2 &&
829 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))) {
785 err = -ENOTCONN; 830 err = -ENOTCONN;
786 break; 831 break;
787 } 832 }
@@ -809,6 +854,7 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char
809{ 854{
810 struct sock *sk = sock->sk; 855 struct sock *sk = sock->sk;
811 int len, err = 0; 856 int len, err = 0;
857 struct bt_voice voice;
812 858
813 BT_DBG("sk %p", sk); 859 BT_DBG("sk %p", sk);
814 860
@@ -834,6 +880,15 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char
834 880
835 break; 881 break;
836 882
883 case BT_VOICE:
884 voice.setting = sco_pi(sk)->setting;
885
886 len = min_t(unsigned int, len, sizeof(voice));
887 if (copy_to_user(optval, (char *)&voice, len))
888 err = -EFAULT;
889
890 break;
891
837 default: 892 default:
838 err = -ENOPROTOOPT; 893 err = -ENOPROTOOPT;
839 break; 894 break;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-01 22:35:20 -0500