aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/compat_ioctl.c1
-rw-r--r--include/net/bluetooth/bluetooth.h1
-rw-r--r--include/net/bluetooth/hci.h68
-rw-r--r--include/net/bluetooth/hci_core.h19
-rw-r--r--include/net/bluetooth/rfcomm.h2
-rw-r--r--net/bluetooth/af_bluetooth.c53
-rw-r--r--net/bluetooth/bnep/core.c5
-rw-r--r--net/bluetooth/hci_conn.c96
-rw-r--r--net/bluetooth/hci_core.c42
-rw-r--r--net/bluetooth/hci_event.c512
-rw-r--r--net/bluetooth/hci_sock.c18
-rw-r--r--net/bluetooth/hci_sysfs.c31
-rw-r--r--net/bluetooth/hidp/core.c10
-rw-r--r--net/bluetooth/l2cap.c337
-rw-r--r--net/bluetooth/rfcomm/core.c92
-rw-r--r--net/bluetooth/rfcomm/sock.c23
-rw-r--r--net/bluetooth/rfcomm/tty.c59
-rw-r--r--net/bluetooth/sco.c14
18 files changed, 1112 insertions, 271 deletions
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index ddefb8851a98..7b3a03c7c6a9 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -2346,6 +2346,7 @@ COMPATIBLE_IOCTL(HCIGETDEVLIST)
2346COMPATIBLE_IOCTL(HCIGETDEVINFO) 2346COMPATIBLE_IOCTL(HCIGETDEVINFO)
2347COMPATIBLE_IOCTL(HCIGETCONNLIST) 2347COMPATIBLE_IOCTL(HCIGETCONNLIST)
2348COMPATIBLE_IOCTL(HCIGETCONNINFO) 2348COMPATIBLE_IOCTL(HCIGETCONNINFO)
2349COMPATIBLE_IOCTL(HCIGETAUTHINFO)
2349COMPATIBLE_IOCTL(HCISETRAW) 2350COMPATIBLE_IOCTL(HCISETRAW)
2350COMPATIBLE_IOCTL(HCISETSCAN) 2351COMPATIBLE_IOCTL(HCISETSCAN)
2351COMPATIBLE_IOCTL(HCISETAUTH) 2352COMPATIBLE_IOCTL(HCISETAUTH)
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index 750648df13f4..6f8418bf4241 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -121,6 +121,7 @@ void bt_sock_link(struct bt_sock_list *l, struct sock *s);
121void bt_sock_unlink(struct bt_sock_list *l, struct sock *s); 121void bt_sock_unlink(struct bt_sock_list *l, struct sock *s);
122int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags); 122int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags);
123uint bt_sock_poll(struct file * file, struct socket *sock, poll_table *wait); 123uint bt_sock_poll(struct file * file, struct socket *sock, poll_table *wait);
124int bt_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
124int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo); 125int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo);
125 126
126void bt_accept_enqueue(struct sock *parent, struct sock *sk); 127void bt_accept_enqueue(struct sock *parent, struct sock *sk);
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index a8a9eb6af966..3cc294919312 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -72,8 +72,6 @@ enum {
72 HCI_INQUIRY, 72 HCI_INQUIRY,
73 73
74 HCI_RAW, 74 HCI_RAW,
75
76 HCI_SECMGR
77}; 75};
78 76
79/* HCI ioctl defines */ 77/* HCI ioctl defines */
@@ -86,6 +84,7 @@ enum {
86#define HCIGETDEVINFO _IOR('H', 211, int) 84#define HCIGETDEVINFO _IOR('H', 211, int)
87#define HCIGETCONNLIST _IOR('H', 212, int) 85#define HCIGETCONNLIST _IOR('H', 212, int)
88#define HCIGETCONNINFO _IOR('H', 213, int) 86#define HCIGETCONNINFO _IOR('H', 213, int)
87#define HCIGETAUTHINFO _IOR('H', 215, int)
89 88
90#define HCISETRAW _IOW('H', 220, int) 89#define HCISETRAW _IOW('H', 220, int)
91#define HCISETSCAN _IOW('H', 221, int) 90#define HCISETSCAN _IOW('H', 221, int)
@@ -97,8 +96,6 @@ enum {
97#define HCISETACLMTU _IOW('H', 227, int) 96#define HCISETACLMTU _IOW('H', 227, int)
98#define HCISETSCOMTU _IOW('H', 228, int) 97#define HCISETSCOMTU _IOW('H', 228, int)
99 98
100#define HCISETSECMGR _IOW('H', 230, int)
101
102#define HCIINQUIRY _IOR('H', 240, int) 99#define HCIINQUIRY _IOR('H', 240, int)
103 100
104/* HCI timeouts */ 101/* HCI timeouts */
@@ -137,6 +134,8 @@ enum {
137#define ESCO_EV4 0x0010 134#define ESCO_EV4 0x0010
138#define ESCO_EV5 0x0020 135#define ESCO_EV5 0x0020
139 136
137#define SCO_ESCO_MASK (ESCO_HV1 | ESCO_HV2 | ESCO_HV3)
138
140/* ACL flags */ 139/* ACL flags */
141#define ACL_CONT 0x01 140#define ACL_CONT 0x01
142#define ACL_START 0x02 141#define ACL_START 0x02
@@ -178,6 +177,8 @@ enum {
178 177
179#define LMP_SNIFF_SUBR 0x02 178#define LMP_SNIFF_SUBR 0x02
180 179
180#define LMP_SIMPLE_PAIR 0x08
181
181/* Connection modes */ 182/* Connection modes */
182#define HCI_CM_ACTIVE 0x0000 183#define HCI_CM_ACTIVE 0x0000
183#define HCI_CM_HOLD 0x0001 184#define HCI_CM_HOLD 0x0001
@@ -199,6 +200,14 @@ enum {
199#define HCI_LM_RELIABLE 0x0010 200#define HCI_LM_RELIABLE 0x0010
200#define HCI_LM_SECURE 0x0020 201#define HCI_LM_SECURE 0x0020
201 202
203/* Authentication types */
204#define HCI_AT_NO_BONDING 0x00
205#define HCI_AT_NO_BONDING_MITM 0x01
206#define HCI_AT_DEDICATED_BONDING 0x02
207#define HCI_AT_DEDICATED_BONDING_MITM 0x03
208#define HCI_AT_GENERAL_BONDING 0x04
209#define HCI_AT_GENERAL_BONDING_MITM 0x05
210
202/* ----- HCI Commands ---- */ 211/* ----- HCI Commands ---- */
203#define HCI_OP_INQUIRY 0x0401 212#define HCI_OP_INQUIRY 0x0401
204struct hci_cp_inquiry { 213struct hci_cp_inquiry {
@@ -402,6 +411,17 @@ struct hci_rp_write_link_policy {
402 __le16 handle; 411 __le16 handle;
403} __attribute__ ((packed)); 412} __attribute__ ((packed));
404 413
414#define HCI_OP_READ_DEF_LINK_POLICY 0x080e
415struct hci_rp_read_def_link_policy {
416 __u8 status;
417 __le16 policy;
418} __attribute__ ((packed));
419
420#define HCI_OP_WRITE_DEF_LINK_POLICY 0x080f
421struct hci_cp_write_def_link_policy {
422 __le16 policy;
423} __attribute__ ((packed));
424
405#define HCI_OP_SNIFF_SUBRATE 0x0811 425#define HCI_OP_SNIFF_SUBRATE 0x0811
406struct hci_cp_sniff_subrate { 426struct hci_cp_sniff_subrate {
407 __le16 handle; 427 __le16 handle;
@@ -501,6 +521,17 @@ struct hci_cp_host_buffer_size {
501 __le16 sco_max_pkt; 521 __le16 sco_max_pkt;
502} __attribute__ ((packed)); 522} __attribute__ ((packed));
503 523
524#define HCI_OP_READ_SSP_MODE 0x0c55
525struct hci_rp_read_ssp_mode {
526 __u8 status;
527 __u8 mode;
528} __attribute__ ((packed));
529
530#define HCI_OP_WRITE_SSP_MODE 0x0c56
531struct hci_cp_write_ssp_mode {
532 __u8 mode;
533} __attribute__ ((packed));
534
504#define HCI_OP_READ_LOCAL_VERSION 0x1001 535#define HCI_OP_READ_LOCAL_VERSION 0x1001
505struct hci_rp_read_local_version { 536struct hci_rp_read_local_version {
506 __u8 status; 537 __u8 status;
@@ -696,6 +727,13 @@ struct hci_ev_clock_offset {
696 __le16 clock_offset; 727 __le16 clock_offset;
697} __attribute__ ((packed)); 728} __attribute__ ((packed));
698 729
730#define HCI_EV_PKT_TYPE_CHANGE 0x1d
731struct hci_ev_pkt_type_change {
732 __u8 status;
733 __le16 handle;
734 __le16 pkt_type;
735} __attribute__ ((packed));
736
699#define HCI_EV_PSCAN_REP_MODE 0x20 737#define HCI_EV_PSCAN_REP_MODE 0x20
700struct hci_ev_pscan_rep_mode { 738struct hci_ev_pscan_rep_mode {
701 bdaddr_t bdaddr; 739 bdaddr_t bdaddr;
@@ -774,6 +812,23 @@ struct extended_inquiry_info {
774 __u8 data[240]; 812 __u8 data[240];
775} __attribute__ ((packed)); 813} __attribute__ ((packed));
776 814
815#define HCI_EV_IO_CAPA_REQUEST 0x31
816struct hci_ev_io_capa_request {
817 bdaddr_t bdaddr;
818} __attribute__ ((packed));
819
820#define HCI_EV_SIMPLE_PAIR_COMPLETE 0x36
821struct hci_ev_simple_pair_complete {
822 __u8 status;
823 bdaddr_t bdaddr;
824} __attribute__ ((packed));
825
826#define HCI_EV_REMOTE_HOST_FEATURES 0x3d
827struct hci_ev_remote_host_features {
828 bdaddr_t bdaddr;
829 __u8 features[8];
830} __attribute__ ((packed));
831
777/* Internal events generated by Bluetooth stack */ 832/* Internal events generated by Bluetooth stack */
778#define HCI_EV_STACK_INTERNAL 0xfd 833#define HCI_EV_STACK_INTERNAL 0xfd
779struct hci_ev_stack_internal { 834struct hci_ev_stack_internal {
@@ -951,6 +1006,11 @@ struct hci_conn_info_req {
951 struct hci_conn_info conn_info[0]; 1006 struct hci_conn_info conn_info[0];
952}; 1007};
953 1008
1009struct hci_auth_info_req {
1010 bdaddr_t bdaddr;
1011 __u8 type;
1012};
1013
954struct hci_inquiry_req { 1014struct hci_inquiry_req {
955 __u16 dev_id; 1015 __u16 dev_id;
956 __u16 flags; 1016 __u16 flags;
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index ea13baa3851b..cbf751094688 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -40,6 +40,7 @@ struct inquiry_data {
40 __u8 dev_class[3]; 40 __u8 dev_class[3];
41 __le16 clock_offset; 41 __le16 clock_offset;
42 __s8 rssi; 42 __s8 rssi;
43 __u8 ssp_mode;
43}; 44};
44 45
45struct inquiry_entry { 46struct inquiry_entry {
@@ -75,6 +76,7 @@ struct hci_dev {
75 __u8 dev_class[3]; 76 __u8 dev_class[3];
76 __u8 features[8]; 77 __u8 features[8];
77 __u8 commands[64]; 78 __u8 commands[64];
79 __u8 ssp_mode;
78 __u8 hci_ver; 80 __u8 hci_ver;
79 __u16 hci_rev; 81 __u16 hci_rev;
80 __u16 manufacturer; 82 __u16 manufacturer;
@@ -161,9 +163,12 @@ struct hci_conn {
161 __u8 attempt; 163 __u8 attempt;
162 __u8 dev_class[3]; 164 __u8 dev_class[3];
163 __u8 features[8]; 165 __u8 features[8];
166 __u8 ssp_mode;
164 __u16 interval; 167 __u16 interval;
168 __u16 pkt_type;
165 __u16 link_policy; 169 __u16 link_policy;
166 __u32 link_mode; 170 __u32 link_mode;
171 __u8 auth_type;
167 __u8 power_save; 172 __u8 power_save;
168 unsigned long pend; 173 unsigned long pend;
169 174
@@ -344,7 +349,7 @@ static inline void hci_conn_put(struct hci_conn *conn)
344 if (conn->state == BT_CONNECTED) { 349 if (conn->state == BT_CONNECTED) {
345 timeo = msecs_to_jiffies(HCI_DISCONN_TIMEOUT); 350 timeo = msecs_to_jiffies(HCI_DISCONN_TIMEOUT);
346 if (!conn->out) 351 if (!conn->out)
347 timeo *= 2; 352 timeo *= 5;
348 } else 353 } else
349 timeo = msecs_to_jiffies(10); 354 timeo = msecs_to_jiffies(10);
350 } else 355 } else
@@ -418,6 +423,7 @@ int hci_get_dev_list(void __user *arg);
418int hci_get_dev_info(void __user *arg); 423int hci_get_dev_info(void __user *arg);
419int hci_get_conn_list(void __user *arg); 424int hci_get_conn_list(void __user *arg);
420int hci_get_conn_info(struct hci_dev *hdev, void __user *arg); 425int hci_get_conn_info(struct hci_dev *hdev, void __user *arg);
426int hci_get_auth_info(struct hci_dev *hdev, void __user *arg);
421int hci_inquiry(void __user *arg); 427int hci_inquiry(void __user *arg);
422 428
423void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb); 429void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb);
@@ -459,6 +465,7 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
459#define lmp_sniff_capable(dev) ((dev)->features[0] & LMP_SNIFF) 465#define lmp_sniff_capable(dev) ((dev)->features[0] & LMP_SNIFF)
460#define lmp_sniffsubr_capable(dev) ((dev)->features[5] & LMP_SNIFF_SUBR) 466#define lmp_sniffsubr_capable(dev) ((dev)->features[5] & LMP_SNIFF_SUBR)
461#define lmp_esco_capable(dev) ((dev)->features[3] & LMP_ESCO) 467#define lmp_esco_capable(dev) ((dev)->features[3] & LMP_ESCO)
468#define lmp_ssp_capable(dev) ((dev)->features[6] & LMP_SIMPLE_PAIR)
462 469
463/* ----- HCI protocols ----- */ 470/* ----- HCI protocols ----- */
464struct hci_proto { 471struct hci_proto {
@@ -474,7 +481,7 @@ struct hci_proto {
474 int (*recv_acldata) (struct hci_conn *conn, struct sk_buff *skb, __u16 flags); 481 int (*recv_acldata) (struct hci_conn *conn, struct sk_buff *skb, __u16 flags);
475 int (*recv_scodata) (struct hci_conn *conn, struct sk_buff *skb); 482 int (*recv_scodata) (struct hci_conn *conn, struct sk_buff *skb);
476 int (*auth_cfm) (struct hci_conn *conn, __u8 status); 483 int (*auth_cfm) (struct hci_conn *conn, __u8 status);
477 int (*encrypt_cfm) (struct hci_conn *conn, __u8 status); 484 int (*encrypt_cfm) (struct hci_conn *conn, __u8 status, __u8 encrypt);
478}; 485};
479 486
480static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) 487static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
@@ -532,17 +539,17 @@ static inline void hci_proto_auth_cfm(struct hci_conn *conn, __u8 status)
532 hp->auth_cfm(conn, status); 539 hp->auth_cfm(conn, status);
533} 540}
534 541
535static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status) 542static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encrypt)
536{ 543{
537 register struct hci_proto *hp; 544 register struct hci_proto *hp;
538 545
539 hp = hci_proto[HCI_PROTO_L2CAP]; 546 hp = hci_proto[HCI_PROTO_L2CAP];
540 if (hp && hp->encrypt_cfm) 547 if (hp && hp->encrypt_cfm)
541 hp->encrypt_cfm(conn, status); 548 hp->encrypt_cfm(conn, status, encrypt);
542 549
543 hp = hci_proto[HCI_PROTO_SCO]; 550 hp = hci_proto[HCI_PROTO_SCO];
544 if (hp && hp->encrypt_cfm) 551 if (hp && hp->encrypt_cfm)
545 hp->encrypt_cfm(conn, status); 552 hp->encrypt_cfm(conn, status, encrypt);
546} 553}
547 554
548int hci_register_proto(struct hci_proto *hproto); 555int hci_register_proto(struct hci_proto *hproto);
@@ -579,7 +586,7 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encr
579{ 586{
580 struct list_head *p; 587 struct list_head *p;
581 588
582 hci_proto_encrypt_cfm(conn, status); 589 hci_proto_encrypt_cfm(conn, status, encrypt);
583 590
584 read_lock_bh(&hci_cb_list_lock); 591 read_lock_bh(&hci_cb_list_lock);
585 list_for_each(p, &hci_cb_list) { 592 list_for_each(p, &hci_cb_list) {
diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
index 98ec7a320689..4dc8d92a4638 100644
--- a/include/net/bluetooth/rfcomm.h
+++ b/include/net/bluetooth/rfcomm.h
@@ -180,7 +180,9 @@ struct rfcomm_dlc {
180 u8 addr; 180 u8 addr;
181 u8 priority; 181 u8 priority;
182 u8 v24_sig; 182 u8 v24_sig;
183 u8 remote_v24_sig;
183 u8 mscex; 184 u8 mscex;
185 u8 out;
184 186
185 u32 link_mode; 187 u32 link_mode;
186 188
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index d366423c8392..4e59df5f8e05 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -36,6 +36,7 @@
36#include <linux/init.h> 36#include <linux/init.h>
37#include <linux/poll.h> 37#include <linux/poll.h>
38#include <net/sock.h> 38#include <net/sock.h>
39#include <asm/ioctls.h>
39 40
40#if defined(CONFIG_KMOD) 41#if defined(CONFIG_KMOD)
41#include <linux/kmod.h> 42#include <linux/kmod.h>
@@ -48,7 +49,7 @@
48#define BT_DBG(D...) 49#define BT_DBG(D...)
49#endif 50#endif
50 51
51#define VERSION "2.11" 52#define VERSION "2.12"
52 53
53/* Bluetooth sockets */ 54/* Bluetooth sockets */
54#define BT_MAX_PROTO 8 55#define BT_MAX_PROTO 8
@@ -266,6 +267,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
266 267
267 skb_reset_transport_header(skb); 268 skb_reset_transport_header(skb);
268 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 269 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
270 if (err == 0)
271 sock_recv_timestamp(msg, sk, skb);
269 272
270 skb_free_datagram(sk, skb); 273 skb_free_datagram(sk, skb);
271 274
@@ -329,6 +332,54 @@ unsigned int bt_sock_poll(struct file * file, struct socket *sock, poll_table *w
329} 332}
330EXPORT_SYMBOL(bt_sock_poll); 333EXPORT_SYMBOL(bt_sock_poll);
331 334
335int bt_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
336{
337 struct sock *sk = sock->sk;
338 struct sk_buff *skb;
339 long amount;
340 int err;
341
342 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
343
344 switch (cmd) {
345 case TIOCOUTQ:
346 if (sk->sk_state == BT_LISTEN)
347 return -EINVAL;
348
349 amount = sk->sk_sndbuf - atomic_read(&sk->sk_wmem_alloc);
350 if (amount < 0)
351 amount = 0;
352 err = put_user(amount, (int __user *) arg);
353 break;
354
355 case TIOCINQ:
356 if (sk->sk_state == BT_LISTEN)
357 return -EINVAL;
358
359 lock_sock(sk);
360 skb = skb_peek(&sk->sk_receive_queue);
361 amount = skb ? skb->len : 0;
362 release_sock(sk);
363 err = put_user(amount, (int __user *) arg);
364 break;
365
366 case SIOCGSTAMP:
367 err = sock_get_timestamp(sk, (struct timeval __user *) arg);
368 break;
369
370 case SIOCGSTAMPNS:
371 err = sock_get_timestampns(sk, (struct timespec __user *) arg);
372 break;
373
374 default:
375 err = -ENOIOCTLCMD;
376 break;
377 }
378
379 return err;
380}
381EXPORT_SYMBOL(bt_sock_ioctl);
382
332int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo) 383int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo)
333{ 384{
334 DECLARE_WAITQUEUE(wait, current); 385 DECLARE_WAITQUEUE(wait, current);
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 1d98a1b80da7..021172c0e666 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -503,6 +503,11 @@ static int bnep_session(void *arg)
503 /* Delete network device */ 503 /* Delete network device */
504 unregister_netdev(dev); 504 unregister_netdev(dev);
505 505
506 /* Wakeup user-space polling for socket errors */
507 s->sock->sk->sk_err = EUNATCH;
508
509 wake_up_interruptible(s->sock->sk->sk_sleep);
510
506 /* Release the socket */ 511 /* Release the socket */
507 fput(s->sock->file); 512 fput(s->sock->file);
508 513
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index f8880261da0e..ca8d05245ca0 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -59,24 +59,31 @@ void hci_acl_connect(struct hci_conn *conn)
59 BT_DBG("%p", conn); 59 BT_DBG("%p", conn);
60 60
61 conn->state = BT_CONNECT; 61 conn->state = BT_CONNECT;
62 conn->out = 1; 62 conn->out = 1;
63
63 conn->link_mode = HCI_LM_MASTER; 64 conn->link_mode = HCI_LM_MASTER;
64 65
65 conn->attempt++; 66 conn->attempt++;
66 67
68 conn->link_policy = hdev->link_policy;
69
67 memset(&cp, 0, sizeof(cp)); 70 memset(&cp, 0, sizeof(cp));
68 bacpy(&cp.bdaddr, &conn->dst); 71 bacpy(&cp.bdaddr, &conn->dst);
69 cp.pscan_rep_mode = 0x02; 72 cp.pscan_rep_mode = 0x02;
70 73
71 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) && 74 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
72 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 75 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
73 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 76 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
74 cp.pscan_mode = ie->data.pscan_mode; 77 cp.pscan_mode = ie->data.pscan_mode;
75 cp.clock_offset = ie->data.clock_offset | cpu_to_le16(0x8000); 78 cp.clock_offset = ie->data.clock_offset |
79 cpu_to_le16(0x8000);
80 }
81
76 memcpy(conn->dev_class, ie->data.dev_class, 3); 82 memcpy(conn->dev_class, ie->data.dev_class, 3);
83 conn->ssp_mode = ie->data.ssp_mode;
77 } 84 }
78 85
79 cp.pkt_type = cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK); 86 cp.pkt_type = cpu_to_le16(conn->pkt_type);
80 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER)) 87 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
81 cp.role_switch = 0x01; 88 cp.role_switch = 0x01;
82 else 89 else
@@ -122,7 +129,7 @@ void hci_add_sco(struct hci_conn *conn, __u16 handle)
122 conn->out = 1; 129 conn->out = 1;
123 130
124 cp.handle = cpu_to_le16(handle); 131 cp.handle = cpu_to_le16(handle);
125 cp.pkt_type = cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 132 cp.pkt_type = cpu_to_le16(conn->pkt_type);
126 133
127 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp); 134 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
128} 135}
@@ -138,7 +145,7 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle)
138 conn->out = 1; 145 conn->out = 1;
139 146
140 cp.handle = cpu_to_le16(handle); 147 cp.handle = cpu_to_le16(handle);
141 cp.pkt_type = cpu_to_le16(hdev->esco_type); 148 cp.pkt_type = cpu_to_le16(conn->pkt_type);
142 149
143 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 150 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
144 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 151 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
@@ -163,11 +170,13 @@ static void hci_conn_timeout(unsigned long arg)
163 170
164 switch (conn->state) { 171 switch (conn->state) {
165 case BT_CONNECT: 172 case BT_CONNECT:
173 case BT_CONNECT2:
166 if (conn->type == ACL_LINK) 174 if (conn->type == ACL_LINK)
167 hci_acl_connect_cancel(conn); 175 hci_acl_connect_cancel(conn);
168 else 176 else
169 hci_acl_disconn(conn, 0x13); 177 hci_acl_disconn(conn, 0x13);
170 break; 178 break;
179 case BT_CONFIG:
171 case BT_CONNECTED: 180 case BT_CONNECTED:
172 hci_acl_disconn(conn, 0x13); 181 hci_acl_disconn(conn, 0x13);
173 break; 182 break;
@@ -199,13 +208,28 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
199 return NULL; 208 return NULL;
200 209
201 bacpy(&conn->dst, dst); 210 bacpy(&conn->dst, dst);
202 conn->hdev = hdev; 211 conn->hdev = hdev;
203 conn->type = type; 212 conn->type = type;
204 conn->mode = HCI_CM_ACTIVE; 213 conn->mode = HCI_CM_ACTIVE;
205 conn->state = BT_OPEN; 214 conn->state = BT_OPEN;
206 215
207 conn->power_save = 1; 216 conn->power_save = 1;
208 217
218 switch (type) {
219 case ACL_LINK:
220 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
221 break;
222 case SCO_LINK:
223 if (lmp_esco_capable(hdev))
224 conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
225 else
226 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
227 break;
228 case ESCO_LINK:
229 conn->pkt_type = hdev->esco_type;
230 break;
231 }
232
209 skb_queue_head_init(&conn->data_q); 233 skb_queue_head_init(&conn->data_q);
210 234
211 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn); 235 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
@@ -221,8 +245,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
221 if (hdev->notify) 245 if (hdev->notify)
222 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 246 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
223 247
224 hci_conn_add_sysfs(conn);
225
226 tasklet_enable(&hdev->tx_task); 248 tasklet_enable(&hdev->tx_task);
227 249
228 return conn; 250 return conn;
@@ -254,12 +276,14 @@ int hci_conn_del(struct hci_conn *conn)
254 } 276 }
255 277
256 tasklet_disable(&hdev->tx_task); 278 tasklet_disable(&hdev->tx_task);
279
257 hci_conn_hash_del(hdev, conn); 280 hci_conn_hash_del(hdev, conn);
258 if (hdev->notify) 281 if (hdev->notify)
259 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 282 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
283
260 tasklet_enable(&hdev->tx_task); 284 tasklet_enable(&hdev->tx_task);
285
261 skb_queue_purge(&conn->data_q); 286 skb_queue_purge(&conn->data_q);
262 hci_conn_del_sysfs(conn);
263 287
264 return 0; 288 return 0;
265} 289}
@@ -355,13 +379,21 @@ int hci_conn_auth(struct hci_conn *conn)
355{ 379{
356 BT_DBG("conn %p", conn); 380 BT_DBG("conn %p", conn);
357 381
382 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) {
383 if (!(conn->auth_type & 0x01)) {
384 conn->auth_type = HCI_AT_GENERAL_BONDING_MITM;
385 conn->link_mode &= ~HCI_LM_AUTH;
386 }
387 }
388
358 if (conn->link_mode & HCI_LM_AUTH) 389 if (conn->link_mode & HCI_LM_AUTH)
359 return 1; 390 return 1;
360 391
361 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 392 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
362 struct hci_cp_auth_requested cp; 393 struct hci_cp_auth_requested cp;
363 cp.handle = cpu_to_le16(conn->handle); 394 cp.handle = cpu_to_le16(conn->handle);
364 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 395 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
396 sizeof(cp), &cp);
365 } 397 }
366 return 0; 398 return 0;
367} 399}
@@ -373,7 +405,7 @@ int hci_conn_encrypt(struct hci_conn *conn)
373 BT_DBG("conn %p", conn); 405 BT_DBG("conn %p", conn);
374 406
375 if (conn->link_mode & HCI_LM_ENCRYPT) 407 if (conn->link_mode & HCI_LM_ENCRYPT)
376 return 1; 408 return hci_conn_auth(conn);
377 409
378 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) 410 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
379 return 0; 411 return 0;
@@ -382,7 +414,8 @@ int hci_conn_encrypt(struct hci_conn *conn)
382 struct hci_cp_set_conn_encrypt cp; 414 struct hci_cp_set_conn_encrypt cp;
383 cp.handle = cpu_to_le16(conn->handle); 415 cp.handle = cpu_to_le16(conn->handle);
384 cp.encrypt = 1; 416 cp.encrypt = 1;
385 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp); 417 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT,
418 sizeof(cp), &cp);
386 } 419 }
387 return 0; 420 return 0;
388} 421}
@@ -396,7 +429,8 @@ int hci_conn_change_link_key(struct hci_conn *conn)
396 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { 429 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
397 struct hci_cp_change_conn_link_key cp; 430 struct hci_cp_change_conn_link_key cp;
398 cp.handle = cpu_to_le16(conn->handle); 431 cp.handle = cpu_to_le16(conn->handle);
399 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp); 432 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY,
433 sizeof(cp), &cp);
400 } 434 }
401 return 0; 435 return 0;
402} 436}
@@ -498,6 +532,8 @@ void hci_conn_hash_flush(struct hci_dev *hdev)
498 532
499 c->state = BT_CLOSED; 533 c->state = BT_CLOSED;
500 534
535 hci_conn_del_sysfs(c);
536
501 hci_proto_disconn_ind(c, 0x16); 537 hci_proto_disconn_ind(c, 0x16);
502 hci_conn_del(c); 538 hci_conn_del(c);
503 } 539 }
@@ -600,3 +636,23 @@ int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
600 636
601 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0; 637 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;
602} 638}
639
640int hci_get_auth_info(struct hci_dev *hdev, void __user *arg)
641{
642 struct hci_auth_info_req req;
643 struct hci_conn *conn;
644
645 if (copy_from_user(&req, arg, sizeof(req)))
646 return -EFAULT;
647
648 hci_dev_lock_bh(hdev);
649 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &req.bdaddr);
650 if (conn)
651 req.type = conn->auth_type;
652 hci_dev_unlock_bh(hdev);
653
654 if (!conn)
655 return -ENOENT;
656
657 return copy_to_user(arg, &req, sizeof(req)) ? -EFAULT : 0;
658}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index aec6929f5c16..f5b21cb93699 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -279,10 +279,20 @@ static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
279 279
280 BT_DBG("%s %x", hdev->name, encrypt); 280 BT_DBG("%s %x", hdev->name, encrypt);
281 281
282 /* Authentication */ 282 /* Encryption */
283 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt); 283 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
284} 284}
285 285
286static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
287{
288 __le16 policy = cpu_to_le16(opt);
289
290 BT_DBG("%s %x", hdev->name, opt);
291
292 /* Default link policy */
293 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
294}
295
286/* Get HCI device by index. 296/* Get HCI device by index.
287 * Device is held on return. */ 297 * Device is held on return. */
288struct hci_dev *hci_dev_get(int index) 298struct hci_dev *hci_dev_get(int index)
@@ -694,32 +704,35 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
694 msecs_to_jiffies(HCI_INIT_TIMEOUT)); 704 msecs_to_jiffies(HCI_INIT_TIMEOUT));
695 break; 705 break;
696 706
697 case HCISETPTYPE:
698 hdev->pkt_type = (__u16) dr.dev_opt;
699 break;
700
701 case HCISETLINKPOL: 707 case HCISETLINKPOL:
702 hdev->link_policy = (__u16) dr.dev_opt; 708 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
709 msecs_to_jiffies(HCI_INIT_TIMEOUT));
703 break; 710 break;
704 711
705 case HCISETLINKMODE: 712 case HCISETLINKMODE:
706 hdev->link_mode = ((__u16) dr.dev_opt) & (HCI_LM_MASTER | HCI_LM_ACCEPT); 713 hdev->link_mode = ((__u16) dr.dev_opt) &
714 (HCI_LM_MASTER | HCI_LM_ACCEPT);
715 break;
716
717 case HCISETPTYPE:
718 hdev->pkt_type = (__u16) dr.dev_opt;
707 break; 719 break;
708 720
709 case HCISETACLMTU: 721 case HCISETACLMTU:
710 hdev->acl_mtu = *((__u16 *)&dr.dev_opt + 1); 722 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
711 hdev->acl_pkts = *((__u16 *)&dr.dev_opt + 0); 723 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
712 break; 724 break;
713 725
714 case HCISETSCOMTU: 726 case HCISETSCOMTU:
715 hdev->sco_mtu = *((__u16 *)&dr.dev_opt + 1); 727 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
716 hdev->sco_pkts = *((__u16 *)&dr.dev_opt + 0); 728 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
717 break; 729 break;
718 730
719 default: 731 default:
720 err = -EINVAL; 732 err = -EINVAL;
721 break; 733 break;
722 } 734 }
735
723 hci_dev_put(hdev); 736 hci_dev_put(hdev);
724 return err; 737 return err;
725} 738}
@@ -1270,9 +1283,12 @@ static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int
1270 struct hci_conn *c; 1283 struct hci_conn *c;
1271 c = list_entry(p, struct hci_conn, list); 1284 c = list_entry(p, struct hci_conn, list);
1272 1285
1273 if (c->type != type || c->state != BT_CONNECTED 1286 if (c->type != type || skb_queue_empty(&c->data_q))
1274 || skb_queue_empty(&c->data_q)) 1287 continue;
1288
1289 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
1275 continue; 1290 continue;
1291
1276 num++; 1292 num++;
1277 1293
1278 if (c->sent < min) { 1294 if (c->sent < min) {
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6aef8f24e581..0e3db289f4be 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -110,6 +110,25 @@ static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
110 hci_dev_unlock(hdev); 110 hci_dev_unlock(hdev);
111} 111}
112 112
113static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{
115 struct hci_rp_read_link_policy *rp = (void *) skb->data;
116 struct hci_conn *conn;
117
118 BT_DBG("%s status 0x%x", hdev->name, rp->status);
119
120 if (rp->status)
121 return;
122
123 hci_dev_lock(hdev);
124
125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 if (conn)
127 conn->link_policy = __le16_to_cpu(rp->policy);
128
129 hci_dev_unlock(hdev);
130}
131
113static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb) 132static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114{ 133{
115 struct hci_rp_write_link_policy *rp = (void *) skb->data; 134 struct hci_rp_write_link_policy *rp = (void *) skb->data;
@@ -128,13 +147,41 @@ static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
128 hci_dev_lock(hdev); 147 hci_dev_lock(hdev);
129 148
130 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle)); 149 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
131 if (conn) { 150 if (conn)
132 conn->link_policy = get_unaligned_le16(sent + 2); 151 conn->link_policy = get_unaligned_le16(sent + 2);
133 }
134 152
135 hci_dev_unlock(hdev); 153 hci_dev_unlock(hdev);
136} 154}
137 155
156static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157{
158 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159
160 BT_DBG("%s status 0x%x", hdev->name, rp->status);
161
162 if (rp->status)
163 return;
164
165 hdev->link_policy = __le16_to_cpu(rp->policy);
166}
167
168static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169{
170 __u8 status = *((__u8 *) skb->data);
171 void *sent;
172
173 BT_DBG("%s status 0x%x", hdev->name, status);
174
175 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
176 if (!sent)
177 return;
178
179 if (!status)
180 hdev->link_policy = get_unaligned_le16(sent);
181
182 hci_req_complete(hdev, status);
183}
184
138static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb) 185static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
139{ 186{
140 __u8 status = *((__u8 *) skb->data); 187 __u8 status = *((__u8 *) skb->data);
@@ -151,12 +198,14 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
151 198
152 BT_DBG("%s status 0x%x", hdev->name, status); 199 BT_DBG("%s status 0x%x", hdev->name, status);
153 200
201 if (status)
202 return;
203
154 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME); 204 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
155 if (!sent) 205 if (!sent)
156 return; 206 return;
157 207
158 if (!status) 208 memcpy(hdev->dev_name, sent, 248);
159 memcpy(hdev->dev_name, sent, 248);
160} 209}
161 210
162static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb) 211static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -266,12 +315,14 @@ static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
266 315
267 BT_DBG("%s status 0x%x", hdev->name, status); 316 BT_DBG("%s status 0x%x", hdev->name, status);
268 317
318 if (status)
319 return;
320
269 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV); 321 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
270 if (!sent) 322 if (!sent)
271 return; 323 return;
272 324
273 if (!status) 325 memcpy(hdev->dev_class, sent, 3);
274 memcpy(hdev->dev_class, sent, 3);
275} 326}
276 327
277static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 328static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
@@ -286,7 +337,7 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
286 337
287 setting = __le16_to_cpu(rp->voice_setting); 338 setting = __le16_to_cpu(rp->voice_setting);
288 339
289 if (hdev->voice_setting == setting ) 340 if (hdev->voice_setting == setting)
290 return; 341 return;
291 342
292 hdev->voice_setting = setting; 343 hdev->voice_setting = setting;
@@ -303,28 +354,31 @@ static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
303static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb) 354static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
304{ 355{
305 __u8 status = *((__u8 *) skb->data); 356 __u8 status = *((__u8 *) skb->data);
357 __u16 setting;
306 void *sent; 358 void *sent;
307 359
308 BT_DBG("%s status 0x%x", hdev->name, status); 360 BT_DBG("%s status 0x%x", hdev->name, status);
309 361
362 if (status)
363 return;
364
310 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING); 365 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
311 if (!sent) 366 if (!sent)
312 return; 367 return;
313 368
314 if (!status) { 369 setting = get_unaligned_le16(sent);
315 __u16 setting = get_unaligned_le16(sent);
316 370
317 if (hdev->voice_setting != setting) { 371 if (hdev->voice_setting == setting)
318 hdev->voice_setting = setting; 372 return;
319 373
320 BT_DBG("%s voice setting 0x%04x", hdev->name, setting); 374 hdev->voice_setting = setting;
321 375
322 if (hdev->notify) { 376 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
323 tasklet_disable(&hdev->tx_task); 377
324 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING); 378 if (hdev->notify) {
325 tasklet_enable(&hdev->tx_task); 379 tasklet_disable(&hdev->tx_task);
326 } 380 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
327 } 381 tasklet_enable(&hdev->tx_task);
328 } 382 }
329} 383}
330 384
@@ -337,6 +391,35 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
337 hci_req_complete(hdev, status); 391 hci_req_complete(hdev, status);
338} 392}
339 393
394static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
395{
396 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
397
398 BT_DBG("%s status 0x%x", hdev->name, rp->status);
399
400 if (rp->status)
401 return;
402
403 hdev->ssp_mode = rp->mode;
404}
405
406static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
407{
408 __u8 status = *((__u8 *) skb->data);
409 void *sent;
410
411 BT_DBG("%s status 0x%x", hdev->name, status);
412
413 if (status)
414 return;
415
416 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
417 if (!sent)
418 return;
419
420 hdev->ssp_mode = *((__u8 *) sent);
421}
422
340static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) 423static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
341{ 424{
342 struct hci_rp_read_local_version *rp = (void *) skb->data; 425 struct hci_rp_read_local_version *rp = (void *) skb->data;
@@ -347,8 +430,8 @@ static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
347 return; 430 return;
348 431
349 hdev->hci_ver = rp->hci_ver; 432 hdev->hci_ver = rp->hci_ver;
350 hdev->hci_rev = btohs(rp->hci_rev); 433 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
351 hdev->manufacturer = btohs(rp->manufacturer); 434 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
352 435
353 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name, 436 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
354 hdev->manufacturer, 437 hdev->manufacturer,
@@ -536,11 +619,119 @@ static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
536 hci_dev_unlock(hdev); 619 hci_dev_unlock(hdev);
537} 620}
538 621
622static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
623{
624 struct hci_cp_auth_requested *cp;
625 struct hci_conn *conn;
626
627 BT_DBG("%s status 0x%x", hdev->name, status);
628
629 if (!status)
630 return;
631
632 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
633 if (!cp)
634 return;
635
636 hci_dev_lock(hdev);
637
638 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
639 if (conn) {
640 if (conn->state == BT_CONFIG) {
641 hci_proto_connect_cfm(conn, status);
642 hci_conn_put(conn);
643 }
644 }
645
646 hci_dev_unlock(hdev);
647}
648
649static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
650{
651 struct hci_cp_set_conn_encrypt *cp;
652 struct hci_conn *conn;
653
654 BT_DBG("%s status 0x%x", hdev->name, status);
655
656 if (!status)
657 return;
658
659 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
660 if (!cp)
661 return;
662
663 hci_dev_lock(hdev);
664
665 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
666 if (conn) {
667 if (conn->state == BT_CONFIG) {
668 hci_proto_connect_cfm(conn, status);
669 hci_conn_put(conn);
670 }
671 }
672
673 hci_dev_unlock(hdev);
674}
675
539static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status) 676static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
540{ 677{
541 BT_DBG("%s status 0x%x", hdev->name, status); 678 BT_DBG("%s status 0x%x", hdev->name, status);
542} 679}
543 680
681static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
682{
683 struct hci_cp_read_remote_features *cp;
684 struct hci_conn *conn;
685
686 BT_DBG("%s status 0x%x", hdev->name, status);
687
688 if (!status)
689 return;
690
691 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
692 if (!cp)
693 return;
694
695 hci_dev_lock(hdev);
696
697 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
698 if (conn) {
699 if (conn->state == BT_CONFIG) {
700 hci_proto_connect_cfm(conn, status);
701 hci_conn_put(conn);
702 }
703 }
704
705 hci_dev_unlock(hdev);
706}
707
708static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
709{
710 struct hci_cp_read_remote_ext_features *cp;
711 struct hci_conn *conn;
712
713 BT_DBG("%s status 0x%x", hdev->name, status);
714
715 if (!status)
716 return;
717
718 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
719 if (!cp)
720 return;
721
722 hci_dev_lock(hdev);
723
724 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
725 if (conn) {
726 if (conn->state == BT_CONFIG) {
727 hci_proto_connect_cfm(conn, status);
728 hci_conn_put(conn);
729 }
730 }
731
732 hci_dev_unlock(hdev);
733}
734
544static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status) 735static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
545{ 736{
546 struct hci_cp_setup_sync_conn *cp; 737 struct hci_cp_setup_sync_conn *cp;
@@ -653,6 +844,7 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
653 memcpy(data.dev_class, info->dev_class, 3); 844 memcpy(data.dev_class, info->dev_class, 3);
654 data.clock_offset = info->clock_offset; 845 data.clock_offset = info->clock_offset;
655 data.rssi = 0x00; 846 data.rssi = 0x00;
847 data.ssp_mode = 0x00;
656 info++; 848 info++;
657 hci_inquiry_cache_update(hdev, &data); 849 hci_inquiry_cache_update(hdev, &data);
658 } 850 }
@@ -675,7 +867,14 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
675 867
676 if (!ev->status) { 868 if (!ev->status) {
677 conn->handle = __le16_to_cpu(ev->handle); 869 conn->handle = __le16_to_cpu(ev->handle);
678 conn->state = BT_CONNECTED; 870
871 if (conn->type == ACL_LINK) {
872 conn->state = BT_CONFIG;
873 hci_conn_hold(conn);
874 } else
875 conn->state = BT_CONNECTED;
876
877 hci_conn_add_sysfs(conn);
679 878
680 if (test_bit(HCI_AUTH, &hdev->flags)) 879 if (test_bit(HCI_AUTH, &hdev->flags))
681 conn->link_mode |= HCI_LM_AUTH; 880 conn->link_mode |= HCI_LM_AUTH;
@@ -687,30 +886,17 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
687 if (conn->type == ACL_LINK) { 886 if (conn->type == ACL_LINK) {
688 struct hci_cp_read_remote_features cp; 887 struct hci_cp_read_remote_features cp;
689 cp.handle = ev->handle; 888 cp.handle = ev->handle;
690 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES, sizeof(cp), &cp); 889 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
691 } 890 sizeof(cp), &cp);
692
693 /* Set link policy */
694 if (conn->type == ACL_LINK && hdev->link_policy) {
695 struct hci_cp_write_link_policy cp;
696 cp.handle = ev->handle;
697 cp.policy = cpu_to_le16(hdev->link_policy);
698 hci_send_cmd(hdev, HCI_OP_WRITE_LINK_POLICY, sizeof(cp), &cp);
699 } 891 }
700 892
701 /* Set packet type for incoming connection */ 893 /* Set packet type for incoming connection */
702 if (!conn->out) { 894 if (!conn->out && hdev->hci_ver < 3) {
703 struct hci_cp_change_conn_ptype cp; 895 struct hci_cp_change_conn_ptype cp;
704 cp.handle = ev->handle; 896 cp.handle = ev->handle;
705 cp.pkt_type = (conn->type == ACL_LINK) ? 897 cp.pkt_type = cpu_to_le16(conn->pkt_type);
706 cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK): 898 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
707 cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 899 sizeof(cp), &cp);
708
709 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
710 } else {
711 /* Update disconnect timer */
712 hci_conn_hold(conn);
713 hci_conn_put(conn);
714 } 900 }
715 } else 901 } else
716 conn->state = BT_CLOSED; 902 conn->state = BT_CLOSED;
@@ -730,9 +916,10 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
730 } 916 }
731 } 917 }
732 918
733 hci_proto_connect_cfm(conn, ev->status); 919 if (ev->status) {
734 if (ev->status) 920 hci_proto_connect_cfm(conn, ev->status);
735 hci_conn_del(conn); 921 hci_conn_del(conn);
922 }
736 923
737unlock: 924unlock:
738 hci_dev_unlock(hdev); 925 hci_dev_unlock(hdev);
@@ -752,10 +939,14 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
752 939
753 if (mask & HCI_LM_ACCEPT) { 940 if (mask & HCI_LM_ACCEPT) {
754 /* Connection accepted */ 941 /* Connection accepted */
942 struct inquiry_entry *ie;
755 struct hci_conn *conn; 943 struct hci_conn *conn;
756 944
757 hci_dev_lock(hdev); 945 hci_dev_lock(hdev);
758 946
947 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
948 memcpy(ie->data.dev_class, ev->dev_class, 3);
949
759 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 950 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
760 if (!conn) { 951 if (!conn) {
761 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) { 952 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
@@ -786,7 +977,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
786 struct hci_cp_accept_sync_conn_req cp; 977 struct hci_cp_accept_sync_conn_req cp;
787 978
788 bacpy(&cp.bdaddr, &ev->bdaddr); 979 bacpy(&cp.bdaddr, &ev->bdaddr);
789 cp.pkt_type = cpu_to_le16(hdev->esco_type); 980 cp.pkt_type = cpu_to_le16(conn->pkt_type);
790 981
791 cp.tx_bandwidth = cpu_to_le32(0x00001f40); 982 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
792 cp.rx_bandwidth = cpu_to_le32(0x00001f40); 983 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
@@ -822,6 +1013,9 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff
822 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1013 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
823 if (conn) { 1014 if (conn) {
824 conn->state = BT_CLOSED; 1015 conn->state = BT_CLOSED;
1016
1017 hci_conn_del_sysfs(conn);
1018
825 hci_proto_disconn_ind(conn, ev->reason); 1019 hci_proto_disconn_ind(conn, ev->reason);
826 hci_conn_del(conn); 1020 hci_conn_del(conn);
827 } 1021 }
@@ -845,15 +1039,29 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
845 1039
846 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1040 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
847 1041
848 hci_auth_cfm(conn, ev->status); 1042 if (conn->state == BT_CONFIG) {
1043 if (!ev->status && hdev->ssp_mode > 0 &&
1044 conn->ssp_mode > 0) {
1045 struct hci_cp_set_conn_encrypt cp;
1046 cp.handle = ev->handle;
1047 cp.encrypt = 0x01;
1048 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1049 sizeof(cp), &cp);
1050 } else {
1051 conn->state = BT_CONNECTED;
1052 hci_proto_connect_cfm(conn, ev->status);
1053 hci_conn_put(conn);
1054 }
1055 } else
1056 hci_auth_cfm(conn, ev->status);
849 1057
850 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { 1058 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
851 if (!ev->status) { 1059 if (!ev->status) {
852 struct hci_cp_set_conn_encrypt cp; 1060 struct hci_cp_set_conn_encrypt cp;
853 cp.handle = cpu_to_le16(conn->handle); 1061 cp.handle = ev->handle;
854 cp.encrypt = 1; 1062 cp.encrypt = 0x01;
855 hci_send_cmd(conn->hdev, 1063 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
856 HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp); 1064 sizeof(cp), &cp);
857 } else { 1065 } else {
858 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1066 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
859 hci_encrypt_cfm(conn, ev->status, 0x00); 1067 hci_encrypt_cfm(conn, ev->status, 0x00);
@@ -883,15 +1091,24 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1091 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
884 if (conn) { 1092 if (conn) {
885 if (!ev->status) { 1093 if (!ev->status) {
886 if (ev->encrypt) 1094 if (ev->encrypt) {
1095 /* Encryption implies authentication */
1096 conn->link_mode |= HCI_LM_AUTH;
887 conn->link_mode |= HCI_LM_ENCRYPT; 1097 conn->link_mode |= HCI_LM_ENCRYPT;
888 else 1098 } else
889 conn->link_mode &= ~HCI_LM_ENCRYPT; 1099 conn->link_mode &= ~HCI_LM_ENCRYPT;
890 } 1100 }
891 1101
892 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 1102 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
893 1103
894 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 1104 if (conn->state == BT_CONFIG) {
1105 if (!ev->status)
1106 conn->state = BT_CONNECTED;
1107
1108 hci_proto_connect_cfm(conn, ev->status);
1109 hci_conn_put(conn);
1110 } else
1111 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
895 } 1112 }
896 1113
897 hci_dev_unlock(hdev); 1114 hci_dev_unlock(hdev);
@@ -926,14 +1143,29 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
926 1143
927 BT_DBG("%s status %d", hdev->name, ev->status); 1144 BT_DBG("%s status %d", hdev->name, ev->status);
928 1145
929 if (ev->status)
930 return;
931
932 hci_dev_lock(hdev); 1146 hci_dev_lock(hdev);
933 1147
934 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
935 if (conn) 1149 if (conn) {
936 memcpy(conn->features, ev->features, 8); 1150 if (!ev->status)
1151 memcpy(conn->features, ev->features, 8);
1152
1153 if (conn->state == BT_CONFIG) {
1154 if (!ev->status && lmp_ssp_capable(hdev) &&
1155 lmp_ssp_capable(conn)) {
1156 struct hci_cp_read_remote_ext_features cp;
1157 cp.handle = ev->handle;
1158 cp.page = 0x01;
1159 hci_send_cmd(hdev,
1160 HCI_OP_READ_REMOTE_EXT_FEATURES,
1161 sizeof(cp), &cp);
1162 } else {
1163 conn->state = BT_CONNECTED;
1164 hci_proto_connect_cfm(conn, ev->status);
1165 hci_conn_put(conn);
1166 }
1167 }
1168 }
937 1169
938 hci_dev_unlock(hdev); 1170 hci_dev_unlock(hdev);
939} 1171}
@@ -974,10 +1206,22 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
974 hci_cc_role_discovery(hdev, skb); 1206 hci_cc_role_discovery(hdev, skb);
975 break; 1207 break;
976 1208
1209 case HCI_OP_READ_LINK_POLICY:
1210 hci_cc_read_link_policy(hdev, skb);
1211 break;
1212
977 case HCI_OP_WRITE_LINK_POLICY: 1213 case HCI_OP_WRITE_LINK_POLICY:
978 hci_cc_write_link_policy(hdev, skb); 1214 hci_cc_write_link_policy(hdev, skb);
979 break; 1215 break;
980 1216
1217 case HCI_OP_READ_DEF_LINK_POLICY:
1218 hci_cc_read_def_link_policy(hdev, skb);
1219 break;
1220
1221 case HCI_OP_WRITE_DEF_LINK_POLICY:
1222 hci_cc_write_def_link_policy(hdev, skb);
1223 break;
1224
981 case HCI_OP_RESET: 1225 case HCI_OP_RESET:
982 hci_cc_reset(hdev, skb); 1226 hci_cc_reset(hdev, skb);
983 break; 1227 break;
@@ -1022,6 +1266,14 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
1022 hci_cc_host_buffer_size(hdev, skb); 1266 hci_cc_host_buffer_size(hdev, skb);
1023 break; 1267 break;
1024 1268
1269 case HCI_OP_READ_SSP_MODE:
1270 hci_cc_read_ssp_mode(hdev, skb);
1271 break;
1272
1273 case HCI_OP_WRITE_SSP_MODE:
1274 hci_cc_write_ssp_mode(hdev, skb);
1275 break;
1276
1025 case HCI_OP_READ_LOCAL_VERSION: 1277 case HCI_OP_READ_LOCAL_VERSION:
1026 hci_cc_read_local_version(hdev, skb); 1278 hci_cc_read_local_version(hdev, skb);
1027 break; 1279 break;
@@ -1076,10 +1328,26 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1076 hci_cs_add_sco(hdev, ev->status); 1328 hci_cs_add_sco(hdev, ev->status);
1077 break; 1329 break;
1078 1330
1331 case HCI_OP_AUTH_REQUESTED:
1332 hci_cs_auth_requested(hdev, ev->status);
1333 break;
1334
1335 case HCI_OP_SET_CONN_ENCRYPT:
1336 hci_cs_set_conn_encrypt(hdev, ev->status);
1337 break;
1338
1079 case HCI_OP_REMOTE_NAME_REQ: 1339 case HCI_OP_REMOTE_NAME_REQ:
1080 hci_cs_remote_name_req(hdev, ev->status); 1340 hci_cs_remote_name_req(hdev, ev->status);
1081 break; 1341 break;
1082 1342
1343 case HCI_OP_READ_REMOTE_FEATURES:
1344 hci_cs_read_remote_features(hdev, ev->status);
1345 break;
1346
1347 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1348 hci_cs_read_remote_ext_features(hdev, ev->status);
1349 break;
1350
1083 case HCI_OP_SETUP_SYNC_CONN: 1351 case HCI_OP_SETUP_SYNC_CONN:
1084 hci_cs_setup_sync_conn(hdev, ev->status); 1352 hci_cs_setup_sync_conn(hdev, ev->status);
1085 break; 1353 break;
@@ -1235,6 +1503,22 @@ static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *sk
1235 hci_dev_unlock(hdev); 1503 hci_dev_unlock(hdev);
1236} 1504}
1237 1505
1506static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1507{
1508 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
1509 struct hci_conn *conn;
1510
1511 BT_DBG("%s status %d", hdev->name, ev->status);
1512
1513 hci_dev_lock(hdev);
1514
1515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1516 if (conn && !ev->status)
1517 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
1518
1519 hci_dev_unlock(hdev);
1520}
1521
1238static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb) 1522static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1239{ 1523{
1240 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data; 1524 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
@@ -1275,6 +1559,7 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1275 memcpy(data.dev_class, info->dev_class, 3); 1559 memcpy(data.dev_class, info->dev_class, 3);
1276 data.clock_offset = info->clock_offset; 1560 data.clock_offset = info->clock_offset;
1277 data.rssi = info->rssi; 1561 data.rssi = info->rssi;
1562 data.ssp_mode = 0x00;
1278 info++; 1563 info++;
1279 hci_inquiry_cache_update(hdev, &data); 1564 hci_inquiry_cache_update(hdev, &data);
1280 } 1565 }
@@ -1289,6 +1574,7 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1289 memcpy(data.dev_class, info->dev_class, 3); 1574 memcpy(data.dev_class, info->dev_class, 3);
1290 data.clock_offset = info->clock_offset; 1575 data.clock_offset = info->clock_offset;
1291 data.rssi = info->rssi; 1576 data.rssi = info->rssi;
1577 data.ssp_mode = 0x00;
1292 info++; 1578 info++;
1293 hci_inquiry_cache_update(hdev, &data); 1579 hci_inquiry_cache_update(hdev, &data);
1294 } 1580 }
@@ -1299,7 +1585,43 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
1299 1585
1300static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1586static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1301{ 1587{
1588 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
1589 struct hci_conn *conn;
1590
1302 BT_DBG("%s", hdev->name); 1591 BT_DBG("%s", hdev->name);
1592
1593 hci_dev_lock(hdev);
1594
1595 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1596 if (conn) {
1597 if (!ev->status && ev->page == 0x01) {
1598 struct inquiry_entry *ie;
1599
1600 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)))
1601 ie->data.ssp_mode = (ev->features[0] & 0x01);
1602
1603 conn->ssp_mode = (ev->features[0] & 0x01);
1604 }
1605
1606 if (conn->state == BT_CONFIG) {
1607 if (!ev->status && hdev->ssp_mode > 0 &&
1608 conn->ssp_mode > 0) {
1609 if (conn->out) {
1610 struct hci_cp_auth_requested cp;
1611 cp.handle = ev->handle;
1612 hci_send_cmd(hdev,
1613 HCI_OP_AUTH_REQUESTED,
1614 sizeof(cp), &cp);
1615 }
1616 } else {
1617 conn->state = BT_CONNECTED;
1618 hci_proto_connect_cfm(conn, ev->status);
1619 hci_conn_put(conn);
1620 }
1621 }
1622 }
1623
1624 hci_dev_unlock(hdev);
1303} 1625}
1304 1626
1305static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1627static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
@@ -1312,12 +1634,22 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
1312 hci_dev_lock(hdev); 1634 hci_dev_lock(hdev);
1313 1635
1314 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); 1636 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1315 if (!conn) 1637 if (!conn) {
1316 goto unlock; 1638 if (ev->link_type == ESCO_LINK)
1639 goto unlock;
1640
1641 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1642 if (!conn)
1643 goto unlock;
1644
1645 conn->type = SCO_LINK;
1646 }
1317 1647
1318 if (!ev->status) { 1648 if (!ev->status) {
1319 conn->handle = __le16_to_cpu(ev->handle); 1649 conn->handle = __le16_to_cpu(ev->handle);
1320 conn->state = BT_CONNECTED; 1650 conn->state = BT_CONNECTED;
1651
1652 hci_conn_add_sysfs(conn);
1321 } else 1653 } else
1322 conn->state = BT_CLOSED; 1654 conn->state = BT_CLOSED;
1323 1655
@@ -1371,6 +1703,7 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1371 memcpy(data.dev_class, info->dev_class, 3); 1703 memcpy(data.dev_class, info->dev_class, 3);
1372 data.clock_offset = info->clock_offset; 1704 data.clock_offset = info->clock_offset;
1373 data.rssi = info->rssi; 1705 data.rssi = info->rssi;
1706 data.ssp_mode = 0x01;
1374 info++; 1707 info++;
1375 hci_inquiry_cache_update(hdev, &data); 1708 hci_inquiry_cache_update(hdev, &data);
1376 } 1709 }
@@ -1378,6 +1711,53 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
1378 hci_dev_unlock(hdev); 1711 hci_dev_unlock(hdev);
1379} 1712}
1380 1713
1714static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1715{
1716 struct hci_ev_io_capa_request *ev = (void *) skb->data;
1717 struct hci_conn *conn;
1718
1719 BT_DBG("%s", hdev->name);
1720
1721 hci_dev_lock(hdev);
1722
1723 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1724 if (conn)
1725 hci_conn_hold(conn);
1726
1727 hci_dev_unlock(hdev);
1728}
1729
1730static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1731{
1732 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
1733 struct hci_conn *conn;
1734
1735 BT_DBG("%s", hdev->name);
1736
1737 hci_dev_lock(hdev);
1738
1739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1740 if (conn)
1741 hci_conn_put(conn);
1742
1743 hci_dev_unlock(hdev);
1744}
1745
1746static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1747{
1748 struct hci_ev_remote_host_features *ev = (void *) skb->data;
1749 struct inquiry_entry *ie;
1750
1751 BT_DBG("%s", hdev->name);
1752
1753 hci_dev_lock(hdev);
1754
1755 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr)))
1756 ie->data.ssp_mode = (ev->features[0] & 0x01);
1757
1758 hci_dev_unlock(hdev);
1759}
1760
1381void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 1761void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1382{ 1762{
1383 struct hci_event_hdr *hdr = (void *) skb->data; 1763 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -1470,6 +1850,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1470 hci_clock_offset_evt(hdev, skb); 1850 hci_clock_offset_evt(hdev, skb);
1471 break; 1851 break;
1472 1852
1853 case HCI_EV_PKT_TYPE_CHANGE:
1854 hci_pkt_type_change_evt(hdev, skb);
1855 break;
1856
1473 case HCI_EV_PSCAN_REP_MODE: 1857 case HCI_EV_PSCAN_REP_MODE:
1474 hci_pscan_rep_mode_evt(hdev, skb); 1858 hci_pscan_rep_mode_evt(hdev, skb);
1475 break; 1859 break;
@@ -1498,6 +1882,18 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1498 hci_extended_inquiry_result_evt(hdev, skb); 1882 hci_extended_inquiry_result_evt(hdev, skb);
1499 break; 1883 break;
1500 1884
1885 case HCI_EV_IO_CAPA_REQUEST:
1886 hci_io_capa_request_evt(hdev, skb);
1887 break;
1888
1889 case HCI_EV_SIMPLE_PAIR_COMPLETE:
1890 hci_simple_pair_complete_evt(hdev, skb);
1891 break;
1892
1893 case HCI_EV_REMOTE_HOST_FEATURES:
1894 hci_remote_host_features_evt(hdev, skb);
1895 break;
1896
1501 default: 1897 default:
1502 BT_DBG("%s event 0x%x", hdev->name, event); 1898 BT_DBG("%s event 0x%x", hdev->name, event);
1503 break; 1899 break;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 747fabd735d2..d62579b67959 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -193,19 +193,11 @@ static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsign
193 193
194 return 0; 194 return 0;
195 195
196 case HCISETSECMGR:
197 if (!capable(CAP_NET_ADMIN))
198 return -EACCES;
199
200 if (arg)
201 set_bit(HCI_SECMGR, &hdev->flags);
202 else
203 clear_bit(HCI_SECMGR, &hdev->flags);
204
205 return 0;
206
207 case HCIGETCONNINFO: 196 case HCIGETCONNINFO:
208 return hci_get_conn_info(hdev, (void __user *)arg); 197 return hci_get_conn_info(hdev, (void __user *) arg);
198
199 case HCIGETAUTHINFO:
200 return hci_get_auth_info(hdev, (void __user *) arg);
209 201
210 default: 202 default:
211 if (hdev->ioctl) 203 if (hdev->ioctl)
@@ -217,7 +209,7 @@ static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsign
217static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 209static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
218{ 210{
219 struct sock *sk = sock->sk; 211 struct sock *sk = sock->sk;
220 void __user *argp = (void __user *)arg; 212 void __user *argp = (void __user *) arg;
221 int err; 213 int err;
222 214
223 BT_DBG("cmd %x arg %lx", cmd, arg); 215 BT_DBG("cmd %x arg %lx", cmd, arg);
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 84360c117d4e..844ca5f1b2d4 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -113,11 +113,13 @@ static ssize_t show_inquiry_cache(struct device *dev, struct device_attribute *a
113 struct inquiry_data *data = &e->data; 113 struct inquiry_data *data = &e->data;
114 bdaddr_t bdaddr; 114 bdaddr_t bdaddr;
115 baswap(&bdaddr, &data->bdaddr); 115 baswap(&bdaddr, &data->bdaddr);
116 n += sprintf(buf + n, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %u\n", 116 n += sprintf(buf + n, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
117 batostr(&bdaddr), 117 batostr(&bdaddr),
118 data->pscan_rep_mode, data->pscan_period_mode, data->pscan_mode, 118 data->pscan_rep_mode, data->pscan_period_mode,
119 data->dev_class[2], data->dev_class[1], data->dev_class[0], 119 data->pscan_mode, data->dev_class[2],
120 __le16_to_cpu(data->clock_offset), data->rssi, e->timestamp); 120 data->dev_class[1], data->dev_class[0],
121 __le16_to_cpu(data->clock_offset),
122 data->rssi, data->ssp_mode, e->timestamp);
121 } 123 }
122 124
123 hci_dev_unlock_bh(hdev); 125 hci_dev_unlock_bh(hdev);
@@ -249,15 +251,28 @@ static ssize_t show_conn_address(struct device *dev, struct device_attribute *at
249 return sprintf(buf, "%s\n", batostr(&bdaddr)); 251 return sprintf(buf, "%s\n", batostr(&bdaddr));
250} 252}
251 253
254static ssize_t show_conn_features(struct device *dev, struct device_attribute *attr, char *buf)
255{
256 struct hci_conn *conn = dev_get_drvdata(dev);
257
258 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
259 conn->features[0], conn->features[1],
260 conn->features[2], conn->features[3],
261 conn->features[4], conn->features[5],
262 conn->features[6], conn->features[7]);
263}
264
252#define CONN_ATTR(_name,_mode,_show,_store) \ 265#define CONN_ATTR(_name,_mode,_show,_store) \
253struct device_attribute conn_attr_##_name = __ATTR(_name,_mode,_show,_store) 266struct device_attribute conn_attr_##_name = __ATTR(_name,_mode,_show,_store)
254 267
255static CONN_ATTR(type, S_IRUGO, show_conn_type, NULL); 268static CONN_ATTR(type, S_IRUGO, show_conn_type, NULL);
256static CONN_ATTR(address, S_IRUGO, show_conn_address, NULL); 269static CONN_ATTR(address, S_IRUGO, show_conn_address, NULL);
270static CONN_ATTR(features, S_IRUGO, show_conn_features, NULL);
257 271
258static struct device_attribute *conn_attrs[] = { 272static struct device_attribute *conn_attrs[] = {
259 &conn_attr_type, 273 &conn_attr_type,
260 &conn_attr_address, 274 &conn_attr_address,
275 &conn_attr_features,
261 NULL 276 NULL
262}; 277};
263 278
@@ -296,7 +311,6 @@ static void add_conn(struct work_struct *work)
296void hci_conn_add_sysfs(struct hci_conn *conn) 311void hci_conn_add_sysfs(struct hci_conn *conn)
297{ 312{
298 struct hci_dev *hdev = conn->hdev; 313 struct hci_dev *hdev = conn->hdev;
299 bdaddr_t *ba = &conn->dst;
300 314
301 BT_DBG("conn %p", conn); 315 BT_DBG("conn %p", conn);
302 316
@@ -305,11 +319,8 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
305 319
306 conn->dev.release = bt_release; 320 conn->dev.release = bt_release;
307 321
308 snprintf(conn->dev.bus_id, BUS_ID_SIZE, 322 snprintf(conn->dev.bus_id, BUS_ID_SIZE, "%s:%d",
309 "%s%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X", 323 hdev->name, conn->handle);
310 conn->type == ACL_LINK ? "acl" : "sco",
311 ba->b[5], ba->b[4], ba->b[3],
312 ba->b[2], ba->b[1], ba->b[0]);
313 324
314 dev_set_drvdata(&conn->dev, conn); 325 dev_set_drvdata(&conn->dev, conn);
315 326
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 519cdb920f93..96434d774c84 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -581,6 +581,12 @@ static int hidp_session(void *arg)
581 hid_free_device(session->hid); 581 hid_free_device(session->hid);
582 } 582 }
583 583
584 /* Wakeup user-space polling for socket errors */
585 session->intr_sock->sk->sk_err = EUNATCH;
586 session->ctrl_sock->sk->sk_err = EUNATCH;
587
588 hidp_schedule(session);
589
584 fput(session->intr_sock->file); 590 fput(session->intr_sock->file);
585 591
586 wait_event_timeout(*(ctrl_sk->sk_sleep), 592 wait_event_timeout(*(ctrl_sk->sk_sleep),
@@ -879,6 +885,10 @@ int hidp_del_connection(struct hidp_conndel_req *req)
879 skb_queue_purge(&session->ctrl_transmit); 885 skb_queue_purge(&session->ctrl_transmit);
880 skb_queue_purge(&session->intr_transmit); 886 skb_queue_purge(&session->intr_transmit);
881 887
888 /* Wakeup user-space polling for socket errors */
889 session->intr_sock->sk->sk_err = EUNATCH;
890 session->ctrl_sock->sk->sk_err = EUNATCH;
891
882 /* Kill session thread */ 892 /* Kill session thread */
883 atomic_inc(&session->terminate); 893 atomic_inc(&session->terminate);
884 hidp_schedule(session); 894 hidp_schedule(session);
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6e180d255505..c1239852834a 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -55,7 +55,7 @@
55#define BT_DBG(D...) 55#define BT_DBG(D...)
56#endif 56#endif
57 57
58#define VERSION "2.9" 58#define VERSION "2.10"
59 59
60static u32 l2cap_feat_mask = 0x0000; 60static u32 l2cap_feat_mask = 0x0000;
61 61
@@ -76,11 +76,21 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
76static void l2cap_sock_timeout(unsigned long arg) 76static void l2cap_sock_timeout(unsigned long arg)
77{ 77{
78 struct sock *sk = (struct sock *) arg; 78 struct sock *sk = (struct sock *) arg;
79 int reason;
79 80
80 BT_DBG("sock %p state %d", sk, sk->sk_state); 81 BT_DBG("sock %p state %d", sk, sk->sk_state);
81 82
82 bh_lock_sock(sk); 83 bh_lock_sock(sk);
83 __l2cap_sock_close(sk, ETIMEDOUT); 84
85 if (sk->sk_state == BT_CONNECT &&
86 (l2cap_pi(sk)->link_mode & (L2CAP_LM_AUTH |
87 L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)))
88 reason = ECONNREFUSED;
89 else
90 reason = ETIMEDOUT;
91
92 __l2cap_sock_close(sk, reason);
93
84 bh_unlock_sock(sk); 94 bh_unlock_sock(sk);
85 95
86 l2cap_sock_kill(sk); 96 l2cap_sock_kill(sk);
@@ -240,7 +250,7 @@ static void l2cap_chan_del(struct sock *sk, int err)
240 hci_conn_put(conn->hcon); 250 hci_conn_put(conn->hcon);
241 } 251 }
242 252
243 sk->sk_state = BT_CLOSED; 253 sk->sk_state = BT_CLOSED;
244 sock_set_flag(sk, SOCK_ZAPPED); 254 sock_set_flag(sk, SOCK_ZAPPED);
245 255
246 if (err) 256 if (err)
@@ -253,6 +263,21 @@ static void l2cap_chan_del(struct sock *sk, int err)
253 sk->sk_state_change(sk); 263 sk->sk_state_change(sk);
254} 264}
255 265
266/* Service level security */
267static inline int l2cap_check_link_mode(struct sock *sk)
268{
269 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
270
271 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
272 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE))
273 return hci_conn_encrypt(conn->hcon);
274
275 if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH)
276 return hci_conn_auth(conn->hcon);
277
278 return 1;
279}
280
256static inline u8 l2cap_get_ident(struct l2cap_conn *conn) 281static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
257{ 282{
258 u8 id; 283 u8 id;
@@ -287,6 +312,36 @@ static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16
287 return hci_send_acl(conn->hcon, skb, 0); 312 return hci_send_acl(conn->hcon, skb, 0);
288} 313}
289 314
315static void l2cap_do_start(struct sock *sk)
316{
317 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
318
319 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
320 if (l2cap_check_link_mode(sk)) {
321 struct l2cap_conn_req req;
322 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
323 req.psm = l2cap_pi(sk)->psm;
324
325 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
326
327 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
328 L2CAP_CONN_REQ, sizeof(req), &req);
329 }
330 } else {
331 struct l2cap_info_req req;
332 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
333
334 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
335 conn->info_ident = l2cap_get_ident(conn);
336
337 mod_timer(&conn->info_timer, jiffies +
338 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
339
340 l2cap_send_cmd(conn, conn->info_ident,
341 L2CAP_INFO_REQ, sizeof(req), &req);
342 }
343}
344
290/* ---- L2CAP connections ---- */ 345/* ---- L2CAP connections ---- */
291static void l2cap_conn_start(struct l2cap_conn *conn) 346static void l2cap_conn_start(struct l2cap_conn *conn)
292{ 347{
@@ -301,16 +356,37 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
301 bh_lock_sock(sk); 356 bh_lock_sock(sk);
302 357
303 if (sk->sk_type != SOCK_SEQPACKET) { 358 if (sk->sk_type != SOCK_SEQPACKET) {
304 l2cap_sock_clear_timer(sk); 359 bh_unlock_sock(sk);
305 sk->sk_state = BT_CONNECTED; 360 continue;
306 sk->sk_state_change(sk); 361 }
307 } else if (sk->sk_state == BT_CONNECT) { 362
308 struct l2cap_conn_req req; 363 if (sk->sk_state == BT_CONNECT) {
309 l2cap_pi(sk)->ident = l2cap_get_ident(conn); 364 if (l2cap_check_link_mode(sk)) {
310 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 365 struct l2cap_conn_req req;
311 req.psm = l2cap_pi(sk)->psm; 366 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
312 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 367 req.psm = l2cap_pi(sk)->psm;
368
369 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
370
371 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
313 L2CAP_CONN_REQ, sizeof(req), &req); 372 L2CAP_CONN_REQ, sizeof(req), &req);
373 }
374 } else if (sk->sk_state == BT_CONNECT2) {
375 struct l2cap_conn_rsp rsp;
376 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
377 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
378
379 if (l2cap_check_link_mode(sk)) {
380 sk->sk_state = BT_CONFIG;
381 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
382 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
383 } else {
384 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
385 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
386 }
387
388 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
389 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
314 } 390 }
315 391
316 bh_unlock_sock(sk); 392 bh_unlock_sock(sk);
@@ -321,22 +397,27 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
321 397
322static void l2cap_conn_ready(struct l2cap_conn *conn) 398static void l2cap_conn_ready(struct l2cap_conn *conn)
323{ 399{
324 BT_DBG("conn %p", conn); 400 struct l2cap_chan_list *l = &conn->chan_list;
401 struct sock *sk;
325 402
326 if (conn->chan_list.head || !hlist_empty(&l2cap_sk_list.head)) { 403 BT_DBG("conn %p", conn);
327 struct l2cap_info_req req;
328 404
329 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 405 read_lock(&l->lock);
330 406
331 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; 407 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
332 conn->info_ident = l2cap_get_ident(conn); 408 bh_lock_sock(sk);
333 409
334 mod_timer(&conn->info_timer, 410 if (sk->sk_type != SOCK_SEQPACKET) {
335 jiffies + msecs_to_jiffies(L2CAP_INFO_TIMEOUT)); 411 l2cap_sock_clear_timer(sk);
412 sk->sk_state = BT_CONNECTED;
413 sk->sk_state_change(sk);
414 } else if (sk->sk_state == BT_CONNECT)
415 l2cap_do_start(sk);
336 416
337 l2cap_send_cmd(conn, conn->info_ident, 417 bh_unlock_sock(sk);
338 L2CAP_INFO_REQ, sizeof(req), &req);
339 } 418 }
419
420 read_unlock(&l->lock);
340} 421}
341 422
342/* Notify sockets that we cannot guaranty reliability anymore */ 423/* Notify sockets that we cannot guaranty reliability anymore */
@@ -388,7 +469,8 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
388 469
389 conn->feat_mask = 0; 470 conn->feat_mask = 0;
390 471
391 setup_timer(&conn->info_timer, l2cap_info_timeout, (unsigned long)conn); 472 setup_timer(&conn->info_timer, l2cap_info_timeout,
473 (unsigned long) conn);
392 474
393 spin_lock_init(&conn->lock); 475 spin_lock_init(&conn->lock);
394 rwlock_init(&conn->chan_list.lock); 476 rwlock_init(&conn->chan_list.lock);
@@ -500,7 +582,7 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
500 while ((sk = bt_accept_dequeue(parent, NULL))) 582 while ((sk = bt_accept_dequeue(parent, NULL)))
501 l2cap_sock_close(sk); 583 l2cap_sock_close(sk);
502 584
503 parent->sk_state = BT_CLOSED; 585 parent->sk_state = BT_CLOSED;
504 sock_set_flag(parent, SOCK_ZAPPED); 586 sock_set_flag(parent, SOCK_ZAPPED);
505} 587}
506 588
@@ -543,9 +625,8 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
543 req.scid = cpu_to_le16(l2cap_pi(sk)->scid); 625 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
544 l2cap_send_cmd(conn, l2cap_get_ident(conn), 626 l2cap_send_cmd(conn, l2cap_get_ident(conn),
545 L2CAP_DISCONN_REQ, sizeof(req), &req); 627 L2CAP_DISCONN_REQ, sizeof(req), &req);
546 } else { 628 } else
547 l2cap_chan_del(sk, reason); 629 l2cap_chan_del(sk, reason);
548 }
549 break; 630 break;
550 631
551 case BT_CONNECT: 632 case BT_CONNECT:
@@ -614,9 +695,9 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
614 sock_reset_flag(sk, SOCK_ZAPPED); 695 sock_reset_flag(sk, SOCK_ZAPPED);
615 696
616 sk->sk_protocol = proto; 697 sk->sk_protocol = proto;
617 sk->sk_state = BT_OPEN; 698 sk->sk_state = BT_OPEN;
618 699
619 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long)sk); 700 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
620 701
621 bt_sock_link(&l2cap_sk_list, sk); 702 bt_sock_link(&l2cap_sk_list, sk);
622 return sk; 703 return sk;
@@ -729,22 +810,11 @@ static int l2cap_do_connect(struct sock *sk)
729 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 810 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
730 811
731 if (hcon->state == BT_CONNECTED) { 812 if (hcon->state == BT_CONNECTED) {
732 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)) { 813 if (sk->sk_type != SOCK_SEQPACKET) {
733 l2cap_conn_ready(conn);
734 goto done;
735 }
736
737 if (sk->sk_type == SOCK_SEQPACKET) {
738 struct l2cap_conn_req req;
739 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
740 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
741 req.psm = l2cap_pi(sk)->psm;
742 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
743 L2CAP_CONN_REQ, sizeof(req), &req);
744 } else {
745 l2cap_sock_clear_timer(sk); 814 l2cap_sock_clear_timer(sk);
746 sk->sk_state = BT_CONNECTED; 815 sk->sk_state = BT_CONNECTED;
747 } 816 } else
817 l2cap_do_start(sk);
748 } 818 }
749 819
750done: 820done:
@@ -1145,7 +1215,8 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
1145 __l2cap_sock_close(sk, 0); 1215 __l2cap_sock_close(sk, 0);
1146 1216
1147 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 1217 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1148 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime); 1218 err = bt_sock_wait_state(sk, BT_CLOSED,
1219 sk->sk_lingertime);
1149 } 1220 }
1150 release_sock(sk); 1221 release_sock(sk);
1151 return err; 1222 return err;
@@ -1189,6 +1260,11 @@ static void l2cap_chan_ready(struct sock *sk)
1189 */ 1260 */
1190 parent->sk_data_ready(parent, 0); 1261 parent->sk_data_ready(parent, 0);
1191 } 1262 }
1263
1264 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) {
1265 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1266 hci_conn_change_link_key(conn->hcon);
1267 }
1192} 1268}
1193 1269
1194/* Copy frame to all raw sockets on that connection */ 1270/* Copy frame to all raw sockets on that connection */
@@ -1477,7 +1553,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
1477 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 1553 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1478 struct l2cap_conn_rsp rsp; 1554 struct l2cap_conn_rsp rsp;
1479 struct sock *sk, *parent; 1555 struct sock *sk, *parent;
1480 int result = 0, status = 0; 1556 int result, status = 0;
1481 1557
1482 u16 dcid = 0, scid = __le16_to_cpu(req->scid); 1558 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1483 __le16 psm = req->psm; 1559 __le16 psm = req->psm;
@@ -1526,25 +1602,24 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
1526 1602
1527 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 1603 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1528 1604
1529 /* Service level security */
1530 result = L2CAP_CR_PEND;
1531 status = L2CAP_CS_AUTHEN_PEND;
1532 sk->sk_state = BT_CONNECT2;
1533 l2cap_pi(sk)->ident = cmd->ident; 1605 l2cap_pi(sk)->ident = cmd->ident;
1534 1606
1535 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) || 1607 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
1536 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) { 1608 if (l2cap_check_link_mode(sk)) {
1537 if (!hci_conn_encrypt(conn->hcon)) 1609 sk->sk_state = BT_CONFIG;
1538 goto done; 1610 result = L2CAP_CR_SUCCESS;
1539 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) { 1611 status = L2CAP_CS_NO_INFO;
1540 if (!hci_conn_auth(conn->hcon)) 1612 } else {
1541 goto done; 1613 sk->sk_state = BT_CONNECT2;
1614 result = L2CAP_CR_PEND;
1615 status = L2CAP_CS_AUTHEN_PEND;
1616 }
1617 } else {
1618 sk->sk_state = BT_CONNECT2;
1619 result = L2CAP_CR_PEND;
1620 status = L2CAP_CS_NO_INFO;
1542 } 1621 }
1543 1622
1544 sk->sk_state = BT_CONFIG;
1545 result = status = 0;
1546
1547done:
1548 write_unlock_bh(&list->lock); 1623 write_unlock_bh(&list->lock);
1549 1624
1550response: 1625response:
@@ -1556,6 +1631,21 @@ sendresp:
1556 rsp.result = cpu_to_le16(result); 1631 rsp.result = cpu_to_le16(result);
1557 rsp.status = cpu_to_le16(status); 1632 rsp.status = cpu_to_le16(status);
1558 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); 1633 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1634
1635 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
1636 struct l2cap_info_req info;
1637 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
1638
1639 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
1640 conn->info_ident = l2cap_get_ident(conn);
1641
1642 mod_timer(&conn->info_timer, jiffies +
1643 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
1644
1645 l2cap_send_cmd(conn, conn->info_ident,
1646 L2CAP_INFO_REQ, sizeof(info), &info);
1647 }
1648
1559 return 0; 1649 return 0;
1560} 1650}
1561 1651
@@ -1664,9 +1754,9 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
1664 } 1754 }
1665 1755
1666 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) { 1756 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1667 u8 req[64]; 1757 u8 buf[64];
1668 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1758 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1669 l2cap_build_conf_req(sk, req), req); 1759 l2cap_build_conf_req(sk, buf), buf);
1670 } 1760 }
1671 1761
1672unlock: 1762unlock:
@@ -1708,7 +1798,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
1708 1798
1709 default: 1799 default:
1710 sk->sk_state = BT_DISCONN; 1800 sk->sk_state = BT_DISCONN;
1711 sk->sk_err = ECONNRESET; 1801 sk->sk_err = ECONNRESET;
1712 l2cap_sock_set_timer(sk, HZ * 5); 1802 l2cap_sock_set_timer(sk, HZ * 5);
1713 { 1803 {
1714 struct l2cap_disconn_req req; 1804 struct l2cap_disconn_req req;
@@ -2080,10 +2170,8 @@ static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
2080static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status) 2170static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2081{ 2171{
2082 struct l2cap_chan_list *l; 2172 struct l2cap_chan_list *l;
2083 struct l2cap_conn *conn = conn = hcon->l2cap_data; 2173 struct l2cap_conn *conn = hcon->l2cap_data;
2084 struct l2cap_conn_rsp rsp;
2085 struct sock *sk; 2174 struct sock *sk;
2086 int result;
2087 2175
2088 if (!conn) 2176 if (!conn)
2089 return 0; 2177 return 0;
@@ -2095,45 +2183,65 @@ static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
2095 read_lock(&l->lock); 2183 read_lock(&l->lock);
2096 2184
2097 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 2185 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2186 struct l2cap_pinfo *pi = l2cap_pi(sk);
2187
2098 bh_lock_sock(sk); 2188 bh_lock_sock(sk);
2099 2189
2100 if (sk->sk_state != BT_CONNECT2 || 2190 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2101 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) || 2191 !(hcon->link_mode & HCI_LM_ENCRYPT) &&
2102 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) { 2192 !status) {
2103 bh_unlock_sock(sk); 2193 bh_unlock_sock(sk);
2104 continue; 2194 continue;
2105 } 2195 }
2106 2196
2107 if (!status) { 2197 if (sk->sk_state == BT_CONNECT) {
2108 sk->sk_state = BT_CONFIG; 2198 if (!status) {
2109 result = 0; 2199 struct l2cap_conn_req req;
2110 } else { 2200 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2111 sk->sk_state = BT_DISCONN; 2201 req.psm = l2cap_pi(sk)->psm;
2112 l2cap_sock_set_timer(sk, HZ/10);
2113 result = L2CAP_CR_SEC_BLOCK;
2114 }
2115 2202
2116 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2203 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2117 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2204
2118 rsp.result = cpu_to_le16(result); 2205 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2119 rsp.status = cpu_to_le16(0); 2206 L2CAP_CONN_REQ, sizeof(req), &req);
2120 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2207 } else {
2121 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2208 l2cap_sock_clear_timer(sk);
2209 l2cap_sock_set_timer(sk, HZ / 10);
2210 }
2211 } else if (sk->sk_state == BT_CONNECT2) {
2212 struct l2cap_conn_rsp rsp;
2213 __u16 result;
2214
2215 if (!status) {
2216 sk->sk_state = BT_CONFIG;
2217 result = L2CAP_CR_SUCCESS;
2218 } else {
2219 sk->sk_state = BT_DISCONN;
2220 l2cap_sock_set_timer(sk, HZ / 10);
2221 result = L2CAP_CR_SEC_BLOCK;
2222 }
2223
2224 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2225 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2226 rsp.result = cpu_to_le16(result);
2227 rsp.status = cpu_to_le16(0);
2228 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2229 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2230 }
2122 2231
2123 bh_unlock_sock(sk); 2232 bh_unlock_sock(sk);
2124 } 2233 }
2125 2234
2126 read_unlock(&l->lock); 2235 read_unlock(&l->lock);
2236
2127 return 0; 2237 return 0;
2128} 2238}
2129 2239
2130static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status) 2240static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2131{ 2241{
2132 struct l2cap_chan_list *l; 2242 struct l2cap_chan_list *l;
2133 struct l2cap_conn *conn = hcon->l2cap_data; 2243 struct l2cap_conn *conn = hcon->l2cap_data;
2134 struct l2cap_conn_rsp rsp;
2135 struct sock *sk; 2244 struct sock *sk;
2136 int result;
2137 2245
2138 if (!conn) 2246 if (!conn)
2139 return 0; 2247 return 0;
@@ -2145,36 +2253,59 @@ static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status)
2145 read_lock(&l->lock); 2253 read_lock(&l->lock);
2146 2254
2147 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { 2255 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2256 struct l2cap_pinfo *pi = l2cap_pi(sk);
2257
2148 bh_lock_sock(sk); 2258 bh_lock_sock(sk);
2149 2259
2150 if (sk->sk_state != BT_CONNECT2) { 2260 if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) &&
2261 (sk->sk_state == BT_CONNECTED ||
2262 sk->sk_state == BT_CONFIG) &&
2263 !status && encrypt == 0x00) {
2264 __l2cap_sock_close(sk, ECONNREFUSED);
2151 bh_unlock_sock(sk); 2265 bh_unlock_sock(sk);
2152 continue; 2266 continue;
2153 } 2267 }
2154 2268
2155 if (!status) { 2269 if (sk->sk_state == BT_CONNECT) {
2156 sk->sk_state = BT_CONFIG; 2270 if (!status) {
2157 result = 0; 2271 struct l2cap_conn_req req;
2158 } else { 2272 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2159 sk->sk_state = BT_DISCONN; 2273 req.psm = l2cap_pi(sk)->psm;
2160 l2cap_sock_set_timer(sk, HZ/10); 2274
2161 result = L2CAP_CR_SEC_BLOCK; 2275 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
2162 }
2163 2276
2164 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2277 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2165 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2278 L2CAP_CONN_REQ, sizeof(req), &req);
2166 rsp.result = cpu_to_le16(result); 2279 } else {
2167 rsp.status = cpu_to_le16(0); 2280 l2cap_sock_clear_timer(sk);
2168 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2281 l2cap_sock_set_timer(sk, HZ / 10);
2169 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2282 }
2283 } else if (sk->sk_state == BT_CONNECT2) {
2284 struct l2cap_conn_rsp rsp;
2285 __u16 result;
2286
2287 if (!status) {
2288 sk->sk_state = BT_CONFIG;
2289 result = L2CAP_CR_SUCCESS;
2290 } else {
2291 sk->sk_state = BT_DISCONN;
2292 l2cap_sock_set_timer(sk, HZ / 10);
2293 result = L2CAP_CR_SEC_BLOCK;
2294 }
2170 2295
2171 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) 2296 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2172 hci_conn_change_link_key(hcon); 2297 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2298 rsp.result = cpu_to_le16(result);
2299 rsp.status = cpu_to_le16(0);
2300 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2301 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2302 }
2173 2303
2174 bh_unlock_sock(sk); 2304 bh_unlock_sock(sk);
2175 } 2305 }
2176 2306
2177 read_unlock(&l->lock); 2307 read_unlock(&l->lock);
2308
2178 return 0; 2309 return 0;
2179} 2310}
2180 2311
@@ -2301,9 +2432,9 @@ static const struct proto_ops l2cap_sock_ops = {
2301 .sendmsg = l2cap_sock_sendmsg, 2432 .sendmsg = l2cap_sock_sendmsg,
2302 .recvmsg = bt_sock_recvmsg, 2433 .recvmsg = bt_sock_recvmsg,
2303 .poll = bt_sock_poll, 2434 .poll = bt_sock_poll,
2435 .ioctl = bt_sock_ioctl,
2304 .mmap = sock_no_mmap, 2436 .mmap = sock_no_mmap,
2305 .socketpair = sock_no_socketpair, 2437 .socketpair = sock_no_socketpair,
2306 .ioctl = sock_no_ioctl,
2307 .shutdown = l2cap_sock_shutdown, 2438 .shutdown = l2cap_sock_shutdown,
2308 .setsockopt = l2cap_sock_setsockopt, 2439 .setsockopt = l2cap_sock_setsockopt,
2309 .getsockopt = l2cap_sock_getsockopt 2440 .getsockopt = l2cap_sock_getsockopt
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index b4fb84e398e5..6cfc7ba611b3 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -51,7 +51,7 @@
51#define BT_DBG(D...) 51#define BT_DBG(D...)
52#endif 52#endif
53 53
54#define VERSION "1.8" 54#define VERSION "1.10"
55 55
56static int disable_cfc = 0; 56static int disable_cfc = 0;
57static int channel_mtu = -1; 57static int channel_mtu = -1;
@@ -228,6 +228,21 @@ static int rfcomm_l2sock_create(struct socket **sock)
228 return err; 228 return err;
229} 229}
230 230
231static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
232{
233 struct sock *sk = d->session->sock->sk;
234
235 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
236 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
237 return 1;
238 } else if (d->link_mode & RFCOMM_LM_AUTH) {
239 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
240 return 1;
241 }
242
243 return 0;
244}
245
231/* ---- RFCOMM DLCs ---- */ 246/* ---- RFCOMM DLCs ---- */
232static void rfcomm_dlc_timeout(unsigned long arg) 247static void rfcomm_dlc_timeout(unsigned long arg)
233{ 248{
@@ -369,15 +384,23 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
369 d->addr = __addr(s->initiator, dlci); 384 d->addr = __addr(s->initiator, dlci);
370 d->priority = 7; 385 d->priority = 7;
371 386
372 d->state = BT_CONFIG; 387 d->state = BT_CONFIG;
373 rfcomm_dlc_link(s, d); 388 rfcomm_dlc_link(s, d);
374 389
390 d->out = 1;
391
375 d->mtu = s->mtu; 392 d->mtu = s->mtu;
376 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 393 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
377 394
378 if (s->state == BT_CONNECTED) 395 if (s->state == BT_CONNECTED) {
379 rfcomm_send_pn(s, 1, d); 396 if (rfcomm_check_link_mode(d))
397 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
398 else
399 rfcomm_send_pn(s, 1, d);
400 }
401
380 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 402 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
403
381 return 0; 404 return 0;
382} 405}
383 406
@@ -1144,21 +1167,6 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1144 return 0; 1167 return 0;
1145} 1168}
1146 1169
1147static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1148{
1149 struct sock *sk = d->session->sock->sk;
1150
1151 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1152 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1153 return 1;
1154 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1155 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1156 return 1;
1157 }
1158
1159 return 0;
1160}
1161
1162static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1170static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1163{ 1171{
1164 struct sock *sk = d->session->sock->sk; 1172 struct sock *sk = d->session->sock->sk;
@@ -1203,10 +1211,8 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1203 if (rfcomm_check_link_mode(d)) { 1211 if (rfcomm_check_link_mode(d)) {
1204 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1212 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1205 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1206 return 0; 1214 } else
1207 } 1215 rfcomm_dlc_accept(d);
1208
1209 rfcomm_dlc_accept(d);
1210 } 1216 }
1211 return 0; 1217 return 0;
1212 } 1218 }
@@ -1221,10 +1227,8 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1221 if (rfcomm_check_link_mode(d)) { 1227 if (rfcomm_check_link_mode(d)) {
1222 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1228 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1223 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1229 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1224 return 0; 1230 } else
1225 } 1231 rfcomm_dlc_accept(d);
1226
1227 rfcomm_dlc_accept(d);
1228 } else { 1232 } else {
1229 rfcomm_send_dm(s, dlci); 1233 rfcomm_send_dm(s, dlci);
1230 } 1234 }
@@ -1457,8 +1461,12 @@ static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb
1457 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1461 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1458 1462
1459 rfcomm_dlc_lock(d); 1463 rfcomm_dlc_lock(d);
1464
1465 d->remote_v24_sig = msc->v24_sig;
1466
1460 if (d->modem_status) 1467 if (d->modem_status)
1461 d->modem_status(d, msc->v24_sig); 1468 d->modem_status(d, msc->v24_sig);
1469
1462 rfcomm_dlc_unlock(d); 1470 rfcomm_dlc_unlock(d);
1463 1471
1464 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1472 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
@@ -1634,7 +1642,11 @@ static void rfcomm_process_connect(struct rfcomm_session *s)
1634 d = list_entry(p, struct rfcomm_dlc, list); 1642 d = list_entry(p, struct rfcomm_dlc, list);
1635 if (d->state == BT_CONFIG) { 1643 if (d->state == BT_CONFIG) {
1636 d->mtu = s->mtu; 1644 d->mtu = s->mtu;
1637 rfcomm_send_pn(s, 1, d); 1645 if (rfcomm_check_link_mode(d)) {
1646 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1647 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1648 } else
1649 rfcomm_send_pn(s, 1, d);
1638 } 1650 }
1639 } 1651 }
1640} 1652}
@@ -1707,7 +1719,11 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1707 1719
1708 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1720 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1709 rfcomm_dlc_clear_timer(d); 1721 rfcomm_dlc_clear_timer(d);
1710 rfcomm_dlc_accept(d); 1722 if (d->out) {
1723 rfcomm_send_pn(s, 1, d);
1724 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1725 } else
1726 rfcomm_dlc_accept(d);
1711 if (d->link_mode & RFCOMM_LM_SECURE) { 1727 if (d->link_mode & RFCOMM_LM_SECURE) {
1712 struct sock *sk = s->sock->sk; 1728 struct sock *sk = s->sock->sk;
1713 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1729 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
@@ -1715,7 +1731,10 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1715 continue; 1731 continue;
1716 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1732 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1717 rfcomm_dlc_clear_timer(d); 1733 rfcomm_dlc_clear_timer(d);
1718 rfcomm_send_dm(s, d->dlci); 1734 if (!d->out)
1735 rfcomm_send_dm(s, d->dlci);
1736 else
1737 d->state = BT_CLOSED;
1719 __rfcomm_dlc_close(d, ECONNREFUSED); 1738 __rfcomm_dlc_close(d, ECONNREFUSED);
1720 continue; 1739 continue;
1721 } 1740 }
@@ -1724,7 +1743,7 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1724 continue; 1743 continue;
1725 1744
1726 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1745 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1727 d->mscex == RFCOMM_MSCEX_OK) 1746 d->mscex == RFCOMM_MSCEX_OK)
1728 rfcomm_process_tx(d); 1747 rfcomm_process_tx(d);
1729 } 1748 }
1730} 1749}
@@ -1952,7 +1971,8 @@ static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1952 list_for_each_safe(p, n, &s->dlcs) { 1971 list_for_each_safe(p, n, &s->dlcs) {
1953 d = list_entry(p, struct rfcomm_dlc, list); 1972 d = list_entry(p, struct rfcomm_dlc, list);
1954 1973
1955 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1974 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
1975 !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1956 continue; 1976 continue;
1957 1977
1958 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1978 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
@@ -1986,6 +2006,14 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1986 list_for_each_safe(p, n, &s->dlcs) { 2006 list_for_each_safe(p, n, &s->dlcs) {
1987 d = list_entry(p, struct rfcomm_dlc, list); 2007 d = list_entry(p, struct rfcomm_dlc, list);
1988 2008
2009 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2010 (d->state == BT_CONNECTED ||
2011 d->state == BT_CONFIG) &&
2012 !status && encrypt == 0x00) {
2013 __rfcomm_dlc_close(d, ECONNREFUSED);
2014 continue;
2015 }
2016
1989 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2017 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1990 continue; 2018 continue;
1991 2019
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c9054487670a..8a972b6ba85f 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -307,13 +307,13 @@ static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int
307 sk->sk_destruct = rfcomm_sock_destruct; 307 sk->sk_destruct = rfcomm_sock_destruct;
308 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT; 308 sk->sk_sndtimeo = RFCOMM_CONN_TIMEOUT;
309 309
310 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 310 sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
311 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10; 311 sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
312 312
313 sock_reset_flag(sk, SOCK_ZAPPED); 313 sock_reset_flag(sk, SOCK_ZAPPED);
314 314
315 sk->sk_protocol = proto; 315 sk->sk_protocol = proto;
316 sk->sk_state = BT_OPEN; 316 sk->sk_state = BT_OPEN;
317 317
318 bt_sock_link(&rfcomm_sk_list, sk); 318 bt_sock_link(&rfcomm_sk_list, sk);
319 319
@@ -411,6 +411,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
411 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); 411 bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr);
412 rfcomm_pi(sk)->channel = sa->rc_channel; 412 rfcomm_pi(sk)->channel = sa->rc_channel;
413 413
414 d->link_mode = rfcomm_pi(sk)->link_mode;
415
414 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); 416 err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel);
415 if (!err) 417 if (!err)
416 err = bt_sock_wait_state(sk, BT_CONNECTED, 418 err = bt_sock_wait_state(sk, BT_CONNECTED,
@@ -686,6 +688,8 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
686 copied += chunk; 688 copied += chunk;
687 size -= chunk; 689 size -= chunk;
688 690
691 sock_recv_timestamp(msg, sk, skb);
692
689 if (!(flags & MSG_PEEK)) { 693 if (!(flags & MSG_PEEK)) {
690 atomic_sub(chunk, &sk->sk_rmem_alloc); 694 atomic_sub(chunk, &sk->sk_rmem_alloc);
691 695
@@ -791,15 +795,20 @@ static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned lon
791 struct sock *sk = sock->sk; 795 struct sock *sk = sock->sk;
792 int err; 796 int err;
793 797
794 lock_sock(sk); 798 BT_DBG("sk %p cmd %x arg %lx", sk, cmd, arg);
799
800 err = bt_sock_ioctl(sock, cmd, arg);
795 801
802 if (err == -ENOIOCTLCMD) {
796#ifdef CONFIG_BT_RFCOMM_TTY 803#ifdef CONFIG_BT_RFCOMM_TTY
797 err = rfcomm_dev_ioctl(sk, cmd, (void __user *)arg); 804 lock_sock(sk);
805 err = rfcomm_dev_ioctl(sk, cmd, (void __user *) arg);
806 release_sock(sk);
798#else 807#else
799 err = -EOPNOTSUPP; 808 err = -EOPNOTSUPP;
800#endif 809#endif
810 }
801 811
802 release_sock(sk);
803 return err; 812 return err;
804} 813}
805 814
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index be84f4fc1477..5d163571d3f7 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -75,6 +75,8 @@ struct rfcomm_dev {
75 struct device *tty_dev; 75 struct device *tty_dev;
76 76
77 atomic_t wmem_alloc; 77 atomic_t wmem_alloc;
78
79 struct sk_buff_head pending;
78}; 80};
79 81
80static LIST_HEAD(rfcomm_dev_list); 82static LIST_HEAD(rfcomm_dev_list);
@@ -262,13 +264,34 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
262 init_waitqueue_head(&dev->wait); 264 init_waitqueue_head(&dev->wait);
263 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev); 265 tasklet_init(&dev->wakeup_task, rfcomm_tty_wakeup, (unsigned long) dev);
264 266
267 skb_queue_head_init(&dev->pending);
268
265 rfcomm_dlc_lock(dlc); 269 rfcomm_dlc_lock(dlc);
270
271 if (req->flags & (1 << RFCOMM_REUSE_DLC)) {
272 struct sock *sk = dlc->owner;
273 struct sk_buff *skb;
274
275 BUG_ON(!sk);
276
277 rfcomm_dlc_throttle(dlc);
278
279 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
280 skb_orphan(skb);
281 skb_queue_tail(&dev->pending, skb);
282 atomic_sub(skb->len, &sk->sk_rmem_alloc);
283 }
284 }
285
266 dlc->data_ready = rfcomm_dev_data_ready; 286 dlc->data_ready = rfcomm_dev_data_ready;
267 dlc->state_change = rfcomm_dev_state_change; 287 dlc->state_change = rfcomm_dev_state_change;
268 dlc->modem_status = rfcomm_dev_modem_status; 288 dlc->modem_status = rfcomm_dev_modem_status;
269 289
270 dlc->owner = dev; 290 dlc->owner = dev;
271 dev->dlc = dlc; 291 dev->dlc = dlc;
292
293 rfcomm_dev_modem_status(dlc, dlc->remote_v24_sig);
294
272 rfcomm_dlc_unlock(dlc); 295 rfcomm_dlc_unlock(dlc);
273 296
274 /* It's safe to call __module_get() here because socket already 297 /* It's safe to call __module_get() here because socket already
@@ -537,11 +560,16 @@ static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb)
537 struct rfcomm_dev *dev = dlc->owner; 560 struct rfcomm_dev *dev = dlc->owner;
538 struct tty_struct *tty; 561 struct tty_struct *tty;
539 562
540 if (!dev || !(tty = dev->tty)) { 563 if (!dev) {
541 kfree_skb(skb); 564 kfree_skb(skb);
542 return; 565 return;
543 } 566 }
544 567
568 if (!(tty = dev->tty) || !skb_queue_empty(&dev->pending)) {
569 skb_queue_tail(&dev->pending, skb);
570 return;
571 }
572
545 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len); 573 BT_DBG("dlc %p tty %p len %d", dlc, tty, skb->len);
546 574
547 tty_insert_flip_string(tty, skb->data, skb->len); 575 tty_insert_flip_string(tty, skb->data, skb->len);
@@ -625,6 +653,30 @@ static void rfcomm_tty_wakeup(unsigned long arg)
625#endif 653#endif
626} 654}
627 655
656static void rfcomm_tty_copy_pending(struct rfcomm_dev *dev)
657{
658 struct tty_struct *tty = dev->tty;
659 struct sk_buff *skb;
660 int inserted = 0;
661
662 if (!tty)
663 return;
664
665 BT_DBG("dev %p tty %p", dev, tty);
666
667 rfcomm_dlc_lock(dev->dlc);
668
669 while ((skb = skb_dequeue(&dev->pending))) {
670 inserted += tty_insert_flip_string(tty, skb->data, skb->len);
671 kfree_skb(skb);
672 }
673
674 rfcomm_dlc_unlock(dev->dlc);
675
676 if (inserted > 0)
677 tty_flip_buffer_push(tty);
678}
679
628static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) 680static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
629{ 681{
630 DECLARE_WAITQUEUE(wait, current); 682 DECLARE_WAITQUEUE(wait, current);
@@ -689,6 +741,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
689 if (err == 0) 741 if (err == 0)
690 device_move(dev->tty_dev, rfcomm_get_device(dev)); 742 device_move(dev->tty_dev, rfcomm_get_device(dev));
691 743
744 rfcomm_tty_copy_pending(dev);
745
746 rfcomm_dlc_unthrottle(dev->dlc);
747
692 return err; 748 return err;
693} 749}
694 750
@@ -1121,6 +1177,7 @@ int rfcomm_init_ttys(void)
1121 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; 1177 rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
1122 rfcomm_tty_driver->init_termios = tty_std_termios; 1178 rfcomm_tty_driver->init_termios = tty_std_termios;
1123 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; 1179 rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1180 rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
1124 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); 1181 tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
1125 1182
1126 if (tty_register_driver(rfcomm_tty_driver)) { 1183 if (tty_register_driver(rfcomm_tty_driver)) {
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index b0d487e2db20..8cda49874868 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -53,7 +53,9 @@
53#define BT_DBG(D...) 53#define BT_DBG(D...)
54#endif 54#endif
55 55
56#define VERSION "0.5" 56#define VERSION "0.6"
57
58static int disable_esco = 0;
57 59
58static const struct proto_ops sco_sock_ops; 60static const struct proto_ops sco_sock_ops;
59 61
@@ -193,7 +195,10 @@ static int sco_connect(struct sock *sk)
193 195
194 err = -ENOMEM; 196 err = -ENOMEM;
195 197
196 type = lmp_esco_capable(hdev) ? ESCO_LINK : SCO_LINK; 198 if (lmp_esco_capable(hdev) && !disable_esco)
199 type = ESCO_LINK;
200 else
201 type = SCO_LINK;
197 202
198 hcon = hci_connect(hdev, type, dst); 203 hcon = hci_connect(hdev, type, dst);
199 if (!hcon) 204 if (!hcon)
@@ -921,7 +926,7 @@ static const struct proto_ops sco_sock_ops = {
921 .sendmsg = sco_sock_sendmsg, 926 .sendmsg = sco_sock_sendmsg,
922 .recvmsg = bt_sock_recvmsg, 927 .recvmsg = bt_sock_recvmsg,
923 .poll = bt_sock_poll, 928 .poll = bt_sock_poll,
924 .ioctl = sock_no_ioctl, 929 .ioctl = bt_sock_ioctl,
925 .mmap = sock_no_mmap, 930 .mmap = sock_no_mmap,
926 .socketpair = sock_no_socketpair, 931 .socketpair = sock_no_socketpair,
927 .shutdown = sock_no_shutdown, 932 .shutdown = sock_no_shutdown,
@@ -994,6 +999,9 @@ static void __exit sco_exit(void)
994module_init(sco_init); 999module_init(sco_init);
995module_exit(sco_exit); 1000module_exit(sco_exit);
996 1001
1002module_param(disable_esco, bool, 0644);
1003MODULE_PARM_DESC(disable_esco, "Disable eSCO connection creation");
1004
997MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 1005MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
998MODULE_DESCRIPTION("Bluetooth SCO ver " VERSION); 1006MODULE_DESCRIPTION("Bluetooth SCO ver " VERSION);
999MODULE_VERSION(VERSION); 1007MODULE_VERSION(VERSION);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-01 11:40:40 -0400