diff options
| author | John W. Linville <linville@tuxdriver.com> | 2011-07-11 14:58:22 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2011-07-11 14:58:22 -0400 |
| commit | 4b42c542afbc119c4012324ea80e0c5a89afea4f (patch) | |
| tree | a67a788c7ba06cb40219b49505f84594dabc6f82 /net | |
| parent | d8598981146241064993e371cea8333f59553cb6 (diff) | |
| parent | e2fd318e3a9208245ee1041f6d413c8593fba29d (diff) | |
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6
Conflicts:
net/bluetooth/l2cap_core.c
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_core.c | 101 | ||||
| -rw-r--r-- | net/bluetooth/hci_event.c | 87 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 216 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_sock.c | 69 | ||||
| -rw-r--r-- | net/bluetooth/lib.c | 23 | ||||
| -rw-r--r-- | net/bluetooth/mgmt.c | 148 | ||||
| -rw-r--r-- | net/bluetooth/sco.c | 4 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 208 |
8 files changed, 599 insertions, 257 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 0029e178e52e..908fcd384ab4 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
| @@ -60,8 +60,6 @@ static void hci_tx_task(unsigned long arg); | |||
| 60 | 60 | ||
| 61 | static DEFINE_RWLOCK(hci_task_lock); | 61 | static DEFINE_RWLOCK(hci_task_lock); |
| 62 | 62 | ||
| 63 | static int enable_smp; | ||
| 64 | |||
| 65 | /* HCI device list */ | 63 | /* HCI device list */ |
| 66 | LIST_HEAD(hci_dev_list); | 64 | LIST_HEAD(hci_dev_list); |
| 67 | DEFINE_RWLOCK(hci_dev_list_lock); | 65 | DEFINE_RWLOCK(hci_dev_list_lock); |
| @@ -148,7 +146,7 @@ static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, | |||
| 148 | 146 | ||
| 149 | switch (hdev->req_status) { | 147 | switch (hdev->req_status) { |
| 150 | case HCI_REQ_DONE: | 148 | case HCI_REQ_DONE: |
| 151 | err = -bt_err(hdev->req_result); | 149 | err = -bt_to_errno(hdev->req_result); |
| 152 | break; | 150 | break; |
| 153 | 151 | ||
| 154 | case HCI_REQ_CANCELED: | 152 | case HCI_REQ_CANCELED: |
| @@ -542,7 +540,7 @@ int hci_dev_open(__u16 dev) | |||
| 542 | ret = __hci_request(hdev, hci_init_req, 0, | 540 | ret = __hci_request(hdev, hci_init_req, 0, |
| 543 | msecs_to_jiffies(HCI_INIT_TIMEOUT)); | 541 | msecs_to_jiffies(HCI_INIT_TIMEOUT)); |
| 544 | 542 | ||
| 545 | if (lmp_le_capable(hdev)) | 543 | if (lmp_host_le_capable(hdev)) |
| 546 | ret = __hci_request(hdev, hci_le_init_req, 0, | 544 | ret = __hci_request(hdev, hci_le_init_req, 0, |
| 547 | msecs_to_jiffies(HCI_INIT_TIMEOUT)); | 545 | msecs_to_jiffies(HCI_INIT_TIMEOUT)); |
| 548 | 546 | ||
| @@ -1059,6 +1057,42 @@ static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn, | |||
| 1059 | return 0; | 1057 | return 0; |
| 1060 | } | 1058 | } |
| 1061 | 1059 | ||
| 1060 | struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) | ||
| 1061 | { | ||
| 1062 | struct link_key *k; | ||
| 1063 | |||
| 1064 | list_for_each_entry(k, &hdev->link_keys, list) { | ||
| 1065 | struct key_master_id *id; | ||
| 1066 | |||
| 1067 | if (k->type != HCI_LK_SMP_LTK) | ||
| 1068 | continue; | ||
| 1069 | |||
| 1070 | if (k->dlen != sizeof(*id)) | ||
| 1071 | continue; | ||
| 1072 | |||
| 1073 | id = (void *) &k->data; | ||
| 1074 | if (id->ediv == ediv && | ||
| 1075 | (memcmp(rand, id->rand, sizeof(id->rand)) == 0)) | ||
| 1076 | return k; | ||
| 1077 | } | ||
| 1078 | |||
| 1079 | return NULL; | ||
| 1080 | } | ||
| 1081 | EXPORT_SYMBOL(hci_find_ltk); | ||
| 1082 | |||
| 1083 | struct link_key *hci_find_link_key_type(struct hci_dev *hdev, | ||
| 1084 | bdaddr_t *bdaddr, u8 type) | ||
| 1085 | { | ||
| 1086 | struct link_key *k; | ||
| 1087 | |||
| 1088 | list_for_each_entry(k, &hdev->link_keys, list) | ||
| 1089 | if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0) | ||
| 1090 | return k; | ||
| 1091 | |||
| 1092 | return NULL; | ||
| 1093 | } | ||
| 1094 | EXPORT_SYMBOL(hci_find_link_key_type); | ||
| 1095 | |||
| 1062 | int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, | 1096 | int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, |
| 1063 | bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) | 1097 | bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) |
| 1064 | { | 1098 | { |
| @@ -1114,6 +1148,44 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, | |||
| 1114 | return 0; | 1148 | return 0; |
| 1115 | } | 1149 | } |
| 1116 | 1150 | ||
| 1151 | int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr, | ||
| 1152 | u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16]) | ||
| 1153 | { | ||
| 1154 | struct link_key *key, *old_key; | ||
| 1155 | struct key_master_id *id; | ||
| 1156 | u8 old_key_type; | ||
| 1157 | |||
| 1158 | BT_DBG("%s addr %s", hdev->name, batostr(bdaddr)); | ||
| 1159 | |||
| 1160 | old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK); | ||
| 1161 | if (old_key) { | ||
| 1162 | key = old_key; | ||
| 1163 | old_key_type = old_key->type; | ||
| 1164 | } else { | ||
| 1165 | key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC); | ||
| 1166 | if (!key) | ||
| 1167 | return -ENOMEM; | ||
| 1168 | list_add(&key->list, &hdev->link_keys); | ||
| 1169 | old_key_type = 0xff; | ||
| 1170 | } | ||
| 1171 | |||
| 1172 | key->dlen = sizeof(*id); | ||
| 1173 | |||
| 1174 | bacpy(&key->bdaddr, bdaddr); | ||
| 1175 | memcpy(key->val, ltk, sizeof(key->val)); | ||
| 1176 | key->type = HCI_LK_SMP_LTK; | ||
| 1177 | key->pin_len = key_size; | ||
| 1178 | |||
| 1179 | id = (void *) &key->data; | ||
| 1180 | id->ediv = ediv; | ||
| 1181 | memcpy(id->rand, rand, sizeof(id->rand)); | ||
| 1182 | |||
| 1183 | if (new_key) | ||
| 1184 | mgmt_new_key(hdev->id, key, old_key_type); | ||
| 1185 | |||
| 1186 | return 0; | ||
| 1187 | } | ||
| 1188 | |||
| 1117 | int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) | 1189 | int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) |
| 1118 | { | 1190 | { |
| 1119 | struct link_key *key; | 1191 | struct link_key *key; |
| @@ -1246,7 +1318,7 @@ int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr) | |||
| 1246 | if (bacmp(bdaddr, BDADDR_ANY) == 0) | 1318 | if (bacmp(bdaddr, BDADDR_ANY) == 0) |
| 1247 | return -EBADF; | 1319 | return -EBADF; |
| 1248 | 1320 | ||
| 1249 | hci_dev_lock(hdev); | 1321 | hci_dev_lock_bh(hdev); |
| 1250 | 1322 | ||
| 1251 | if (hci_blacklist_lookup(hdev, bdaddr)) { | 1323 | if (hci_blacklist_lookup(hdev, bdaddr)) { |
| 1252 | err = -EEXIST; | 1324 | err = -EEXIST; |
| @@ -1266,7 +1338,7 @@ int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr) | |||
| 1266 | err = 0; | 1338 | err = 0; |
| 1267 | 1339 | ||
| 1268 | err: | 1340 | err: |
| 1269 | hci_dev_unlock(hdev); | 1341 | hci_dev_unlock_bh(hdev); |
| 1270 | return err; | 1342 | return err; |
| 1271 | } | 1343 | } |
| 1272 | 1344 | ||
| @@ -1275,7 +1347,7 @@ int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr) | |||
| 1275 | struct bdaddr_list *entry; | 1347 | struct bdaddr_list *entry; |
| 1276 | int err = 0; | 1348 | int err = 0; |
| 1277 | 1349 | ||
| 1278 | hci_dev_lock(hdev); | 1350 | hci_dev_lock_bh(hdev); |
| 1279 | 1351 | ||
| 1280 | if (bacmp(bdaddr, BDADDR_ANY) == 0) { | 1352 | if (bacmp(bdaddr, BDADDR_ANY) == 0) { |
| 1281 | hci_blacklist_clear(hdev); | 1353 | hci_blacklist_clear(hdev); |
| @@ -1292,7 +1364,7 @@ int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr) | |||
| 1292 | kfree(entry); | 1364 | kfree(entry); |
| 1293 | 1365 | ||
| 1294 | done: | 1366 | done: |
| 1295 | hci_dev_unlock(hdev); | 1367 | hci_dev_unlock_bh(hdev); |
| 1296 | return err; | 1368 | return err; |
| 1297 | } | 1369 | } |
| 1298 | 1370 | ||
| @@ -1368,14 +1440,6 @@ int hci_add_adv_entry(struct hci_dev *hdev, | |||
| 1368 | return 0; | 1440 | return 0; |
| 1369 | } | 1441 | } |
| 1370 | 1442 | ||
| 1371 | static struct crypto_blkcipher *alloc_cypher(void) | ||
| 1372 | { | ||
| 1373 | if (enable_smp) | ||
| 1374 | return crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); | ||
| 1375 | |||
| 1376 | return ERR_PTR(-ENOTSUPP); | ||
| 1377 | } | ||
| 1378 | |||
| 1379 | /* Register HCI device */ | 1443 | /* Register HCI device */ |
| 1380 | int hci_register_dev(struct hci_dev *hdev) | 1444 | int hci_register_dev(struct hci_dev *hdev) |
| 1381 | { | 1445 | { |
| @@ -1460,7 +1524,7 @@ int hci_register_dev(struct hci_dev *hdev) | |||
| 1460 | if (!hdev->workqueue) | 1524 | if (!hdev->workqueue) |
| 1461 | goto nomem; | 1525 | goto nomem; |
| 1462 | 1526 | ||
| 1463 | hdev->tfm = alloc_cypher(); | 1527 | hdev->tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); |
| 1464 | if (IS_ERR(hdev->tfm)) | 1528 | if (IS_ERR(hdev->tfm)) |
| 1465 | BT_INFO("Failed to load transform for ecb(aes): %ld", | 1529 | BT_INFO("Failed to load transform for ecb(aes): %ld", |
| 1466 | PTR_ERR(hdev->tfm)); | 1530 | PTR_ERR(hdev->tfm)); |
| @@ -2352,6 +2416,3 @@ static void hci_cmd_task(unsigned long arg) | |||
| 2352 | } | 2416 | } |
| 2353 | } | 2417 | } |
| 2354 | } | 2418 | } |
| 2355 | |||
| 2356 | module_param(enable_smp, bool, 0644); | ||
| 2357 | MODULE_PARM_DESC(enable_smp, "Enable SMP support (LE only)"); | ||
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index ac2c5e89617c..a40170e022e8 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -45,6 +45,8 @@ | |||
| 45 | #include <net/bluetooth/bluetooth.h> | 45 | #include <net/bluetooth/bluetooth.h> |
| 46 | #include <net/bluetooth/hci_core.h> | 46 | #include <net/bluetooth/hci_core.h> |
| 47 | 47 | ||
| 48 | static int enable_le; | ||
| 49 | |||
| 48 | /* Handle HCI Event packets */ | 50 | /* Handle HCI Event packets */ |
| 49 | 51 | ||
| 50 | static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) | 52 | static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) |
| @@ -525,6 +527,20 @@ static void hci_setup_event_mask(struct hci_dev *hdev) | |||
| 525 | hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); | 527 | hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); |
| 526 | } | 528 | } |
| 527 | 529 | ||
| 530 | static void hci_set_le_support(struct hci_dev *hdev) | ||
| 531 | { | ||
| 532 | struct hci_cp_write_le_host_supported cp; | ||
| 533 | |||
| 534 | memset(&cp, 0, sizeof(cp)); | ||
| 535 | |||
| 536 | if (enable_le) { | ||
| 537 | cp.le = 1; | ||
| 538 | cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); | ||
| 539 | } | ||
| 540 | |||
| 541 | hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp); | ||
| 542 | } | ||
| 543 | |||
| 528 | static void hci_setup(struct hci_dev *hdev) | 544 | static void hci_setup(struct hci_dev *hdev) |
| 529 | { | 545 | { |
| 530 | hci_setup_event_mask(hdev); | 546 | hci_setup_event_mask(hdev); |
| @@ -542,6 +558,17 @@ static void hci_setup(struct hci_dev *hdev) | |||
| 542 | 558 | ||
| 543 | if (hdev->features[7] & LMP_INQ_TX_PWR) | 559 | if (hdev->features[7] & LMP_INQ_TX_PWR) |
| 544 | hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); | 560 | hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); |
| 561 | |||
| 562 | if (hdev->features[7] & LMP_EXTFEATURES) { | ||
| 563 | struct hci_cp_read_local_ext_features cp; | ||
| 564 | |||
| 565 | cp.page = 0x01; | ||
| 566 | hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, | ||
| 567 | sizeof(cp), &cp); | ||
| 568 | } | ||
| 569 | |||
| 570 | if (hdev->features[4] & LMP_LE) | ||
| 571 | hci_set_le_support(hdev); | ||
| 545 | } | 572 | } |
| 546 | 573 | ||
| 547 | static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) | 574 | static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) |
| @@ -658,6 +685,21 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb | |||
| 658 | hdev->features[6], hdev->features[7]); | 685 | hdev->features[6], hdev->features[7]); |
| 659 | } | 686 | } |
| 660 | 687 | ||
| 688 | static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | ||
| 689 | struct sk_buff *skb) | ||
| 690 | { | ||
| 691 | struct hci_rp_read_local_ext_features *rp = (void *) skb->data; | ||
| 692 | |||
| 693 | BT_DBG("%s status 0x%x", hdev->name, rp->status); | ||
| 694 | |||
| 695 | if (rp->status) | ||
| 696 | return; | ||
| 697 | |||
| 698 | memcpy(hdev->extfeatures, rp->features, 8); | ||
| 699 | |||
| 700 | hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status); | ||
| 701 | } | ||
| 702 | |||
| 661 | static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) | 703 | static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb) |
| 662 | { | 704 | { |
| 663 | struct hci_rp_read_buffer_size *rp = (void *) skb->data; | 705 | struct hci_rp_read_buffer_size *rp = (void *) skb->data; |
| @@ -892,6 +934,21 @@ static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 892 | hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status); | 934 | hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status); |
| 893 | } | 935 | } |
| 894 | 936 | ||
| 937 | static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev, | ||
| 938 | struct sk_buff *skb) | ||
| 939 | { | ||
| 940 | struct hci_cp_read_local_ext_features cp; | ||
| 941 | __u8 status = *((__u8 *) skb->data); | ||
| 942 | |||
| 943 | BT_DBG("%s status 0x%x", hdev->name, status); | ||
| 944 | |||
| 945 | if (status) | ||
| 946 | return; | ||
| 947 | |||
| 948 | cp.page = 0x01; | ||
| 949 | hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp); | ||
| 950 | } | ||
| 951 | |||
| 895 | static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) | 952 | static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) |
| 896 | { | 953 | { |
| 897 | BT_DBG("%s status 0x%x", hdev->name, status); | 954 | BT_DBG("%s status 0x%x", hdev->name, status); |
| @@ -1826,6 +1883,10 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk | |||
| 1826 | hci_cc_read_local_features(hdev, skb); | 1883 | hci_cc_read_local_features(hdev, skb); |
| 1827 | break; | 1884 | break; |
| 1828 | 1885 | ||
| 1886 | case HCI_OP_READ_LOCAL_EXT_FEATURES: | ||
| 1887 | hci_cc_read_local_ext_features(hdev, skb); | ||
| 1888 | break; | ||
| 1889 | |||
| 1829 | case HCI_OP_READ_BUFFER_SIZE: | 1890 | case HCI_OP_READ_BUFFER_SIZE: |
| 1830 | hci_cc_read_buffer_size(hdev, skb); | 1891 | hci_cc_read_buffer_size(hdev, skb); |
| 1831 | break; | 1892 | break; |
| @@ -1894,6 +1955,10 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk | |||
| 1894 | hci_cc_le_ltk_neg_reply(hdev, skb); | 1955 | hci_cc_le_ltk_neg_reply(hdev, skb); |
| 1895 | break; | 1956 | break; |
| 1896 | 1957 | ||
| 1958 | case HCI_OP_WRITE_LE_HOST_SUPPORTED: | ||
| 1959 | hci_cc_write_le_host_supported(hdev, skb); | ||
| 1960 | break; | ||
| 1961 | |||
| 1897 | default: | 1962 | default: |
| 1898 | BT_DBG("%s opcode 0x%x", hdev->name, opcode); | 1963 | BT_DBG("%s opcode 0x%x", hdev->name, opcode); |
| 1899 | break; | 1964 | break; |
| @@ -2793,21 +2858,36 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev, | |||
| 2793 | { | 2858 | { |
| 2794 | struct hci_ev_le_ltk_req *ev = (void *) skb->data; | 2859 | struct hci_ev_le_ltk_req *ev = (void *) skb->data; |
| 2795 | struct hci_cp_le_ltk_reply cp; | 2860 | struct hci_cp_le_ltk_reply cp; |
| 2861 | struct hci_cp_le_ltk_neg_reply neg; | ||
| 2796 | struct hci_conn *conn; | 2862 | struct hci_conn *conn; |
| 2863 | struct link_key *ltk; | ||
| 2797 | 2864 | ||
| 2798 | BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle)); | 2865 | BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle)); |
| 2799 | 2866 | ||
| 2800 | hci_dev_lock(hdev); | 2867 | hci_dev_lock(hdev); |
| 2801 | 2868 | ||
| 2802 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); | 2869 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); |
| 2870 | if (conn == NULL) | ||
| 2871 | goto not_found; | ||
| 2803 | 2872 | ||
| 2804 | memset(&cp, 0, sizeof(cp)); | 2873 | ltk = hci_find_ltk(hdev, ev->ediv, ev->random); |
| 2874 | if (ltk == NULL) | ||
| 2875 | goto not_found; | ||
| 2876 | |||
| 2877 | memcpy(cp.ltk, ltk->val, sizeof(ltk->val)); | ||
| 2805 | cp.handle = cpu_to_le16(conn->handle); | 2878 | cp.handle = cpu_to_le16(conn->handle); |
| 2806 | memcpy(cp.ltk, conn->ltk, sizeof(conn->ltk)); | 2879 | conn->pin_length = ltk->pin_len; |
| 2807 | 2880 | ||
| 2808 | hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); | 2881 | hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); |
| 2809 | 2882 | ||
| 2810 | hci_dev_unlock(hdev); | 2883 | hci_dev_unlock(hdev); |
| 2884 | |||
| 2885 | return; | ||
| 2886 | |||
| 2887 | not_found: | ||
| 2888 | neg.handle = ev->handle; | ||
| 2889 | hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg); | ||
| 2890 | hci_dev_unlock(hdev); | ||
| 2811 | } | 2891 | } |
| 2812 | 2892 | ||
| 2813 | static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) | 2893 | static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) |
| @@ -3022,3 +3102,6 @@ void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data) | |||
| 3022 | hci_send_to_sock(hdev, skb, NULL); | 3102 | hci_send_to_sock(hdev, skb, NULL); |
| 3023 | kfree_skb(skb); | 3103 | kfree_skb(skb); |
| 3024 | } | 3104 | } |
| 3105 | |||
| 3106 | module_param(enable_le, bool, 0444); | ||
| 3107 | MODULE_PARM_DESC(enable_le, "Enable LE support"); | ||
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc219ec28711..f7f8e2cd3f70 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -61,13 +61,9 @@ int disable_ertm; | |||
| 61 | static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; | 61 | static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; |
| 62 | static u8 l2cap_fixed_chan[8] = { 0x02, }; | 62 | static u8 l2cap_fixed_chan[8] = { 0x02, }; |
| 63 | 63 | ||
| 64 | static struct workqueue_struct *_busy_wq; | ||
| 65 | |||
| 66 | static LIST_HEAD(chan_list); | 64 | static LIST_HEAD(chan_list); |
| 67 | static DEFINE_RWLOCK(chan_list_lock); | 65 | static DEFINE_RWLOCK(chan_list_lock); |
| 68 | 66 | ||
| 69 | static void l2cap_busy_work(struct work_struct *work); | ||
| 70 | |||
| 71 | static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, | 67 | static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, |
| 72 | u8 code, u8 ident, u16 dlen, void *data); | 68 | u8 code, u8 ident, u16 dlen, void *data); |
| 73 | static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, | 69 | static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, |
| @@ -223,18 +219,18 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn) | |||
| 223 | 219 | ||
| 224 | static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout) | 220 | static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout) |
| 225 | { | 221 | { |
| 226 | BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout); | 222 | BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout); |
| 227 | 223 | ||
| 228 | if (!mod_timer(timer, jiffies + timeout)) | 224 | if (!mod_timer(timer, jiffies + msecs_to_jiffies(timeout))) |
| 229 | chan_hold(chan); | 225 | chan_hold(chan); |
| 230 | } | 226 | } |
| 231 | 227 | ||
| 232 | static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer) | 228 | static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer) |
| 233 | { | 229 | { |
| 234 | BT_DBG("chan %p state %d", chan, chan->state); | 230 | BT_DBG("chan %p state %d", chan, chan->state); |
| 235 | 231 | ||
| 236 | if (timer_pending(timer) && del_timer(timer)) | 232 | if (timer_pending(timer) && del_timer(timer)) |
| 237 | chan_put(chan); | 233 | chan_put(chan); |
| 238 | } | 234 | } |
| 239 | 235 | ||
| 240 | static void l2cap_state_change(struct l2cap_chan *chan, int state) | 236 | static void l2cap_state_change(struct l2cap_chan *chan, int state) |
| @@ -395,7 +391,6 @@ static void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
| 395 | __clear_ack_timer(chan); | 391 | __clear_ack_timer(chan); |
| 396 | 392 | ||
| 397 | skb_queue_purge(&chan->srej_q); | 393 | skb_queue_purge(&chan->srej_q); |
| 398 | skb_queue_purge(&chan->busy_q); | ||
| 399 | 394 | ||
| 400 | list_for_each_entry_safe(l, tmp, &chan->srej_l, list) { | 395 | list_for_each_entry_safe(l, tmp, &chan->srej_l, list) { |
| 401 | list_del(&l->list); | 396 | list_del(&l->list); |
| @@ -741,9 +736,9 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
| 741 | &chan->conf_state)) { | 736 | &chan->conf_state)) { |
| 742 | /* l2cap_chan_close() calls list_del(chan) | 737 | /* l2cap_chan_close() calls list_del(chan) |
| 743 | * so release the lock */ | 738 | * so release the lock */ |
| 744 | read_unlock_bh(&conn->chan_lock); | 739 | read_unlock(&conn->chan_lock); |
| 745 | l2cap_chan_close(chan, ECONNRESET); | 740 | l2cap_chan_close(chan, ECONNRESET); |
| 746 | read_lock_bh(&conn->chan_lock); | 741 | read_lock(&conn->chan_lock); |
| 747 | bh_unlock_sock(sk); | 742 | bh_unlock_sock(sk); |
| 748 | continue; | 743 | continue; |
| 749 | } | 744 | } |
| @@ -1873,11 +1868,9 @@ static inline void l2cap_ertm_init(struct l2cap_chan *chan) | |||
| 1873 | setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan); | 1868 | setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan); |
| 1874 | 1869 | ||
| 1875 | skb_queue_head_init(&chan->srej_q); | 1870 | skb_queue_head_init(&chan->srej_q); |
| 1876 | skb_queue_head_init(&chan->busy_q); | ||
| 1877 | 1871 | ||
| 1878 | INIT_LIST_HEAD(&chan->srej_l); | 1872 | INIT_LIST_HEAD(&chan->srej_l); |
| 1879 | 1873 | ||
| 1880 | INIT_WORK(&chan->busy_work, l2cap_busy_work); | ||
| 1881 | 1874 | ||
| 1882 | sk->sk_backlog_rcv = l2cap_ertm_data_rcv; | 1875 | sk->sk_backlog_rcv = l2cap_ertm_data_rcv; |
| 1883 | } | 1876 | } |
| @@ -2284,9 +2277,9 @@ done: | |||
| 2284 | 2277 | ||
| 2285 | static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) | 2278 | static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) |
| 2286 | { | 2279 | { |
| 2287 | struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data; | 2280 | struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data; |
| 2288 | 2281 | ||
| 2289 | if (rej->reason != 0x0000) | 2282 | if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD) |
| 2290 | return 0; | 2283 | return 0; |
| 2291 | 2284 | ||
| 2292 | if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && | 2285 | if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && |
| @@ -2532,9 +2525,12 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr | |||
| 2532 | 2525 | ||
| 2533 | if ((bt_sk(sk)->defer_setup && chan->state != BT_CONNECT2) || | 2526 | if ((bt_sk(sk)->defer_setup && chan->state != BT_CONNECT2) || |
| 2534 | (!bt_sk(sk)->defer_setup && chan->state != BT_CONFIG)) { | 2527 | (!bt_sk(sk)->defer_setup && chan->state != BT_CONFIG)) { |
| 2535 | struct l2cap_cmd_rej rej; | 2528 | struct l2cap_cmd_rej_cid rej; |
| 2529 | |||
| 2530 | rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID); | ||
| 2531 | rej.scid = cpu_to_le16(chan->scid); | ||
| 2532 | rej.dcid = cpu_to_le16(chan->dcid); | ||
| 2536 | 2533 | ||
| 2537 | rej.reason = cpu_to_le16(0x0002); | ||
| 2538 | l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, | 2534 | l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, |
| 2539 | sizeof(rej), &rej); | 2535 | sizeof(rej), &rej); |
| 2540 | goto unlock; | 2536 | goto unlock; |
| @@ -3025,12 +3021,12 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn, | |||
| 3025 | err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data); | 3021 | err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data); |
| 3026 | 3022 | ||
| 3027 | if (err) { | 3023 | if (err) { |
| 3028 | struct l2cap_cmd_rej rej; | 3024 | struct l2cap_cmd_rej_unk rej; |
| 3029 | 3025 | ||
| 3030 | BT_ERR("Wrong link type (%d)", err); | 3026 | BT_ERR("Wrong link type (%d)", err); |
| 3031 | 3027 | ||
| 3032 | /* FIXME: Map err to a valid reason */ | 3028 | /* FIXME: Map err to a valid reason */ |
| 3033 | rej.reason = cpu_to_le16(0); | 3029 | rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); |
| 3034 | l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); | 3030 | l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); |
| 3035 | } | 3031 | } |
| 3036 | 3032 | ||
| @@ -3183,32 +3179,27 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk | |||
| 3183 | if (!chan->sdu) | 3179 | if (!chan->sdu) |
| 3184 | goto disconnect; | 3180 | goto disconnect; |
| 3185 | 3181 | ||
| 3186 | if (!test_bit(CONN_SAR_RETRY, &chan->conn_state)) { | 3182 | chan->partial_sdu_len += skb->len; |
| 3187 | chan->partial_sdu_len += skb->len; | ||
| 3188 | 3183 | ||
| 3189 | if (chan->partial_sdu_len > chan->imtu) | 3184 | if (chan->partial_sdu_len > chan->imtu) |
| 3190 | goto drop; | 3185 | goto drop; |
| 3191 | 3186 | ||
| 3192 | if (chan->partial_sdu_len != chan->sdu_len) | 3187 | if (chan->partial_sdu_len != chan->sdu_len) |
| 3193 | goto drop; | 3188 | goto drop; |
| 3194 | 3189 | ||
| 3195 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); | 3190 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); |
| 3196 | } | ||
| 3197 | 3191 | ||
| 3198 | _skb = skb_clone(chan->sdu, GFP_ATOMIC); | 3192 | _skb = skb_clone(chan->sdu, GFP_ATOMIC); |
| 3199 | if (!_skb) { | 3193 | if (!_skb) { |
| 3200 | set_bit(CONN_SAR_RETRY, &chan->conn_state); | ||
| 3201 | return -ENOMEM; | 3194 | return -ENOMEM; |
| 3202 | } | 3195 | } |
| 3203 | 3196 | ||
| 3204 | err = chan->ops->recv(chan->data, _skb); | 3197 | err = chan->ops->recv(chan->data, _skb); |
| 3205 | if (err < 0) { | 3198 | if (err < 0) { |
| 3206 | kfree_skb(_skb); | 3199 | kfree_skb(_skb); |
| 3207 | set_bit(CONN_SAR_RETRY, &chan->conn_state); | ||
| 3208 | return err; | 3200 | return err; |
| 3209 | } | 3201 | } |
| 3210 | 3202 | ||
| 3211 | clear_bit(CONN_SAR_RETRY, &chan->conn_state); | ||
| 3212 | clear_bit(CONN_SAR_SDU, &chan->conn_state); | 3203 | clear_bit(CONN_SAR_SDU, &chan->conn_state); |
| 3213 | 3204 | ||
| 3214 | kfree_skb(chan->sdu); | 3205 | kfree_skb(chan->sdu); |
| @@ -3228,22 +3219,26 @@ disconnect: | |||
| 3228 | return 0; | 3219 | return 0; |
| 3229 | } | 3220 | } |
| 3230 | 3221 | ||
| 3231 | static int l2cap_try_push_rx_skb(struct l2cap_chan *chan) | 3222 | static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan) |
| 3232 | { | 3223 | { |
| 3233 | struct sk_buff *skb; | ||
| 3234 | u16 control; | 3224 | u16 control; |
| 3235 | int err; | ||
| 3236 | 3225 | ||
| 3237 | while ((skb = skb_dequeue(&chan->busy_q))) { | 3226 | BT_DBG("chan %p, Enter local busy", chan); |
| 3238 | control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; | ||
| 3239 | err = l2cap_ertm_reassembly_sdu(chan, skb, control); | ||
| 3240 | if (err < 0) { | ||
| 3241 | skb_queue_head(&chan->busy_q, skb); | ||
| 3242 | return -EBUSY; | ||
| 3243 | } | ||
| 3244 | 3227 | ||
| 3245 | chan->buffer_seq = (chan->buffer_seq + 1) % 64; | 3228 | set_bit(CONN_LOCAL_BUSY, &chan->conn_state); |
| 3246 | } | 3229 | |
| 3230 | control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; | ||
| 3231 | control |= L2CAP_SUPER_RCV_NOT_READY; | ||
| 3232 | l2cap_send_sframe(chan, control); | ||
| 3233 | |||
| 3234 | set_bit(CONN_RNR_SENT, &chan->conn_state); | ||
| 3235 | |||
| 3236 | __clear_ack_timer(chan); | ||
| 3237 | } | ||
| 3238 | |||
| 3239 | static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan) | ||
| 3240 | { | ||
| 3241 | u16 control; | ||
| 3247 | 3242 | ||
| 3248 | if (!test_bit(CONN_RNR_SENT, &chan->conn_state)) | 3243 | if (!test_bit(CONN_RNR_SENT, &chan->conn_state)) |
| 3249 | goto done; | 3244 | goto done; |
| @@ -3263,93 +3258,16 @@ done: | |||
| 3263 | clear_bit(CONN_RNR_SENT, &chan->conn_state); | 3258 | clear_bit(CONN_RNR_SENT, &chan->conn_state); |
| 3264 | 3259 | ||
| 3265 | BT_DBG("chan %p, Exit local busy", chan); | 3260 | BT_DBG("chan %p, Exit local busy", chan); |
| 3266 | |||
| 3267 | return 0; | ||
| 3268 | } | 3261 | } |
| 3269 | 3262 | ||
| 3270 | static void l2cap_busy_work(struct work_struct *work) | 3263 | void l2cap_chan_busy(struct l2cap_chan *chan, int busy) |
| 3271 | { | 3264 | { |
| 3272 | DECLARE_WAITQUEUE(wait, current); | 3265 | if (chan->mode == L2CAP_MODE_ERTM) { |
| 3273 | struct l2cap_chan *chan = | 3266 | if (busy) |
| 3274 | container_of(work, struct l2cap_chan, busy_work); | 3267 | l2cap_ertm_enter_local_busy(chan); |
| 3275 | struct sock *sk = chan->sk; | 3268 | else |
| 3276 | int n_tries = 0, timeo = HZ/5, err; | 3269 | l2cap_ertm_exit_local_busy(chan); |
| 3277 | struct sk_buff *skb; | ||
| 3278 | |||
| 3279 | lock_sock(sk); | ||
| 3280 | |||
| 3281 | add_wait_queue(sk_sleep(sk), &wait); | ||
| 3282 | while ((skb = skb_peek(&chan->busy_q))) { | ||
| 3283 | set_current_state(TASK_INTERRUPTIBLE); | ||
| 3284 | |||
| 3285 | if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) { | ||
| 3286 | err = -EBUSY; | ||
| 3287 | l2cap_send_disconn_req(chan->conn, chan, EBUSY); | ||
| 3288 | break; | ||
| 3289 | } | ||
| 3290 | |||
| 3291 | if (!timeo) | ||
| 3292 | timeo = HZ/5; | ||
| 3293 | |||
| 3294 | if (signal_pending(current)) { | ||
| 3295 | err = sock_intr_errno(timeo); | ||
| 3296 | break; | ||
| 3297 | } | ||
| 3298 | |||
| 3299 | release_sock(sk); | ||
| 3300 | timeo = schedule_timeout(timeo); | ||
| 3301 | lock_sock(sk); | ||
| 3302 | |||
| 3303 | err = sock_error(sk); | ||
| 3304 | if (err) | ||
| 3305 | break; | ||
| 3306 | |||
| 3307 | if (l2cap_try_push_rx_skb(chan) == 0) | ||
| 3308 | break; | ||
| 3309 | } | ||
| 3310 | |||
| 3311 | set_current_state(TASK_RUNNING); | ||
| 3312 | remove_wait_queue(sk_sleep(sk), &wait); | ||
| 3313 | |||
| 3314 | release_sock(sk); | ||
| 3315 | } | ||
| 3316 | |||
| 3317 | static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) | ||
| 3318 | { | ||
| 3319 | int sctrl, err; | ||
| 3320 | |||
| 3321 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { | ||
| 3322 | bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; | ||
| 3323 | __skb_queue_tail(&chan->busy_q, skb); | ||
| 3324 | return l2cap_try_push_rx_skb(chan); | ||
| 3325 | |||
| 3326 | |||
| 3327 | } | ||
| 3328 | |||
| 3329 | err = l2cap_ertm_reassembly_sdu(chan, skb, control); | ||
| 3330 | if (err >= 0) { | ||
| 3331 | chan->buffer_seq = (chan->buffer_seq + 1) % 64; | ||
| 3332 | return err; | ||
| 3333 | } | 3270 | } |
| 3334 | |||
| 3335 | /* Busy Condition */ | ||
| 3336 | BT_DBG("chan %p, Enter local busy", chan); | ||
| 3337 | |||
| 3338 | set_bit(CONN_LOCAL_BUSY, &chan->conn_state); | ||
| 3339 | bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; | ||
| 3340 | __skb_queue_tail(&chan->busy_q, skb); | ||
| 3341 | |||
| 3342 | sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; | ||
| 3343 | sctrl |= L2CAP_SUPER_RCV_NOT_READY; | ||
| 3344 | l2cap_send_sframe(chan, sctrl); | ||
| 3345 | |||
| 3346 | set_bit(CONN_RNR_SENT, &chan->conn_state); | ||
| 3347 | |||
| 3348 | __clear_ack_timer(chan); | ||
| 3349 | |||
| 3350 | queue_work(_busy_wq, &chan->busy_work); | ||
| 3351 | |||
| 3352 | return err; | ||
| 3353 | } | 3271 | } |
| 3354 | 3272 | ||
| 3355 | static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) | 3273 | static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control) |
| @@ -3450,13 +3368,22 @@ static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq) | |||
| 3450 | struct sk_buff *skb; | 3368 | struct sk_buff *skb; |
| 3451 | u16 control; | 3369 | u16 control; |
| 3452 | 3370 | ||
| 3453 | while ((skb = skb_peek(&chan->srej_q))) { | 3371 | while ((skb = skb_peek(&chan->srej_q)) && |
| 3372 | !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { | ||
| 3373 | int err; | ||
| 3374 | |||
| 3454 | if (bt_cb(skb)->tx_seq != tx_seq) | 3375 | if (bt_cb(skb)->tx_seq != tx_seq) |
| 3455 | break; | 3376 | break; |
| 3456 | 3377 | ||
| 3457 | skb = skb_dequeue(&chan->srej_q); | 3378 | skb = skb_dequeue(&chan->srej_q); |
| 3458 | control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; | 3379 | control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT; |
| 3459 | l2cap_ertm_reassembly_sdu(chan, skb, control); | 3380 | err = l2cap_ertm_reassembly_sdu(chan, skb, control); |
| 3381 | |||
| 3382 | if (err < 0) { | ||
| 3383 | l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); | ||
| 3384 | break; | ||
| 3385 | } | ||
| 3386 | |||
| 3460 | chan->buffer_seq_srej = | 3387 | chan->buffer_seq_srej = |
| 3461 | (chan->buffer_seq_srej + 1) % 64; | 3388 | (chan->buffer_seq_srej + 1) % 64; |
| 3462 | tx_seq = (tx_seq + 1) % 64; | 3389 | tx_seq = (tx_seq + 1) % 64; |
| @@ -3523,9 +3450,6 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
| 3523 | chan->expected_ack_seq = req_seq; | 3450 | chan->expected_ack_seq = req_seq; |
| 3524 | l2cap_drop_acked_frames(chan); | 3451 | l2cap_drop_acked_frames(chan); |
| 3525 | 3452 | ||
| 3526 | if (tx_seq == chan->expected_tx_seq) | ||
| 3527 | goto expected; | ||
| 3528 | |||
| 3529 | tx_seq_offset = (tx_seq - chan->buffer_seq) % 64; | 3453 | tx_seq_offset = (tx_seq - chan->buffer_seq) % 64; |
| 3530 | if (tx_seq_offset < 0) | 3454 | if (tx_seq_offset < 0) |
| 3531 | tx_seq_offset += 64; | 3455 | tx_seq_offset += 64; |
| @@ -3539,6 +3463,9 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
| 3539 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) | 3463 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) |
| 3540 | goto drop; | 3464 | goto drop; |
| 3541 | 3465 | ||
| 3466 | if (tx_seq == chan->expected_tx_seq) | ||
| 3467 | goto expected; | ||
| 3468 | |||
| 3542 | if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) { | 3469 | if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) { |
| 3543 | struct srej_list *first; | 3470 | struct srej_list *first; |
| 3544 | 3471 | ||
| @@ -3590,7 +3517,6 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
| 3590 | chan->buffer_seq_srej = chan->buffer_seq; | 3517 | chan->buffer_seq_srej = chan->buffer_seq; |
| 3591 | 3518 | ||
| 3592 | __skb_queue_head_init(&chan->srej_q); | 3519 | __skb_queue_head_init(&chan->srej_q); |
| 3593 | __skb_queue_head_init(&chan->busy_q); | ||
| 3594 | l2cap_add_to_srej_queue(chan, skb, tx_seq, sar); | 3520 | l2cap_add_to_srej_queue(chan, skb, tx_seq, sar); |
| 3595 | 3521 | ||
| 3596 | set_bit(CONN_SEND_PBIT, &chan->conn_state); | 3522 | set_bit(CONN_SEND_PBIT, &chan->conn_state); |
| @@ -3611,9 +3537,12 @@ expected: | |||
| 3611 | return 0; | 3537 | return 0; |
| 3612 | } | 3538 | } |
| 3613 | 3539 | ||
| 3614 | err = l2cap_push_rx_skb(chan, skb, rx_control); | 3540 | err = l2cap_ertm_reassembly_sdu(chan, skb, rx_control); |
| 3615 | if (err < 0) | 3541 | chan->buffer_seq = (chan->buffer_seq + 1) % 64; |
| 3616 | return 0; | 3542 | if (err < 0) { |
| 3543 | l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); | ||
| 3544 | return err; | ||
| 3545 | } | ||
| 3617 | 3546 | ||
| 3618 | if (rx_control & L2CAP_CTRL_FINAL) { | 3547 | if (rx_control & L2CAP_CTRL_FINAL) { |
| 3619 | if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) | 3548 | if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) |
| @@ -4108,7 +4037,7 @@ static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status) | |||
| 4108 | if (conn) | 4037 | if (conn) |
| 4109 | l2cap_conn_ready(conn); | 4038 | l2cap_conn_ready(conn); |
| 4110 | } else | 4039 | } else |
| 4111 | l2cap_conn_del(hcon, bt_err(status)); | 4040 | l2cap_conn_del(hcon, bt_to_errno(status)); |
| 4112 | 4041 | ||
| 4113 | return 0; | 4042 | return 0; |
| 4114 | } | 4043 | } |
| @@ -4132,7 +4061,7 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason) | |||
| 4132 | if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK)) | 4061 | if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK)) |
| 4133 | return -EINVAL; | 4062 | return -EINVAL; |
| 4134 | 4063 | ||
| 4135 | l2cap_conn_del(hcon, bt_err(reason)); | 4064 | l2cap_conn_del(hcon, bt_to_errno(reason)); |
| 4136 | 4065 | ||
| 4137 | return 0; | 4066 | return 0; |
| 4138 | } | 4067 | } |
| @@ -4178,6 +4107,7 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
| 4178 | chan->sec_level = hcon->sec_level; | 4107 | chan->sec_level = hcon->sec_level; |
| 4179 | del_timer(&conn->security_timer); | 4108 | del_timer(&conn->security_timer); |
| 4180 | l2cap_chan_ready(sk); | 4109 | l2cap_chan_ready(sk); |
| 4110 | smp_distribute_keys(conn, 0); | ||
| 4181 | } | 4111 | } |
| 4182 | 4112 | ||
| 4183 | bh_unlock_sock(sk); | 4113 | bh_unlock_sock(sk); |
| @@ -4415,12 +4345,6 @@ int __init l2cap_init(void) | |||
| 4415 | if (err < 0) | 4345 | if (err < 0) |
| 4416 | return err; | 4346 | return err; |
| 4417 | 4347 | ||
| 4418 | _busy_wq = create_singlethread_workqueue("l2cap"); | ||
| 4419 | if (!_busy_wq) { | ||
| 4420 | err = -ENOMEM; | ||
| 4421 | goto error; | ||
| 4422 | } | ||
| 4423 | |||
| 4424 | err = hci_register_proto(&l2cap_hci_proto); | 4348 | err = hci_register_proto(&l2cap_hci_proto); |
| 4425 | if (err < 0) { | 4349 | if (err < 0) { |
| 4426 | BT_ERR("L2CAP protocol registration failed"); | 4350 | BT_ERR("L2CAP protocol registration failed"); |
| @@ -4438,7 +4362,6 @@ int __init l2cap_init(void) | |||
| 4438 | return 0; | 4362 | return 0; |
| 4439 | 4363 | ||
| 4440 | error: | 4364 | error: |
| 4441 | destroy_workqueue(_busy_wq); | ||
| 4442 | l2cap_cleanup_sockets(); | 4365 | l2cap_cleanup_sockets(); |
| 4443 | return err; | 4366 | return err; |
| 4444 | } | 4367 | } |
| @@ -4447,9 +4370,6 @@ void l2cap_exit(void) | |||
| 4447 | { | 4370 | { |
| 4448 | debugfs_remove(l2cap_debugfs); | 4371 | debugfs_remove(l2cap_debugfs); |
| 4449 | 4372 | ||
| 4450 | flush_workqueue(_busy_wq); | ||
| 4451 | destroy_workqueue(_busy_wq); | ||
| 4452 | |||
| 4453 | if (hci_unregister_proto(&l2cap_hci_proto) < 0) | 4373 | if (hci_unregister_proto(&l2cap_hci_proto) < 0) |
| 4454 | BT_ERR("L2CAP protocol unregistration failed"); | 4374 | BT_ERR("L2CAP protocol unregistration failed"); |
| 4455 | 4375 | ||
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 39082d4e77ce..5c36b3e8739c 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
| @@ -422,8 +422,12 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
| 422 | break; | 422 | break; |
| 423 | } | 423 | } |
| 424 | 424 | ||
| 425 | memset(&sec, 0, sizeof(sec)); | ||
| 425 | sec.level = chan->sec_level; | 426 | sec.level = chan->sec_level; |
| 426 | 427 | ||
| 428 | if (sk->sk_state == BT_CONNECTED) | ||
| 429 | sec.key_size = chan->conn->hcon->enc_key_size; | ||
| 430 | |||
| 427 | len = min_t(unsigned int, len, sizeof(sec)); | 431 | len = min_t(unsigned int, len, sizeof(sec)); |
| 428 | if (copy_to_user(optval, (char *) &sec, len)) | 432 | if (copy_to_user(optval, (char *) &sec, len)) |
| 429 | err = -EFAULT; | 433 | err = -EFAULT; |
| @@ -711,13 +715,15 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
| 711 | static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) | 715 | static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) |
| 712 | { | 716 | { |
| 713 | struct sock *sk = sock->sk; | 717 | struct sock *sk = sock->sk; |
| 718 | struct l2cap_pinfo *pi = l2cap_pi(sk); | ||
| 719 | int err; | ||
| 714 | 720 | ||
| 715 | lock_sock(sk); | 721 | lock_sock(sk); |
| 716 | 722 | ||
| 717 | if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { | 723 | if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { |
| 718 | sk->sk_state = BT_CONFIG; | 724 | sk->sk_state = BT_CONFIG; |
| 719 | 725 | ||
| 720 | __l2cap_connect_rsp_defer(l2cap_pi(sk)->chan); | 726 | __l2cap_connect_rsp_defer(pi->chan); |
| 721 | release_sock(sk); | 727 | release_sock(sk); |
| 722 | return 0; | 728 | return 0; |
| 723 | } | 729 | } |
| @@ -725,9 +731,37 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
| 725 | release_sock(sk); | 731 | release_sock(sk); |
| 726 | 732 | ||
| 727 | if (sock->type == SOCK_STREAM) | 733 | if (sock->type == SOCK_STREAM) |
| 728 | return bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); | 734 | err = bt_sock_stream_recvmsg(iocb, sock, msg, len, flags); |
| 735 | else | ||
| 736 | err = bt_sock_recvmsg(iocb, sock, msg, len, flags); | ||
| 737 | |||
| 738 | if (pi->chan->mode != L2CAP_MODE_ERTM) | ||
| 739 | return err; | ||
| 740 | |||
| 741 | /* Attempt to put pending rx data in the socket buffer */ | ||
| 742 | |||
| 743 | lock_sock(sk); | ||
| 744 | |||
| 745 | if (!test_bit(CONN_LOCAL_BUSY, &pi->chan->conn_state)) | ||
| 746 | goto done; | ||
| 747 | |||
| 748 | if (pi->rx_busy_skb) { | ||
| 749 | if (!sock_queue_rcv_skb(sk, pi->rx_busy_skb)) | ||
| 750 | pi->rx_busy_skb = NULL; | ||
| 751 | else | ||
| 752 | goto done; | ||
| 753 | } | ||
| 729 | 754 | ||
| 730 | return bt_sock_recvmsg(iocb, sock, msg, len, flags); | 755 | /* Restore data flow when half of the receive buffer is |
| 756 | * available. This avoids resending large numbers of | ||
| 757 | * frames. | ||
| 758 | */ | ||
| 759 | if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf >> 1) | ||
| 760 | l2cap_chan_busy(pi->chan, 0); | ||
| 761 | |||
| 762 | done: | ||
| 763 | release_sock(sk); | ||
| 764 | return err; | ||
| 731 | } | 765 | } |
| 732 | 766 | ||
| 733 | /* Kill socket (only if zapped and orphan) | 767 | /* Kill socket (only if zapped and orphan) |
| @@ -811,9 +845,31 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) | |||
| 811 | 845 | ||
| 812 | static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) | 846 | static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) |
| 813 | { | 847 | { |
| 848 | int err; | ||
| 814 | struct sock *sk = data; | 849 | struct sock *sk = data; |
| 850 | struct l2cap_pinfo *pi = l2cap_pi(sk); | ||
| 815 | 851 | ||
| 816 | return sock_queue_rcv_skb(sk, skb); | 852 | if (pi->rx_busy_skb) |
| 853 | return -ENOMEM; | ||
| 854 | |||
| 855 | err = sock_queue_rcv_skb(sk, skb); | ||
| 856 | |||
| 857 | /* For ERTM, handle one skb that doesn't fit into the recv | ||
| 858 | * buffer. This is important to do because the data frames | ||
| 859 | * have already been acked, so the skb cannot be discarded. | ||
| 860 | * | ||
| 861 | * Notify the l2cap core that the buffer is full, so the | ||
| 862 | * LOCAL_BUSY state is entered and no more frames are | ||
| 863 | * acked and reassembled until there is buffer space | ||
| 864 | * available. | ||
| 865 | */ | ||
| 866 | if (err < 0 && pi->chan->mode == L2CAP_MODE_ERTM) { | ||
| 867 | pi->rx_busy_skb = skb; | ||
| 868 | l2cap_chan_busy(pi->chan, 1); | ||
| 869 | err = 0; | ||
| 870 | } | ||
| 871 | |||
| 872 | return err; | ||
| 817 | } | 873 | } |
| 818 | 874 | ||
| 819 | static void l2cap_sock_close_cb(void *data) | 875 | static void l2cap_sock_close_cb(void *data) |
| @@ -842,6 +898,11 @@ static void l2cap_sock_destruct(struct sock *sk) | |||
| 842 | { | 898 | { |
| 843 | BT_DBG("sk %p", sk); | 899 | BT_DBG("sk %p", sk); |
| 844 | 900 | ||
| 901 | if (l2cap_pi(sk)->rx_busy_skb) { | ||
| 902 | kfree_skb(l2cap_pi(sk)->rx_busy_skb); | ||
| 903 | l2cap_pi(sk)->rx_busy_skb = NULL; | ||
| 904 | } | ||
| 905 | |||
| 845 | skb_queue_purge(&sk->sk_receive_queue); | 906 | skb_queue_purge(&sk->sk_receive_queue); |
| 846 | skb_queue_purge(&sk->sk_write_queue); | 907 | skb_queue_purge(&sk->sk_write_queue); |
| 847 | } | 908 | } |
diff --git a/net/bluetooth/lib.c b/net/bluetooth/lib.c index b826d1bf10df..86a6bed229df 100644 --- a/net/bluetooth/lib.c +++ b/net/bluetooth/lib.c | |||
| @@ -59,7 +59,7 @@ char *batostr(bdaddr_t *ba) | |||
| 59 | EXPORT_SYMBOL(batostr); | 59 | EXPORT_SYMBOL(batostr); |
| 60 | 60 | ||
| 61 | /* Bluetooth error codes to Unix errno mapping */ | 61 | /* Bluetooth error codes to Unix errno mapping */ |
| 62 | int bt_err(__u16 code) | 62 | int bt_to_errno(__u16 code) |
| 63 | { | 63 | { |
| 64 | switch (code) { | 64 | switch (code) { |
| 65 | case 0: | 65 | case 0: |
| @@ -149,4 +149,23 @@ int bt_err(__u16 code) | |||
| 149 | return ENOSYS; | 149 | return ENOSYS; |
| 150 | } | 150 | } |
| 151 | } | 151 | } |
| 152 | EXPORT_SYMBOL(bt_err); | 152 | EXPORT_SYMBOL(bt_to_errno); |
| 153 | |||
| 154 | int bt_printk(const char *level, const char *format, ...) | ||
| 155 | { | ||
| 156 | struct va_format vaf; | ||
| 157 | va_list args; | ||
| 158 | int r; | ||
| 159 | |||
| 160 | va_start(args, format); | ||
| 161 | |||
| 162 | vaf.fmt = format; | ||
| 163 | vaf.va = &args; | ||
| 164 | |||
| 165 | r = printk("%sBluetooth: %pV\n", level, &vaf); | ||
| 166 | |||
| 167 | va_end(args); | ||
| 168 | |||
| 169 | return r; | ||
| 170 | } | ||
| 171 | EXPORT_SYMBOL(bt_printk); | ||
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 64c0418a6221..53e109eb043e 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
| @@ -179,7 +179,7 @@ static int read_controller_info(struct sock *sk, u16 index) | |||
| 179 | 179 | ||
| 180 | hci_del_off_timer(hdev); | 180 | hci_del_off_timer(hdev); |
| 181 | 181 | ||
| 182 | hci_dev_lock(hdev); | 182 | hci_dev_lock_bh(hdev); |
| 183 | 183 | ||
| 184 | set_bit(HCI_MGMT, &hdev->flags); | 184 | set_bit(HCI_MGMT, &hdev->flags); |
| 185 | 185 | ||
| @@ -208,7 +208,7 @@ static int read_controller_info(struct sock *sk, u16 index) | |||
| 208 | 208 | ||
| 209 | memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); | 209 | memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); |
| 210 | 210 | ||
| 211 | hci_dev_unlock(hdev); | 211 | hci_dev_unlock_bh(hdev); |
| 212 | hci_dev_put(hdev); | 212 | hci_dev_put(hdev); |
| 213 | 213 | ||
| 214 | return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); | 214 | return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); |
| @@ -316,7 +316,7 @@ static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 316 | if (!hdev) | 316 | if (!hdev) |
| 317 | return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); | 317 | return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); |
| 318 | 318 | ||
| 319 | hci_dev_lock(hdev); | 319 | hci_dev_lock_bh(hdev); |
| 320 | 320 | ||
| 321 | up = test_bit(HCI_UP, &hdev->flags); | 321 | up = test_bit(HCI_UP, &hdev->flags); |
| 322 | if ((cp->val && up) || (!cp->val && !up)) { | 322 | if ((cp->val && up) || (!cp->val && !up)) { |
| @@ -343,7 +343,7 @@ static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 343 | err = 0; | 343 | err = 0; |
| 344 | 344 | ||
| 345 | failed: | 345 | failed: |
| 346 | hci_dev_unlock(hdev); | 346 | hci_dev_unlock_bh(hdev); |
| 347 | hci_dev_put(hdev); | 347 | hci_dev_put(hdev); |
| 348 | return err; | 348 | return err; |
| 349 | } | 349 | } |
| @@ -368,7 +368,7 @@ static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, | |||
| 368 | if (!hdev) | 368 | if (!hdev) |
| 369 | return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); | 369 | return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); |
| 370 | 370 | ||
| 371 | hci_dev_lock(hdev); | 371 | hci_dev_lock_bh(hdev); |
| 372 | 372 | ||
| 373 | if (!test_bit(HCI_UP, &hdev->flags)) { | 373 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 374 | err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); | 374 | err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); |
| @@ -403,7 +403,7 @@ static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, | |||
| 403 | mgmt_pending_remove(cmd); | 403 | mgmt_pending_remove(cmd); |
| 404 | 404 | ||
| 405 | failed: | 405 | failed: |
| 406 | hci_dev_unlock(hdev); | 406 | hci_dev_unlock_bh(hdev); |
| 407 | hci_dev_put(hdev); | 407 | hci_dev_put(hdev); |
| 408 | 408 | ||
| 409 | return err; | 409 | return err; |
| @@ -429,7 +429,7 @@ static int set_connectable(struct sock *sk, u16 index, unsigned char *data, | |||
| 429 | if (!hdev) | 429 | if (!hdev) |
| 430 | return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); | 430 | return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); |
| 431 | 431 | ||
| 432 | hci_dev_lock(hdev); | 432 | hci_dev_lock_bh(hdev); |
| 433 | 433 | ||
| 434 | if (!test_bit(HCI_UP, &hdev->flags)) { | 434 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 435 | err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); | 435 | err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); |
| @@ -463,7 +463,7 @@ static int set_connectable(struct sock *sk, u16 index, unsigned char *data, | |||
| 463 | mgmt_pending_remove(cmd); | 463 | mgmt_pending_remove(cmd); |
| 464 | 464 | ||
| 465 | failed: | 465 | failed: |
| 466 | hci_dev_unlock(hdev); | 466 | hci_dev_unlock_bh(hdev); |
| 467 | hci_dev_put(hdev); | 467 | hci_dev_put(hdev); |
| 468 | 468 | ||
| 469 | return err; | 469 | return err; |
| @@ -522,7 +522,7 @@ static int set_pairable(struct sock *sk, u16 index, unsigned char *data, | |||
| 522 | if (!hdev) | 522 | if (!hdev) |
| 523 | return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); | 523 | return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); |
| 524 | 524 | ||
| 525 | hci_dev_lock(hdev); | 525 | hci_dev_lock_bh(hdev); |
| 526 | 526 | ||
| 527 | if (cp->val) | 527 | if (cp->val) |
| 528 | set_bit(HCI_PAIRABLE, &hdev->flags); | 528 | set_bit(HCI_PAIRABLE, &hdev->flags); |
| @@ -538,7 +538,7 @@ static int set_pairable(struct sock *sk, u16 index, unsigned char *data, | |||
| 538 | err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk); | 538 | err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk); |
| 539 | 539 | ||
| 540 | failed: | 540 | failed: |
| 541 | hci_dev_unlock(hdev); | 541 | hci_dev_unlock_bh(hdev); |
| 542 | hci_dev_put(hdev); | 542 | hci_dev_put(hdev); |
| 543 | 543 | ||
| 544 | return err; | 544 | return err; |
| @@ -739,7 +739,7 @@ static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 739 | if (!hdev) | 739 | if (!hdev) |
| 740 | return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); | 740 | return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); |
| 741 | 741 | ||
| 742 | hci_dev_lock(hdev); | 742 | hci_dev_lock_bh(hdev); |
| 743 | 743 | ||
| 744 | uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); | 744 | uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); |
| 745 | if (!uuid) { | 745 | if (!uuid) { |
| @@ -763,7 +763,7 @@ static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 763 | err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); | 763 | err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); |
| 764 | 764 | ||
| 765 | failed: | 765 | failed: |
| 766 | hci_dev_unlock(hdev); | 766 | hci_dev_unlock_bh(hdev); |
| 767 | hci_dev_put(hdev); | 767 | hci_dev_put(hdev); |
| 768 | 768 | ||
| 769 | return err; | 769 | return err; |
| @@ -788,7 +788,7 @@ static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 788 | if (!hdev) | 788 | if (!hdev) |
| 789 | return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); | 789 | return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); |
| 790 | 790 | ||
| 791 | hci_dev_lock(hdev); | 791 | hci_dev_lock_bh(hdev); |
| 792 | 792 | ||
| 793 | if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { | 793 | if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { |
| 794 | err = hci_uuids_clear(hdev); | 794 | err = hci_uuids_clear(hdev); |
| @@ -823,7 +823,7 @@ static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 823 | err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); | 823 | err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); |
| 824 | 824 | ||
| 825 | unlock: | 825 | unlock: |
| 826 | hci_dev_unlock(hdev); | 826 | hci_dev_unlock_bh(hdev); |
| 827 | hci_dev_put(hdev); | 827 | hci_dev_put(hdev); |
| 828 | 828 | ||
| 829 | return err; | 829 | return err; |
| @@ -847,7 +847,7 @@ static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, | |||
| 847 | if (!hdev) | 847 | if (!hdev) |
| 848 | return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); | 848 | return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); |
| 849 | 849 | ||
| 850 | hci_dev_lock(hdev); | 850 | hci_dev_lock_bh(hdev); |
| 851 | 851 | ||
| 852 | hdev->major_class = cp->major; | 852 | hdev->major_class = cp->major; |
| 853 | hdev->minor_class = cp->minor; | 853 | hdev->minor_class = cp->minor; |
| @@ -857,7 +857,7 @@ static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, | |||
| 857 | if (err == 0) | 857 | if (err == 0) |
| 858 | err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); | 858 | err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); |
| 859 | 859 | ||
| 860 | hci_dev_unlock(hdev); | 860 | hci_dev_unlock_bh(hdev); |
| 861 | hci_dev_put(hdev); | 861 | hci_dev_put(hdev); |
| 862 | 862 | ||
| 863 | return err; | 863 | return err; |
| @@ -879,7 +879,7 @@ static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, | |||
| 879 | if (!hdev) | 879 | if (!hdev) |
| 880 | return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); | 880 | return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); |
| 881 | 881 | ||
| 882 | hci_dev_lock(hdev); | 882 | hci_dev_lock_bh(hdev); |
| 883 | 883 | ||
| 884 | BT_DBG("hci%u enable %d", index, cp->enable); | 884 | BT_DBG("hci%u enable %d", index, cp->enable); |
| 885 | 885 | ||
| @@ -897,7 +897,7 @@ static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, | |||
| 897 | err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, | 897 | err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, |
| 898 | 0); | 898 | 0); |
| 899 | 899 | ||
| 900 | hci_dev_unlock(hdev); | 900 | hci_dev_unlock_bh(hdev); |
| 901 | hci_dev_put(hdev); | 901 | hci_dev_put(hdev); |
| 902 | 902 | ||
| 903 | return err; | 903 | return err; |
| @@ -908,7 +908,7 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 908 | struct hci_dev *hdev; | 908 | struct hci_dev *hdev; |
| 909 | struct mgmt_cp_load_keys *cp; | 909 | struct mgmt_cp_load_keys *cp; |
| 910 | u16 key_count, expected_len; | 910 | u16 key_count, expected_len; |
| 911 | int i; | 911 | int i, err; |
| 912 | 912 | ||
| 913 | cp = (void *) data; | 913 | cp = (void *) data; |
| 914 | 914 | ||
| @@ -918,9 +918,9 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 918 | key_count = get_unaligned_le16(&cp->key_count); | 918 | key_count = get_unaligned_le16(&cp->key_count); |
| 919 | 919 | ||
| 920 | expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info); | 920 | expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info); |
| 921 | if (expected_len != len) { | 921 | if (expected_len > len) { |
| 922 | BT_ERR("load_keys: expected %u bytes, got %u bytes", | 922 | BT_ERR("load_keys: expected at least %u bytes, got %u bytes", |
| 923 | len, expected_len); | 923 | expected_len, len); |
| 924 | return -EINVAL; | 924 | return -EINVAL; |
| 925 | } | 925 | } |
| 926 | 926 | ||
| @@ -931,7 +931,7 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 931 | BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, | 931 | BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, |
| 932 | key_count); | 932 | key_count); |
| 933 | 933 | ||
| 934 | hci_dev_lock(hdev); | 934 | hci_dev_lock_bh(hdev); |
| 935 | 935 | ||
| 936 | hci_link_keys_clear(hdev); | 936 | hci_link_keys_clear(hdev); |
| 937 | 937 | ||
| @@ -942,17 +942,36 @@ static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 942 | else | 942 | else |
| 943 | clear_bit(HCI_DEBUG_KEYS, &hdev->flags); | 943 | clear_bit(HCI_DEBUG_KEYS, &hdev->flags); |
| 944 | 944 | ||
| 945 | for (i = 0; i < key_count; i++) { | 945 | len -= sizeof(*cp); |
| 946 | struct mgmt_key_info *key = &cp->keys[i]; | 946 | i = 0; |
| 947 | |||
| 948 | while (i < len) { | ||
| 949 | struct mgmt_key_info *key = (void *) cp->keys + i; | ||
| 950 | |||
| 951 | i += sizeof(*key) + key->dlen; | ||
| 952 | |||
| 953 | if (key->type == HCI_LK_SMP_LTK) { | ||
| 954 | struct key_master_id *id = (void *) key->data; | ||
| 955 | |||
| 956 | if (key->dlen != sizeof(struct key_master_id)) | ||
| 957 | continue; | ||
| 958 | |||
| 959 | hci_add_ltk(hdev, 0, &key->bdaddr, key->pin_len, | ||
| 960 | id->ediv, id->rand, key->val); | ||
| 961 | |||
| 962 | continue; | ||
| 963 | } | ||
| 947 | 964 | ||
| 948 | hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, | 965 | hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, |
| 949 | key->pin_len); | 966 | key->pin_len); |
| 950 | } | 967 | } |
| 951 | 968 | ||
| 952 | hci_dev_unlock(hdev); | 969 | err = cmd_complete(sk, index, MGMT_OP_LOAD_KEYS, NULL, 0); |
| 970 | |||
| 971 | hci_dev_unlock_bh(hdev); | ||
| 953 | hci_dev_put(hdev); | 972 | hci_dev_put(hdev); |
| 954 | 973 | ||
| 955 | return 0; | 974 | return err; |
| 956 | } | 975 | } |
| 957 | 976 | ||
| 958 | static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) | 977 | static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) |
| @@ -971,7 +990,7 @@ static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 971 | if (!hdev) | 990 | if (!hdev) |
| 972 | return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV); | 991 | return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV); |
| 973 | 992 | ||
| 974 | hci_dev_lock(hdev); | 993 | hci_dev_lock_bh(hdev); |
| 975 | 994 | ||
| 976 | err = hci_remove_link_key(hdev, &cp->bdaddr); | 995 | err = hci_remove_link_key(hdev, &cp->bdaddr); |
| 977 | if (err < 0) { | 996 | if (err < 0) { |
| @@ -994,7 +1013,7 @@ static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 994 | } | 1013 | } |
| 995 | 1014 | ||
| 996 | unlock: | 1015 | unlock: |
| 997 | hci_dev_unlock(hdev); | 1016 | hci_dev_unlock_bh(hdev); |
| 998 | hci_dev_put(hdev); | 1017 | hci_dev_put(hdev); |
| 999 | 1018 | ||
| 1000 | return err; | 1019 | return err; |
| @@ -1020,7 +1039,7 @@ static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 1020 | if (!hdev) | 1039 | if (!hdev) |
| 1021 | return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); | 1040 | return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); |
| 1022 | 1041 | ||
| 1023 | hci_dev_lock(hdev); | 1042 | hci_dev_lock_bh(hdev); |
| 1024 | 1043 | ||
| 1025 | if (!test_bit(HCI_UP, &hdev->flags)) { | 1044 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 1026 | err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); | 1045 | err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); |
| @@ -1055,7 +1074,7 @@ static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 1055 | mgmt_pending_remove(cmd); | 1074 | mgmt_pending_remove(cmd); |
| 1056 | 1075 | ||
| 1057 | failed: | 1076 | failed: |
| 1058 | hci_dev_unlock(hdev); | 1077 | hci_dev_unlock_bh(hdev); |
| 1059 | hci_dev_put(hdev); | 1078 | hci_dev_put(hdev); |
| 1060 | 1079 | ||
| 1061 | return err; | 1080 | return err; |
| @@ -1076,7 +1095,7 @@ static int get_connections(struct sock *sk, u16 index) | |||
| 1076 | if (!hdev) | 1095 | if (!hdev) |
| 1077 | return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); | 1096 | return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); |
| 1078 | 1097 | ||
| 1079 | hci_dev_lock(hdev); | 1098 | hci_dev_lock_bh(hdev); |
| 1080 | 1099 | ||
| 1081 | count = 0; | 1100 | count = 0; |
| 1082 | list_for_each(p, &hdev->conn_hash.list) { | 1101 | list_for_each(p, &hdev->conn_hash.list) { |
| @@ -1103,7 +1122,7 @@ static int get_connections(struct sock *sk, u16 index) | |||
| 1103 | 1122 | ||
| 1104 | unlock: | 1123 | unlock: |
| 1105 | kfree(rp); | 1124 | kfree(rp); |
| 1106 | hci_dev_unlock(hdev); | 1125 | hci_dev_unlock_bh(hdev); |
| 1107 | hci_dev_put(hdev); | 1126 | hci_dev_put(hdev); |
| 1108 | return err; | 1127 | return err; |
| 1109 | } | 1128 | } |
| @@ -1149,7 +1168,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, | |||
| 1149 | if (!hdev) | 1168 | if (!hdev) |
| 1150 | return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); | 1169 | return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); |
| 1151 | 1170 | ||
| 1152 | hci_dev_lock(hdev); | 1171 | hci_dev_lock_bh(hdev); |
| 1153 | 1172 | ||
| 1154 | if (!test_bit(HCI_UP, &hdev->flags)) { | 1173 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 1155 | err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); | 1174 | err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); |
| @@ -1190,7 +1209,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, | |||
| 1190 | mgmt_pending_remove(cmd); | 1209 | mgmt_pending_remove(cmd); |
| 1191 | 1210 | ||
| 1192 | failed: | 1211 | failed: |
| 1193 | hci_dev_unlock(hdev); | 1212 | hci_dev_unlock_bh(hdev); |
| 1194 | hci_dev_put(hdev); | 1213 | hci_dev_put(hdev); |
| 1195 | 1214 | ||
| 1196 | return err; | 1215 | return err; |
| @@ -1216,7 +1235,7 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, | |||
| 1216 | return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, | 1235 | return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, |
| 1217 | ENODEV); | 1236 | ENODEV); |
| 1218 | 1237 | ||
| 1219 | hci_dev_lock(hdev); | 1238 | hci_dev_lock_bh(hdev); |
| 1220 | 1239 | ||
| 1221 | if (!test_bit(HCI_UP, &hdev->flags)) { | 1240 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 1222 | err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, | 1241 | err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, |
| @@ -1227,7 +1246,7 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, | |||
| 1227 | err = send_pin_code_neg_reply(sk, index, hdev, cp); | 1246 | err = send_pin_code_neg_reply(sk, index, hdev, cp); |
| 1228 | 1247 | ||
| 1229 | failed: | 1248 | failed: |
| 1230 | hci_dev_unlock(hdev); | 1249 | hci_dev_unlock_bh(hdev); |
| 1231 | hci_dev_put(hdev); | 1250 | hci_dev_put(hdev); |
| 1232 | 1251 | ||
| 1233 | return err; | 1252 | return err; |
| @@ -1250,14 +1269,14 @@ static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, | |||
| 1250 | if (!hdev) | 1269 | if (!hdev) |
| 1251 | return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); | 1270 | return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); |
| 1252 | 1271 | ||
| 1253 | hci_dev_lock(hdev); | 1272 | hci_dev_lock_bh(hdev); |
| 1254 | 1273 | ||
| 1255 | hdev->io_capability = cp->io_capability; | 1274 | hdev->io_capability = cp->io_capability; |
| 1256 | 1275 | ||
| 1257 | BT_DBG("%s IO capability set to 0x%02x", hdev->name, | 1276 | BT_DBG("%s IO capability set to 0x%02x", hdev->name, |
| 1258 | hdev->io_capability); | 1277 | hdev->io_capability); |
| 1259 | 1278 | ||
| 1260 | hci_dev_unlock(hdev); | 1279 | hci_dev_unlock_bh(hdev); |
| 1261 | hci_dev_put(hdev); | 1280 | hci_dev_put(hdev); |
| 1262 | 1281 | ||
| 1263 | return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); | 1282 | return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); |
| @@ -1343,7 +1362,7 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 1343 | if (!hdev) | 1362 | if (!hdev) |
| 1344 | return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); | 1363 | return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); |
| 1345 | 1364 | ||
| 1346 | hci_dev_lock(hdev); | 1365 | hci_dev_lock_bh(hdev); |
| 1347 | 1366 | ||
| 1348 | if (cp->io_cap == 0x03) { | 1367 | if (cp->io_cap == 0x03) { |
| 1349 | sec_level = BT_SECURITY_MEDIUM; | 1368 | sec_level = BT_SECURITY_MEDIUM; |
| @@ -1385,7 +1404,7 @@ static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
| 1385 | err = 0; | 1404 | err = 0; |
| 1386 | 1405 | ||
| 1387 | unlock: | 1406 | unlock: |
| 1388 | hci_dev_unlock(hdev); | 1407 | hci_dev_unlock_bh(hdev); |
| 1389 | hci_dev_put(hdev); | 1408 | hci_dev_put(hdev); |
| 1390 | 1409 | ||
| 1391 | return err; | 1410 | return err; |
| @@ -1417,7 +1436,7 @@ static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, | |||
| 1417 | if (!hdev) | 1436 | if (!hdev) |
| 1418 | return cmd_status(sk, index, mgmt_op, ENODEV); | 1437 | return cmd_status(sk, index, mgmt_op, ENODEV); |
| 1419 | 1438 | ||
| 1420 | hci_dev_lock(hdev); | 1439 | hci_dev_lock_bh(hdev); |
| 1421 | 1440 | ||
| 1422 | if (!test_bit(HCI_UP, &hdev->flags)) { | 1441 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 1423 | err = cmd_status(sk, index, mgmt_op, ENETDOWN); | 1442 | err = cmd_status(sk, index, mgmt_op, ENETDOWN); |
| @@ -1435,7 +1454,7 @@ static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, | |||
| 1435 | mgmt_pending_remove(cmd); | 1454 | mgmt_pending_remove(cmd); |
| 1436 | 1455 | ||
| 1437 | failed: | 1456 | failed: |
| 1438 | hci_dev_unlock(hdev); | 1457 | hci_dev_unlock_bh(hdev); |
| 1439 | hci_dev_put(hdev); | 1458 | hci_dev_put(hdev); |
| 1440 | 1459 | ||
| 1441 | return err; | 1460 | return err; |
| @@ -1459,7 +1478,7 @@ static int set_local_name(struct sock *sk, u16 index, unsigned char *data, | |||
| 1459 | if (!hdev) | 1478 | if (!hdev) |
| 1460 | return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV); | 1479 | return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV); |
| 1461 | 1480 | ||
| 1462 | hci_dev_lock(hdev); | 1481 | hci_dev_lock_bh(hdev); |
| 1463 | 1482 | ||
| 1464 | cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len); | 1483 | cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len); |
| 1465 | if (!cmd) { | 1484 | if (!cmd) { |
| @@ -1474,7 +1493,7 @@ static int set_local_name(struct sock *sk, u16 index, unsigned char *data, | |||
| 1474 | mgmt_pending_remove(cmd); | 1493 | mgmt_pending_remove(cmd); |
| 1475 | 1494 | ||
| 1476 | failed: | 1495 | failed: |
| 1477 | hci_dev_unlock(hdev); | 1496 | hci_dev_unlock_bh(hdev); |
| 1478 | hci_dev_put(hdev); | 1497 | hci_dev_put(hdev); |
| 1479 | 1498 | ||
| 1480 | return err; | 1499 | return err; |
| @@ -1493,7 +1512,7 @@ static int read_local_oob_data(struct sock *sk, u16 index) | |||
| 1493 | return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, | 1512 | return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, |
| 1494 | ENODEV); | 1513 | ENODEV); |
| 1495 | 1514 | ||
| 1496 | hci_dev_lock(hdev); | 1515 | hci_dev_lock_bh(hdev); |
| 1497 | 1516 | ||
| 1498 | if (!test_bit(HCI_UP, &hdev->flags)) { | 1517 | if (!test_bit(HCI_UP, &hdev->flags)) { |
| 1499 | err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, | 1518 | err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, |
| @@ -1523,7 +1542,7 @@ static int read_local_oob_data(struct sock *sk, u16 index) | |||
| 1523 | mgmt_pending_remove(cmd); | 1542 | mgmt_pending_remove(cmd); |
| 1524 | 1543 | ||
| 1525 | unlock: | 1544 | unlock: |
| 1526 | hci_dev_unlock(hdev); | 1545 | hci_dev_unlock_bh(hdev); |
| 1527 | hci_dev_put(hdev); | 1546 | hci_dev_put(hdev); |
| 1528 | 1547 | ||
| 1529 | return err; | 1548 | return err; |
| @@ -1547,7 +1566,7 @@ static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, | |||
| 1547 | return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, | 1566 | return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, |
| 1548 | ENODEV); | 1567 | ENODEV); |
| 1549 | 1568 | ||
| 1550 | hci_dev_lock(hdev); | 1569 | hci_dev_lock_bh(hdev); |
| 1551 | 1570 | ||
| 1552 | err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, | 1571 | err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, |
| 1553 | cp->randomizer); | 1572 | cp->randomizer); |
| @@ -1557,7 +1576,7 @@ static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, | |||
| 1557 | err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, | 1576 | err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, |
| 1558 | 0); | 1577 | 0); |
| 1559 | 1578 | ||
| 1560 | hci_dev_unlock(hdev); | 1579 | hci_dev_unlock_bh(hdev); |
| 1561 | hci_dev_put(hdev); | 1580 | hci_dev_put(hdev); |
| 1562 | 1581 | ||
| 1563 | return err; | 1582 | return err; |
| @@ -1581,7 +1600,7 @@ static int remove_remote_oob_data(struct sock *sk, u16 index, | |||
| 1581 | return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, | 1600 | return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, |
| 1582 | ENODEV); | 1601 | ENODEV); |
| 1583 | 1602 | ||
| 1584 | hci_dev_lock(hdev); | 1603 | hci_dev_lock_bh(hdev); |
| 1585 | 1604 | ||
| 1586 | err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); | 1605 | err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); |
| 1587 | if (err < 0) | 1606 | if (err < 0) |
| @@ -1591,7 +1610,7 @@ static int remove_remote_oob_data(struct sock *sk, u16 index, | |||
| 1591 | err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, | 1610 | err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, |
| 1592 | NULL, 0); | 1611 | NULL, 0); |
| 1593 | 1612 | ||
| 1594 | hci_dev_unlock(hdev); | 1613 | hci_dev_unlock_bh(hdev); |
| 1595 | hci_dev_put(hdev); | 1614 | hci_dev_put(hdev); |
| 1596 | 1615 | ||
| 1597 | return err; | 1616 | return err; |
| @@ -1958,17 +1977,28 @@ int mgmt_connectable(u16 index, u8 connectable) | |||
| 1958 | 1977 | ||
| 1959 | int mgmt_new_key(u16 index, struct link_key *key, u8 persistent) | 1978 | int mgmt_new_key(u16 index, struct link_key *key, u8 persistent) |
| 1960 | { | 1979 | { |
| 1961 | struct mgmt_ev_new_key ev; | 1980 | struct mgmt_ev_new_key *ev; |
| 1981 | int err, total; | ||
| 1962 | 1982 | ||
| 1963 | memset(&ev, 0, sizeof(ev)); | 1983 | total = sizeof(struct mgmt_ev_new_key) + key->dlen; |
| 1984 | ev = kzalloc(total, GFP_ATOMIC); | ||
| 1985 | if (!ev) | ||
| 1986 | return -ENOMEM; | ||
| 1964 | 1987 | ||
| 1965 | ev.store_hint = persistent; | 1988 | bacpy(&ev->key.bdaddr, &key->bdaddr); |
| 1966 | bacpy(&ev.key.bdaddr, &key->bdaddr); | 1989 | ev->key.type = key->type; |
| 1967 | ev.key.type = key->type; | 1990 | memcpy(ev->key.val, key->val, 16); |
| 1968 | memcpy(ev.key.val, key->val, 16); | 1991 | ev->key.pin_len = key->pin_len; |
| 1969 | ev.key.pin_len = key->pin_len; | 1992 | ev->key.dlen = key->dlen; |
| 1993 | ev->store_hint = persistent; | ||
| 1970 | 1994 | ||
| 1971 | return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL); | 1995 | memcpy(ev->key.data, key->data, key->dlen); |
| 1996 | |||
| 1997 | err = mgmt_event(MGMT_EV_NEW_KEY, index, ev, total, NULL); | ||
| 1998 | |||
| 1999 | kfree(ev); | ||
| 2000 | |||
| 2001 | return err; | ||
| 1972 | } | 2002 | } |
| 1973 | 2003 | ||
| 1974 | int mgmt_connected(u16 index, bdaddr_t *bdaddr) | 2004 | int mgmt_connected(u16 index, bdaddr_t *bdaddr) |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index cb4fb7837e5c..4c3621b5e0aa 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
| @@ -932,7 +932,7 @@ static int sco_connect_cfm(struct hci_conn *hcon, __u8 status) | |||
| 932 | if (conn) | 932 | if (conn) |
| 933 | sco_conn_ready(conn); | 933 | sco_conn_ready(conn); |
| 934 | } else | 934 | } else |
| 935 | sco_conn_del(hcon, bt_err(status)); | 935 | sco_conn_del(hcon, bt_to_errno(status)); |
| 936 | 936 | ||
| 937 | return 0; | 937 | return 0; |
| 938 | } | 938 | } |
| @@ -944,7 +944,7 @@ static int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) | |||
| 944 | if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) | 944 | if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK) |
| 945 | return -EINVAL; | 945 | return -EINVAL; |
| 946 | 946 | ||
| 947 | sco_conn_del(hcon, bt_err(reason)); | 947 | sco_conn_del(hcon, bt_to_errno(reason)); |
| 948 | 948 | ||
| 949 | return 0; | 949 | return 0; |
| 950 | } | 950 | } |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index a36f8707d964..391888b88a92 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -197,14 +197,34 @@ static __u8 seclevel_to_authreq(__u8 level) | |||
| 197 | } | 197 | } |
| 198 | 198 | ||
| 199 | static void build_pairing_cmd(struct l2cap_conn *conn, | 199 | static void build_pairing_cmd(struct l2cap_conn *conn, |
| 200 | struct smp_cmd_pairing *cmd, __u8 authreq) | 200 | struct smp_cmd_pairing *req, |
| 201 | struct smp_cmd_pairing *rsp, | ||
| 202 | __u8 authreq) | ||
| 201 | { | 203 | { |
| 202 | cmd->io_capability = conn->hcon->io_capability; | 204 | u8 dist_keys; |
| 203 | cmd->oob_flag = SMP_OOB_NOT_PRESENT; | 205 | |
| 204 | cmd->max_key_size = SMP_MAX_ENC_KEY_SIZE; | 206 | dist_keys = 0; |
| 205 | cmd->init_key_dist = 0x00; | 207 | if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->flags)) { |
| 206 | cmd->resp_key_dist = 0x00; | 208 | dist_keys = SMP_DIST_ENC_KEY | SMP_DIST_ID_KEY | SMP_DIST_SIGN; |
| 207 | cmd->auth_req = authreq; | 209 | authreq |= SMP_AUTH_BONDING; |
| 210 | } | ||
| 211 | |||
| 212 | if (rsp == NULL) { | ||
| 213 | req->io_capability = conn->hcon->io_capability; | ||
| 214 | req->oob_flag = SMP_OOB_NOT_PRESENT; | ||
| 215 | req->max_key_size = SMP_MAX_ENC_KEY_SIZE; | ||
| 216 | req->init_key_dist = dist_keys; | ||
| 217 | req->resp_key_dist = dist_keys; | ||
| 218 | req->auth_req = authreq; | ||
| 219 | return; | ||
| 220 | } | ||
| 221 | |||
| 222 | rsp->io_capability = conn->hcon->io_capability; | ||
| 223 | rsp->oob_flag = SMP_OOB_NOT_PRESENT; | ||
| 224 | rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; | ||
| 225 | rsp->init_key_dist = req->init_key_dist & dist_keys; | ||
| 226 | rsp->resp_key_dist = req->resp_key_dist & dist_keys; | ||
| 227 | rsp->auth_req = authreq; | ||
| 208 | } | 228 | } |
| 209 | 229 | ||
| 210 | static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) | 230 | static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) |
| @@ -233,7 +253,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 233 | return SMP_OOB_NOT_AVAIL; | 253 | return SMP_OOB_NOT_AVAIL; |
| 234 | 254 | ||
| 235 | /* We didn't start the pairing, so no requirements */ | 255 | /* We didn't start the pairing, so no requirements */ |
| 236 | build_pairing_cmd(conn, &rsp, SMP_AUTH_NONE); | 256 | build_pairing_cmd(conn, req, &rsp, SMP_AUTH_NONE); |
| 237 | 257 | ||
| 238 | key_size = min(req->max_key_size, rsp.max_key_size); | 258 | key_size = min(req->max_key_size, rsp.max_key_size); |
| 239 | if (check_enc_key_size(conn, key_size)) | 259 | if (check_enc_key_size(conn, key_size)) |
| @@ -347,8 +367,6 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 347 | swap128(skb->data, random); | 367 | swap128(skb->data, random); |
| 348 | skb_pull(skb, sizeof(random)); | 368 | skb_pull(skb, sizeof(random)); |
| 349 | 369 | ||
| 350 | memset(hcon->ltk, 0, sizeof(hcon->ltk)); | ||
| 351 | |||
| 352 | if (conn->hcon->out) | 370 | if (conn->hcon->out) |
| 353 | ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0, | 371 | ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0, |
| 354 | conn->src, conn->hcon->dst_type, conn->dst, | 372 | conn->src, conn->hcon->dst_type, conn->dst, |
| @@ -370,29 +388,38 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 370 | } | 388 | } |
| 371 | 389 | ||
| 372 | if (conn->hcon->out) { | 390 | if (conn->hcon->out) { |
| 391 | u8 stk[16], rand[8]; | ||
| 373 | __le16 ediv; | 392 | __le16 ediv; |
| 374 | u8 rand[8]; | 393 | |
| 394 | memset(rand, 0, sizeof(rand)); | ||
| 395 | ediv = 0; | ||
| 375 | 396 | ||
| 376 | smp_s1(tfm, conn->tk, random, conn->prnd, key); | 397 | smp_s1(tfm, conn->tk, random, conn->prnd, key); |
| 377 | swap128(key, hcon->ltk); | 398 | swap128(key, stk); |
| 378 | 399 | ||
| 379 | memset(hcon->ltk + conn->smp_key_size, 0, | 400 | memset(stk + conn->smp_key_size, 0, |
| 380 | SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); | 401 | SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); |
| 381 | 402 | ||
| 403 | hci_le_start_enc(hcon, ediv, rand, stk); | ||
| 404 | hcon->enc_key_size = conn->smp_key_size; | ||
| 405 | } else { | ||
| 406 | u8 stk[16], r[16], rand[8]; | ||
| 407 | __le16 ediv; | ||
| 408 | |||
| 382 | memset(rand, 0, sizeof(rand)); | 409 | memset(rand, 0, sizeof(rand)); |
| 383 | ediv = 0; | 410 | ediv = 0; |
| 384 | hci_le_start_enc(hcon, ediv, rand, hcon->ltk); | ||
| 385 | } else { | ||
| 386 | u8 r[16]; | ||
| 387 | 411 | ||
| 388 | swap128(conn->prnd, r); | 412 | swap128(conn->prnd, r); |
| 389 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); | 413 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); |
| 390 | 414 | ||
| 391 | smp_s1(tfm, conn->tk, conn->prnd, random, key); | 415 | smp_s1(tfm, conn->tk, conn->prnd, random, key); |
| 392 | swap128(key, hcon->ltk); | 416 | swap128(key, stk); |
| 393 | 417 | ||
| 394 | memset(hcon->ltk + conn->smp_key_size, 0, | 418 | memset(stk + conn->smp_key_size, 0, |
| 395 | SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); | 419 | SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); |
| 420 | |||
| 421 | hci_add_ltk(conn->hcon->hdev, 0, conn->dst, conn->smp_key_size, | ||
| 422 | ediv, rand, stk); | ||
| 396 | } | 423 | } |
| 397 | 424 | ||
| 398 | return 0; | 425 | return 0; |
| @@ -412,7 +439,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 412 | skb_pull(skb, sizeof(*rp)); | 439 | skb_pull(skb, sizeof(*rp)); |
| 413 | 440 | ||
| 414 | memset(&cp, 0, sizeof(cp)); | 441 | memset(&cp, 0, sizeof(cp)); |
| 415 | build_pairing_cmd(conn, &cp, rp->auth_req); | 442 | build_pairing_cmd(conn, &cp, NULL, rp->auth_req); |
| 416 | 443 | ||
| 417 | conn->preq[0] = SMP_CMD_PAIRING_REQ; | 444 | conn->preq[0] = SMP_CMD_PAIRING_REQ; |
| 418 | memcpy(&conn->preq[1], &cp, sizeof(cp)); | 445 | memcpy(&conn->preq[1], &cp, sizeof(cp)); |
| @@ -434,6 +461,9 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level) | |||
| 434 | 461 | ||
| 435 | BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); | 462 | BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); |
| 436 | 463 | ||
| 464 | if (!lmp_host_le_capable(hcon->hdev)) | ||
| 465 | return 1; | ||
| 466 | |||
| 437 | if (IS_ERR(hcon->hdev->tfm)) | 467 | if (IS_ERR(hcon->hdev->tfm)) |
| 438 | return 1; | 468 | return 1; |
| 439 | 469 | ||
| @@ -450,8 +480,21 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level) | |||
| 450 | 480 | ||
| 451 | if (hcon->link_mode & HCI_LM_MASTER) { | 481 | if (hcon->link_mode & HCI_LM_MASTER) { |
| 452 | struct smp_cmd_pairing cp; | 482 | struct smp_cmd_pairing cp; |
| 483 | struct link_key *key; | ||
| 453 | 484 | ||
| 454 | build_pairing_cmd(conn, &cp, authreq); | 485 | key = hci_find_link_key_type(hcon->hdev, conn->dst, |
| 486 | HCI_LK_SMP_LTK); | ||
| 487 | if (key) { | ||
| 488 | struct key_master_id *master = (void *) key->data; | ||
| 489 | |||
| 490 | hci_le_start_enc(hcon, master->ediv, master->rand, | ||
| 491 | key->val); | ||
| 492 | hcon->enc_key_size = key->pin_len; | ||
| 493 | |||
| 494 | goto done; | ||
| 495 | } | ||
| 496 | |||
| 497 | build_pairing_cmd(conn, &cp, NULL, authreq); | ||
| 455 | conn->preq[0] = SMP_CMD_PAIRING_REQ; | 498 | conn->preq[0] = SMP_CMD_PAIRING_REQ; |
| 456 | memcpy(&conn->preq[1], &cp, sizeof(cp)); | 499 | memcpy(&conn->preq[1], &cp, sizeof(cp)); |
| 457 | 500 | ||
| @@ -465,18 +508,50 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level) | |||
| 465 | smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); | 508 | smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); |
| 466 | } | 509 | } |
| 467 | 510 | ||
| 511 | done: | ||
| 468 | hcon->pending_sec_level = sec_level; | 512 | hcon->pending_sec_level = sec_level; |
| 469 | set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend); | 513 | set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend); |
| 470 | 514 | ||
| 471 | return 0; | 515 | return 0; |
| 472 | } | 516 | } |
| 473 | 517 | ||
| 518 | static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) | ||
| 519 | { | ||
| 520 | struct smp_cmd_encrypt_info *rp = (void *) skb->data; | ||
| 521 | |||
| 522 | skb_pull(skb, sizeof(*rp)); | ||
| 523 | |||
| 524 | memcpy(conn->tk, rp->ltk, sizeof(conn->tk)); | ||
| 525 | |||
| 526 | return 0; | ||
| 527 | } | ||
| 528 | |||
| 529 | static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) | ||
| 530 | { | ||
| 531 | struct smp_cmd_master_ident *rp = (void *) skb->data; | ||
| 532 | |||
| 533 | skb_pull(skb, sizeof(*rp)); | ||
| 534 | |||
| 535 | hci_add_ltk(conn->hcon->hdev, 1, conn->src, conn->smp_key_size, | ||
| 536 | rp->ediv, rp->rand, conn->tk); | ||
| 537 | |||
| 538 | smp_distribute_keys(conn, 1); | ||
| 539 | |||
| 540 | return 0; | ||
| 541 | } | ||
| 542 | |||
| 474 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) | 543 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) |
| 475 | { | 544 | { |
| 476 | __u8 code = skb->data[0]; | 545 | __u8 code = skb->data[0]; |
| 477 | __u8 reason; | 546 | __u8 reason; |
| 478 | int err = 0; | 547 | int err = 0; |
| 479 | 548 | ||
| 549 | if (!lmp_host_le_capable(conn->hcon->hdev)) { | ||
| 550 | err = -ENOTSUPP; | ||
| 551 | reason = SMP_PAIRING_NOTSUPP; | ||
| 552 | goto done; | ||
| 553 | } | ||
| 554 | |||
| 480 | if (IS_ERR(conn->hcon->hdev->tfm)) { | 555 | if (IS_ERR(conn->hcon->hdev->tfm)) { |
| 481 | err = PTR_ERR(conn->hcon->hdev->tfm); | 556 | err = PTR_ERR(conn->hcon->hdev->tfm); |
| 482 | reason = SMP_PAIRING_NOTSUPP; | 557 | reason = SMP_PAIRING_NOTSUPP; |
| @@ -512,10 +587,20 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 512 | break; | 587 | break; |
| 513 | 588 | ||
| 514 | case SMP_CMD_ENCRYPT_INFO: | 589 | case SMP_CMD_ENCRYPT_INFO: |
| 590 | reason = smp_cmd_encrypt_info(conn, skb); | ||
| 591 | break; | ||
| 592 | |||
| 515 | case SMP_CMD_MASTER_IDENT: | 593 | case SMP_CMD_MASTER_IDENT: |
| 594 | reason = smp_cmd_master_ident(conn, skb); | ||
| 595 | break; | ||
| 596 | |||
| 516 | case SMP_CMD_IDENT_INFO: | 597 | case SMP_CMD_IDENT_INFO: |
| 517 | case SMP_CMD_IDENT_ADDR_INFO: | 598 | case SMP_CMD_IDENT_ADDR_INFO: |
| 518 | case SMP_CMD_SIGN_INFO: | 599 | case SMP_CMD_SIGN_INFO: |
| 600 | /* Just ignored */ | ||
| 601 | reason = 0; | ||
| 602 | break; | ||
| 603 | |||
| 519 | default: | 604 | default: |
| 520 | BT_DBG("Unknown command code 0x%2.2x", code); | 605 | BT_DBG("Unknown command code 0x%2.2x", code); |
| 521 | 606 | ||
| @@ -532,3 +617,86 @@ done: | |||
| 532 | kfree_skb(skb); | 617 | kfree_skb(skb); |
| 533 | return err; | 618 | return err; |
| 534 | } | 619 | } |
| 620 | |||
| 621 | int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) | ||
| 622 | { | ||
| 623 | struct smp_cmd_pairing *req, *rsp; | ||
| 624 | __u8 *keydist; | ||
| 625 | |||
| 626 | BT_DBG("conn %p force %d", conn, force); | ||
| 627 | |||
| 628 | if (IS_ERR(conn->hcon->hdev->tfm)) | ||
| 629 | return PTR_ERR(conn->hcon->hdev->tfm); | ||
| 630 | |||
| 631 | rsp = (void *) &conn->prsp[1]; | ||
| 632 | |||
| 633 | /* The responder sends its keys first */ | ||
| 634 | if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07)) | ||
| 635 | return 0; | ||
| 636 | |||
| 637 | req = (void *) &conn->preq[1]; | ||
| 638 | |||
| 639 | if (conn->hcon->out) { | ||
| 640 | keydist = &rsp->init_key_dist; | ||
| 641 | *keydist &= req->init_key_dist; | ||
| 642 | } else { | ||
| 643 | keydist = &rsp->resp_key_dist; | ||
| 644 | *keydist &= req->resp_key_dist; | ||
| 645 | } | ||
| 646 | |||
| 647 | |||
| 648 | BT_DBG("keydist 0x%x", *keydist); | ||
| 649 | |||
| 650 | if (*keydist & SMP_DIST_ENC_KEY) { | ||
| 651 | struct smp_cmd_encrypt_info enc; | ||
| 652 | struct smp_cmd_master_ident ident; | ||
| 653 | __le16 ediv; | ||
| 654 | |||
| 655 | get_random_bytes(enc.ltk, sizeof(enc.ltk)); | ||
| 656 | get_random_bytes(&ediv, sizeof(ediv)); | ||
| 657 | get_random_bytes(ident.rand, sizeof(ident.rand)); | ||
| 658 | |||
| 659 | smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); | ||
| 660 | |||
| 661 | hci_add_ltk(conn->hcon->hdev, 1, conn->dst, conn->smp_key_size, | ||
| 662 | ediv, ident.rand, enc.ltk); | ||
| 663 | |||
| 664 | ident.ediv = cpu_to_le16(ediv); | ||
| 665 | |||
| 666 | smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); | ||
| 667 | |||
| 668 | *keydist &= ~SMP_DIST_ENC_KEY; | ||
| 669 | } | ||
| 670 | |||
| 671 | if (*keydist & SMP_DIST_ID_KEY) { | ||
| 672 | struct smp_cmd_ident_addr_info addrinfo; | ||
| 673 | struct smp_cmd_ident_info idinfo; | ||
| 674 | |||
| 675 | /* Send a dummy key */ | ||
| 676 | get_random_bytes(idinfo.irk, sizeof(idinfo.irk)); | ||
| 677 | |||
| 678 | smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); | ||
| 679 | |||
| 680 | /* Just public address */ | ||
| 681 | memset(&addrinfo, 0, sizeof(addrinfo)); | ||
| 682 | bacpy(&addrinfo.bdaddr, conn->src); | ||
| 683 | |||
| 684 | smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), | ||
| 685 | &addrinfo); | ||
| 686 | |||
| 687 | *keydist &= ~SMP_DIST_ID_KEY; | ||
| 688 | } | ||
| 689 | |||
| 690 | if (*keydist & SMP_DIST_SIGN) { | ||
| 691 | struct smp_cmd_sign_info sign; | ||
| 692 | |||
| 693 | /* Send a dummy key */ | ||
| 694 | get_random_bytes(sign.csrk, sizeof(sign.csrk)); | ||
| 695 | |||
| 696 | smp_send_cmd(conn, SMP_CMD_SIGN_INFO, sizeof(sign), &sign); | ||
| 697 | |||
| 698 | *keydist &= ~SMP_DIST_SIGN; | ||
| 699 | } | ||
| 700 | |||
| 701 | return 0; | ||
| 702 | } | ||