diff options
-rw-r--r-- | drivers/bluetooth/bfusb.c | 3 | ||||
-rw-r--r-- | drivers/bluetooth/bt3c_cs.c | 4 | ||||
-rw-r--r-- | drivers/bluetooth/btusb.c | 40 | ||||
-rw-r--r-- | drivers/bluetooth/hci_h4.c | 3 | ||||
-rw-r--r-- | drivers/bluetooth/hci_ll.c | 3 | ||||
-rw-r--r-- | include/net/bluetooth/bluetooth.h | 12 | ||||
-rw-r--r-- | include/net/bluetooth/hci.h | 8 | ||||
-rw-r--r-- | include/net/bluetooth/hci_core.h | 84 | ||||
-rw-r--r-- | include/net/bluetooth/l2cap.h | 13 | ||||
-rw-r--r-- | include/net/bluetooth/rfcomm.h | 20 | ||||
-rw-r--r-- | net/bluetooth/af_bluetooth.c | 17 | ||||
-rw-r--r-- | net/bluetooth/cmtp/core.c | 3 | ||||
-rw-r--r-- | net/bluetooth/hci_conn.c | 64 | ||||
-rw-r--r-- | net/bluetooth/hci_core.c | 3 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 26 | ||||
-rw-r--r-- | net/bluetooth/l2cap.c | 602 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 179 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 189 | ||||
-rw-r--r-- | net/bluetooth/sco.c | 57 |
19 files changed, 968 insertions, 362 deletions
diff --git a/drivers/bluetooth/bfusb.c b/drivers/bluetooth/bfusb.c index d3f14bee0f19..2a00707aba3b 100644 --- a/drivers/bluetooth/bfusb.c +++ b/drivers/bluetooth/bfusb.c | |||
@@ -257,8 +257,7 @@ static inline int bfusb_recv_block(struct bfusb_data *data, int hdr, unsigned ch | |||
257 | 257 | ||
258 | if (hdr & 0x10) { | 258 | if (hdr & 0x10) { |
259 | BT_ERR("%s error in block", data->hdev->name); | 259 | BT_ERR("%s error in block", data->hdev->name); |
260 | if (data->reassembly) | 260 | kfree_skb(data->reassembly); |
261 | kfree_skb(data->reassembly); | ||
262 | data->reassembly = NULL; | 261 | data->reassembly = NULL; |
263 | return -EIO; | 262 | return -EIO; |
264 | } | 263 | } |
diff --git a/drivers/bluetooth/bt3c_cs.c b/drivers/bluetooth/bt3c_cs.c index ff195c230825..d58e22b9f06a 100644 --- a/drivers/bluetooth/bt3c_cs.c +++ b/drivers/bluetooth/bt3c_cs.c | |||
@@ -359,9 +359,9 @@ static irqreturn_t bt3c_interrupt(int irq, void *dev_inst) | |||
359 | BT_ERR("Very strange (stat=0x%04x)", stat); | 359 | BT_ERR("Very strange (stat=0x%04x)", stat); |
360 | } else if ((stat & 0xff) != 0xff) { | 360 | } else if ((stat & 0xff) != 0xff) { |
361 | if (stat & 0x0020) { | 361 | if (stat & 0x0020) { |
362 | int stat = bt3c_read(iobase, 0x7002) & 0x10; | 362 | int status = bt3c_read(iobase, 0x7002) & 0x10; |
363 | BT_INFO("%s: Antenna %s", info->hdev->name, | 363 | BT_INFO("%s: Antenna %s", info->hdev->name, |
364 | stat ? "out" : "in"); | 364 | status ? "out" : "in"); |
365 | } | 365 | } |
366 | if (stat & 0x0001) | 366 | if (stat & 0x0001) |
367 | bt3c_receive(info); | 367 | bt3c_receive(info); |
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index b5fbda6d490a..e70c57ee4221 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c | |||
@@ -35,7 +35,7 @@ | |||
35 | #include <net/bluetooth/bluetooth.h> | 35 | #include <net/bluetooth/bluetooth.h> |
36 | #include <net/bluetooth/hci_core.h> | 36 | #include <net/bluetooth/hci_core.h> |
37 | 37 | ||
38 | #define VERSION "0.4" | 38 | #define VERSION "0.5" |
39 | 39 | ||
40 | static int ignore_dga; | 40 | static int ignore_dga; |
41 | static int ignore_csr; | 41 | static int ignore_csr; |
@@ -171,6 +171,7 @@ struct btusb_data { | |||
171 | 171 | ||
172 | __u8 cmdreq_type; | 172 | __u8 cmdreq_type; |
173 | 173 | ||
174 | unsigned int sco_num; | ||
174 | int isoc_altsetting; | 175 | int isoc_altsetting; |
175 | int suspend_count; | 176 | int suspend_count; |
176 | }; | 177 | }; |
@@ -496,11 +497,23 @@ static int btusb_open(struct hci_dev *hdev) | |||
496 | return 0; | 497 | return 0; |
497 | 498 | ||
498 | err = btusb_submit_intr_urb(hdev, GFP_KERNEL); | 499 | err = btusb_submit_intr_urb(hdev, GFP_KERNEL); |
500 | if (err < 0) | ||
501 | goto failed; | ||
502 | |||
503 | err = btusb_submit_bulk_urb(hdev, GFP_KERNEL); | ||
499 | if (err < 0) { | 504 | if (err < 0) { |
500 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); | 505 | usb_kill_anchored_urbs(&data->intr_anchor); |
501 | clear_bit(HCI_RUNNING, &hdev->flags); | 506 | goto failed; |
502 | } | 507 | } |
503 | 508 | ||
509 | set_bit(BTUSB_BULK_RUNNING, &data->flags); | ||
510 | btusb_submit_bulk_urb(hdev, GFP_KERNEL); | ||
511 | |||
512 | return 0; | ||
513 | |||
514 | failed: | ||
515 | clear_bit(BTUSB_INTR_RUNNING, &data->flags); | ||
516 | clear_bit(HCI_RUNNING, &hdev->flags); | ||
504 | return err; | 517 | return err; |
505 | } | 518 | } |
506 | 519 | ||
@@ -655,19 +668,10 @@ static void btusb_notify(struct hci_dev *hdev, unsigned int evt) | |||
655 | 668 | ||
656 | BT_DBG("%s evt %d", hdev->name, evt); | 669 | BT_DBG("%s evt %d", hdev->name, evt); |
657 | 670 | ||
658 | if (hdev->conn_hash.acl_num > 0) { | 671 | if (hdev->conn_hash.sco_num != data->sco_num) { |
659 | if (!test_and_set_bit(BTUSB_BULK_RUNNING, &data->flags)) { | 672 | data->sco_num = hdev->conn_hash.sco_num; |
660 | if (btusb_submit_bulk_urb(hdev, GFP_ATOMIC) < 0) | 673 | schedule_work(&data->work); |
661 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); | ||
662 | else | ||
663 | btusb_submit_bulk_urb(hdev, GFP_ATOMIC); | ||
664 | } | ||
665 | } else { | ||
666 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); | ||
667 | usb_unlink_anchored_urbs(&data->bulk_anchor); | ||
668 | } | 674 | } |
669 | |||
670 | schedule_work(&data->work); | ||
671 | } | 675 | } |
672 | 676 | ||
673 | static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting) | 677 | static int inline __set_isoc_interface(struct hci_dev *hdev, int altsetting) |
@@ -982,9 +986,11 @@ static int btusb_resume(struct usb_interface *intf) | |||
982 | } | 986 | } |
983 | 987 | ||
984 | if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { | 988 | if (test_bit(BTUSB_BULK_RUNNING, &data->flags)) { |
985 | if (btusb_submit_bulk_urb(hdev, GFP_NOIO) < 0) | 989 | err = btusb_submit_bulk_urb(hdev, GFP_NOIO); |
990 | if (err < 0) { | ||
986 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); | 991 | clear_bit(BTUSB_BULK_RUNNING, &data->flags); |
987 | else | 992 | return err; |
993 | } else | ||
988 | btusb_submit_bulk_urb(hdev, GFP_NOIO); | 994 | btusb_submit_bulk_urb(hdev, GFP_NOIO); |
989 | } | 995 | } |
990 | 996 | ||
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c index b0fafb055996..c0ce8134814e 100644 --- a/drivers/bluetooth/hci_h4.c +++ b/drivers/bluetooth/hci_h4.c | |||
@@ -102,8 +102,7 @@ static int h4_close(struct hci_uart *hu) | |||
102 | 102 | ||
103 | skb_queue_purge(&h4->txq); | 103 | skb_queue_purge(&h4->txq); |
104 | 104 | ||
105 | if (h4->rx_skb) | 105 | kfree_skb(h4->rx_skb); |
106 | kfree_skb(h4->rx_skb); | ||
107 | 106 | ||
108 | hu->priv = NULL; | 107 | hu->priv = NULL; |
109 | kfree(h4); | 108 | kfree(h4); |
diff --git a/drivers/bluetooth/hci_ll.c b/drivers/bluetooth/hci_ll.c index b91d45a41b2f..5c65014635be 100644 --- a/drivers/bluetooth/hci_ll.c +++ b/drivers/bluetooth/hci_ll.c | |||
@@ -163,8 +163,7 @@ static int ll_close(struct hci_uart *hu) | |||
163 | skb_queue_purge(&ll->tx_wait_q); | 163 | skb_queue_purge(&ll->tx_wait_q); |
164 | skb_queue_purge(&ll->txq); | 164 | skb_queue_purge(&ll->txq); |
165 | 165 | ||
166 | if (ll->rx_skb) | 166 | kfree_skb(ll->rx_skb); |
167 | kfree_skb(ll->rx_skb); | ||
168 | 167 | ||
169 | hu->priv = NULL; | 168 | hu->priv = NULL; |
170 | 169 | ||
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h index a04f8463ac7e..3ad5390a4dd5 100644 --- a/include/net/bluetooth/bluetooth.h +++ b/include/net/bluetooth/bluetooth.h | |||
@@ -53,6 +53,17 @@ | |||
53 | #define SOL_SCO 17 | 53 | #define SOL_SCO 17 |
54 | #define SOL_RFCOMM 18 | 54 | #define SOL_RFCOMM 18 |
55 | 55 | ||
56 | #define BT_SECURITY 4 | ||
57 | struct bt_security { | ||
58 | __u8 level; | ||
59 | }; | ||
60 | #define BT_SECURITY_SDP 0 | ||
61 | #define BT_SECURITY_LOW 1 | ||
62 | #define BT_SECURITY_MEDIUM 2 | ||
63 | #define BT_SECURITY_HIGH 3 | ||
64 | |||
65 | #define BT_DEFER_SETUP 7 | ||
66 | |||
56 | #define BT_INFO(fmt, arg...) printk(KERN_INFO "Bluetooth: " fmt "\n" , ## arg) | 67 | #define BT_INFO(fmt, arg...) printk(KERN_INFO "Bluetooth: " fmt "\n" , ## arg) |
57 | #define BT_ERR(fmt, arg...) printk(KERN_ERR "%s: " fmt "\n" , __func__ , ## arg) | 68 | #define BT_ERR(fmt, arg...) printk(KERN_ERR "%s: " fmt "\n" , __func__ , ## arg) |
58 | #define BT_DBG(fmt, arg...) pr_debug("%s: " fmt "\n" , __func__ , ## arg) | 69 | #define BT_DBG(fmt, arg...) pr_debug("%s: " fmt "\n" , __func__ , ## arg) |
@@ -108,6 +119,7 @@ struct bt_sock { | |||
108 | bdaddr_t dst; | 119 | bdaddr_t dst; |
109 | struct list_head accept_q; | 120 | struct list_head accept_q; |
110 | struct sock *parent; | 121 | struct sock *parent; |
122 | u32 defer_setup; | ||
111 | }; | 123 | }; |
112 | 124 | ||
113 | struct bt_sock_list { | 125 | struct bt_sock_list { |
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 3645139e68c7..f69f015bbcc0 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h | |||
@@ -133,8 +133,13 @@ enum { | |||
133 | #define ESCO_EV3 0x0008 | 133 | #define ESCO_EV3 0x0008 |
134 | #define ESCO_EV4 0x0010 | 134 | #define ESCO_EV4 0x0010 |
135 | #define ESCO_EV5 0x0020 | 135 | #define ESCO_EV5 0x0020 |
136 | #define ESCO_2EV3 0x0040 | ||
137 | #define ESCO_3EV3 0x0080 | ||
138 | #define ESCO_2EV5 0x0100 | ||
139 | #define ESCO_3EV5 0x0200 | ||
136 | 140 | ||
137 | #define SCO_ESCO_MASK (ESCO_HV1 | ESCO_HV2 | ESCO_HV3) | 141 | #define SCO_ESCO_MASK (ESCO_HV1 | ESCO_HV2 | ESCO_HV3) |
142 | #define EDR_ESCO_MASK (ESCO_2EV3 | ESCO_3EV3 | ESCO_2EV5 | ESCO_3EV5) | ||
138 | 143 | ||
139 | /* ACL flags */ | 144 | /* ACL flags */ |
140 | #define ACL_CONT 0x01 | 145 | #define ACL_CONT 0x01 |
@@ -176,6 +181,9 @@ enum { | |||
176 | #define LMP_EV5 0x02 | 181 | #define LMP_EV5 0x02 |
177 | 182 | ||
178 | #define LMP_SNIFF_SUBR 0x02 | 183 | #define LMP_SNIFF_SUBR 0x02 |
184 | #define LMP_EDR_ESCO_2M 0x20 | ||
185 | #define LMP_EDR_ESCO_3M 0x40 | ||
186 | #define LMP_EDR_3S_ESCO 0x80 | ||
179 | 187 | ||
180 | #define LMP_SIMPLE_PAIR 0x08 | 188 | #define LMP_SIMPLE_PAIR 0x08 |
181 | 189 | ||
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 46a43b721dd6..01f9316b4c23 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h | |||
@@ -169,6 +169,7 @@ struct hci_conn { | |||
169 | __u16 link_policy; | 169 | __u16 link_policy; |
170 | __u32 link_mode; | 170 | __u32 link_mode; |
171 | __u8 auth_type; | 171 | __u8 auth_type; |
172 | __u8 sec_level; | ||
172 | __u8 power_save; | 173 | __u8 power_save; |
173 | unsigned long pend; | 174 | unsigned long pend; |
174 | 175 | ||
@@ -325,12 +326,11 @@ int hci_conn_del(struct hci_conn *conn); | |||
325 | void hci_conn_hash_flush(struct hci_dev *hdev); | 326 | void hci_conn_hash_flush(struct hci_dev *hdev); |
326 | void hci_conn_check_pending(struct hci_dev *hdev); | 327 | void hci_conn_check_pending(struct hci_dev *hdev); |
327 | 328 | ||
328 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type); | 329 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type); |
329 | int hci_conn_check_link_mode(struct hci_conn *conn); | 330 | int hci_conn_check_link_mode(struct hci_conn *conn); |
330 | int hci_conn_auth(struct hci_conn *conn); | 331 | int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type); |
331 | int hci_conn_encrypt(struct hci_conn *conn); | ||
332 | int hci_conn_change_link_key(struct hci_conn *conn); | 332 | int hci_conn_change_link_key(struct hci_conn *conn); |
333 | int hci_conn_switch_role(struct hci_conn *conn, uint8_t role); | 333 | int hci_conn_switch_role(struct hci_conn *conn, __u8 role); |
334 | 334 | ||
335 | void hci_conn_enter_active_mode(struct hci_conn *conn); | 335 | void hci_conn_enter_active_mode(struct hci_conn *conn); |
336 | void hci_conn_enter_sniff_mode(struct hci_conn *conn); | 336 | void hci_conn_enter_sniff_mode(struct hci_conn *conn); |
@@ -470,26 +470,26 @@ void hci_conn_del_sysfs(struct hci_conn *conn); | |||
470 | 470 | ||
471 | /* ----- HCI protocols ----- */ | 471 | /* ----- HCI protocols ----- */ |
472 | struct hci_proto { | 472 | struct hci_proto { |
473 | char *name; | 473 | char *name; |
474 | unsigned int id; | 474 | unsigned int id; |
475 | unsigned long flags; | 475 | unsigned long flags; |
476 | 476 | ||
477 | void *priv; | 477 | void *priv; |
478 | 478 | ||
479 | int (*connect_ind) (struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type); | 479 | int (*connect_ind) (struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type); |
480 | int (*connect_cfm) (struct hci_conn *conn, __u8 status); | 480 | int (*connect_cfm) (struct hci_conn *conn, __u8 status); |
481 | int (*disconn_ind) (struct hci_conn *conn, __u8 reason); | 481 | int (*disconn_ind) (struct hci_conn *conn); |
482 | int (*disconn_cfm) (struct hci_conn *conn, __u8 reason); | ||
482 | int (*recv_acldata) (struct hci_conn *conn, struct sk_buff *skb, __u16 flags); | 483 | int (*recv_acldata) (struct hci_conn *conn, struct sk_buff *skb, __u16 flags); |
483 | int (*recv_scodata) (struct hci_conn *conn, struct sk_buff *skb); | 484 | int (*recv_scodata) (struct hci_conn *conn, struct sk_buff *skb); |
484 | int (*auth_cfm) (struct hci_conn *conn, __u8 status); | 485 | int (*security_cfm) (struct hci_conn *conn, __u8 status, __u8 encrypt); |
485 | int (*encrypt_cfm) (struct hci_conn *conn, __u8 status, __u8 encrypt); | ||
486 | }; | 486 | }; |
487 | 487 | ||
488 | static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) | 488 | static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) |
489 | { | 489 | { |
490 | register struct hci_proto *hp; | 490 | register struct hci_proto *hp; |
491 | int mask = 0; | 491 | int mask = 0; |
492 | 492 | ||
493 | hp = hci_proto[HCI_PROTO_L2CAP]; | 493 | hp = hci_proto[HCI_PROTO_L2CAP]; |
494 | if (hp && hp->connect_ind) | 494 | if (hp && hp->connect_ind) |
495 | mask |= hp->connect_ind(hdev, bdaddr, type); | 495 | mask |= hp->connect_ind(hdev, bdaddr, type); |
@@ -514,30 +514,52 @@ static inline void hci_proto_connect_cfm(struct hci_conn *conn, __u8 status) | |||
514 | hp->connect_cfm(conn, status); | 514 | hp->connect_cfm(conn, status); |
515 | } | 515 | } |
516 | 516 | ||
517 | static inline void hci_proto_disconn_ind(struct hci_conn *conn, __u8 reason) | 517 | static inline int hci_proto_disconn_ind(struct hci_conn *conn) |
518 | { | 518 | { |
519 | register struct hci_proto *hp; | 519 | register struct hci_proto *hp; |
520 | int reason = 0x13; | ||
520 | 521 | ||
521 | hp = hci_proto[HCI_PROTO_L2CAP]; | 522 | hp = hci_proto[HCI_PROTO_L2CAP]; |
522 | if (hp && hp->disconn_ind) | 523 | if (hp && hp->disconn_ind) |
523 | hp->disconn_ind(conn, reason); | 524 | reason = hp->disconn_ind(conn); |
524 | 525 | ||
525 | hp = hci_proto[HCI_PROTO_SCO]; | 526 | hp = hci_proto[HCI_PROTO_SCO]; |
526 | if (hp && hp->disconn_ind) | 527 | if (hp && hp->disconn_ind) |
527 | hp->disconn_ind(conn, reason); | 528 | reason = hp->disconn_ind(conn); |
529 | |||
530 | return reason; | ||
531 | } | ||
532 | |||
533 | static inline void hci_proto_disconn_cfm(struct hci_conn *conn, __u8 reason) | ||
534 | { | ||
535 | register struct hci_proto *hp; | ||
536 | |||
537 | hp = hci_proto[HCI_PROTO_L2CAP]; | ||
538 | if (hp && hp->disconn_cfm) | ||
539 | hp->disconn_cfm(conn, reason); | ||
540 | |||
541 | hp = hci_proto[HCI_PROTO_SCO]; | ||
542 | if (hp && hp->disconn_cfm) | ||
543 | hp->disconn_cfm(conn, reason); | ||
528 | } | 544 | } |
529 | 545 | ||
530 | static inline void hci_proto_auth_cfm(struct hci_conn *conn, __u8 status) | 546 | static inline void hci_proto_auth_cfm(struct hci_conn *conn, __u8 status) |
531 | { | 547 | { |
532 | register struct hci_proto *hp; | 548 | register struct hci_proto *hp; |
549 | __u8 encrypt; | ||
550 | |||
551 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) | ||
552 | return; | ||
553 | |||
554 | encrypt = (conn->link_mode & HCI_LM_ENCRYPT) ? 0x01 : 0x00; | ||
533 | 555 | ||
534 | hp = hci_proto[HCI_PROTO_L2CAP]; | 556 | hp = hci_proto[HCI_PROTO_L2CAP]; |
535 | if (hp && hp->auth_cfm) | 557 | if (hp && hp->security_cfm) |
536 | hp->auth_cfm(conn, status); | 558 | hp->security_cfm(conn, status, encrypt); |
537 | 559 | ||
538 | hp = hci_proto[HCI_PROTO_SCO]; | 560 | hp = hci_proto[HCI_PROTO_SCO]; |
539 | if (hp && hp->auth_cfm) | 561 | if (hp && hp->security_cfm) |
540 | hp->auth_cfm(conn, status); | 562 | hp->security_cfm(conn, status, encrypt); |
541 | } | 563 | } |
542 | 564 | ||
543 | static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encrypt) | 565 | static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encrypt) |
@@ -545,12 +567,12 @@ static inline void hci_proto_encrypt_cfm(struct hci_conn *conn, __u8 status, __u | |||
545 | register struct hci_proto *hp; | 567 | register struct hci_proto *hp; |
546 | 568 | ||
547 | hp = hci_proto[HCI_PROTO_L2CAP]; | 569 | hp = hci_proto[HCI_PROTO_L2CAP]; |
548 | if (hp && hp->encrypt_cfm) | 570 | if (hp && hp->security_cfm) |
549 | hp->encrypt_cfm(conn, status, encrypt); | 571 | hp->security_cfm(conn, status, encrypt); |
550 | 572 | ||
551 | hp = hci_proto[HCI_PROTO_SCO]; | 573 | hp = hci_proto[HCI_PROTO_SCO]; |
552 | if (hp && hp->encrypt_cfm) | 574 | if (hp && hp->security_cfm) |
553 | hp->encrypt_cfm(conn, status, encrypt); | 575 | hp->security_cfm(conn, status, encrypt); |
554 | } | 576 | } |
555 | 577 | ||
556 | int hci_register_proto(struct hci_proto *hproto); | 578 | int hci_register_proto(struct hci_proto *hproto); |
@@ -562,8 +584,7 @@ struct hci_cb { | |||
562 | 584 | ||
563 | char *name; | 585 | char *name; |
564 | 586 | ||
565 | void (*auth_cfm) (struct hci_conn *conn, __u8 status); | 587 | void (*security_cfm) (struct hci_conn *conn, __u8 status, __u8 encrypt); |
566 | void (*encrypt_cfm) (struct hci_conn *conn, __u8 status, __u8 encrypt); | ||
567 | void (*key_change_cfm) (struct hci_conn *conn, __u8 status); | 588 | void (*key_change_cfm) (struct hci_conn *conn, __u8 status); |
568 | void (*role_switch_cfm) (struct hci_conn *conn, __u8 status, __u8 role); | 589 | void (*role_switch_cfm) (struct hci_conn *conn, __u8 status, __u8 role); |
569 | }; | 590 | }; |
@@ -571,14 +592,20 @@ struct hci_cb { | |||
571 | static inline void hci_auth_cfm(struct hci_conn *conn, __u8 status) | 592 | static inline void hci_auth_cfm(struct hci_conn *conn, __u8 status) |
572 | { | 593 | { |
573 | struct list_head *p; | 594 | struct list_head *p; |
595 | __u8 encrypt; | ||
574 | 596 | ||
575 | hci_proto_auth_cfm(conn, status); | 597 | hci_proto_auth_cfm(conn, status); |
576 | 598 | ||
599 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) | ||
600 | return; | ||
601 | |||
602 | encrypt = (conn->link_mode & HCI_LM_ENCRYPT) ? 0x01 : 0x00; | ||
603 | |||
577 | read_lock_bh(&hci_cb_list_lock); | 604 | read_lock_bh(&hci_cb_list_lock); |
578 | list_for_each(p, &hci_cb_list) { | 605 | list_for_each(p, &hci_cb_list) { |
579 | struct hci_cb *cb = list_entry(p, struct hci_cb, list); | 606 | struct hci_cb *cb = list_entry(p, struct hci_cb, list); |
580 | if (cb->auth_cfm) | 607 | if (cb->security_cfm) |
581 | cb->auth_cfm(conn, status); | 608 | cb->security_cfm(conn, status, encrypt); |
582 | } | 609 | } |
583 | read_unlock_bh(&hci_cb_list_lock); | 610 | read_unlock_bh(&hci_cb_list_lock); |
584 | } | 611 | } |
@@ -587,13 +614,16 @@ static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status, __u8 encr | |||
587 | { | 614 | { |
588 | struct list_head *p; | 615 | struct list_head *p; |
589 | 616 | ||
617 | if (conn->sec_level == BT_SECURITY_SDP) | ||
618 | conn->sec_level = BT_SECURITY_LOW; | ||
619 | |||
590 | hci_proto_encrypt_cfm(conn, status, encrypt); | 620 | hci_proto_encrypt_cfm(conn, status, encrypt); |
591 | 621 | ||
592 | read_lock_bh(&hci_cb_list_lock); | 622 | read_lock_bh(&hci_cb_list_lock); |
593 | list_for_each(p, &hci_cb_list) { | 623 | list_for_each(p, &hci_cb_list) { |
594 | struct hci_cb *cb = list_entry(p, struct hci_cb, list); | 624 | struct hci_cb *cb = list_entry(p, struct hci_cb, list); |
595 | if (cb->encrypt_cfm) | 625 | if (cb->security_cfm) |
596 | cb->encrypt_cfm(conn, status, encrypt); | 626 | cb->security_cfm(conn, status, encrypt); |
597 | } | 627 | } |
598 | read_unlock_bh(&hci_cb_list_lock); | 628 | read_unlock_bh(&hci_cb_list_lock); |
599 | } | 629 | } |
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index 73e115bc12dd..f566aa1f0a4c 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h | |||
@@ -37,6 +37,7 @@ struct sockaddr_l2 { | |||
37 | sa_family_t l2_family; | 37 | sa_family_t l2_family; |
38 | __le16 l2_psm; | 38 | __le16 l2_psm; |
39 | bdaddr_t l2_bdaddr; | 39 | bdaddr_t l2_bdaddr; |
40 | __le16 l2_cid; | ||
40 | }; | 41 | }; |
41 | 42 | ||
42 | /* L2CAP socket options */ | 43 | /* L2CAP socket options */ |
@@ -185,6 +186,7 @@ struct l2cap_info_rsp { | |||
185 | /* info type */ | 186 | /* info type */ |
186 | #define L2CAP_IT_CL_MTU 0x0001 | 187 | #define L2CAP_IT_CL_MTU 0x0001 |
187 | #define L2CAP_IT_FEAT_MASK 0x0002 | 188 | #define L2CAP_IT_FEAT_MASK 0x0002 |
189 | #define L2CAP_IT_FIXED_CHAN 0x0003 | ||
188 | 190 | ||
189 | /* info result */ | 191 | /* info result */ |
190 | #define L2CAP_IR_SUCCESS 0x0000 | 192 | #define L2CAP_IR_SUCCESS 0x0000 |
@@ -219,11 +221,14 @@ struct l2cap_conn { | |||
219 | __u8 rx_ident; | 221 | __u8 rx_ident; |
220 | __u8 tx_ident; | 222 | __u8 tx_ident; |
221 | 223 | ||
224 | __u8 disc_reason; | ||
225 | |||
222 | struct l2cap_chan_list chan_list; | 226 | struct l2cap_chan_list chan_list; |
223 | }; | 227 | }; |
224 | 228 | ||
225 | #define L2CAP_INFO_CL_MTU_REQ_SENT 0x01 | 229 | #define L2CAP_INFO_CL_MTU_REQ_SENT 0x01 |
226 | #define L2CAP_INFO_FEAT_MASK_REQ_SENT 0x02 | 230 | #define L2CAP_INFO_FEAT_MASK_REQ_SENT 0x04 |
231 | #define L2CAP_INFO_FEAT_MASK_REQ_DONE 0x08 | ||
227 | 232 | ||
228 | /* ----- L2CAP channel and socket info ----- */ | 233 | /* ----- L2CAP channel and socket info ----- */ |
229 | #define l2cap_pi(sk) ((struct l2cap_pinfo *) sk) | 234 | #define l2cap_pi(sk) ((struct l2cap_pinfo *) sk) |
@@ -237,8 +242,9 @@ struct l2cap_pinfo { | |||
237 | __u16 imtu; | 242 | __u16 imtu; |
238 | __u16 omtu; | 243 | __u16 omtu; |
239 | __u16 flush_to; | 244 | __u16 flush_to; |
240 | 245 | __u8 sec_level; | |
241 | __u32 link_mode; | 246 | __u8 role_switch; |
247 | __u8 force_reliable; | ||
242 | 248 | ||
243 | __u8 conf_req[64]; | 249 | __u8 conf_req[64]; |
244 | __u8 conf_len; | 250 | __u8 conf_len; |
@@ -257,6 +263,7 @@ struct l2cap_pinfo { | |||
257 | #define L2CAP_CONF_REQ_SENT 0x01 | 263 | #define L2CAP_CONF_REQ_SENT 0x01 |
258 | #define L2CAP_CONF_INPUT_DONE 0x02 | 264 | #define L2CAP_CONF_INPUT_DONE 0x02 |
259 | #define L2CAP_CONF_OUTPUT_DONE 0x04 | 265 | #define L2CAP_CONF_OUTPUT_DONE 0x04 |
266 | #define L2CAP_CONF_CONNECT_PEND 0x80 | ||
260 | 267 | ||
261 | #define L2CAP_CONF_MAX_RETRIES 2 | 268 | #define L2CAP_CONF_MAX_RETRIES 2 |
262 | 269 | ||
diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h index 4dc8d92a4638..80072611d26a 100644 --- a/include/net/bluetooth/rfcomm.h +++ b/include/net/bluetooth/rfcomm.h | |||
@@ -183,8 +183,9 @@ struct rfcomm_dlc { | |||
183 | u8 remote_v24_sig; | 183 | u8 remote_v24_sig; |
184 | u8 mscex; | 184 | u8 mscex; |
185 | u8 out; | 185 | u8 out; |
186 | 186 | u8 sec_level; | |
187 | u32 link_mode; | 187 | u8 role_switch; |
188 | u32 defer_setup; | ||
188 | 189 | ||
189 | uint mtu; | 190 | uint mtu; |
190 | uint cfc; | 191 | uint cfc; |
@@ -202,10 +203,12 @@ struct rfcomm_dlc { | |||
202 | #define RFCOMM_RX_THROTTLED 0 | 203 | #define RFCOMM_RX_THROTTLED 0 |
203 | #define RFCOMM_TX_THROTTLED 1 | 204 | #define RFCOMM_TX_THROTTLED 1 |
204 | #define RFCOMM_TIMED_OUT 2 | 205 | #define RFCOMM_TIMED_OUT 2 |
205 | #define RFCOMM_MSC_PENDING 3 | 206 | #define RFCOMM_MSC_PENDING 3 |
206 | #define RFCOMM_AUTH_PENDING 4 | 207 | #define RFCOMM_SEC_PENDING 4 |
207 | #define RFCOMM_AUTH_ACCEPT 5 | 208 | #define RFCOMM_AUTH_PENDING 5 |
208 | #define RFCOMM_AUTH_REJECT 6 | 209 | #define RFCOMM_AUTH_ACCEPT 6 |
210 | #define RFCOMM_AUTH_REJECT 7 | ||
211 | #define RFCOMM_DEFER_SETUP 8 | ||
209 | 212 | ||
210 | /* Scheduling flags and events */ | 213 | /* Scheduling flags and events */ |
211 | #define RFCOMM_SCHED_STATE 0 | 214 | #define RFCOMM_SCHED_STATE 0 |
@@ -239,6 +242,7 @@ int rfcomm_dlc_close(struct rfcomm_dlc *d, int reason); | |||
239 | int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb); | 242 | int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb); |
240 | int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig); | 243 | int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig); |
241 | int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig); | 244 | int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig); |
245 | void rfcomm_dlc_accept(struct rfcomm_dlc *d); | ||
242 | 246 | ||
243 | #define rfcomm_dlc_lock(d) spin_lock(&d->lock) | 247 | #define rfcomm_dlc_lock(d) spin_lock(&d->lock) |
244 | #define rfcomm_dlc_unlock(d) spin_unlock(&d->lock) | 248 | #define rfcomm_dlc_unlock(d) spin_unlock(&d->lock) |
@@ -304,7 +308,8 @@ struct rfcomm_pinfo { | |||
304 | struct bt_sock bt; | 308 | struct bt_sock bt; |
305 | struct rfcomm_dlc *dlc; | 309 | struct rfcomm_dlc *dlc; |
306 | u8 channel; | 310 | u8 channel; |
307 | u32 link_mode; | 311 | u8 sec_level; |
312 | u8 role_switch; | ||
308 | }; | 313 | }; |
309 | 314 | ||
310 | int rfcomm_init_sockets(void); | 315 | int rfcomm_init_sockets(void); |
@@ -333,7 +338,6 @@ struct rfcomm_dev_req { | |||
333 | bdaddr_t src; | 338 | bdaddr_t src; |
334 | bdaddr_t dst; | 339 | bdaddr_t dst; |
335 | u8 channel; | 340 | u8 channel; |
336 | |||
337 | }; | 341 | }; |
338 | 342 | ||
339 | struct rfcomm_dev_info { | 343 | struct rfcomm_dev_info { |
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 744ed3f07ef3..02b9baa1930b 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c | |||
@@ -41,14 +41,13 @@ | |||
41 | 41 | ||
42 | #include <net/bluetooth/bluetooth.h> | 42 | #include <net/bluetooth/bluetooth.h> |
43 | 43 | ||
44 | #define VERSION "2.14" | 44 | #define VERSION "2.15" |
45 | 45 | ||
46 | /* Bluetooth sockets */ | 46 | /* Bluetooth sockets */ |
47 | #define BT_MAX_PROTO 8 | 47 | #define BT_MAX_PROTO 8 |
48 | static struct net_proto_family *bt_proto[BT_MAX_PROTO]; | 48 | static struct net_proto_family *bt_proto[BT_MAX_PROTO]; |
49 | static DEFINE_RWLOCK(bt_proto_lock); | 49 | static DEFINE_RWLOCK(bt_proto_lock); |
50 | 50 | ||
51 | #ifdef CONFIG_DEBUG_LOCK_ALLOC | ||
52 | static struct lock_class_key bt_lock_key[BT_MAX_PROTO]; | 51 | static struct lock_class_key bt_lock_key[BT_MAX_PROTO]; |
53 | static const char *bt_key_strings[BT_MAX_PROTO] = { | 52 | static const char *bt_key_strings[BT_MAX_PROTO] = { |
54 | "sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP", | 53 | "sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP", |
@@ -86,11 +85,6 @@ static inline void bt_sock_reclassify_lock(struct socket *sock, int proto) | |||
86 | bt_slock_key_strings[proto], &bt_slock_key[proto], | 85 | bt_slock_key_strings[proto], &bt_slock_key[proto], |
87 | bt_key_strings[proto], &bt_lock_key[proto]); | 86 | bt_key_strings[proto], &bt_lock_key[proto]); |
88 | } | 87 | } |
89 | #else | ||
90 | static inline void bt_sock_reclassify_lock(struct socket *sock, int proto) | ||
91 | { | ||
92 | } | ||
93 | #endif | ||
94 | 88 | ||
95 | int bt_sock_register(int proto, struct net_proto_family *ops) | 89 | int bt_sock_register(int proto, struct net_proto_family *ops) |
96 | { | 90 | { |
@@ -217,7 +211,8 @@ struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock) | |||
217 | continue; | 211 | continue; |
218 | } | 212 | } |
219 | 213 | ||
220 | if (sk->sk_state == BT_CONNECTED || !newsock) { | 214 | if (sk->sk_state == BT_CONNECTED || !newsock || |
215 | bt_sk(parent)->defer_setup) { | ||
221 | bt_accept_unlink(sk); | 216 | bt_accept_unlink(sk); |
222 | if (newsock) | 217 | if (newsock) |
223 | sock_graft(sk, newsock); | 218 | sock_graft(sk, newsock); |
@@ -232,7 +227,7 @@ struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock) | |||
232 | EXPORT_SYMBOL(bt_accept_dequeue); | 227 | EXPORT_SYMBOL(bt_accept_dequeue); |
233 | 228 | ||
234 | int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | 229 | int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, |
235 | struct msghdr *msg, size_t len, int flags) | 230 | struct msghdr *msg, size_t len, int flags) |
236 | { | 231 | { |
237 | int noblock = flags & MSG_DONTWAIT; | 232 | int noblock = flags & MSG_DONTWAIT; |
238 | struct sock *sk = sock->sk; | 233 | struct sock *sk = sock->sk; |
@@ -277,7 +272,9 @@ static inline unsigned int bt_accept_poll(struct sock *parent) | |||
277 | 272 | ||
278 | list_for_each_safe(p, n, &bt_sk(parent)->accept_q) { | 273 | list_for_each_safe(p, n, &bt_sk(parent)->accept_q) { |
279 | sk = (struct sock *) list_entry(p, struct bt_sock, accept_q); | 274 | sk = (struct sock *) list_entry(p, struct bt_sock, accept_q); |
280 | if (sk->sk_state == BT_CONNECTED) | 275 | if (sk->sk_state == BT_CONNECTED || |
276 | (bt_sk(parent)->defer_setup && | ||
277 | sk->sk_state == BT_CONNECT2)) | ||
281 | return POLLIN | POLLRDNORM; | 278 | return POLLIN | POLLRDNORM; |
282 | } | 279 | } |
283 | 280 | ||
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c index c9cac7719efe..0073ec8495da 100644 --- a/net/bluetooth/cmtp/core.c +++ b/net/bluetooth/cmtp/core.c | |||
@@ -126,8 +126,7 @@ static inline void cmtp_add_msgpart(struct cmtp_session *session, int id, const | |||
126 | 126 | ||
127 | session->reassembly[id] = nskb; | 127 | session->reassembly[id] = nskb; |
128 | 128 | ||
129 | if (skb) | 129 | kfree_skb(skb); |
130 | kfree_skb(skb); | ||
131 | } | 130 | } |
132 | 131 | ||
133 | static inline int cmtp_recv_frame(struct cmtp_session *session, struct sk_buff *skb) | 132 | static inline int cmtp_recv_frame(struct cmtp_session *session, struct sk_buff *skb) |
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a4a789f24c8d..1181db08d9de 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -123,6 +123,8 @@ void hci_add_sco(struct hci_conn *conn, __u16 handle) | |||
123 | conn->state = BT_CONNECT; | 123 | conn->state = BT_CONNECT; |
124 | conn->out = 1; | 124 | conn->out = 1; |
125 | 125 | ||
126 | conn->attempt++; | ||
127 | |||
126 | cp.handle = cpu_to_le16(handle); | 128 | cp.handle = cpu_to_le16(handle); |
127 | cp.pkt_type = cpu_to_le16(conn->pkt_type); | 129 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
128 | 130 | ||
@@ -139,6 +141,8 @@ void hci_setup_sync(struct hci_conn *conn, __u16 handle) | |||
139 | conn->state = BT_CONNECT; | 141 | conn->state = BT_CONNECT; |
140 | conn->out = 1; | 142 | conn->out = 1; |
141 | 143 | ||
144 | conn->attempt++; | ||
145 | |||
142 | cp.handle = cpu_to_le16(handle); | 146 | cp.handle = cpu_to_le16(handle); |
143 | cp.pkt_type = cpu_to_le16(conn->pkt_type); | 147 | cp.pkt_type = cpu_to_le16(conn->pkt_type); |
144 | 148 | ||
@@ -155,6 +159,7 @@ static void hci_conn_timeout(unsigned long arg) | |||
155 | { | 159 | { |
156 | struct hci_conn *conn = (void *) arg; | 160 | struct hci_conn *conn = (void *) arg; |
157 | struct hci_dev *hdev = conn->hdev; | 161 | struct hci_dev *hdev = conn->hdev; |
162 | __u8 reason; | ||
158 | 163 | ||
159 | BT_DBG("conn %p state %d", conn, conn->state); | 164 | BT_DBG("conn %p state %d", conn, conn->state); |
160 | 165 | ||
@@ -173,7 +178,8 @@ static void hci_conn_timeout(unsigned long arg) | |||
173 | break; | 178 | break; |
174 | case BT_CONFIG: | 179 | case BT_CONFIG: |
175 | case BT_CONNECTED: | 180 | case BT_CONNECTED: |
176 | hci_acl_disconn(conn, 0x13); | 181 | reason = hci_proto_disconn_ind(conn); |
182 | hci_acl_disconn(conn, reason); | ||
177 | break; | 183 | break; |
178 | default: | 184 | default: |
179 | conn->state = BT_CLOSED; | 185 | conn->state = BT_CLOSED; |
@@ -216,12 +222,13 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) | |||
216 | break; | 222 | break; |
217 | case SCO_LINK: | 223 | case SCO_LINK: |
218 | if (lmp_esco_capable(hdev)) | 224 | if (lmp_esco_capable(hdev)) |
219 | conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK; | 225 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
226 | (hdev->esco_type & EDR_ESCO_MASK); | ||
220 | else | 227 | else |
221 | conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; | 228 | conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; |
222 | break; | 229 | break; |
223 | case ESCO_LINK: | 230 | case ESCO_LINK: |
224 | conn->pkt_type = hdev->esco_type; | 231 | conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; |
225 | break; | 232 | break; |
226 | } | 233 | } |
227 | 234 | ||
@@ -280,6 +287,8 @@ int hci_conn_del(struct hci_conn *conn) | |||
280 | 287 | ||
281 | skb_queue_purge(&conn->data_q); | 288 | skb_queue_purge(&conn->data_q); |
282 | 289 | ||
290 | hci_conn_del_sysfs(conn); | ||
291 | |||
283 | return 0; | 292 | return 0; |
284 | } | 293 | } |
285 | 294 | ||
@@ -325,7 +334,7 @@ EXPORT_SYMBOL(hci_get_route); | |||
325 | 334 | ||
326 | /* Create SCO or ACL connection. | 335 | /* Create SCO or ACL connection. |
327 | * Device _must_ be locked */ | 336 | * Device _must_ be locked */ |
328 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type) | 337 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 sec_level, __u8 auth_type) |
329 | { | 338 | { |
330 | struct hci_conn *acl; | 339 | struct hci_conn *acl; |
331 | struct hci_conn *sco; | 340 | struct hci_conn *sco; |
@@ -340,6 +349,7 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
340 | hci_conn_hold(acl); | 349 | hci_conn_hold(acl); |
341 | 350 | ||
342 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { | 351 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
352 | acl->sec_level = sec_level; | ||
343 | acl->auth_type = auth_type; | 353 | acl->auth_type = auth_type; |
344 | hci_acl_connect(acl); | 354 | hci_acl_connect(acl); |
345 | } | 355 | } |
@@ -385,51 +395,59 @@ int hci_conn_check_link_mode(struct hci_conn *conn) | |||
385 | EXPORT_SYMBOL(hci_conn_check_link_mode); | 395 | EXPORT_SYMBOL(hci_conn_check_link_mode); |
386 | 396 | ||
387 | /* Authenticate remote device */ | 397 | /* Authenticate remote device */ |
388 | int hci_conn_auth(struct hci_conn *conn) | 398 | static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) |
389 | { | 399 | { |
390 | BT_DBG("conn %p", conn); | 400 | BT_DBG("conn %p", conn); |
391 | 401 | ||
392 | if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) { | 402 | if (sec_level > conn->sec_level) |
393 | if (!(conn->auth_type & 0x01)) { | 403 | conn->sec_level = sec_level; |
394 | conn->auth_type |= 0x01; | 404 | else if (conn->link_mode & HCI_LM_AUTH) |
395 | conn->link_mode &= ~HCI_LM_AUTH; | ||
396 | } | ||
397 | } | ||
398 | |||
399 | if (conn->link_mode & HCI_LM_AUTH) | ||
400 | return 1; | 405 | return 1; |
401 | 406 | ||
407 | conn->auth_type = auth_type; | ||
408 | |||
402 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { | 409 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { |
403 | struct hci_cp_auth_requested cp; | 410 | struct hci_cp_auth_requested cp; |
404 | cp.handle = cpu_to_le16(conn->handle); | 411 | cp.handle = cpu_to_le16(conn->handle); |
405 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, | 412 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, |
406 | sizeof(cp), &cp); | 413 | sizeof(cp), &cp); |
407 | } | 414 | } |
415 | |||
408 | return 0; | 416 | return 0; |
409 | } | 417 | } |
410 | EXPORT_SYMBOL(hci_conn_auth); | ||
411 | 418 | ||
412 | /* Enable encryption */ | 419 | /* Enable security */ |
413 | int hci_conn_encrypt(struct hci_conn *conn) | 420 | int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) |
414 | { | 421 | { |
415 | BT_DBG("conn %p", conn); | 422 | BT_DBG("conn %p", conn); |
416 | 423 | ||
424 | if (sec_level == BT_SECURITY_SDP) | ||
425 | return 1; | ||
426 | |||
427 | if (sec_level == BT_SECURITY_LOW) { | ||
428 | if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) | ||
429 | return hci_conn_auth(conn, sec_level, auth_type); | ||
430 | else | ||
431 | return 1; | ||
432 | } | ||
433 | |||
417 | if (conn->link_mode & HCI_LM_ENCRYPT) | 434 | if (conn->link_mode & HCI_LM_ENCRYPT) |
418 | return hci_conn_auth(conn); | 435 | return hci_conn_auth(conn, sec_level, auth_type); |
419 | 436 | ||
420 | if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) | 437 | if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) |
421 | return 0; | 438 | return 0; |
422 | 439 | ||
423 | if (hci_conn_auth(conn)) { | 440 | if (hci_conn_auth(conn, sec_level, auth_type)) { |
424 | struct hci_cp_set_conn_encrypt cp; | 441 | struct hci_cp_set_conn_encrypt cp; |
425 | cp.handle = cpu_to_le16(conn->handle); | 442 | cp.handle = cpu_to_le16(conn->handle); |
426 | cp.encrypt = 1; | 443 | cp.encrypt = 1; |
427 | hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, | 444 | hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, |
428 | sizeof(cp), &cp); | 445 | sizeof(cp), &cp); |
429 | } | 446 | } |
447 | |||
430 | return 0; | 448 | return 0; |
431 | } | 449 | } |
432 | EXPORT_SYMBOL(hci_conn_encrypt); | 450 | EXPORT_SYMBOL(hci_conn_security); |
433 | 451 | ||
434 | /* Change link key */ | 452 | /* Change link key */ |
435 | int hci_conn_change_link_key(struct hci_conn *conn) | 453 | int hci_conn_change_link_key(struct hci_conn *conn) |
@@ -442,12 +460,13 @@ int hci_conn_change_link_key(struct hci_conn *conn) | |||
442 | hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, | 460 | hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, |
443 | sizeof(cp), &cp); | 461 | sizeof(cp), &cp); |
444 | } | 462 | } |
463 | |||
445 | return 0; | 464 | return 0; |
446 | } | 465 | } |
447 | EXPORT_SYMBOL(hci_conn_change_link_key); | 466 | EXPORT_SYMBOL(hci_conn_change_link_key); |
448 | 467 | ||
449 | /* Switch role */ | 468 | /* Switch role */ |
450 | int hci_conn_switch_role(struct hci_conn *conn, uint8_t role) | 469 | int hci_conn_switch_role(struct hci_conn *conn, __u8 role) |
451 | { | 470 | { |
452 | BT_DBG("conn %p", conn); | 471 | BT_DBG("conn %p", conn); |
453 | 472 | ||
@@ -460,6 +479,7 @@ int hci_conn_switch_role(struct hci_conn *conn, uint8_t role) | |||
460 | cp.role = role; | 479 | cp.role = role; |
461 | hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); | 480 | hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp); |
462 | } | 481 | } |
482 | |||
463 | return 0; | 483 | return 0; |
464 | } | 484 | } |
465 | EXPORT_SYMBOL(hci_conn_switch_role); | 485 | EXPORT_SYMBOL(hci_conn_switch_role); |
@@ -542,9 +562,7 @@ void hci_conn_hash_flush(struct hci_dev *hdev) | |||
542 | 562 | ||
543 | c->state = BT_CLOSED; | 563 | c->state = BT_CLOSED; |
544 | 564 | ||
545 | hci_conn_del_sysfs(c); | 565 | hci_proto_disconn_cfm(c, 0x16); |
546 | |||
547 | hci_proto_disconn_ind(c, 0x16); | ||
548 | hci_conn_del(c); | 566 | hci_conn_del(c); |
549 | } | 567 | } |
550 | } | 568 | } |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index ba78cc1eb8d9..cd061510b6bd 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -1565,8 +1565,7 @@ static void hci_cmd_task(unsigned long arg) | |||
1565 | 1565 | ||
1566 | /* Send queued commands */ | 1566 | /* Send queued commands */ |
1567 | if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { | 1567 | if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { |
1568 | if (hdev->sent_cmd) | 1568 | kfree_skb(hdev->sent_cmd); |
1569 | kfree_skb(hdev->sent_cmd); | ||
1570 | 1569 | ||
1571 | if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) { | 1570 | if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) { |
1572 | atomic_dec(&hdev->cmd_cnt); | 1571 | atomic_dec(&hdev->cmd_cnt); |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index f91ba690f5d2..55534244c3a0 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -484,6 +484,15 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb | |||
484 | if (hdev->features[4] & LMP_EV5) | 484 | if (hdev->features[4] & LMP_EV5) |
485 | hdev->esco_type |= (ESCO_EV5); | 485 | hdev->esco_type |= (ESCO_EV5); |
486 | 486 | ||
487 | if (hdev->features[5] & LMP_EDR_ESCO_2M) | ||
488 | hdev->esco_type |= (ESCO_2EV3); | ||
489 | |||
490 | if (hdev->features[5] & LMP_EDR_ESCO_3M) | ||
491 | hdev->esco_type |= (ESCO_3EV3); | ||
492 | |||
493 | if (hdev->features[5] & LMP_EDR_3S_ESCO) | ||
494 | hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); | ||
495 | |||
487 | BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, | 496 | BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, |
488 | hdev->features[0], hdev->features[1], | 497 | hdev->features[0], hdev->features[1], |
489 | hdev->features[2], hdev->features[3], | 498 | hdev->features[2], hdev->features[3], |
@@ -914,7 +923,8 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s | |||
914 | if (ev->status) { | 923 | if (ev->status) { |
915 | hci_proto_connect_cfm(conn, ev->status); | 924 | hci_proto_connect_cfm(conn, ev->status); |
916 | hci_conn_del(conn); | 925 | hci_conn_del(conn); |
917 | } | 926 | } else if (ev->link_type != ACL_LINK) |
927 | hci_proto_connect_cfm(conn, ev->status); | ||
918 | 928 | ||
919 | unlock: | 929 | unlock: |
920 | hci_dev_unlock(hdev); | 930 | hci_dev_unlock(hdev); |
@@ -1009,9 +1019,7 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff | |||
1009 | if (conn) { | 1019 | if (conn) { |
1010 | conn->state = BT_CLOSED; | 1020 | conn->state = BT_CLOSED; |
1011 | 1021 | ||
1012 | hci_conn_del_sysfs(conn); | 1022 | hci_proto_disconn_cfm(conn, ev->reason); |
1013 | |||
1014 | hci_proto_disconn_ind(conn, ev->reason); | ||
1015 | hci_conn_del(conn); | 1023 | hci_conn_del(conn); |
1016 | } | 1024 | } |
1017 | 1025 | ||
@@ -1600,7 +1608,8 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b | |||
1600 | 1608 | ||
1601 | if (conn->state == BT_CONFIG) { | 1609 | if (conn->state == BT_CONFIG) { |
1602 | if (!ev->status && hdev->ssp_mode > 0 && | 1610 | if (!ev->status && hdev->ssp_mode > 0 && |
1603 | conn->ssp_mode > 0 && conn->out) { | 1611 | conn->ssp_mode > 0 && conn->out && |
1612 | conn->sec_level != BT_SECURITY_SDP) { | ||
1604 | struct hci_cp_auth_requested cp; | 1613 | struct hci_cp_auth_requested cp; |
1605 | cp.handle = ev->handle; | 1614 | cp.handle = ev->handle; |
1606 | hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, | 1615 | hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, |
@@ -1637,6 +1646,13 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu | |||
1637 | conn->type = SCO_LINK; | 1646 | conn->type = SCO_LINK; |
1638 | } | 1647 | } |
1639 | 1648 | ||
1649 | if (conn->out && ev->status == 0x1c && conn->attempt < 2) { | ||
1650 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | | ||
1651 | (hdev->esco_type & EDR_ESCO_MASK); | ||
1652 | hci_setup_sync(conn, conn->link->handle); | ||
1653 | goto unlock; | ||
1654 | } | ||
1655 | |||
1640 | if (!ev->status) { | 1656 | if (!ev->status) { |
1641 | conn->handle = __le16_to_cpu(ev->handle); | 1657 | conn->handle = __le16_to_cpu(ev->handle); |
1642 | conn->state = BT_CONNECTED; | 1658 | conn->state = BT_CONNECTED; |
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index b93748e224ff..ca4d3b40d5ce 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
@@ -50,9 +50,10 @@ | |||
50 | #include <net/bluetooth/hci_core.h> | 50 | #include <net/bluetooth/hci_core.h> |
51 | #include <net/bluetooth/l2cap.h> | 51 | #include <net/bluetooth/l2cap.h> |
52 | 52 | ||
53 | #define VERSION "2.11" | 53 | #define VERSION "2.13" |
54 | 54 | ||
55 | static u32 l2cap_feat_mask = 0x0000; | 55 | static u32 l2cap_feat_mask = 0x0080; |
56 | static u8 l2cap_fixed_chan[8] = { 0x02, }; | ||
56 | 57 | ||
57 | static const struct proto_ops l2cap_sock_ops; | 58 | static const struct proto_ops l2cap_sock_ops; |
58 | 59 | ||
@@ -77,9 +78,10 @@ static void l2cap_sock_timeout(unsigned long arg) | |||
77 | 78 | ||
78 | bh_lock_sock(sk); | 79 | bh_lock_sock(sk); |
79 | 80 | ||
80 | if (sk->sk_state == BT_CONNECT && | 81 | if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) |
81 | (l2cap_pi(sk)->link_mode & (L2CAP_LM_AUTH | | 82 | reason = ECONNREFUSED; |
82 | L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE))) | 83 | else if (sk->sk_state == BT_CONNECT && |
84 | l2cap_pi(sk)->sec_level != BT_SECURITY_SDP) | ||
83 | reason = ECONNREFUSED; | 85 | reason = ECONNREFUSED; |
84 | else | 86 | else |
85 | reason = ETIMEDOUT; | 87 | reason = ETIMEDOUT; |
@@ -204,6 +206,8 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct so | |||
204 | 206 | ||
205 | BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); | 207 | BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); |
206 | 208 | ||
209 | conn->disc_reason = 0x13; | ||
210 | |||
207 | l2cap_pi(sk)->conn = conn; | 211 | l2cap_pi(sk)->conn = conn; |
208 | 212 | ||
209 | if (sk->sk_type == SOCK_SEQPACKET) { | 213 | if (sk->sk_type == SOCK_SEQPACKET) { |
@@ -259,18 +263,35 @@ static void l2cap_chan_del(struct sock *sk, int err) | |||
259 | } | 263 | } |
260 | 264 | ||
261 | /* Service level security */ | 265 | /* Service level security */ |
262 | static inline int l2cap_check_link_mode(struct sock *sk) | 266 | static inline int l2cap_check_security(struct sock *sk) |
263 | { | 267 | { |
264 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | 268 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; |
269 | __u8 auth_type; | ||
265 | 270 | ||
266 | if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) || | 271 | if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { |
267 | (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) | 272 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) |
268 | return hci_conn_encrypt(conn->hcon); | 273 | auth_type = HCI_AT_NO_BONDING_MITM; |
274 | else | ||
275 | auth_type = HCI_AT_NO_BONDING; | ||
269 | 276 | ||
270 | if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) | 277 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) |
271 | return hci_conn_auth(conn->hcon); | 278 | l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; |
279 | } else { | ||
280 | switch (l2cap_pi(sk)->sec_level) { | ||
281 | case BT_SECURITY_HIGH: | ||
282 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | ||
283 | break; | ||
284 | case BT_SECURITY_MEDIUM: | ||
285 | auth_type = HCI_AT_GENERAL_BONDING; | ||
286 | break; | ||
287 | default: | ||
288 | auth_type = HCI_AT_NO_BONDING; | ||
289 | break; | ||
290 | } | ||
291 | } | ||
272 | 292 | ||
273 | return 1; | 293 | return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, |
294 | auth_type); | ||
274 | } | 295 | } |
275 | 296 | ||
276 | static inline u8 l2cap_get_ident(struct l2cap_conn *conn) | 297 | static inline u8 l2cap_get_ident(struct l2cap_conn *conn) |
@@ -312,7 +333,10 @@ static void l2cap_do_start(struct sock *sk) | |||
312 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | 333 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; |
313 | 334 | ||
314 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { | 335 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { |
315 | if (l2cap_check_link_mode(sk)) { | 336 | if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)) |
337 | return; | ||
338 | |||
339 | if (l2cap_check_security(sk)) { | ||
316 | struct l2cap_conn_req req; | 340 | struct l2cap_conn_req req; |
317 | req.scid = cpu_to_le16(l2cap_pi(sk)->scid); | 341 | req.scid = cpu_to_le16(l2cap_pi(sk)->scid); |
318 | req.psm = l2cap_pi(sk)->psm; | 342 | req.psm = l2cap_pi(sk)->psm; |
@@ -356,7 +380,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
356 | } | 380 | } |
357 | 381 | ||
358 | if (sk->sk_state == BT_CONNECT) { | 382 | if (sk->sk_state == BT_CONNECT) { |
359 | if (l2cap_check_link_mode(sk)) { | 383 | if (l2cap_check_security(sk)) { |
360 | struct l2cap_conn_req req; | 384 | struct l2cap_conn_req req; |
361 | req.scid = cpu_to_le16(l2cap_pi(sk)->scid); | 385 | req.scid = cpu_to_le16(l2cap_pi(sk)->scid); |
362 | req.psm = l2cap_pi(sk)->psm; | 386 | req.psm = l2cap_pi(sk)->psm; |
@@ -371,10 +395,18 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
371 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); | 395 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); |
372 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); | 396 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); |
373 | 397 | ||
374 | if (l2cap_check_link_mode(sk)) { | 398 | if (l2cap_check_security(sk)) { |
375 | sk->sk_state = BT_CONFIG; | 399 | if (bt_sk(sk)->defer_setup) { |
376 | rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); | 400 | struct sock *parent = bt_sk(sk)->parent; |
377 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | 401 | rsp.result = cpu_to_le16(L2CAP_CR_PEND); |
402 | rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND); | ||
403 | parent->sk_data_ready(parent, 0); | ||
404 | |||
405 | } else { | ||
406 | sk->sk_state = BT_CONFIG; | ||
407 | rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); | ||
408 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | ||
409 | } | ||
378 | } else { | 410 | } else { |
379 | rsp.result = cpu_to_le16(L2CAP_CR_PEND); | 411 | rsp.result = cpu_to_le16(L2CAP_CR_PEND); |
380 | rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); | 412 | rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND); |
@@ -426,7 +458,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err) | |||
426 | read_lock(&l->lock); | 458 | read_lock(&l->lock); |
427 | 459 | ||
428 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { | 460 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { |
429 | if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE) | 461 | if (l2cap_pi(sk)->force_reliable) |
430 | sk->sk_err = err; | 462 | sk->sk_err = err; |
431 | } | 463 | } |
432 | 464 | ||
@@ -437,6 +469,7 @@ static void l2cap_info_timeout(unsigned long arg) | |||
437 | { | 469 | { |
438 | struct l2cap_conn *conn = (void *) arg; | 470 | struct l2cap_conn *conn = (void *) arg; |
439 | 471 | ||
472 | conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; | ||
440 | conn->info_ident = 0; | 473 | conn->info_ident = 0; |
441 | 474 | ||
442 | l2cap_conn_start(conn); | 475 | l2cap_conn_start(conn); |
@@ -470,6 +503,8 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
470 | spin_lock_init(&conn->lock); | 503 | spin_lock_init(&conn->lock); |
471 | rwlock_init(&conn->chan_list.lock); | 504 | rwlock_init(&conn->chan_list.lock); |
472 | 505 | ||
506 | conn->disc_reason = 0x13; | ||
507 | |||
473 | return conn; | 508 | return conn; |
474 | } | 509 | } |
475 | 510 | ||
@@ -483,8 +518,7 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) | |||
483 | 518 | ||
484 | BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); | 519 | BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); |
485 | 520 | ||
486 | if (conn->rx_skb) | 521 | kfree_skb(conn->rx_skb); |
487 | kfree_skb(conn->rx_skb); | ||
488 | 522 | ||
489 | /* Kill channels */ | 523 | /* Kill channels */ |
490 | while ((sk = conn->chan_list.head)) { | 524 | while ((sk = conn->chan_list.head)) { |
@@ -608,7 +642,6 @@ static void __l2cap_sock_close(struct sock *sk, int reason) | |||
608 | 642 | ||
609 | case BT_CONNECTED: | 643 | case BT_CONNECTED: |
610 | case BT_CONFIG: | 644 | case BT_CONFIG: |
611 | case BT_CONNECT2: | ||
612 | if (sk->sk_type == SOCK_SEQPACKET) { | 645 | if (sk->sk_type == SOCK_SEQPACKET) { |
613 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | 646 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; |
614 | struct l2cap_disconn_req req; | 647 | struct l2cap_disconn_req req; |
@@ -624,6 +657,27 @@ static void __l2cap_sock_close(struct sock *sk, int reason) | |||
624 | l2cap_chan_del(sk, reason); | 657 | l2cap_chan_del(sk, reason); |
625 | break; | 658 | break; |
626 | 659 | ||
660 | case BT_CONNECT2: | ||
661 | if (sk->sk_type == SOCK_SEQPACKET) { | ||
662 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | ||
663 | struct l2cap_conn_rsp rsp; | ||
664 | __u16 result; | ||
665 | |||
666 | if (bt_sk(sk)->defer_setup) | ||
667 | result = L2CAP_CR_SEC_BLOCK; | ||
668 | else | ||
669 | result = L2CAP_CR_BAD_PSM; | ||
670 | |||
671 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); | ||
672 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); | ||
673 | rsp.result = cpu_to_le16(result); | ||
674 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | ||
675 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, | ||
676 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); | ||
677 | } else | ||
678 | l2cap_chan_del(sk, reason); | ||
679 | break; | ||
680 | |||
627 | case BT_CONNECT: | 681 | case BT_CONNECT: |
628 | case BT_DISCONN: | 682 | case BT_DISCONN: |
629 | l2cap_chan_del(sk, reason); | 683 | l2cap_chan_del(sk, reason); |
@@ -653,13 +707,19 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent) | |||
653 | 707 | ||
654 | if (parent) { | 708 | if (parent) { |
655 | sk->sk_type = parent->sk_type; | 709 | sk->sk_type = parent->sk_type; |
710 | bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; | ||
711 | |||
656 | pi->imtu = l2cap_pi(parent)->imtu; | 712 | pi->imtu = l2cap_pi(parent)->imtu; |
657 | pi->omtu = l2cap_pi(parent)->omtu; | 713 | pi->omtu = l2cap_pi(parent)->omtu; |
658 | pi->link_mode = l2cap_pi(parent)->link_mode; | 714 | pi->sec_level = l2cap_pi(parent)->sec_level; |
715 | pi->role_switch = l2cap_pi(parent)->role_switch; | ||
716 | pi->force_reliable = l2cap_pi(parent)->force_reliable; | ||
659 | } else { | 717 | } else { |
660 | pi->imtu = L2CAP_DEFAULT_MTU; | 718 | pi->imtu = L2CAP_DEFAULT_MTU; |
661 | pi->omtu = 0; | 719 | pi->omtu = 0; |
662 | pi->link_mode = 0; | 720 | pi->sec_level = BT_SECURITY_LOW; |
721 | pi->role_switch = 0; | ||
722 | pi->force_reliable = 0; | ||
663 | } | 723 | } |
664 | 724 | ||
665 | /* Default config options */ | 725 | /* Default config options */ |
@@ -723,17 +783,24 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) | |||
723 | return 0; | 783 | return 0; |
724 | } | 784 | } |
725 | 785 | ||
726 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) | 786 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) |
727 | { | 787 | { |
728 | struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; | ||
729 | struct sock *sk = sock->sk; | 788 | struct sock *sk = sock->sk; |
730 | int err = 0; | 789 | struct sockaddr_l2 la; |
790 | int len, err = 0; | ||
731 | 791 | ||
732 | BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm); | 792 | BT_DBG("sk %p", sk); |
733 | 793 | ||
734 | if (!addr || addr->sa_family != AF_BLUETOOTH) | 794 | if (!addr || addr->sa_family != AF_BLUETOOTH) |
735 | return -EINVAL; | 795 | return -EINVAL; |
736 | 796 | ||
797 | memset(&la, 0, sizeof(la)); | ||
798 | len = min_t(unsigned int, sizeof(la), alen); | ||
799 | memcpy(&la, addr, len); | ||
800 | |||
801 | if (la.l2_cid) | ||
802 | return -EINVAL; | ||
803 | |||
737 | lock_sock(sk); | 804 | lock_sock(sk); |
738 | 805 | ||
739 | if (sk->sk_state != BT_OPEN) { | 806 | if (sk->sk_state != BT_OPEN) { |
@@ -741,7 +808,7 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_ | |||
741 | goto done; | 808 | goto done; |
742 | } | 809 | } |
743 | 810 | ||
744 | if (la->l2_psm && btohs(la->l2_psm) < 0x1001 && | 811 | if (la.l2_psm && btohs(la.l2_psm) < 0x1001 && |
745 | !capable(CAP_NET_BIND_SERVICE)) { | 812 | !capable(CAP_NET_BIND_SERVICE)) { |
746 | err = -EACCES; | 813 | err = -EACCES; |
747 | goto done; | 814 | goto done; |
@@ -749,14 +816,17 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_ | |||
749 | 816 | ||
750 | write_lock_bh(&l2cap_sk_list.lock); | 817 | write_lock_bh(&l2cap_sk_list.lock); |
751 | 818 | ||
752 | if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) { | 819 | if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) { |
753 | err = -EADDRINUSE; | 820 | err = -EADDRINUSE; |
754 | } else { | 821 | } else { |
755 | /* Save source address */ | 822 | /* Save source address */ |
756 | bacpy(&bt_sk(sk)->src, &la->l2_bdaddr); | 823 | bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); |
757 | l2cap_pi(sk)->psm = la->l2_psm; | 824 | l2cap_pi(sk)->psm = la.l2_psm; |
758 | l2cap_pi(sk)->sport = la->l2_psm; | 825 | l2cap_pi(sk)->sport = la.l2_psm; |
759 | sk->sk_state = BT_BOUND; | 826 | sk->sk_state = BT_BOUND; |
827 | |||
828 | if (btohs(la.l2_psm) == 0x0001 || btohs(la.l2_psm) == 0x0003) | ||
829 | l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; | ||
760 | } | 830 | } |
761 | 831 | ||
762 | write_unlock_bh(&l2cap_sk_list.lock); | 832 | write_unlock_bh(&l2cap_sk_list.lock); |
@@ -776,7 +846,8 @@ static int l2cap_do_connect(struct sock *sk) | |||
776 | __u8 auth_type; | 846 | __u8 auth_type; |
777 | int err = 0; | 847 | int err = 0; |
778 | 848 | ||
779 | BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm); | 849 | BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), |
850 | l2cap_pi(sk)->psm); | ||
780 | 851 | ||
781 | if (!(hdev = hci_get_route(dst, src))) | 852 | if (!(hdev = hci_get_route(dst, src))) |
782 | return -EHOSTUNREACH; | 853 | return -EHOSTUNREACH; |
@@ -785,21 +856,42 @@ static int l2cap_do_connect(struct sock *sk) | |||
785 | 856 | ||
786 | err = -ENOMEM; | 857 | err = -ENOMEM; |
787 | 858 | ||
788 | if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH || | 859 | if (sk->sk_type == SOCK_RAW) { |
789 | l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT || | 860 | switch (l2cap_pi(sk)->sec_level) { |
790 | l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) { | 861 | case BT_SECURITY_HIGH: |
791 | if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) | 862 | auth_type = HCI_AT_DEDICATED_BONDING_MITM; |
863 | break; | ||
864 | case BT_SECURITY_MEDIUM: | ||
865 | auth_type = HCI_AT_DEDICATED_BONDING; | ||
866 | break; | ||
867 | default: | ||
868 | auth_type = HCI_AT_NO_BONDING; | ||
869 | break; | ||
870 | } | ||
871 | } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { | ||
872 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) | ||
792 | auth_type = HCI_AT_NO_BONDING_MITM; | 873 | auth_type = HCI_AT_NO_BONDING_MITM; |
793 | else | 874 | else |
794 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | ||
795 | } else { | ||
796 | if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) | ||
797 | auth_type = HCI_AT_NO_BONDING; | 875 | auth_type = HCI_AT_NO_BONDING; |
798 | else | 876 | |
877 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) | ||
878 | l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; | ||
879 | } else { | ||
880 | switch (l2cap_pi(sk)->sec_level) { | ||
881 | case BT_SECURITY_HIGH: | ||
882 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | ||
883 | break; | ||
884 | case BT_SECURITY_MEDIUM: | ||
799 | auth_type = HCI_AT_GENERAL_BONDING; | 885 | auth_type = HCI_AT_GENERAL_BONDING; |
886 | break; | ||
887 | default: | ||
888 | auth_type = HCI_AT_NO_BONDING; | ||
889 | break; | ||
890 | } | ||
800 | } | 891 | } |
801 | 892 | ||
802 | hcon = hci_connect(hdev, ACL_LINK, dst, auth_type); | 893 | hcon = hci_connect(hdev, ACL_LINK, dst, |
894 | l2cap_pi(sk)->sec_level, auth_type); | ||
803 | if (!hcon) | 895 | if (!hcon) |
804 | goto done; | 896 | goto done; |
805 | 897 | ||
@@ -835,20 +927,25 @@ done: | |||
835 | 927 | ||
836 | static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) | 928 | static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) |
837 | { | 929 | { |
838 | struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; | ||
839 | struct sock *sk = sock->sk; | 930 | struct sock *sk = sock->sk; |
840 | int err = 0; | 931 | struct sockaddr_l2 la; |
841 | 932 | int len, err = 0; | |
842 | lock_sock(sk); | ||
843 | 933 | ||
844 | BT_DBG("sk %p", sk); | 934 | BT_DBG("sk %p", sk); |
845 | 935 | ||
846 | if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) { | 936 | if (!addr || addr->sa_family != AF_BLUETOOTH) |
847 | err = -EINVAL; | 937 | return -EINVAL; |
848 | goto done; | 938 | |
849 | } | 939 | memset(&la, 0, sizeof(la)); |
940 | len = min_t(unsigned int, sizeof(la), alen); | ||
941 | memcpy(&la, addr, len); | ||
942 | |||
943 | if (la.l2_cid) | ||
944 | return -EINVAL; | ||
945 | |||
946 | lock_sock(sk); | ||
850 | 947 | ||
851 | if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) { | 948 | if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) { |
852 | err = -EINVAL; | 949 | err = -EINVAL; |
853 | goto done; | 950 | goto done; |
854 | } | 951 | } |
@@ -875,8 +972,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al | |||
875 | } | 972 | } |
876 | 973 | ||
877 | /* Set destination address and psm */ | 974 | /* Set destination address and psm */ |
878 | bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr); | 975 | bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr); |
879 | l2cap_pi(sk)->psm = la->l2_psm; | 976 | l2cap_pi(sk)->psm = la.l2_psm; |
880 | 977 | ||
881 | if ((err = l2cap_do_connect(sk))) | 978 | if ((err = l2cap_do_connect(sk))) |
882 | goto done; | 979 | goto done; |
@@ -1000,12 +1097,16 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l | |||
1000 | addr->sa_family = AF_BLUETOOTH; | 1097 | addr->sa_family = AF_BLUETOOTH; |
1001 | *len = sizeof(struct sockaddr_l2); | 1098 | *len = sizeof(struct sockaddr_l2); |
1002 | 1099 | ||
1003 | if (peer) | 1100 | if (peer) { |
1101 | la->l2_psm = l2cap_pi(sk)->psm; | ||
1004 | bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); | 1102 | bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst); |
1005 | else | 1103 | la->l2_cid = htobs(l2cap_pi(sk)->dcid); |
1104 | } else { | ||
1105 | la->l2_psm = l2cap_pi(sk)->sport; | ||
1006 | bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); | 1106 | bacpy(&la->l2_bdaddr, &bt_sk(sk)->src); |
1107 | la->l2_cid = htobs(l2cap_pi(sk)->scid); | ||
1108 | } | ||
1007 | 1109 | ||
1008 | la->l2_psm = l2cap_pi(sk)->psm; | ||
1009 | return 0; | 1110 | return 0; |
1010 | } | 1111 | } |
1011 | 1112 | ||
@@ -1106,11 +1207,38 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
1106 | return err; | 1207 | return err; |
1107 | } | 1208 | } |
1108 | 1209 | ||
1109 | static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) | 1210 | static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) |
1211 | { | ||
1212 | struct sock *sk = sock->sk; | ||
1213 | |||
1214 | lock_sock(sk); | ||
1215 | |||
1216 | if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) { | ||
1217 | struct l2cap_conn_rsp rsp; | ||
1218 | |||
1219 | sk->sk_state = BT_CONFIG; | ||
1220 | |||
1221 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); | ||
1222 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); | ||
1223 | rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); | ||
1224 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | ||
1225 | l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident, | ||
1226 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); | ||
1227 | |||
1228 | release_sock(sk); | ||
1229 | return 0; | ||
1230 | } | ||
1231 | |||
1232 | release_sock(sk); | ||
1233 | |||
1234 | return bt_sock_recvmsg(iocb, sock, msg, len, flags); | ||
1235 | } | ||
1236 | |||
1237 | static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen) | ||
1110 | { | 1238 | { |
1111 | struct sock *sk = sock->sk; | 1239 | struct sock *sk = sock->sk; |
1112 | struct l2cap_options opts; | 1240 | struct l2cap_options opts; |
1113 | int err = 0, len; | 1241 | int len, err = 0; |
1114 | u32 opt; | 1242 | u32 opt; |
1115 | 1243 | ||
1116 | BT_DBG("sk %p", sk); | 1244 | BT_DBG("sk %p", sk); |
@@ -1140,7 +1268,15 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
1140 | break; | 1268 | break; |
1141 | } | 1269 | } |
1142 | 1270 | ||
1143 | l2cap_pi(sk)->link_mode = opt; | 1271 | if (opt & L2CAP_LM_AUTH) |
1272 | l2cap_pi(sk)->sec_level = BT_SECURITY_LOW; | ||
1273 | if (opt & L2CAP_LM_ENCRYPT) | ||
1274 | l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM; | ||
1275 | if (opt & L2CAP_LM_SECURE) | ||
1276 | l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH; | ||
1277 | |||
1278 | l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER); | ||
1279 | l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE); | ||
1144 | break; | 1280 | break; |
1145 | 1281 | ||
1146 | default: | 1282 | default: |
@@ -1152,12 +1288,77 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
1152 | return err; | 1288 | return err; |
1153 | } | 1289 | } |
1154 | 1290 | ||
1155 | static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | 1291 | static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) |
1292 | { | ||
1293 | struct sock *sk = sock->sk; | ||
1294 | struct bt_security sec; | ||
1295 | int len, err = 0; | ||
1296 | u32 opt; | ||
1297 | |||
1298 | BT_DBG("sk %p", sk); | ||
1299 | |||
1300 | if (level == SOL_L2CAP) | ||
1301 | return l2cap_sock_setsockopt_old(sock, optname, optval, optlen); | ||
1302 | |||
1303 | if (level != SOL_BLUETOOTH) | ||
1304 | return -ENOPROTOOPT; | ||
1305 | |||
1306 | lock_sock(sk); | ||
1307 | |||
1308 | switch (optname) { | ||
1309 | case BT_SECURITY: | ||
1310 | if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) { | ||
1311 | err = -EINVAL; | ||
1312 | break; | ||
1313 | } | ||
1314 | |||
1315 | sec.level = BT_SECURITY_LOW; | ||
1316 | |||
1317 | len = min_t(unsigned int, sizeof(sec), optlen); | ||
1318 | if (copy_from_user((char *) &sec, optval, len)) { | ||
1319 | err = -EFAULT; | ||
1320 | break; | ||
1321 | } | ||
1322 | |||
1323 | if (sec.level < BT_SECURITY_LOW || | ||
1324 | sec.level > BT_SECURITY_HIGH) { | ||
1325 | err = -EINVAL; | ||
1326 | break; | ||
1327 | } | ||
1328 | |||
1329 | l2cap_pi(sk)->sec_level = sec.level; | ||
1330 | break; | ||
1331 | |||
1332 | case BT_DEFER_SETUP: | ||
1333 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { | ||
1334 | err = -EINVAL; | ||
1335 | break; | ||
1336 | } | ||
1337 | |||
1338 | if (get_user(opt, (u32 __user *) optval)) { | ||
1339 | err = -EFAULT; | ||
1340 | break; | ||
1341 | } | ||
1342 | |||
1343 | bt_sk(sk)->defer_setup = opt; | ||
1344 | break; | ||
1345 | |||
1346 | default: | ||
1347 | err = -ENOPROTOOPT; | ||
1348 | break; | ||
1349 | } | ||
1350 | |||
1351 | release_sock(sk); | ||
1352 | return err; | ||
1353 | } | ||
1354 | |||
1355 | static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) | ||
1156 | { | 1356 | { |
1157 | struct sock *sk = sock->sk; | 1357 | struct sock *sk = sock->sk; |
1158 | struct l2cap_options opts; | 1358 | struct l2cap_options opts; |
1159 | struct l2cap_conninfo cinfo; | 1359 | struct l2cap_conninfo cinfo; |
1160 | int len, err = 0; | 1360 | int len, err = 0; |
1361 | u32 opt; | ||
1161 | 1362 | ||
1162 | BT_DBG("sk %p", sk); | 1363 | BT_DBG("sk %p", sk); |
1163 | 1364 | ||
@@ -1180,12 +1381,36 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
1180 | break; | 1381 | break; |
1181 | 1382 | ||
1182 | case L2CAP_LM: | 1383 | case L2CAP_LM: |
1183 | if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval)) | 1384 | switch (l2cap_pi(sk)->sec_level) { |
1385 | case BT_SECURITY_LOW: | ||
1386 | opt = L2CAP_LM_AUTH; | ||
1387 | break; | ||
1388 | case BT_SECURITY_MEDIUM: | ||
1389 | opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT; | ||
1390 | break; | ||
1391 | case BT_SECURITY_HIGH: | ||
1392 | opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | | ||
1393 | L2CAP_LM_SECURE; | ||
1394 | break; | ||
1395 | default: | ||
1396 | opt = 0; | ||
1397 | break; | ||
1398 | } | ||
1399 | |||
1400 | if (l2cap_pi(sk)->role_switch) | ||
1401 | opt |= L2CAP_LM_MASTER; | ||
1402 | |||
1403 | if (l2cap_pi(sk)->force_reliable) | ||
1404 | opt |= L2CAP_LM_RELIABLE; | ||
1405 | |||
1406 | if (put_user(opt, (u32 __user *) optval)) | ||
1184 | err = -EFAULT; | 1407 | err = -EFAULT; |
1185 | break; | 1408 | break; |
1186 | 1409 | ||
1187 | case L2CAP_CONNINFO: | 1410 | case L2CAP_CONNINFO: |
1188 | if (sk->sk_state != BT_CONNECTED) { | 1411 | if (sk->sk_state != BT_CONNECTED && |
1412 | !(sk->sk_state == BT_CONNECT2 && | ||
1413 | bt_sk(sk)->defer_setup)) { | ||
1189 | err = -ENOTCONN; | 1414 | err = -ENOTCONN; |
1190 | break; | 1415 | break; |
1191 | } | 1416 | } |
@@ -1208,6 +1433,60 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
1208 | return err; | 1433 | return err; |
1209 | } | 1434 | } |
1210 | 1435 | ||
1436 | static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | ||
1437 | { | ||
1438 | struct sock *sk = sock->sk; | ||
1439 | struct bt_security sec; | ||
1440 | int len, err = 0; | ||
1441 | |||
1442 | BT_DBG("sk %p", sk); | ||
1443 | |||
1444 | if (level == SOL_L2CAP) | ||
1445 | return l2cap_sock_getsockopt_old(sock, optname, optval, optlen); | ||
1446 | |||
1447 | if (level != SOL_BLUETOOTH) | ||
1448 | return -ENOPROTOOPT; | ||
1449 | |||
1450 | if (get_user(len, optlen)) | ||
1451 | return -EFAULT; | ||
1452 | |||
1453 | lock_sock(sk); | ||
1454 | |||
1455 | switch (optname) { | ||
1456 | case BT_SECURITY: | ||
1457 | if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) { | ||
1458 | err = -EINVAL; | ||
1459 | break; | ||
1460 | } | ||
1461 | |||
1462 | sec.level = l2cap_pi(sk)->sec_level; | ||
1463 | |||
1464 | len = min_t(unsigned int, len, sizeof(sec)); | ||
1465 | if (copy_to_user(optval, (char *) &sec, len)) | ||
1466 | err = -EFAULT; | ||
1467 | |||
1468 | break; | ||
1469 | |||
1470 | case BT_DEFER_SETUP: | ||
1471 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { | ||
1472 | err = -EINVAL; | ||
1473 | break; | ||
1474 | } | ||
1475 | |||
1476 | if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) | ||
1477 | err = -EFAULT; | ||
1478 | |||
1479 | break; | ||
1480 | |||
1481 | default: | ||
1482 | err = -ENOPROTOOPT; | ||
1483 | break; | ||
1484 | } | ||
1485 | |||
1486 | release_sock(sk); | ||
1487 | return err; | ||
1488 | } | ||
1489 | |||
1211 | static int l2cap_sock_shutdown(struct socket *sock, int how) | 1490 | static int l2cap_sock_shutdown(struct socket *sock, int how) |
1212 | { | 1491 | { |
1213 | struct sock *sk = sock->sk; | 1492 | struct sock *sk = sock->sk; |
@@ -1270,11 +1549,6 @@ static void l2cap_chan_ready(struct sock *sk) | |||
1270 | */ | 1549 | */ |
1271 | parent->sk_data_ready(parent, 0); | 1550 | parent->sk_data_ready(parent, 0); |
1272 | } | 1551 | } |
1273 | |||
1274 | if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) { | ||
1275 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | ||
1276 | hci_conn_change_link_key(conn->hcon); | ||
1277 | } | ||
1278 | } | 1552 | } |
1279 | 1553 | ||
1280 | /* Copy frame to all raw sockets on that connection */ | 1554 | /* Copy frame to all raw sockets on that connection */ |
@@ -1549,8 +1823,11 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1549 | 1823 | ||
1550 | if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && | 1824 | if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && |
1551 | cmd->ident == conn->info_ident) { | 1825 | cmd->ident == conn->info_ident) { |
1552 | conn->info_ident = 0; | ||
1553 | del_timer(&conn->info_timer); | 1826 | del_timer(&conn->info_timer); |
1827 | |||
1828 | conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; | ||
1829 | conn->info_ident = 0; | ||
1830 | |||
1554 | l2cap_conn_start(conn); | 1831 | l2cap_conn_start(conn); |
1555 | } | 1832 | } |
1556 | 1833 | ||
@@ -1580,6 +1857,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1580 | /* Check if the ACL is secure enough (if not SDP) */ | 1857 | /* Check if the ACL is secure enough (if not SDP) */ |
1581 | if (psm != cpu_to_le16(0x0001) && | 1858 | if (psm != cpu_to_le16(0x0001) && |
1582 | !hci_conn_check_link_mode(conn->hcon)) { | 1859 | !hci_conn_check_link_mode(conn->hcon)) { |
1860 | conn->disc_reason = 0x05; | ||
1583 | result = L2CAP_CR_SEC_BLOCK; | 1861 | result = L2CAP_CR_SEC_BLOCK; |
1584 | goto response; | 1862 | goto response; |
1585 | } | 1863 | } |
@@ -1621,11 +1899,18 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1621 | 1899 | ||
1622 | l2cap_pi(sk)->ident = cmd->ident; | 1900 | l2cap_pi(sk)->ident = cmd->ident; |
1623 | 1901 | ||
1624 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) { | 1902 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { |
1625 | if (l2cap_check_link_mode(sk)) { | 1903 | if (l2cap_check_security(sk)) { |
1626 | sk->sk_state = BT_CONFIG; | 1904 | if (bt_sk(sk)->defer_setup) { |
1627 | result = L2CAP_CR_SUCCESS; | 1905 | sk->sk_state = BT_CONNECT2; |
1628 | status = L2CAP_CS_NO_INFO; | 1906 | result = L2CAP_CR_PEND; |
1907 | status = L2CAP_CS_AUTHOR_PEND; | ||
1908 | parent->sk_data_ready(parent, 0); | ||
1909 | } else { | ||
1910 | sk->sk_state = BT_CONFIG; | ||
1911 | result = L2CAP_CR_SUCCESS; | ||
1912 | status = L2CAP_CS_NO_INFO; | ||
1913 | } | ||
1629 | } else { | 1914 | } else { |
1630 | sk->sk_state = BT_CONNECT2; | 1915 | sk->sk_state = BT_CONNECT2; |
1631 | result = L2CAP_CR_PEND; | 1916 | result = L2CAP_CR_PEND; |
@@ -1695,11 +1980,14 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1695 | l2cap_pi(sk)->dcid = dcid; | 1980 | l2cap_pi(sk)->dcid = dcid; |
1696 | l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; | 1981 | l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; |
1697 | 1982 | ||
1983 | l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; | ||
1984 | |||
1698 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 1985 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
1699 | l2cap_build_conf_req(sk, req), req); | 1986 | l2cap_build_conf_req(sk, req), req); |
1700 | break; | 1987 | break; |
1701 | 1988 | ||
1702 | case L2CAP_CR_PEND: | 1989 | case L2CAP_CR_PEND: |
1990 | l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; | ||
1703 | break; | 1991 | break; |
1704 | 1992 | ||
1705 | default: | 1993 | default: |
@@ -1908,6 +2196,14 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm | |||
1908 | put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data); | 2196 | put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data); |
1909 | l2cap_send_cmd(conn, cmd->ident, | 2197 | l2cap_send_cmd(conn, cmd->ident, |
1910 | L2CAP_INFO_RSP, sizeof(buf), buf); | 2198 | L2CAP_INFO_RSP, sizeof(buf), buf); |
2199 | } else if (type == L2CAP_IT_FIXED_CHAN) { | ||
2200 | u8 buf[12]; | ||
2201 | struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; | ||
2202 | rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN); | ||
2203 | rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); | ||
2204 | memcpy(buf + 4, l2cap_fixed_chan, 8); | ||
2205 | l2cap_send_cmd(conn, cmd->ident, | ||
2206 | L2CAP_INFO_RSP, sizeof(buf), buf); | ||
1911 | } else { | 2207 | } else { |
1912 | struct l2cap_info_rsp rsp; | 2208 | struct l2cap_info_rsp rsp; |
1913 | rsp.type = cpu_to_le16(type); | 2209 | rsp.type = cpu_to_le16(type); |
@@ -1929,14 +2225,31 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm | |||
1929 | 2225 | ||
1930 | BT_DBG("type 0x%4.4x result 0x%2.2x", type, result); | 2226 | BT_DBG("type 0x%4.4x result 0x%2.2x", type, result); |
1931 | 2227 | ||
1932 | conn->info_ident = 0; | ||
1933 | |||
1934 | del_timer(&conn->info_timer); | 2228 | del_timer(&conn->info_timer); |
1935 | 2229 | ||
1936 | if (type == L2CAP_IT_FEAT_MASK) | 2230 | if (type == L2CAP_IT_FEAT_MASK) { |
1937 | conn->feat_mask = get_unaligned_le32(rsp->data); | 2231 | conn->feat_mask = get_unaligned_le32(rsp->data); |
1938 | 2232 | ||
1939 | l2cap_conn_start(conn); | 2233 | if (conn->feat_mask & 0x0080) { |
2234 | struct l2cap_info_req req; | ||
2235 | req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN); | ||
2236 | |||
2237 | conn->info_ident = l2cap_get_ident(conn); | ||
2238 | |||
2239 | l2cap_send_cmd(conn, conn->info_ident, | ||
2240 | L2CAP_INFO_REQ, sizeof(req), &req); | ||
2241 | } else { | ||
2242 | conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; | ||
2243 | conn->info_ident = 0; | ||
2244 | |||
2245 | l2cap_conn_start(conn); | ||
2246 | } | ||
2247 | } else if (type == L2CAP_IT_FIXED_CHAN) { | ||
2248 | conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; | ||
2249 | conn->info_ident = 0; | ||
2250 | |||
2251 | l2cap_conn_start(conn); | ||
2252 | } | ||
1940 | 2253 | ||
1941 | return 0; | 2254 | return 0; |
1942 | } | 2255 | } |
@@ -2143,10 +2456,15 @@ static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | |||
2143 | continue; | 2456 | continue; |
2144 | 2457 | ||
2145 | if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { | 2458 | if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { |
2146 | lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode); | 2459 | lm1 |= HCI_LM_ACCEPT; |
2460 | if (l2cap_pi(sk)->role_switch) | ||
2461 | lm1 |= HCI_LM_MASTER; | ||
2147 | exact++; | 2462 | exact++; |
2148 | } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) | 2463 | } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { |
2149 | lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode); | 2464 | lm2 |= HCI_LM_ACCEPT; |
2465 | if (l2cap_pi(sk)->role_switch) | ||
2466 | lm2 |= HCI_LM_MASTER; | ||
2467 | } | ||
2150 | } | 2468 | } |
2151 | read_unlock(&l2cap_sk_list.lock); | 2469 | read_unlock(&l2cap_sk_list.lock); |
2152 | 2470 | ||
@@ -2172,89 +2490,48 @@ static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status) | |||
2172 | return 0; | 2490 | return 0; |
2173 | } | 2491 | } |
2174 | 2492 | ||
2175 | static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason) | 2493 | static int l2cap_disconn_ind(struct hci_conn *hcon) |
2176 | { | 2494 | { |
2177 | BT_DBG("hcon %p reason %d", hcon, reason); | 2495 | struct l2cap_conn *conn = hcon->l2cap_data; |
2178 | 2496 | ||
2179 | if (hcon->type != ACL_LINK) | 2497 | BT_DBG("hcon %p", hcon); |
2180 | return 0; | ||
2181 | 2498 | ||
2182 | l2cap_conn_del(hcon, bt_err(reason)); | 2499 | if (hcon->type != ACL_LINK || !conn) |
2500 | return 0x13; | ||
2183 | 2501 | ||
2184 | return 0; | 2502 | return conn->disc_reason; |
2185 | } | 2503 | } |
2186 | 2504 | ||
2187 | static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status) | 2505 | static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason) |
2188 | { | 2506 | { |
2189 | struct l2cap_chan_list *l; | 2507 | BT_DBG("hcon %p reason %d", hcon, reason); |
2190 | struct l2cap_conn *conn = hcon->l2cap_data; | ||
2191 | struct sock *sk; | ||
2192 | 2508 | ||
2193 | if (!conn) | 2509 | if (hcon->type != ACL_LINK) |
2194 | return 0; | 2510 | return 0; |
2195 | 2511 | ||
2196 | l = &conn->chan_list; | 2512 | l2cap_conn_del(hcon, bt_err(reason)); |
2197 | |||
2198 | BT_DBG("conn %p", conn); | ||
2199 | |||
2200 | read_lock(&l->lock); | ||
2201 | |||
2202 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { | ||
2203 | struct l2cap_pinfo *pi = l2cap_pi(sk); | ||
2204 | |||
2205 | bh_lock_sock(sk); | ||
2206 | |||
2207 | if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) && | ||
2208 | !(hcon->link_mode & HCI_LM_ENCRYPT) && | ||
2209 | !status) { | ||
2210 | bh_unlock_sock(sk); | ||
2211 | continue; | ||
2212 | } | ||
2213 | |||
2214 | if (sk->sk_state == BT_CONNECT) { | ||
2215 | if (!status) { | ||
2216 | struct l2cap_conn_req req; | ||
2217 | req.scid = cpu_to_le16(l2cap_pi(sk)->scid); | ||
2218 | req.psm = l2cap_pi(sk)->psm; | ||
2219 | |||
2220 | l2cap_pi(sk)->ident = l2cap_get_ident(conn); | ||
2221 | |||
2222 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, | ||
2223 | L2CAP_CONN_REQ, sizeof(req), &req); | ||
2224 | } else { | ||
2225 | l2cap_sock_clear_timer(sk); | ||
2226 | l2cap_sock_set_timer(sk, HZ / 10); | ||
2227 | } | ||
2228 | } else if (sk->sk_state == BT_CONNECT2) { | ||
2229 | struct l2cap_conn_rsp rsp; | ||
2230 | __u16 result; | ||
2231 | 2513 | ||
2232 | if (!status) { | 2514 | return 0; |
2233 | sk->sk_state = BT_CONFIG; | 2515 | } |
2234 | result = L2CAP_CR_SUCCESS; | ||
2235 | } else { | ||
2236 | sk->sk_state = BT_DISCONN; | ||
2237 | l2cap_sock_set_timer(sk, HZ / 10); | ||
2238 | result = L2CAP_CR_SEC_BLOCK; | ||
2239 | } | ||
2240 | 2516 | ||
2241 | rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); | 2517 | static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt) |
2242 | rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); | 2518 | { |
2243 | rsp.result = cpu_to_le16(result); | 2519 | if (sk->sk_type != SOCK_SEQPACKET) |
2244 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | 2520 | return; |
2245 | l2cap_send_cmd(conn, l2cap_pi(sk)->ident, | ||
2246 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); | ||
2247 | } | ||
2248 | 2521 | ||
2249 | bh_unlock_sock(sk); | 2522 | if (encrypt == 0x00) { |
2523 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) { | ||
2524 | l2cap_sock_clear_timer(sk); | ||
2525 | l2cap_sock_set_timer(sk, HZ * 5); | ||
2526 | } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) | ||
2527 | __l2cap_sock_close(sk, ECONNREFUSED); | ||
2528 | } else { | ||
2529 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) | ||
2530 | l2cap_sock_clear_timer(sk); | ||
2250 | } | 2531 | } |
2251 | |||
2252 | read_unlock(&l->lock); | ||
2253 | |||
2254 | return 0; | ||
2255 | } | 2532 | } |
2256 | 2533 | ||
2257 | static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | 2534 | static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) |
2258 | { | 2535 | { |
2259 | struct l2cap_chan_list *l; | 2536 | struct l2cap_chan_list *l; |
2260 | struct l2cap_conn *conn = hcon->l2cap_data; | 2537 | struct l2cap_conn *conn = hcon->l2cap_data; |
@@ -2270,15 +2547,16 @@ static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
2270 | read_lock(&l->lock); | 2547 | read_lock(&l->lock); |
2271 | 2548 | ||
2272 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { | 2549 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { |
2273 | struct l2cap_pinfo *pi = l2cap_pi(sk); | ||
2274 | |||
2275 | bh_lock_sock(sk); | 2550 | bh_lock_sock(sk); |
2276 | 2551 | ||
2277 | if ((pi->link_mode & (L2CAP_LM_ENCRYPT | L2CAP_LM_SECURE)) && | 2552 | if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { |
2278 | (sk->sk_state == BT_CONNECTED || | 2553 | bh_unlock_sock(sk); |
2279 | sk->sk_state == BT_CONFIG) && | 2554 | continue; |
2280 | !status && encrypt == 0x00) { | 2555 | } |
2281 | __l2cap_sock_close(sk, ECONNREFUSED); | 2556 | |
2557 | if (!status && (sk->sk_state == BT_CONNECTED || | ||
2558 | sk->sk_state == BT_CONFIG)) { | ||
2559 | l2cap_check_encryption(sk, encrypt); | ||
2282 | bh_unlock_sock(sk); | 2560 | bh_unlock_sock(sk); |
2283 | continue; | 2561 | continue; |
2284 | } | 2562 | } |
@@ -2376,7 +2654,7 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl | |||
2376 | goto drop; | 2654 | goto drop; |
2377 | 2655 | ||
2378 | skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), | 2656 | skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), |
2379 | skb->len); | 2657 | skb->len); |
2380 | conn->rx_len = len - skb->len; | 2658 | conn->rx_len = len - skb->len; |
2381 | } else { | 2659 | } else { |
2382 | BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len); | 2660 | BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len); |
@@ -2398,7 +2676,7 @@ static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 fl | |||
2398 | } | 2676 | } |
2399 | 2677 | ||
2400 | skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), | 2678 | skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), |
2401 | skb->len); | 2679 | skb->len); |
2402 | conn->rx_len -= skb->len; | 2680 | conn->rx_len -= skb->len; |
2403 | 2681 | ||
2404 | if (!conn->rx_len) { | 2682 | if (!conn->rx_len) { |
@@ -2424,10 +2702,10 @@ static ssize_t l2cap_sysfs_show(struct class *dev, char *buf) | |||
2424 | sk_for_each(sk, node, &l2cap_sk_list.head) { | 2702 | sk_for_each(sk, node, &l2cap_sk_list.head) { |
2425 | struct l2cap_pinfo *pi = l2cap_pi(sk); | 2703 | struct l2cap_pinfo *pi = l2cap_pi(sk); |
2426 | 2704 | ||
2427 | str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n", | 2705 | str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n", |
2428 | batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), | 2706 | batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), |
2429 | sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid, | 2707 | sk->sk_state, btohs(pi->psm), pi->scid, pi->dcid, |
2430 | pi->imtu, pi->omtu, pi->link_mode); | 2708 | pi->imtu, pi->omtu, pi->sec_level); |
2431 | } | 2709 | } |
2432 | 2710 | ||
2433 | read_unlock_bh(&l2cap_sk_list.lock); | 2711 | read_unlock_bh(&l2cap_sk_list.lock); |
@@ -2447,7 +2725,7 @@ static const struct proto_ops l2cap_sock_ops = { | |||
2447 | .accept = l2cap_sock_accept, | 2725 | .accept = l2cap_sock_accept, |
2448 | .getname = l2cap_sock_getname, | 2726 | .getname = l2cap_sock_getname, |
2449 | .sendmsg = l2cap_sock_sendmsg, | 2727 | .sendmsg = l2cap_sock_sendmsg, |
2450 | .recvmsg = bt_sock_recvmsg, | 2728 | .recvmsg = l2cap_sock_recvmsg, |
2451 | .poll = bt_sock_poll, | 2729 | .poll = bt_sock_poll, |
2452 | .ioctl = bt_sock_ioctl, | 2730 | .ioctl = bt_sock_ioctl, |
2453 | .mmap = sock_no_mmap, | 2731 | .mmap = sock_no_mmap, |
@@ -2469,8 +2747,8 @@ static struct hci_proto l2cap_hci_proto = { | |||
2469 | .connect_ind = l2cap_connect_ind, | 2747 | .connect_ind = l2cap_connect_ind, |
2470 | .connect_cfm = l2cap_connect_cfm, | 2748 | .connect_cfm = l2cap_connect_cfm, |
2471 | .disconn_ind = l2cap_disconn_ind, | 2749 | .disconn_ind = l2cap_disconn_ind, |
2472 | .auth_cfm = l2cap_auth_cfm, | 2750 | .disconn_cfm = l2cap_disconn_cfm, |
2473 | .encrypt_cfm = l2cap_encrypt_cfm, | 2751 | .security_cfm = l2cap_security_cfm, |
2474 | .recv_acldata = l2cap_recv_acldata | 2752 | .recv_acldata = l2cap_recv_acldata |
2475 | }; | 2753 | }; |
2476 | 2754 | ||
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index acd84fd524b8..1d0fb0f23c63 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
@@ -46,7 +46,7 @@ | |||
46 | #include <net/bluetooth/l2cap.h> | 46 | #include <net/bluetooth/l2cap.h> |
47 | #include <net/bluetooth/rfcomm.h> | 47 | #include <net/bluetooth/rfcomm.h> |
48 | 48 | ||
49 | #define VERSION "1.10" | 49 | #define VERSION "1.11" |
50 | 50 | ||
51 | static int disable_cfc = 0; | 51 | static int disable_cfc = 0; |
52 | static int channel_mtu = -1; | 52 | static int channel_mtu = -1; |
@@ -223,19 +223,25 @@ static int rfcomm_l2sock_create(struct socket **sock) | |||
223 | return err; | 223 | return err; |
224 | } | 224 | } |
225 | 225 | ||
226 | static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) | 226 | static inline int rfcomm_check_security(struct rfcomm_dlc *d) |
227 | { | 227 | { |
228 | struct sock *sk = d->session->sock->sk; | 228 | struct sock *sk = d->session->sock->sk; |
229 | __u8 auth_type; | ||
229 | 230 | ||
230 | if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { | 231 | switch (d->sec_level) { |
231 | if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) | 232 | case BT_SECURITY_HIGH: |
232 | return 1; | 233 | auth_type = HCI_AT_GENERAL_BONDING_MITM; |
233 | } else if (d->link_mode & RFCOMM_LM_AUTH) { | 234 | break; |
234 | if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) | 235 | case BT_SECURITY_MEDIUM: |
235 | return 1; | 236 | auth_type = HCI_AT_GENERAL_BONDING; |
237 | break; | ||
238 | default: | ||
239 | auth_type = HCI_AT_NO_BONDING; | ||
240 | break; | ||
236 | } | 241 | } |
237 | 242 | ||
238 | return 0; | 243 | return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, |
244 | auth_type); | ||
239 | } | 245 | } |
240 | 246 | ||
241 | /* ---- RFCOMM DLCs ---- */ | 247 | /* ---- RFCOMM DLCs ---- */ |
@@ -388,10 +394,10 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, | |||
388 | d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; | 394 | d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; |
389 | 395 | ||
390 | if (s->state == BT_CONNECTED) { | 396 | if (s->state == BT_CONNECTED) { |
391 | if (rfcomm_check_link_mode(d)) | 397 | if (rfcomm_check_security(d)) |
392 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | ||
393 | else | ||
394 | rfcomm_send_pn(s, 1, d); | 398 | rfcomm_send_pn(s, 1, d); |
399 | else | ||
400 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | ||
395 | } | 401 | } |
396 | 402 | ||
397 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); | 403 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); |
@@ -421,9 +427,16 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |||
421 | d, d->state, d->dlci, err, s); | 427 | d, d->state, d->dlci, err, s); |
422 | 428 | ||
423 | switch (d->state) { | 429 | switch (d->state) { |
424 | case BT_CONNECTED: | ||
425 | case BT_CONFIG: | ||
426 | case BT_CONNECT: | 430 | case BT_CONNECT: |
431 | case BT_CONFIG: | ||
432 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | ||
433 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | ||
434 | rfcomm_schedule(RFCOMM_SCHED_AUTH); | ||
435 | break; | ||
436 | } | ||
437 | /* Fall through */ | ||
438 | |||
439 | case BT_CONNECTED: | ||
427 | d->state = BT_DISCONN; | 440 | d->state = BT_DISCONN; |
428 | if (skb_queue_empty(&d->tx_queue)) { | 441 | if (skb_queue_empty(&d->tx_queue)) { |
429 | rfcomm_send_disc(s, d->dlci); | 442 | rfcomm_send_disc(s, d->dlci); |
@@ -434,6 +447,15 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |||
434 | } | 447 | } |
435 | break; | 448 | break; |
436 | 449 | ||
450 | case BT_OPEN: | ||
451 | case BT_CONNECT2: | ||
452 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | ||
453 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | ||
454 | rfcomm_schedule(RFCOMM_SCHED_AUTH); | ||
455 | break; | ||
456 | } | ||
457 | /* Fall through */ | ||
458 | |||
437 | default: | 459 | default: |
438 | rfcomm_dlc_clear_timer(d); | 460 | rfcomm_dlc_clear_timer(d); |
439 | 461 | ||
@@ -636,6 +658,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst | |||
636 | bacpy(&addr.l2_bdaddr, src); | 658 | bacpy(&addr.l2_bdaddr, src); |
637 | addr.l2_family = AF_BLUETOOTH; | 659 | addr.l2_family = AF_BLUETOOTH; |
638 | addr.l2_psm = 0; | 660 | addr.l2_psm = 0; |
661 | addr.l2_cid = 0; | ||
639 | *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); | 662 | *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
640 | if (*err < 0) | 663 | if (*err < 0) |
641 | goto failed; | 664 | goto failed; |
@@ -657,6 +680,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst | |||
657 | bacpy(&addr.l2_bdaddr, dst); | 680 | bacpy(&addr.l2_bdaddr, dst); |
658 | addr.l2_family = AF_BLUETOOTH; | 681 | addr.l2_family = AF_BLUETOOTH; |
659 | addr.l2_psm = htobs(RFCOMM_PSM); | 682 | addr.l2_psm = htobs(RFCOMM_PSM); |
683 | addr.l2_cid = 0; | ||
660 | *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); | 684 | *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); |
661 | if (*err == 0 || *err == -EINPROGRESS) | 685 | if (*err == 0 || *err == -EINPROGRESS) |
662 | return s; | 686 | return s; |
@@ -1162,7 +1186,7 @@ static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) | |||
1162 | return 0; | 1186 | return 0; |
1163 | } | 1187 | } |
1164 | 1188 | ||
1165 | static void rfcomm_dlc_accept(struct rfcomm_dlc *d) | 1189 | void rfcomm_dlc_accept(struct rfcomm_dlc *d) |
1166 | { | 1190 | { |
1167 | struct sock *sk = d->session->sock->sk; | 1191 | struct sock *sk = d->session->sock->sk; |
1168 | 1192 | ||
@@ -1175,12 +1199,31 @@ static void rfcomm_dlc_accept(struct rfcomm_dlc *d) | |||
1175 | d->state_change(d, 0); | 1199 | d->state_change(d, 0); |
1176 | rfcomm_dlc_unlock(d); | 1200 | rfcomm_dlc_unlock(d); |
1177 | 1201 | ||
1178 | if (d->link_mode & RFCOMM_LM_MASTER) | 1202 | if (d->role_switch) |
1179 | hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); | 1203 | hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); |
1180 | 1204 | ||
1181 | rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); | 1205 | rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); |
1182 | } | 1206 | } |
1183 | 1207 | ||
1208 | static void rfcomm_check_accept(struct rfcomm_dlc *d) | ||
1209 | { | ||
1210 | if (rfcomm_check_security(d)) { | ||
1211 | if (d->defer_setup) { | ||
1212 | set_bit(RFCOMM_DEFER_SETUP, &d->flags); | ||
1213 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | ||
1214 | |||
1215 | rfcomm_dlc_lock(d); | ||
1216 | d->state = BT_CONNECT2; | ||
1217 | d->state_change(d, 0); | ||
1218 | rfcomm_dlc_unlock(d); | ||
1219 | } else | ||
1220 | rfcomm_dlc_accept(d); | ||
1221 | } else { | ||
1222 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | ||
1223 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | ||
1224 | } | ||
1225 | } | ||
1226 | |||
1184 | static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) | 1227 | static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) |
1185 | { | 1228 | { |
1186 | struct rfcomm_dlc *d; | 1229 | struct rfcomm_dlc *d; |
@@ -1203,11 +1246,7 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) | |||
1203 | if (d) { | 1246 | if (d) { |
1204 | if (d->state == BT_OPEN) { | 1247 | if (d->state == BT_OPEN) { |
1205 | /* DLC was previously opened by PN request */ | 1248 | /* DLC was previously opened by PN request */ |
1206 | if (rfcomm_check_link_mode(d)) { | 1249 | rfcomm_check_accept(d); |
1207 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | ||
1208 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | ||
1209 | } else | ||
1210 | rfcomm_dlc_accept(d); | ||
1211 | } | 1250 | } |
1212 | return 0; | 1251 | return 0; |
1213 | } | 1252 | } |
@@ -1219,11 +1258,7 @@ static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) | |||
1219 | d->addr = __addr(s->initiator, dlci); | 1258 | d->addr = __addr(s->initiator, dlci); |
1220 | rfcomm_dlc_link(s, d); | 1259 | rfcomm_dlc_link(s, d); |
1221 | 1260 | ||
1222 | if (rfcomm_check_link_mode(d)) { | 1261 | rfcomm_check_accept(d); |
1223 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | ||
1224 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | ||
1225 | } else | ||
1226 | rfcomm_dlc_accept(d); | ||
1227 | } else { | 1262 | } else { |
1228 | rfcomm_send_dm(s, dlci); | 1263 | rfcomm_send_dm(s, dlci); |
1229 | } | 1264 | } |
@@ -1637,11 +1672,12 @@ static void rfcomm_process_connect(struct rfcomm_session *s) | |||
1637 | d = list_entry(p, struct rfcomm_dlc, list); | 1672 | d = list_entry(p, struct rfcomm_dlc, list); |
1638 | if (d->state == BT_CONFIG) { | 1673 | if (d->state == BT_CONFIG) { |
1639 | d->mtu = s->mtu; | 1674 | d->mtu = s->mtu; |
1640 | if (rfcomm_check_link_mode(d)) { | 1675 | if (rfcomm_check_security(d)) { |
1676 | rfcomm_send_pn(s, 1, d); | ||
1677 | } else { | ||
1641 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); | 1678 | set_bit(RFCOMM_AUTH_PENDING, &d->flags); |
1642 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | 1679 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); |
1643 | } else | 1680 | } |
1644 | rfcomm_send_pn(s, 1, d); | ||
1645 | } | 1681 | } |
1646 | } | 1682 | } |
1647 | } | 1683 | } |
@@ -1717,11 +1753,17 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s) | |||
1717 | if (d->out) { | 1753 | if (d->out) { |
1718 | rfcomm_send_pn(s, 1, d); | 1754 | rfcomm_send_pn(s, 1, d); |
1719 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); | 1755 | rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); |
1720 | } else | 1756 | } else { |
1721 | rfcomm_dlc_accept(d); | 1757 | if (d->defer_setup) { |
1722 | if (d->link_mode & RFCOMM_LM_SECURE) { | 1758 | set_bit(RFCOMM_DEFER_SETUP, &d->flags); |
1723 | struct sock *sk = s->sock->sk; | 1759 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); |
1724 | hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); | 1760 | |
1761 | rfcomm_dlc_lock(d); | ||
1762 | d->state = BT_CONNECT2; | ||
1763 | d->state_change(d, 0); | ||
1764 | rfcomm_dlc_unlock(d); | ||
1765 | } else | ||
1766 | rfcomm_dlc_accept(d); | ||
1725 | } | 1767 | } |
1726 | continue; | 1768 | continue; |
1727 | } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { | 1769 | } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { |
@@ -1734,6 +1776,9 @@ static inline void rfcomm_process_dlcs(struct rfcomm_session *s) | |||
1734 | continue; | 1776 | continue; |
1735 | } | 1777 | } |
1736 | 1778 | ||
1779 | if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) | ||
1780 | continue; | ||
1781 | |||
1737 | if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) | 1782 | if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) |
1738 | continue; | 1783 | continue; |
1739 | 1784 | ||
@@ -1876,6 +1921,7 @@ static int rfcomm_add_listener(bdaddr_t *ba) | |||
1876 | bacpy(&addr.l2_bdaddr, ba); | 1921 | bacpy(&addr.l2_bdaddr, ba); |
1877 | addr.l2_family = AF_BLUETOOTH; | 1922 | addr.l2_family = AF_BLUETOOTH; |
1878 | addr.l2_psm = htobs(RFCOMM_PSM); | 1923 | addr.l2_psm = htobs(RFCOMM_PSM); |
1924 | addr.l2_cid = 0; | ||
1879 | err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); | 1925 | err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); |
1880 | if (err < 0) { | 1926 | if (err < 0) { |
1881 | BT_ERR("Bind failed %d", err); | 1927 | BT_ERR("Bind failed %d", err); |
@@ -1947,42 +1993,7 @@ static int rfcomm_run(void *unused) | |||
1947 | return 0; | 1993 | return 0; |
1948 | } | 1994 | } |
1949 | 1995 | ||
1950 | static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) | 1996 | static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) |
1951 | { | ||
1952 | struct rfcomm_session *s; | ||
1953 | struct rfcomm_dlc *d; | ||
1954 | struct list_head *p, *n; | ||
1955 | |||
1956 | BT_DBG("conn %p status 0x%02x", conn, status); | ||
1957 | |||
1958 | s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); | ||
1959 | if (!s) | ||
1960 | return; | ||
1961 | |||
1962 | rfcomm_session_hold(s); | ||
1963 | |||
1964 | list_for_each_safe(p, n, &s->dlcs) { | ||
1965 | d = list_entry(p, struct rfcomm_dlc, list); | ||
1966 | |||
1967 | if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) && | ||
1968 | !(conn->link_mode & HCI_LM_ENCRYPT) && !status) | ||
1969 | continue; | ||
1970 | |||
1971 | if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) | ||
1972 | continue; | ||
1973 | |||
1974 | if (!status) | ||
1975 | set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); | ||
1976 | else | ||
1977 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | ||
1978 | } | ||
1979 | |||
1980 | rfcomm_session_put(s); | ||
1981 | |||
1982 | rfcomm_schedule(RFCOMM_SCHED_AUTH); | ||
1983 | } | ||
1984 | |||
1985 | static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) | ||
1986 | { | 1997 | { |
1987 | struct rfcomm_session *s; | 1998 | struct rfcomm_session *s; |
1988 | struct rfcomm_dlc *d; | 1999 | struct rfcomm_dlc *d; |
@@ -1999,18 +2010,29 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) | |||
1999 | list_for_each_safe(p, n, &s->dlcs) { | 2010 | list_for_each_safe(p, n, &s->dlcs) { |
2000 | d = list_entry(p, struct rfcomm_dlc, list); | 2011 | d = list_entry(p, struct rfcomm_dlc, list); |
2001 | 2012 | ||
2002 | if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) && | 2013 | if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { |
2003 | (d->state == BT_CONNECTED || | 2014 | rfcomm_dlc_clear_timer(d); |
2004 | d->state == BT_CONFIG) && | 2015 | if (status || encrypt == 0x00) { |
2005 | !status && encrypt == 0x00) { | 2016 | __rfcomm_dlc_close(d, ECONNREFUSED); |
2006 | __rfcomm_dlc_close(d, ECONNREFUSED); | 2017 | continue; |
2007 | continue; | 2018 | } |
2019 | } | ||
2020 | |||
2021 | if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { | ||
2022 | if (d->sec_level == BT_SECURITY_MEDIUM) { | ||
2023 | set_bit(RFCOMM_SEC_PENDING, &d->flags); | ||
2024 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | ||
2025 | continue; | ||
2026 | } else if (d->sec_level == BT_SECURITY_HIGH) { | ||
2027 | __rfcomm_dlc_close(d, ECONNREFUSED); | ||
2028 | continue; | ||
2029 | } | ||
2008 | } | 2030 | } |
2009 | 2031 | ||
2010 | if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) | 2032 | if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) |
2011 | continue; | 2033 | continue; |
2012 | 2034 | ||
2013 | if (!status && encrypt) | 2035 | if (!status) |
2014 | set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); | 2036 | set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); |
2015 | else | 2037 | else |
2016 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | 2038 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); |
@@ -2023,8 +2045,7 @@ static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) | |||
2023 | 2045 | ||
2024 | static struct hci_cb rfcomm_cb = { | 2046 | static struct hci_cb rfcomm_cb = { |
2025 | .name = "RFCOMM", | 2047 | .name = "RFCOMM", |
2026 | .auth_cfm = rfcomm_auth_cfm, | 2048 | .security_cfm = rfcomm_security_cfm |
2027 | .encrypt_cfm = rfcomm_encrypt_cfm | ||
2028 | }; | 2049 | }; |
2029 | 2050 | ||
2030 | static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) | 2051 | static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index d3fc6fca38d0..7f482784e9f7 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -261,12 +261,19 @@ static void rfcomm_sock_init(struct sock *sk, struct sock *parent) | |||
261 | 261 | ||
262 | if (parent) { | 262 | if (parent) { |
263 | sk->sk_type = parent->sk_type; | 263 | sk->sk_type = parent->sk_type; |
264 | pi->link_mode = rfcomm_pi(parent)->link_mode; | 264 | pi->dlc->defer_setup = bt_sk(parent)->defer_setup; |
265 | |||
266 | pi->sec_level = rfcomm_pi(parent)->sec_level; | ||
267 | pi->role_switch = rfcomm_pi(parent)->role_switch; | ||
265 | } else { | 268 | } else { |
266 | pi->link_mode = 0; | 269 | pi->dlc->defer_setup = 0; |
270 | |||
271 | pi->sec_level = BT_SECURITY_LOW; | ||
272 | pi->role_switch = 0; | ||
267 | } | 273 | } |
268 | 274 | ||
269 | pi->dlc->link_mode = pi->link_mode; | 275 | pi->dlc->sec_level = pi->sec_level; |
276 | pi->dlc->role_switch = pi->role_switch; | ||
270 | } | 277 | } |
271 | 278 | ||
272 | static struct proto rfcomm_proto = { | 279 | static struct proto rfcomm_proto = { |
@@ -406,7 +413,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a | |||
406 | bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); | 413 | bacpy(&bt_sk(sk)->dst, &sa->rc_bdaddr); |
407 | rfcomm_pi(sk)->channel = sa->rc_channel; | 414 | rfcomm_pi(sk)->channel = sa->rc_channel; |
408 | 415 | ||
409 | d->link_mode = rfcomm_pi(sk)->link_mode; | 416 | d->sec_level = rfcomm_pi(sk)->sec_level; |
417 | d->role_switch = rfcomm_pi(sk)->role_switch; | ||
410 | 418 | ||
411 | err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); | 419 | err = rfcomm_dlc_open(d, &bt_sk(sk)->src, &sa->rc_bdaddr, sa->rc_channel); |
412 | if (!err) | 420 | if (!err) |
@@ -554,6 +562,9 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
554 | struct sk_buff *skb; | 562 | struct sk_buff *skb; |
555 | int sent = 0; | 563 | int sent = 0; |
556 | 564 | ||
565 | if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) | ||
566 | return -ENOTCONN; | ||
567 | |||
557 | if (msg->msg_flags & MSG_OOB) | 568 | if (msg->msg_flags & MSG_OOB) |
558 | return -EOPNOTSUPP; | 569 | return -EOPNOTSUPP; |
559 | 570 | ||
@@ -570,8 +581,11 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
570 | 581 | ||
571 | skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, | 582 | skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, |
572 | msg->msg_flags & MSG_DONTWAIT, &err); | 583 | msg->msg_flags & MSG_DONTWAIT, &err); |
573 | if (!skb) | 584 | if (!skb) { |
585 | if (sent == 0) | ||
586 | sent = err; | ||
574 | break; | 587 | break; |
588 | } | ||
575 | skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); | 589 | skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE); |
576 | 590 | ||
577 | err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); | 591 | err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); |
@@ -630,10 +644,16 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
630 | struct msghdr *msg, size_t size, int flags) | 644 | struct msghdr *msg, size_t size, int flags) |
631 | { | 645 | { |
632 | struct sock *sk = sock->sk; | 646 | struct sock *sk = sock->sk; |
647 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; | ||
633 | int err = 0; | 648 | int err = 0; |
634 | size_t target, copied = 0; | 649 | size_t target, copied = 0; |
635 | long timeo; | 650 | long timeo; |
636 | 651 | ||
652 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | ||
653 | rfcomm_dlc_accept(d); | ||
654 | return 0; | ||
655 | } | ||
656 | |||
637 | if (flags & MSG_OOB) | 657 | if (flags & MSG_OOB) |
638 | return -EOPNOTSUPP; | 658 | return -EOPNOTSUPP; |
639 | 659 | ||
@@ -710,7 +730,7 @@ out: | |||
710 | return copied ? : err; | 730 | return copied ? : err; |
711 | } | 731 | } |
712 | 732 | ||
713 | static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) | 733 | static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, int optlen) |
714 | { | 734 | { |
715 | struct sock *sk = sock->sk; | 735 | struct sock *sk = sock->sk; |
716 | int err = 0; | 736 | int err = 0; |
@@ -727,7 +747,14 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c | |||
727 | break; | 747 | break; |
728 | } | 748 | } |
729 | 749 | ||
730 | rfcomm_pi(sk)->link_mode = opt; | 750 | if (opt & RFCOMM_LM_AUTH) |
751 | rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; | ||
752 | if (opt & RFCOMM_LM_ENCRYPT) | ||
753 | rfcomm_pi(sk)->sec_level = BT_SECURITY_MEDIUM; | ||
754 | if (opt & RFCOMM_LM_SECURE) | ||
755 | rfcomm_pi(sk)->sec_level = BT_SECURITY_HIGH; | ||
756 | |||
757 | rfcomm_pi(sk)->role_switch = (opt & RFCOMM_LM_MASTER); | ||
731 | break; | 758 | break; |
732 | 759 | ||
733 | default: | 760 | default: |
@@ -739,12 +766,76 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c | |||
739 | return err; | 766 | return err; |
740 | } | 767 | } |
741 | 768 | ||
742 | static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | 769 | static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) |
770 | { | ||
771 | struct sock *sk = sock->sk; | ||
772 | struct bt_security sec; | ||
773 | int len, err = 0; | ||
774 | u32 opt; | ||
775 | |||
776 | BT_DBG("sk %p", sk); | ||
777 | |||
778 | if (level == SOL_RFCOMM) | ||
779 | return rfcomm_sock_setsockopt_old(sock, optname, optval, optlen); | ||
780 | |||
781 | if (level != SOL_BLUETOOTH) | ||
782 | return -ENOPROTOOPT; | ||
783 | |||
784 | lock_sock(sk); | ||
785 | |||
786 | switch (optname) { | ||
787 | case BT_SECURITY: | ||
788 | if (sk->sk_type != SOCK_STREAM) { | ||
789 | err = -EINVAL; | ||
790 | break; | ||
791 | } | ||
792 | |||
793 | sec.level = BT_SECURITY_LOW; | ||
794 | |||
795 | len = min_t(unsigned int, sizeof(sec), optlen); | ||
796 | if (copy_from_user((char *) &sec, optval, len)) { | ||
797 | err = -EFAULT; | ||
798 | break; | ||
799 | } | ||
800 | |||
801 | if (sec.level > BT_SECURITY_HIGH) { | ||
802 | err = -EINVAL; | ||
803 | break; | ||
804 | } | ||
805 | |||
806 | rfcomm_pi(sk)->sec_level = sec.level; | ||
807 | break; | ||
808 | |||
809 | case BT_DEFER_SETUP: | ||
810 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { | ||
811 | err = -EINVAL; | ||
812 | break; | ||
813 | } | ||
814 | |||
815 | if (get_user(opt, (u32 __user *) optval)) { | ||
816 | err = -EFAULT; | ||
817 | break; | ||
818 | } | ||
819 | |||
820 | bt_sk(sk)->defer_setup = opt; | ||
821 | break; | ||
822 | |||
823 | default: | ||
824 | err = -ENOPROTOOPT; | ||
825 | break; | ||
826 | } | ||
827 | |||
828 | release_sock(sk); | ||
829 | return err; | ||
830 | } | ||
831 | |||
832 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) | ||
743 | { | 833 | { |
744 | struct sock *sk = sock->sk; | 834 | struct sock *sk = sock->sk; |
745 | struct sock *l2cap_sk; | 835 | struct sock *l2cap_sk; |
746 | struct rfcomm_conninfo cinfo; | 836 | struct rfcomm_conninfo cinfo; |
747 | int len, err = 0; | 837 | int len, err = 0; |
838 | u32 opt; | ||
748 | 839 | ||
749 | BT_DBG("sk %p", sk); | 840 | BT_DBG("sk %p", sk); |
750 | 841 | ||
@@ -755,12 +846,32 @@ static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, c | |||
755 | 846 | ||
756 | switch (optname) { | 847 | switch (optname) { |
757 | case RFCOMM_LM: | 848 | case RFCOMM_LM: |
758 | if (put_user(rfcomm_pi(sk)->link_mode, (u32 __user *) optval)) | 849 | switch (rfcomm_pi(sk)->sec_level) { |
850 | case BT_SECURITY_LOW: | ||
851 | opt = RFCOMM_LM_AUTH; | ||
852 | break; | ||
853 | case BT_SECURITY_MEDIUM: | ||
854 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT; | ||
855 | break; | ||
856 | case BT_SECURITY_HIGH: | ||
857 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | | ||
858 | RFCOMM_LM_SECURE; | ||
859 | break; | ||
860 | default: | ||
861 | opt = 0; | ||
862 | break; | ||
863 | } | ||
864 | |||
865 | if (rfcomm_pi(sk)->role_switch) | ||
866 | opt |= RFCOMM_LM_MASTER; | ||
867 | |||
868 | if (put_user(opt, (u32 __user *) optval)) | ||
759 | err = -EFAULT; | 869 | err = -EFAULT; |
760 | break; | 870 | break; |
761 | 871 | ||
762 | case RFCOMM_CONNINFO: | 872 | case RFCOMM_CONNINFO: |
763 | if (sk->sk_state != BT_CONNECTED) { | 873 | if (sk->sk_state != BT_CONNECTED && |
874 | !rfcomm_pi(sk)->dlc->defer_setup) { | ||
764 | err = -ENOTCONN; | 875 | err = -ENOTCONN; |
765 | break; | 876 | break; |
766 | } | 877 | } |
@@ -785,6 +896,60 @@ static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, c | |||
785 | return err; | 896 | return err; |
786 | } | 897 | } |
787 | 898 | ||
899 | static int rfcomm_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | ||
900 | { | ||
901 | struct sock *sk = sock->sk; | ||
902 | struct bt_security sec; | ||
903 | int len, err = 0; | ||
904 | |||
905 | BT_DBG("sk %p", sk); | ||
906 | |||
907 | if (level == SOL_RFCOMM) | ||
908 | return rfcomm_sock_getsockopt_old(sock, optname, optval, optlen); | ||
909 | |||
910 | if (level != SOL_BLUETOOTH) | ||
911 | return -ENOPROTOOPT; | ||
912 | |||
913 | if (get_user(len, optlen)) | ||
914 | return -EFAULT; | ||
915 | |||
916 | lock_sock(sk); | ||
917 | |||
918 | switch (optname) { | ||
919 | case BT_SECURITY: | ||
920 | if (sk->sk_type != SOCK_STREAM) { | ||
921 | err = -EINVAL; | ||
922 | break; | ||
923 | } | ||
924 | |||
925 | sec.level = rfcomm_pi(sk)->sec_level; | ||
926 | |||
927 | len = min_t(unsigned int, len, sizeof(sec)); | ||
928 | if (copy_to_user(optval, (char *) &sec, len)) | ||
929 | err = -EFAULT; | ||
930 | |||
931 | break; | ||
932 | |||
933 | case BT_DEFER_SETUP: | ||
934 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { | ||
935 | err = -EINVAL; | ||
936 | break; | ||
937 | } | ||
938 | |||
939 | if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval)) | ||
940 | err = -EFAULT; | ||
941 | |||
942 | break; | ||
943 | |||
944 | default: | ||
945 | err = -ENOPROTOOPT; | ||
946 | break; | ||
947 | } | ||
948 | |||
949 | release_sock(sk); | ||
950 | return err; | ||
951 | } | ||
952 | |||
788 | static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) | 953 | static int rfcomm_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
789 | { | 954 | { |
790 | struct sock *sk __maybe_unused = sock->sk; | 955 | struct sock *sk __maybe_unused = sock->sk; |
@@ -888,6 +1053,10 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc * | |||
888 | 1053 | ||
889 | done: | 1054 | done: |
890 | bh_unlock_sock(parent); | 1055 | bh_unlock_sock(parent); |
1056 | |||
1057 | if (bt_sk(parent)->defer_setup) | ||
1058 | parent->sk_state_change(parent); | ||
1059 | |||
891 | return result; | 1060 | return result; |
892 | } | 1061 | } |
893 | 1062 | ||
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index 46fd8bf9a690..51ae0c3e470a 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -195,7 +195,7 @@ static int sco_connect(struct sock *sk) | |||
195 | else | 195 | else |
196 | type = SCO_LINK; | 196 | type = SCO_LINK; |
197 | 197 | ||
198 | hcon = hci_connect(hdev, type, dst, HCI_AT_NO_BONDING); | 198 | hcon = hci_connect(hdev, type, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING); |
199 | if (!hcon) | 199 | if (!hcon) |
200 | goto done; | 200 | goto done; |
201 | 201 | ||
@@ -668,7 +668,7 @@ static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char | |||
668 | return err; | 668 | return err; |
669 | } | 669 | } |
670 | 670 | ||
671 | static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | 671 | static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) |
672 | { | 672 | { |
673 | struct sock *sk = sock->sk; | 673 | struct sock *sk = sock->sk; |
674 | struct sco_options opts; | 674 | struct sco_options opts; |
@@ -723,6 +723,31 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char | |||
723 | return err; | 723 | return err; |
724 | } | 724 | } |
725 | 725 | ||
726 | static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) | ||
727 | { | ||
728 | struct sock *sk = sock->sk; | ||
729 | int len, err = 0; | ||
730 | |||
731 | BT_DBG("sk %p", sk); | ||
732 | |||
733 | if (level == SOL_SCO) | ||
734 | return sco_sock_getsockopt_old(sock, optname, optval, optlen); | ||
735 | |||
736 | if (get_user(len, optlen)) | ||
737 | return -EFAULT; | ||
738 | |||
739 | lock_sock(sk); | ||
740 | |||
741 | switch (optname) { | ||
742 | default: | ||
743 | err = -ENOPROTOOPT; | ||
744 | break; | ||
745 | } | ||
746 | |||
747 | release_sock(sk); | ||
748 | return err; | ||
749 | } | ||
750 | |||
726 | static int sco_sock_release(struct socket *sock) | 751 | static int sco_sock_release(struct socket *sock) |
727 | { | 752 | { |
728 | struct sock *sk = sock->sk; | 753 | struct sock *sk = sock->sk; |
@@ -832,10 +857,30 @@ done: | |||
832 | /* ----- SCO interface with lower layer (HCI) ----- */ | 857 | /* ----- SCO interface with lower layer (HCI) ----- */ |
833 | static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) | 858 | static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type) |
834 | { | 859 | { |
860 | register struct sock *sk; | ||
861 | struct hlist_node *node; | ||
862 | int lm = 0; | ||
863 | |||
864 | if (type != SCO_LINK && type != ESCO_LINK) | ||
865 | return 0; | ||
866 | |||
835 | BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); | 867 | BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); |
836 | 868 | ||
837 | /* Always accept connection */ | 869 | /* Find listening sockets */ |
838 | return HCI_LM_ACCEPT; | 870 | read_lock(&sco_sk_list.lock); |
871 | sk_for_each(sk, node, &sco_sk_list.head) { | ||
872 | if (sk->sk_state != BT_LISTEN) | ||
873 | continue; | ||
874 | |||
875 | if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || | ||
876 | !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { | ||
877 | lm |= HCI_LM_ACCEPT; | ||
878 | break; | ||
879 | } | ||
880 | } | ||
881 | read_unlock(&sco_sk_list.lock); | ||
882 | |||
883 | return lm; | ||
839 | } | 884 | } |
840 | 885 | ||
841 | static int sco_connect_cfm(struct hci_conn *hcon, __u8 status) | 886 | static int sco_connect_cfm(struct hci_conn *hcon, __u8 status) |
@@ -857,7 +902,7 @@ static int sco_connect_cfm(struct hci_conn *hcon, __u8 status) | |||
857 | return 0; | 902 | return 0; |
858 | } | 903 | } |
859 | 904 | ||
860 | static int sco_disconn_ind(struct hci_conn *hcon, __u8 reason) | 905 | static int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason) |
861 | { | 906 | { |
862 | BT_DBG("hcon %p reason %d", hcon, reason); | 907 | BT_DBG("hcon %p reason %d", hcon, reason); |
863 | 908 | ||
@@ -940,7 +985,7 @@ static struct hci_proto sco_hci_proto = { | |||
940 | .id = HCI_PROTO_SCO, | 985 | .id = HCI_PROTO_SCO, |
941 | .connect_ind = sco_connect_ind, | 986 | .connect_ind = sco_connect_ind, |
942 | .connect_cfm = sco_connect_cfm, | 987 | .connect_cfm = sco_connect_cfm, |
943 | .disconn_ind = sco_disconn_ind, | 988 | .disconn_cfm = sco_disconn_cfm, |
944 | .recv_scodata = sco_recv_scodata | 989 | .recv_scodata = sco_recv_scodata |
945 | }; | 990 | }; |
946 | 991 | ||