aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2013-11-04 14:51:28 -0500
committerJohn W. Linville <linville@tuxdriver.com>2013-11-04 14:51:28 -0500
commit87bc0728d462ae37841a550542829aa65a97e7c2 (patch)
tree266afb90f501b814c0a79f10a7afd86a6a33d631 /net
parentf421436a591d34fa5279b54a96ac07d70250cc8d (diff)
parent01925efdf7e03b4b803b5c9f985163d687f7f017 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
Conflicts: drivers/net/wireless/brcm80211/brcmfmac/sdio_host.h
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/a2mp.c63
-rw-r--r--net/bluetooth/a2mp.h150
-rw-r--r--net/bluetooth/af_bluetooth.c23
-rw-r--r--net/bluetooth/amp.c10
-rw-r--r--net/bluetooth/amp.h54
-rw-r--r--net/bluetooth/bnep/core.c18
-rw-r--r--net/bluetooth/cmtp/core.c6
-rw-r--r--net/bluetooth/hci_conn.c156
-rw-r--r--net/bluetooth/hci_core.c156
-rw-r--r--net/bluetooth/hci_event.c103
-rw-r--r--net/bluetooth/hci_sock.c10
-rw-r--r--net/bluetooth/hidp/core.c18
-rw-r--r--net/bluetooth/l2cap_core.c221
-rw-r--r--net/bluetooth/l2cap_sock.c86
-rw-r--r--net/bluetooth/mgmt.c550
-rw-r--r--net/bluetooth/rfcomm/core.c19
-rw-r--r--net/bluetooth/rfcomm/sock.c28
-rw-r--r--net/bluetooth/sco.c44
-rw-r--r--net/bluetooth/smp.c81
-rw-r--r--net/bluetooth/smp.h146
-rw-r--r--net/mac80211/ieee80211_i.h1
-rw-r--r--net/mac80211/mlme.c95
-rw-r--r--net/mac80211/rate.c15
-rw-r--r--net/nfc/Kconfig14
-rw-r--r--net/nfc/Makefile2
-rw-r--r--net/nfc/core.c22
-rw-r--r--net/nfc/digital.h170
-rw-r--r--net/nfc/digital_core.c737
-rw-r--r--net/nfc/digital_dep.c729
-rw-r--r--net/nfc/digital_technology.c770
-rw-r--r--net/nfc/nci/spi.c239
-rw-r--r--net/nfc/netlink.c91
-rw-r--r--net/nfc/rawsock.c7
-rw-r--r--net/wireless/reg.c27
34 files changed, 4116 insertions, 745 deletions
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index 17f33a62f6db..60ca52819247 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -15,8 +15,9 @@
15#include <net/bluetooth/bluetooth.h> 15#include <net/bluetooth/bluetooth.h>
16#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/l2cap.h> 17#include <net/bluetooth/l2cap.h>
18#include <net/bluetooth/a2mp.h> 18
19#include <net/bluetooth/amp.h> 19#include "a2mp.h"
20#include "amp.h"
20 21
21/* Global AMP Manager list */ 22/* Global AMP Manager list */
22LIST_HEAD(amp_mgr_list); 23LIST_HEAD(amp_mgr_list);
@@ -75,33 +76,26 @@ u8 __next_ident(struct amp_mgr *mgr)
75 return mgr->ident; 76 return mgr->ident;
76} 77}
77 78
78static inline void __a2mp_cl_bredr(struct a2mp_cl *cl)
79{
80 cl->id = 0;
81 cl->type = 0;
82 cl->status = 1;
83}
84
85/* hci_dev_list shall be locked */ 79/* hci_dev_list shall be locked */
86static void __a2mp_add_cl(struct amp_mgr *mgr, struct a2mp_cl *cl, u8 num_ctrl) 80static void __a2mp_add_cl(struct amp_mgr *mgr, struct a2mp_cl *cl)
87{ 81{
88 int i = 0;
89 struct hci_dev *hdev; 82 struct hci_dev *hdev;
83 int i = 1;
90 84
91 __a2mp_cl_bredr(cl); 85 cl[0].id = AMP_ID_BREDR;
86 cl[0].type = AMP_TYPE_BREDR;
87 cl[0].status = AMP_STATUS_BLUETOOTH_ONLY;
92 88
93 list_for_each_entry(hdev, &hci_dev_list, list) { 89 list_for_each_entry(hdev, &hci_dev_list, list) {
94 /* Iterate through AMP controllers */ 90 if (hdev->dev_type == HCI_AMP) {
95 if (hdev->id == HCI_BREDR_ID) 91 cl[i].id = hdev->id;
96 continue; 92 cl[i].type = hdev->amp_type;
97 93 if (test_bit(HCI_UP, &hdev->flags))
98 /* Starting from second entry */ 94 cl[i].status = hdev->amp_status;
99 if (++i >= num_ctrl) 95 else
100 return; 96 cl[i].status = AMP_STATUS_POWERED_DOWN;
101 97 i++;
102 cl[i].id = hdev->id; 98 }
103 cl[i].type = hdev->amp_type;
104 cl[i].status = hdev->amp_status;
105 } 99 }
106} 100}
107 101
@@ -129,6 +123,7 @@ static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
129 struct a2mp_discov_rsp *rsp; 123 struct a2mp_discov_rsp *rsp;
130 u16 ext_feat; 124 u16 ext_feat;
131 u8 num_ctrl; 125 u8 num_ctrl;
126 struct hci_dev *hdev;
132 127
133 if (len < sizeof(*req)) 128 if (len < sizeof(*req))
134 return -EINVAL; 129 return -EINVAL;
@@ -152,7 +147,14 @@ static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
152 147
153 read_lock(&hci_dev_list_lock); 148 read_lock(&hci_dev_list_lock);
154 149
155 num_ctrl = __hci_num_ctrl(); 150 /* at minimum the BR/EDR needs to be listed */
151 num_ctrl = 1;
152
153 list_for_each_entry(hdev, &hci_dev_list, list) {
154 if (hdev->dev_type == HCI_AMP)
155 num_ctrl++;
156 }
157
156 len = num_ctrl * sizeof(struct a2mp_cl) + sizeof(*rsp); 158 len = num_ctrl * sizeof(struct a2mp_cl) + sizeof(*rsp);
157 rsp = kmalloc(len, GFP_ATOMIC); 159 rsp = kmalloc(len, GFP_ATOMIC);
158 if (!rsp) { 160 if (!rsp) {
@@ -163,7 +165,7 @@ static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
163 rsp->mtu = __constant_cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU); 165 rsp->mtu = __constant_cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
164 rsp->ext_feat = 0; 166 rsp->ext_feat = 0;
165 167
166 __a2mp_add_cl(mgr, rsp->cl, num_ctrl); 168 __a2mp_add_cl(mgr, rsp->cl);
167 169
168 read_unlock(&hci_dev_list_lock); 170 read_unlock(&hci_dev_list_lock);
169 171
@@ -208,7 +210,7 @@ static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
208 BT_DBG("Remote AMP id %d type %d status %d", cl->id, cl->type, 210 BT_DBG("Remote AMP id %d type %d status %d", cl->id, cl->type,
209 cl->status); 211 cl->status);
210 212
211 if (cl->id != HCI_BREDR_ID && cl->type == HCI_AMP) { 213 if (cl->id != AMP_ID_BREDR && cl->type != AMP_TYPE_BREDR) {
212 struct a2mp_info_req req; 214 struct a2mp_info_req req;
213 215
214 found = true; 216 found = true;
@@ -344,7 +346,7 @@ static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
344 tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC); 346 tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
345 347
346 hdev = hci_dev_get(req->id); 348 hdev = hci_dev_get(req->id);
347 if (!hdev || hdev->amp_type == HCI_BREDR || tmp) { 349 if (!hdev || hdev->amp_type == AMP_TYPE_BREDR || tmp) {
348 struct a2mp_amp_assoc_rsp rsp; 350 struct a2mp_amp_assoc_rsp rsp;
349 rsp.id = req->id; 351 rsp.id = req->id;
350 352
@@ -451,7 +453,7 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
451 rsp.remote_id = req->local_id; 453 rsp.remote_id = req->local_id;
452 454
453 hdev = hci_dev_get(req->remote_id); 455 hdev = hci_dev_get(req->remote_id);
454 if (!hdev || hdev->amp_type != HCI_AMP) { 456 if (!hdev || hdev->amp_type == AMP_TYPE_BREDR) {
455 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 457 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
456 goto send_rsp; 458 goto send_rsp;
457 } 459 }
@@ -535,7 +537,8 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
535 goto send_rsp; 537 goto send_rsp;
536 } 538 }
537 539
538 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, mgr->l2cap_conn->dst); 540 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK,
541 &mgr->l2cap_conn->hcon->dst);
539 if (!hcon) { 542 if (!hcon) {
540 BT_ERR("No phys link exist"); 543 BT_ERR("No phys link exist");
541 rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS; 544 rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS;
@@ -871,7 +874,7 @@ void a2mp_send_getinfo_rsp(struct hci_dev *hdev)
871 rsp.id = hdev->id; 874 rsp.id = hdev->id;
872 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 875 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
873 876
874 if (hdev->amp_type != HCI_BREDR) { 877 if (hdev->amp_type != AMP_TYPE_BREDR) {
875 rsp.status = 0; 878 rsp.status = 0;
876 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw); 879 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
877 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw); 880 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
diff --git a/net/bluetooth/a2mp.h b/net/bluetooth/a2mp.h
new file mode 100644
index 000000000000..487b54c1308f
--- /dev/null
+++ b/net/bluetooth/a2mp.h
@@ -0,0 +1,150 @@
1/*
2 Copyright (c) 2010,2011 Code Aurora Forum. All rights reserved.
3 Copyright (c) 2011,2012 Intel Corp.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 and
7 only version 2 as published by the Free Software Foundation.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13*/
14
15#ifndef __A2MP_H
16#define __A2MP_H
17
18#include <net/bluetooth/l2cap.h>
19
20#define A2MP_FEAT_EXT 0x8000
21
22enum amp_mgr_state {
23 READ_LOC_AMP_INFO,
24 READ_LOC_AMP_ASSOC,
25 READ_LOC_AMP_ASSOC_FINAL,
26 WRITE_REMOTE_AMP_ASSOC,
27};
28
29struct amp_mgr {
30 struct list_head list;
31 struct l2cap_conn *l2cap_conn;
32 struct l2cap_chan *a2mp_chan;
33 struct l2cap_chan *bredr_chan;
34 struct kref kref;
35 __u8 ident;
36 __u8 handle;
37 unsigned long state;
38 unsigned long flags;
39
40 struct list_head amp_ctrls;
41 struct mutex amp_ctrls_lock;
42};
43
44struct a2mp_cmd {
45 __u8 code;
46 __u8 ident;
47 __le16 len;
48 __u8 data[0];
49} __packed;
50
51/* A2MP command codes */
52#define A2MP_COMMAND_REJ 0x01
53struct a2mp_cmd_rej {
54 __le16 reason;
55 __u8 data[0];
56} __packed;
57
58#define A2MP_DISCOVER_REQ 0x02
59struct a2mp_discov_req {
60 __le16 mtu;
61 __le16 ext_feat;
62} __packed;
63
64struct a2mp_cl {
65 __u8 id;
66 __u8 type;
67 __u8 status;
68} __packed;
69
70#define A2MP_DISCOVER_RSP 0x03
71struct a2mp_discov_rsp {
72 __le16 mtu;
73 __le16 ext_feat;
74 struct a2mp_cl cl[0];
75} __packed;
76
77#define A2MP_CHANGE_NOTIFY 0x04
78#define A2MP_CHANGE_RSP 0x05
79
80#define A2MP_GETINFO_REQ 0x06
81struct a2mp_info_req {
82 __u8 id;
83} __packed;
84
85#define A2MP_GETINFO_RSP 0x07
86struct a2mp_info_rsp {
87 __u8 id;
88 __u8 status;
89 __le32 total_bw;
90 __le32 max_bw;
91 __le32 min_latency;
92 __le16 pal_cap;
93 __le16 assoc_size;
94} __packed;
95
96#define A2MP_GETAMPASSOC_REQ 0x08
97struct a2mp_amp_assoc_req {
98 __u8 id;
99} __packed;
100
101#define A2MP_GETAMPASSOC_RSP 0x09
102struct a2mp_amp_assoc_rsp {
103 __u8 id;
104 __u8 status;
105 __u8 amp_assoc[0];
106} __packed;
107
108#define A2MP_CREATEPHYSLINK_REQ 0x0A
109#define A2MP_DISCONNPHYSLINK_REQ 0x0C
110struct a2mp_physlink_req {
111 __u8 local_id;
112 __u8 remote_id;
113 __u8 amp_assoc[0];
114} __packed;
115
116#define A2MP_CREATEPHYSLINK_RSP 0x0B
117#define A2MP_DISCONNPHYSLINK_RSP 0x0D
118struct a2mp_physlink_rsp {
119 __u8 local_id;
120 __u8 remote_id;
121 __u8 status;
122} __packed;
123
124/* A2MP response status */
125#define A2MP_STATUS_SUCCESS 0x00
126#define A2MP_STATUS_INVALID_CTRL_ID 0x01
127#define A2MP_STATUS_UNABLE_START_LINK_CREATION 0x02
128#define A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS 0x02
129#define A2MP_STATUS_COLLISION_OCCURED 0x03
130#define A2MP_STATUS_DISCONN_REQ_RECVD 0x04
131#define A2MP_STATUS_PHYS_LINK_EXISTS 0x05
132#define A2MP_STATUS_SECURITY_VIOLATION 0x06
133
134extern struct list_head amp_mgr_list;
135extern struct mutex amp_mgr_list_lock;
136
137struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr);
138int amp_mgr_put(struct amp_mgr *mgr);
139u8 __next_ident(struct amp_mgr *mgr);
140struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
141 struct sk_buff *skb);
142struct amp_mgr *amp_mgr_lookup_by_state(u8 state);
143void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data);
144void a2mp_discover_amp(struct l2cap_chan *chan);
145void a2mp_send_getinfo_rsp(struct hci_dev *hdev);
146void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status);
147void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status);
148void a2mp_send_create_phy_link_rsp(struct hci_dev *hdev, u8 status);
149
150#endif /* __A2MP_H */
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index e6e1278dca89..1f1a1118f489 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -30,7 +30,7 @@
30#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/bluetooth.h>
31#include <linux/proc_fs.h> 31#include <linux/proc_fs.h>
32 32
33#define VERSION "2.16" 33#define VERSION "2.17"
34 34
35/* Bluetooth sockets */ 35/* Bluetooth sockets */
36#define BT_MAX_PROTO 8 36#define BT_MAX_PROTO 8
@@ -221,12 +221,12 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
221 if (flags & (MSG_OOB)) 221 if (flags & (MSG_OOB))
222 return -EOPNOTSUPP; 222 return -EOPNOTSUPP;
223 223
224 msg->msg_namelen = 0;
225
226 skb = skb_recv_datagram(sk, flags, noblock, &err); 224 skb = skb_recv_datagram(sk, flags, noblock, &err);
227 if (!skb) { 225 if (!skb) {
228 if (sk->sk_shutdown & RCV_SHUTDOWN) 226 if (sk->sk_shutdown & RCV_SHUTDOWN) {
227 msg->msg_namelen = 0;
229 return 0; 228 return 0;
229 }
230 return err; 230 return err;
231 } 231 }
232 232
@@ -238,9 +238,16 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
238 238
239 skb_reset_transport_header(skb); 239 skb_reset_transport_header(skb);
240 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 240 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
241 if (err == 0) 241 if (err == 0) {
242 sock_recv_ts_and_drops(msg, sk, skb); 242 sock_recv_ts_and_drops(msg, sk, skb);
243 243
244 if (bt_sk(sk)->skb_msg_name)
245 bt_sk(sk)->skb_msg_name(skb, msg->msg_name,
246 &msg->msg_namelen);
247 else
248 msg->msg_namelen = 0;
249 }
250
244 skb_free_datagram(sk, skb); 251 skb_free_datagram(sk, skb);
245 252
246 return err ? : copied; 253 return err ? : copied;
@@ -604,7 +611,7 @@ static int bt_seq_show(struct seq_file *seq, void *v)
604 struct bt_sock_list *l = s->l; 611 struct bt_sock_list *l = s->l;
605 612
606 if (v == SEQ_START_TOKEN) { 613 if (v == SEQ_START_TOKEN) {
607 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent"); 614 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Parent");
608 615
609 if (l->custom_seq_show) { 616 if (l->custom_seq_show) {
610 seq_putc(seq, ' '); 617 seq_putc(seq, ' ');
@@ -617,15 +624,13 @@ static int bt_seq_show(struct seq_file *seq, void *v)
617 struct bt_sock *bt = bt_sk(sk); 624 struct bt_sock *bt = bt_sk(sk);
618 625
619 seq_printf(seq, 626 seq_printf(seq,
620 "%pK %-6d %-6u %-6u %-6u %-6lu %pMR %pMR %-6lu", 627 "%pK %-6d %-6u %-6u %-6u %-6lu %-6lu",
621 sk, 628 sk,
622 atomic_read(&sk->sk_refcnt), 629 atomic_read(&sk->sk_refcnt),
623 sk_rmem_alloc_get(sk), 630 sk_rmem_alloc_get(sk),
624 sk_wmem_alloc_get(sk), 631 sk_wmem_alloc_get(sk),
625 from_kuid(seq_user_ns(seq), sock_i_uid(sk)), 632 from_kuid(seq_user_ns(seq), sock_i_uid(sk)),
626 sock_i_ino(sk), 633 sock_i_ino(sk),
627 &bt->src,
628 &bt->dst,
629 bt->parent? sock_i_ino(bt->parent): 0LU); 634 bt->parent? sock_i_ino(bt->parent): 0LU);
630 635
631 if (l->custom_seq_show) { 636 if (l->custom_seq_show) {
diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c
index d459ed43c779..bb39509b3f06 100644
--- a/net/bluetooth/amp.c
+++ b/net/bluetooth/amp.c
@@ -14,10 +14,11 @@
14#include <net/bluetooth/bluetooth.h> 14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci.h> 15#include <net/bluetooth/hci.h>
16#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/a2mp.h>
18#include <net/bluetooth/amp.h>
19#include <crypto/hash.h> 17#include <crypto/hash.h>
20 18
19#include "a2mp.h"
20#include "amp.h"
21
21/* Remote AMP Controllers interface */ 22/* Remote AMP Controllers interface */
22void amp_ctrl_get(struct amp_ctrl *ctrl) 23void amp_ctrl_get(struct amp_ctrl *ctrl)
23{ 24{
@@ -110,7 +111,7 @@ static u8 __next_handle(struct amp_mgr *mgr)
110struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr, 111struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
111 u8 remote_id, bool out) 112 u8 remote_id, bool out)
112{ 113{
113 bdaddr_t *dst = mgr->l2cap_conn->dst; 114 bdaddr_t *dst = &mgr->l2cap_conn->hcon->dst;
114 struct hci_conn *hcon; 115 struct hci_conn *hcon;
115 116
116 hcon = hci_conn_add(hdev, AMP_LINK, dst); 117 hcon = hci_conn_add(hdev, AMP_LINK, dst);
@@ -409,7 +410,8 @@ void amp_create_logical_link(struct l2cap_chan *chan)
409 struct hci_cp_create_accept_logical_link cp; 410 struct hci_cp_create_accept_logical_link cp;
410 struct hci_dev *hdev; 411 struct hci_dev *hdev;
411 412
412 BT_DBG("chan %p hs_hcon %p dst %pMR", chan, hs_hcon, chan->conn->dst); 413 BT_DBG("chan %p hs_hcon %p dst %pMR", chan, hs_hcon,
414 &chan->conn->hcon->dst);
413 415
414 if (!hs_hcon) 416 if (!hs_hcon)
415 return; 417 return;
diff --git a/net/bluetooth/amp.h b/net/bluetooth/amp.h
new file mode 100644
index 000000000000..7ea3db77ba89
--- /dev/null
+++ b/net/bluetooth/amp.h
@@ -0,0 +1,54 @@
1/*
2 Copyright (c) 2011,2012 Intel Corp.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2 and
6 only version 2 as published by the Free Software Foundation.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12*/
13
14#ifndef __AMP_H
15#define __AMP_H
16
17struct amp_ctrl {
18 struct list_head list;
19 struct kref kref;
20 __u8 id;
21 __u16 assoc_len_so_far;
22 __u16 assoc_rem_len;
23 __u16 assoc_len;
24 __u8 *assoc;
25};
26
27int amp_ctrl_put(struct amp_ctrl *ctrl);
28void amp_ctrl_get(struct amp_ctrl *ctrl);
29struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id);
30struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id);
31void amp_ctrl_list_flush(struct amp_mgr *mgr);
32
33struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
34 u8 remote_id, bool out);
35
36int phylink_gen_key(struct hci_conn *hcon, u8 *data, u8 *len, u8 *type);
37
38void amp_read_loc_info(struct hci_dev *hdev, struct amp_mgr *mgr);
39void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle);
40void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr);
41void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
42 struct hci_conn *hcon);
43void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
44 struct hci_conn *hcon);
45void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
46 struct hci_conn *hcon);
47void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle);
48void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle);
49void amp_physical_cfm(struct hci_conn *bredr_hcon, struct hci_conn *hs_hcon);
50void amp_create_logical_link(struct l2cap_chan *chan);
51void amp_disconnect_logical_link(struct hci_chan *hchan);
52void amp_destroy_logical_link(struct hci_chan *hchan, u8 reason);
53
54#endif /* __AMP_H */
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index e430b1abcd2f..a841d3e776c5 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -32,6 +32,7 @@
32#include <asm/unaligned.h> 32#include <asm/unaligned.h>
33 33
34#include <net/bluetooth/bluetooth.h> 34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/hci_core.h> 36#include <net/bluetooth/hci_core.h>
36 37
37#include "bnep.h" 38#include "bnep.h"
@@ -510,20 +511,13 @@ static int bnep_session(void *arg)
510 511
511static struct device *bnep_get_device(struct bnep_session *session) 512static struct device *bnep_get_device(struct bnep_session *session)
512{ 513{
513 bdaddr_t *src = &bt_sk(session->sock->sk)->src;
514 bdaddr_t *dst = &bt_sk(session->sock->sk)->dst;
515 struct hci_dev *hdev;
516 struct hci_conn *conn; 514 struct hci_conn *conn;
517 515
518 hdev = hci_get_route(dst, src); 516 conn = l2cap_pi(session->sock->sk)->chan->conn->hcon;
519 if (!hdev) 517 if (!conn)
520 return NULL; 518 return NULL;
521 519
522 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 520 return &conn->dev;
523
524 hci_dev_put(hdev);
525
526 return conn ? &conn->dev : NULL;
527} 521}
528 522
529static struct device_type bnep_type = { 523static struct device_type bnep_type = {
@@ -539,8 +533,8 @@ int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
539 533
540 BT_DBG(""); 534 BT_DBG("");
541 535
542 baswap((void *) dst, &bt_sk(sock->sk)->dst); 536 baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
543 baswap((void *) src, &bt_sk(sock->sk)->src); 537 baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
544 538
545 /* session struct allocated as private part of net_device */ 539 /* session struct allocated as private part of net_device */
546 dev = alloc_netdev(sizeof(struct bnep_session), 540 dev = alloc_netdev(sizeof(struct bnep_session),
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index e0a6ebf2baa6..67fe5e84e68f 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -340,20 +340,20 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
340 340
341 down_write(&cmtp_session_sem); 341 down_write(&cmtp_session_sem);
342 342
343 s = __cmtp_get_session(&bt_sk(sock->sk)->dst); 343 s = __cmtp_get_session(&l2cap_pi(sock->sk)->chan->dst);
344 if (s && s->state == BT_CONNECTED) { 344 if (s && s->state == BT_CONNECTED) {
345 err = -EEXIST; 345 err = -EEXIST;
346 goto failed; 346 goto failed;
347 } 347 }
348 348
349 bacpy(&session->bdaddr, &bt_sk(sock->sk)->dst); 349 bacpy(&session->bdaddr, &l2cap_pi(sock->sk)->chan->dst);
350 350
351 session->mtu = min_t(uint, l2cap_pi(sock->sk)->chan->omtu, 351 session->mtu = min_t(uint, l2cap_pi(sock->sk)->chan->omtu,
352 l2cap_pi(sock->sk)->chan->imtu); 352 l2cap_pi(sock->sk)->chan->imtu);
353 353
354 BT_DBG("mtu %d", session->mtu); 354 BT_DBG("mtu %d", session->mtu);
355 355
356 sprintf(session->name, "%pMR", &bt_sk(sock->sk)->dst); 356 sprintf(session->name, "%pMR", &session->bdaddr);
357 357
358 session->sock = sock; 358 session->sock = sock;
359 session->state = BT_CONFIG; 359 session->state = BT_CONFIG;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 514148b7a66b..ff04b051792d 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -28,8 +28,9 @@
28 28
29#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/a2mp.h> 31
32#include <net/bluetooth/smp.h> 32#include "smp.h"
33#include "a2mp.h"
33 34
34struct sco_param { 35struct sco_param {
35 u16 pkt_type; 36 u16 pkt_type;
@@ -49,30 +50,6 @@ static const struct sco_param sco_param_wideband[] = {
49 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */ 50 { EDR_ESCO_MASK | ESCO_EV3, 0x0008 }, /* T1 */
50}; 51};
51 52
52static void hci_le_create_connection(struct hci_conn *conn)
53{
54 struct hci_dev *hdev = conn->hdev;
55 struct hci_cp_le_create_conn cp;
56
57 conn->state = BT_CONNECT;
58 conn->out = true;
59 conn->link_mode |= HCI_LM_MASTER;
60 conn->sec_level = BT_SECURITY_LOW;
61
62 memset(&cp, 0, sizeof(cp));
63 cp.scan_interval = __constant_cpu_to_le16(0x0060);
64 cp.scan_window = __constant_cpu_to_le16(0x0030);
65 bacpy(&cp.peer_addr, &conn->dst);
66 cp.peer_addr_type = conn->dst_type;
67 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
68 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
69 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
70 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
71 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
72
73 hci_send_cmd(hdev, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
74}
75
76static void hci_le_create_connection_cancel(struct hci_conn *conn) 53static void hci_le_create_connection_cancel(struct hci_conn *conn)
77{ 54{
78 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL); 55 hci_send_cmd(conn->hdev, HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
@@ -404,6 +381,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
404 return NULL; 381 return NULL;
405 382
406 bacpy(&conn->dst, dst); 383 bacpy(&conn->dst, dst);
384 bacpy(&conn->src, &hdev->bdaddr);
407 conn->hdev = hdev; 385 conn->hdev = hdev;
408 conn->type = type; 386 conn->type = type;
409 conn->mode = HCI_CM_ACTIVE; 387 conn->mode = HCI_CM_ACTIVE;
@@ -546,34 +524,128 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
546} 524}
547EXPORT_SYMBOL(hci_get_route); 525EXPORT_SYMBOL(hci_get_route);
548 526
527static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
528{
529 struct hci_conn *conn;
530
531 if (status == 0)
532 return;
533
534 BT_ERR("HCI request failed to create LE connection: status 0x%2.2x",
535 status);
536
537 hci_dev_lock(hdev);
538
539 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
540 if (!conn)
541 goto done;
542
543 conn->state = BT_CLOSED;
544
545 mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type,
546 status);
547
548 hci_proto_connect_cfm(conn, status);
549
550 hci_conn_del(conn);
551
552done:
553 hci_dev_unlock(hdev);
554}
555
556static int hci_create_le_conn(struct hci_conn *conn)
557{
558 struct hci_dev *hdev = conn->hdev;
559 struct hci_cp_le_create_conn cp;
560 struct hci_request req;
561 int err;
562
563 hci_req_init(&req, hdev);
564
565 memset(&cp, 0, sizeof(cp));
566 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
567 cp.scan_window = cpu_to_le16(hdev->le_scan_window);
568 bacpy(&cp.peer_addr, &conn->dst);
569 cp.peer_addr_type = conn->dst_type;
570 cp.own_address_type = conn->src_type;
571 cp.conn_interval_min = __constant_cpu_to_le16(0x0028);
572 cp.conn_interval_max = __constant_cpu_to_le16(0x0038);
573 cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
574 cp.min_ce_len = __constant_cpu_to_le16(0x0000);
575 cp.max_ce_len = __constant_cpu_to_le16(0x0000);
576 hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
577
578 err = hci_req_run(&req, create_le_conn_complete);
579 if (err) {
580 hci_conn_del(conn);
581 return err;
582 }
583
584 return 0;
585}
586
549static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, 587static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
550 u8 dst_type, u8 sec_level, u8 auth_type) 588 u8 dst_type, u8 sec_level, u8 auth_type)
551{ 589{
552 struct hci_conn *le; 590 struct hci_conn *conn;
591 int err;
553 592
554 if (test_bit(HCI_LE_PERIPHERAL, &hdev->flags)) 593 if (test_bit(HCI_ADVERTISING, &hdev->flags))
555 return ERR_PTR(-ENOTSUPP); 594 return ERR_PTR(-ENOTSUPP);
556 595
557 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); 596 /* Some devices send ATT messages as soon as the physical link is
558 if (!le) { 597 * established. To be able to handle these ATT messages, the user-
559 le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 598 * space first establishes the connection and then starts the pairing
560 if (le) 599 * process.
561 return ERR_PTR(-EBUSY); 600 *
601 * So if a hci_conn object already exists for the following connection
602 * attempt, we simply update pending_sec_level and auth_type fields
603 * and return the object found.
604 */
605 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
606 if (conn) {
607 conn->pending_sec_level = sec_level;
608 conn->auth_type = auth_type;
609 goto done;
610 }
562 611
563 le = hci_conn_add(hdev, LE_LINK, dst); 612 /* Since the controller supports only one LE connection attempt at a
564 if (!le) 613 * time, we return -EBUSY if there is any connection attempt running.
565 return ERR_PTR(-ENOMEM); 614 */
615 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
616 if (conn)
617 return ERR_PTR(-EBUSY);
618
619 conn = hci_conn_add(hdev, LE_LINK, dst);
620 if (!conn)
621 return ERR_PTR(-ENOMEM);
566 622
567 le->dst_type = bdaddr_to_le(dst_type); 623 if (dst_type == BDADDR_LE_PUBLIC)
568 hci_le_create_connection(le); 624 conn->dst_type = ADDR_LE_DEV_PUBLIC;
625 else
626 conn->dst_type = ADDR_LE_DEV_RANDOM;
627
628 if (bacmp(&conn->src, BDADDR_ANY)) {
629 conn->src_type = ADDR_LE_DEV_PUBLIC;
630 } else {
631 bacpy(&conn->src, &hdev->static_addr);
632 conn->src_type = ADDR_LE_DEV_RANDOM;
569 } 633 }
570 634
571 le->pending_sec_level = sec_level; 635 conn->state = BT_CONNECT;
572 le->auth_type = auth_type; 636 conn->out = true;
637 conn->link_mode |= HCI_LM_MASTER;
638 conn->sec_level = BT_SECURITY_LOW;
639 conn->pending_sec_level = sec_level;
640 conn->auth_type = auth_type;
573 641
574 hci_conn_hold(le); 642 err = hci_create_le_conn(conn);
643 if (err)
644 return ERR_PTR(err);
575 645
576 return le; 646done:
647 hci_conn_hold(conn);
648 return conn;
577} 649}
578 650
579static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, 651static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 82dbdc6a7e9e..7add9c96e32c 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -307,11 +307,23 @@ static void amp_init(struct hci_request *req)
307 /* Read Local Version */ 307 /* Read Local Version */
308 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 308 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
309 309
310 /* Read Local Supported Commands */
311 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
312
313 /* Read Local Supported Features */
314 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
315
310 /* Read Local AMP Info */ 316 /* Read Local AMP Info */
311 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL); 317 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
312 318
313 /* Read Data Blk size */ 319 /* Read Data Blk size */
314 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL); 320 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
321
322 /* Read Flow Control Mode */
323 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
324
325 /* Read Location Data */
326 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
315} 327}
316 328
317static void hci_init1_req(struct hci_request *req, unsigned long opt) 329static void hci_init1_req(struct hci_request *req, unsigned long opt)
@@ -341,6 +353,8 @@ static void hci_init1_req(struct hci_request *req, unsigned long opt)
341 353
342static void bredr_setup(struct hci_request *req) 354static void bredr_setup(struct hci_request *req)
343{ 355{
356 struct hci_dev *hdev = req->hdev;
357
344 __le16 param; 358 __le16 param;
345 __u8 flt_type; 359 __u8 flt_type;
346 360
@@ -356,6 +370,12 @@ static void bredr_setup(struct hci_request *req)
356 /* Read Voice Setting */ 370 /* Read Voice Setting */
357 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL); 371 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
358 372
373 /* Read Number of Supported IAC */
374 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
375
376 /* Read Current IAC LAP */
377 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
378
359 /* Clear Event Filters */ 379 /* Clear Event Filters */
360 flt_type = HCI_FLT_CLEAR_ALL; 380 flt_type = HCI_FLT_CLEAR_ALL;
361 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type); 381 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
@@ -364,8 +384,10 @@ static void bredr_setup(struct hci_request *req)
364 param = __constant_cpu_to_le16(0x7d00); 384 param = __constant_cpu_to_le16(0x7d00);
365 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, &param); 385 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
366 386
367 /* Read page scan parameters */ 387 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
368 if (req->hdev->hci_ver > BLUETOOTH_VER_1_1) { 388 * but it does not support page scan related HCI commands.
389 */
390 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
369 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); 391 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
370 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL); 392 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
371 } 393 }
@@ -1036,6 +1058,11 @@ int hci_inquiry(void __user *arg)
1036 goto done; 1058 goto done;
1037 } 1059 }
1038 1060
1061 if (hdev->dev_type != HCI_BREDR) {
1062 err = -EOPNOTSUPP;
1063 goto done;
1064 }
1065
1039 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1066 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1040 err = -EOPNOTSUPP; 1067 err = -EOPNOTSUPP;
1041 goto done; 1068 goto done;
@@ -1105,7 +1132,7 @@ static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
1105 u8 ad_len = 0, flags = 0; 1132 u8 ad_len = 0, flags = 0;
1106 size_t name_len; 1133 size_t name_len;
1107 1134
1108 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) 1135 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1109 flags |= LE_AD_GENERAL; 1136 flags |= LE_AD_GENERAL;
1110 1137
1111 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1138 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
@@ -1196,13 +1223,29 @@ static int hci_dev_do_open(struct hci_dev *hdev)
1196 goto done; 1223 goto done;
1197 } 1224 }
1198 1225
1199 /* Check for rfkill but allow the HCI setup stage to proceed 1226 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
1200 * (which in itself doesn't cause any RF activity). 1227 /* Check for rfkill but allow the HCI setup stage to
1201 */ 1228 * proceed (which in itself doesn't cause any RF activity).
1202 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) && 1229 */
1203 !test_bit(HCI_SETUP, &hdev->dev_flags)) { 1230 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
1204 ret = -ERFKILL; 1231 ret = -ERFKILL;
1205 goto done; 1232 goto done;
1233 }
1234
1235 /* Check for valid public address or a configured static
1236 * random adddress, but let the HCI setup proceed to
1237 * be able to determine if there is a public address
1238 * or not.
1239 *
1240 * This check is only valid for BR/EDR controllers
1241 * since AMP controllers do not have an address.
1242 */
1243 if (hdev->dev_type == HCI_BREDR &&
1244 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1245 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1246 ret = -EADDRNOTAVAIL;
1247 goto done;
1248 }
1206 } 1249 }
1207 1250
1208 if (test_bit(HCI_UP, &hdev->flags)) { 1251 if (test_bit(HCI_UP, &hdev->flags)) {
@@ -1238,7 +1281,7 @@ static int hci_dev_do_open(struct hci_dev *hdev)
1238 hci_notify(hdev, HCI_DEV_UP); 1281 hci_notify(hdev, HCI_DEV_UP);
1239 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 1282 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
1240 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && 1283 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
1241 mgmt_valid_hdev(hdev)) { 1284 hdev->dev_type == HCI_BREDR) {
1242 hci_dev_lock(hdev); 1285 hci_dev_lock(hdev);
1243 mgmt_powered(hdev, 1); 1286 mgmt_powered(hdev, 1);
1244 hci_dev_unlock(hdev); 1287 hci_dev_unlock(hdev);
@@ -1288,6 +1331,10 @@ int hci_dev_open(__u16 dev)
1288 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1331 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1289 cancel_delayed_work(&hdev->power_off); 1332 cancel_delayed_work(&hdev->power_off);
1290 1333
1334 /* After this call it is guaranteed that the setup procedure
1335 * has finished. This means that error conditions like RFKILL
1336 * or no valid public or static random address apply.
1337 */
1291 flush_workqueue(hdev->req_workqueue); 1338 flush_workqueue(hdev->req_workqueue);
1292 1339
1293 err = hci_dev_do_open(hdev); 1340 err = hci_dev_do_open(hdev);
@@ -1341,6 +1388,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
1341 skb_queue_purge(&hdev->cmd_q); 1388 skb_queue_purge(&hdev->cmd_q);
1342 atomic_set(&hdev->cmd_cnt, 1); 1389 atomic_set(&hdev->cmd_cnt, 1);
1343 if (!test_bit(HCI_RAW, &hdev->flags) && 1390 if (!test_bit(HCI_RAW, &hdev->flags) &&
1391 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
1344 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) { 1392 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1345 set_bit(HCI_INIT, &hdev->flags); 1393 set_bit(HCI_INIT, &hdev->flags);
1346 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT); 1394 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
@@ -1373,15 +1421,16 @@ static int hci_dev_do_close(struct hci_dev *hdev)
1373 hdev->flags = 0; 1421 hdev->flags = 0;
1374 hdev->dev_flags &= ~HCI_PERSISTENT_MASK; 1422 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
1375 1423
1376 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) && 1424 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1377 mgmt_valid_hdev(hdev)) { 1425 if (hdev->dev_type == HCI_BREDR) {
1378 hci_dev_lock(hdev); 1426 hci_dev_lock(hdev);
1379 mgmt_powered(hdev, 0); 1427 mgmt_powered(hdev, 0);
1380 hci_dev_unlock(hdev); 1428 hci_dev_unlock(hdev);
1429 }
1381 } 1430 }
1382 1431
1383 /* Controller radio is available but is currently powered down */ 1432 /* Controller radio is available but is currently powered down */
1384 hdev->amp_status = 0; 1433 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1385 1434
1386 memset(hdev->eir, 0, sizeof(hdev->eir)); 1435 memset(hdev->eir, 0, sizeof(hdev->eir));
1387 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 1436 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
@@ -1500,6 +1549,11 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
1500 goto done; 1549 goto done;
1501 } 1550 }
1502 1551
1552 if (hdev->dev_type != HCI_BREDR) {
1553 err = -EOPNOTSUPP;
1554 goto done;
1555 }
1556
1503 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1557 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1504 err = -EOPNOTSUPP; 1558 err = -EOPNOTSUPP;
1505 goto done; 1559 goto done;
@@ -1703,7 +1757,14 @@ static void hci_power_on(struct work_struct *work)
1703 return; 1757 return;
1704 } 1758 }
1705 1759
1706 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) { 1760 /* During the HCI setup phase, a few error conditions are
1761 * ignored and they need to be checked now. If they are still
1762 * valid, it is important to turn the device back off.
1763 */
1764 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
1765 (hdev->dev_type == HCI_BREDR &&
1766 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1767 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
1707 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags); 1768 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1708 hci_dev_do_close(hdev); 1769 hci_dev_do_close(hdev);
1709 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 1770 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
@@ -2216,13 +2277,17 @@ struct hci_dev *hci_alloc_dev(void)
2216 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 2277 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
2217 hdev->esco_type = (ESCO_HV1); 2278 hdev->esco_type = (ESCO_HV1);
2218 hdev->link_mode = (HCI_LM_ACCEPT); 2279 hdev->link_mode = (HCI_LM_ACCEPT);
2219 hdev->io_capability = 0x03; /* No Input No Output */ 2280 hdev->num_iac = 0x01; /* One IAC support is mandatory */
2281 hdev->io_capability = 0x03; /* No Input No Output */
2220 hdev->inq_tx_power = HCI_TX_POWER_INVALID; 2282 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
2221 hdev->adv_tx_power = HCI_TX_POWER_INVALID; 2283 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
2222 2284
2223 hdev->sniff_max_interval = 800; 2285 hdev->sniff_max_interval = 800;
2224 hdev->sniff_min_interval = 80; 2286 hdev->sniff_min_interval = 80;
2225 2287
2288 hdev->le_scan_interval = 0x0060;
2289 hdev->le_scan_window = 0x0030;
2290
2226 mutex_init(&hdev->lock); 2291 mutex_init(&hdev->lock);
2227 mutex_init(&hdev->req_lock); 2292 mutex_init(&hdev->req_lock);
2228 2293
@@ -2329,9 +2394,9 @@ int hci_register_dev(struct hci_dev *hdev)
2329 set_bit(HCI_RFKILLED, &hdev->dev_flags); 2394 set_bit(HCI_RFKILLED, &hdev->dev_flags);
2330 2395
2331 set_bit(HCI_SETUP, &hdev->dev_flags); 2396 set_bit(HCI_SETUP, &hdev->dev_flags);
2397 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2332 2398
2333 if (hdev->dev_type != HCI_AMP) { 2399 if (hdev->dev_type == HCI_BREDR) {
2334 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2335 /* Assume BR/EDR support until proven otherwise (such as 2400 /* Assume BR/EDR support until proven otherwise (such as
2336 * through reading supported features during init. 2401 * through reading supported features during init.
2337 */ 2402 */
@@ -2435,9 +2500,8 @@ int hci_resume_dev(struct hci_dev *hdev)
2435EXPORT_SYMBOL(hci_resume_dev); 2500EXPORT_SYMBOL(hci_resume_dev);
2436 2501
2437/* Receive frame from HCI drivers */ 2502/* Receive frame from HCI drivers */
2438int hci_recv_frame(struct sk_buff *skb) 2503int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
2439{ 2504{
2440 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2441 if (!hdev || (!test_bit(HCI_UP, &hdev->flags) 2505 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
2442 && !test_bit(HCI_INIT, &hdev->flags))) { 2506 && !test_bit(HCI_INIT, &hdev->flags))) {
2443 kfree_skb(skb); 2507 kfree_skb(skb);
@@ -2496,7 +2560,6 @@ static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
2496 scb->expect = hlen; 2560 scb->expect = hlen;
2497 scb->pkt_type = type; 2561 scb->pkt_type = type;
2498 2562
2499 skb->dev = (void *) hdev;
2500 hdev->reassembly[index] = skb; 2563 hdev->reassembly[index] = skb;
2501 } 2564 }
2502 2565
@@ -2556,7 +2619,7 @@ static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
2556 /* Complete frame */ 2619 /* Complete frame */
2557 2620
2558 bt_cb(skb)->pkt_type = type; 2621 bt_cb(skb)->pkt_type = type;
2559 hci_recv_frame(skb); 2622 hci_recv_frame(hdev, skb);
2560 2623
2561 hdev->reassembly[index] = NULL; 2624 hdev->reassembly[index] = NULL;
2562 return remain; 2625 return remain;
@@ -2647,15 +2710,8 @@ int hci_unregister_cb(struct hci_cb *cb)
2647} 2710}
2648EXPORT_SYMBOL(hci_unregister_cb); 2711EXPORT_SYMBOL(hci_unregister_cb);
2649 2712
2650static int hci_send_frame(struct sk_buff *skb) 2713static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
2651{ 2714{
2652 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2653
2654 if (!hdev) {
2655 kfree_skb(skb);
2656 return -ENODEV;
2657 }
2658
2659 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len); 2715 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2660 2716
2661 /* Time stamp */ 2717 /* Time stamp */
@@ -2672,7 +2728,8 @@ static int hci_send_frame(struct sk_buff *skb)
2672 /* Get rid of skb owner, prior to sending to the driver. */ 2728 /* Get rid of skb owner, prior to sending to the driver. */
2673 skb_orphan(skb); 2729 skb_orphan(skb);
2674 2730
2675 return hdev->send(skb); 2731 if (hdev->send(hdev, skb) < 0)
2732 BT_ERR("%s sending frame failed", hdev->name);
2676} 2733}
2677 2734
2678void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 2735void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
@@ -2735,7 +2792,6 @@ static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
2735 BT_DBG("skb len %d", skb->len); 2792 BT_DBG("skb len %d", skb->len);
2736 2793
2737 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 2794 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2738 skb->dev = (void *) hdev;
2739 2795
2740 return skb; 2796 return skb;
2741} 2797}
@@ -2879,7 +2935,6 @@ static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2879 do { 2935 do {
2880 skb = list; list = list->next; 2936 skb = list; list = list->next;
2881 2937
2882 skb->dev = (void *) hdev;
2883 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2938 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2884 hci_add_acl_hdr(skb, conn->handle, flags); 2939 hci_add_acl_hdr(skb, conn->handle, flags);
2885 2940
@@ -2898,8 +2953,6 @@ void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2898 2953
2899 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 2954 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2900 2955
2901 skb->dev = (void *) hdev;
2902
2903 hci_queue_acl(chan, &chan->data_q, skb, flags); 2956 hci_queue_acl(chan, &chan->data_q, skb, flags);
2904 2957
2905 queue_work(hdev->workqueue, &hdev->tx_work); 2958 queue_work(hdev->workqueue, &hdev->tx_work);
@@ -2920,7 +2973,6 @@ void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2920 skb_reset_transport_header(skb); 2973 skb_reset_transport_header(skb);
2921 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE); 2974 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2922 2975
2923 skb->dev = (void *) hdev;
2924 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 2976 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2925 2977
2926 skb_queue_tail(&conn->data_q, skb); 2978 skb_queue_tail(&conn->data_q, skb);
@@ -3185,7 +3237,7 @@ static void hci_sched_acl_pkt(struct hci_dev *hdev)
3185 hci_conn_enter_active_mode(chan->conn, 3237 hci_conn_enter_active_mode(chan->conn,
3186 bt_cb(skb)->force_active); 3238 bt_cb(skb)->force_active);
3187 3239
3188 hci_send_frame(skb); 3240 hci_send_frame(hdev, skb);
3189 hdev->acl_last_tx = jiffies; 3241 hdev->acl_last_tx = jiffies;
3190 3242
3191 hdev->acl_cnt--; 3243 hdev->acl_cnt--;
@@ -3237,7 +3289,7 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
3237 hci_conn_enter_active_mode(chan->conn, 3289 hci_conn_enter_active_mode(chan->conn,
3238 bt_cb(skb)->force_active); 3290 bt_cb(skb)->force_active);
3239 3291
3240 hci_send_frame(skb); 3292 hci_send_frame(hdev, skb);
3241 hdev->acl_last_tx = jiffies; 3293 hdev->acl_last_tx = jiffies;
3242 3294
3243 hdev->block_cnt -= blocks; 3295 hdev->block_cnt -= blocks;
@@ -3290,7 +3342,7 @@ static void hci_sched_sco(struct hci_dev *hdev)
3290 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) { 3342 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
3291 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 3343 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3292 BT_DBG("skb %p len %d", skb, skb->len); 3344 BT_DBG("skb %p len %d", skb, skb->len);
3293 hci_send_frame(skb); 3345 hci_send_frame(hdev, skb);
3294 3346
3295 conn->sent++; 3347 conn->sent++;
3296 if (conn->sent == ~0) 3348 if (conn->sent == ~0)
@@ -3314,7 +3366,7 @@ static void hci_sched_esco(struct hci_dev *hdev)
3314 &quote))) { 3366 &quote))) {
3315 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 3367 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3316 BT_DBG("skb %p len %d", skb, skb->len); 3368 BT_DBG("skb %p len %d", skb, skb->len);
3317 hci_send_frame(skb); 3369 hci_send_frame(hdev, skb);
3318 3370
3319 conn->sent++; 3371 conn->sent++;
3320 if (conn->sent == ~0) 3372 if (conn->sent == ~0)
@@ -3356,7 +3408,7 @@ static void hci_sched_le(struct hci_dev *hdev)
3356 3408
3357 skb = skb_dequeue(&chan->data_q); 3409 skb = skb_dequeue(&chan->data_q);
3358 3410
3359 hci_send_frame(skb); 3411 hci_send_frame(hdev, skb);
3360 hdev->le_last_tx = jiffies; 3412 hdev->le_last_tx = jiffies;
3361 3413
3362 cnt--; 3414 cnt--;
@@ -3392,7 +3444,7 @@ static void hci_tx_work(struct work_struct *work)
3392 3444
3393 /* Send next queued raw (unknown type) packet */ 3445 /* Send next queued raw (unknown type) packet */
3394 while ((skb = skb_dequeue(&hdev->raw_q))) 3446 while ((skb = skb_dequeue(&hdev->raw_q)))
3395 hci_send_frame(skb); 3447 hci_send_frame(hdev, skb);
3396} 3448}
3397 3449
3398/* ----- HCI RX task (incoming data processing) ----- */ 3450/* ----- HCI RX task (incoming data processing) ----- */
@@ -3638,7 +3690,7 @@ static void hci_cmd_work(struct work_struct *work)
3638 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL); 3690 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
3639 if (hdev->sent_cmd) { 3691 if (hdev->sent_cmd) {
3640 atomic_dec(&hdev->cmd_cnt); 3692 atomic_dec(&hdev->cmd_cnt);
3641 hci_send_frame(skb); 3693 hci_send_frame(hdev, skb);
3642 if (test_bit(HCI_RESET, &hdev->flags)) 3694 if (test_bit(HCI_RESET, &hdev->flags))
3643 del_timer(&hdev->cmd_timer); 3695 del_timer(&hdev->cmd_timer);
3644 else 3696 else
@@ -3650,15 +3702,3 @@ static void hci_cmd_work(struct work_struct *work)
3650 } 3702 }
3651 } 3703 }
3652} 3704}
3653
3654u8 bdaddr_to_le(u8 bdaddr_type)
3655{
3656 switch (bdaddr_type) {
3657 case BDADDR_LE_PUBLIC:
3658 return ADDR_LE_DEV_PUBLIC;
3659
3660 default:
3661 /* Fallback to LE Random address type */
3662 return ADDR_LE_DEV_RANDOM;
3663 }
3664}
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 4785ab0795f5..5391469ff1a5 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -29,8 +29,9 @@
29#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/mgmt.h> 31#include <net/bluetooth/mgmt.h>
32#include <net/bluetooth/a2mp.h> 32
33#include <net/bluetooth/amp.h> 33#include "a2mp.h"
34#include "amp.h"
34 35
35/* Handle HCI Event packets */ 36/* Handle HCI Event packets */
36 37
@@ -417,6 +418,21 @@ static void hci_cc_write_voice_setting(struct hci_dev *hdev,
417 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 418 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
418} 419}
419 420
421static void hci_cc_read_num_supported_iac(struct hci_dev *hdev,
422 struct sk_buff *skb)
423{
424 struct hci_rp_read_num_supported_iac *rp = (void *) skb->data;
425
426 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
427
428 if (rp->status)
429 return;
430
431 hdev->num_iac = rp->num_iac;
432
433 BT_DBG("%s num iac %d", hdev->name, hdev->num_iac);
434}
435
420static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 436static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
421{ 437{
422 __u8 status = *((__u8 *) skb->data); 438 __u8 status = *((__u8 *) skb->data);
@@ -918,12 +934,12 @@ static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
918 934
919 if (!status) { 935 if (!status) {
920 if (*sent) 936 if (*sent)
921 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 937 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
922 else 938 else
923 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 939 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
924 } 940 }
925 941
926 if (!test_bit(HCI_INIT, &hdev->flags)) { 942 if (*sent && !test_bit(HCI_INIT, &hdev->flags)) {
927 struct hci_request req; 943 struct hci_request req;
928 944
929 hci_req_init(&req, hdev); 945 hci_req_init(&req, hdev);
@@ -1005,7 +1021,7 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1005 } else { 1021 } else {
1006 hdev->features[1][0] &= ~LMP_HOST_LE; 1022 hdev->features[1][0] &= ~LMP_HOST_LE;
1007 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1023 clear_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1008 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 1024 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1009 } 1025 }
1010 1026
1011 if (sent->simul) 1027 if (sent->simul)
@@ -1296,9 +1312,11 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1296 goto unlock; 1312 goto unlock;
1297 1313
1298 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 1314 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1299 struct hci_cp_auth_requested cp; 1315 struct hci_cp_auth_requested auth_cp;
1300 cp.handle = __cpu_to_le16(conn->handle); 1316
1301 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1317 auth_cp.handle = __cpu_to_le16(conn->handle);
1318 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED,
1319 sizeof(auth_cp), &auth_cp);
1302 } 1320 }
1303 1321
1304unlock: 1322unlock:
@@ -1470,33 +1488,6 @@ static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1470 hci_dev_unlock(hdev); 1488 hci_dev_unlock(hdev);
1471} 1489}
1472 1490
1473static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1474{
1475 struct hci_conn *conn;
1476
1477 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1478
1479 if (status) {
1480 hci_dev_lock(hdev);
1481
1482 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1483 if (!conn) {
1484 hci_dev_unlock(hdev);
1485 return;
1486 }
1487
1488 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1489
1490 conn->state = BT_CLOSED;
1491 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1492 conn->dst_type, status);
1493 hci_proto_connect_cfm(conn, status);
1494 hci_conn_del(conn);
1495
1496 hci_dev_unlock(hdev);
1497 }
1498}
1499
1500static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status) 1491static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1501{ 1492{
1502 struct hci_cp_create_phy_link *cp; 1493 struct hci_cp_create_phy_link *cp;
@@ -1826,10 +1817,25 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1826 } 1817 }
1827 1818
1828 if (ev->status == 0) { 1819 if (ev->status == 0) {
1829 if (conn->type == ACL_LINK && conn->flush_key) 1820 u8 type = conn->type;
1821
1822 if (type == ACL_LINK && conn->flush_key)
1830 hci_remove_link_key(hdev, &conn->dst); 1823 hci_remove_link_key(hdev, &conn->dst);
1831 hci_proto_disconn_cfm(conn, ev->reason); 1824 hci_proto_disconn_cfm(conn, ev->reason);
1832 hci_conn_del(conn); 1825 hci_conn_del(conn);
1826
1827 /* Re-enable advertising if necessary, since it might
1828 * have been disabled by the connection. From the
1829 * HCI_LE_Set_Advertise_Enable command description in
1830 * the core specification (v4.0):
1831 * "The Controller shall continue advertising until the Host
1832 * issues an LE_Set_Advertise_Enable command with
1833 * Advertising_Enable set to 0x00 (Advertising is disabled)
1834 * or until a connection is created or until the Advertising
1835 * is timed out due to Directed Advertising."
1836 */
1837 if (type == LE_LINK)
1838 mgmt_reenable_advertising(hdev);
1833 } 1839 }
1834 1840
1835unlock: 1841unlock:
@@ -2144,6 +2150,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2144 hci_cc_write_voice_setting(hdev, skb); 2150 hci_cc_write_voice_setting(hdev, skb);
2145 break; 2151 break;
2146 2152
2153 case HCI_OP_READ_NUM_SUPPORTED_IAC:
2154 hci_cc_read_num_supported_iac(hdev, skb);
2155 break;
2156
2147 case HCI_OP_WRITE_SSP_MODE: 2157 case HCI_OP_WRITE_SSP_MODE:
2148 hci_cc_write_ssp_mode(hdev, skb); 2158 hci_cc_write_ssp_mode(hdev, skb);
2149 break; 2159 break;
@@ -2347,10 +2357,6 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2347 hci_cs_disconnect(hdev, ev->status); 2357 hci_cs_disconnect(hdev, ev->status);
2348 break; 2358 break;
2349 2359
2350 case HCI_OP_LE_CREATE_CONN:
2351 hci_cs_le_create_conn(hdev, ev->status);
2352 break;
2353
2354 case HCI_OP_CREATE_PHY_LINK: 2360 case HCI_OP_CREATE_PHY_LINK:
2355 hci_cs_create_phylink(hdev, ev->status); 2361 hci_cs_create_phylink(hdev, ev->status);
2356 break; 2362 break;
@@ -3490,6 +3496,17 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3490 3496
3491 conn->dst_type = ev->bdaddr_type; 3497 conn->dst_type = ev->bdaddr_type;
3492 3498
3499 /* The advertising parameters for own address type
3500 * define which source address and source address
3501 * type this connections has.
3502 */
3503 if (bacmp(&conn->src, BDADDR_ANY)) {
3504 conn->src_type = ADDR_LE_DEV_PUBLIC;
3505 } else {
3506 bacpy(&conn->src, &hdev->static_addr);
3507 conn->src_type = ADDR_LE_DEV_RANDOM;
3508 }
3509
3493 if (ev->role == LE_CONN_ROLE_MASTER) { 3510 if (ev->role == LE_CONN_ROLE_MASTER) {
3494 conn->out = true; 3511 conn->out = true;
3495 conn->link_mode |= HCI_LM_MASTER; 3512 conn->link_mode |= HCI_LM_MASTER;
@@ -3645,8 +3662,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3645 skb_pull(skb, HCI_EVENT_HDR_SIZE); 3662 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3646 3663
3647 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) { 3664 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3648 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data; 3665 struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
3649 u16 opcode = __le16_to_cpu(hdr->opcode); 3666 u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
3650 3667
3651 hci_req_cmd_complete(hdev, opcode, 0); 3668 hci_req_cmd_complete(hdev, opcode, 0);
3652 } 3669 }
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 579886186c3a..97f96ebdd56d 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -387,7 +387,6 @@ static void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
387 __net_timestamp(skb); 387 __net_timestamp(skb);
388 388
389 bt_cb(skb)->pkt_type = HCI_EVENT_PKT; 389 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
390 skb->dev = (void *) hdev;
391 hci_send_to_sock(hdev, skb); 390 hci_send_to_sock(hdev, skb);
392 kfree_skb(skb); 391 kfree_skb(skb);
393} 392}
@@ -518,6 +517,9 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
518 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 517 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
519 return -EBUSY; 518 return -EBUSY;
520 519
520 if (hdev->dev_type != HCI_BREDR)
521 return -EOPNOTSUPP;
522
521 switch (cmd) { 523 switch (cmd) {
522 case HCISETRAW: 524 case HCISETRAW:
523 if (!capable(CAP_NET_ADMIN)) 525 if (!capable(CAP_NET_ADMIN))
@@ -550,10 +552,7 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
550 return hci_sock_blacklist_del(hdev, (void __user *) arg); 552 return hci_sock_blacklist_del(hdev, (void __user *) arg);
551 } 553 }
552 554
553 if (hdev->ioctl) 555 return -ENOIOCTLCMD;
554 return hdev->ioctl(hdev, cmd, arg);
555
556 return -EINVAL;
557} 556}
558 557
559static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, 558static int hci_sock_ioctl(struct socket *sock, unsigned int cmd,
@@ -942,7 +941,6 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
942 941
943 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data); 942 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
944 skb_pull(skb, 1); 943 skb_pull(skb, 1);
945 skb->dev = (void *) hdev;
946 944
947 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW && 945 if (hci_pi(sk)->channel == HCI_CHANNEL_RAW &&
948 bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) { 946 bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index bdc35a7a7fee..292e619db896 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -767,10 +767,10 @@ static int hidp_setup_hid(struct hidp_session *session,
767 strncpy(hid->name, req->name, sizeof(req->name) - 1); 767 strncpy(hid->name, req->name, sizeof(req->name) - 1);
768 768
769 snprintf(hid->phys, sizeof(hid->phys), "%pMR", 769 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
770 &bt_sk(session->ctrl_sock->sk)->src); 770 &l2cap_pi(session->ctrl_sock->sk)->chan->src);
771 771
772 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", 772 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
773 &bt_sk(session->ctrl_sock->sk)->dst); 773 &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
774 774
775 hid->dev.parent = &session->conn->hcon->dev; 775 hid->dev.parent = &session->conn->hcon->dev;
776 hid->ll_driver = &hidp_hid_driver; 776 hid->ll_driver = &hidp_hid_driver;
@@ -1283,23 +1283,29 @@ static int hidp_session_thread(void *arg)
1283static int hidp_verify_sockets(struct socket *ctrl_sock, 1283static int hidp_verify_sockets(struct socket *ctrl_sock,
1284 struct socket *intr_sock) 1284 struct socket *intr_sock)
1285{ 1285{
1286 struct l2cap_chan *ctrl_chan, *intr_chan;
1286 struct bt_sock *ctrl, *intr; 1287 struct bt_sock *ctrl, *intr;
1287 struct hidp_session *session; 1288 struct hidp_session *session;
1288 1289
1289 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) 1290 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1290 return -EINVAL; 1291 return -EINVAL;
1291 1292
1293 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1294 intr_chan = l2cap_pi(intr_sock->sk)->chan;
1295
1296 if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1297 bacmp(&ctrl_chan->dst, &intr_chan->dst))
1298 return -ENOTUNIQ;
1299
1292 ctrl = bt_sk(ctrl_sock->sk); 1300 ctrl = bt_sk(ctrl_sock->sk);
1293 intr = bt_sk(intr_sock->sk); 1301 intr = bt_sk(intr_sock->sk);
1294 1302
1295 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1296 return -ENOTUNIQ;
1297 if (ctrl->sk.sk_state != BT_CONNECTED || 1303 if (ctrl->sk.sk_state != BT_CONNECTED ||
1298 intr->sk.sk_state != BT_CONNECTED) 1304 intr->sk.sk_state != BT_CONNECTED)
1299 return -EBADFD; 1305 return -EBADFD;
1300 1306
1301 /* early session check, we check again during session registration */ 1307 /* early session check, we check again during session registration */
1302 session = hidp_session_find(&ctrl->dst); 1308 session = hidp_session_find(&ctrl_chan->dst);
1303 if (session) { 1309 if (session) {
1304 hidp_session_put(session); 1310 hidp_session_put(session);
1305 return -EEXIST; 1311 return -EEXIST;
@@ -1332,7 +1338,7 @@ int hidp_connection_add(struct hidp_connadd_req *req,
1332 if (!conn) 1338 if (!conn)
1333 return -EBADFD; 1339 return -EBADFD;
1334 1340
1335 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock, 1341 ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1336 intr_sock, req, conn); 1342 intr_sock, req, conn);
1337 if (ret) 1343 if (ret)
1338 goto out_conn; 1344 goto out_conn;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 02dba4e6df96..0c3446da1ec9 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -36,14 +36,15 @@
36#include <net/bluetooth/bluetooth.h> 36#include <net/bluetooth/bluetooth.h>
37#include <net/bluetooth/hci_core.h> 37#include <net/bluetooth/hci_core.h>
38#include <net/bluetooth/l2cap.h> 38#include <net/bluetooth/l2cap.h>
39#include <net/bluetooth/smp.h> 39
40#include <net/bluetooth/a2mp.h> 40#include "smp.h"
41#include <net/bluetooth/amp.h> 41#include "a2mp.h"
42#include "amp.h"
42 43
43bool disable_ertm; 44bool disable_ertm;
44 45
45static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 46static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD;
46static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, }; 47static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP | L2CAP_FC_CONNLESS, };
47 48
48static LIST_HEAD(chan_list); 49static LIST_HEAD(chan_list);
49static DEFINE_RWLOCK(chan_list_lock); 50static DEFINE_RWLOCK(chan_list_lock);
@@ -58,6 +59,18 @@ static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control, 59static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
59 struct sk_buff_head *skbs, u8 event); 60 struct sk_buff_head *skbs, u8 event);
60 61
62static inline __u8 bdaddr_type(struct hci_conn *hcon, __u8 type)
63{
64 if (hcon->type == LE_LINK) {
65 if (type == ADDR_LE_DEV_PUBLIC)
66 return BDADDR_LE_PUBLIC;
67 else
68 return BDADDR_LE_RANDOM;
69 }
70
71 return BDADDR_BREDR;
72}
73
61/* ---- L2CAP channels ---- */ 74/* ---- L2CAP channels ---- */
62 75
63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, 76static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
@@ -148,7 +161,7 @@ static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
148 struct l2cap_chan *c; 161 struct l2cap_chan *c;
149 162
150 list_for_each_entry(c, &chan_list, global_l) { 163 list_for_each_entry(c, &chan_list, global_l) {
151 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src)) 164 if (c->sport == psm && !bacmp(&c->src, src))
152 return c; 165 return c;
153 } 166 }
154 return NULL; 167 return NULL;
@@ -620,10 +633,8 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
620void l2cap_chan_close(struct l2cap_chan *chan, int reason) 633void l2cap_chan_close(struct l2cap_chan *chan, int reason)
621{ 634{
622 struct l2cap_conn *conn = chan->conn; 635 struct l2cap_conn *conn = chan->conn;
623 struct sock *sk = chan->sk;
624 636
625 BT_DBG("chan %p state %s sk %p", chan, state_to_string(chan->state), 637 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
626 sk);
627 638
628 switch (chan->state) { 639 switch (chan->state) {
629 case BT_LISTEN: 640 case BT_LISTEN:
@@ -634,6 +645,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
634 case BT_CONFIG: 645 case BT_CONFIG:
635 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 646 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
636 conn->hcon->type == ACL_LINK) { 647 conn->hcon->type == ACL_LINK) {
648 struct sock *sk = chan->sk;
637 __set_chan_timer(chan, sk->sk_sndtimeo); 649 __set_chan_timer(chan, sk->sk_sndtimeo);
638 l2cap_send_disconn_req(chan, reason); 650 l2cap_send_disconn_req(chan, reason);
639 } else 651 } else
@@ -646,10 +658,11 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
646 struct l2cap_conn_rsp rsp; 658 struct l2cap_conn_rsp rsp;
647 __u16 result; 659 __u16 result;
648 660
649 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 661 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
650 result = L2CAP_CR_SEC_BLOCK; 662 result = L2CAP_CR_SEC_BLOCK;
651 else 663 else
652 result = L2CAP_CR_BAD_PSM; 664 result = L2CAP_CR_BAD_PSM;
665
653 l2cap_state_change(chan, BT_DISCONN); 666 l2cap_state_change(chan, BT_DISCONN);
654 667
655 rsp.scid = cpu_to_le16(chan->dcid); 668 rsp.scid = cpu_to_le16(chan->dcid);
@@ -676,7 +689,8 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
676 689
677static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) 690static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
678{ 691{
679 if (chan->chan_type == L2CAP_CHAN_RAW) { 692 switch (chan->chan_type) {
693 case L2CAP_CHAN_RAW:
680 switch (chan->sec_level) { 694 switch (chan->sec_level) {
681 case BT_SECURITY_HIGH: 695 case BT_SECURITY_HIGH:
682 return HCI_AT_DEDICATED_BONDING_MITM; 696 return HCI_AT_DEDICATED_BONDING_MITM;
@@ -685,15 +699,29 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
685 default: 699 default:
686 return HCI_AT_NO_BONDING; 700 return HCI_AT_NO_BONDING;
687 } 701 }
688 } else if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_SDP)) { 702 break;
689 if (chan->sec_level == BT_SECURITY_LOW) 703 case L2CAP_CHAN_CONN_LESS:
690 chan->sec_level = BT_SECURITY_SDP; 704 if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_3DSP)) {
691 705 if (chan->sec_level == BT_SECURITY_LOW)
706 chan->sec_level = BT_SECURITY_SDP;
707 }
692 if (chan->sec_level == BT_SECURITY_HIGH) 708 if (chan->sec_level == BT_SECURITY_HIGH)
693 return HCI_AT_NO_BONDING_MITM; 709 return HCI_AT_NO_BONDING_MITM;
694 else 710 else
695 return HCI_AT_NO_BONDING; 711 return HCI_AT_NO_BONDING;
696 } else { 712 break;
713 case L2CAP_CHAN_CONN_ORIENTED:
714 if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_SDP)) {
715 if (chan->sec_level == BT_SECURITY_LOW)
716 chan->sec_level = BT_SECURITY_SDP;
717
718 if (chan->sec_level == BT_SECURITY_HIGH)
719 return HCI_AT_NO_BONDING_MITM;
720 else
721 return HCI_AT_NO_BONDING;
722 }
723 /* fall through */
724 default:
697 switch (chan->sec_level) { 725 switch (chan->sec_level) {
698 case BT_SECURITY_HIGH: 726 case BT_SECURITY_HIGH:
699 return HCI_AT_GENERAL_BONDING_MITM; 727 return HCI_AT_GENERAL_BONDING_MITM;
@@ -702,6 +730,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
702 default: 730 default:
703 return HCI_AT_NO_BONDING; 731 return HCI_AT_NO_BONDING;
704 } 732 }
733 break;
705 } 734 }
706} 735}
707 736
@@ -1015,11 +1044,27 @@ static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
1015static bool __amp_capable(struct l2cap_chan *chan) 1044static bool __amp_capable(struct l2cap_chan *chan)
1016{ 1045{
1017 struct l2cap_conn *conn = chan->conn; 1046 struct l2cap_conn *conn = chan->conn;
1047 struct hci_dev *hdev;
1048 bool amp_available = false;
1049
1050 if (!conn->hs_enabled)
1051 return false;
1018 1052
1019 if (conn->hs_enabled && hci_amp_capable() && 1053 if (!(conn->fixed_chan_mask & L2CAP_FC_A2MP))
1020 chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED && 1054 return false;
1021 conn->fixed_chan_mask & L2CAP_FC_A2MP) 1055
1022 return true; 1056 read_lock(&hci_dev_list_lock);
1057 list_for_each_entry(hdev, &hci_dev_list, list) {
1058 if (hdev->amp_type != AMP_TYPE_BREDR &&
1059 test_bit(HCI_UP, &hdev->flags)) {
1060 amp_available = true;
1061 break;
1062 }
1063 }
1064 read_unlock(&hci_dev_list_lock);
1065
1066 if (chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED)
1067 return amp_available;
1023 1068
1024 return false; 1069 return false;
1025} 1070}
@@ -1224,8 +1269,6 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1224 mutex_lock(&conn->chan_lock); 1269 mutex_lock(&conn->chan_lock);
1225 1270
1226 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { 1271 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
1227 struct sock *sk = chan->sk;
1228
1229 l2cap_chan_lock(chan); 1272 l2cap_chan_lock(chan);
1230 1273
1231 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { 1274 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
@@ -1257,9 +1300,10 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1257 rsp.dcid = cpu_to_le16(chan->scid); 1300 rsp.dcid = cpu_to_le16(chan->scid);
1258 1301
1259 if (l2cap_chan_check_security(chan)) { 1302 if (l2cap_chan_check_security(chan)) {
1303 struct sock *sk = chan->sk;
1304
1260 lock_sock(sk); 1305 lock_sock(sk);
1261 if (test_bit(BT_SK_DEFER_SETUP, 1306 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
1262 &bt_sk(sk)->flags)) {
1263 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND); 1307 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND);
1264 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND); 1308 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
1265 chan->ops->defer(chan); 1309 chan->ops->defer(chan);
@@ -1308,8 +1352,6 @@ static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
1308 read_lock(&chan_list_lock); 1352 read_lock(&chan_list_lock);
1309 1353
1310 list_for_each_entry(c, &chan_list, global_l) { 1354 list_for_each_entry(c, &chan_list, global_l) {
1311 struct sock *sk = c->sk;
1312
1313 if (state && c->state != state) 1355 if (state && c->state != state)
1314 continue; 1356 continue;
1315 1357
@@ -1318,16 +1360,16 @@ static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
1318 int src_any, dst_any; 1360 int src_any, dst_any;
1319 1361
1320 /* Exact match. */ 1362 /* Exact match. */
1321 src_match = !bacmp(&bt_sk(sk)->src, src); 1363 src_match = !bacmp(&c->src, src);
1322 dst_match = !bacmp(&bt_sk(sk)->dst, dst); 1364 dst_match = !bacmp(&c->dst, dst);
1323 if (src_match && dst_match) { 1365 if (src_match && dst_match) {
1324 read_unlock(&chan_list_lock); 1366 read_unlock(&chan_list_lock);
1325 return c; 1367 return c;
1326 } 1368 }
1327 1369
1328 /* Closest match */ 1370 /* Closest match */
1329 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY); 1371 src_any = !bacmp(&c->src, BDADDR_ANY);
1330 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY); 1372 dst_any = !bacmp(&c->dst, BDADDR_ANY);
1331 if ((src_match && dst_any) || (src_any && dst_match) || 1373 if ((src_match && dst_any) || (src_any && dst_match) ||
1332 (src_any && dst_any)) 1374 (src_any && dst_any))
1333 c1 = c; 1375 c1 = c;
@@ -1348,7 +1390,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1348 1390
1349 /* Check if we have socket listening on cid */ 1391 /* Check if we have socket listening on cid */
1350 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_ATT, 1392 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_ATT,
1351 conn->src, conn->dst); 1393 &conn->hcon->src, &conn->hcon->dst);
1352 if (!pchan) 1394 if (!pchan)
1353 return; 1395 return;
1354 1396
@@ -1366,8 +1408,10 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1366 1408
1367 chan->dcid = L2CAP_CID_ATT; 1409 chan->dcid = L2CAP_CID_ATT;
1368 1410
1369 bacpy(&bt_sk(chan->sk)->src, conn->src); 1411 bacpy(&chan->src, &conn->hcon->src);
1370 bacpy(&bt_sk(chan->sk)->dst, conn->dst); 1412 bacpy(&chan->dst, &conn->hcon->dst);
1413 chan->src_type = bdaddr_type(conn->hcon, conn->hcon->src_type);
1414 chan->dst_type = bdaddr_type(conn->hcon, conn->hcon->dst_type);
1371 1415
1372 __l2cap_chan_add(conn, chan); 1416 __l2cap_chan_add(conn, chan);
1373 1417
@@ -1632,9 +1676,6 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
1632 break; 1676 break;
1633 } 1677 }
1634 1678
1635 conn->src = &hcon->hdev->bdaddr;
1636 conn->dst = &hcon->dst;
1637
1638 conn->feat_mask = 0; 1679 conn->feat_mask = 0;
1639 1680
1640 if (hcon->type == ACL_LINK) 1681 if (hcon->type == ACL_LINK)
@@ -1691,8 +1732,6 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1691 read_lock(&chan_list_lock); 1732 read_lock(&chan_list_lock);
1692 1733
1693 list_for_each_entry(c, &chan_list, global_l) { 1734 list_for_each_entry(c, &chan_list, global_l) {
1694 struct sock *sk = c->sk;
1695
1696 if (state && c->state != state) 1735 if (state && c->state != state)
1697 continue; 1736 continue;
1698 1737
@@ -1701,16 +1740,16 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1701 int src_any, dst_any; 1740 int src_any, dst_any;
1702 1741
1703 /* Exact match. */ 1742 /* Exact match. */
1704 src_match = !bacmp(&bt_sk(sk)->src, src); 1743 src_match = !bacmp(&c->src, src);
1705 dst_match = !bacmp(&bt_sk(sk)->dst, dst); 1744 dst_match = !bacmp(&c->dst, dst);
1706 if (src_match && dst_match) { 1745 if (src_match && dst_match) {
1707 read_unlock(&chan_list_lock); 1746 read_unlock(&chan_list_lock);
1708 return c; 1747 return c;
1709 } 1748 }
1710 1749
1711 /* Closest match */ 1750 /* Closest match */
1712 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY); 1751 src_any = !bacmp(&c->src, BDADDR_ANY);
1713 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY); 1752 dst_any = !bacmp(&c->dst, BDADDR_ANY);
1714 if ((src_match && dst_any) || (src_any && dst_match) || 1753 if ((src_match && dst_any) || (src_any && dst_match) ||
1715 (src_any && dst_any)) 1754 (src_any && dst_any))
1716 c1 = c; 1755 c1 = c;
@@ -1726,17 +1765,16 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1726 bdaddr_t *dst, u8 dst_type) 1765 bdaddr_t *dst, u8 dst_type)
1727{ 1766{
1728 struct sock *sk = chan->sk; 1767 struct sock *sk = chan->sk;
1729 bdaddr_t *src = &bt_sk(sk)->src;
1730 struct l2cap_conn *conn; 1768 struct l2cap_conn *conn;
1731 struct hci_conn *hcon; 1769 struct hci_conn *hcon;
1732 struct hci_dev *hdev; 1770 struct hci_dev *hdev;
1733 __u8 auth_type; 1771 __u8 auth_type;
1734 int err; 1772 int err;
1735 1773
1736 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", src, dst, 1774 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", &chan->src, dst,
1737 dst_type, __le16_to_cpu(psm)); 1775 dst_type, __le16_to_cpu(psm));
1738 1776
1739 hdev = hci_get_route(dst, src); 1777 hdev = hci_get_route(dst, &chan->src);
1740 if (!hdev) 1778 if (!hdev)
1741 return -EHOSTUNREACH; 1779 return -EHOSTUNREACH;
1742 1780
@@ -1793,9 +1831,8 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1793 } 1831 }
1794 1832
1795 /* Set destination address and psm */ 1833 /* Set destination address and psm */
1796 lock_sock(sk); 1834 bacpy(&chan->dst, dst);
1797 bacpy(&bt_sk(sk)->dst, dst); 1835 chan->dst_type = dst_type;
1798 release_sock(sk);
1799 1836
1800 chan->psm = psm; 1837 chan->psm = psm;
1801 chan->dcid = cid; 1838 chan->dcid = cid;
@@ -1828,7 +1865,8 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1828 } 1865 }
1829 1866
1830 /* Update source addr of the socket */ 1867 /* Update source addr of the socket */
1831 bacpy(src, conn->src); 1868 bacpy(&chan->src, &hcon->src);
1869 chan->src_type = bdaddr_type(hcon, hcon->src_type);
1832 1870
1833 l2cap_chan_unlock(chan); 1871 l2cap_chan_unlock(chan);
1834 l2cap_chan_add(conn, chan); 1872 l2cap_chan_add(conn, chan);
@@ -2266,7 +2304,8 @@ static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
2266 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE; 2304 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
2267 struct l2cap_hdr *lh; 2305 struct l2cap_hdr *lh;
2268 2306
2269 BT_DBG("chan %p len %zu priority %u", chan, len, priority); 2307 BT_DBG("chan %p psm 0x%2.2x len %zu priority %u", chan,
2308 __le16_to_cpu(chan->psm), len, priority);
2270 2309
2271 count = min_t(unsigned int, (conn->mtu - hlen), len); 2310 count = min_t(unsigned int, (conn->mtu - hlen), len);
2272 2311
@@ -2281,7 +2320,7 @@ static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
2281 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 2320 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2282 lh->cid = cpu_to_le16(chan->dcid); 2321 lh->cid = cpu_to_le16(chan->dcid);
2283 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE); 2322 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE);
2284 put_unaligned(chan->psm, skb_put(skb, L2CAP_PSMLEN_SIZE)); 2323 put_unaligned(chan->psm, (__le16 *) skb_put(skb, L2CAP_PSMLEN_SIZE));
2285 2324
2286 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb); 2325 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2287 if (unlikely(err < 0)) { 2326 if (unlikely(err < 0)) {
@@ -3046,8 +3085,8 @@ int l2cap_ertm_init(struct l2cap_chan *chan)
3046 3085
3047 skb_queue_head_init(&chan->tx_q); 3086 skb_queue_head_init(&chan->tx_q);
3048 3087
3049 chan->local_amp_id = 0; 3088 chan->local_amp_id = AMP_ID_BREDR;
3050 chan->move_id = 0; 3089 chan->move_id = AMP_ID_BREDR;
3051 chan->move_state = L2CAP_MOVE_STABLE; 3090 chan->move_state = L2CAP_MOVE_STABLE;
3052 chan->move_role = L2CAP_MOVE_ROLE_NONE; 3091 chan->move_role = L2CAP_MOVE_ROLE_NONE;
3053 3092
@@ -3100,7 +3139,7 @@ static inline bool __l2cap_efs_supported(struct l2cap_conn *conn)
3100static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan, 3139static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
3101 struct l2cap_conf_rfc *rfc) 3140 struct l2cap_conf_rfc *rfc)
3102{ 3141{
3103 if (chan->local_amp_id && chan->hs_hcon) { 3142 if (chan->local_amp_id != AMP_ID_BREDR && chan->hs_hcon) {
3104 u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to; 3143 u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to;
3105 3144
3106 /* Class 1 devices have must have ERTM timeouts 3145 /* Class 1 devices have must have ERTM timeouts
@@ -3727,7 +3766,8 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3727 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid); 3766 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
3728 3767
3729 /* Check if we have socket listening on psm */ 3768 /* Check if we have socket listening on psm */
3730 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src, conn->dst); 3769 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src,
3770 &conn->hcon->dst);
3731 if (!pchan) { 3771 if (!pchan) {
3732 result = L2CAP_CR_BAD_PSM; 3772 result = L2CAP_CR_BAD_PSM;
3733 goto sendresp; 3773 goto sendresp;
@@ -3765,8 +3805,10 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3765 */ 3805 */
3766 conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT; 3806 conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3767 3807
3768 bacpy(&bt_sk(sk)->src, conn->src); 3808 bacpy(&chan->src, &conn->hcon->src);
3769 bacpy(&bt_sk(sk)->dst, conn->dst); 3809 bacpy(&chan->dst, &conn->hcon->dst);
3810 chan->src_type = bdaddr_type(conn->hcon, conn->hcon->src_type);
3811 chan->dst_type = bdaddr_type(conn->hcon, conn->hcon->dst_type);
3770 chan->psm = psm; 3812 chan->psm = psm;
3771 chan->dcid = scid; 3813 chan->dcid = scid;
3772 chan->local_amp_id = amp_id; 3814 chan->local_amp_id = amp_id;
@@ -3781,7 +3823,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3781 3823
3782 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { 3824 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
3783 if (l2cap_chan_check_security(chan)) { 3825 if (l2cap_chan_check_security(chan)) {
3784 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 3826 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
3785 __l2cap_state_change(chan, BT_CONNECT2); 3827 __l2cap_state_change(chan, BT_CONNECT2);
3786 result = L2CAP_CR_PEND; 3828 result = L2CAP_CR_PEND;
3787 status = L2CAP_CS_AUTHOR_PEND; 3829 status = L2CAP_CS_AUTHOR_PEND;
@@ -3791,12 +3833,12 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3791 * The connection will succeed after the 3833 * The connection will succeed after the
3792 * physical link is up. 3834 * physical link is up.
3793 */ 3835 */
3794 if (amp_id) { 3836 if (amp_id == AMP_ID_BREDR) {
3795 __l2cap_state_change(chan, BT_CONNECT2);
3796 result = L2CAP_CR_PEND;
3797 } else {
3798 __l2cap_state_change(chan, BT_CONFIG); 3837 __l2cap_state_change(chan, BT_CONFIG);
3799 result = L2CAP_CR_SUCCESS; 3838 result = L2CAP_CR_SUCCESS;
3839 } else {
3840 __l2cap_state_change(chan, BT_CONNECT2);
3841 result = L2CAP_CR_PEND;
3800 } 3842 }
3801 status = L2CAP_CS_NO_INFO; 3843 status = L2CAP_CS_NO_INFO;
3802 } 3844 }
@@ -4423,7 +4465,7 @@ static int l2cap_create_channel_req(struct l2cap_conn *conn,
4423 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id); 4465 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id);
4424 4466
4425 /* For controller id 0 make BR/EDR connection */ 4467 /* For controller id 0 make BR/EDR connection */
4426 if (req->amp_id == HCI_BREDR_ID) { 4468 if (req->amp_id == AMP_ID_BREDR) {
4427 l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP, 4469 l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP,
4428 req->amp_id); 4470 req->amp_id);
4429 return 0; 4471 return 0;
@@ -4445,7 +4487,8 @@ static int l2cap_create_channel_req(struct l2cap_conn *conn,
4445 struct amp_mgr *mgr = conn->hcon->amp_mgr; 4487 struct amp_mgr *mgr = conn->hcon->amp_mgr;
4446 struct hci_conn *hs_hcon; 4488 struct hci_conn *hs_hcon;
4447 4489
4448 hs_hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, conn->dst); 4490 hs_hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK,
4491 &conn->hcon->dst);
4449 if (!hs_hcon) { 4492 if (!hs_hcon) {
4450 hci_dev_put(hdev); 4493 hci_dev_put(hdev);
4451 return -EBADSLT; 4494 return -EBADSLT;
@@ -4658,7 +4701,7 @@ void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan,
4658 4701
4659 if (chan->state != BT_CONNECTED) { 4702 if (chan->state != BT_CONNECTED) {
4660 /* Ignore logical link if channel is on BR/EDR */ 4703 /* Ignore logical link if channel is on BR/EDR */
4661 if (chan->local_amp_id) 4704 if (chan->local_amp_id != AMP_ID_BREDR)
4662 l2cap_logical_finish_create(chan, hchan); 4705 l2cap_logical_finish_create(chan, hchan);
4663 } else { 4706 } else {
4664 l2cap_logical_finish_move(chan, hchan); 4707 l2cap_logical_finish_move(chan, hchan);
@@ -4669,7 +4712,7 @@ void l2cap_move_start(struct l2cap_chan *chan)
4669{ 4712{
4670 BT_DBG("chan %p", chan); 4713 BT_DBG("chan %p", chan);
4671 4714
4672 if (chan->local_amp_id == HCI_BREDR_ID) { 4715 if (chan->local_amp_id == AMP_ID_BREDR) {
4673 if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED) 4716 if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED)
4674 return; 4717 return;
4675 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR; 4718 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
@@ -4868,7 +4911,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4868 goto send_move_response; 4911 goto send_move_response;
4869 } 4912 }
4870 4913
4871 if (req->dest_amp_id) { 4914 if (req->dest_amp_id != AMP_ID_BREDR) {
4872 struct hci_dev *hdev; 4915 struct hci_dev *hdev;
4873 hdev = hci_dev_get(req->dest_amp_id); 4916 hdev = hci_dev_get(req->dest_amp_id);
4874 if (!hdev || hdev->dev_type != HCI_AMP || 4917 if (!hdev || hdev->dev_type != HCI_AMP ||
@@ -4888,7 +4931,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4888 */ 4931 */
4889 if ((__chan_is_moving(chan) || 4932 if ((__chan_is_moving(chan) ||
4890 chan->move_role != L2CAP_MOVE_ROLE_NONE) && 4933 chan->move_role != L2CAP_MOVE_ROLE_NONE) &&
4891 bacmp(conn->src, conn->dst) > 0) { 4934 bacmp(&conn->hcon->src, &conn->hcon->dst) > 0) {
4892 result = L2CAP_MR_COLLISION; 4935 result = L2CAP_MR_COLLISION;
4893 goto send_move_response; 4936 goto send_move_response;
4894 } 4937 }
@@ -4898,7 +4941,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4898 chan->move_id = req->dest_amp_id; 4941 chan->move_id = req->dest_amp_id;
4899 icid = chan->dcid; 4942 icid = chan->dcid;
4900 4943
4901 if (!req->dest_amp_id) { 4944 if (req->dest_amp_id == AMP_ID_BREDR) {
4902 /* Moving to BR/EDR */ 4945 /* Moving to BR/EDR */
4903 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { 4946 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4904 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; 4947 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
@@ -5090,7 +5133,7 @@ static int l2cap_move_channel_confirm(struct l2cap_conn *conn,
5090 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) { 5133 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) {
5091 if (result == L2CAP_MC_CONFIRMED) { 5134 if (result == L2CAP_MC_CONFIRMED) {
5092 chan->local_amp_id = chan->move_id; 5135 chan->local_amp_id = chan->move_id;
5093 if (!chan->local_amp_id) 5136 if (chan->local_amp_id == AMP_ID_BREDR)
5094 __release_logical_link(chan); 5137 __release_logical_link(chan);
5095 } else { 5138 } else {
5096 chan->move_id = chan->local_amp_id; 5139 chan->move_id = chan->local_amp_id;
@@ -5130,7 +5173,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
5130 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) { 5173 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) {
5131 chan->local_amp_id = chan->move_id; 5174 chan->local_amp_id = chan->move_id;
5132 5175
5133 if (!chan->local_amp_id && chan->hs_hchan) 5176 if (chan->local_amp_id == AMP_ID_BREDR && chan->hs_hchan)
5134 __release_logical_link(chan); 5177 __release_logical_link(chan);
5135 5178
5136 l2cap_move_done(chan); 5179 l2cap_move_done(chan);
@@ -6403,7 +6446,8 @@ static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm,
6403 if (hcon->type != ACL_LINK) 6446 if (hcon->type != ACL_LINK)
6404 goto drop; 6447 goto drop;
6405 6448
6406 chan = l2cap_global_chan_by_psm(0, psm, conn->src, conn->dst); 6449 chan = l2cap_global_chan_by_psm(0, psm, &conn->hcon->src,
6450 &conn->hcon->dst);
6407 if (!chan) 6451 if (!chan)
6408 goto drop; 6452 goto drop;
6409 6453
@@ -6415,6 +6459,10 @@ static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm,
6415 if (chan->imtu < skb->len) 6459 if (chan->imtu < skb->len)
6416 goto drop; 6460 goto drop;
6417 6461
6462 /* Store remote BD_ADDR and PSM for msg_name */
6463 bacpy(&bt_cb(skb)->bdaddr, &conn->hcon->dst);
6464 bt_cb(skb)->psm = psm;
6465
6418 if (!chan->ops->recv(chan, skb)) 6466 if (!chan->ops->recv(chan, skb))
6419 return; 6467 return;
6420 6468
@@ -6432,7 +6480,7 @@ static void l2cap_att_channel(struct l2cap_conn *conn,
6432 goto drop; 6480 goto drop;
6433 6481
6434 chan = l2cap_global_chan_by_scid(BT_CONNECTED, L2CAP_CID_ATT, 6482 chan = l2cap_global_chan_by_scid(BT_CONNECTED, L2CAP_CID_ATT,
6435 conn->src, conn->dst); 6483 &conn->hcon->src, &conn->hcon->dst);
6436 if (!chan) 6484 if (!chan)
6437 goto drop; 6485 goto drop;
6438 6486
@@ -6507,17 +6555,15 @@ int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
6507 /* Find listening sockets and check their link_mode */ 6555 /* Find listening sockets and check their link_mode */
6508 read_lock(&chan_list_lock); 6556 read_lock(&chan_list_lock);
6509 list_for_each_entry(c, &chan_list, global_l) { 6557 list_for_each_entry(c, &chan_list, global_l) {
6510 struct sock *sk = c->sk;
6511
6512 if (c->state != BT_LISTEN) 6558 if (c->state != BT_LISTEN)
6513 continue; 6559 continue;
6514 6560
6515 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { 6561 if (!bacmp(&c->src, &hdev->bdaddr)) {
6516 lm1 |= HCI_LM_ACCEPT; 6562 lm1 |= HCI_LM_ACCEPT;
6517 if (test_bit(FLAG_ROLE_SWITCH, &c->flags)) 6563 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
6518 lm1 |= HCI_LM_MASTER; 6564 lm1 |= HCI_LM_MASTER;
6519 exact++; 6565 exact++;
6520 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 6566 } else if (!bacmp(&c->src, BDADDR_ANY)) {
6521 lm2 |= HCI_LM_ACCEPT; 6567 lm2 |= HCI_LM_ACCEPT;
6522 if (test_bit(FLAG_ROLE_SWITCH, &c->flags)) 6568 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
6523 lm2 |= HCI_LM_MASTER; 6569 lm2 |= HCI_LM_MASTER;
@@ -6623,11 +6669,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
6623 6669
6624 if (!status && (chan->state == BT_CONNECTED || 6670 if (!status && (chan->state == BT_CONNECTED ||
6625 chan->state == BT_CONFIG)) { 6671 chan->state == BT_CONFIG)) {
6626 struct sock *sk = chan->sk; 6672 chan->ops->resume(chan);
6627
6628 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
6629 sk->sk_state_change(sk);
6630
6631 l2cap_check_encryption(chan, encrypt); 6673 l2cap_check_encryption(chan, encrypt);
6632 l2cap_chan_unlock(chan); 6674 l2cap_chan_unlock(chan);
6633 continue; 6675 continue;
@@ -6647,8 +6689,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
6647 lock_sock(sk); 6689 lock_sock(sk);
6648 6690
6649 if (!status) { 6691 if (!status) {
6650 if (test_bit(BT_SK_DEFER_SETUP, 6692 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
6651 &bt_sk(sk)->flags)) {
6652 res = L2CAP_CR_PEND; 6693 res = L2CAP_CR_PEND;
6653 stat = L2CAP_CS_AUTHOR_PEND; 6694 stat = L2CAP_CS_AUTHOR_PEND;
6654 chan->ops->defer(chan); 6695 chan->ops->defer(chan);
@@ -6782,9 +6823,13 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
6782 conn->rx_len -= skb->len; 6823 conn->rx_len -= skb->len;
6783 6824
6784 if (!conn->rx_len) { 6825 if (!conn->rx_len) {
6785 /* Complete frame received */ 6826 /* Complete frame received. l2cap_recv_frame
6786 l2cap_recv_frame(conn, conn->rx_skb); 6827 * takes ownership of the skb so set the global
6828 * rx_skb pointer to NULL first.
6829 */
6830 struct sk_buff *rx_skb = conn->rx_skb;
6787 conn->rx_skb = NULL; 6831 conn->rx_skb = NULL;
6832 l2cap_recv_frame(conn, rx_skb);
6788 } 6833 }
6789 break; 6834 break;
6790 } 6835 }
@@ -6801,10 +6846,8 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
6801 read_lock(&chan_list_lock); 6846 read_lock(&chan_list_lock);
6802 6847
6803 list_for_each_entry(c, &chan_list, global_l) { 6848 list_for_each_entry(c, &chan_list, global_l) {
6804 struct sock *sk = c->sk;
6805
6806 seq_printf(f, "%pMR %pMR %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", 6849 seq_printf(f, "%pMR %pMR %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
6807 &bt_sk(sk)->src, &bt_sk(sk)->dst, 6850 &c->src, &c->dst,
6808 c->state, __le16_to_cpu(c->psm), 6851 c->state, __le16_to_cpu(c->psm),
6809 c->scid, c->dcid, c->imtu, c->omtu, 6852 c->scid, c->dcid, c->imtu, c->omtu,
6810 c->sec_level, c->mode); 6853 c->sec_level, c->mode);
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 9119898ef040..5ffd75e20bde 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -32,7 +32,8 @@
32#include <net/bluetooth/bluetooth.h> 32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h> 33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/l2cap.h> 34#include <net/bluetooth/l2cap.h>
35#include <net/bluetooth/smp.h> 35
36#include "smp.h"
36 37
37static struct bt_sock_list l2cap_sk_list = { 38static struct bt_sock_list l2cap_sk_list = {
38 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
@@ -68,6 +69,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
68 if (la.l2_cid && la.l2_psm) 69 if (la.l2_cid && la.l2_psm)
69 return -EINVAL; 70 return -EINVAL;
70 71
72 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
73 return -EINVAL;
74
71 lock_sock(sk); 75 lock_sock(sk);
72 76
73 if (sk->sk_state != BT_OPEN) { 77 if (sk->sk_state != BT_OPEN) {
@@ -99,11 +103,20 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
99 if (err < 0) 103 if (err < 0)
100 goto done; 104 goto done;
101 105
102 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || 106 switch (chan->chan_type) {
103 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) 107 case L2CAP_CHAN_CONN_LESS:
104 chan->sec_level = BT_SECURITY_SDP; 108 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_3DSP)
109 chan->sec_level = BT_SECURITY_SDP;
110 break;
111 case L2CAP_CHAN_CONN_ORIENTED:
112 if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
113 __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
114 chan->sec_level = BT_SECURITY_SDP;
115 break;
116 }
105 117
106 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); 118 bacpy(&chan->src, &la.l2_bdaddr);
119 chan->src_type = la.l2_bdaddr_type;
107 120
108 chan->state = BT_BOUND; 121 chan->state = BT_BOUND;
109 sk->sk_state = BT_BOUND; 122 sk->sk_state = BT_BOUND;
@@ -134,6 +147,15 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
134 if (la.l2_cid && la.l2_psm) 147 if (la.l2_cid && la.l2_psm)
135 return -EINVAL; 148 return -EINVAL;
136 149
150 if (!bdaddr_type_is_valid(la.l2_bdaddr_type))
151 return -EINVAL;
152
153 if (chan->src_type == BDADDR_BREDR && la.l2_bdaddr_type != BDADDR_BREDR)
154 return -EINVAL;
155
156 if (chan->src_type != BDADDR_BREDR && la.l2_bdaddr_type == BDADDR_BREDR)
157 return -EINVAL;
158
137 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 159 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
138 &la.l2_bdaddr, la.l2_bdaddr_type); 160 &la.l2_bdaddr, la.l2_bdaddr_type);
139 if (err) 161 if (err)
@@ -265,12 +287,14 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
265 287
266 if (peer) { 288 if (peer) {
267 la->l2_psm = chan->psm; 289 la->l2_psm = chan->psm;
268 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); 290 bacpy(&la->l2_bdaddr, &chan->dst);
269 la->l2_cid = cpu_to_le16(chan->dcid); 291 la->l2_cid = cpu_to_le16(chan->dcid);
292 la->l2_bdaddr_type = chan->dst_type;
270 } else { 293 } else {
271 la->l2_psm = chan->sport; 294 la->l2_psm = chan->sport;
272 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); 295 bacpy(&la->l2_bdaddr, &chan->src);
273 la->l2_cid = cpu_to_le16(chan->scid); 296 la->l2_cid = cpu_to_le16(chan->scid);
297 la->l2_bdaddr_type = chan->src_type;
274 } 298 }
275 299
276 return 0; 300 return 0;
@@ -660,10 +684,13 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
660 break; 684 break;
661 } 685 }
662 686
663 if (opt) 687 if (opt) {
664 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 688 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
665 else 689 set_bit(FLAG_DEFER_SETUP, &chan->flags);
690 } else {
666 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 691 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
692 clear_bit(FLAG_DEFER_SETUP, &chan->flags);
693 }
667 break; 694 break;
668 695
669 case BT_FLUSHABLE: 696 case BT_FLUSHABLE:
@@ -678,7 +705,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
678 } 705 }
679 706
680 if (opt == BT_FLUSHABLE_OFF) { 707 if (opt == BT_FLUSHABLE_OFF) {
681 struct l2cap_conn *conn = chan->conn; 708 conn = chan->conn;
682 /* proceed further only when we have l2cap_conn and 709 /* proceed further only when we have l2cap_conn and
683 No Flush support in the LM */ 710 No Flush support in the LM */
684 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) { 711 if (!conn || !lmp_no_flush_capable(conn->hcon->hdev)) {
@@ -964,13 +991,12 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
964 991
965static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 992static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
966{ 993{
967 int err;
968 struct sock *sk = chan->data; 994 struct sock *sk = chan->data;
969 struct l2cap_pinfo *pi = l2cap_pi(sk); 995 int err;
970 996
971 lock_sock(sk); 997 lock_sock(sk);
972 998
973 if (pi->rx_busy_skb) { 999 if (l2cap_pi(sk)->rx_busy_skb) {
974 err = -ENOMEM; 1000 err = -ENOMEM;
975 goto done; 1001 goto done;
976 } 1002 }
@@ -986,9 +1012,9 @@ static int l2cap_sock_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
986 * acked and reassembled until there is buffer space 1012 * acked and reassembled until there is buffer space
987 * available. 1013 * available.
988 */ 1014 */
989 if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { 1015 if (err < 0 && chan->mode == L2CAP_MODE_ERTM) {
990 pi->rx_busy_skb = skb; 1016 l2cap_pi(sk)->rx_busy_skb = skb;
991 l2cap_chan_busy(pi->chan, 1); 1017 l2cap_chan_busy(chan, 1);
992 err = 0; 1018 err = 0;
993 } 1019 }
994 1020
@@ -1098,6 +1124,14 @@ static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1098 parent->sk_data_ready(parent, 0); 1124 parent->sk_data_ready(parent, 0);
1099} 1125}
1100 1126
1127static void l2cap_sock_resume_cb(struct l2cap_chan *chan)
1128{
1129 struct sock *sk = chan->data;
1130
1131 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1132 sk->sk_state_change(sk);
1133}
1134
1101static struct l2cap_ops l2cap_chan_ops = { 1135static struct l2cap_ops l2cap_chan_ops = {
1102 .name = "L2CAP Socket Interface", 1136 .name = "L2CAP Socket Interface",
1103 .new_connection = l2cap_sock_new_connection_cb, 1137 .new_connection = l2cap_sock_new_connection_cb,
@@ -1107,6 +1141,7 @@ static struct l2cap_ops l2cap_chan_ops = {
1107 .state_change = l2cap_sock_state_change_cb, 1141 .state_change = l2cap_sock_state_change_cb,
1108 .ready = l2cap_sock_ready_cb, 1142 .ready = l2cap_sock_ready_cb,
1109 .defer = l2cap_sock_defer_cb, 1143 .defer = l2cap_sock_defer_cb,
1144 .resume = l2cap_sock_resume_cb,
1110 .alloc_skb = l2cap_sock_alloc_skb_cb, 1145 .alloc_skb = l2cap_sock_alloc_skb_cb,
1111}; 1146};
1112 1147
@@ -1116,6 +1151,7 @@ static void l2cap_sock_destruct(struct sock *sk)
1116 1151
1117 if (l2cap_pi(sk)->chan) 1152 if (l2cap_pi(sk)->chan)
1118 l2cap_chan_put(l2cap_pi(sk)->chan); 1153 l2cap_chan_put(l2cap_pi(sk)->chan);
1154
1119 if (l2cap_pi(sk)->rx_busy_skb) { 1155 if (l2cap_pi(sk)->rx_busy_skb) {
1120 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1156 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1121 l2cap_pi(sk)->rx_busy_skb = NULL; 1157 l2cap_pi(sk)->rx_busy_skb = NULL;
@@ -1125,10 +1161,22 @@ static void l2cap_sock_destruct(struct sock *sk)
1125 skb_queue_purge(&sk->sk_write_queue); 1161 skb_queue_purge(&sk->sk_write_queue);
1126} 1162}
1127 1163
1164static void l2cap_skb_msg_name(struct sk_buff *skb, void *msg_name,
1165 int *msg_namelen)
1166{
1167 struct sockaddr_l2 *la = (struct sockaddr_l2 *) msg_name;
1168
1169 memset(la, 0, sizeof(struct sockaddr_l2));
1170 la->l2_family = AF_BLUETOOTH;
1171 la->l2_psm = bt_cb(skb)->psm;
1172 bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1173
1174 *msg_namelen = sizeof(struct sockaddr_l2);
1175}
1176
1128static void l2cap_sock_init(struct sock *sk, struct sock *parent) 1177static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1129{ 1178{
1130 struct l2cap_pinfo *pi = l2cap_pi(sk); 1179 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1131 struct l2cap_chan *chan = pi->chan;
1132 1180
1133 BT_DBG("sk %p", sk); 1181 BT_DBG("sk %p", sk);
1134 1182
@@ -1152,13 +1200,13 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1152 1200
1153 security_sk_clone(parent, sk); 1201 security_sk_clone(parent, sk);
1154 } else { 1202 } else {
1155
1156 switch (sk->sk_type) { 1203 switch (sk->sk_type) {
1157 case SOCK_RAW: 1204 case SOCK_RAW:
1158 chan->chan_type = L2CAP_CHAN_RAW; 1205 chan->chan_type = L2CAP_CHAN_RAW;
1159 break; 1206 break;
1160 case SOCK_DGRAM: 1207 case SOCK_DGRAM:
1161 chan->chan_type = L2CAP_CHAN_CONN_LESS; 1208 chan->chan_type = L2CAP_CHAN_CONN_LESS;
1209 bt_sk(sk)->skb_msg_name = l2cap_skb_msg_name;
1162 break; 1210 break;
1163 case SOCK_SEQPACKET: 1211 case SOCK_SEQPACKET:
1164 case SOCK_STREAM: 1212 case SOCK_STREAM:
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 16125ff918f1..861e389f4b4c 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -30,7 +30,8 @@
30#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h> 31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h> 32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/smp.h> 33
34#include "smp.h"
34 35
35#define MGMT_VERSION 1 36#define MGMT_VERSION 1
36#define MGMT_REVISION 4 37#define MGMT_REVISION 4
@@ -77,6 +78,7 @@ static const u16 mgmt_commands[] = {
77 MGMT_OP_SET_ADVERTISING, 78 MGMT_OP_SET_ADVERTISING,
78 MGMT_OP_SET_BREDR, 79 MGMT_OP_SET_BREDR,
79 MGMT_OP_SET_STATIC_ADDRESS, 80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
80}; 82};
81 83
82static const u16 mgmt_events[] = { 84static const u16 mgmt_events[] = {
@@ -182,11 +184,6 @@ static u8 mgmt_status_table[] = {
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183}; 185};
184 186
185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
190static u8 mgmt_status(u8 hci_status) 187static u8 mgmt_status(u8 hci_status)
191{ 188{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
@@ -322,10 +319,8 @@ static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
322 319
323 count = 0; 320 count = 0;
324 list_for_each_entry(d, &hci_dev_list, list) { 321 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d)) 322 if (d->dev_type == HCI_BREDR)
326 continue; 323 count++;
327
328 count++;
329 } 324 }
330 325
331 rp_len = sizeof(*rp) + (2 * count); 326 rp_len = sizeof(*rp) + (2 * count);
@@ -343,11 +338,10 @@ static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags)) 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue; 339 continue;
345 340
346 if (!mgmt_valid_hdev(d)) 341 if (d->dev_type == HCI_BREDR) {
347 continue; 342 rp->index[count++] = cpu_to_le16(d->id);
348 343 BT_DBG("Added hci%u", d->id);
349 rp->index[count++] = cpu_to_le16(d->id); 344 }
350 BT_DBG("Added hci%u", d->id);
351 } 345 }
352 346
353 rp->num_controllers = cpu_to_le16(count); 347 rp->num_controllers = cpu_to_le16(count);
@@ -370,9 +364,6 @@ static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED; 364 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE; 365 settings |= MGMT_SETTING_PAIRABLE;
372 366
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
375
376 if (lmp_bredr_capable(hdev)) { 367 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE; 368 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2) 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
@@ -380,7 +371,11 @@ static u32 get_supported_settings(struct hci_dev *hdev)
380 settings |= MGMT_SETTING_DISCOVERABLE; 371 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR; 372 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY; 373 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS; 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
384 } 379 }
385 380
386 if (lmp_le_capable(hdev)) { 381 if (lmp_le_capable(hdev)) {
@@ -425,7 +420,7 @@ static u32 get_current_settings(struct hci_dev *hdev)
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS; 421 settings |= MGMT_SETTING_HS;
427 422
428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING; 424 settings |= MGMT_SETTING_ADVERTISING;
430 425
431 return settings; 426 return settings;
@@ -940,11 +935,52 @@ static u8 mgmt_le_support(struct hci_dev *hdev)
940 return MGMT_STATUS_SUCCESS; 935 return MGMT_STATUS_SUCCESS;
941} 936}
942 937
938static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
939{
940 struct pending_cmd *cmd;
941 struct mgmt_mode *cp;
942 bool changed;
943
944 BT_DBG("status 0x%02x", status);
945
946 hci_dev_lock(hdev);
947
948 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
949 if (!cmd)
950 goto unlock;
951
952 if (status) {
953 u8 mgmt_err = mgmt_status(status);
954 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
955 goto remove_cmd;
956 }
957
958 cp = cmd->param;
959 if (cp->val)
960 changed = !test_and_set_bit(HCI_DISCOVERABLE,
961 &hdev->dev_flags);
962 else
963 changed = test_and_clear_bit(HCI_DISCOVERABLE,
964 &hdev->dev_flags);
965
966 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
967
968 if (changed)
969 new_settings(hdev, cmd->sk);
970
971remove_cmd:
972 mgmt_pending_remove(cmd);
973
974unlock:
975 hci_dev_unlock(hdev);
976}
977
943static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 978static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
944 u16 len) 979 u16 len)
945{ 980{
946 struct mgmt_cp_set_discoverable *cp = data; 981 struct mgmt_cp_set_discoverable *cp = data;
947 struct pending_cmd *cmd; 982 struct pending_cmd *cmd;
983 struct hci_request req;
948 u16 timeout; 984 u16 timeout;
949 u8 scan, status; 985 u8 scan, status;
950 int err; 986 int err;
@@ -1026,6 +1062,8 @@ static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1026 goto failed; 1062 goto failed;
1027 } 1063 }
1028 1064
1065 hci_req_init(&req, hdev);
1066
1029 scan = SCAN_PAGE; 1067 scan = SCAN_PAGE;
1030 1068
1031 if (cp->val) 1069 if (cp->val)
@@ -1033,7 +1071,9 @@ static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1033 else 1071 else
1034 cancel_delayed_work(&hdev->discov_off); 1072 cancel_delayed_work(&hdev->discov_off);
1035 1073
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1074 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1075
1076 err = hci_req_run(&req, set_discoverable_complete);
1037 if (err < 0) 1077 if (err < 0)
1038 mgmt_pending_remove(cmd); 1078 mgmt_pending_remove(cmd);
1039 1079
@@ -1077,9 +1117,58 @@ static void write_fast_connectable(struct hci_request *req, bool enable)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 1117 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1078} 1118}
1079 1119
1120static u8 get_adv_type(struct hci_dev *hdev)
1121{
1122 struct pending_cmd *cmd;
1123 bool connectable;
1124
1125 /* If there's a pending mgmt command the flag will not yet have
1126 * it's final value, so check for this first.
1127 */
1128 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1129 if (cmd) {
1130 struct mgmt_mode *cp = cmd->param;
1131 connectable = !!cp->val;
1132 } else {
1133 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1134 }
1135
1136 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1137}
1138
1139static void enable_advertising(struct hci_request *req)
1140{
1141 struct hci_dev *hdev = req->hdev;
1142 struct hci_cp_le_set_adv_param cp;
1143 u8 enable = 0x01;
1144
1145 memset(&cp, 0, sizeof(cp));
1146 cp.min_interval = __constant_cpu_to_le16(0x0800);
1147 cp.max_interval = __constant_cpu_to_le16(0x0800);
1148 cp.type = get_adv_type(hdev);
1149 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1150 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1151 else
1152 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1153 cp.channel_map = 0x07;
1154
1155 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1156
1157 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1158}
1159
1160static void disable_advertising(struct hci_request *req)
1161{
1162 u8 enable = 0x00;
1163
1164 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1165}
1166
1080static void set_connectable_complete(struct hci_dev *hdev, u8 status) 1167static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1081{ 1168{
1082 struct pending_cmd *cmd; 1169 struct pending_cmd *cmd;
1170 struct mgmt_mode *cp;
1171 bool changed;
1083 1172
1084 BT_DBG("status 0x%02x", status); 1173 BT_DBG("status 0x%02x", status);
1085 1174
@@ -1089,8 +1178,24 @@ static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1089 if (!cmd) 1178 if (!cmd)
1090 goto unlock; 1179 goto unlock;
1091 1180
1181 if (status) {
1182 u8 mgmt_err = mgmt_status(status);
1183 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1184 goto remove_cmd;
1185 }
1186
1187 cp = cmd->param;
1188 if (cp->val)
1189 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1190 else
1191 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1192
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev); 1193 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1093 1194
1195 if (changed)
1196 new_settings(hdev, cmd->sk);
1197
1198remove_cmd:
1094 mgmt_pending_remove(cmd); 1199 mgmt_pending_remove(cmd);
1095 1200
1096unlock: 1201unlock:
@@ -1103,15 +1208,15 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1103 struct mgmt_mode *cp = data; 1208 struct mgmt_mode *cp = data;
1104 struct pending_cmd *cmd; 1209 struct pending_cmd *cmd;
1105 struct hci_request req; 1210 struct hci_request req;
1106 u8 scan, status; 1211 u8 scan;
1107 int err; 1212 int err;
1108 1213
1109 BT_DBG("request for %s", hdev->name); 1214 BT_DBG("request for %s", hdev->name);
1110 1215
1111 status = mgmt_bredr_support(hdev); 1216 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1112 if (status) 1217 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1218 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1114 status); 1219 MGMT_STATUS_REJECTED);
1115 1220
1116 if (cp->val != 0x00 && cp->val != 0x01) 1221 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
@@ -1149,30 +1254,29 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1149 goto failed; 1254 goto failed;
1150 } 1255 }
1151 1256
1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1154 goto failed;
1155 }
1156
1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1257 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1158 if (!cmd) { 1258 if (!cmd) {
1159 err = -ENOMEM; 1259 err = -ENOMEM;
1160 goto failed; 1260 goto failed;
1161 } 1261 }
1162 1262
1163 if (cp->val) { 1263 hci_req_init(&req, hdev);
1164 scan = SCAN_PAGE;
1165 } else {
1166 scan = 0;
1167 1264
1168 if (test_bit(HCI_ISCAN, &hdev->flags) && 1265 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1169 hdev->discov_timeout > 0) 1266 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1170 cancel_delayed_work(&hdev->discov_off);
1171 }
1172 1267
1173 hci_req_init(&req, hdev); 1268 if (cp->val) {
1269 scan = SCAN_PAGE;
1270 } else {
1271 scan = 0;
1174 1272
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1273 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1274 hdev->discov_timeout > 0)
1275 cancel_delayed_work(&hdev->discov_off);
1276 }
1277
1278 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1279 }
1176 1280
1177 /* If we're going from non-connectable to connectable or 1281 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast 1282 * vice-versa when fast connectable is enabled ensure that fast
@@ -1183,9 +1287,20 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) 1287 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1184 write_fast_connectable(&req, false); 1288 write_fast_connectable(&req, false);
1185 1289
1290 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1291 hci_conn_num(hdev, LE_LINK) == 0) {
1292 disable_advertising(&req);
1293 enable_advertising(&req);
1294 }
1295
1186 err = hci_req_run(&req, set_connectable_complete); 1296 err = hci_req_run(&req, set_connectable_complete);
1187 if (err < 0) 1297 if (err < 0) {
1188 mgmt_pending_remove(cmd); 1298 mgmt_pending_remove(cmd);
1299 if (err == -ENODATA)
1300 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1301 hdev);
1302 goto failed;
1303 }
1189 1304
1190failed: 1305failed:
1191 hci_dev_unlock(hdev); 1306 hci_dev_unlock(hdev);
@@ -1196,6 +1311,7 @@ static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1196 u16 len) 1311 u16 len)
1197{ 1312{
1198 struct mgmt_mode *cp = data; 1313 struct mgmt_mode *cp = data;
1314 bool changed;
1199 int err; 1315 int err;
1200 1316
1201 BT_DBG("request for %s", hdev->name); 1317 BT_DBG("request for %s", hdev->name);
@@ -1207,17 +1323,18 @@ static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1207 hci_dev_lock(hdev); 1323 hci_dev_lock(hdev);
1208 1324
1209 if (cp->val) 1325 if (cp->val)
1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1326 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1211 else 1327 else
1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1328 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1213 1329
1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 1330 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1215 if (err < 0) 1331 if (err < 0)
1216 goto failed; 1332 goto unlock;
1217 1333
1218 err = new_settings(hdev, sk); 1334 if (changed)
1335 err = new_settings(hdev, sk);
1219 1336
1220failed: 1337unlock:
1221 hci_dev_unlock(hdev); 1338 hci_dev_unlock(hdev);
1222 return err; 1339 return err;
1223} 1340}
@@ -1296,7 +1413,7 @@ static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1296{ 1413{
1297 struct mgmt_mode *cp = data; 1414 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd; 1415 struct pending_cmd *cmd;
1299 u8 val, status; 1416 u8 status;
1300 int err; 1417 int err;
1301 1418
1302 BT_DBG("request for %s", hdev->name); 1419 BT_DBG("request for %s", hdev->name);
@@ -1315,14 +1432,20 @@ static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1315 1432
1316 hci_dev_lock(hdev); 1433 hci_dev_lock(hdev);
1317 1434
1318 val = !!cp->val;
1319
1320 if (!hdev_is_powered(hdev)) { 1435 if (!hdev_is_powered(hdev)) {
1321 bool changed = false; 1436 bool changed;
1322 1437
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) { 1438 if (cp->val) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 1439 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1325 changed = true; 1440 &hdev->dev_flags);
1441 } else {
1442 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1443 &hdev->dev_flags);
1444 if (!changed)
1445 changed = test_and_clear_bit(HCI_HS_ENABLED,
1446 &hdev->dev_flags);
1447 else
1448 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1326 } 1449 }
1327 1450
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1451 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
@@ -1335,13 +1458,14 @@ static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1335 goto failed; 1458 goto failed;
1336 } 1459 }
1337 1460
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) { 1461 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1462 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, 1463 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1340 MGMT_STATUS_BUSY); 1464 MGMT_STATUS_BUSY);
1341 goto failed; 1465 goto failed;
1342 } 1466 }
1343 1467
1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) { 1468 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); 1469 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1346 goto failed; 1470 goto failed;
1347 } 1471 }
@@ -1352,7 +1476,7 @@ static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1352 goto failed; 1476 goto failed;
1353 } 1477 }
1354 1478
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val); 1479 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1356 if (err < 0) { 1480 if (err < 0) {
1357 mgmt_pending_remove(cmd); 1481 mgmt_pending_remove(cmd);
1358 goto failed; 1482 goto failed;
@@ -1376,6 +1500,14 @@ static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1376 if (status) 1500 if (status)
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1501 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1378 1502
1503 if (!lmp_ssp_capable(hdev))
1504 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1505 MGMT_STATUS_NOT_SUPPORTED);
1506
1507 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1509 MGMT_STATUS_REJECTED);
1510
1379 if (cp->val != 0x00 && cp->val != 0x01) 1511 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1512 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS); 1513 MGMT_STATUS_INVALID_PARAMS);
@@ -1463,8 +1595,8 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1463 changed = true; 1595 changed = true;
1464 } 1596 }
1465 1597
1466 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) { 1598 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1467 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 1599 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1468 changed = true; 1600 changed = true;
1469 } 1601 }
1470 1602
@@ -1500,8 +1632,8 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1500 1632
1501 hci_req_init(&req, hdev); 1633 hci_req_init(&req, hdev);
1502 1634
1503 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val) 1635 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1504 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val); 1636 disable_advertising(&req);
1505 1637
1506 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1638 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1507 &hci_cp); 1639 &hci_cp);
@@ -2888,7 +3020,7 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2888 goto failed; 3020 goto failed;
2889 } 3021 }
2890 3022
2891 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) { 3023 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 3024 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2893 MGMT_STATUS_REJECTED); 3025 MGMT_STATUS_REJECTED);
2894 mgmt_pending_remove(cmd); 3026 mgmt_pending_remove(cmd);
@@ -2906,6 +3038,10 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2906 param_cp.type = LE_SCAN_ACTIVE; 3038 param_cp.type = LE_SCAN_ACTIVE;
2907 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT); 3039 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2908 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN); 3040 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3041 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3042 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3043 else
3044 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2909 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 3045 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2910 &param_cp); 3046 &param_cp);
2911 3047
@@ -3214,7 +3350,8 @@ static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3214 sock_put(match.sk); 3350 sock_put(match.sk);
3215} 3351}
3216 3352
3217static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 3353static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3354 u16 len)
3218{ 3355{
3219 struct mgmt_mode *cp = data; 3356 struct mgmt_mode *cp = data;
3220 struct pending_cmd *cmd; 3357 struct pending_cmd *cmd;
@@ -3236,13 +3373,19 @@ static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u1
3236 hci_dev_lock(hdev); 3373 hci_dev_lock(hdev);
3237 3374
3238 val = !!cp->val; 3375 val = !!cp->val;
3239 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 3376 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3240 3377
3241 if (!hdev_is_powered(hdev) || val == enabled) { 3378 /* The following conditions are ones which mean that we should
3379 * not do any HCI communication but directly send a mgmt
3380 * response to user space (after toggling the flag if
3381 * necessary).
3382 */
3383 if (!hdev_is_powered(hdev) || val == enabled ||
3384 hci_conn_num(hdev, LE_LINK) > 0) {
3242 bool changed = false; 3385 bool changed = false;
3243 3386
3244 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) { 3387 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3245 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 3388 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3246 changed = true; 3389 changed = true;
3247 } 3390 }
3248 3391
@@ -3271,7 +3414,10 @@ static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u1
3271 3414
3272 hci_req_init(&req, hdev); 3415 hci_req_init(&req, hdev);
3273 3416
3274 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val); 3417 if (val)
3418 enable_advertising(&req);
3419 else
3420 disable_advertising(&req);
3275 3421
3276 err = hci_req_run(&req, set_advertising_complete); 3422 err = hci_req_run(&req, set_advertising_complete);
3277 if (err < 0) 3423 if (err < 0)
@@ -3322,6 +3468,47 @@ static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3322 return err; 3468 return err;
3323} 3469}
3324 3470
3471static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3472 void *data, u16 len)
3473{
3474 struct mgmt_cp_set_scan_params *cp = data;
3475 __u16 interval, window;
3476 int err;
3477
3478 BT_DBG("%s", hdev->name);
3479
3480 if (!lmp_le_capable(hdev))
3481 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3482 MGMT_STATUS_NOT_SUPPORTED);
3483
3484 interval = __le16_to_cpu(cp->interval);
3485
3486 if (interval < 0x0004 || interval > 0x4000)
3487 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3488 MGMT_STATUS_INVALID_PARAMS);
3489
3490 window = __le16_to_cpu(cp->window);
3491
3492 if (window < 0x0004 || window > 0x4000)
3493 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3494 MGMT_STATUS_INVALID_PARAMS);
3495
3496 if (window > interval)
3497 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3498 MGMT_STATUS_INVALID_PARAMS);
3499
3500 hci_dev_lock(hdev);
3501
3502 hdev->le_scan_interval = interval;
3503 hdev->le_scan_window = window;
3504
3505 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3506
3507 hci_dev_unlock(hdev);
3508
3509 return err;
3510}
3511
3325static void fast_connectable_complete(struct hci_dev *hdev, u8 status) 3512static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3326{ 3513{
3327 struct pending_cmd *cmd; 3514 struct pending_cmd *cmd;
@@ -3420,6 +3607,26 @@ unlock:
3420 return err; 3607 return err;
3421} 3608}
3422 3609
3610static void set_bredr_scan(struct hci_request *req)
3611{
3612 struct hci_dev *hdev = req->hdev;
3613 u8 scan = 0;
3614
3615 /* Ensure that fast connectable is disabled. This function will
3616 * not do anything if the page scan parameters are already what
3617 * they should be.
3618 */
3619 write_fast_connectable(req, false);
3620
3621 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3622 scan |= SCAN_PAGE;
3623 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3624 scan |= SCAN_INQUIRY;
3625
3626 if (scan)
3627 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3628}
3629
3423static void set_bredr_complete(struct hci_dev *hdev, u8 status) 3630static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3424{ 3631{
3425 struct pending_cmd *cmd; 3632 struct pending_cmd *cmd;
@@ -3482,7 +3689,6 @@ static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3482 3689
3483 if (!hdev_is_powered(hdev)) { 3690 if (!hdev_is_powered(hdev)) {
3484 if (!cp->val) { 3691 if (!cp->val) {
3485 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3486 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 3692 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3487 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 3693 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3488 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 3694 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
@@ -3525,7 +3731,12 @@ static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3525 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 3731 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3526 3732
3527 hci_req_init(&req, hdev); 3733 hci_req_init(&req, hdev);
3734
3735 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3736 set_bredr_scan(&req);
3737
3528 hci_update_ad(&req); 3738 hci_update_ad(&req);
3739
3529 err = hci_req_run(&req, set_bredr_complete); 3740 err = hci_req_run(&req, set_bredr_complete);
3530 if (err < 0) 3741 if (err < 0)
3531 mgmt_pending_remove(cmd); 3742 mgmt_pending_remove(cmd);
@@ -3587,15 +3798,19 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3587 3798
3588 for (i = 0; i < key_count; i++) { 3799 for (i = 0; i < key_count; i++) {
3589 struct mgmt_ltk_info *key = &cp->keys[i]; 3800 struct mgmt_ltk_info *key = &cp->keys[i];
3590 u8 type; 3801 u8 type, addr_type;
3802
3803 if (key->addr.type == BDADDR_LE_PUBLIC)
3804 addr_type = ADDR_LE_DEV_PUBLIC;
3805 else
3806 addr_type = ADDR_LE_DEV_RANDOM;
3591 3807
3592 if (key->master) 3808 if (key->master)
3593 type = HCI_SMP_LTK; 3809 type = HCI_SMP_LTK;
3594 else 3810 else
3595 type = HCI_SMP_LTK_SLAVE; 3811 type = HCI_SMP_LTK_SLAVE;
3596 3812
3597 hci_add_ltk(hdev, &key->addr.bdaddr, 3813 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3598 bdaddr_to_le(key->addr.type),
3599 type, 0, key->authenticated, key->val, 3814 type, 0, key->authenticated, key->val,
3600 key->enc_size, key->ediv, key->rand); 3815 key->enc_size, key->ediv, key->rand);
3601 } 3816 }
@@ -3658,6 +3873,7 @@ static const struct mgmt_handler {
3658 { set_advertising, false, MGMT_SETTING_SIZE }, 3873 { set_advertising, false, MGMT_SETTING_SIZE },
3659 { set_bredr, false, MGMT_SETTING_SIZE }, 3874 { set_bredr, false, MGMT_SETTING_SIZE },
3660 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE }, 3875 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3876 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3661}; 3877};
3662 3878
3663 3879
@@ -3703,7 +3919,8 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3703 goto done; 3919 goto done;
3704 } 3920 }
3705 3921
3706 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 3922 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3923 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3707 err = cmd_status(sk, index, opcode, 3924 err = cmd_status(sk, index, opcode,
3708 MGMT_STATUS_INVALID_INDEX); 3925 MGMT_STATUS_INVALID_INDEX);
3709 goto done; 3926 goto done;
@@ -3753,44 +3970,24 @@ done:
3753 return err; 3970 return err;
3754} 3971}
3755 3972
3756int mgmt_index_added(struct hci_dev *hdev) 3973void mgmt_index_added(struct hci_dev *hdev)
3757{ 3974{
3758 if (!mgmt_valid_hdev(hdev)) 3975 if (hdev->dev_type != HCI_BREDR)
3759 return -ENOTSUPP; 3976 return;
3760 3977
3761 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 3978 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3762} 3979}
3763 3980
3764int mgmt_index_removed(struct hci_dev *hdev) 3981void mgmt_index_removed(struct hci_dev *hdev)
3765{ 3982{
3766 u8 status = MGMT_STATUS_INVALID_INDEX; 3983 u8 status = MGMT_STATUS_INVALID_INDEX;
3767 3984
3768 if (!mgmt_valid_hdev(hdev)) 3985 if (hdev->dev_type != HCI_BREDR)
3769 return -ENOTSUPP; 3986 return;
3770 3987
3771 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 3988 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3772 3989
3773 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 3990 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3774}
3775
3776static void set_bredr_scan(struct hci_request *req)
3777{
3778 struct hci_dev *hdev = req->hdev;
3779 u8 scan = 0;
3780
3781 /* Ensure that fast connectable is disabled. This function will
3782 * not do anything if the page scan parameters are already what
3783 * they should be.
3784 */
3785 write_fast_connectable(req, false);
3786
3787 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3788 scan |= SCAN_PAGE;
3789 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3790 scan |= SCAN_INQUIRY;
3791
3792 if (scan)
3793 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3794} 3991}
3795 3992
3796static void powered_complete(struct hci_dev *hdev, u8 status) 3993static void powered_complete(struct hci_dev *hdev, u8 status)
@@ -3849,12 +4046,9 @@ static int powered_update_hci(struct hci_dev *hdev)
3849 if (bacmp(&hdev->static_addr, BDADDR_ANY)) 4046 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3850 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6, 4047 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3851 &hdev->static_addr); 4048 &hdev->static_addr);
3852 }
3853
3854 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3855 u8 adv = 0x01;
3856 4049
3857 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv); 4050 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4051 enable_advertising(&req);
3858 } 4052 }
3859 4053
3860 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 4054 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
@@ -3908,33 +4102,37 @@ new_settings:
3908 return err; 4102 return err;
3909} 4103}
3910 4104
3911int mgmt_set_powered_failed(struct hci_dev *hdev, int err) 4105void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3912{ 4106{
3913 struct pending_cmd *cmd; 4107 struct pending_cmd *cmd;
3914 u8 status; 4108 u8 status;
3915 4109
3916 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev); 4110 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3917 if (!cmd) 4111 if (!cmd)
3918 return -ENOENT; 4112 return;
3919 4113
3920 if (err == -ERFKILL) 4114 if (err == -ERFKILL)
3921 status = MGMT_STATUS_RFKILLED; 4115 status = MGMT_STATUS_RFKILLED;
3922 else 4116 else
3923 status = MGMT_STATUS_FAILED; 4117 status = MGMT_STATUS_FAILED;
3924 4118
3925 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status); 4119 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3926 4120
3927 mgmt_pending_remove(cmd); 4121 mgmt_pending_remove(cmd);
3928
3929 return err;
3930} 4122}
3931 4123
3932int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 4124int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3933{ 4125{
3934 struct cmd_lookup match = { NULL, hdev };
3935 bool changed = false; 4126 bool changed = false;
3936 int err = 0; 4127 int err = 0;
3937 4128
4129 /* Nothing needed here if there's a pending command since that
4130 * commands request completion callback takes care of everything
4131 * necessary.
4132 */
4133 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4134 return 0;
4135
3938 if (discoverable) { 4136 if (discoverable) {
3939 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 4137 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3940 changed = true; 4138 changed = true;
@@ -3943,24 +4141,24 @@ int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3943 changed = true; 4141 changed = true;
3944 } 4142 }
3945 4143
3946 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3947 &match);
3948
3949 if (changed) 4144 if (changed)
3950 err = new_settings(hdev, match.sk); 4145 err = new_settings(hdev, NULL);
3951
3952 if (match.sk)
3953 sock_put(match.sk);
3954 4146
3955 return err; 4147 return err;
3956} 4148}
3957 4149
3958int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 4150int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3959{ 4151{
3960 struct pending_cmd *cmd;
3961 bool changed = false; 4152 bool changed = false;
3962 int err = 0; 4153 int err = 0;
3963 4154
4155 /* Nothing needed here if there's a pending command since that
4156 * commands request completion callback takes care of everything
4157 * necessary.
4158 */
4159 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4160 return 0;
4161
3964 if (connectable) { 4162 if (connectable) {
3965 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags)) 4163 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3966 changed = true; 4164 changed = true;
@@ -3969,10 +4167,8 @@ int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3969 changed = true; 4167 changed = true;
3970 } 4168 }
3971 4169
3972 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
3973
3974 if (changed) 4170 if (changed)
3975 err = new_settings(hdev, cmd ? cmd->sk : NULL); 4171 err = new_settings(hdev, NULL);
3976 4172
3977 return err; 4173 return err;
3978} 4174}
@@ -4032,9 +4228,9 @@ int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4032 NULL); 4228 NULL);
4033} 4229}
4034 4230
4035int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 4231void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4036 u8 addr_type, u32 flags, u8 *name, u8 name_len, 4232 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4037 u8 *dev_class) 4233 u8 *dev_class)
4038{ 4234{
4039 char buf[512]; 4235 char buf[512];
4040 struct mgmt_ev_device_connected *ev = (void *) buf; 4236 struct mgmt_ev_device_connected *ev = (void *) buf;
@@ -4055,8 +4251,8 @@ int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4055 4251
4056 ev->eir_len = cpu_to_le16(eir_len); 4252 ev->eir_len = cpu_to_le16(eir_len);
4057 4253
4058 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 4254 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4059 sizeof(*ev) + eir_len, NULL); 4255 sizeof(*ev) + eir_len, NULL);
4060} 4256}
4061 4257
4062static void disconnect_rsp(struct pending_cmd *cmd, void *data) 4258static void disconnect_rsp(struct pending_cmd *cmd, void *data)
@@ -4094,12 +4290,11 @@ static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4094 mgmt_pending_remove(cmd); 4290 mgmt_pending_remove(cmd);
4095} 4291}
4096 4292
4097int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 4293void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4098 u8 link_type, u8 addr_type, u8 reason) 4294 u8 link_type, u8 addr_type, u8 reason)
4099{ 4295{
4100 struct mgmt_ev_device_disconnected ev; 4296 struct mgmt_ev_device_disconnected ev;
4101 struct sock *sk = NULL; 4297 struct sock *sk = NULL;
4102 int err;
4103 4298
4104 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 4299 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4105 4300
@@ -4107,45 +4302,39 @@ int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4107 ev.addr.type = link_to_bdaddr(link_type, addr_type); 4302 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4108 ev.reason = reason; 4303 ev.reason = reason;
4109 4304
4110 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), 4305 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4111 sk);
4112 4306
4113 if (sk) 4307 if (sk)
4114 sock_put(sk); 4308 sock_put(sk);
4115 4309
4116 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 4310 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4117 hdev); 4311 hdev);
4118
4119 return err;
4120} 4312}
4121 4313
4122int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 4314void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4123 u8 link_type, u8 addr_type, u8 status) 4315 u8 link_type, u8 addr_type, u8 status)
4124{ 4316{
4125 struct mgmt_rp_disconnect rp; 4317 struct mgmt_rp_disconnect rp;
4126 struct pending_cmd *cmd; 4318 struct pending_cmd *cmd;
4127 int err;
4128 4319
4129 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp, 4320 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4130 hdev); 4321 hdev);
4131 4322
4132 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 4323 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4133 if (!cmd) 4324 if (!cmd)
4134 return -ENOENT; 4325 return;
4135 4326
4136 bacpy(&rp.addr.bdaddr, bdaddr); 4327 bacpy(&rp.addr.bdaddr, bdaddr);
4137 rp.addr.type = link_to_bdaddr(link_type, addr_type); 4328 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4138 4329
4139 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 4330 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4140 mgmt_status(status), &rp, sizeof(rp)); 4331 mgmt_status(status), &rp, sizeof(rp));
4141 4332
4142 mgmt_pending_remove(cmd); 4333 mgmt_pending_remove(cmd);
4143
4144 return err;
4145} 4334}
4146 4335
4147int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 4336void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4148 u8 addr_type, u8 status) 4337 u8 addr_type, u8 status)
4149{ 4338{
4150 struct mgmt_ev_connect_failed ev; 4339 struct mgmt_ev_connect_failed ev;
4151 4340
@@ -4153,7 +4342,7 @@ int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4153 ev.addr.type = link_to_bdaddr(link_type, addr_type); 4342 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4154 ev.status = mgmt_status(status); 4343 ev.status = mgmt_status(status);
4155 4344
4156 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 4345 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4157} 4346}
4158 4347
4159int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 4348int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
@@ -4382,8 +4571,10 @@ int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4382 u8 mgmt_err = mgmt_status(status); 4571 u8 mgmt_err = mgmt_status(status);
4383 4572
4384 if (enable && test_and_clear_bit(HCI_SSP_ENABLED, 4573 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4385 &hdev->dev_flags)) 4574 &hdev->dev_flags)) {
4575 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4386 err = new_settings(hdev, NULL); 4576 err = new_settings(hdev, NULL);
4577 }
4387 4578
4388 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp, 4579 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4389 &mgmt_err); 4580 &mgmt_err);
@@ -4392,11 +4583,14 @@ int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4392 } 4583 }
4393 4584
4394 if (enable) { 4585 if (enable) {
4395 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 4586 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4396 changed = true;
4397 } else { 4587 } else {
4398 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 4588 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4399 changed = true; 4589 if (!changed)
4590 changed = test_and_clear_bit(HCI_HS_ENABLED,
4591 &hdev->dev_flags);
4592 else
4593 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4400 } 4594 }
4401 4595
4402 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); 4596 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
@@ -4507,20 +4701,20 @@ int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4507 return err; 4701 return err;
4508} 4702}
4509 4703
4510int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 4704void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4511 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 4705 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4512 ssp, u8 *eir, u16 eir_len) 4706 ssp, u8 *eir, u16 eir_len)
4513{ 4707{
4514 char buf[512]; 4708 char buf[512];
4515 struct mgmt_ev_device_found *ev = (void *) buf; 4709 struct mgmt_ev_device_found *ev = (void *) buf;
4516 size_t ev_size; 4710 size_t ev_size;
4517 4711
4518 if (!hci_discovery_active(hdev)) 4712 if (!hci_discovery_active(hdev))
4519 return -EPERM; 4713 return;
4520 4714
4521 /* Leave 5 bytes for a potential CoD field */ 4715 /* Leave 5 bytes for a potential CoD field */
4522 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 4716 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4523 return -EINVAL; 4717 return;
4524 4718
4525 memset(buf, 0, sizeof(buf)); 4719 memset(buf, 0, sizeof(buf));
4526 4720
@@ -4542,11 +4736,11 @@ int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4542 ev->eir_len = cpu_to_le16(eir_len); 4736 ev->eir_len = cpu_to_le16(eir_len);
4543 ev_size = sizeof(*ev) + eir_len; 4737 ev_size = sizeof(*ev) + eir_len;
4544 4738
4545 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 4739 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4546} 4740}
4547 4741
4548int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 4742void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4549 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 4743 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4550{ 4744{
4551 struct mgmt_ev_device_found *ev; 4745 struct mgmt_ev_device_found *ev;
4552 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 4746 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
@@ -4565,11 +4759,10 @@ int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4565 4759
4566 ev->eir_len = cpu_to_le16(eir_len); 4760 ev->eir_len = cpu_to_le16(eir_len);
4567 4761
4568 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, 4762 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4569 sizeof(*ev) + eir_len, NULL);
4570} 4763}
4571 4764
4572int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 4765void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4573{ 4766{
4574 struct mgmt_ev_discovering ev; 4767 struct mgmt_ev_discovering ev;
4575 struct pending_cmd *cmd; 4768 struct pending_cmd *cmd;
@@ -4593,7 +4786,7 @@ int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4593 ev.type = hdev->discovery.type; 4786 ev.type = hdev->discovery.type;
4594 ev.discovering = discovering; 4787 ev.discovering = discovering;
4595 4788
4596 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL); 4789 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4597} 4790}
4598 4791
4599int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) 4792int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
@@ -4623,3 +4816,36 @@ int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4623 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 4816 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4624 cmd ? cmd->sk : NULL); 4817 cmd ? cmd->sk : NULL);
4625} 4818}
4819
4820static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4821{
4822 BT_DBG("%s status %u", hdev->name, status);
4823
4824 /* Clear the advertising mgmt setting if we failed to re-enable it */
4825 if (status) {
4826 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4827 new_settings(hdev, NULL);
4828 }
4829}
4830
4831void mgmt_reenable_advertising(struct hci_dev *hdev)
4832{
4833 struct hci_request req;
4834
4835 if (hci_conn_num(hdev, LE_LINK) > 0)
4836 return;
4837
4838 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4839 return;
4840
4841 hci_req_init(&req, hdev);
4842 enable_advertising(&req);
4843
4844 /* If this fails we have no option but to let user space know
4845 * that we've disabled advertising.
4846 */
4847 if (hci_req_run(&req, adv_enable_complete) < 0) {
4848 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4849 new_settings(hdev, NULL);
4850 }
4851}
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index ca957d34b0c8..27e936a7ddd9 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -641,13 +641,13 @@ static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
641{ 641{
642 struct rfcomm_session *s; 642 struct rfcomm_session *s;
643 struct list_head *p, *n; 643 struct list_head *p, *n;
644 struct bt_sock *sk; 644 struct l2cap_chan *chan;
645 list_for_each_safe(p, n, &session_list) { 645 list_for_each_safe(p, n, &session_list) {
646 s = list_entry(p, struct rfcomm_session, list); 646 s = list_entry(p, struct rfcomm_session, list);
647 sk = bt_sk(s->sock->sk); 647 chan = l2cap_pi(s->sock->sk)->chan;
648 648
649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
650 !bacmp(&sk->dst, dst)) 650 !bacmp(&chan->dst, dst))
651 return s; 651 return s;
652 } 652 }
653 return NULL; 653 return NULL;
@@ -732,11 +732,11 @@ failed:
732 732
733void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 733void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
734{ 734{
735 struct sock *sk = s->sock->sk; 735 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
736 if (src) 736 if (src)
737 bacpy(src, &bt_sk(sk)->src); 737 bacpy(src, &chan->src);
738 if (dst) 738 if (dst)
739 bacpy(dst, &bt_sk(sk)->dst); 739 bacpy(dst, &chan->dst);
740} 740}
741 741
742/* ---- RFCOMM frame sending ---- */ 742/* ---- RFCOMM frame sending ---- */
@@ -2112,12 +2112,11 @@ static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2112 rfcomm_lock(); 2112 rfcomm_lock();
2113 2113
2114 list_for_each_entry(s, &session_list, list) { 2114 list_for_each_entry(s, &session_list, list) {
2115 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2115 struct rfcomm_dlc *d; 2116 struct rfcomm_dlc *d;
2116 list_for_each_entry(d, &s->dlcs, list) { 2117 list_for_each_entry(d, &s->dlcs, list) {
2117 struct sock *sk = s->sock->sk;
2118
2119 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n", 2118 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2120 &bt_sk(sk)->src, &bt_sk(sk)->dst, 2119 &chan->src, &chan->dst,
2121 d->state, d->dlci, d->mtu, 2120 d->state, d->dlci, d->mtu,
2122 d->rx_credits, d->tx_credits); 2121 d->rx_credits, d->tx_credits);
2123 } 2122 }
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 072938dc527d..df17276eb32b 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -87,7 +87,8 @@ static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
87 parent->sk_data_ready(parent, 0); 87 parent->sk_data_ready(parent, 0);
88 } else { 88 } else {
89 if (d->state == BT_CONNECTED) 89 if (d->state == BT_CONNECTED)
90 rfcomm_session_getaddr(d->session, &bt_sk(sk)->src, NULL); 90 rfcomm_session_getaddr(d->session,
91 &rfcomm_pi(sk)->src, NULL);
91 sk->sk_state_change(sk); 92 sk->sk_state_change(sk);
92 } 93 }
93 94
@@ -110,7 +111,7 @@ static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
110 111
111 sk_for_each(sk, &rfcomm_sk_list.head) { 112 sk_for_each(sk, &rfcomm_sk_list.head) {
112 if (rfcomm_pi(sk)->channel == channel && 113 if (rfcomm_pi(sk)->channel == channel &&
113 !bacmp(&bt_sk(sk)->src, src)) 114 !bacmp(&rfcomm_pi(sk)->src, src))
114 break; 115 break;
115 } 116 }
116 117
@@ -132,11 +133,11 @@ static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *
132 133
133 if (rfcomm_pi(sk)->channel == channel) { 134 if (rfcomm_pi(sk)->channel == channel) {
134 /* Exact match. */ 135 /* Exact match. */
135 if (!bacmp(&bt_sk(sk)->src, src)) 136 if (!bacmp(&rfcomm_pi(sk)->src, src))
136 break; 137 break;
137 138
138 /* Closest match */ 139 /* Closest match */
139 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 140 if (!bacmp(&rfcomm_pi(sk)->src, BDADDR_ANY))
140 sk1 = sk; 141 sk1 = sk;
141 } 142 }
142 } 143 }
@@ -355,7 +356,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
355 err = -EADDRINUSE; 356 err = -EADDRINUSE;
356 } else { 357 } else {
357 /* Save source address */ 358 /* Save source address */
358 bacpy(&bt_sk(sk)->src, &sa->rc_bdaddr); 359 bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr);
359 rfcomm_pi(sk)->channel = sa->rc_channel; 360 rfcomm_pi(sk)->channel = sa->rc_channel;
360 sk->sk_state = BT_BOUND; 361 sk->sk_state = BT_BOUND;
361 } 362 }
@@ -393,13 +394,14 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
393 } 394 }
394 395
395 sk->sk_state = BT_CONNECT; 396 sk->sk_state = BT_CONNECT;
396 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 397 bacpy(&rfcomm_pi(sk)->dst, &sa->rc_bdaddr);
397 rfcomm_pi(sk)->channel = sa->rc_channel; 398 rfcomm_pi(sk)->channel = sa->rc_channel;
398 399
399 d->sec_level = rfcomm_pi(sk)->sec_level; 400 d->sec_level = rfcomm_pi(sk)->sec_level;
400 d->role_switch = rfcomm_pi(sk)->role_switch; 401 d->role_switch = rfcomm_pi(sk)->role_switch;
401 402
402 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 403 err = rfcomm_dlc_open(d, &rfcomm_pi(sk)->src, &sa->rc_bdaddr,
404 sa->rc_channel);
403 if (!err) 405 if (!err)
404 err = bt_sock_wait_state(sk, BT_CONNECTED, 406 err = bt_sock_wait_state(sk, BT_CONNECTED,
405 sock_sndtimeo(sk, flags & O_NONBLOCK)); 407 sock_sndtimeo(sk, flags & O_NONBLOCK));
@@ -429,7 +431,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog)
429 } 431 }
430 432
431 if (!rfcomm_pi(sk)->channel) { 433 if (!rfcomm_pi(sk)->channel) {
432 bdaddr_t *src = &bt_sk(sk)->src; 434 bdaddr_t *src = &rfcomm_pi(sk)->src;
433 u8 channel; 435 u8 channel;
434 436
435 err = -EINVAL; 437 err = -EINVAL;
@@ -530,9 +532,9 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int *
530 sa->rc_family = AF_BLUETOOTH; 532 sa->rc_family = AF_BLUETOOTH;
531 sa->rc_channel = rfcomm_pi(sk)->channel; 533 sa->rc_channel = rfcomm_pi(sk)->channel;
532 if (peer) 534 if (peer)
533 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->dst); 535 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->dst);
534 else 536 else
535 bacpy(&sa->rc_bdaddr, &bt_sk(sk)->src); 537 bacpy(&sa->rc_bdaddr, &rfcomm_pi(sk)->src);
536 538
537 *len = sizeof(struct sockaddr_rc); 539 *len = sizeof(struct sockaddr_rc);
538 return 0; 540 return 0;
@@ -951,8 +953,8 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
951 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM); 953 bt_sock_reclassify_lock(sk, BTPROTO_RFCOMM);
952 954
953 rfcomm_sock_init(sk, parent); 955 rfcomm_sock_init(sk, parent);
954 bacpy(&bt_sk(sk)->src, &src); 956 bacpy(&rfcomm_pi(sk)->src, &src);
955 bacpy(&bt_sk(sk)->dst, &dst); 957 bacpy(&rfcomm_pi(sk)->dst, &dst);
956 rfcomm_pi(sk)->channel = channel; 958 rfcomm_pi(sk)->channel = channel;
957 959
958 sk->sk_state = BT_CONFIG; 960 sk->sk_state = BT_CONFIG;
@@ -979,7 +981,7 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
979 981
980 sk_for_each(sk, &rfcomm_sk_list.head) { 982 sk_for_each(sk, &rfcomm_sk_list.head) {
981 seq_printf(f, "%pMR %pMR %d %d\n", 983 seq_printf(f, "%pMR %pMR %d %d\n",
982 &bt_sk(sk)->src, &bt_sk(sk)->dst, 984 &rfcomm_pi(sk)->src, &rfcomm_pi(sk)->dst,
983 sk->sk_state, rfcomm_pi(sk)->channel); 985 sk->sk_state, rfcomm_pi(sk)->channel);
984 } 986 }
985 987
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 96bd388d93a4..a92aebac56ca 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -92,9 +92,6 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
92 hcon->sco_data = conn; 92 hcon->sco_data = conn;
93 conn->hcon = hcon; 93 conn->hcon = hcon;
94 94
95 conn->src = &hdev->bdaddr;
96 conn->dst = &hcon->dst;
97
98 if (hdev->sco_mtu > 0) 95 if (hdev->sco_mtu > 0)
99 conn->mtu = hdev->sco_mtu; 96 conn->mtu = hdev->sco_mtu;
100 else 97 else
@@ -156,16 +153,14 @@ static int sco_chan_add(struct sco_conn *conn, struct sock *sk,
156 153
157static int sco_connect(struct sock *sk) 154static int sco_connect(struct sock *sk)
158{ 155{
159 bdaddr_t *src = &bt_sk(sk)->src;
160 bdaddr_t *dst = &bt_sk(sk)->dst;
161 struct sco_conn *conn; 156 struct sco_conn *conn;
162 struct hci_conn *hcon; 157 struct hci_conn *hcon;
163 struct hci_dev *hdev; 158 struct hci_dev *hdev;
164 int err, type; 159 int err, type;
165 160
166 BT_DBG("%pMR -> %pMR", src, dst); 161 BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst);
167 162
168 hdev = hci_get_route(dst, src); 163 hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src);
169 if (!hdev) 164 if (!hdev)
170 return -EHOSTUNREACH; 165 return -EHOSTUNREACH;
171 166
@@ -182,7 +177,8 @@ static int sco_connect(struct sock *sk)
182 goto done; 177 goto done;
183 } 178 }
184 179
185 hcon = hci_connect_sco(hdev, type, dst, sco_pi(sk)->setting); 180 hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst,
181 sco_pi(sk)->setting);
186 if (IS_ERR(hcon)) { 182 if (IS_ERR(hcon)) {
187 err = PTR_ERR(hcon); 183 err = PTR_ERR(hcon);
188 goto done; 184 goto done;
@@ -196,7 +192,7 @@ static int sco_connect(struct sock *sk)
196 } 192 }
197 193
198 /* Update source addr of the socket */ 194 /* Update source addr of the socket */
199 bacpy(src, conn->src); 195 bacpy(&sco_pi(sk)->src, &hcon->src);
200 196
201 err = sco_chan_add(conn, sk, NULL); 197 err = sco_chan_add(conn, sk, NULL);
202 if (err) 198 if (err)
@@ -270,7 +266,7 @@ static struct sock *__sco_get_sock_listen_by_addr(bdaddr_t *ba)
270 if (sk->sk_state != BT_LISTEN) 266 if (sk->sk_state != BT_LISTEN)
271 continue; 267 continue;
272 268
273 if (!bacmp(&bt_sk(sk)->src, ba)) 269 if (!bacmp(&sco_pi(sk)->src, ba))
274 return sk; 270 return sk;
275 } 271 }
276 272
@@ -291,11 +287,11 @@ static struct sock *sco_get_sock_listen(bdaddr_t *src)
291 continue; 287 continue;
292 288
293 /* Exact match. */ 289 /* Exact match. */
294 if (!bacmp(&bt_sk(sk)->src, src)) 290 if (!bacmp(&sco_pi(sk)->src, src))
295 break; 291 break;
296 292
297 /* Closest match */ 293 /* Closest match */
298 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) 294 if (!bacmp(&sco_pi(sk)->src, BDADDR_ANY))
299 sk1 = sk; 295 sk1 = sk;
300 } 296 }
301 297
@@ -475,7 +471,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
475 goto done; 471 goto done;
476 } 472 }
477 473
478 bacpy(&bt_sk(sk)->src, &sa->sco_bdaddr); 474 bacpy(&sco_pi(sk)->src, &sa->sco_bdaddr);
479 475
480 sk->sk_state = BT_BOUND; 476 sk->sk_state = BT_BOUND;
481 477
@@ -505,7 +501,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
505 lock_sock(sk); 501 lock_sock(sk);
506 502
507 /* Set destination address and psm */ 503 /* Set destination address and psm */
508 bacpy(&bt_sk(sk)->dst, &sa->sco_bdaddr); 504 bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
509 505
510 err = sco_connect(sk); 506 err = sco_connect(sk);
511 if (err) 507 if (err)
@@ -522,7 +518,7 @@ done:
522static int sco_sock_listen(struct socket *sock, int backlog) 518static int sco_sock_listen(struct socket *sock, int backlog)
523{ 519{
524 struct sock *sk = sock->sk; 520 struct sock *sk = sock->sk;
525 bdaddr_t *src = &bt_sk(sk)->src; 521 bdaddr_t *src = &sco_pi(sk)->src;
526 int err = 0; 522 int err = 0;
527 523
528 BT_DBG("sk %p backlog %d", sk, backlog); 524 BT_DBG("sk %p backlog %d", sk, backlog);
@@ -626,9 +622,9 @@ static int sco_sock_getname(struct socket *sock, struct sockaddr *addr, int *len
626 *len = sizeof(struct sockaddr_sco); 622 *len = sizeof(struct sockaddr_sco);
627 623
628 if (peer) 624 if (peer)
629 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->dst); 625 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->dst);
630 else 626 else
631 bacpy(&sa->sco_bdaddr, &bt_sk(sk)->src); 627 bacpy(&sa->sco_bdaddr, &sco_pi(sk)->src);
632 628
633 return 0; 629 return 0;
634} 630}
@@ -999,7 +995,7 @@ static void sco_conn_ready(struct sco_conn *conn)
999 } else { 995 } else {
1000 sco_conn_lock(conn); 996 sco_conn_lock(conn);
1001 997
1002 parent = sco_get_sock_listen(conn->src); 998 parent = sco_get_sock_listen(&conn->hcon->src);
1003 if (!parent) { 999 if (!parent) {
1004 sco_conn_unlock(conn); 1000 sco_conn_unlock(conn);
1005 return; 1001 return;
@@ -1017,8 +1013,8 @@ static void sco_conn_ready(struct sco_conn *conn)
1017 1013
1018 sco_sock_init(sk, parent); 1014 sco_sock_init(sk, parent);
1019 1015
1020 bacpy(&bt_sk(sk)->src, conn->src); 1016 bacpy(&sco_pi(sk)->src, &conn->hcon->src);
1021 bacpy(&bt_sk(sk)->dst, conn->dst); 1017 bacpy(&sco_pi(sk)->dst, &conn->hcon->dst);
1022 1018
1023 hci_conn_hold(conn->hcon); 1019 hci_conn_hold(conn->hcon);
1024 __sco_chan_add(conn, sk, parent); 1020 __sco_chan_add(conn, sk, parent);
@@ -1051,8 +1047,8 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
1051 if (sk->sk_state != BT_LISTEN) 1047 if (sk->sk_state != BT_LISTEN)
1052 continue; 1048 continue;
1053 1049
1054 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || 1050 if (!bacmp(&sco_pi(sk)->src, &hdev->bdaddr) ||
1055 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 1051 !bacmp(&sco_pi(sk)->src, BDADDR_ANY)) {
1056 lm |= HCI_LM_ACCEPT; 1052 lm |= HCI_LM_ACCEPT;
1057 1053
1058 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1054 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
@@ -1111,8 +1107,8 @@ static int sco_debugfs_show(struct seq_file *f, void *p)
1111 read_lock(&sco_sk_list.lock); 1107 read_lock(&sco_sk_list.lock);
1112 1108
1113 sk_for_each(sk, &sco_sk_list.head) { 1109 sk_for_each(sk, &sco_sk_list.head) {
1114 seq_printf(f, "%pMR %pMR %d\n", &bt_sk(sk)->src, 1110 seq_printf(f, "%pMR %pMR %d\n", &sco_pi(sk)->src,
1115 &bt_sk(sk)->dst, sk->sk_state); 1111 &sco_pi(sk)->dst, sk->sk_state);
1116 } 1112 }
1117 1113
1118 read_unlock(&sco_sk_list.lock); 1114 read_unlock(&sco_sk_list.lock);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 884b2081a262..463e50c58716 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -28,7 +28,8 @@
28#include <net/bluetooth/hci_core.h> 28#include <net/bluetooth/hci_core.h>
29#include <net/bluetooth/l2cap.h> 29#include <net/bluetooth/l2cap.h>
30#include <net/bluetooth/mgmt.h> 30#include <net/bluetooth/mgmt.h>
31#include <net/bluetooth/smp.h> 31
32#include "smp.h"
32 33
33#define SMP_TIMEOUT msecs_to_jiffies(30000) 34#define SMP_TIMEOUT msecs_to_jiffies(30000)
34 35
@@ -85,8 +86,8 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
85} 86}
86 87
87static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], 88static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
88 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, 89 u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
89 u8 _rat, bdaddr_t *ra, u8 res[16]) 90 u8 _rat, bdaddr_t *ra, u8 res[16])
90{ 91{
91 u8 p1[16], p2[16]; 92 u8 p1[16], p2[16];
92 int err; 93 int err;
@@ -126,8 +127,8 @@ static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
126 return err; 127 return err;
127} 128}
128 129
129static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], 130static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
130 u8 r1[16], u8 r2[16], u8 _r[16]) 131 u8 r2[16], u8 _r[16])
131{ 132{
132 int err; 133 int err;
133 134
@@ -150,7 +151,7 @@ static int smp_rand(u8 *buf)
150} 151}
151 152
152static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code, 153static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
153 u16 dlen, void *data) 154 u16 dlen, void *data)
154{ 155{
155 struct sk_buff *skb; 156 struct sk_buff *skb;
156 struct l2cap_hdr *lh; 157 struct l2cap_hdr *lh;
@@ -213,9 +214,8 @@ static __u8 seclevel_to_authreq(__u8 sec_level)
213} 214}
214 215
215static void build_pairing_cmd(struct l2cap_conn *conn, 216static void build_pairing_cmd(struct l2cap_conn *conn,
216 struct smp_cmd_pairing *req, 217 struct smp_cmd_pairing *req,
217 struct smp_cmd_pairing *rsp, 218 struct smp_cmd_pairing *rsp, __u8 authreq)
218 __u8 authreq)
219{ 219{
220 u8 dist_keys = 0; 220 u8 dist_keys = 0;
221 221
@@ -249,7 +249,7 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
249 struct smp_chan *smp = conn->smp_chan; 249 struct smp_chan *smp = conn->smp_chan;
250 250
251 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || 251 if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) ||
252 (max_key_size < SMP_MIN_ENC_KEY_SIZE)) 252 (max_key_size < SMP_MIN_ENC_KEY_SIZE))
253 return SMP_ENC_KEY_SIZE; 253 return SMP_ENC_KEY_SIZE;
254 254
255 smp->enc_key_size = max_key_size; 255 smp->enc_key_size = max_key_size;
@@ -263,15 +263,15 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
263 263
264 if (send) 264 if (send)
265 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 265 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
266 &reason); 266 &reason);
267 267
268 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags); 268 clear_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags);
269 mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type, 269 mgmt_auth_failed(hcon->hdev, &hcon->dst, hcon->type, hcon->dst_type,
270 hcon->dst_type, HCI_ERROR_AUTH_FAILURE); 270 HCI_ERROR_AUTH_FAILURE);
271 271
272 cancel_delayed_work_sync(&conn->security_timer); 272 cancel_delayed_work_sync(&conn->security_timer);
273 273
274 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) 274 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
275 smp_chan_destroy(conn); 275 smp_chan_destroy(conn);
276} 276}
277 277
@@ -309,8 +309,8 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
309 /* If either side has unknown io_caps, use JUST WORKS */ 309 /* If either side has unknown io_caps, use JUST WORKS */
310 /* Otherwise, look up method from the table */ 310 /* Otherwise, look up method from the table */
311 if (!(auth & SMP_AUTH_MITM) || 311 if (!(auth & SMP_AUTH_MITM) ||
312 local_io > SMP_IO_KEYBOARD_DISPLAY || 312 local_io > SMP_IO_KEYBOARD_DISPLAY ||
313 remote_io > SMP_IO_KEYBOARD_DISPLAY) 313 remote_io > SMP_IO_KEYBOARD_DISPLAY)
314 method = JUST_WORKS; 314 method = JUST_WORKS;
315 else 315 else
316 method = gen_method[remote_io][local_io]; 316 method = gen_method[remote_io][local_io];
@@ -354,10 +354,10 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
354 hci_dev_lock(hcon->hdev); 354 hci_dev_lock(hcon->hdev);
355 355
356 if (method == REQ_PASSKEY) 356 if (method == REQ_PASSKEY)
357 ret = mgmt_user_passkey_request(hcon->hdev, conn->dst, 357 ret = mgmt_user_passkey_request(hcon->hdev, &hcon->dst,
358 hcon->type, hcon->dst_type); 358 hcon->type, hcon->dst_type);
359 else 359 else
360 ret = mgmt_user_confirm_request(hcon->hdev, conn->dst, 360 ret = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
361 hcon->type, hcon->dst_type, 361 hcon->type, hcon->dst_type,
362 cpu_to_le32(passkey), 0); 362 cpu_to_le32(passkey), 0);
363 363
@@ -386,12 +386,13 @@ static void confirm_work(struct work_struct *work)
386 smp->tfm = tfm; 386 smp->tfm = tfm;
387 387
388 if (conn->hcon->out) 388 if (conn->hcon->out)
389 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 0, 389 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
390 conn->src, conn->hcon->dst_type, conn->dst, res); 390 conn->hcon->src_type, &conn->hcon->src,
391 conn->hcon->dst_type, &conn->hcon->dst, res);
391 else 392 else
392 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, 393 ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
393 conn->hcon->dst_type, conn->dst, 0, conn->src, 394 conn->hcon->dst_type, &conn->hcon->dst,
394 res); 395 conn->hcon->src_type, &conn->hcon->src, res);
395 if (ret) { 396 if (ret) {
396 reason = SMP_UNSPECIFIED; 397 reason = SMP_UNSPECIFIED;
397 goto error; 398 goto error;
@@ -425,11 +426,13 @@ static void random_work(struct work_struct *work)
425 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); 426 BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
426 427
427 if (hcon->out) 428 if (hcon->out)
428 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 0, 429 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
429 conn->src, hcon->dst_type, conn->dst, res); 430 hcon->src_type, &hcon->src,
431 hcon->dst_type, &hcon->dst, res);
430 else 432 else
431 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, 433 ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
432 hcon->dst_type, conn->dst, 0, conn->src, res); 434 hcon->dst_type, &hcon->dst,
435 hcon->src_type, &hcon->src, res);
433 if (ret) { 436 if (ret) {
434 reason = SMP_UNSPECIFIED; 437 reason = SMP_UNSPECIFIED;
435 goto error; 438 goto error;
@@ -477,9 +480,9 @@ static void random_work(struct work_struct *work)
477 swap128(key, stk); 480 swap128(key, stk);
478 481
479 memset(stk + smp->enc_key_size, 0, 482 memset(stk + smp->enc_key_size, 0,
480 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); 483 SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
481 484
482 hci_add_ltk(hcon->hdev, conn->dst, hcon->dst_type, 485 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
483 HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size, 486 HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size,
484 ediv, rand); 487 ediv, rand);
485 } 488 }
@@ -494,7 +497,7 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
494{ 497{
495 struct smp_chan *smp; 498 struct smp_chan *smp;
496 499
497 smp = kzalloc(sizeof(struct smp_chan), GFP_ATOMIC); 500 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
498 if (!smp) 501 if (!smp)
499 return NULL; 502 return NULL;
500 503
@@ -649,7 +652,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
649 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 652 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
650 653
651 if ((req->auth_req & SMP_AUTH_BONDING) && 654 if ((req->auth_req & SMP_AUTH_BONDING) &&
652 (rsp->auth_req & SMP_AUTH_BONDING)) 655 (rsp->auth_req & SMP_AUTH_BONDING))
653 auth = SMP_AUTH_BONDING; 656 auth = SMP_AUTH_BONDING;
654 657
655 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM; 658 auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
@@ -684,7 +687,7 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
684 687
685 swap128(smp->prnd, random); 688 swap128(smp->prnd, random);
686 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random), 689 smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random),
687 random); 690 random);
688 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) { 691 } else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags)) {
689 queue_work(hdev->workqueue, &smp->confirm); 692 queue_work(hdev->workqueue, &smp->confirm);
690 } else { 693 } else {
@@ -714,7 +717,7 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
714 struct smp_ltk *key; 717 struct smp_ltk *key;
715 struct hci_conn *hcon = conn->hcon; 718 struct hci_conn *hcon = conn->hcon;
716 719
717 key = hci_find_ltk_by_addr(hcon->hdev, conn->dst, hcon->dst_type); 720 key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type);
718 if (!key) 721 if (!key)
719 return 0; 722 return 0;
720 723
@@ -728,8 +731,8 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
728 hcon->enc_key_size = key->enc_size; 731 hcon->enc_key_size = key->enc_size;
729 732
730 return 1; 733 return 1;
731
732} 734}
735
733static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) 736static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
734{ 737{
735 struct smp_cmd_security_req *rp = (void *) skb->data; 738 struct smp_cmd_security_req *rp = (void *) skb->data;
@@ -835,9 +838,9 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
835 skb_pull(skb, sizeof(*rp)); 838 skb_pull(skb, sizeof(*rp));
836 839
837 hci_dev_lock(hdev); 840 hci_dev_lock(hdev);
838 authenticated = (conn->hcon->sec_level == BT_SECURITY_HIGH); 841 authenticated = (hcon->sec_level == BT_SECURITY_HIGH);
839 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type, 842 hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK, 1,
840 HCI_SMP_LTK, 1, authenticated, smp->tk, smp->enc_key_size, 843 authenticated, smp->tk, smp->enc_key_size,
841 rp->ediv, rp->rand); 844 rp->ediv, rp->rand);
842 smp_distribute_keys(conn, 1); 845 smp_distribute_keys(conn, 1);
843 hci_dev_unlock(hdev); 846 hci_dev_unlock(hdev);
@@ -985,7 +988,7 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
985 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); 988 smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
986 989
987 authenticated = hcon->sec_level == BT_SECURITY_HIGH; 990 authenticated = hcon->sec_level == BT_SECURITY_HIGH;
988 hci_add_ltk(conn->hcon->hdev, conn->dst, hcon->dst_type, 991 hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
989 HCI_SMP_LTK_SLAVE, 1, authenticated, 992 HCI_SMP_LTK_SLAVE, 1, authenticated,
990 enc.ltk, smp->enc_key_size, ediv, ident.rand); 993 enc.ltk, smp->enc_key_size, ediv, ident.rand);
991 994
@@ -1007,10 +1010,10 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
1007 1010
1008 /* Just public address */ 1011 /* Just public address */
1009 memset(&addrinfo, 0, sizeof(addrinfo)); 1012 memset(&addrinfo, 0, sizeof(addrinfo));
1010 bacpy(&addrinfo.bdaddr, conn->src); 1013 bacpy(&addrinfo.bdaddr, &conn->hcon->src);
1011 1014
1012 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), 1015 smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1013 &addrinfo); 1016 &addrinfo);
1014 1017
1015 *keydist &= ~SMP_DIST_ID_KEY; 1018 *keydist &= ~SMP_DIST_ID_KEY;
1016 } 1019 }
diff --git a/net/bluetooth/smp.h b/net/bluetooth/smp.h
new file mode 100644
index 000000000000..f8ba07f3e5fa
--- /dev/null
+++ b/net/bluetooth/smp.h
@@ -0,0 +1,146 @@
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#ifndef __SMP_H
24#define __SMP_H
25
26struct smp_command_hdr {
27 __u8 code;
28} __packed;
29
30#define SMP_CMD_PAIRING_REQ 0x01
31#define SMP_CMD_PAIRING_RSP 0x02
32struct smp_cmd_pairing {
33 __u8 io_capability;
34 __u8 oob_flag;
35 __u8 auth_req;
36 __u8 max_key_size;
37 __u8 init_key_dist;
38 __u8 resp_key_dist;
39} __packed;
40
41#define SMP_IO_DISPLAY_ONLY 0x00
42#define SMP_IO_DISPLAY_YESNO 0x01
43#define SMP_IO_KEYBOARD_ONLY 0x02
44#define SMP_IO_NO_INPUT_OUTPUT 0x03
45#define SMP_IO_KEYBOARD_DISPLAY 0x04
46
47#define SMP_OOB_NOT_PRESENT 0x00
48#define SMP_OOB_PRESENT 0x01
49
50#define SMP_DIST_ENC_KEY 0x01
51#define SMP_DIST_ID_KEY 0x02
52#define SMP_DIST_SIGN 0x04
53
54#define SMP_AUTH_NONE 0x00
55#define SMP_AUTH_BONDING 0x01
56#define SMP_AUTH_MITM 0x04
57
58#define SMP_CMD_PAIRING_CONFIRM 0x03
59struct smp_cmd_pairing_confirm {
60 __u8 confirm_val[16];
61} __packed;
62
63#define SMP_CMD_PAIRING_RANDOM 0x04
64struct smp_cmd_pairing_random {
65 __u8 rand_val[16];
66} __packed;
67
68#define SMP_CMD_PAIRING_FAIL 0x05
69struct smp_cmd_pairing_fail {
70 __u8 reason;
71} __packed;
72
73#define SMP_CMD_ENCRYPT_INFO 0x06
74struct smp_cmd_encrypt_info {
75 __u8 ltk[16];
76} __packed;
77
78#define SMP_CMD_MASTER_IDENT 0x07
79struct smp_cmd_master_ident {
80 __le16 ediv;
81 __u8 rand[8];
82} __packed;
83
84#define SMP_CMD_IDENT_INFO 0x08
85struct smp_cmd_ident_info {
86 __u8 irk[16];
87} __packed;
88
89#define SMP_CMD_IDENT_ADDR_INFO 0x09
90struct smp_cmd_ident_addr_info {
91 __u8 addr_type;
92 bdaddr_t bdaddr;
93} __packed;
94
95#define SMP_CMD_SIGN_INFO 0x0a
96struct smp_cmd_sign_info {
97 __u8 csrk[16];
98} __packed;
99
100#define SMP_CMD_SECURITY_REQ 0x0b
101struct smp_cmd_security_req {
102 __u8 auth_req;
103} __packed;
104
105#define SMP_PASSKEY_ENTRY_FAILED 0x01
106#define SMP_OOB_NOT_AVAIL 0x02
107#define SMP_AUTH_REQUIREMENTS 0x03
108#define SMP_CONFIRM_FAILED 0x04
109#define SMP_PAIRING_NOTSUPP 0x05
110#define SMP_ENC_KEY_SIZE 0x06
111#define SMP_CMD_NOTSUPP 0x07
112#define SMP_UNSPECIFIED 0x08
113#define SMP_REPEATED_ATTEMPTS 0x09
114
115#define SMP_MIN_ENC_KEY_SIZE 7
116#define SMP_MAX_ENC_KEY_SIZE 16
117
118#define SMP_FLAG_TK_VALID 1
119#define SMP_FLAG_CFM_PENDING 2
120#define SMP_FLAG_MITM_AUTH 3
121
122struct smp_chan {
123 struct l2cap_conn *conn;
124 u8 preq[7]; /* SMP Pairing Request */
125 u8 prsp[7]; /* SMP Pairing Response */
126 u8 prnd[16]; /* SMP Pairing Random (local) */
127 u8 rrnd[16]; /* SMP Pairing Random (remote) */
128 u8 pcnf[16]; /* SMP Pairing Confirm */
129 u8 tk[16]; /* SMP Temporary Key */
130 u8 enc_key_size;
131 unsigned long smp_flags;
132 struct crypto_blkcipher *tfm;
133 struct work_struct confirm;
134 struct work_struct random;
135
136};
137
138/* SMP Commands */
139int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
140int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb);
141int smp_distribute_keys(struct l2cap_conn *conn, __u8 force);
142int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey);
143
144void smp_chan_destroy(struct l2cap_conn *conn);
145
146#endif /* __SMP_H */
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index e73cd0637f3b..fe48b093d4dc 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -334,6 +334,7 @@ enum ieee80211_sta_flags {
334 IEEE80211_STA_DISABLE_VHT = BIT(11), 334 IEEE80211_STA_DISABLE_VHT = BIT(11),
335 IEEE80211_STA_DISABLE_80P80MHZ = BIT(12), 335 IEEE80211_STA_DISABLE_80P80MHZ = BIT(12),
336 IEEE80211_STA_DISABLE_160MHZ = BIT(13), 336 IEEE80211_STA_DISABLE_160MHZ = BIT(13),
337 IEEE80211_STA_DISABLE_WMM = BIT(14),
337}; 338};
338 339
339struct ieee80211_mgd_auth_data { 340struct ieee80211_mgd_auth_data {
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 91cc8281e266..d7bdc4b97dde 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2527,7 +2527,7 @@ static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2527 */ 2527 */
2528 ifmgd->wmm_last_param_set = -1; 2528 ifmgd->wmm_last_param_set = -1;
2529 2529
2530 if (elems.wmm_param) 2530 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param)
2531 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2531 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2532 elems.wmm_param_len); 2532 elems.wmm_param_len);
2533 else 2533 else
@@ -2955,7 +2955,8 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2955 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, 2955 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
2956 &elems, true); 2956 &elems, true);
2957 2957
2958 if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2958 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
2959 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2959 elems.wmm_param_len)) 2960 elems.wmm_param_len))
2960 changed |= BSS_CHANGED_QOS; 2961 changed |= BSS_CHANGED_QOS;
2961 2962
@@ -3937,6 +3938,44 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3937 return err; 3938 return err;
3938} 3939}
3939 3940
3941static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata,
3942 const u8 *wmm_param, int len)
3943{
3944 const u8 *pos;
3945 size_t left;
3946
3947 if (len < 8)
3948 return false;
3949
3950 if (wmm_param[5] != 1 /* version */)
3951 return false;
3952
3953 pos = wmm_param + 8;
3954 left = len - 8;
3955
3956 for (; left >= 4; left -= 4, pos += 4) {
3957 u8 aifsn = pos[0] & 0x0f;
3958 u8 ecwmin = pos[1] & 0x0f;
3959 u8 ecwmax = (pos[1] & 0xf0) >> 4;
3960 int aci = (pos[0] >> 5) & 0x03;
3961
3962 if (aifsn < 2) {
3963 sdata_info(sdata,
3964 "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n",
3965 aifsn, aci);
3966 return false;
3967 }
3968 if (ecwmin > ecwmax) {
3969 sdata_info(sdata,
3970 "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n",
3971 ecwmin, ecwmax, aci);
3972 return false;
3973 }
3974 }
3975
3976 return true;
3977}
3978
3940int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3979int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3941 struct cfg80211_assoc_request *req) 3980 struct cfg80211_assoc_request *req)
3942{ 3981{
@@ -3994,9 +4033,45 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3994 } 4033 }
3995 4034
3996 /* prepare assoc data */ 4035 /* prepare assoc data */
3997 4036
3998 ifmgd->beacon_crc_valid = false; 4037 ifmgd->beacon_crc_valid = false;
3999 4038
4039 assoc_data->wmm = bss->wmm_used &&
4040 (local->hw.queues >= IEEE80211_NUM_ACS);
4041 if (assoc_data->wmm) {
4042 /* try to check validity of WMM params IE */
4043 const struct cfg80211_bss_ies *ies;
4044 const u8 *wp, *start, *end;
4045
4046 rcu_read_lock();
4047 ies = rcu_dereference(req->bss->ies);
4048 start = ies->data;
4049 end = start + ies->len;
4050
4051 while (true) {
4052 wp = cfg80211_find_vendor_ie(
4053 WLAN_OUI_MICROSOFT,
4054 WLAN_OUI_TYPE_MICROSOFT_WMM,
4055 start, end - start);
4056 if (!wp)
4057 break;
4058 start = wp + wp[1] + 2;
4059 /* if this IE is too short, try the next */
4060 if (wp[1] <= 4)
4061 continue;
4062 /* if this IE is WMM params, we found what we wanted */
4063 if (wp[6] == 1)
4064 break;
4065 }
4066
4067 if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2,
4068 wp[1] - 2)) {
4069 assoc_data->wmm = false;
4070 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
4071 }
4072 rcu_read_unlock();
4073 }
4074
4000 /* 4075 /*
4001 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 4076 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4002 * We still associate in non-HT mode (11a/b/g) if any one of these 4077 * We still associate in non-HT mode (11a/b/g) if any one of these
@@ -4026,18 +4101,22 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4026 /* Also disable HT if we don't support it or the AP doesn't use WMM */ 4101 /* Also disable HT if we don't support it or the AP doesn't use WMM */
4027 sband = local->hw.wiphy->bands[req->bss->channel->band]; 4102 sband = local->hw.wiphy->bands[req->bss->channel->band];
4028 if (!sband->ht_cap.ht_supported || 4103 if (!sband->ht_cap.ht_supported ||
4029 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4104 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4105 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4030 ifmgd->flags |= IEEE80211_STA_DISABLE_HT; 4106 ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4031 if (!bss->wmm_used) 4107 if (!bss->wmm_used &&
4108 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4032 netdev_info(sdata->dev, 4109 netdev_info(sdata->dev,
4033 "disabling HT as WMM/QoS is not supported by the AP\n"); 4110 "disabling HT as WMM/QoS is not supported by the AP\n");
4034 } 4111 }
4035 4112
4036 /* disable VHT if we don't support it or the AP doesn't use WMM */ 4113 /* disable VHT if we don't support it or the AP doesn't use WMM */
4037 if (!sband->vht_cap.vht_supported || 4114 if (!sband->vht_cap.vht_supported ||
4038 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) { 4115 local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4116 ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4039 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT; 4117 ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4040 if (!bss->wmm_used) 4118 if (!bss->wmm_used &&
4119 !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4041 netdev_info(sdata->dev, 4120 netdev_info(sdata->dev,
4042 "disabling VHT as WMM/QoS is not supported by the AP\n"); 4121 "disabling VHT as WMM/QoS is not supported by the AP\n");
4043 } 4122 }
@@ -4066,8 +4145,6 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4066 sdata->smps_mode = ifmgd->req_smps; 4145 sdata->smps_mode = ifmgd->req_smps;
4067 4146
4068 assoc_data->capability = req->bss->capability; 4147 assoc_data->capability = req->bss->capability;
4069 assoc_data->wmm = bss->wmm_used &&
4070 (local->hw.queues >= IEEE80211_NUM_ACS);
4071 assoc_data->supp_rates = bss->supp_rates; 4148 assoc_data->supp_rates = bss->supp_rates;
4072 assoc_data->supp_rates_len = bss->supp_rates_len; 4149 assoc_data->supp_rates_len = bss->supp_rates_len;
4073 4150
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index e126605cec66..22b223f13c9f 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -235,7 +235,8 @@ static void rc_send_low_basicrate(s8 *idx, u32 basic_rates,
235static void __rate_control_send_low(struct ieee80211_hw *hw, 235static void __rate_control_send_low(struct ieee80211_hw *hw,
236 struct ieee80211_supported_band *sband, 236 struct ieee80211_supported_band *sband,
237 struct ieee80211_sta *sta, 237 struct ieee80211_sta *sta,
238 struct ieee80211_tx_info *info) 238 struct ieee80211_tx_info *info,
239 u32 rate_mask)
239{ 240{
240 int i; 241 int i;
241 u32 rate_flags = 242 u32 rate_flags =
@@ -247,6 +248,12 @@ static void __rate_control_send_low(struct ieee80211_hw *hw,
247 248
248 info->control.rates[0].idx = 0; 249 info->control.rates[0].idx = 0;
249 for (i = 0; i < sband->n_bitrates; i++) { 250 for (i = 0; i < sband->n_bitrates; i++) {
251 if (!(rate_mask & BIT(i)))
252 continue;
253
254 if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
255 continue;
256
250 if (!rate_supported(sta, sband->band, i)) 257 if (!rate_supported(sta, sband->band, i))
251 continue; 258 continue;
252 259
@@ -274,7 +281,8 @@ bool rate_control_send_low(struct ieee80211_sta *pubsta,
274 bool use_basicrate = false; 281 bool use_basicrate = false;
275 282
276 if (!pubsta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) { 283 if (!pubsta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) {
277 __rate_control_send_low(txrc->hw, sband, pubsta, info); 284 __rate_control_send_low(txrc->hw, sband, pubsta, info,
285 txrc->rate_idx_mask);
278 286
279 if (!pubsta && txrc->bss) { 287 if (!pubsta && txrc->bss) {
280 mcast_rate = txrc->bss_conf->mcast_rate[sband->band]; 288 mcast_rate = txrc->bss_conf->mcast_rate[sband->band];
@@ -656,7 +664,8 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
656 rate_control_apply_mask(sdata, sta, sband, info, dest, max_rates); 664 rate_control_apply_mask(sdata, sta, sband, info, dest, max_rates);
657 665
658 if (dest[0].idx < 0) 666 if (dest[0].idx < 0)
659 __rate_control_send_low(&sdata->local->hw, sband, sta, info); 667 __rate_control_send_low(&sdata->local->hw, sband, sta, info,
668 sdata->rc_rateidx_mask[info->band]);
660 669
661 if (sta) 670 if (sta)
662 rate_fixup_ratelist(vif, sband, info, dest, max_rates); 671 rate_fixup_ratelist(vif, sband, info, dest, max_rates);
diff --git a/net/nfc/Kconfig b/net/nfc/Kconfig
index 5948b2fc72f6..6e0fa0cce198 100644
--- a/net/nfc/Kconfig
+++ b/net/nfc/Kconfig
@@ -14,6 +14,20 @@ menuconfig NFC
14 To compile this support as a module, choose M here: the module will 14 To compile this support as a module, choose M here: the module will
15 be called nfc. 15 be called nfc.
16 16
17config NFC_DIGITAL
18 depends on NFC
19 select CRC_CCITT
20 select CRC_ITU_T
21 tristate "NFC Digital Protocol stack support"
22 default n
23 help
24 Say Y if you want to build NFC digital protocol stack support.
25 This is needed by NFC chipsets whose firmware only implement
26 the NFC analog layer.
27
28 To compile this support as a module, choose M here: the module will
29 be called nfc_digital.
30
17source "net/nfc/nci/Kconfig" 31source "net/nfc/nci/Kconfig"
18source "net/nfc/hci/Kconfig" 32source "net/nfc/hci/Kconfig"
19 33
diff --git a/net/nfc/Makefile b/net/nfc/Makefile
index a76f4533cb6c..2555ff8e7219 100644
--- a/net/nfc/Makefile
+++ b/net/nfc/Makefile
@@ -5,7 +5,9 @@
5obj-$(CONFIG_NFC) += nfc.o 5obj-$(CONFIG_NFC) += nfc.o
6obj-$(CONFIG_NFC_NCI) += nci/ 6obj-$(CONFIG_NFC_NCI) += nci/
7obj-$(CONFIG_NFC_HCI) += hci/ 7obj-$(CONFIG_NFC_HCI) += hci/
8obj-$(CONFIG_NFC_DIGITAL) += nfc_digital.o
8 9
9nfc-objs := core.o netlink.o af_nfc.o rawsock.o llcp_core.o llcp_commands.o \ 10nfc-objs := core.o netlink.o af_nfc.o rawsock.o llcp_core.o llcp_commands.o \
10 llcp_sock.o 11 llcp_sock.o
11 12
13nfc_digital-objs := digital_core.o digital_technology.o digital_dep.o
diff --git a/net/nfc/core.c b/net/nfc/core.c
index e92923cf3e03..872529105abc 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -384,6 +384,19 @@ int nfc_dep_link_is_up(struct nfc_dev *dev, u32 target_idx,
384{ 384{
385 dev->dep_link_up = true; 385 dev->dep_link_up = true;
386 386
387 if (!dev->active_target) {
388 struct nfc_target *target;
389
390 target = nfc_find_target(dev, target_idx);
391 if (target == NULL)
392 return -ENOTCONN;
393
394 dev->active_target = target;
395 }
396
397 dev->polling = false;
398 dev->rf_mode = rf_mode;
399
387 nfc_llcp_mac_is_up(dev, target_idx, comm_mode, rf_mode); 400 nfc_llcp_mac_is_up(dev, target_idx, comm_mode, rf_mode);
388 401
389 return nfc_genl_dep_link_up_event(dev, target_idx, comm_mode, rf_mode); 402 return nfc_genl_dep_link_up_event(dev, target_idx, comm_mode, rf_mode);
@@ -536,7 +549,7 @@ error:
536 return rc; 549 return rc;
537} 550}
538 551
539static struct nfc_se *find_se(struct nfc_dev *dev, u32 se_idx) 552struct nfc_se *nfc_find_se(struct nfc_dev *dev, u32 se_idx)
540{ 553{
541 struct nfc_se *se, *n; 554 struct nfc_se *se, *n;
542 555
@@ -546,6 +559,7 @@ static struct nfc_se *find_se(struct nfc_dev *dev, u32 se_idx)
546 559
547 return NULL; 560 return NULL;
548} 561}
562EXPORT_SYMBOL(nfc_find_se);
549 563
550int nfc_enable_se(struct nfc_dev *dev, u32 se_idx) 564int nfc_enable_se(struct nfc_dev *dev, u32 se_idx)
551{ 565{
@@ -577,7 +591,7 @@ int nfc_enable_se(struct nfc_dev *dev, u32 se_idx)
577 goto error; 591 goto error;
578 } 592 }
579 593
580 se = find_se(dev, se_idx); 594 se = nfc_find_se(dev, se_idx);
581 if (!se) { 595 if (!se) {
582 rc = -EINVAL; 596 rc = -EINVAL;
583 goto error; 597 goto error;
@@ -622,7 +636,7 @@ int nfc_disable_se(struct nfc_dev *dev, u32 se_idx)
622 goto error; 636 goto error;
623 } 637 }
624 638
625 se = find_se(dev, se_idx); 639 se = nfc_find_se(dev, se_idx);
626 if (!se) { 640 if (!se) {
627 rc = -EINVAL; 641 rc = -EINVAL;
628 goto error; 642 goto error;
@@ -881,7 +895,7 @@ int nfc_add_se(struct nfc_dev *dev, u32 se_idx, u16 type)
881 895
882 pr_debug("%s se index %d\n", dev_name(&dev->dev), se_idx); 896 pr_debug("%s se index %d\n", dev_name(&dev->dev), se_idx);
883 897
884 se = find_se(dev, se_idx); 898 se = nfc_find_se(dev, se_idx);
885 if (se) 899 if (se)
886 return -EALREADY; 900 return -EALREADY;
887 901
diff --git a/net/nfc/digital.h b/net/nfc/digital.h
new file mode 100644
index 000000000000..08b29b55ea63
--- /dev/null
+++ b/net/nfc/digital.h
@@ -0,0 +1,170 @@
1/*
2 * NFC Digital Protocol stack
3 * Copyright (c) 2013, Intel Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 */
15
16#ifndef __DIGITAL_H
17#define __DIGITAL_H
18
19#include <net/nfc/nfc.h>
20#include <net/nfc/digital.h>
21
22#include <linux/crc-ccitt.h>
23#include <linux/crc-itu-t.h>
24
25#define PROTOCOL_ERR(req) pr_err("%d: NFC Digital Protocol error: %s\n", \
26 __LINE__, req)
27
28#define DIGITAL_CMD_IN_SEND 0
29#define DIGITAL_CMD_TG_SEND 1
30#define DIGITAL_CMD_TG_LISTEN 2
31#define DIGITAL_CMD_TG_LISTEN_MDAA 3
32
33#define DIGITAL_MAX_HEADER_LEN 7
34#define DIGITAL_CRC_LEN 2
35
36#define DIGITAL_SENSF_NFCID2_NFC_DEP_B1 0x01
37#define DIGITAL_SENSF_NFCID2_NFC_DEP_B2 0xFE
38
39#define DIGITAL_SENS_RES_NFC_DEP 0x0100
40#define DIGITAL_SEL_RES_NFC_DEP 0x40
41#define DIGITAL_SENSF_FELICA_SC 0xFFFF
42
43#define DIGITAL_DRV_CAPS_IN_CRC(ddev) \
44 ((ddev)->driver_capabilities & NFC_DIGITAL_DRV_CAPS_IN_CRC)
45#define DIGITAL_DRV_CAPS_TG_CRC(ddev) \
46 ((ddev)->driver_capabilities & NFC_DIGITAL_DRV_CAPS_TG_CRC)
47
48struct digital_data_exch {
49 data_exchange_cb_t cb;
50 void *cb_context;
51};
52
53struct sk_buff *digital_skb_alloc(struct nfc_digital_dev *ddev,
54 unsigned int len);
55
56int digital_send_cmd(struct nfc_digital_dev *ddev, u8 cmd_type,
57 struct sk_buff *skb, struct digital_tg_mdaa_params *params,
58 u16 timeout, nfc_digital_cmd_complete_t cmd_cb,
59 void *cb_context);
60
61int digital_in_configure_hw(struct nfc_digital_dev *ddev, int type, int param);
62static inline int digital_in_send_cmd(struct nfc_digital_dev *ddev,
63 struct sk_buff *skb, u16 timeout,
64 nfc_digital_cmd_complete_t cmd_cb,
65 void *cb_context)
66{
67 return digital_send_cmd(ddev, DIGITAL_CMD_IN_SEND, skb, NULL, timeout,
68 cmd_cb, cb_context);
69}
70
71void digital_poll_next_tech(struct nfc_digital_dev *ddev);
72
73int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech);
74int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech);
75
76int digital_target_found(struct nfc_digital_dev *ddev,
77 struct nfc_target *target, u8 protocol);
78
79int digital_in_recv_mifare_res(struct sk_buff *resp);
80
81int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
82 struct nfc_target *target, __u8 comm_mode, __u8 *gb,
83 size_t gb_len);
84int digital_in_send_dep_req(struct nfc_digital_dev *ddev,
85 struct nfc_target *target, struct sk_buff *skb,
86 struct digital_data_exch *data_exch);
87
88int digital_tg_configure_hw(struct nfc_digital_dev *ddev, int type, int param);
89static inline int digital_tg_send_cmd(struct nfc_digital_dev *ddev,
90 struct sk_buff *skb, u16 timeout,
91 nfc_digital_cmd_complete_t cmd_cb, void *cb_context)
92{
93 return digital_send_cmd(ddev, DIGITAL_CMD_TG_SEND, skb, NULL, timeout,
94 cmd_cb, cb_context);
95}
96
97void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
98 struct sk_buff *resp);
99
100void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
101 struct sk_buff *resp);
102
103static inline int digital_tg_listen(struct nfc_digital_dev *ddev, u16 timeout,
104 nfc_digital_cmd_complete_t cb, void *arg)
105{
106 return digital_send_cmd(ddev, DIGITAL_CMD_TG_LISTEN, NULL, NULL,
107 timeout, cb, arg);
108}
109
110void digital_tg_recv_atr_req(struct nfc_digital_dev *ddev, void *arg,
111 struct sk_buff *resp);
112
113int digital_tg_send_dep_res(struct nfc_digital_dev *ddev, struct sk_buff *skb);
114
115int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech);
116int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech);
117
118typedef u16 (*crc_func_t)(u16, const u8 *, size_t);
119
120#define CRC_A_INIT 0x6363
121#define CRC_B_INIT 0xFFFF
122#define CRC_F_INIT 0x0000
123
124void digital_skb_add_crc(struct sk_buff *skb, crc_func_t crc_func, u16 init,
125 u8 bitwise_inv, u8 msb_first);
126
127static inline void digital_skb_add_crc_a(struct sk_buff *skb)
128{
129 digital_skb_add_crc(skb, crc_ccitt, CRC_A_INIT, 0, 0);
130}
131
132static inline void digital_skb_add_crc_b(struct sk_buff *skb)
133{
134 digital_skb_add_crc(skb, crc_ccitt, CRC_B_INIT, 1, 0);
135}
136
137static inline void digital_skb_add_crc_f(struct sk_buff *skb)
138{
139 digital_skb_add_crc(skb, crc_itu_t, CRC_F_INIT, 0, 1);
140}
141
142static inline void digital_skb_add_crc_none(struct sk_buff *skb)
143{
144 return;
145}
146
147int digital_skb_check_crc(struct sk_buff *skb, crc_func_t crc_func,
148 u16 crc_init, u8 bitwise_inv, u8 msb_first);
149
150static inline int digital_skb_check_crc_a(struct sk_buff *skb)
151{
152 return digital_skb_check_crc(skb, crc_ccitt, CRC_A_INIT, 0, 0);
153}
154
155static inline int digital_skb_check_crc_b(struct sk_buff *skb)
156{
157 return digital_skb_check_crc(skb, crc_ccitt, CRC_B_INIT, 1, 0);
158}
159
160static inline int digital_skb_check_crc_f(struct sk_buff *skb)
161{
162 return digital_skb_check_crc(skb, crc_itu_t, CRC_F_INIT, 0, 1);
163}
164
165static inline int digital_skb_check_crc_none(struct sk_buff *skb)
166{
167 return 0;
168}
169
170#endif /* __DIGITAL_H */
diff --git a/net/nfc/digital_core.c b/net/nfc/digital_core.c
new file mode 100644
index 000000000000..09fc95439955
--- /dev/null
+++ b/net/nfc/digital_core.c
@@ -0,0 +1,737 @@
1/*
2 * NFC Digital Protocol stack
3 * Copyright (c) 2013, Intel Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 */
15
16#define pr_fmt(fmt) "digital: %s: " fmt, __func__
17
18#include <linux/module.h>
19
20#include "digital.h"
21
22#define DIGITAL_PROTO_NFCA_RF_TECH \
23 (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK | NFC_PROTO_NFC_DEP_MASK)
24
25#define DIGITAL_PROTO_NFCF_RF_TECH \
26 (NFC_PROTO_FELICA_MASK | NFC_PROTO_NFC_DEP_MASK)
27
28struct digital_cmd {
29 struct list_head queue;
30
31 u8 type;
32 u8 pending;
33
34 u16 timeout;
35 struct sk_buff *req;
36 struct sk_buff *resp;
37 struct digital_tg_mdaa_params *mdaa_params;
38
39 nfc_digital_cmd_complete_t cmd_cb;
40 void *cb_context;
41};
42
43struct sk_buff *digital_skb_alloc(struct nfc_digital_dev *ddev,
44 unsigned int len)
45{
46 struct sk_buff *skb;
47
48 skb = alloc_skb(len + ddev->tx_headroom + ddev->tx_tailroom,
49 GFP_KERNEL);
50 if (skb)
51 skb_reserve(skb, ddev->tx_headroom);
52
53 return skb;
54}
55
56void digital_skb_add_crc(struct sk_buff *skb, crc_func_t crc_func, u16 init,
57 u8 bitwise_inv, u8 msb_first)
58{
59 u16 crc;
60
61 crc = crc_func(init, skb->data, skb->len);
62
63 if (bitwise_inv)
64 crc = ~crc;
65
66 if (msb_first)
67 crc = __fswab16(crc);
68
69 *skb_put(skb, 1) = crc & 0xFF;
70 *skb_put(skb, 1) = (crc >> 8) & 0xFF;
71}
72
73int digital_skb_check_crc(struct sk_buff *skb, crc_func_t crc_func,
74 u16 crc_init, u8 bitwise_inv, u8 msb_first)
75{
76 int rc;
77 u16 crc;
78
79 if (skb->len <= 2)
80 return -EIO;
81
82 crc = crc_func(crc_init, skb->data, skb->len - 2);
83
84 if (bitwise_inv)
85 crc = ~crc;
86
87 if (msb_first)
88 crc = __swab16(crc);
89
90 rc = (skb->data[skb->len - 2] - (crc & 0xFF)) +
91 (skb->data[skb->len - 1] - ((crc >> 8) & 0xFF));
92
93 if (rc)
94 return -EIO;
95
96 skb_trim(skb, skb->len - 2);
97
98 return 0;
99}
100
101static inline void digital_switch_rf(struct nfc_digital_dev *ddev, bool on)
102{
103 ddev->ops->switch_rf(ddev, on);
104}
105
106static inline void digital_abort_cmd(struct nfc_digital_dev *ddev)
107{
108 ddev->ops->abort_cmd(ddev);
109}
110
111static void digital_wq_cmd_complete(struct work_struct *work)
112{
113 struct digital_cmd *cmd;
114 struct nfc_digital_dev *ddev = container_of(work,
115 struct nfc_digital_dev,
116 cmd_complete_work);
117
118 mutex_lock(&ddev->cmd_lock);
119
120 cmd = list_first_entry_or_null(&ddev->cmd_queue, struct digital_cmd,
121 queue);
122 if (!cmd) {
123 mutex_unlock(&ddev->cmd_lock);
124 return;
125 }
126
127 list_del(&cmd->queue);
128
129 mutex_unlock(&ddev->cmd_lock);
130
131 if (!IS_ERR(cmd->resp))
132 print_hex_dump_debug("DIGITAL RX: ", DUMP_PREFIX_NONE, 16, 1,
133 cmd->resp->data, cmd->resp->len, false);
134
135 cmd->cmd_cb(ddev, cmd->cb_context, cmd->resp);
136
137 kfree(cmd->mdaa_params);
138 kfree(cmd);
139
140 schedule_work(&ddev->cmd_work);
141}
142
143static void digital_send_cmd_complete(struct nfc_digital_dev *ddev,
144 void *arg, struct sk_buff *resp)
145{
146 struct digital_cmd *cmd = arg;
147
148 cmd->resp = resp;
149
150 schedule_work(&ddev->cmd_complete_work);
151}
152
153static void digital_wq_cmd(struct work_struct *work)
154{
155 int rc;
156 struct digital_cmd *cmd;
157 struct digital_tg_mdaa_params *params;
158 struct nfc_digital_dev *ddev = container_of(work,
159 struct nfc_digital_dev,
160 cmd_work);
161
162 mutex_lock(&ddev->cmd_lock);
163
164 cmd = list_first_entry_or_null(&ddev->cmd_queue, struct digital_cmd,
165 queue);
166 if (!cmd || cmd->pending) {
167 mutex_unlock(&ddev->cmd_lock);
168 return;
169 }
170
171 mutex_unlock(&ddev->cmd_lock);
172
173 if (cmd->req)
174 print_hex_dump_debug("DIGITAL TX: ", DUMP_PREFIX_NONE, 16, 1,
175 cmd->req->data, cmd->req->len, false);
176
177 switch (cmd->type) {
178 case DIGITAL_CMD_IN_SEND:
179 rc = ddev->ops->in_send_cmd(ddev, cmd->req, cmd->timeout,
180 digital_send_cmd_complete, cmd);
181 break;
182
183 case DIGITAL_CMD_TG_SEND:
184 rc = ddev->ops->tg_send_cmd(ddev, cmd->req, cmd->timeout,
185 digital_send_cmd_complete, cmd);
186 break;
187
188 case DIGITAL_CMD_TG_LISTEN:
189 rc = ddev->ops->tg_listen(ddev, cmd->timeout,
190 digital_send_cmd_complete, cmd);
191 break;
192
193 case DIGITAL_CMD_TG_LISTEN_MDAA:
194 params = cmd->mdaa_params;
195
196 rc = ddev->ops->tg_listen_mdaa(ddev, params, cmd->timeout,
197 digital_send_cmd_complete, cmd);
198 break;
199
200 default:
201 pr_err("Unknown cmd type %d\n", cmd->type);
202 return;
203 }
204
205 if (!rc)
206 return;
207
208 pr_err("in_send_command returned err %d\n", rc);
209
210 mutex_lock(&ddev->cmd_lock);
211 list_del(&cmd->queue);
212 mutex_unlock(&ddev->cmd_lock);
213
214 kfree_skb(cmd->req);
215 kfree(cmd->mdaa_params);
216 kfree(cmd);
217
218 schedule_work(&ddev->cmd_work);
219}
220
221int digital_send_cmd(struct nfc_digital_dev *ddev, u8 cmd_type,
222 struct sk_buff *skb, struct digital_tg_mdaa_params *params,
223 u16 timeout, nfc_digital_cmd_complete_t cmd_cb,
224 void *cb_context)
225{
226 struct digital_cmd *cmd;
227
228 cmd = kzalloc(sizeof(struct digital_cmd), GFP_KERNEL);
229 if (!cmd)
230 return -ENOMEM;
231
232 cmd->type = cmd_type;
233 cmd->timeout = timeout;
234 cmd->req = skb;
235 cmd->mdaa_params = params;
236 cmd->cmd_cb = cmd_cb;
237 cmd->cb_context = cb_context;
238 INIT_LIST_HEAD(&cmd->queue);
239
240 mutex_lock(&ddev->cmd_lock);
241 list_add_tail(&cmd->queue, &ddev->cmd_queue);
242 mutex_unlock(&ddev->cmd_lock);
243
244 schedule_work(&ddev->cmd_work);
245
246 return 0;
247}
248
249int digital_in_configure_hw(struct nfc_digital_dev *ddev, int type, int param)
250{
251 int rc;
252
253 rc = ddev->ops->in_configure_hw(ddev, type, param);
254 if (rc)
255 pr_err("in_configure_hw failed: %d\n", rc);
256
257 return rc;
258}
259
260int digital_tg_configure_hw(struct nfc_digital_dev *ddev, int type, int param)
261{
262 int rc;
263
264 rc = ddev->ops->tg_configure_hw(ddev, type, param);
265 if (rc)
266 pr_err("tg_configure_hw failed: %d\n", rc);
267
268 return rc;
269}
270
271static int digital_tg_listen_mdaa(struct nfc_digital_dev *ddev, u8 rf_tech)
272{
273 struct digital_tg_mdaa_params *params;
274
275 params = kzalloc(sizeof(struct digital_tg_mdaa_params), GFP_KERNEL);
276 if (!params)
277 return -ENOMEM;
278
279 params->sens_res = DIGITAL_SENS_RES_NFC_DEP;
280 get_random_bytes(params->nfcid1, sizeof(params->nfcid1));
281 params->sel_res = DIGITAL_SEL_RES_NFC_DEP;
282
283 params->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
284 params->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
285 get_random_bytes(params->nfcid2 + 2, NFC_NFCID2_MAXSIZE - 2);
286 params->sc = DIGITAL_SENSF_FELICA_SC;
287
288 return digital_send_cmd(ddev, DIGITAL_CMD_TG_LISTEN_MDAA, NULL, params,
289 500, digital_tg_recv_atr_req, NULL);
290}
291
292int digital_target_found(struct nfc_digital_dev *ddev,
293 struct nfc_target *target, u8 protocol)
294{
295 int rc;
296 u8 framing;
297 u8 rf_tech;
298 int (*check_crc)(struct sk_buff *skb);
299 void (*add_crc)(struct sk_buff *skb);
300
301 rf_tech = ddev->poll_techs[ddev->poll_tech_index].rf_tech;
302
303 switch (protocol) {
304 case NFC_PROTO_JEWEL:
305 framing = NFC_DIGITAL_FRAMING_NFCA_T1T;
306 check_crc = digital_skb_check_crc_b;
307 add_crc = digital_skb_add_crc_b;
308 break;
309
310 case NFC_PROTO_MIFARE:
311 framing = NFC_DIGITAL_FRAMING_NFCA_T2T;
312 check_crc = digital_skb_check_crc_a;
313 add_crc = digital_skb_add_crc_a;
314 break;
315
316 case NFC_PROTO_FELICA:
317 framing = NFC_DIGITAL_FRAMING_NFCF_T3T;
318 check_crc = digital_skb_check_crc_f;
319 add_crc = digital_skb_add_crc_f;
320 break;
321
322 case NFC_PROTO_NFC_DEP:
323 if (rf_tech == NFC_DIGITAL_RF_TECH_106A) {
324 framing = NFC_DIGITAL_FRAMING_NFCA_NFC_DEP;
325 check_crc = digital_skb_check_crc_a;
326 add_crc = digital_skb_add_crc_a;
327 } else {
328 framing = NFC_DIGITAL_FRAMING_NFCF_NFC_DEP;
329 check_crc = digital_skb_check_crc_f;
330 add_crc = digital_skb_add_crc_f;
331 }
332 break;
333
334 default:
335 pr_err("Invalid protocol %d\n", protocol);
336 return -EINVAL;
337 }
338
339 pr_debug("rf_tech=%d, protocol=%d\n", rf_tech, protocol);
340
341 ddev->curr_rf_tech = rf_tech;
342 ddev->curr_protocol = protocol;
343
344 if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
345 ddev->skb_add_crc = digital_skb_add_crc_none;
346 ddev->skb_check_crc = digital_skb_check_crc_none;
347 } else {
348 ddev->skb_add_crc = add_crc;
349 ddev->skb_check_crc = check_crc;
350 }
351
352 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING, framing);
353 if (rc)
354 return rc;
355
356 target->supported_protocols = (1 << protocol);
357 rc = nfc_targets_found(ddev->nfc_dev, target, 1);
358 if (rc)
359 return rc;
360
361 ddev->poll_tech_count = 0;
362
363 return 0;
364}
365
366void digital_poll_next_tech(struct nfc_digital_dev *ddev)
367{
368 digital_switch_rf(ddev, 0);
369
370 mutex_lock(&ddev->poll_lock);
371
372 if (!ddev->poll_tech_count) {
373 mutex_unlock(&ddev->poll_lock);
374 return;
375 }
376
377 ddev->poll_tech_index = (ddev->poll_tech_index + 1) %
378 ddev->poll_tech_count;
379
380 mutex_unlock(&ddev->poll_lock);
381
382 schedule_work(&ddev->poll_work);
383}
384
385static void digital_wq_poll(struct work_struct *work)
386{
387 int rc;
388 struct digital_poll_tech *poll_tech;
389 struct nfc_digital_dev *ddev = container_of(work,
390 struct nfc_digital_dev,
391 poll_work);
392 mutex_lock(&ddev->poll_lock);
393
394 if (!ddev->poll_tech_count) {
395 mutex_unlock(&ddev->poll_lock);
396 return;
397 }
398
399 poll_tech = &ddev->poll_techs[ddev->poll_tech_index];
400
401 mutex_unlock(&ddev->poll_lock);
402
403 rc = poll_tech->poll_func(ddev, poll_tech->rf_tech);
404 if (rc)
405 digital_poll_next_tech(ddev);
406}
407
408static void digital_add_poll_tech(struct nfc_digital_dev *ddev, u8 rf_tech,
409 digital_poll_t poll_func)
410{
411 struct digital_poll_tech *poll_tech;
412
413 if (ddev->poll_tech_count >= NFC_DIGITAL_POLL_MODE_COUNT_MAX)
414 return;
415
416 poll_tech = &ddev->poll_techs[ddev->poll_tech_count++];
417
418 poll_tech->rf_tech = rf_tech;
419 poll_tech->poll_func = poll_func;
420}
421
422/**
423 * start_poll operation
424 *
425 * For every supported protocol, the corresponding polling function is added
426 * to the table of polling technologies (ddev->poll_techs[]) using
427 * digital_add_poll_tech().
428 * When a polling function fails (by timeout or protocol error) the next one is
429 * schedule by digital_poll_next_tech() on the poll workqueue (ddev->poll_work).
430 */
431static int digital_start_poll(struct nfc_dev *nfc_dev, __u32 im_protocols,
432 __u32 tm_protocols)
433{
434 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
435 u32 matching_im_protocols, matching_tm_protocols;
436
437 pr_debug("protocols: im 0x%x, tm 0x%x, supported 0x%x\n", im_protocols,
438 tm_protocols, ddev->protocols);
439
440 matching_im_protocols = ddev->protocols & im_protocols;
441 matching_tm_protocols = ddev->protocols & tm_protocols;
442
443 if (!matching_im_protocols && !matching_tm_protocols) {
444 pr_err("Unknown protocol\n");
445 return -EINVAL;
446 }
447
448 if (ddev->poll_tech_count) {
449 pr_err("Already polling\n");
450 return -EBUSY;
451 }
452
453 if (ddev->curr_protocol) {
454 pr_err("A target is already active\n");
455 return -EBUSY;
456 }
457
458 ddev->poll_tech_count = 0;
459 ddev->poll_tech_index = 0;
460
461 if (matching_im_protocols & DIGITAL_PROTO_NFCA_RF_TECH)
462 digital_add_poll_tech(ddev, NFC_DIGITAL_RF_TECH_106A,
463 digital_in_send_sens_req);
464
465 if (im_protocols & DIGITAL_PROTO_NFCF_RF_TECH) {
466 digital_add_poll_tech(ddev, NFC_DIGITAL_RF_TECH_212F,
467 digital_in_send_sensf_req);
468
469 digital_add_poll_tech(ddev, NFC_DIGITAL_RF_TECH_424F,
470 digital_in_send_sensf_req);
471 }
472
473 if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
474 if (ddev->ops->tg_listen_mdaa) {
475 digital_add_poll_tech(ddev, 0,
476 digital_tg_listen_mdaa);
477 } else {
478 digital_add_poll_tech(ddev, NFC_DIGITAL_RF_TECH_106A,
479 digital_tg_listen_nfca);
480
481 digital_add_poll_tech(ddev, NFC_DIGITAL_RF_TECH_212F,
482 digital_tg_listen_nfcf);
483
484 digital_add_poll_tech(ddev, NFC_DIGITAL_RF_TECH_424F,
485 digital_tg_listen_nfcf);
486 }
487 }
488
489 if (!ddev->poll_tech_count) {
490 pr_err("Unsupported protocols: im=0x%x, tm=0x%x\n",
491 matching_im_protocols, matching_tm_protocols);
492 return -EINVAL;
493 }
494
495 schedule_work(&ddev->poll_work);
496
497 return 0;
498}
499
500static void digital_stop_poll(struct nfc_dev *nfc_dev)
501{
502 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
503
504 mutex_lock(&ddev->poll_lock);
505
506 if (!ddev->poll_tech_count) {
507 pr_err("Polling operation was not running\n");
508 mutex_unlock(&ddev->poll_lock);
509 return;
510 }
511
512 ddev->poll_tech_count = 0;
513
514 mutex_unlock(&ddev->poll_lock);
515
516 cancel_work_sync(&ddev->poll_work);
517
518 digital_abort_cmd(ddev);
519}
520
521static int digital_dev_up(struct nfc_dev *nfc_dev)
522{
523 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
524
525 digital_switch_rf(ddev, 1);
526
527 return 0;
528}
529
530static int digital_dev_down(struct nfc_dev *nfc_dev)
531{
532 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
533
534 digital_switch_rf(ddev, 0);
535
536 return 0;
537}
538
539static int digital_dep_link_up(struct nfc_dev *nfc_dev,
540 struct nfc_target *target,
541 __u8 comm_mode, __u8 *gb, size_t gb_len)
542{
543 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
544
545 return digital_in_send_atr_req(ddev, target, comm_mode, gb, gb_len);
546}
547
548static int digital_dep_link_down(struct nfc_dev *nfc_dev)
549{
550 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
551
552 ddev->curr_protocol = 0;
553
554 return 0;
555}
556
557static int digital_activate_target(struct nfc_dev *nfc_dev,
558 struct nfc_target *target, __u32 protocol)
559{
560 return 0;
561}
562
563static void digital_deactivate_target(struct nfc_dev *nfc_dev,
564 struct nfc_target *target)
565{
566 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
567
568 ddev->curr_protocol = 0;
569}
570
571static int digital_tg_send(struct nfc_dev *dev, struct sk_buff *skb)
572{
573 struct nfc_digital_dev *ddev = nfc_get_drvdata(dev);
574
575 return digital_tg_send_dep_res(ddev, skb);
576}
577
578static void digital_in_send_complete(struct nfc_digital_dev *ddev, void *arg,
579 struct sk_buff *resp)
580{
581 struct digital_data_exch *data_exch = arg;
582 int rc;
583
584 if (IS_ERR(resp)) {
585 rc = PTR_ERR(resp);
586 goto done;
587 }
588
589 if (ddev->curr_protocol == NFC_PROTO_MIFARE)
590 rc = digital_in_recv_mifare_res(resp);
591 else
592 rc = ddev->skb_check_crc(resp);
593
594 if (rc) {
595 kfree_skb(resp);
596 resp = NULL;
597 }
598
599done:
600 data_exch->cb(data_exch->cb_context, resp, rc);
601
602 kfree(data_exch);
603}
604
605static int digital_in_send(struct nfc_dev *nfc_dev, struct nfc_target *target,
606 struct sk_buff *skb, data_exchange_cb_t cb,
607 void *cb_context)
608{
609 struct nfc_digital_dev *ddev = nfc_get_drvdata(nfc_dev);
610 struct digital_data_exch *data_exch;
611
612 data_exch = kzalloc(sizeof(struct digital_data_exch), GFP_KERNEL);
613 if (!data_exch) {
614 pr_err("Failed to allocate data_exch struct\n");
615 return -ENOMEM;
616 }
617
618 data_exch->cb = cb;
619 data_exch->cb_context = cb_context;
620
621 if (ddev->curr_protocol == NFC_PROTO_NFC_DEP)
622 return digital_in_send_dep_req(ddev, target, skb, data_exch);
623
624 ddev->skb_add_crc(skb);
625
626 return digital_in_send_cmd(ddev, skb, 500, digital_in_send_complete,
627 data_exch);
628}
629
630static struct nfc_ops digital_nfc_ops = {
631 .dev_up = digital_dev_up,
632 .dev_down = digital_dev_down,
633 .start_poll = digital_start_poll,
634 .stop_poll = digital_stop_poll,
635 .dep_link_up = digital_dep_link_up,
636 .dep_link_down = digital_dep_link_down,
637 .activate_target = digital_activate_target,
638 .deactivate_target = digital_deactivate_target,
639 .tm_send = digital_tg_send,
640 .im_transceive = digital_in_send,
641};
642
643struct nfc_digital_dev *nfc_digital_allocate_device(struct nfc_digital_ops *ops,
644 __u32 supported_protocols,
645 __u32 driver_capabilities,
646 int tx_headroom, int tx_tailroom)
647{
648 struct nfc_digital_dev *ddev;
649
650 if (!ops->in_configure_hw || !ops->in_send_cmd || !ops->tg_listen ||
651 !ops->tg_configure_hw || !ops->tg_send_cmd || !ops->abort_cmd ||
652 !ops->switch_rf)
653 return NULL;
654
655 ddev = kzalloc(sizeof(struct nfc_digital_dev), GFP_KERNEL);
656 if (!ddev)
657 return NULL;
658
659 ddev->driver_capabilities = driver_capabilities;
660 ddev->ops = ops;
661
662 mutex_init(&ddev->cmd_lock);
663 INIT_LIST_HEAD(&ddev->cmd_queue);
664
665 INIT_WORK(&ddev->cmd_work, digital_wq_cmd);
666 INIT_WORK(&ddev->cmd_complete_work, digital_wq_cmd_complete);
667
668 mutex_init(&ddev->poll_lock);
669 INIT_WORK(&ddev->poll_work, digital_wq_poll);
670
671 if (supported_protocols & NFC_PROTO_JEWEL_MASK)
672 ddev->protocols |= NFC_PROTO_JEWEL_MASK;
673 if (supported_protocols & NFC_PROTO_MIFARE_MASK)
674 ddev->protocols |= NFC_PROTO_MIFARE_MASK;
675 if (supported_protocols & NFC_PROTO_FELICA_MASK)
676 ddev->protocols |= NFC_PROTO_FELICA_MASK;
677 if (supported_protocols & NFC_PROTO_NFC_DEP_MASK)
678 ddev->protocols |= NFC_PROTO_NFC_DEP_MASK;
679
680 ddev->tx_headroom = tx_headroom + DIGITAL_MAX_HEADER_LEN;
681 ddev->tx_tailroom = tx_tailroom + DIGITAL_CRC_LEN;
682
683 ddev->nfc_dev = nfc_allocate_device(&digital_nfc_ops, ddev->protocols,
684 ddev->tx_headroom,
685 ddev->tx_tailroom);
686 if (!ddev->nfc_dev) {
687 pr_err("nfc_allocate_device failed\n");
688 goto free_dev;
689 }
690
691 nfc_set_drvdata(ddev->nfc_dev, ddev);
692
693 return ddev;
694
695free_dev:
696 kfree(ddev);
697
698 return NULL;
699}
700EXPORT_SYMBOL(nfc_digital_allocate_device);
701
702void nfc_digital_free_device(struct nfc_digital_dev *ddev)
703{
704 nfc_free_device(ddev->nfc_dev);
705 kfree(ddev);
706}
707EXPORT_SYMBOL(nfc_digital_free_device);
708
709int nfc_digital_register_device(struct nfc_digital_dev *ddev)
710{
711 return nfc_register_device(ddev->nfc_dev);
712}
713EXPORT_SYMBOL(nfc_digital_register_device);
714
715void nfc_digital_unregister_device(struct nfc_digital_dev *ddev)
716{
717 struct digital_cmd *cmd, *n;
718
719 nfc_unregister_device(ddev->nfc_dev);
720
721 mutex_lock(&ddev->poll_lock);
722 ddev->poll_tech_count = 0;
723 mutex_unlock(&ddev->poll_lock);
724
725 cancel_work_sync(&ddev->poll_work);
726 cancel_work_sync(&ddev->cmd_work);
727 cancel_work_sync(&ddev->cmd_complete_work);
728
729 list_for_each_entry_safe(cmd, n, &ddev->cmd_queue, queue) {
730 list_del(&cmd->queue);
731 kfree(cmd->mdaa_params);
732 kfree(cmd);
733 }
734}
735EXPORT_SYMBOL(nfc_digital_unregister_device);
736
737MODULE_LICENSE("GPL");
diff --git a/net/nfc/digital_dep.c b/net/nfc/digital_dep.c
new file mode 100644
index 000000000000..07bbc24fb4c7
--- /dev/null
+++ b/net/nfc/digital_dep.c
@@ -0,0 +1,729 @@
1/*
2 * NFC Digital Protocol stack
3 * Copyright (c) 2013, Intel Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 */
15
16#define pr_fmt(fmt) "digital: %s: " fmt, __func__
17
18#include "digital.h"
19
20#define DIGITAL_NFC_DEP_FRAME_DIR_OUT 0xD4
21#define DIGITAL_NFC_DEP_FRAME_DIR_IN 0xD5
22
23#define DIGITAL_NFC_DEP_NFCA_SOD_SB 0xF0
24
25#define DIGITAL_CMD_ATR_REQ 0x00
26#define DIGITAL_CMD_ATR_RES 0x01
27#define DIGITAL_CMD_PSL_REQ 0x04
28#define DIGITAL_CMD_PSL_RES 0x05
29#define DIGITAL_CMD_DEP_REQ 0x06
30#define DIGITAL_CMD_DEP_RES 0x07
31
32#define DIGITAL_ATR_REQ_MIN_SIZE 16
33#define DIGITAL_ATR_REQ_MAX_SIZE 64
34
35#define DIGITAL_NFCID3_LEN ((u8)8)
36#define DIGITAL_LR_BITS_PAYLOAD_SIZE_254B 0x30
37#define DIGITAL_GB_BIT 0x02
38
39#define DIGITAL_NFC_DEP_PFB_TYPE(pfb) ((pfb) & 0xE0)
40
41#define DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT 0x10
42
43#define DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb) \
44 ((pfb) & DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT)
45#define DIGITAL_NFC_DEP_MI_BIT_SET(pfb) ((pfb) & 0x10)
46#define DIGITAL_NFC_DEP_NAD_BIT_SET(pfb) ((pfb) & 0x08)
47#define DIGITAL_NFC_DEP_DID_BIT_SET(pfb) ((pfb) & 0x04)
48#define DIGITAL_NFC_DEP_PFB_PNI(pfb) ((pfb) & 0x03)
49
50#define DIGITAL_NFC_DEP_PFB_I_PDU 0x00
51#define DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU 0x40
52#define DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU 0x80
53
54struct digital_atr_req {
55 u8 dir;
56 u8 cmd;
57 u8 nfcid3[10];
58 u8 did;
59 u8 bs;
60 u8 br;
61 u8 pp;
62 u8 gb[0];
63} __packed;
64
65struct digital_atr_res {
66 u8 dir;
67 u8 cmd;
68 u8 nfcid3[10];
69 u8 did;
70 u8 bs;
71 u8 br;
72 u8 to;
73 u8 pp;
74 u8 gb[0];
75} __packed;
76
77struct digital_psl_req {
78 u8 dir;
79 u8 cmd;
80 u8 did;
81 u8 brs;
82 u8 fsl;
83} __packed;
84
85struct digital_psl_res {
86 u8 dir;
87 u8 cmd;
88 u8 did;
89} __packed;
90
91struct digital_dep_req_res {
92 u8 dir;
93 u8 cmd;
94 u8 pfb;
95} __packed;
96
97static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
98 struct sk_buff *resp);
99
100static void digital_skb_push_dep_sod(struct nfc_digital_dev *ddev,
101 struct sk_buff *skb)
102{
103 skb_push(skb, sizeof(u8));
104
105 skb->data[0] = skb->len;
106
107 if (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)
108 *skb_push(skb, sizeof(u8)) = DIGITAL_NFC_DEP_NFCA_SOD_SB;
109}
110
111static int digital_skb_pull_dep_sod(struct nfc_digital_dev *ddev,
112 struct sk_buff *skb)
113{
114 u8 size;
115
116 if (skb->len < 2)
117 return -EIO;
118
119 if (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)
120 skb_pull(skb, sizeof(u8));
121
122 size = skb->data[0];
123 if (size != skb->len)
124 return -EIO;
125
126 skb_pull(skb, sizeof(u8));
127
128 return 0;
129}
130
131static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg,
132 struct sk_buff *resp)
133{
134 struct nfc_target *target = arg;
135 struct digital_atr_res *atr_res;
136 u8 gb_len;
137 int rc;
138
139 if (IS_ERR(resp)) {
140 rc = PTR_ERR(resp);
141 resp = NULL;
142 goto exit;
143 }
144
145 rc = ddev->skb_check_crc(resp);
146 if (rc) {
147 PROTOCOL_ERR("14.4.1.6");
148 goto exit;
149 }
150
151 rc = digital_skb_pull_dep_sod(ddev, resp);
152 if (rc) {
153 PROTOCOL_ERR("14.4.1.2");
154 goto exit;
155 }
156
157 if (resp->len < sizeof(struct digital_atr_res)) {
158 rc = -EIO;
159 goto exit;
160 }
161
162 gb_len = resp->len - sizeof(struct digital_atr_res);
163
164 atr_res = (struct digital_atr_res *)resp->data;
165
166 rc = nfc_set_remote_general_bytes(ddev->nfc_dev, atr_res->gb, gb_len);
167 if (rc)
168 goto exit;
169
170 rc = nfc_dep_link_is_up(ddev->nfc_dev, target->idx, NFC_COMM_ACTIVE,
171 NFC_RF_INITIATOR);
172
173 ddev->curr_nfc_dep_pni = 0;
174
175exit:
176 dev_kfree_skb(resp);
177
178 if (rc)
179 ddev->curr_protocol = 0;
180}
181
182int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
183 struct nfc_target *target, __u8 comm_mode, __u8 *gb,
184 size_t gb_len)
185{
186 struct sk_buff *skb;
187 struct digital_atr_req *atr_req;
188 uint size;
189
190 size = DIGITAL_ATR_REQ_MIN_SIZE + gb_len;
191
192 if (size > DIGITAL_ATR_REQ_MAX_SIZE) {
193 PROTOCOL_ERR("14.6.1.1");
194 return -EINVAL;
195 }
196
197 skb = digital_skb_alloc(ddev, size);
198 if (!skb)
199 return -ENOMEM;
200
201 skb_put(skb, sizeof(struct digital_atr_req));
202
203 atr_req = (struct digital_atr_req *)skb->data;
204 memset(atr_req, 0, sizeof(struct digital_atr_req));
205
206 atr_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
207 atr_req->cmd = DIGITAL_CMD_ATR_REQ;
208 if (target->nfcid2_len)
209 memcpy(atr_req->nfcid3, target->nfcid2,
210 max(target->nfcid2_len, DIGITAL_NFCID3_LEN));
211 else
212 get_random_bytes(atr_req->nfcid3, DIGITAL_NFCID3_LEN);
213
214 atr_req->did = 0;
215 atr_req->bs = 0;
216 atr_req->br = 0;
217
218 atr_req->pp = DIGITAL_LR_BITS_PAYLOAD_SIZE_254B;
219
220 if (gb_len) {
221 atr_req->pp |= DIGITAL_GB_BIT;
222 memcpy(skb_put(skb, gb_len), gb, gb_len);
223 }
224
225 digital_skb_push_dep_sod(ddev, skb);
226
227 ddev->skb_add_crc(skb);
228
229 digital_in_send_cmd(ddev, skb, 500, digital_in_recv_atr_res, target);
230
231 return 0;
232}
233
234static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
235 struct digital_data_exch *data_exch, u8 rtox)
236{
237 struct digital_dep_req_res *dep_req;
238 struct sk_buff *skb;
239 int rc;
240
241 skb = digital_skb_alloc(ddev, 1);
242 if (!skb)
243 return -ENOMEM;
244
245 *skb_put(skb, 1) = rtox;
246
247 skb_push(skb, sizeof(struct digital_dep_req_res));
248
249 dep_req = (struct digital_dep_req_res *)skb->data;
250
251 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
252 dep_req->cmd = DIGITAL_CMD_DEP_REQ;
253 dep_req->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU |
254 DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT;
255
256 digital_skb_push_dep_sod(ddev, skb);
257
258 ddev->skb_add_crc(skb);
259
260 rc = digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res,
261 data_exch);
262
263 return rc;
264}
265
266static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
267 struct sk_buff *resp)
268{
269 struct digital_data_exch *data_exch = arg;
270 struct digital_dep_req_res *dep_res;
271 u8 pfb;
272 uint size;
273 int rc;
274
275 if (IS_ERR(resp)) {
276 rc = PTR_ERR(resp);
277 resp = NULL;
278 goto exit;
279 }
280
281 rc = ddev->skb_check_crc(resp);
282 if (rc) {
283 PROTOCOL_ERR("14.4.1.6");
284 goto error;
285 }
286
287 rc = digital_skb_pull_dep_sod(ddev, resp);
288 if (rc) {
289 PROTOCOL_ERR("14.4.1.2");
290 goto exit;
291 }
292
293 dep_res = (struct digital_dep_req_res *)resp->data;
294
295 if (resp->len < sizeof(struct digital_dep_req_res) ||
296 dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
297 dep_res->cmd != DIGITAL_CMD_DEP_RES) {
298 rc = -EIO;
299 goto error;
300 }
301
302 pfb = dep_res->pfb;
303
304 switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
305 case DIGITAL_NFC_DEP_PFB_I_PDU:
306 if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
307 PROTOCOL_ERR("14.12.3.3");
308 rc = -EIO;
309 goto error;
310 }
311
312 ddev->curr_nfc_dep_pni =
313 DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
314 rc = 0;
315 break;
316
317 case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
318 pr_err("Received a ACK/NACK PDU\n");
319 rc = -EIO;
320 goto error;
321
322 case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
323 if (!DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) {
324 rc = -EINVAL;
325 goto error;
326 }
327
328 rc = digital_in_send_rtox(ddev, data_exch, resp->data[3]);
329 if (rc)
330 goto error;
331
332 kfree_skb(resp);
333 return;
334 }
335
336 if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb)) {
337 pr_err("MI bit set. Chained PDU not supported\n");
338 rc = -EIO;
339 goto error;
340 }
341
342 size = sizeof(struct digital_dep_req_res);
343
344 if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb))
345 size++;
346
347 if (size > resp->len) {
348 rc = -EIO;
349 goto error;
350 }
351
352 skb_pull(resp, size);
353
354exit:
355 data_exch->cb(data_exch->cb_context, resp, rc);
356
357error:
358 kfree(data_exch);
359
360 if (rc)
361 kfree_skb(resp);
362}
363
364int digital_in_send_dep_req(struct nfc_digital_dev *ddev,
365 struct nfc_target *target, struct sk_buff *skb,
366 struct digital_data_exch *data_exch)
367{
368 struct digital_dep_req_res *dep_req;
369
370 skb_push(skb, sizeof(struct digital_dep_req_res));
371
372 dep_req = (struct digital_dep_req_res *)skb->data;
373 dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
374 dep_req->cmd = DIGITAL_CMD_DEP_REQ;
375 dep_req->pfb = ddev->curr_nfc_dep_pni;
376
377 digital_skb_push_dep_sod(ddev, skb);
378
379 ddev->skb_add_crc(skb);
380
381 return digital_in_send_cmd(ddev, skb, 1500, digital_in_recv_dep_res,
382 data_exch);
383}
384
385static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
386 struct sk_buff *resp)
387{
388 int rc;
389 struct digital_dep_req_res *dep_req;
390 size_t size;
391
392 if (IS_ERR(resp)) {
393 rc = PTR_ERR(resp);
394 resp = NULL;
395 goto exit;
396 }
397
398 rc = ddev->skb_check_crc(resp);
399 if (rc) {
400 PROTOCOL_ERR("14.4.1.6");
401 goto exit;
402 }
403
404 rc = digital_skb_pull_dep_sod(ddev, resp);
405 if (rc) {
406 PROTOCOL_ERR("14.4.1.2");
407 goto exit;
408 }
409
410 size = sizeof(struct digital_dep_req_res);
411 dep_req = (struct digital_dep_req_res *)resp->data;
412
413 if (resp->len < size || dep_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
414 dep_req->cmd != DIGITAL_CMD_DEP_REQ) {
415 rc = -EIO;
416 goto exit;
417 }
418
419 if (DIGITAL_NFC_DEP_DID_BIT_SET(dep_req->pfb))
420 size++;
421
422 if (resp->len < size) {
423 rc = -EIO;
424 goto exit;
425 }
426
427 switch (DIGITAL_NFC_DEP_PFB_TYPE(dep_req->pfb)) {
428 case DIGITAL_NFC_DEP_PFB_I_PDU:
429 pr_debug("DIGITAL_NFC_DEP_PFB_I_PDU\n");
430 ddev->curr_nfc_dep_pni = DIGITAL_NFC_DEP_PFB_PNI(dep_req->pfb);
431 break;
432 case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
433 pr_err("Received a ACK/NACK PDU\n");
434 rc = -EINVAL;
435 goto exit;
436 break;
437 case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
438 pr_err("Received a SUPERVISOR PDU\n");
439 rc = -EINVAL;
440 goto exit;
441 break;
442 }
443
444 skb_pull(resp, size);
445
446 rc = nfc_tm_data_received(ddev->nfc_dev, resp);
447
448exit:
449 if (rc)
450 kfree_skb(resp);
451}
452
453int digital_tg_send_dep_res(struct nfc_digital_dev *ddev, struct sk_buff *skb)
454{
455 struct digital_dep_req_res *dep_res;
456
457 skb_push(skb, sizeof(struct digital_dep_req_res));
458 dep_res = (struct digital_dep_req_res *)skb->data;
459
460 dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
461 dep_res->cmd = DIGITAL_CMD_DEP_RES;
462 dep_res->pfb = ddev->curr_nfc_dep_pni;
463
464 digital_skb_push_dep_sod(ddev, skb);
465
466 ddev->skb_add_crc(skb);
467
468 return digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
469 NULL);
470}
471
472static void digital_tg_send_psl_res_complete(struct nfc_digital_dev *ddev,
473 void *arg, struct sk_buff *resp)
474{
475 u8 rf_tech = PTR_ERR(arg);
476
477 if (IS_ERR(resp))
478 return;
479
480 digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
481
482 digital_tg_listen(ddev, 1500, digital_tg_recv_dep_req, NULL);
483
484 dev_kfree_skb(resp);
485}
486
487static int digital_tg_send_psl_res(struct nfc_digital_dev *ddev, u8 did,
488 u8 rf_tech)
489{
490 struct digital_psl_res *psl_res;
491 struct sk_buff *skb;
492 int rc;
493
494 skb = digital_skb_alloc(ddev, sizeof(struct digital_psl_res));
495 if (!skb)
496 return -ENOMEM;
497
498 skb_put(skb, sizeof(struct digital_psl_res));
499
500 psl_res = (struct digital_psl_res *)skb->data;
501
502 psl_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
503 psl_res->cmd = DIGITAL_CMD_PSL_RES;
504 psl_res->did = did;
505
506 digital_skb_push_dep_sod(ddev, skb);
507
508 ddev->skb_add_crc(skb);
509
510 rc = digital_tg_send_cmd(ddev, skb, 0, digital_tg_send_psl_res_complete,
511 ERR_PTR(rf_tech));
512
513 if (rc)
514 kfree_skb(skb);
515
516 return rc;
517}
518
519static void digital_tg_recv_psl_req(struct nfc_digital_dev *ddev, void *arg,
520 struct sk_buff *resp)
521{
522 int rc;
523 struct digital_psl_req *psl_req;
524 u8 rf_tech;
525 u8 dsi;
526
527 if (IS_ERR(resp)) {
528 rc = PTR_ERR(resp);
529 resp = NULL;
530 goto exit;
531 }
532
533 rc = ddev->skb_check_crc(resp);
534 if (rc) {
535 PROTOCOL_ERR("14.4.1.6");
536 goto exit;
537 }
538
539 rc = digital_skb_pull_dep_sod(ddev, resp);
540 if (rc) {
541 PROTOCOL_ERR("14.4.1.2");
542 goto exit;
543 }
544
545 psl_req = (struct digital_psl_req *)resp->data;
546
547 if (resp->len != sizeof(struct digital_psl_req) ||
548 psl_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
549 psl_req->cmd != DIGITAL_CMD_PSL_REQ) {
550 rc = -EIO;
551 goto exit;
552 }
553
554 dsi = (psl_req->brs >> 3) & 0x07;
555 switch (dsi) {
556 case 0:
557 rf_tech = NFC_DIGITAL_RF_TECH_106A;
558 break;
559 case 1:
560 rf_tech = NFC_DIGITAL_RF_TECH_212F;
561 break;
562 case 2:
563 rf_tech = NFC_DIGITAL_RF_TECH_424F;
564 break;
565 default:
566 pr_err("Unsuported dsi value %d\n", dsi);
567 goto exit;
568 }
569
570 rc = digital_tg_send_psl_res(ddev, psl_req->did, rf_tech);
571
572exit:
573 kfree_skb(resp);
574}
575
576static void digital_tg_send_atr_res_complete(struct nfc_digital_dev *ddev,
577 void *arg, struct sk_buff *resp)
578{
579 int offset;
580
581 if (IS_ERR(resp)) {
582 digital_poll_next_tech(ddev);
583 return;
584 }
585
586 offset = 2;
587 if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB)
588 offset++;
589
590 if (resp->data[offset] == DIGITAL_CMD_PSL_REQ)
591 digital_tg_recv_psl_req(ddev, arg, resp);
592 else
593 digital_tg_recv_dep_req(ddev, arg, resp);
594}
595
596static int digital_tg_send_atr_res(struct nfc_digital_dev *ddev,
597 struct digital_atr_req *atr_req)
598{
599 struct digital_atr_res *atr_res;
600 struct sk_buff *skb;
601 u8 *gb;
602 size_t gb_len;
603 int rc;
604
605 gb = nfc_get_local_general_bytes(ddev->nfc_dev, &gb_len);
606 if (!gb)
607 gb_len = 0;
608
609 skb = digital_skb_alloc(ddev, sizeof(struct digital_atr_res) + gb_len);
610 if (!skb)
611 return -ENOMEM;
612
613 skb_put(skb, sizeof(struct digital_atr_res));
614 atr_res = (struct digital_atr_res *)skb->data;
615
616 memset(atr_res, 0, sizeof(struct digital_atr_res));
617
618 atr_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
619 atr_res->cmd = DIGITAL_CMD_ATR_RES;
620 memcpy(atr_res->nfcid3, atr_req->nfcid3, sizeof(atr_req->nfcid3));
621 atr_res->to = 8;
622 atr_res->pp = DIGITAL_LR_BITS_PAYLOAD_SIZE_254B;
623 if (gb_len) {
624 skb_put(skb, gb_len);
625
626 atr_res->pp |= DIGITAL_GB_BIT;
627 memcpy(atr_res->gb, gb, gb_len);
628 }
629
630 digital_skb_push_dep_sod(ddev, skb);
631
632 ddev->skb_add_crc(skb);
633
634 rc = digital_tg_send_cmd(ddev, skb, 999,
635 digital_tg_send_atr_res_complete, NULL);
636 if (rc) {
637 kfree_skb(skb);
638 return rc;
639 }
640
641 return rc;
642}
643
644void digital_tg_recv_atr_req(struct nfc_digital_dev *ddev, void *arg,
645 struct sk_buff *resp)
646{
647 int rc;
648 struct digital_atr_req *atr_req;
649 size_t gb_len, min_size;
650
651 if (IS_ERR(resp)) {
652 rc = PTR_ERR(resp);
653 resp = NULL;
654 goto exit;
655 }
656
657 if (!resp->len) {
658 rc = -EIO;
659 goto exit;
660 }
661
662 if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB) {
663 min_size = DIGITAL_ATR_REQ_MIN_SIZE + 2;
664
665 ddev->curr_rf_tech = NFC_DIGITAL_RF_TECH_106A;
666 ddev->skb_add_crc = digital_skb_add_crc_a;
667 ddev->skb_check_crc = digital_skb_check_crc_a;
668 } else {
669 min_size = DIGITAL_ATR_REQ_MIN_SIZE + 1;
670
671 ddev->curr_rf_tech = NFC_DIGITAL_RF_TECH_212F;
672 ddev->skb_add_crc = digital_skb_add_crc_f;
673 ddev->skb_check_crc = digital_skb_check_crc_f;
674 }
675
676 if (resp->len < min_size) {
677 rc = -EIO;
678 goto exit;
679 }
680
681 if (DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
682 ddev->skb_add_crc = digital_skb_add_crc_none;
683 ddev->skb_check_crc = digital_skb_check_crc_none;
684 }
685
686 rc = ddev->skb_check_crc(resp);
687 if (rc) {
688 PROTOCOL_ERR("14.4.1.6");
689 goto exit;
690 }
691
692 rc = digital_skb_pull_dep_sod(ddev, resp);
693 if (rc) {
694 PROTOCOL_ERR("14.4.1.2");
695 goto exit;
696 }
697
698 atr_req = (struct digital_atr_req *)resp->data;
699
700 if (atr_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
701 atr_req->cmd != DIGITAL_CMD_ATR_REQ) {
702 rc = -EINVAL;
703 goto exit;
704 }
705
706 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
707 NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED);
708 if (rc)
709 goto exit;
710
711 rc = digital_tg_send_atr_res(ddev, atr_req);
712 if (rc)
713 goto exit;
714
715 gb_len = resp->len - sizeof(struct digital_atr_req);
716 rc = nfc_tm_activated(ddev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
717 NFC_COMM_PASSIVE, atr_req->gb, gb_len);
718 if (rc)
719 goto exit;
720
721 ddev->poll_tech_count = 0;
722
723 rc = 0;
724exit:
725 if (rc)
726 digital_poll_next_tech(ddev);
727
728 dev_kfree_skb(resp);
729}
diff --git a/net/nfc/digital_technology.c b/net/nfc/digital_technology.c
new file mode 100644
index 000000000000..251c8c753ebe
--- /dev/null
+++ b/net/nfc/digital_technology.c
@@ -0,0 +1,770 @@
1/*
2 * NFC Digital Protocol stack
3 * Copyright (c) 2013, Intel Corporation.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 */
15
16#define pr_fmt(fmt) "digital: %s: " fmt, __func__
17
18#include "digital.h"
19
20#define DIGITAL_CMD_SENS_REQ 0x26
21#define DIGITAL_CMD_ALL_REQ 0x52
22#define DIGITAL_CMD_SEL_REQ_CL1 0x93
23#define DIGITAL_CMD_SEL_REQ_CL2 0x95
24#define DIGITAL_CMD_SEL_REQ_CL3 0x97
25
26#define DIGITAL_SDD_REQ_SEL_PAR 0x20
27
28#define DIGITAL_SDD_RES_CT 0x88
29#define DIGITAL_SDD_RES_LEN 5
30
31#define DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res) (!((sel_res) & 0x04))
32#define DIGITAL_SEL_RES_IS_T2T(sel_res) (!((sel_res) & 0x60))
33#define DIGITAL_SEL_RES_IS_NFC_DEP(sel_res) ((sel_res) & 0x40)
34
35#define DIGITAL_SENS_RES_IS_T1T(sens_res) (((sens_res) & 0x0C00) == 0x0C00)
36#define DIGITAL_SENS_RES_IS_VALID(sens_res) \
37 ((!((sens_res) & 0x001F) && (((sens_res) & 0x0C00) == 0x0C00)) || \
38 (((sens_res) & 0x001F) && ((sens_res) & 0x0C00) != 0x0C00))
39
40#define DIGITAL_MIFARE_READ_RES_LEN 16
41#define DIGITAL_MIFARE_ACK_RES 0x0A
42
43#define DIGITAL_CMD_SENSF_REQ 0x00
44#define DIGITAL_CMD_SENSF_RES 0x01
45
46#define DIGITAL_SENSF_RES_MIN_LENGTH 17
47#define DIGITAL_SENSF_RES_RD_AP_B1 0x00
48#define DIGITAL_SENSF_RES_RD_AP_B2 0x8F
49
50#define DIGITAL_SENSF_REQ_RC_NONE 0
51#define DIGITAL_SENSF_REQ_RC_SC 1
52#define DIGITAL_SENSF_REQ_RC_AP 2
53
54struct digital_sdd_res {
55 u8 nfcid1[4];
56 u8 bcc;
57} __packed;
58
59struct digital_sel_req {
60 u8 sel_cmd;
61 u8 b2;
62 u8 nfcid1[4];
63 u8 bcc;
64} __packed;
65
66struct digital_sensf_req {
67 u8 cmd;
68 u8 sc1;
69 u8 sc2;
70 u8 rc;
71 u8 tsn;
72} __packed;
73
74struct digital_sensf_res {
75 u8 cmd;
76 u8 nfcid2[8];
77 u8 pad0[2];
78 u8 pad1[3];
79 u8 mrti_check;
80 u8 mrti_update;
81 u8 pad2;
82 u8 rd[2];
83} __packed;
84
85static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
86 struct nfc_target *target);
87
88static void digital_in_recv_sel_res(struct nfc_digital_dev *ddev, void *arg,
89 struct sk_buff *resp)
90{
91 struct nfc_target *target = arg;
92 int rc;
93 u8 sel_res;
94 u8 nfc_proto;
95
96 if (IS_ERR(resp)) {
97 rc = PTR_ERR(resp);
98 resp = NULL;
99 goto exit;
100 }
101
102 if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
103 rc = digital_skb_check_crc_a(resp);
104 if (rc) {
105 PROTOCOL_ERR("4.4.1.3");
106 goto exit;
107 }
108 }
109
110 if (!resp->len) {
111 rc = -EIO;
112 goto exit;
113 }
114
115 sel_res = resp->data[0];
116
117 if (!DIGITAL_SEL_RES_NFCID1_COMPLETE(sel_res)) {
118 rc = digital_in_send_sdd_req(ddev, target);
119 if (rc)
120 goto exit;
121
122 goto exit_free_skb;
123 }
124
125 if (DIGITAL_SEL_RES_IS_T2T(sel_res)) {
126 nfc_proto = NFC_PROTO_MIFARE;
127 } else if (DIGITAL_SEL_RES_IS_NFC_DEP(sel_res)) {
128 nfc_proto = NFC_PROTO_NFC_DEP;
129 } else {
130 rc = -EOPNOTSUPP;
131 goto exit;
132 }
133
134 target->sel_res = sel_res;
135
136 rc = digital_target_found(ddev, target, nfc_proto);
137
138exit:
139 kfree(target);
140
141exit_free_skb:
142 dev_kfree_skb(resp);
143
144 if (rc)
145 digital_poll_next_tech(ddev);
146}
147
148static int digital_in_send_sel_req(struct nfc_digital_dev *ddev,
149 struct nfc_target *target,
150 struct digital_sdd_res *sdd_res)
151{
152 struct sk_buff *skb;
153 struct digital_sel_req *sel_req;
154 u8 sel_cmd;
155 int rc;
156
157 skb = digital_skb_alloc(ddev, sizeof(struct digital_sel_req));
158 if (!skb)
159 return -ENOMEM;
160
161 skb_put(skb, sizeof(struct digital_sel_req));
162 sel_req = (struct digital_sel_req *)skb->data;
163
164 if (target->nfcid1_len <= 4)
165 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
166 else if (target->nfcid1_len < 10)
167 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
168 else
169 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
170
171 sel_req->sel_cmd = sel_cmd;
172 sel_req->b2 = 0x70;
173 memcpy(sel_req->nfcid1, sdd_res->nfcid1, 4);
174 sel_req->bcc = sdd_res->bcc;
175
176 if (DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
177 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
178 NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A);
179 if (rc)
180 goto exit;
181 } else {
182 digital_skb_add_crc_a(skb);
183 }
184
185 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sel_res,
186 target);
187exit:
188 if (rc)
189 kfree_skb(skb);
190
191 return rc;
192}
193
194static void digital_in_recv_sdd_res(struct nfc_digital_dev *ddev, void *arg,
195 struct sk_buff *resp)
196{
197 struct nfc_target *target = arg;
198 struct digital_sdd_res *sdd_res;
199 int rc;
200 u8 offset, size;
201 u8 i, bcc;
202
203 if (IS_ERR(resp)) {
204 rc = PTR_ERR(resp);
205 resp = NULL;
206 goto exit;
207 }
208
209 if (resp->len < DIGITAL_SDD_RES_LEN) {
210 PROTOCOL_ERR("4.7.2.8");
211 rc = -EINVAL;
212 goto exit;
213 }
214
215 sdd_res = (struct digital_sdd_res *)resp->data;
216
217 for (i = 0, bcc = 0; i < 4; i++)
218 bcc ^= sdd_res->nfcid1[i];
219
220 if (bcc != sdd_res->bcc) {
221 PROTOCOL_ERR("4.7.2.6");
222 rc = -EINVAL;
223 goto exit;
224 }
225
226 if (sdd_res->nfcid1[0] == DIGITAL_SDD_RES_CT) {
227 offset = 1;
228 size = 3;
229 } else {
230 offset = 0;
231 size = 4;
232 }
233
234 memcpy(target->nfcid1 + target->nfcid1_len, sdd_res->nfcid1 + offset,
235 size);
236 target->nfcid1_len += size;
237
238 rc = digital_in_send_sel_req(ddev, target, sdd_res);
239
240exit:
241 dev_kfree_skb(resp);
242
243 if (rc) {
244 kfree(target);
245 digital_poll_next_tech(ddev);
246 }
247}
248
249static int digital_in_send_sdd_req(struct nfc_digital_dev *ddev,
250 struct nfc_target *target)
251{
252 int rc;
253 struct sk_buff *skb;
254 u8 sel_cmd;
255
256 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
257 NFC_DIGITAL_FRAMING_NFCA_STANDARD);
258 if (rc)
259 return rc;
260
261 skb = digital_skb_alloc(ddev, 2);
262 if (!skb)
263 return -ENOMEM;
264
265 if (target->nfcid1_len == 0)
266 sel_cmd = DIGITAL_CMD_SEL_REQ_CL1;
267 else if (target->nfcid1_len == 3)
268 sel_cmd = DIGITAL_CMD_SEL_REQ_CL2;
269 else
270 sel_cmd = DIGITAL_CMD_SEL_REQ_CL3;
271
272 *skb_put(skb, sizeof(u8)) = sel_cmd;
273 *skb_put(skb, sizeof(u8)) = DIGITAL_SDD_REQ_SEL_PAR;
274
275 return digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sdd_res,
276 target);
277}
278
279static void digital_in_recv_sens_res(struct nfc_digital_dev *ddev, void *arg,
280 struct sk_buff *resp)
281{
282 struct nfc_target *target = NULL;
283 int rc;
284
285 if (IS_ERR(resp)) {
286 rc = PTR_ERR(resp);
287 resp = NULL;
288 goto exit;
289 }
290
291 if (resp->len < sizeof(u16)) {
292 rc = -EIO;
293 goto exit;
294 }
295
296 target = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
297 if (!target) {
298 rc = -ENOMEM;
299 goto exit;
300 }
301
302 target->sens_res = __le16_to_cpu(*(__le16 *)resp->data);
303
304 if (!DIGITAL_SENS_RES_IS_VALID(target->sens_res)) {
305 PROTOCOL_ERR("4.6.3.3");
306 rc = -EINVAL;
307 goto exit;
308 }
309
310 if (DIGITAL_SENS_RES_IS_T1T(target->sens_res))
311 rc = digital_target_found(ddev, target, NFC_PROTO_JEWEL);
312 else
313 rc = digital_in_send_sdd_req(ddev, target);
314
315exit:
316 dev_kfree_skb(resp);
317
318 if (rc) {
319 kfree(target);
320 digital_poll_next_tech(ddev);
321 }
322}
323
324int digital_in_send_sens_req(struct nfc_digital_dev *ddev, u8 rf_tech)
325{
326 struct sk_buff *skb;
327 int rc;
328
329 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
330 NFC_DIGITAL_RF_TECH_106A);
331 if (rc)
332 return rc;
333
334 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
335 NFC_DIGITAL_FRAMING_NFCA_SHORT);
336 if (rc)
337 return rc;
338
339 skb = digital_skb_alloc(ddev, 1);
340 if (!skb)
341 return -ENOMEM;
342
343 *skb_put(skb, sizeof(u8)) = DIGITAL_CMD_SENS_REQ;
344
345 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sens_res, NULL);
346 if (rc)
347 kfree_skb(skb);
348
349 return rc;
350}
351
352int digital_in_recv_mifare_res(struct sk_buff *resp)
353{
354 /* Successful READ command response is 16 data bytes + 2 CRC bytes long.
355 * Since the driver can't differentiate a ACK/NACK response from a valid
356 * READ response, the CRC calculation must be handled at digital level
357 * even if the driver supports it for this technology.
358 */
359 if (resp->len == DIGITAL_MIFARE_READ_RES_LEN + DIGITAL_CRC_LEN) {
360 if (digital_skb_check_crc_a(resp)) {
361 PROTOCOL_ERR("9.4.1.2");
362 return -EIO;
363 }
364
365 return 0;
366 }
367
368 /* ACK response (i.e. successful WRITE). */
369 if (resp->len == 1 && resp->data[0] == DIGITAL_MIFARE_ACK_RES) {
370 resp->data[0] = 0;
371 return 0;
372 }
373
374 /* NACK and any other responses are treated as error. */
375 return -EIO;
376}
377
378static void digital_in_recv_sensf_res(struct nfc_digital_dev *ddev, void *arg,
379 struct sk_buff *resp)
380{
381 int rc;
382 u8 proto;
383 struct nfc_target target;
384 struct digital_sensf_res *sensf_res;
385
386 if (IS_ERR(resp)) {
387 rc = PTR_ERR(resp);
388 resp = NULL;
389 goto exit;
390 }
391
392 if (resp->len < DIGITAL_SENSF_RES_MIN_LENGTH) {
393 rc = -EIO;
394 goto exit;
395 }
396
397 if (!DIGITAL_DRV_CAPS_IN_CRC(ddev)) {
398 rc = digital_skb_check_crc_f(resp);
399 if (rc) {
400 PROTOCOL_ERR("6.4.1.8");
401 goto exit;
402 }
403 }
404
405 skb_pull(resp, 1);
406
407 memset(&target, 0, sizeof(struct nfc_target));
408
409 sensf_res = (struct digital_sensf_res *)resp->data;
410
411 memcpy(target.sensf_res, sensf_res, resp->len);
412 target.sensf_res_len = resp->len;
413
414 memcpy(target.nfcid2, sensf_res->nfcid2, NFC_NFCID2_MAXSIZE);
415 target.nfcid2_len = NFC_NFCID2_MAXSIZE;
416
417 if (target.nfcid2[0] == DIGITAL_SENSF_NFCID2_NFC_DEP_B1 &&
418 target.nfcid2[1] == DIGITAL_SENSF_NFCID2_NFC_DEP_B2)
419 proto = NFC_PROTO_NFC_DEP;
420 else
421 proto = NFC_PROTO_FELICA;
422
423 rc = digital_target_found(ddev, &target, proto);
424
425exit:
426 dev_kfree_skb(resp);
427
428 if (rc)
429 digital_poll_next_tech(ddev);
430}
431
432int digital_in_send_sensf_req(struct nfc_digital_dev *ddev, u8 rf_tech)
433{
434 struct digital_sensf_req *sensf_req;
435 struct sk_buff *skb;
436 int rc;
437 u8 size;
438
439 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
440 if (rc)
441 return rc;
442
443 rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
444 NFC_DIGITAL_FRAMING_NFCF);
445 if (rc)
446 return rc;
447
448 size = sizeof(struct digital_sensf_req);
449
450 skb = digital_skb_alloc(ddev, size);
451 if (!skb)
452 return -ENOMEM;
453
454 skb_put(skb, size);
455
456 sensf_req = (struct digital_sensf_req *)skb->data;
457 sensf_req->cmd = DIGITAL_CMD_SENSF_REQ;
458 sensf_req->sc1 = 0xFF;
459 sensf_req->sc2 = 0xFF;
460 sensf_req->rc = 0;
461 sensf_req->tsn = 0;
462
463 *skb_push(skb, 1) = size + 1;
464
465 if (!DIGITAL_DRV_CAPS_IN_CRC(ddev))
466 digital_skb_add_crc_f(skb);
467
468 rc = digital_in_send_cmd(ddev, skb, 30, digital_in_recv_sensf_res,
469 NULL);
470 if (rc)
471 kfree_skb(skb);
472
473 return rc;
474}
475
476static int digital_tg_send_sel_res(struct nfc_digital_dev *ddev)
477{
478 struct sk_buff *skb;
479 int rc;
480
481 skb = digital_skb_alloc(ddev, 1);
482 if (!skb)
483 return -ENOMEM;
484
485 *skb_put(skb, 1) = DIGITAL_SEL_RES_NFC_DEP;
486
487 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
488 digital_skb_add_crc_a(skb);
489
490 rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_atr_req,
491 NULL);
492 if (rc)
493 kfree_skb(skb);
494
495 return rc;
496}
497
498static void digital_tg_recv_sel_req(struct nfc_digital_dev *ddev, void *arg,
499 struct sk_buff *resp)
500{
501 int rc;
502
503 if (IS_ERR(resp)) {
504 rc = PTR_ERR(resp);
505 resp = NULL;
506 goto exit;
507 }
508
509 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
510 rc = digital_skb_check_crc_a(resp);
511 if (rc) {
512 PROTOCOL_ERR("4.4.1.3");
513 goto exit;
514 }
515 }
516
517 /* Silently ignore SEL_REQ content and send a SEL_RES for NFC-DEP */
518
519 rc = digital_tg_send_sel_res(ddev);
520
521exit:
522 if (rc)
523 digital_poll_next_tech(ddev);
524
525 dev_kfree_skb(resp);
526}
527
528static int digital_tg_send_sdd_res(struct nfc_digital_dev *ddev)
529{
530 struct sk_buff *skb;
531 struct digital_sdd_res *sdd_res;
532 int rc, i;
533
534 skb = digital_skb_alloc(ddev, sizeof(struct digital_sdd_res));
535 if (!skb)
536 return -ENOMEM;
537
538 skb_put(skb, sizeof(struct digital_sdd_res));
539 sdd_res = (struct digital_sdd_res *)skb->data;
540
541 sdd_res->nfcid1[0] = 0x08;
542 get_random_bytes(sdd_res->nfcid1 + 1, 3);
543
544 sdd_res->bcc = 0;
545 for (i = 0; i < 4; i++)
546 sdd_res->bcc ^= sdd_res->nfcid1[i];
547
548 rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sel_req,
549 NULL);
550 if (rc)
551 kfree_skb(skb);
552
553 return rc;
554}
555
556static void digital_tg_recv_sdd_req(struct nfc_digital_dev *ddev, void *arg,
557 struct sk_buff *resp)
558{
559 u8 *sdd_req;
560 int rc;
561
562 if (IS_ERR(resp)) {
563 rc = PTR_ERR(resp);
564 resp = NULL;
565 goto exit;
566 }
567
568 sdd_req = resp->data;
569
570 if (resp->len < 2 || sdd_req[0] != DIGITAL_CMD_SEL_REQ_CL1 ||
571 sdd_req[1] != DIGITAL_SDD_REQ_SEL_PAR) {
572 rc = -EINVAL;
573 goto exit;
574 }
575
576 rc = digital_tg_send_sdd_res(ddev);
577
578exit:
579 if (rc)
580 digital_poll_next_tech(ddev);
581
582 dev_kfree_skb(resp);
583}
584
585static int digital_tg_send_sens_res(struct nfc_digital_dev *ddev)
586{
587 struct sk_buff *skb;
588 u8 *sens_res;
589 int rc;
590
591 skb = digital_skb_alloc(ddev, 2);
592 if (!skb)
593 return -ENOMEM;
594
595 sens_res = skb_put(skb, 2);
596
597 sens_res[0] = (DIGITAL_SENS_RES_NFC_DEP >> 8) & 0xFF;
598 sens_res[1] = DIGITAL_SENS_RES_NFC_DEP & 0xFF;
599
600 rc = digital_tg_send_cmd(ddev, skb, 300, digital_tg_recv_sdd_req,
601 NULL);
602 if (rc)
603 kfree_skb(skb);
604
605 return rc;
606}
607
608void digital_tg_recv_sens_req(struct nfc_digital_dev *ddev, void *arg,
609 struct sk_buff *resp)
610{
611 u8 sens_req;
612 int rc;
613
614 if (IS_ERR(resp)) {
615 rc = PTR_ERR(resp);
616 resp = NULL;
617 goto exit;
618 }
619
620 sens_req = resp->data[0];
621
622 if (!resp->len || (sens_req != DIGITAL_CMD_SENS_REQ &&
623 sens_req != DIGITAL_CMD_ALL_REQ)) {
624 rc = -EINVAL;
625 goto exit;
626 }
627
628 rc = digital_tg_send_sens_res(ddev);
629
630exit:
631 if (rc)
632 digital_poll_next_tech(ddev);
633
634 dev_kfree_skb(resp);
635}
636
637static int digital_tg_send_sensf_res(struct nfc_digital_dev *ddev,
638 struct digital_sensf_req *sensf_req)
639{
640 struct sk_buff *skb;
641 u8 size;
642 int rc;
643 struct digital_sensf_res *sensf_res;
644
645 size = sizeof(struct digital_sensf_res);
646
647 if (sensf_req->rc != DIGITAL_SENSF_REQ_RC_NONE)
648 size -= sizeof(sensf_res->rd);
649
650 skb = digital_skb_alloc(ddev, size);
651 if (!skb)
652 return -ENOMEM;
653
654 skb_put(skb, size);
655
656 sensf_res = (struct digital_sensf_res *)skb->data;
657
658 memset(sensf_res, 0, size);
659
660 sensf_res->cmd = DIGITAL_CMD_SENSF_RES;
661 sensf_res->nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
662 sensf_res->nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
663 get_random_bytes(&sensf_res->nfcid2[2], 6);
664
665 switch (sensf_req->rc) {
666 case DIGITAL_SENSF_REQ_RC_SC:
667 sensf_res->rd[0] = sensf_req->sc1;
668 sensf_res->rd[1] = sensf_req->sc2;
669 break;
670 case DIGITAL_SENSF_REQ_RC_AP:
671 sensf_res->rd[0] = DIGITAL_SENSF_RES_RD_AP_B1;
672 sensf_res->rd[1] = DIGITAL_SENSF_RES_RD_AP_B2;
673 break;
674 }
675
676 *skb_push(skb, sizeof(u8)) = size + 1;
677
678 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev))
679 digital_skb_add_crc_f(skb);
680
681 rc = digital_tg_send_cmd(ddev, skb, 300,
682 digital_tg_recv_atr_req, NULL);
683 if (rc)
684 kfree_skb(skb);
685
686 return rc;
687}
688
689void digital_tg_recv_sensf_req(struct nfc_digital_dev *ddev, void *arg,
690 struct sk_buff *resp)
691{
692 struct digital_sensf_req *sensf_req;
693 int rc;
694
695 if (IS_ERR(resp)) {
696 rc = PTR_ERR(resp);
697 resp = NULL;
698 goto exit;
699 }
700
701 if (!DIGITAL_DRV_CAPS_TG_CRC(ddev)) {
702 rc = digital_skb_check_crc_f(resp);
703 if (rc) {
704 PROTOCOL_ERR("6.4.1.8");
705 goto exit;
706 }
707 }
708
709 if (resp->len != sizeof(struct digital_sensf_req) + 1) {
710 rc = -EINVAL;
711 goto exit;
712 }
713
714 skb_pull(resp, 1);
715 sensf_req = (struct digital_sensf_req *)resp->data;
716
717 if (sensf_req->cmd != DIGITAL_CMD_SENSF_REQ) {
718 rc = -EINVAL;
719 goto exit;
720 }
721
722 rc = digital_tg_send_sensf_res(ddev, sensf_req);
723
724exit:
725 if (rc)
726 digital_poll_next_tech(ddev);
727
728 dev_kfree_skb(resp);
729}
730
731int digital_tg_listen_nfca(struct nfc_digital_dev *ddev, u8 rf_tech)
732{
733 int rc;
734
735 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
736 if (rc)
737 return rc;
738
739 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
740 NFC_DIGITAL_FRAMING_NFCA_NFC_DEP);
741 if (rc)
742 return rc;
743
744 return digital_tg_listen(ddev, 300, digital_tg_recv_sens_req, NULL);
745}
746
747int digital_tg_listen_nfcf(struct nfc_digital_dev *ddev, u8 rf_tech)
748{
749 int rc;
750 u8 *nfcid2;
751
752 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
753 if (rc)
754 return rc;
755
756 rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
757 NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
758 if (rc)
759 return rc;
760
761 nfcid2 = kzalloc(NFC_NFCID2_MAXSIZE, GFP_KERNEL);
762 if (!nfcid2)
763 return -ENOMEM;
764
765 nfcid2[0] = DIGITAL_SENSF_NFCID2_NFC_DEP_B1;
766 nfcid2[1] = DIGITAL_SENSF_NFCID2_NFC_DEP_B2;
767 get_random_bytes(nfcid2 + 2, NFC_NFCID2_MAXSIZE - 2);
768
769 return digital_tg_listen(ddev, 300, digital_tg_recv_sensf_req, nfcid2);
770}
diff --git a/net/nfc/nci/spi.c b/net/nfc/nci/spi.c
index c7cf37ba7298..f1d426f10cce 100644
--- a/net/nfc/nci/spi.c
+++ b/net/nfc/nci/spi.c
@@ -21,11 +21,8 @@
21#include <linux/export.h> 21#include <linux/export.h>
22#include <linux/spi/spi.h> 22#include <linux/spi/spi.h>
23#include <linux/crc-ccitt.h> 23#include <linux/crc-ccitt.h>
24#include <linux/nfc.h>
25#include <net/nfc/nci_core.h> 24#include <net/nfc/nci_core.h>
26 25
27#define NCI_SPI_HDR_LEN 4
28#define NCI_SPI_CRC_LEN 2
29#define NCI_SPI_ACK_SHIFT 6 26#define NCI_SPI_ACK_SHIFT 6
30#define NCI_SPI_MSB_PAYLOAD_MASK 0x3F 27#define NCI_SPI_MSB_PAYLOAD_MASK 0x3F
31 28
@@ -41,54 +38,48 @@
41 38
42#define CRC_INIT 0xFFFF 39#define CRC_INIT 0xFFFF
43 40
44static int nci_spi_open(struct nci_dev *nci_dev) 41static int __nci_spi_send(struct nci_spi *nspi, struct sk_buff *skb,
45{ 42 int cs_change)
46 struct nci_spi_dev *ndev = nci_get_drvdata(nci_dev);
47
48 return ndev->ops->open(ndev);
49}
50
51static int nci_spi_close(struct nci_dev *nci_dev)
52{
53 struct nci_spi_dev *ndev = nci_get_drvdata(nci_dev);
54
55 return ndev->ops->close(ndev);
56}
57
58static int __nci_spi_send(struct nci_spi_dev *ndev, struct sk_buff *skb)
59{ 43{
60 struct spi_message m; 44 struct spi_message m;
61 struct spi_transfer t; 45 struct spi_transfer t;
62 46
63 t.tx_buf = skb->data; 47 memset(&t, 0, sizeof(struct spi_transfer));
64 t.len = skb->len; 48 /* a NULL skb means we just want the SPI chip select line to raise */
65 t.cs_change = 0; 49 if (skb) {
66 t.delay_usecs = ndev->xfer_udelay; 50 t.tx_buf = skb->data;
51 t.len = skb->len;
52 } else {
53 /* still set tx_buf non NULL to make the driver happy */
54 t.tx_buf = &t;
55 t.len = 0;
56 }
57 t.cs_change = cs_change;
58 t.delay_usecs = nspi->xfer_udelay;
67 59
68 spi_message_init(&m); 60 spi_message_init(&m);
69 spi_message_add_tail(&t, &m); 61 spi_message_add_tail(&t, &m);
70 62
71 return spi_sync(ndev->spi, &m); 63 return spi_sync(nspi->spi, &m);
72} 64}
73 65
74static int nci_spi_send(struct nci_dev *nci_dev, struct sk_buff *skb) 66int nci_spi_send(struct nci_spi *nspi,
67 struct completion *write_handshake_completion,
68 struct sk_buff *skb)
75{ 69{
76 struct nci_spi_dev *ndev = nci_get_drvdata(nci_dev);
77 unsigned int payload_len = skb->len; 70 unsigned int payload_len = skb->len;
78 unsigned char *hdr; 71 unsigned char *hdr;
79 int ret; 72 int ret;
80 long completion_rc; 73 long completion_rc;
81 74
82 ndev->ops->deassert_int(ndev);
83
84 /* add the NCI SPI header to the start of the buffer */ 75 /* add the NCI SPI header to the start of the buffer */
85 hdr = skb_push(skb, NCI_SPI_HDR_LEN); 76 hdr = skb_push(skb, NCI_SPI_HDR_LEN);
86 hdr[0] = NCI_SPI_DIRECT_WRITE; 77 hdr[0] = NCI_SPI_DIRECT_WRITE;
87 hdr[1] = ndev->acknowledge_mode; 78 hdr[1] = nspi->acknowledge_mode;
88 hdr[2] = payload_len >> 8; 79 hdr[2] = payload_len >> 8;
89 hdr[3] = payload_len & 0xFF; 80 hdr[3] = payload_len & 0xFF;
90 81
91 if (ndev->acknowledge_mode == NCI_SPI_CRC_ENABLED) { 82 if (nspi->acknowledge_mode == NCI_SPI_CRC_ENABLED) {
92 u16 crc; 83 u16 crc;
93 84
94 crc = crc_ccitt(CRC_INIT, skb->data, skb->len); 85 crc = crc_ccitt(CRC_INIT, skb->data, skb->len);
@@ -96,123 +87,77 @@ static int nci_spi_send(struct nci_dev *nci_dev, struct sk_buff *skb)
96 *skb_put(skb, 1) = crc & 0xFF; 87 *skb_put(skb, 1) = crc & 0xFF;
97 } 88 }
98 89
99 ret = __nci_spi_send(ndev, skb); 90 if (write_handshake_completion) {
91 /* Trick SPI driver to raise chip select */
92 ret = __nci_spi_send(nspi, NULL, 1);
93 if (ret)
94 goto done;
100 95
101 kfree_skb(skb); 96 /* wait for NFC chip hardware handshake to complete */
102 ndev->ops->assert_int(ndev); 97 if (wait_for_completion_timeout(write_handshake_completion,
98 msecs_to_jiffies(1000)) == 0) {
99 ret = -ETIME;
100 goto done;
101 }
102 }
103 103
104 if (ret != 0 || ndev->acknowledge_mode == NCI_SPI_CRC_DISABLED) 104 ret = __nci_spi_send(nspi, skb, 0);
105 if (ret != 0 || nspi->acknowledge_mode == NCI_SPI_CRC_DISABLED)
105 goto done; 106 goto done;
106 107
107 init_completion(&ndev->req_completion); 108 init_completion(&nspi->req_completion);
108 completion_rc = 109 completion_rc = wait_for_completion_interruptible_timeout(
109 wait_for_completion_interruptible_timeout(&ndev->req_completion, 110 &nspi->req_completion,
110 NCI_SPI_SEND_TIMEOUT); 111 NCI_SPI_SEND_TIMEOUT);
111 112
112 if (completion_rc <= 0 || ndev->req_result == ACKNOWLEDGE_NACK) 113 if (completion_rc <= 0 || nspi->req_result == ACKNOWLEDGE_NACK)
113 ret = -EIO; 114 ret = -EIO;
114 115
115done: 116done:
117 kfree_skb(skb);
118
116 return ret; 119 return ret;
117} 120}
118 121EXPORT_SYMBOL_GPL(nci_spi_send);
119static struct nci_ops nci_spi_ops = {
120 .open = nci_spi_open,
121 .close = nci_spi_close,
122 .send = nci_spi_send,
123};
124 122
125/* ---- Interface to NCI SPI drivers ---- */ 123/* ---- Interface to NCI SPI drivers ---- */
126 124
127/** 125/**
128 * nci_spi_allocate_device - allocate a new nci spi device 126 * nci_spi_allocate_spi - allocate a new nci spi
129 * 127 *
130 * @spi: SPI device 128 * @spi: SPI device
131 * @ops: device operations 129 * @acknowledge_mode: Acknowledge mode used by the NFC device
132 * @supported_protocols: NFC protocols supported by the device
133 * @supported_se: NFC Secure Elements supported by the device
134 * @acknowledge_mode: Acknowledge mode used by the device
135 * @delay: delay between transactions in us 130 * @delay: delay between transactions in us
131 * @ndev: nci dev to send incoming nci frames to
136 */ 132 */
137struct nci_spi_dev *nci_spi_allocate_device(struct spi_device *spi, 133struct nci_spi *nci_spi_allocate_spi(struct spi_device *spi,
138 struct nci_spi_ops *ops, 134 u8 acknowledge_mode, unsigned int delay,
139 u32 supported_protocols, 135 struct nci_dev *ndev)
140 u32 supported_se,
141 u8 acknowledge_mode,
142 unsigned int delay)
143{ 136{
144 struct nci_spi_dev *ndev; 137 struct nci_spi *nspi;
145 int tailroom = 0;
146 138
147 if (!ops->open || !ops->close || !ops->assert_int || !ops->deassert_int) 139 nspi = devm_kzalloc(&spi->dev, sizeof(struct nci_spi), GFP_KERNEL);
140 if (!nspi)
148 return NULL; 141 return NULL;
149 142
150 if (!supported_protocols) 143 nspi->acknowledge_mode = acknowledge_mode;
151 return NULL; 144 nspi->xfer_udelay = delay;
152
153 ndev = devm_kzalloc(&spi->dev, sizeof(struct nci_dev), GFP_KERNEL);
154 if (!ndev)
155 return NULL;
156 145
157 ndev->ops = ops; 146 nspi->spi = spi;
158 ndev->acknowledge_mode = acknowledge_mode; 147 nspi->ndev = ndev;
159 ndev->xfer_udelay = delay;
160 148
161 if (acknowledge_mode == NCI_SPI_CRC_ENABLED) 149 return nspi;
162 tailroom += NCI_SPI_CRC_LEN;
163
164 ndev->nci_dev = nci_allocate_device(&nci_spi_ops, supported_protocols,
165 NCI_SPI_HDR_LEN, tailroom);
166 if (!ndev->nci_dev)
167 return NULL;
168
169 nci_set_drvdata(ndev->nci_dev, ndev);
170
171 return ndev;
172} 150}
173EXPORT_SYMBOL_GPL(nci_spi_allocate_device); 151EXPORT_SYMBOL_GPL(nci_spi_allocate_spi);
174 152
175/** 153static int send_acknowledge(struct nci_spi *nspi, u8 acknowledge)
176 * nci_spi_free_device - deallocate nci spi device
177 *
178 * @ndev: The nci spi device to deallocate
179 */
180void nci_spi_free_device(struct nci_spi_dev *ndev)
181{
182 nci_free_device(ndev->nci_dev);
183}
184EXPORT_SYMBOL_GPL(nci_spi_free_device);
185
186/**
187 * nci_spi_register_device - register a nci spi device in the nfc subsystem
188 *
189 * @pdev: The nci spi device to register
190 */
191int nci_spi_register_device(struct nci_spi_dev *ndev)
192{
193 return nci_register_device(ndev->nci_dev);
194}
195EXPORT_SYMBOL_GPL(nci_spi_register_device);
196
197/**
198 * nci_spi_unregister_device - unregister a nci spi device in the nfc subsystem
199 *
200 * @dev: The nci spi device to unregister
201 */
202void nci_spi_unregister_device(struct nci_spi_dev *ndev)
203{
204 nci_unregister_device(ndev->nci_dev);
205}
206EXPORT_SYMBOL_GPL(nci_spi_unregister_device);
207
208static int send_acknowledge(struct nci_spi_dev *ndev, u8 acknowledge)
209{ 154{
210 struct sk_buff *skb; 155 struct sk_buff *skb;
211 unsigned char *hdr; 156 unsigned char *hdr;
212 u16 crc; 157 u16 crc;
213 int ret; 158 int ret;
214 159
215 skb = nci_skb_alloc(ndev->nci_dev, 0, GFP_KERNEL); 160 skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL);
216 161
217 /* add the NCI SPI header to the start of the buffer */ 162 /* add the NCI SPI header to the start of the buffer */
218 hdr = skb_push(skb, NCI_SPI_HDR_LEN); 163 hdr = skb_push(skb, NCI_SPI_HDR_LEN);
@@ -225,14 +170,14 @@ static int send_acknowledge(struct nci_spi_dev *ndev, u8 acknowledge)
225 *skb_put(skb, 1) = crc >> 8; 170 *skb_put(skb, 1) = crc >> 8;
226 *skb_put(skb, 1) = crc & 0xFF; 171 *skb_put(skb, 1) = crc & 0xFF;
227 172
228 ret = __nci_spi_send(ndev, skb); 173 ret = __nci_spi_send(nspi, skb, 0);
229 174
230 kfree_skb(skb); 175 kfree_skb(skb);
231 176
232 return ret; 177 return ret;
233} 178}
234 179
235static struct sk_buff *__nci_spi_recv_frame(struct nci_spi_dev *ndev) 180static struct sk_buff *__nci_spi_read(struct nci_spi *nspi)
236{ 181{
237 struct sk_buff *skb; 182 struct sk_buff *skb;
238 struct spi_message m; 183 struct spi_message m;
@@ -242,43 +187,49 @@ static struct sk_buff *__nci_spi_recv_frame(struct nci_spi_dev *ndev)
242 int ret; 187 int ret;
243 188
244 spi_message_init(&m); 189 spi_message_init(&m);
190
191 memset(&tx, 0, sizeof(struct spi_transfer));
245 req[0] = NCI_SPI_DIRECT_READ; 192 req[0] = NCI_SPI_DIRECT_READ;
246 req[1] = ndev->acknowledge_mode; 193 req[1] = nspi->acknowledge_mode;
247 tx.tx_buf = req; 194 tx.tx_buf = req;
248 tx.len = 2; 195 tx.len = 2;
249 tx.cs_change = 0; 196 tx.cs_change = 0;
250 spi_message_add_tail(&tx, &m); 197 spi_message_add_tail(&tx, &m);
198
199 memset(&rx, 0, sizeof(struct spi_transfer));
251 rx.rx_buf = resp_hdr; 200 rx.rx_buf = resp_hdr;
252 rx.len = 2; 201 rx.len = 2;
253 rx.cs_change = 1; 202 rx.cs_change = 1;
254 spi_message_add_tail(&rx, &m); 203 spi_message_add_tail(&rx, &m);
255 ret = spi_sync(ndev->spi, &m);
256 204
205 ret = spi_sync(nspi->spi, &m);
257 if (ret) 206 if (ret)
258 return NULL; 207 return NULL;
259 208
260 if (ndev->acknowledge_mode == NCI_SPI_CRC_ENABLED) 209 if (nspi->acknowledge_mode == NCI_SPI_CRC_ENABLED)
261 rx_len = ((resp_hdr[0] & NCI_SPI_MSB_PAYLOAD_MASK) << 8) + 210 rx_len = ((resp_hdr[0] & NCI_SPI_MSB_PAYLOAD_MASK) << 8) +
262 resp_hdr[1] + NCI_SPI_CRC_LEN; 211 resp_hdr[1] + NCI_SPI_CRC_LEN;
263 else 212 else
264 rx_len = (resp_hdr[0] << 8) | resp_hdr[1]; 213 rx_len = (resp_hdr[0] << 8) | resp_hdr[1];
265 214
266 skb = nci_skb_alloc(ndev->nci_dev, rx_len, GFP_KERNEL); 215 skb = nci_skb_alloc(nspi->ndev, rx_len, GFP_KERNEL);
267 if (!skb) 216 if (!skb)
268 return NULL; 217 return NULL;
269 218
270 spi_message_init(&m); 219 spi_message_init(&m);
220
221 memset(&rx, 0, sizeof(struct spi_transfer));
271 rx.rx_buf = skb_put(skb, rx_len); 222 rx.rx_buf = skb_put(skb, rx_len);
272 rx.len = rx_len; 223 rx.len = rx_len;
273 rx.cs_change = 0; 224 rx.cs_change = 0;
274 rx.delay_usecs = ndev->xfer_udelay; 225 rx.delay_usecs = nspi->xfer_udelay;
275 spi_message_add_tail(&rx, &m); 226 spi_message_add_tail(&rx, &m);
276 ret = spi_sync(ndev->spi, &m);
277 227
228 ret = spi_sync(nspi->spi, &m);
278 if (ret) 229 if (ret)
279 goto receive_error; 230 goto receive_error;
280 231
281 if (ndev->acknowledge_mode == NCI_SPI_CRC_ENABLED) { 232 if (nspi->acknowledge_mode == NCI_SPI_CRC_ENABLED) {
282 *skb_push(skb, 1) = resp_hdr[1]; 233 *skb_push(skb, 1) = resp_hdr[1];
283 *skb_push(skb, 1) = resp_hdr[0]; 234 *skb_push(skb, 1) = resp_hdr[0];
284 } 235 }
@@ -318,61 +269,53 @@ static u8 nci_spi_get_ack(struct sk_buff *skb)
318} 269}
319 270
320/** 271/**
321 * nci_spi_recv_frame - receive frame from NCI SPI drivers 272 * nci_spi_read - read frame from NCI SPI drivers
322 * 273 *
323 * @ndev: The nci spi device 274 * @nspi: The nci spi
324 * Context: can sleep 275 * Context: can sleep
325 * 276 *
326 * This call may only be used from a context that may sleep. The sleep 277 * This call may only be used from a context that may sleep. The sleep
327 * is non-interruptible, and has no timeout. 278 * is non-interruptible, and has no timeout.
328 * 279 *
329 * It returns zero on success, else a negative error code. 280 * It returns an allocated skb containing the frame on success, or NULL.
330 */ 281 */
331int nci_spi_recv_frame(struct nci_spi_dev *ndev) 282struct sk_buff *nci_spi_read(struct nci_spi *nspi)
332{ 283{
333 struct sk_buff *skb; 284 struct sk_buff *skb;
334 int ret = 0;
335
336 ndev->ops->deassert_int(ndev);
337 285
338 /* Retrieve frame from SPI */ 286 /* Retrieve frame from SPI */
339 skb = __nci_spi_recv_frame(ndev); 287 skb = __nci_spi_read(nspi);
340 if (!skb) { 288 if (!skb)
341 ret = -EIO;
342 goto done; 289 goto done;
343 }
344 290
345 if (ndev->acknowledge_mode == NCI_SPI_CRC_ENABLED) { 291 if (nspi->acknowledge_mode == NCI_SPI_CRC_ENABLED) {
346 if (!nci_spi_check_crc(skb)) { 292 if (!nci_spi_check_crc(skb)) {
347 send_acknowledge(ndev, ACKNOWLEDGE_NACK); 293 send_acknowledge(nspi, ACKNOWLEDGE_NACK);
348 goto done; 294 goto done;
349 } 295 }
350 296
351 /* In case of acknowledged mode: if ACK or NACK received, 297 /* In case of acknowledged mode: if ACK or NACK received,
352 * unblock completion of latest frame sent. 298 * unblock completion of latest frame sent.
353 */ 299 */
354 ndev->req_result = nci_spi_get_ack(skb); 300 nspi->req_result = nci_spi_get_ack(skb);
355 if (ndev->req_result) 301 if (nspi->req_result)
356 complete(&ndev->req_completion); 302 complete(&nspi->req_completion);
357 } 303 }
358 304
359 /* If there is no payload (ACK/NACK only frame), 305 /* If there is no payload (ACK/NACK only frame),
360 * free the socket buffer 306 * free the socket buffer
361 */ 307 */
362 if (skb->len == 0) { 308 if (!skb->len) {
363 kfree_skb(skb); 309 kfree_skb(skb);
310 skb = NULL;
364 goto done; 311 goto done;
365 } 312 }
366 313
367 if (ndev->acknowledge_mode == NCI_SPI_CRC_ENABLED) 314 if (nspi->acknowledge_mode == NCI_SPI_CRC_ENABLED)
368 send_acknowledge(ndev, ACKNOWLEDGE_ACK); 315 send_acknowledge(nspi, ACKNOWLEDGE_ACK);
369
370 /* Forward skb to NCI core layer */
371 ret = nci_recv_frame(ndev->nci_dev, skb);
372 316
373done: 317done:
374 ndev->ops->assert_int(ndev);
375 318
376 return ret; 319 return skb;
377} 320}
378EXPORT_SYMBOL_GPL(nci_spi_recv_frame); 321EXPORT_SYMBOL_GPL(nci_spi_read);
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 68063b2025da..84b7e3ea7b7a 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -58,6 +58,7 @@ static const struct nla_policy nfc_genl_policy[NFC_ATTR_MAX + 1] = {
58 [NFC_ATTR_LLC_SDP] = { .type = NLA_NESTED }, 58 [NFC_ATTR_LLC_SDP] = { .type = NLA_NESTED },
59 [NFC_ATTR_FIRMWARE_NAME] = { .type = NLA_STRING, 59 [NFC_ATTR_FIRMWARE_NAME] = { .type = NLA_STRING,
60 .len = NFC_FIRMWARE_NAME_MAXSIZE }, 60 .len = NFC_FIRMWARE_NAME_MAXSIZE },
61 [NFC_ATTR_SE_APDU] = { .type = NLA_BINARY },
61}; 62};
62 63
63static const struct nla_policy nfc_sdp_genl_policy[NFC_SDP_ATTR_MAX + 1] = { 64static const struct nla_policy nfc_sdp_genl_policy[NFC_SDP_ATTR_MAX + 1] = {
@@ -1278,6 +1279,91 @@ static int nfc_genl_dump_ses_done(struct netlink_callback *cb)
1278 return 0; 1279 return 0;
1279} 1280}
1280 1281
1282struct se_io_ctx {
1283 u32 dev_idx;
1284 u32 se_idx;
1285};
1286
1287static void se_io_cb(void *context, u8 *apdu, size_t apdu_len, int err)
1288{
1289 struct se_io_ctx *ctx = context;
1290 struct sk_buff *msg;
1291 void *hdr;
1292
1293 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1294 if (!msg) {
1295 kfree(ctx);
1296 return;
1297 }
1298
1299 hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0,
1300 NFC_CMD_SE_IO);
1301 if (!hdr)
1302 goto free_msg;
1303
1304 if (nla_put_u32(msg, NFC_ATTR_DEVICE_INDEX, ctx->dev_idx) ||
1305 nla_put_u32(msg, NFC_ATTR_SE_INDEX, ctx->se_idx) ||
1306 nla_put(msg, NFC_ATTR_SE_APDU, apdu_len, apdu))
1307 goto nla_put_failure;
1308
1309 genlmsg_end(msg, hdr);
1310
1311 genlmsg_multicast(msg, 0, nfc_genl_event_mcgrp.id, GFP_KERNEL);
1312
1313 kfree(ctx);
1314
1315 return;
1316
1317nla_put_failure:
1318 genlmsg_cancel(msg, hdr);
1319free_msg:
1320 nlmsg_free(msg);
1321 kfree(ctx);
1322
1323 return;
1324}
1325
1326static int nfc_genl_se_io(struct sk_buff *skb, struct genl_info *info)
1327{
1328 struct nfc_dev *dev;
1329 struct se_io_ctx *ctx;
1330 u32 dev_idx, se_idx;
1331 u8 *apdu;
1332 size_t apdu_len;
1333
1334 if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
1335 !info->attrs[NFC_ATTR_SE_INDEX] ||
1336 !info->attrs[NFC_ATTR_SE_APDU])
1337 return -EINVAL;
1338
1339 dev_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
1340 se_idx = nla_get_u32(info->attrs[NFC_ATTR_SE_INDEX]);
1341
1342 dev = nfc_get_device(dev_idx);
1343 if (!dev)
1344 return -ENODEV;
1345
1346 if (!dev->ops || !dev->ops->se_io)
1347 return -ENOTSUPP;
1348
1349 apdu_len = nla_len(info->attrs[NFC_ATTR_SE_APDU]);
1350 if (apdu_len == 0)
1351 return -EINVAL;
1352
1353 apdu = nla_data(info->attrs[NFC_ATTR_SE_APDU]);
1354 if (!apdu)
1355 return -EINVAL;
1356
1357 ctx = kzalloc(sizeof(struct se_io_ctx), GFP_KERNEL);
1358 if (!ctx)
1359 return -ENOMEM;
1360
1361 ctx->dev_idx = dev_idx;
1362 ctx->se_idx = se_idx;
1363
1364 return dev->ops->se_io(dev, se_idx, apdu, apdu_len, se_io_cb, ctx);
1365}
1366
1281static struct genl_ops nfc_genl_ops[] = { 1367static struct genl_ops nfc_genl_ops[] = {
1282 { 1368 {
1283 .cmd = NFC_CMD_GET_DEVICE, 1369 .cmd = NFC_CMD_GET_DEVICE,
@@ -1358,6 +1444,11 @@ static struct genl_ops nfc_genl_ops[] = {
1358 .done = nfc_genl_dump_ses_done, 1444 .done = nfc_genl_dump_ses_done,
1359 .policy = nfc_genl_policy, 1445 .policy = nfc_genl_policy,
1360 }, 1446 },
1447 {
1448 .cmd = NFC_CMD_SE_IO,
1449 .doit = nfc_genl_se_io,
1450 .policy = nfc_genl_policy,
1451 },
1361}; 1452};
1362 1453
1363 1454
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index 313bf1bc848a..cd958b381f96 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -142,11 +142,11 @@ static void rawsock_data_exchange_complete(void *context, struct sk_buff *skb,
142 142
143 err = rawsock_add_header(skb); 143 err = rawsock_add_header(skb);
144 if (err) 144 if (err)
145 goto error; 145 goto error_skb;
146 146
147 err = sock_queue_rcv_skb(sk, skb); 147 err = sock_queue_rcv_skb(sk, skb);
148 if (err) 148 if (err)
149 goto error; 149 goto error_skb;
150 150
151 spin_lock_bh(&sk->sk_write_queue.lock); 151 spin_lock_bh(&sk->sk_write_queue.lock);
152 if (!skb_queue_empty(&sk->sk_write_queue)) 152 if (!skb_queue_empty(&sk->sk_write_queue))
@@ -158,6 +158,9 @@ static void rawsock_data_exchange_complete(void *context, struct sk_buff *skb,
158 sock_put(sk); 158 sock_put(sk);
159 return; 159 return;
160 160
161error_skb:
162 kfree_skb(skb);
163
161error: 164error:
162 rawsock_report_error(sk, err); 165 rawsock_report_error(sk, err);
163 sock_put(sk); 166 sock_put(sk);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index d62cb1e91475..a0ec143ba3dc 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -768,23 +768,25 @@ const struct ieee80211_reg_rule *freq_reg_info(struct wiphy *wiphy,
768} 768}
769EXPORT_SYMBOL(freq_reg_info); 769EXPORT_SYMBOL(freq_reg_info);
770 770
771#ifdef CONFIG_CFG80211_REG_DEBUG 771const char *reg_initiator_name(enum nl80211_reg_initiator initiator)
772static const char *reg_initiator_name(enum nl80211_reg_initiator initiator)
773{ 772{
774 switch (initiator) { 773 switch (initiator) {
775 case NL80211_REGDOM_SET_BY_CORE: 774 case NL80211_REGDOM_SET_BY_CORE:
776 return "Set by core"; 775 return "core";
777 case NL80211_REGDOM_SET_BY_USER: 776 case NL80211_REGDOM_SET_BY_USER:
778 return "Set by user"; 777 return "user";
779 case NL80211_REGDOM_SET_BY_DRIVER: 778 case NL80211_REGDOM_SET_BY_DRIVER:
780 return "Set by driver"; 779 return "driver";
781 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 780 case NL80211_REGDOM_SET_BY_COUNTRY_IE:
782 return "Set by country IE"; 781 return "country IE";
783 default: 782 default:
784 WARN_ON(1); 783 WARN_ON(1);
785 return "Set by bug"; 784 return "bug";
786 } 785 }
787} 786}
787EXPORT_SYMBOL(reg_initiator_name);
788
789#ifdef CONFIG_CFG80211_REG_DEBUG
788 790
789static void chan_reg_rule_print_dbg(struct ieee80211_channel *chan, 791static void chan_reg_rule_print_dbg(struct ieee80211_channel *chan,
790 const struct ieee80211_reg_rule *reg_rule) 792 const struct ieee80211_reg_rule *reg_rule)
@@ -979,14 +981,17 @@ static bool ignore_reg_update(struct wiphy *wiphy,
979 struct regulatory_request *lr = get_last_request(); 981 struct regulatory_request *lr = get_last_request();
980 982
981 if (!lr) { 983 if (!lr) {
982 REG_DBG_PRINT("Ignoring regulatory request %s since last_request is not set\n", 984 REG_DBG_PRINT("Ignoring regulatory request set by %s "
985 "since last_request is not set\n",
983 reg_initiator_name(initiator)); 986 reg_initiator_name(initiator));
984 return true; 987 return true;
985 } 988 }
986 989
987 if (initiator == NL80211_REGDOM_SET_BY_CORE && 990 if (initiator == NL80211_REGDOM_SET_BY_CORE &&
988 wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY) { 991 wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY) {
989 REG_DBG_PRINT("Ignoring regulatory request %s since the driver uses its own custom regulatory domain\n", 992 REG_DBG_PRINT("Ignoring regulatory request set by %s "
993 "since the driver uses its own custom "
994 "regulatory domain\n",
990 reg_initiator_name(initiator)); 995 reg_initiator_name(initiator));
991 return true; 996 return true;
992 } 997 }
@@ -998,7 +1003,9 @@ static bool ignore_reg_update(struct wiphy *wiphy,
998 if (wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY && !wiphy->regd && 1003 if (wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY && !wiphy->regd &&
999 initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE && 1004 initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE &&
1000 !is_world_regdom(lr->alpha2)) { 1005 !is_world_regdom(lr->alpha2)) {
1001 REG_DBG_PRINT("Ignoring regulatory request %s since the driver requires its own regulatory domain to be set first\n", 1006 REG_DBG_PRINT("Ignoring regulatory request set by %s "
1007 "since the driver requires its own regulatory "
1008 "domain to be set first\n",
1002 reg_initiator_name(initiator)); 1009 reg_initiator_name(initiator));
1003 return true; 1010 return true;
1004 } 1011 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-15 02:03:19 -0500