aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Documentation/00-INDEX2
-rw-r--r--Documentation/btmrvl.txt119
-rw-r--r--drivers/bluetooth/Kconfig25
-rw-r--r--drivers/bluetooth/Makefile6
-rw-r--r--drivers/bluetooth/btmrvl_debugfs.c432
-rw-r--r--drivers/bluetooth/btmrvl_drv.h139
-rw-r--r--drivers/bluetooth/btmrvl_main.c624
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c1003
-rw-r--r--drivers/bluetooth/btmrvl_sdio.h108
-rw-r--r--drivers/bluetooth/btusb.c198
-rw-r--r--drivers/bluetooth/hci_bcsp.c3
-rw-r--r--include/net/bluetooth/bluetooth.h5
-rw-r--r--include/net/bluetooth/hci_core.h10
-rw-r--r--include/net/bluetooth/l2cap.h134
-rw-r--r--include/net/bluetooth/rfcomm.h2
-rw-r--r--net/bluetooth/Kconfig1
-rw-r--r--net/bluetooth/hci_conn.c17
-rw-r--r--net/bluetooth/hci_core.c2
-rw-r--r--net/bluetooth/hci_event.c2
-rw-r--r--net/bluetooth/hidp/core.c66
-rw-r--r--net/bluetooth/hidp/hidp.h2
-rw-r--r--net/bluetooth/l2cap.c1357
-rw-r--r--net/bluetooth/rfcomm/core.c69
-rw-r--r--net/bluetooth/sco.c49
24 files changed, 4186 insertions, 189 deletions
diff --git a/Documentation/00-INDEX b/Documentation/00-INDEX
index d05737aaa84b..06b982affe76 100644
--- a/Documentation/00-INDEX
+++ b/Documentation/00-INDEX
@@ -82,6 +82,8 @@ block/
82 - info on the Block I/O (BIO) layer. 82 - info on the Block I/O (BIO) layer.
83blockdev/ 83blockdev/
84 - info on block devices & drivers 84 - info on block devices & drivers
85btmrvl.txt
86 - info on Marvell Bluetooth driver usage.
85cachetlb.txt 87cachetlb.txt
86 - describes the cache/TLB flushing interfaces Linux uses. 88 - describes the cache/TLB flushing interfaces Linux uses.
87cdrom/ 89cdrom/
diff --git a/Documentation/btmrvl.txt b/Documentation/btmrvl.txt
new file mode 100644
index 000000000000..34916a46c099
--- /dev/null
+++ b/Documentation/btmrvl.txt
@@ -0,0 +1,119 @@
1=======================================================================
2 README for btmrvl driver
3=======================================================================
4
5
6All commands are used via debugfs interface.
7
8=====================
9Set/get driver configurations:
10
11Path: /debug/btmrvl/config/
12
13gpiogap=[n]
14hscfgcmd
15 These commands are used to configure the host sleep parameters.
16 bit 8:0 -- Gap
17 bit 16:8 -- GPIO
18
19 where GPIO is the pin number of GPIO used to wake up the host.
20 It could be any valid GPIO pin# (e.g. 0-7) or 0xff (SDIO interface
21 wakeup will be used instead).
22
23 where Gap is the gap in milli seconds between wakeup signal and
24 wakeup event, or 0xff for special host sleep setting.
25
26 Usage:
27 # Use SDIO interface to wake up the host and set GAP to 0x80:
28 echo 0xff80 > /debug/btmrvl/config/gpiogap
29 echo 1 > /debug/btmrvl/config/hscfgcmd
30
31 # Use GPIO pin #3 to wake up the host and set GAP to 0xff:
32 echo 0x03ff > /debug/btmrvl/config/gpiogap
33 echo 1 > /debug/btmrvl/config/hscfgcmd
34
35psmode=[n]
36pscmd
37 These commands are used to enable/disable auto sleep mode
38
39 where the option is:
40 1 -- Enable auto sleep mode
41 0 -- Disable auto sleep mode
42
43 Usage:
44 # Enable auto sleep mode
45 echo 1 > /debug/btmrvl/config/psmode
46 echo 1 > /debug/btmrvl/config/pscmd
47
48 # Disable auto sleep mode
49 echo 0 > /debug/btmrvl/config/psmode
50 echo 1 > /debug/btmrvl/config/pscmd
51
52
53hsmode=[n]
54hscmd
55 These commands are used to enable host sleep or wake up firmware
56
57 where the option is:
58 1 -- Enable host sleep
59 0 -- Wake up firmware
60
61 Usage:
62 # Enable host sleep
63 echo 1 > /debug/btmrvl/config/hsmode
64 echo 1 > /debug/btmrvl/config/hscmd
65
66 # Wake up firmware
67 echo 0 > /debug/btmrvl/config/hsmode
68 echo 1 > /debug/btmrvl/config/hscmd
69
70
71======================
72Get driver status:
73
74Path: /debug/btmrvl/status/
75
76Usage:
77 cat /debug/btmrvl/status/<args>
78
79where the args are:
80
81curpsmode
82 This command displays current auto sleep status.
83
84psstate
85 This command display the power save state.
86
87hsstate
88 This command display the host sleep state.
89
90txdnldrdy
91 This command displays the value of Tx download ready flag.
92
93
94=====================
95
96Use hcitool to issue raw hci command, refer to hcitool manual
97
98 Usage: Hcitool cmd <ogf> <ocf> [Parameters]
99
100 Interface Control Command
101 hcitool cmd 0x3f 0x5b 0xf5 0x01 0x00 --Enable All interface
102 hcitool cmd 0x3f 0x5b 0xf5 0x01 0x01 --Enable Wlan interface
103 hcitool cmd 0x3f 0x5b 0xf5 0x01 0x02 --Enable BT interface
104 hcitool cmd 0x3f 0x5b 0xf5 0x00 0x00 --Disable All interface
105 hcitool cmd 0x3f 0x5b 0xf5 0x00 0x01 --Disable Wlan interface
106 hcitool cmd 0x3f 0x5b 0xf5 0x00 0x02 --Disable BT interface
107
108=======================================================================
109
110
111SD8688 firmware:
112
113/lib/firmware/sd8688_helper.bin
114/lib/firmware/sd8688.bin
115
116
117The images can be downloaded from:
118
119git.infradead.org/users/dwmw2/linux-firmware.git/libertas/
diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig
index 1164837bb781..652367aa6546 100644
--- a/drivers/bluetooth/Kconfig
+++ b/drivers/bluetooth/Kconfig
@@ -170,5 +170,30 @@ config BT_HCIVHCI
170 Say Y here to compile support for virtual HCI devices into the 170 Say Y here to compile support for virtual HCI devices into the
171 kernel or say M to compile it as module (hci_vhci). 171 kernel or say M to compile it as module (hci_vhci).
172 172
173config BT_MRVL
174 tristate "Marvell Bluetooth driver support"
175 help
176 The core driver to support Marvell Bluetooth devices.
177
178 This driver is required if you want to support
179 Marvell Bluetooth devices, such as 8688.
180
181 Say Y here to compile Marvell Bluetooth driver
182 into the kernel or say M to compile it as module.
183
184config BT_MRVL_SDIO
185 tristate "Marvell BT-over-SDIO driver"
186 depends on BT_MRVL && MMC
187 select FW_LOADER
188 help
189 The driver for Marvell Bluetooth chipsets with SDIO interface.
190
191 This driver is required if you want to use Marvell Bluetooth
192 devices with SDIO interface. Currently only SD8688 chipset is
193 supported.
194
195 Say Y here to compile support for Marvell BT-over-SDIO driver
196 into the kernel or say M to compile it as module.
197
173endmenu 198endmenu
174 199
diff --git a/drivers/bluetooth/Makefile b/drivers/bluetooth/Makefile
index 16930f93d1ca..b3f57d2d4eb0 100644
--- a/drivers/bluetooth/Makefile
+++ b/drivers/bluetooth/Makefile
@@ -15,6 +15,12 @@ obj-$(CONFIG_BT_HCIBTUART) += btuart_cs.o
15obj-$(CONFIG_BT_HCIBTUSB) += btusb.o 15obj-$(CONFIG_BT_HCIBTUSB) += btusb.o
16obj-$(CONFIG_BT_HCIBTSDIO) += btsdio.o 16obj-$(CONFIG_BT_HCIBTSDIO) += btsdio.o
17 17
18obj-$(CONFIG_BT_MRVL) += btmrvl.o
19obj-$(CONFIG_BT_MRVL_SDIO) += btmrvl_sdio.o
20
21btmrvl-y := btmrvl_main.o
22btmrvl-$(CONFIG_DEBUG_FS) += btmrvl_debugfs.o
23
18hci_uart-y := hci_ldisc.o 24hci_uart-y := hci_ldisc.o
19hci_uart-$(CONFIG_BT_HCIUART_H4) += hci_h4.o 25hci_uart-$(CONFIG_BT_HCIUART_H4) += hci_h4.o
20hci_uart-$(CONFIG_BT_HCIUART_BCSP) += hci_bcsp.o 26hci_uart-$(CONFIG_BT_HCIUART_BCSP) += hci_bcsp.o
diff --git a/drivers/bluetooth/btmrvl_debugfs.c b/drivers/bluetooth/btmrvl_debugfs.c
new file mode 100644
index 000000000000..4617bd12f63b
--- /dev/null
+++ b/drivers/bluetooth/btmrvl_debugfs.c
@@ -0,0 +1,432 @@
1/**
2 * Marvell Bluetooth driver: debugfs related functions
3 *
4 * Copyright (C) 2009, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 **/
20
21#include <linux/debugfs.h>
22
23#include <net/bluetooth/bluetooth.h>
24#include <net/bluetooth/hci_core.h>
25
26#include "btmrvl_drv.h"
27
28struct btmrvl_debugfs_data {
29 struct dentry *root_dir, *config_dir, *status_dir;
30
31 /* config */
32 struct dentry *drvdbg;
33 struct dentry *psmode;
34 struct dentry *pscmd;
35 struct dentry *hsmode;
36 struct dentry *hscmd;
37 struct dentry *gpiogap;
38 struct dentry *hscfgcmd;
39
40 /* status */
41 struct dentry *curpsmode;
42 struct dentry *hsstate;
43 struct dentry *psstate;
44 struct dentry *txdnldready;
45};
46
47static int btmrvl_open_generic(struct inode *inode, struct file *file)
48{
49 file->private_data = inode->i_private;
50 return 0;
51}
52
53static ssize_t btmrvl_hscfgcmd_write(struct file *file,
54 const char __user *ubuf, size_t count, loff_t *ppos)
55{
56 struct btmrvl_private *priv = file->private_data;
57 char buf[16];
58 long result, ret;
59
60 memset(buf, 0, sizeof(buf));
61
62 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
63 return -EFAULT;
64
65 ret = strict_strtol(buf, 10, &result);
66
67 priv->btmrvl_dev.hscfgcmd = result;
68
69 if (priv->btmrvl_dev.hscfgcmd) {
70 btmrvl_prepare_command(priv);
71 wake_up_interruptible(&priv->main_thread.wait_q);
72 }
73
74 return count;
75}
76
77static ssize_t btmrvl_hscfgcmd_read(struct file *file, char __user *userbuf,
78 size_t count, loff_t *ppos)
79{
80 struct btmrvl_private *priv = file->private_data;
81 char buf[16];
82 int ret;
83
84 ret = snprintf(buf, sizeof(buf) - 1, "%d\n",
85 priv->btmrvl_dev.hscfgcmd);
86
87 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
88}
89
90static const struct file_operations btmrvl_hscfgcmd_fops = {
91 .read = btmrvl_hscfgcmd_read,
92 .write = btmrvl_hscfgcmd_write,
93 .open = btmrvl_open_generic,
94};
95
96static ssize_t btmrvl_psmode_write(struct file *file, const char __user *ubuf,
97 size_t count, loff_t *ppos)
98{
99 struct btmrvl_private *priv = file->private_data;
100 char buf[16];
101 long result, ret;
102
103 memset(buf, 0, sizeof(buf));
104
105 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
106 return -EFAULT;
107
108 ret = strict_strtol(buf, 10, &result);
109
110 priv->btmrvl_dev.psmode = result;
111
112 return count;
113}
114
115static ssize_t btmrvl_psmode_read(struct file *file, char __user *userbuf,
116 size_t count, loff_t *ppos)
117{
118 struct btmrvl_private *priv = file->private_data;
119 char buf[16];
120 int ret;
121
122 ret = snprintf(buf, sizeof(buf) - 1, "%d\n",
123 priv->btmrvl_dev.psmode);
124
125 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
126}
127
128static const struct file_operations btmrvl_psmode_fops = {
129 .read = btmrvl_psmode_read,
130 .write = btmrvl_psmode_write,
131 .open = btmrvl_open_generic,
132};
133
134static ssize_t btmrvl_pscmd_write(struct file *file, const char __user *ubuf,
135 size_t count, loff_t *ppos)
136{
137 struct btmrvl_private *priv = file->private_data;
138 char buf[16];
139 long result, ret;
140
141 memset(buf, 0, sizeof(buf));
142
143 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
144 return -EFAULT;
145
146 ret = strict_strtol(buf, 10, &result);
147
148 priv->btmrvl_dev.pscmd = result;
149
150 if (priv->btmrvl_dev.pscmd) {
151 btmrvl_prepare_command(priv);
152 wake_up_interruptible(&priv->main_thread.wait_q);
153 }
154
155 return count;
156
157}
158
159static ssize_t btmrvl_pscmd_read(struct file *file, char __user *userbuf,
160 size_t count, loff_t *ppos)
161{
162 struct btmrvl_private *priv = file->private_data;
163 char buf[16];
164 int ret;
165
166 ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->btmrvl_dev.pscmd);
167
168 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
169}
170
171static const struct file_operations btmrvl_pscmd_fops = {
172 .read = btmrvl_pscmd_read,
173 .write = btmrvl_pscmd_write,
174 .open = btmrvl_open_generic,
175};
176
177static ssize_t btmrvl_gpiogap_write(struct file *file, const char __user *ubuf,
178 size_t count, loff_t *ppos)
179{
180 struct btmrvl_private *priv = file->private_data;
181 char buf[16];
182 long result, ret;
183
184 memset(buf, 0, sizeof(buf));
185
186 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
187 return -EFAULT;
188
189 ret = strict_strtol(buf, 16, &result);
190
191 priv->btmrvl_dev.gpio_gap = result;
192
193 return count;
194}
195
196static ssize_t btmrvl_gpiogap_read(struct file *file, char __user *userbuf,
197 size_t count, loff_t *ppos)
198{
199 struct btmrvl_private *priv = file->private_data;
200 char buf[16];
201 int ret;
202
203 ret = snprintf(buf, sizeof(buf) - 1, "0x%x\n",
204 priv->btmrvl_dev.gpio_gap);
205
206 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
207}
208
209static const struct file_operations btmrvl_gpiogap_fops = {
210 .read = btmrvl_gpiogap_read,
211 .write = btmrvl_gpiogap_write,
212 .open = btmrvl_open_generic,
213};
214
215static ssize_t btmrvl_hscmd_write(struct file *file, const char __user *ubuf,
216 size_t count, loff_t *ppos)
217{
218 struct btmrvl_private *priv = (struct btmrvl_private *) file->private_data;
219 char buf[16];
220 long result, ret;
221
222 memset(buf, 0, sizeof(buf));
223
224 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
225 return -EFAULT;
226
227 ret = strict_strtol(buf, 10, &result);
228
229 priv->btmrvl_dev.hscmd = result;
230 if (priv->btmrvl_dev.hscmd) {
231 btmrvl_prepare_command(priv);
232 wake_up_interruptible(&priv->main_thread.wait_q);
233 }
234
235 return count;
236}
237
238static ssize_t btmrvl_hscmd_read(struct file *file, char __user *userbuf,
239 size_t count, loff_t *ppos)
240{
241 struct btmrvl_private *priv = file->private_data;
242 char buf[16];
243 int ret;
244
245 ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->btmrvl_dev.hscmd);
246
247 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
248}
249
250static const struct file_operations btmrvl_hscmd_fops = {
251 .read = btmrvl_hscmd_read,
252 .write = btmrvl_hscmd_write,
253 .open = btmrvl_open_generic,
254};
255
256static ssize_t btmrvl_hsmode_write(struct file *file, const char __user *ubuf,
257 size_t count, loff_t *ppos)
258{
259 struct btmrvl_private *priv = file->private_data;
260 char buf[16];
261 long result, ret;
262
263 memset(buf, 0, sizeof(buf));
264
265 if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
266 return -EFAULT;
267
268 ret = strict_strtol(buf, 10, &result);
269
270 priv->btmrvl_dev.hsmode = result;
271
272 return count;
273}
274
275static ssize_t btmrvl_hsmode_read(struct file *file, char __user * userbuf,
276 size_t count, loff_t *ppos)
277{
278 struct btmrvl_private *priv = file->private_data;
279 char buf[16];
280 int ret;
281
282 ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->btmrvl_dev.hsmode);
283
284 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
285}
286
287static const struct file_operations btmrvl_hsmode_fops = {
288 .read = btmrvl_hsmode_read,
289 .write = btmrvl_hsmode_write,
290 .open = btmrvl_open_generic,
291};
292
293static ssize_t btmrvl_curpsmode_read(struct file *file, char __user *userbuf,
294 size_t count, loff_t *ppos)
295{
296 struct btmrvl_private *priv = file->private_data;
297 char buf[16];
298 int ret;
299
300 ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->adapter->psmode);
301
302 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
303}
304
305static const struct file_operations btmrvl_curpsmode_fops = {
306 .read = btmrvl_curpsmode_read,
307 .open = btmrvl_open_generic,
308};
309
310static ssize_t btmrvl_psstate_read(struct file *file, char __user * userbuf,
311 size_t count, loff_t *ppos)
312{
313 struct btmrvl_private *priv = file->private_data;
314 char buf[16];
315 int ret;
316
317 ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->adapter->ps_state);
318
319 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
320}
321
322static const struct file_operations btmrvl_psstate_fops = {
323 .read = btmrvl_psstate_read,
324 .open = btmrvl_open_generic,
325};
326
327static ssize_t btmrvl_hsstate_read(struct file *file, char __user *userbuf,
328 size_t count, loff_t *ppos)
329{
330 struct btmrvl_private *priv = file->private_data;
331 char buf[16];
332 int ret;
333
334 ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->adapter->hs_state);
335
336 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
337}
338
339static const struct file_operations btmrvl_hsstate_fops = {
340 .read = btmrvl_hsstate_read,
341 .open = btmrvl_open_generic,
342};
343
344static ssize_t btmrvl_txdnldready_read(struct file *file, char __user *userbuf,
345 size_t count, loff_t *ppos)
346{
347 struct btmrvl_private *priv = file->private_data;
348 char buf[16];
349 int ret;
350
351 ret = snprintf(buf, sizeof(buf) - 1, "%d\n",
352 priv->btmrvl_dev.tx_dnld_rdy);
353
354 return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
355}
356
357static const struct file_operations btmrvl_txdnldready_fops = {
358 .read = btmrvl_txdnldready_read,
359 .open = btmrvl_open_generic,
360};
361
362void btmrvl_debugfs_init(struct hci_dev *hdev)
363{
364 struct btmrvl_private *priv = hdev->driver_data;
365 struct btmrvl_debugfs_data *dbg;
366
367 dbg = kzalloc(sizeof(*dbg), GFP_KERNEL);
368 priv->debugfs_data = dbg;
369
370 if (!dbg) {
371 BT_ERR("Can not allocate memory for btmrvl_debugfs_data.");
372 return;
373 }
374
375 dbg->root_dir = debugfs_create_dir("btmrvl", NULL);
376
377 dbg->config_dir = debugfs_create_dir("config", dbg->root_dir);
378
379 dbg->psmode = debugfs_create_file("psmode", 0644, dbg->config_dir,
380 hdev->driver_data, &btmrvl_psmode_fops);
381 dbg->pscmd = debugfs_create_file("pscmd", 0644, dbg->config_dir,
382 hdev->driver_data, &btmrvl_pscmd_fops);
383 dbg->gpiogap = debugfs_create_file("gpiogap", 0644, dbg->config_dir,
384 hdev->driver_data, &btmrvl_gpiogap_fops);
385 dbg->hsmode = debugfs_create_file("hsmode", 0644, dbg->config_dir,
386 hdev->driver_data, &btmrvl_hsmode_fops);
387 dbg->hscmd = debugfs_create_file("hscmd", 0644, dbg->config_dir,
388 hdev->driver_data, &btmrvl_hscmd_fops);
389 dbg->hscfgcmd = debugfs_create_file("hscfgcmd", 0644, dbg->config_dir,
390 hdev->driver_data, &btmrvl_hscfgcmd_fops);
391
392 dbg->status_dir = debugfs_create_dir("status", dbg->root_dir);
393 dbg->curpsmode = debugfs_create_file("curpsmode", 0444,
394 dbg->status_dir,
395 hdev->driver_data,
396 &btmrvl_curpsmode_fops);
397 dbg->psstate = debugfs_create_file("psstate", 0444, dbg->status_dir,
398 hdev->driver_data, &btmrvl_psstate_fops);
399 dbg->hsstate = debugfs_create_file("hsstate", 0444, dbg->status_dir,
400 hdev->driver_data, &btmrvl_hsstate_fops);
401 dbg->txdnldready = debugfs_create_file("txdnldready", 0444,
402 dbg->status_dir,
403 hdev->driver_data,
404 &btmrvl_txdnldready_fops);
405}
406
407void btmrvl_debugfs_remove(struct hci_dev *hdev)
408{
409 struct btmrvl_private *priv = hdev->driver_data;
410 struct btmrvl_debugfs_data *dbg = priv->debugfs_data;
411
412 if (!dbg)
413 return;
414
415 debugfs_remove(dbg->psmode);
416 debugfs_remove(dbg->pscmd);
417 debugfs_remove(dbg->gpiogap);
418 debugfs_remove(dbg->hsmode);
419 debugfs_remove(dbg->hscmd);
420 debugfs_remove(dbg->hscfgcmd);
421 debugfs_remove(dbg->config_dir);
422
423 debugfs_remove(dbg->curpsmode);
424 debugfs_remove(dbg->psstate);
425 debugfs_remove(dbg->hsstate);
426 debugfs_remove(dbg->txdnldready);
427 debugfs_remove(dbg->status_dir);
428
429 debugfs_remove(dbg->root_dir);
430
431 kfree(dbg);
432}
diff --git a/drivers/bluetooth/btmrvl_drv.h b/drivers/bluetooth/btmrvl_drv.h
new file mode 100644
index 000000000000..411c7a77082d
--- /dev/null
+++ b/drivers/bluetooth/btmrvl_drv.h
@@ -0,0 +1,139 @@
1/*
2 * Marvell Bluetooth driver: global definitions & declarations
3 *
4 * Copyright (C) 2009, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 *
20 */
21
22#include <linux/kthread.h>
23#include <linux/bitops.h>
24#include <net/bluetooth/bluetooth.h>
25
26#define BTM_HEADER_LEN 4
27#define BTM_UPLD_SIZE 2312
28
29/* Time to wait until Host Sleep state change in millisecond */
30#define WAIT_UNTIL_HS_STATE_CHANGED 5000
31/* Time to wait for command response in millisecond */
32#define WAIT_UNTIL_CMD_RESP 5000
33
34struct btmrvl_thread {
35 struct task_struct *task;
36 wait_queue_head_t wait_q;
37 void *priv;
38};
39
40struct btmrvl_device {
41 void *card;
42 struct hci_dev *hcidev;
43
44 u8 tx_dnld_rdy;
45
46 u8 psmode;
47 u8 pscmd;
48 u8 hsmode;
49 u8 hscmd;
50
51 /* Low byte is gap, high byte is GPIO */
52 u16 gpio_gap;
53
54 u8 hscfgcmd;
55 u8 sendcmdflag;
56};
57
58struct btmrvl_adapter {
59 u32 int_count;
60 struct sk_buff_head tx_queue;
61 u8 psmode;
62 u8 ps_state;
63 u8 hs_state;
64 u8 wakeup_tries;
65 wait_queue_head_t cmd_wait_q;
66 u8 cmd_complete;
67};
68
69struct btmrvl_private {
70 struct btmrvl_device btmrvl_dev;
71 struct btmrvl_adapter *adapter;
72 struct btmrvl_thread main_thread;
73 int (*hw_host_to_card) (struct btmrvl_private *priv,
74 u8 *payload, u16 nb);
75 int (*hw_wakeup_firmware) (struct btmrvl_private *priv);
76 spinlock_t driver_lock; /* spinlock used by driver */
77#ifdef CONFIG_DEBUG_FS
78 void *debugfs_data;
79#endif
80};
81
82#define MRVL_VENDOR_PKT 0xFE
83
84/* Bluetooth commands */
85#define BT_CMD_AUTO_SLEEP_MODE 0x23
86#define BT_CMD_HOST_SLEEP_CONFIG 0x59
87#define BT_CMD_HOST_SLEEP_ENABLE 0x5A
88#define BT_CMD_MODULE_CFG_REQ 0x5B
89
90/* Sub-commands: Module Bringup/Shutdown Request */
91#define MODULE_BRINGUP_REQ 0xF1
92#define MODULE_SHUTDOWN_REQ 0xF2
93
94#define BT_EVENT_POWER_STATE 0x20
95
96/* Bluetooth Power States */
97#define BT_PS_ENABLE 0x02
98#define BT_PS_DISABLE 0x03
99#define BT_PS_SLEEP 0x01
100
101#define OGF 0x3F
102
103/* Host Sleep states */
104#define HS_ACTIVATED 0x01
105#define HS_DEACTIVATED 0x00
106
107/* Power Save modes */
108#define PS_SLEEP 0x01
109#define PS_AWAKE 0x00
110
111struct btmrvl_cmd {
112 __le16 ocf_ogf;
113 u8 length;
114 u8 data[4];
115} __attribute__ ((packed));
116
117struct btmrvl_event {
118 u8 ec; /* event counter */
119 u8 length;
120 u8 data[4];
121} __attribute__ ((packed));
122
123/* Prototype of global function */
124
125struct btmrvl_private *btmrvl_add_card(void *card);
126int btmrvl_remove_card(struct btmrvl_private *priv);
127
128void btmrvl_interrupt(struct btmrvl_private *priv);
129
130void btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb);
131int btmrvl_process_event(struct btmrvl_private *priv, struct sk_buff *skb);
132
133int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd);
134int btmrvl_prepare_command(struct btmrvl_private *priv);
135
136#ifdef CONFIG_DEBUG_FS
137void btmrvl_debugfs_init(struct hci_dev *hdev);
138void btmrvl_debugfs_remove(struct hci_dev *hdev);
139#endif
diff --git a/drivers/bluetooth/btmrvl_main.c b/drivers/bluetooth/btmrvl_main.c
new file mode 100644
index 000000000000..e605563b4eaa
--- /dev/null
+++ b/drivers/bluetooth/btmrvl_main.c
@@ -0,0 +1,624 @@
1/**
2 * Marvell Bluetooth driver
3 *
4 * Copyright (C) 2009, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 **/
20
21#include <net/bluetooth/bluetooth.h>
22#include <net/bluetooth/hci_core.h>
23
24#include "btmrvl_drv.h"
25
26#define VERSION "1.0"
27
28/*
29 * This function is called by interface specific interrupt handler.
30 * It updates Power Save & Host Sleep states, and wakes up the main
31 * thread.
32 */
33void btmrvl_interrupt(struct btmrvl_private *priv)
34{
35 priv->adapter->ps_state = PS_AWAKE;
36
37 priv->adapter->wakeup_tries = 0;
38
39 priv->adapter->int_count++;
40
41 wake_up_interruptible(&priv->main_thread.wait_q);
42}
43EXPORT_SYMBOL_GPL(btmrvl_interrupt);
44
45void btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb)
46{
47 struct hci_event_hdr *hdr = (void *) skb->data;
48 struct hci_ev_cmd_complete *ec;
49 u16 opcode, ocf;
50
51 if (hdr->evt == HCI_EV_CMD_COMPLETE) {
52 ec = (void *) (skb->data + HCI_EVENT_HDR_SIZE);
53 opcode = __le16_to_cpu(ec->opcode);
54 ocf = hci_opcode_ocf(opcode);
55 if (ocf == BT_CMD_MODULE_CFG_REQ &&
56 priv->btmrvl_dev.sendcmdflag) {
57 priv->btmrvl_dev.sendcmdflag = false;
58 priv->adapter->cmd_complete = true;
59 wake_up_interruptible(&priv->adapter->cmd_wait_q);
60 }
61 }
62}
63EXPORT_SYMBOL_GPL(btmrvl_check_evtpkt);
64
65int btmrvl_process_event(struct btmrvl_private *priv, struct sk_buff *skb)
66{
67 struct btmrvl_adapter *adapter = priv->adapter;
68 struct btmrvl_event *event;
69 u8 ret = 0;
70
71 event = (struct btmrvl_event *) skb->data;
72 if (event->ec != 0xff) {
73 BT_DBG("Not Marvell Event=%x", event->ec);
74 ret = -EINVAL;
75 goto exit;
76 }
77
78 switch (event->data[0]) {
79 case BT_CMD_AUTO_SLEEP_MODE:
80 if (!event->data[2]) {
81 if (event->data[1] == BT_PS_ENABLE)
82 adapter->psmode = 1;
83 else
84 adapter->psmode = 0;
85 BT_DBG("PS Mode:%s",
86 (adapter->psmode) ? "Enable" : "Disable");
87 } else {
88 BT_DBG("PS Mode command failed");
89 }
90 break;
91
92 case BT_CMD_HOST_SLEEP_CONFIG:
93 if (!event->data[3])
94 BT_DBG("gpio=%x, gap=%x", event->data[1],
95 event->data[2]);
96 else
97 BT_DBG("HSCFG command failed");
98 break;
99
100 case BT_CMD_HOST_SLEEP_ENABLE:
101 if (!event->data[1]) {
102 adapter->hs_state = HS_ACTIVATED;
103 if (adapter->psmode)
104 adapter->ps_state = PS_SLEEP;
105 wake_up_interruptible(&adapter->cmd_wait_q);
106 BT_DBG("HS ACTIVATED!");
107 } else {
108 BT_DBG("HS Enable failed");
109 }
110 break;
111
112 case BT_CMD_MODULE_CFG_REQ:
113 if (priv->btmrvl_dev.sendcmdflag &&
114 event->data[1] == MODULE_BRINGUP_REQ) {
115 BT_DBG("EVENT:%s", (event->data[2]) ?
116 "Bring-up failed" : "Bring-up succeed");
117 } else if (priv->btmrvl_dev.sendcmdflag &&
118 event->data[1] == MODULE_SHUTDOWN_REQ) {
119 BT_DBG("EVENT:%s", (event->data[2]) ?
120 "Shutdown failed" : "Shutdown succeed");
121 } else {
122 BT_DBG("BT_CMD_MODULE_CFG_REQ resp for APP");
123 ret = -EINVAL;
124 }
125 break;
126
127 case BT_EVENT_POWER_STATE:
128 if (event->data[1] == BT_PS_SLEEP)
129 adapter->ps_state = PS_SLEEP;
130 BT_DBG("EVENT:%s",
131 (adapter->ps_state) ? "PS_SLEEP" : "PS_AWAKE");
132 break;
133
134 default:
135 BT_DBG("Unknown Event=%d", event->data[0]);
136 ret = -EINVAL;
137 break;
138 }
139
140exit:
141 if (!ret)
142 kfree_skb(skb);
143
144 return ret;
145}
146EXPORT_SYMBOL_GPL(btmrvl_process_event);
147
148int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd)
149{
150 struct sk_buff *skb;
151 struct btmrvl_cmd *cmd;
152 int ret = 0;
153
154 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
155 if (skb == NULL) {
156 BT_ERR("No free skb");
157 return -ENOMEM;
158 }
159
160 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
161 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_MODULE_CFG_REQ));
162 cmd->length = 1;
163 cmd->data[0] = subcmd;
164
165 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
166
167 skb->dev = (void *) priv->btmrvl_dev.hcidev;
168 skb_queue_head(&priv->adapter->tx_queue, skb);
169
170 priv->btmrvl_dev.sendcmdflag = true;
171
172 priv->adapter->cmd_complete = false;
173
174 BT_DBG("Queue module cfg Command");
175
176 wake_up_interruptible(&priv->main_thread.wait_q);
177
178 if (!wait_event_interruptible_timeout(priv->adapter->cmd_wait_q,
179 priv->adapter->cmd_complete,
180 msecs_to_jiffies(WAIT_UNTIL_CMD_RESP))) {
181 ret = -ETIMEDOUT;
182 BT_ERR("module_cfg_cmd(%x): timeout: %d",
183 subcmd, priv->btmrvl_dev.sendcmdflag);
184 }
185
186 BT_DBG("module cfg Command done");
187
188 return ret;
189}
190EXPORT_SYMBOL_GPL(btmrvl_send_module_cfg_cmd);
191
192static int btmrvl_enable_hs(struct btmrvl_private *priv)
193{
194 struct sk_buff *skb;
195 struct btmrvl_cmd *cmd;
196 int ret = 0;
197
198 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
199 if (skb == NULL) {
200 BT_ERR("No free skb");
201 return -ENOMEM;
202 }
203
204 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
205 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_HOST_SLEEP_ENABLE));
206 cmd->length = 0;
207
208 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
209
210 skb->dev = (void *) priv->btmrvl_dev.hcidev;
211 skb_queue_head(&priv->adapter->tx_queue, skb);
212
213 BT_DBG("Queue hs enable Command");
214
215 wake_up_interruptible(&priv->main_thread.wait_q);
216
217 if (!wait_event_interruptible_timeout(priv->adapter->cmd_wait_q,
218 priv->adapter->hs_state,
219 msecs_to_jiffies(WAIT_UNTIL_HS_STATE_CHANGED))) {
220 ret = -ETIMEDOUT;
221 BT_ERR("timeout: %d, %d,%d", priv->adapter->hs_state,
222 priv->adapter->ps_state,
223 priv->adapter->wakeup_tries);
224 }
225
226 return ret;
227}
228
229int btmrvl_prepare_command(struct btmrvl_private *priv)
230{
231 struct sk_buff *skb = NULL;
232 struct btmrvl_cmd *cmd;
233 int ret = 0;
234
235 if (priv->btmrvl_dev.hscfgcmd) {
236 priv->btmrvl_dev.hscfgcmd = 0;
237
238 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
239 if (skb == NULL) {
240 BT_ERR("No free skb");
241 return -ENOMEM;
242 }
243
244 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
245 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_HOST_SLEEP_CONFIG));
246 cmd->length = 2;
247 cmd->data[0] = (priv->btmrvl_dev.gpio_gap & 0xff00) >> 8;
248 cmd->data[1] = (u8) (priv->btmrvl_dev.gpio_gap & 0x00ff);
249
250 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
251
252 skb->dev = (void *) priv->btmrvl_dev.hcidev;
253 skb_queue_head(&priv->adapter->tx_queue, skb);
254
255 BT_DBG("Queue HSCFG Command, gpio=0x%x, gap=0x%x",
256 cmd->data[0], cmd->data[1]);
257 }
258
259 if (priv->btmrvl_dev.pscmd) {
260 priv->btmrvl_dev.pscmd = 0;
261
262 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
263 if (skb == NULL) {
264 BT_ERR("No free skb");
265 return -ENOMEM;
266 }
267
268 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
269 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_AUTO_SLEEP_MODE));
270 cmd->length = 1;
271
272 if (priv->btmrvl_dev.psmode)
273 cmd->data[0] = BT_PS_ENABLE;
274 else
275 cmd->data[0] = BT_PS_DISABLE;
276
277 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
278
279 skb->dev = (void *) priv->btmrvl_dev.hcidev;
280 skb_queue_head(&priv->adapter->tx_queue, skb);
281
282 BT_DBG("Queue PSMODE Command:%d", cmd->data[0]);
283 }
284
285 if (priv->btmrvl_dev.hscmd) {
286 priv->btmrvl_dev.hscmd = 0;
287
288 if (priv->btmrvl_dev.hsmode) {
289 ret = btmrvl_enable_hs(priv);
290 } else {
291 ret = priv->hw_wakeup_firmware(priv);
292 priv->adapter->hs_state = HS_DEACTIVATED;
293 }
294 }
295
296 return ret;
297}
298
299static int btmrvl_tx_pkt(struct btmrvl_private *priv, struct sk_buff *skb)
300{
301 int ret = 0;
302
303 if (!skb || !skb->data)
304 return -EINVAL;
305
306 if (!skb->len || ((skb->len + BTM_HEADER_LEN) > BTM_UPLD_SIZE)) {
307 BT_ERR("Tx Error: Bad skb length %d : %d",
308 skb->len, BTM_UPLD_SIZE);
309 return -EINVAL;
310 }
311
312 if (skb_headroom(skb) < BTM_HEADER_LEN) {
313 struct sk_buff *tmp = skb;
314
315 skb = skb_realloc_headroom(skb, BTM_HEADER_LEN);
316 if (!skb) {
317 BT_ERR("Tx Error: realloc_headroom failed %d",
318 BTM_HEADER_LEN);
319 skb = tmp;
320 return -EINVAL;
321 }
322
323 kfree_skb(tmp);
324 }
325
326 skb_push(skb, BTM_HEADER_LEN);
327
328 /* header type: byte[3]
329 * HCI_COMMAND = 1, ACL_DATA = 2, SCO_DATA = 3, 0xFE = Vendor
330 * header length: byte[2][1][0]
331 */
332
333 skb->data[0] = (skb->len & 0x0000ff);
334 skb->data[1] = (skb->len & 0x00ff00) >> 8;
335 skb->data[2] = (skb->len & 0xff0000) >> 16;
336 skb->data[3] = bt_cb(skb)->pkt_type;
337
338 if (priv->hw_host_to_card)
339 ret = priv->hw_host_to_card(priv, skb->data, skb->len);
340
341 return ret;
342}
343
344static void btmrvl_init_adapter(struct btmrvl_private *priv)
345{
346 skb_queue_head_init(&priv->adapter->tx_queue);
347
348 priv->adapter->ps_state = PS_AWAKE;
349
350 init_waitqueue_head(&priv->adapter->cmd_wait_q);
351}
352
353static void btmrvl_free_adapter(struct btmrvl_private *priv)
354{
355 skb_queue_purge(&priv->adapter->tx_queue);
356
357 kfree(priv->adapter);
358
359 priv->adapter = NULL;
360}
361
362static int btmrvl_ioctl(struct hci_dev *hdev,
363 unsigned int cmd, unsigned long arg)
364{
365 return -ENOIOCTLCMD;
366}
367
368static void btmrvl_destruct(struct hci_dev *hdev)
369{
370}
371
372static int btmrvl_send_frame(struct sk_buff *skb)
373{
374 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
375 struct btmrvl_private *priv = NULL;
376
377 BT_DBG("type=%d, len=%d", skb->pkt_type, skb->len);
378
379 if (!hdev || !hdev->driver_data) {
380 BT_ERR("Frame for unknown HCI device");
381 return -ENODEV;
382 }
383
384 priv = (struct btmrvl_private *) hdev->driver_data;
385 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
386 BT_ERR("Failed testing HCI_RUNING, flags=%lx", hdev->flags);
387 print_hex_dump_bytes("data: ", DUMP_PREFIX_OFFSET,
388 skb->data, skb->len);
389 return -EBUSY;
390 }
391
392 switch (bt_cb(skb)->pkt_type) {
393 case HCI_COMMAND_PKT:
394 hdev->stat.cmd_tx++;
395 break;
396
397 case HCI_ACLDATA_PKT:
398 hdev->stat.acl_tx++;
399 break;
400
401 case HCI_SCODATA_PKT:
402 hdev->stat.sco_tx++;
403 break;
404 }
405
406 skb_queue_tail(&priv->adapter->tx_queue, skb);
407
408 wake_up_interruptible(&priv->main_thread.wait_q);
409
410 return 0;
411}
412
413static int btmrvl_flush(struct hci_dev *hdev)
414{
415 struct btmrvl_private *priv = hdev->driver_data;
416
417 skb_queue_purge(&priv->adapter->tx_queue);
418
419 return 0;
420}
421
422static int btmrvl_close(struct hci_dev *hdev)
423{
424 struct btmrvl_private *priv = hdev->driver_data;
425
426 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
427 return 0;
428
429 skb_queue_purge(&priv->adapter->tx_queue);
430
431 return 0;
432}
433
434static int btmrvl_open(struct hci_dev *hdev)
435{
436 set_bit(HCI_RUNNING, &hdev->flags);
437
438 return 0;
439}
440
441/*
442 * This function handles the event generated by firmware, rx data
443 * received from firmware, and tx data sent from kernel.
444 */
445static int btmrvl_service_main_thread(void *data)
446{
447 struct btmrvl_thread *thread = data;
448 struct btmrvl_private *priv = thread->priv;
449 struct btmrvl_adapter *adapter = priv->adapter;
450 wait_queue_t wait;
451 struct sk_buff *skb;
452 ulong flags;
453
454 init_waitqueue_entry(&wait, current);
455
456 current->flags |= PF_NOFREEZE;
457
458 for (;;) {
459 add_wait_queue(&thread->wait_q, &wait);
460
461 set_current_state(TASK_INTERRUPTIBLE);
462
463 if (adapter->wakeup_tries ||
464 ((!adapter->int_count) &&
465 (!priv->btmrvl_dev.tx_dnld_rdy ||
466 skb_queue_empty(&adapter->tx_queue)))) {
467 BT_DBG("main_thread is sleeping...");
468 schedule();
469 }
470
471 set_current_state(TASK_RUNNING);
472
473 remove_wait_queue(&thread->wait_q, &wait);
474
475 BT_DBG("main_thread woke up");
476
477 if (kthread_should_stop()) {
478 BT_DBG("main_thread: break from main thread");
479 break;
480 }
481
482 spin_lock_irqsave(&priv->driver_lock, flags);
483 if (adapter->int_count) {
484 adapter->int_count = 0;
485 } else if (adapter->ps_state == PS_SLEEP &&
486 !skb_queue_empty(&adapter->tx_queue)) {
487 spin_unlock_irqrestore(&priv->driver_lock, flags);
488 adapter->wakeup_tries++;
489 priv->hw_wakeup_firmware(priv);
490 continue;
491 }
492 spin_unlock_irqrestore(&priv->driver_lock, flags);
493
494 if (adapter->ps_state == PS_SLEEP)
495 continue;
496
497 if (!priv->btmrvl_dev.tx_dnld_rdy)
498 continue;
499
500 skb = skb_dequeue(&adapter->tx_queue);
501 if (skb) {
502 if (btmrvl_tx_pkt(priv, skb))
503 priv->btmrvl_dev.hcidev->stat.err_tx++;
504 else
505 priv->btmrvl_dev.hcidev->stat.byte_tx += skb->len;
506
507 kfree_skb(skb);
508 }
509 }
510
511 return 0;
512}
513
514struct btmrvl_private *btmrvl_add_card(void *card)
515{
516 struct hci_dev *hdev = NULL;
517 struct btmrvl_private *priv;
518 int ret;
519
520 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
521 if (!priv) {
522 BT_ERR("Can not allocate priv");
523 goto err_priv;
524 }
525
526 priv->adapter = kzalloc(sizeof(*priv->adapter), GFP_KERNEL);
527 if (!priv->adapter) {
528 BT_ERR("Allocate buffer for btmrvl_adapter failed!");
529 goto err_adapter;
530 }
531
532 btmrvl_init_adapter(priv);
533
534 hdev = hci_alloc_dev();
535 if (!hdev) {
536 BT_ERR("Can not allocate HCI device");
537 goto err_hdev;
538 }
539
540 BT_DBG("Starting kthread...");
541 priv->main_thread.priv = priv;
542 spin_lock_init(&priv->driver_lock);
543
544 init_waitqueue_head(&priv->main_thread.wait_q);
545 priv->main_thread.task = kthread_run(btmrvl_service_main_thread,
546 &priv->main_thread, "btmrvl_main_service");
547
548 priv->btmrvl_dev.hcidev = hdev;
549 priv->btmrvl_dev.card = card;
550
551 hdev->driver_data = priv;
552
553 priv->btmrvl_dev.tx_dnld_rdy = true;
554
555 hdev->type = HCI_SDIO;
556 hdev->open = btmrvl_open;
557 hdev->close = btmrvl_close;
558 hdev->flush = btmrvl_flush;
559 hdev->send = btmrvl_send_frame;
560 hdev->destruct = btmrvl_destruct;
561 hdev->ioctl = btmrvl_ioctl;
562 hdev->owner = THIS_MODULE;
563
564 ret = hci_register_dev(hdev);
565 if (ret < 0) {
566 BT_ERR("Can not register HCI device");
567 goto err_hci_register_dev;
568 }
569
570#ifdef CONFIG_DEBUG_FS
571 btmrvl_debugfs_init(hdev);
572#endif
573
574 return priv;
575
576err_hci_register_dev:
577 /* Stop the thread servicing the interrupts */
578 kthread_stop(priv->main_thread.task);
579
580 hci_free_dev(hdev);
581
582err_hdev:
583 btmrvl_free_adapter(priv);
584
585err_adapter:
586 kfree(priv);
587
588err_priv:
589 return NULL;
590}
591EXPORT_SYMBOL_GPL(btmrvl_add_card);
592
593int btmrvl_remove_card(struct btmrvl_private *priv)
594{
595 struct hci_dev *hdev;
596
597 hdev = priv->btmrvl_dev.hcidev;
598
599 wake_up_interruptible(&priv->adapter->cmd_wait_q);
600
601 kthread_stop(priv->main_thread.task);
602
603#ifdef CONFIG_DEBUG_FS
604 btmrvl_debugfs_remove(hdev);
605#endif
606
607 hci_unregister_dev(hdev);
608
609 hci_free_dev(hdev);
610
611 priv->btmrvl_dev.hcidev = NULL;
612
613 btmrvl_free_adapter(priv);
614
615 kfree(priv);
616
617 return 0;
618}
619EXPORT_SYMBOL_GPL(btmrvl_remove_card);
620
621MODULE_AUTHOR("Marvell International Ltd.");
622MODULE_DESCRIPTION("Marvell Bluetooth driver ver " VERSION);
623MODULE_VERSION(VERSION);
624MODULE_LICENSE("GPL v2");
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
new file mode 100644
index 000000000000..5b33b85790f2
--- /dev/null
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -0,0 +1,1003 @@
1/**
2 * Marvell BT-over-SDIO driver: SDIO interface related functions.
3 *
4 * Copyright (C) 2009, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 **/
20
21#include <linux/firmware.h>
22
23#include <linux/mmc/sdio_ids.h>
24#include <linux/mmc/sdio_func.h>
25
26#include <net/bluetooth/bluetooth.h>
27#include <net/bluetooth/hci_core.h>
28
29#include "btmrvl_drv.h"
30#include "btmrvl_sdio.h"
31
32#define VERSION "1.0"
33
34/* The btmrvl_sdio_remove() callback function is called
35 * when user removes this module from kernel space or ejects
36 * the card from the slot. The driver handles these 2 cases
37 * differently.
38 * If the user is removing the module, a MODULE_SHUTDOWN_REQ
39 * command is sent to firmware and interrupt will be disabled.
40 * If the card is removed, there is no need to send command
41 * or disable interrupt.
42 *
43 * The variable 'user_rmmod' is used to distinguish these two
44 * scenarios. This flag is initialized as FALSE in case the card
45 * is removed, and will be set to TRUE for module removal when
46 * module_exit function is called.
47 */
48static u8 user_rmmod;
49
50static const struct btmrvl_sdio_device btmrvl_sdio_sd6888 = {
51 .helper = "sd8688_helper.bin",
52 .firmware = "sd8688.bin",
53};
54
55static const struct sdio_device_id btmrvl_sdio_ids[] = {
56 /* Marvell SD8688 Bluetooth device */
57 { SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, 0x9105),
58 .driver_data = (unsigned long) &btmrvl_sdio_sd6888 },
59
60 { } /* Terminating entry */
61};
62
63MODULE_DEVICE_TABLE(sdio, btmrvl_sdio_ids);
64
65static int btmrvl_sdio_get_rx_unit(struct btmrvl_sdio_card *card)
66{
67 u8 reg;
68 int ret;
69
70 reg = sdio_readb(card->func, CARD_RX_UNIT_REG, &ret);
71 if (!ret)
72 card->rx_unit = reg;
73
74 return ret;
75}
76
77static int btmrvl_sdio_read_fw_status(struct btmrvl_sdio_card *card, u16 *dat)
78{
79 u8 fws0, fws1;
80 int ret;
81
82 *dat = 0;
83
84 fws0 = sdio_readb(card->func, CARD_FW_STATUS0_REG, &ret);
85
86 if (!ret)
87 fws1 = sdio_readb(card->func, CARD_FW_STATUS1_REG, &ret);
88
89 if (ret)
90 return -EIO;
91
92 *dat = (((u16) fws1) << 8) | fws0;
93
94 return 0;
95}
96
97static int btmrvl_sdio_read_rx_len(struct btmrvl_sdio_card *card, u16 *dat)
98{
99 u8 reg;
100 int ret;
101
102 reg = sdio_readb(card->func, CARD_RX_LEN_REG, &ret);
103 if (!ret)
104 *dat = (u16) reg << card->rx_unit;
105
106 return ret;
107}
108
109static int btmrvl_sdio_enable_host_int_mask(struct btmrvl_sdio_card *card,
110 u8 mask)
111{
112 int ret;
113
114 sdio_writeb(card->func, mask, HOST_INT_MASK_REG, &ret);
115 if (ret) {
116 BT_ERR("Unable to enable the host interrupt!");
117 ret = -EIO;
118 }
119
120 return ret;
121}
122
123static int btmrvl_sdio_disable_host_int_mask(struct btmrvl_sdio_card *card,
124 u8 mask)
125{
126 u8 host_int_mask;
127 int ret;
128
129 host_int_mask = sdio_readb(card->func, HOST_INT_MASK_REG, &ret);
130 if (ret)
131 return -EIO;
132
133 host_int_mask &= ~mask;
134
135 sdio_writeb(card->func, host_int_mask, HOST_INT_MASK_REG, &ret);
136 if (ret < 0) {
137 BT_ERR("Unable to disable the host interrupt!");
138 return -EIO;
139 }
140
141 return 0;
142}
143
144static int btmrvl_sdio_poll_card_status(struct btmrvl_sdio_card *card, u8 bits)
145{
146 unsigned int tries;
147 u8 status;
148 int ret;
149
150 for (tries = 0; tries < MAX_POLL_TRIES * 1000; tries++) {
151 status = sdio_readb(card->func, CARD_STATUS_REG, &ret);
152 if (ret)
153 goto failed;
154 if ((status & bits) == bits)
155 return ret;
156
157 udelay(1);
158 }
159
160 ret = -ETIMEDOUT;
161
162failed:
163 BT_ERR("FAILED! ret=%d", ret);
164
165 return ret;
166}
167
168static int btmrvl_sdio_verify_fw_download(struct btmrvl_sdio_card *card,
169 int pollnum)
170{
171 int ret = -ETIMEDOUT;
172 u16 firmwarestat;
173 unsigned int tries;
174
175 /* Wait for firmware to become ready */
176 for (tries = 0; tries < pollnum; tries++) {
177 if (btmrvl_sdio_read_fw_status(card, &firmwarestat) < 0)
178 continue;
179
180 if (firmwarestat == FIRMWARE_READY) {
181 ret = 0;
182 break;
183 } else {
184 msleep(10);
185 }
186 }
187
188 return ret;
189}
190
191static int btmrvl_sdio_download_helper(struct btmrvl_sdio_card *card)
192{
193 const struct firmware *fw_helper = NULL;
194 const u8 *helper = NULL;
195 int ret;
196 void *tmphlprbuf = NULL;
197 int tmphlprbufsz, hlprblknow, helperlen;
198 u8 *helperbuf;
199 u32 tx_len;
200
201 ret = request_firmware(&fw_helper, card->helper,
202 &card->func->dev);
203 if ((ret < 0) || !fw_helper) {
204 BT_ERR("request_firmware(helper) failed, error code = %d",
205 ret);
206 ret = -ENOENT;
207 goto done;
208 }
209
210 helper = fw_helper->data;
211 helperlen = fw_helper->size;
212
213 BT_DBG("Downloading helper image (%d bytes), block size %d bytes",
214 helperlen, SDIO_BLOCK_SIZE);
215
216 tmphlprbufsz = ALIGN_SZ(BTM_UPLD_SIZE, BTSDIO_DMA_ALIGN);
217
218 tmphlprbuf = kmalloc(tmphlprbufsz, GFP_KERNEL);
219 if (!tmphlprbuf) {
220 BT_ERR("Unable to allocate buffer for helper."
221 " Terminating download");
222 ret = -ENOMEM;
223 goto done;
224 }
225
226 memset(tmphlprbuf, 0, tmphlprbufsz);
227
228 helperbuf = (u8 *) ALIGN_ADDR(tmphlprbuf, BTSDIO_DMA_ALIGN);
229
230 /* Perform helper data transfer */
231 tx_len = (FIRMWARE_TRANSFER_NBLOCK * SDIO_BLOCK_SIZE)
232 - SDIO_HEADER_LEN;
233 hlprblknow = 0;
234
235 do {
236 ret = btmrvl_sdio_poll_card_status(card,
237 CARD_IO_READY | DN_LD_CARD_RDY);
238 if (ret < 0) {
239 BT_ERR("Helper download poll status timeout @ %d",
240 hlprblknow);
241 goto done;
242 }
243
244 /* Check if there is more data? */
245 if (hlprblknow >= helperlen)
246 break;
247
248 if (helperlen - hlprblknow < tx_len)
249 tx_len = helperlen - hlprblknow;
250
251 /* Little-endian */
252 helperbuf[0] = ((tx_len & 0x000000ff) >> 0);
253 helperbuf[1] = ((tx_len & 0x0000ff00) >> 8);
254 helperbuf[2] = ((tx_len & 0x00ff0000) >> 16);
255 helperbuf[3] = ((tx_len & 0xff000000) >> 24);
256
257 memcpy(&helperbuf[SDIO_HEADER_LEN], &helper[hlprblknow],
258 tx_len);
259
260 /* Now send the data */
261 ret = sdio_writesb(card->func, card->ioport, helperbuf,
262 FIRMWARE_TRANSFER_NBLOCK * SDIO_BLOCK_SIZE);
263 if (ret < 0) {
264 BT_ERR("IO error during helper download @ %d",
265 hlprblknow);
266 goto done;
267 }
268
269 hlprblknow += tx_len;
270 } while (true);
271
272 BT_DBG("Transferring helper image EOF block");
273
274 memset(helperbuf, 0x0, SDIO_BLOCK_SIZE);
275
276 ret = sdio_writesb(card->func, card->ioport, helperbuf,
277 SDIO_BLOCK_SIZE);
278 if (ret < 0) {
279 BT_ERR("IO error in writing helper image EOF block");
280 goto done;
281 }
282
283 ret = 0;
284
285done:
286 kfree(tmphlprbuf);
287 if (fw_helper)
288 release_firmware(fw_helper);
289
290 return ret;
291}
292
293static int btmrvl_sdio_download_fw_w_helper(struct btmrvl_sdio_card *card)
294{
295 const struct firmware *fw_firmware = NULL;
296 const u8 *firmware = NULL;
297 int firmwarelen, tmpfwbufsz, ret;
298 unsigned int tries, offset;
299 u8 base0, base1;
300 void *tmpfwbuf = NULL;
301 u8 *fwbuf;
302 u16 len;
303 int txlen = 0, tx_blocks = 0, count = 0;
304
305 ret = request_firmware(&fw_firmware, card->firmware,
306 &card->func->dev);
307 if ((ret < 0) || !fw_firmware) {
308 BT_ERR("request_firmware(firmware) failed, error code = %d",
309 ret);
310 ret = -ENOENT;
311 goto done;
312 }
313
314 firmware = fw_firmware->data;
315 firmwarelen = fw_firmware->size;
316
317 BT_DBG("Downloading FW image (%d bytes)", firmwarelen);
318
319 tmpfwbufsz = ALIGN_SZ(BTM_UPLD_SIZE, BTSDIO_DMA_ALIGN);
320 tmpfwbuf = kmalloc(tmpfwbufsz, GFP_KERNEL);
321 if (!tmpfwbuf) {
322 BT_ERR("Unable to allocate buffer for firmware."
323 " Terminating download");
324 ret = -ENOMEM;
325 goto done;
326 }
327
328 memset(tmpfwbuf, 0, tmpfwbufsz);
329
330 /* Ensure aligned firmware buffer */
331 fwbuf = (u8 *) ALIGN_ADDR(tmpfwbuf, BTSDIO_DMA_ALIGN);
332
333 /* Perform firmware data transfer */
334 offset = 0;
335 do {
336 ret = btmrvl_sdio_poll_card_status(card,
337 CARD_IO_READY | DN_LD_CARD_RDY);
338 if (ret < 0) {
339 BT_ERR("FW download with helper poll status"
340 " timeout @ %d", offset);
341 goto done;
342 }
343
344 /* Check if there is more data ? */
345 if (offset >= firmwarelen)
346 break;
347
348 for (tries = 0; tries < MAX_POLL_TRIES; tries++) {
349 base0 = sdio_readb(card->func,
350 SQ_READ_BASE_ADDRESS_A0_REG, &ret);
351 if (ret) {
352 BT_ERR("BASE0 register read failed:"
353 " base0 = 0x%04X(%d)."
354 " Terminating download",
355 base0, base0);
356 ret = -EIO;
357 goto done;
358 }
359 base1 = sdio_readb(card->func,
360 SQ_READ_BASE_ADDRESS_A1_REG, &ret);
361 if (ret) {
362 BT_ERR("BASE1 register read failed:"
363 " base1 = 0x%04X(%d)."
364 " Terminating download",
365 base1, base1);
366 ret = -EIO;
367 goto done;
368 }
369
370 len = (((u16) base1) << 8) | base0;
371 if (len)
372 break;
373
374 udelay(10);
375 }
376
377 if (!len)
378 break;
379 else if (len > BTM_UPLD_SIZE) {
380 BT_ERR("FW download failure @%d, invalid length %d",
381 offset, len);
382 ret = -EINVAL;
383 goto done;
384 }
385
386 txlen = len;
387
388 if (len & BIT(0)) {
389 count++;
390 if (count > MAX_WRITE_IOMEM_RETRY) {
391 BT_ERR("FW download failure @%d, "
392 "over max retry count", offset);
393 ret = -EIO;
394 goto done;
395 }
396 BT_ERR("FW CRC error indicated by the helper: "
397 "len = 0x%04X, txlen = %d", len, txlen);
398 len &= ~BIT(0);
399 /* Set txlen to 0 so as to resend from same offset */
400 txlen = 0;
401 } else {
402 count = 0;
403
404 /* Last block ? */
405 if (firmwarelen - offset < txlen)
406 txlen = firmwarelen - offset;
407
408 tx_blocks =
409 (txlen + SDIO_BLOCK_SIZE - 1) / SDIO_BLOCK_SIZE;
410
411 memcpy(fwbuf, &firmware[offset], txlen);
412 }
413
414 ret = sdio_writesb(card->func, card->ioport, fwbuf,
415 tx_blocks * SDIO_BLOCK_SIZE);
416
417 if (ret < 0) {
418 BT_ERR("FW download, writesb(%d) failed @%d",
419 count, offset);
420 sdio_writeb(card->func, HOST_CMD53_FIN, CONFIG_REG,
421 &ret);
422 if (ret)
423 BT_ERR("writeb failed (CFG)");
424 }
425
426 offset += txlen;
427 } while (true);
428
429 BT_DBG("FW download over, size %d bytes", offset);
430
431 ret = 0;
432
433done:
434 kfree(tmpfwbuf);
435
436 if (fw_firmware)
437 release_firmware(fw_firmware);
438
439 return ret;
440}
441
442static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
443{
444 u16 buf_len = 0;
445 int ret, buf_block_len, blksz;
446 struct sk_buff *skb = NULL;
447 u32 type;
448 u8 *payload = NULL;
449 struct hci_dev *hdev = priv->btmrvl_dev.hcidev;
450 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
451
452 if (!card || !card->func) {
453 BT_ERR("card or function is NULL!");
454 ret = -EINVAL;
455 goto exit;
456 }
457
458 /* Read the length of data to be transferred */
459 ret = btmrvl_sdio_read_rx_len(card, &buf_len);
460 if (ret < 0) {
461 BT_ERR("read rx_len failed");
462 ret = -EIO;
463 goto exit;
464 }
465
466 blksz = SDIO_BLOCK_SIZE;
467 buf_block_len = (buf_len + blksz - 1) / blksz;
468
469 if (buf_len <= SDIO_HEADER_LEN
470 || (buf_block_len * blksz) > ALLOC_BUF_SIZE) {
471 BT_ERR("invalid packet length: %d", buf_len);
472 ret = -EINVAL;
473 goto exit;
474 }
475
476 /* Allocate buffer */
477 skb = bt_skb_alloc(buf_block_len * blksz + BTSDIO_DMA_ALIGN,
478 GFP_ATOMIC);
479 if (skb == NULL) {
480 BT_ERR("No free skb");
481 goto exit;
482 }
483
484 if ((unsigned long) skb->data & (BTSDIO_DMA_ALIGN - 1)) {
485 skb_put(skb, (unsigned long) skb->data &
486 (BTSDIO_DMA_ALIGN - 1));
487 skb_pull(skb, (unsigned long) skb->data &
488 (BTSDIO_DMA_ALIGN - 1));
489 }
490
491 payload = skb->data;
492
493 ret = sdio_readsb(card->func, payload, card->ioport,
494 buf_block_len * blksz);
495 if (ret < 0) {
496 BT_ERR("readsb failed: %d", ret);
497 ret = -EIO;
498 goto exit;
499 }
500
501 /* This is SDIO specific header length: byte[2][1][0], type: byte[3]
502 * (HCI_COMMAND = 1, ACL_DATA = 2, SCO_DATA = 3, 0xFE = Vendor)
503 */
504
505 buf_len = payload[0];
506 buf_len |= (u16) payload[1] << 8;
507 type = payload[3];
508
509 switch (type) {
510 case HCI_ACLDATA_PKT:
511 case HCI_SCODATA_PKT:
512 case HCI_EVENT_PKT:
513 bt_cb(skb)->pkt_type = type;
514 skb->dev = (void *)hdev;
515 skb_put(skb, buf_len);
516 skb_pull(skb, SDIO_HEADER_LEN);
517
518 if (type == HCI_EVENT_PKT)
519 btmrvl_check_evtpkt(priv, skb);
520
521 hci_recv_frame(skb);
522 hdev->stat.byte_rx += buf_len;
523 break;
524
525 case MRVL_VENDOR_PKT:
526 bt_cb(skb)->pkt_type = HCI_VENDOR_PKT;
527 skb->dev = (void *)hdev;
528 skb_put(skb, buf_len);
529 skb_pull(skb, SDIO_HEADER_LEN);
530
531 if (btmrvl_process_event(priv, skb))
532 hci_recv_frame(skb);
533
534 hdev->stat.byte_rx += buf_len;
535 break;
536
537 default:
538 BT_ERR("Unknow packet type:%d", type);
539 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, payload,
540 blksz * buf_block_len);
541
542 kfree_skb(skb);
543 skb = NULL;
544 break;
545 }
546
547exit:
548 if (ret) {
549 hdev->stat.err_rx++;
550 if (skb)
551 kfree_skb(skb);
552 }
553
554 return ret;
555}
556
557static int btmrvl_sdio_get_int_status(struct btmrvl_private *priv, u8 * ireg)
558{
559 int ret;
560 u8 sdio_ireg = 0;
561 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
562
563 *ireg = 0;
564
565 sdio_ireg = sdio_readb(card->func, HOST_INTSTATUS_REG, &ret);
566 if (ret) {
567 BT_ERR("sdio_readb: read int status register failed");
568 ret = -EIO;
569 goto done;
570 }
571
572 if (sdio_ireg != 0) {
573 /*
574 * DN_LD_HOST_INT_STATUS and/or UP_LD_HOST_INT_STATUS
575 * Clear the interrupt status register and re-enable the
576 * interrupt.
577 */
578 BT_DBG("sdio_ireg = 0x%x", sdio_ireg);
579
580 sdio_writeb(card->func, ~(sdio_ireg) & (DN_LD_HOST_INT_STATUS |
581 UP_LD_HOST_INT_STATUS),
582 HOST_INTSTATUS_REG, &ret);
583 if (ret) {
584 BT_ERR("sdio_writeb: clear int status register "
585 "failed");
586 ret = -EIO;
587 goto done;
588 }
589 }
590
591 if (sdio_ireg & DN_LD_HOST_INT_STATUS) {
592 if (priv->btmrvl_dev.tx_dnld_rdy)
593 BT_DBG("tx_done already received: "
594 " int_status=0x%x", sdio_ireg);
595 else
596 priv->btmrvl_dev.tx_dnld_rdy = true;
597 }
598
599 if (sdio_ireg & UP_LD_HOST_INT_STATUS)
600 btmrvl_sdio_card_to_host(priv);
601
602 *ireg = sdio_ireg;
603
604 ret = 0;
605
606done:
607 return ret;
608}
609
610static void btmrvl_sdio_interrupt(struct sdio_func *func)
611{
612 struct btmrvl_private *priv;
613 struct hci_dev *hcidev;
614 struct btmrvl_sdio_card *card;
615 u8 ireg = 0;
616
617 card = sdio_get_drvdata(func);
618 if (card && card->priv) {
619 priv = card->priv;
620 hcidev = priv->btmrvl_dev.hcidev;
621
622 if (btmrvl_sdio_get_int_status(priv, &ireg))
623 BT_ERR("reading HOST_INT_STATUS_REG failed");
624 else
625 BT_DBG("HOST_INT_STATUS_REG %#x", ireg);
626
627 btmrvl_interrupt(priv);
628 }
629}
630
631static int btmrvl_sdio_register_dev(struct btmrvl_sdio_card *card)
632{
633 struct sdio_func *func;
634 u8 reg;
635 int ret = 0;
636
637 if (!card || !card->func) {
638 BT_ERR("Error: card or function is NULL!");
639 ret = -EINVAL;
640 goto failed;
641 }
642
643 func = card->func;
644
645 sdio_claim_host(func);
646
647 ret = sdio_enable_func(func);
648 if (ret) {
649 BT_ERR("sdio_enable_func() failed: ret=%d", ret);
650 ret = -EIO;
651 goto release_host;
652 }
653
654 ret = sdio_claim_irq(func, btmrvl_sdio_interrupt);
655 if (ret) {
656 BT_ERR("sdio_claim_irq failed: ret=%d", ret);
657 ret = -EIO;
658 goto disable_func;
659 }
660
661 ret = sdio_set_block_size(card->func, SDIO_BLOCK_SIZE);
662 if (ret) {
663 BT_ERR("cannot set SDIO block size");
664 ret = -EIO;
665 goto release_irq;
666 }
667
668 reg = sdio_readb(func, IO_PORT_0_REG, &ret);
669 if (ret < 0) {
670 ret = -EIO;
671 goto release_irq;
672 }
673
674 card->ioport = reg;
675
676 reg = sdio_readb(func, IO_PORT_1_REG, &ret);
677 if (ret < 0) {
678 ret = -EIO;
679 goto release_irq;
680 }
681
682 card->ioport |= (reg << 8);
683
684 reg = sdio_readb(func, IO_PORT_2_REG, &ret);
685 if (ret < 0) {
686 ret = -EIO;
687 goto release_irq;
688 }
689
690 card->ioport |= (reg << 16);
691
692 BT_DBG("SDIO FUNC%d IO port: 0x%x", func->num, card->ioport);
693
694 sdio_set_drvdata(func, card);
695
696 sdio_release_host(func);
697
698 return 0;
699
700release_irq:
701 sdio_release_irq(func);
702
703disable_func:
704 sdio_disable_func(func);
705
706release_host:
707 sdio_release_host(func);
708
709failed:
710 return ret;
711}
712
713static int btmrvl_sdio_unregister_dev(struct btmrvl_sdio_card *card)
714{
715 if (card && card->func) {
716 sdio_claim_host(card->func);
717 sdio_release_irq(card->func);
718 sdio_disable_func(card->func);
719 sdio_release_host(card->func);
720 sdio_set_drvdata(card->func, NULL);
721 }
722
723 return 0;
724}
725
726static int btmrvl_sdio_enable_host_int(struct btmrvl_sdio_card *card)
727{
728 int ret;
729
730 if (!card || !card->func)
731 return -EINVAL;
732
733 sdio_claim_host(card->func);
734
735 ret = btmrvl_sdio_enable_host_int_mask(card, HIM_ENABLE);
736
737 btmrvl_sdio_get_rx_unit(card);
738
739 sdio_release_host(card->func);
740
741 return ret;
742}
743
744static int btmrvl_sdio_disable_host_int(struct btmrvl_sdio_card *card)
745{
746 int ret;
747
748 if (!card || !card->func)
749 return -EINVAL;
750
751 sdio_claim_host(card->func);
752
753 ret = btmrvl_sdio_disable_host_int_mask(card, HIM_DISABLE);
754
755 sdio_release_host(card->func);
756
757 return ret;
758}
759
760static int btmrvl_sdio_host_to_card(struct btmrvl_private *priv,
761 u8 *payload, u16 nb)
762{
763 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
764 int ret = 0;
765 int buf_block_len;
766 int blksz;
767 int i = 0;
768 u8 *buf = NULL;
769 void *tmpbuf = NULL;
770 int tmpbufsz;
771
772 if (!card || !card->func) {
773 BT_ERR("card or function is NULL!");
774 return -EINVAL;
775 }
776
777 buf = payload;
778 if ((unsigned long) payload & (BTSDIO_DMA_ALIGN - 1)) {
779 tmpbufsz = ALIGN_SZ(nb, BTSDIO_DMA_ALIGN);
780 tmpbuf = kzalloc(tmpbufsz, GFP_KERNEL);
781 if (!tmpbuf)
782 return -ENOMEM;
783 buf = (u8 *) ALIGN_ADDR(tmpbuf, BTSDIO_DMA_ALIGN);
784 memcpy(buf, payload, nb);
785 }
786
787 blksz = SDIO_BLOCK_SIZE;
788 buf_block_len = (nb + blksz - 1) / blksz;
789
790 sdio_claim_host(card->func);
791
792 do {
793 /* Transfer data to card */
794 ret = sdio_writesb(card->func, card->ioport, buf,
795 buf_block_len * blksz);
796 if (ret < 0) {
797 i++;
798 BT_ERR("i=%d writesb failed: %d", i, ret);
799 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
800 payload, nb);
801 ret = -EIO;
802 if (i > MAX_WRITE_IOMEM_RETRY)
803 goto exit;
804 }
805 } while (ret);
806
807 priv->btmrvl_dev.tx_dnld_rdy = false;
808
809exit:
810 sdio_release_host(card->func);
811
812 return ret;
813}
814
815static int btmrvl_sdio_download_fw(struct btmrvl_sdio_card *card)
816{
817 int ret = 0;
818
819 if (!card || !card->func) {
820 BT_ERR("card or function is NULL!");
821 return -EINVAL;
822 }
823 sdio_claim_host(card->func);
824
825 if (!btmrvl_sdio_verify_fw_download(card, 1)) {
826 BT_DBG("Firmware already downloaded!");
827 goto done;
828 }
829
830 ret = btmrvl_sdio_download_helper(card);
831 if (ret) {
832 BT_ERR("Failed to download helper!");
833 ret = -EIO;
834 goto done;
835 }
836
837 if (btmrvl_sdio_download_fw_w_helper(card)) {
838 BT_ERR("Failed to download firmware!");
839 ret = -EIO;
840 goto done;
841 }
842
843 if (btmrvl_sdio_verify_fw_download(card, MAX_POLL_TRIES)) {
844 BT_ERR("FW failed to be active in time!");
845 ret = -ETIMEDOUT;
846 goto done;
847 }
848
849done:
850 sdio_release_host(card->func);
851
852 return ret;
853}
854
855static int btmrvl_sdio_wakeup_fw(struct btmrvl_private *priv)
856{
857 struct btmrvl_sdio_card *card = priv->btmrvl_dev.card;
858 int ret = 0;
859
860 if (!card || !card->func) {
861 BT_ERR("card or function is NULL!");
862 return -EINVAL;
863 }
864
865 sdio_claim_host(card->func);
866
867 sdio_writeb(card->func, HOST_POWER_UP, CONFIG_REG, &ret);
868
869 sdio_release_host(card->func);
870
871 BT_DBG("wake up firmware");
872
873 return ret;
874}
875
876static int btmrvl_sdio_probe(struct sdio_func *func,
877 const struct sdio_device_id *id)
878{
879 int ret = 0;
880 struct btmrvl_private *priv = NULL;
881 struct btmrvl_sdio_card *card = NULL;
882
883 BT_INFO("vendor=0x%x, device=0x%x, class=%d, fn=%d",
884 id->vendor, id->device, id->class, func->num);
885
886 card = kzalloc(sizeof(*card), GFP_KERNEL);
887 if (!card) {
888 ret = -ENOMEM;
889 goto done;
890 }
891
892 card->func = func;
893
894 if (id->driver_data) {
895 struct btmrvl_sdio_device *data = (void *) id->driver_data;
896 card->helper = data->helper;
897 card->firmware = data->firmware;
898 }
899
900 if (btmrvl_sdio_register_dev(card) < 0) {
901 BT_ERR("Failed to register BT device!");
902 ret = -ENODEV;
903 goto free_card;
904 }
905
906 /* Disable the interrupts on the card */
907 btmrvl_sdio_disable_host_int(card);
908
909 if (btmrvl_sdio_download_fw(card)) {
910 BT_ERR("Downloading firmware failed!");
911 ret = -ENODEV;
912 goto unreg_dev;
913 }
914
915 msleep(100);
916
917 btmrvl_sdio_enable_host_int(card);
918
919 priv = btmrvl_add_card(card);
920 if (!priv) {
921 BT_ERR("Initializing card failed!");
922 ret = -ENODEV;
923 goto disable_host_int;
924 }
925
926 card->priv = priv;
927
928 /* Initialize the interface specific function pointers */
929 priv->hw_host_to_card = btmrvl_sdio_host_to_card;
930 priv->hw_wakeup_firmware = btmrvl_sdio_wakeup_fw;
931
932 btmrvl_send_module_cfg_cmd(priv, MODULE_BRINGUP_REQ);
933
934 return 0;
935
936disable_host_int:
937 btmrvl_sdio_disable_host_int(card);
938unreg_dev:
939 btmrvl_sdio_unregister_dev(card);
940free_card:
941 kfree(card);
942done:
943 return ret;
944}
945
946static void btmrvl_sdio_remove(struct sdio_func *func)
947{
948 struct btmrvl_sdio_card *card;
949
950 if (func) {
951 card = sdio_get_drvdata(func);
952 if (card) {
953 /* Send SHUTDOWN command & disable interrupt
954 * if user removes the module.
955 */
956 if (user_rmmod) {
957 btmrvl_send_module_cfg_cmd(card->priv,
958 MODULE_SHUTDOWN_REQ);
959 btmrvl_sdio_disable_host_int(card);
960 }
961 BT_DBG("unregester dev");
962 btmrvl_sdio_unregister_dev(card);
963 btmrvl_remove_card(card->priv);
964 kfree(card);
965 }
966 }
967}
968
969static struct sdio_driver bt_mrvl_sdio = {
970 .name = "btmrvl_sdio",
971 .id_table = btmrvl_sdio_ids,
972 .probe = btmrvl_sdio_probe,
973 .remove = btmrvl_sdio_remove,
974};
975
976static int btmrvl_sdio_init_module(void)
977{
978 if (sdio_register_driver(&bt_mrvl_sdio) != 0) {
979 BT_ERR("SDIO Driver Registration Failed");
980 return -ENODEV;
981 }
982
983 /* Clear the flag in case user removes the card. */
984 user_rmmod = 0;
985
986 return 0;
987}
988
989static void btmrvl_sdio_exit_module(void)
990{
991 /* Set the flag as user is removing this module. */
992 user_rmmod = 1;
993
994 sdio_unregister_driver(&bt_mrvl_sdio);
995}
996
997module_init(btmrvl_sdio_init_module);
998module_exit(btmrvl_sdio_exit_module);
999
1000MODULE_AUTHOR("Marvell International Ltd.");
1001MODULE_DESCRIPTION("Marvell BT-over-SDIO driver ver " VERSION);
1002MODULE_VERSION(VERSION);
1003MODULE_LICENSE("GPL v2");
diff --git a/drivers/bluetooth/btmrvl_sdio.h b/drivers/bluetooth/btmrvl_sdio.h
new file mode 100644
index 000000000000..27329f107e5a
--- /dev/null
+++ b/drivers/bluetooth/btmrvl_sdio.h
@@ -0,0 +1,108 @@
1/**
2 * Marvell BT-over-SDIO driver: SDIO interface related definitions
3 *
4 * Copyright (C) 2009, Marvell International Ltd.
5 *
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
13 *
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 *
20 **/
21
22#define SDIO_HEADER_LEN 4
23
24/* SD block size can not bigger than 64 due to buf size limit in firmware */
25/* define SD block size for data Tx/Rx */
26#define SDIO_BLOCK_SIZE 64
27
28/* Number of blocks for firmware transfer */
29#define FIRMWARE_TRANSFER_NBLOCK 2
30
31/* This is for firmware specific length */
32#define FW_EXTRA_LEN 36
33
34#define MRVDRV_SIZE_OF_CMD_BUFFER (2 * 1024)
35
36#define MRVDRV_BT_RX_PACKET_BUFFER_SIZE \
37 (HCI_MAX_FRAME_SIZE + FW_EXTRA_LEN)
38
39#define ALLOC_BUF_SIZE (((max_t (int, MRVDRV_BT_RX_PACKET_BUFFER_SIZE, \
40 MRVDRV_SIZE_OF_CMD_BUFFER) + SDIO_HEADER_LEN \
41 + SDIO_BLOCK_SIZE - 1) / SDIO_BLOCK_SIZE) \
42 * SDIO_BLOCK_SIZE)
43
44/* The number of times to try when polling for status */
45#define MAX_POLL_TRIES 100
46
47/* Max retry number of CMD53 write */
48#define MAX_WRITE_IOMEM_RETRY 2
49
50/* Host Control Registers */
51#define IO_PORT_0_REG 0x00
52#define IO_PORT_1_REG 0x01
53#define IO_PORT_2_REG 0x02
54
55#define CONFIG_REG 0x03
56#define HOST_POWER_UP BIT(1)
57#define HOST_CMD53_FIN BIT(2)
58
59#define HOST_INT_MASK_REG 0x04
60#define HIM_DISABLE 0xff
61#define HIM_ENABLE (BIT(0) | BIT(1))
62
63#define HOST_INTSTATUS_REG 0x05
64#define UP_LD_HOST_INT_STATUS BIT(0)
65#define DN_LD_HOST_INT_STATUS BIT(1)
66
67/* Card Control Registers */
68#define SQ_READ_BASE_ADDRESS_A0_REG 0x10
69#define SQ_READ_BASE_ADDRESS_A1_REG 0x11
70
71#define CARD_STATUS_REG 0x20
72#define DN_LD_CARD_RDY BIT(0)
73#define CARD_IO_READY BIT(3)
74
75#define CARD_FW_STATUS0_REG 0x40
76#define CARD_FW_STATUS1_REG 0x41
77#define FIRMWARE_READY 0xfedc
78
79#define CARD_RX_LEN_REG 0x42
80#define CARD_RX_UNIT_REG 0x43
81
82
83struct btmrvl_sdio_card {
84 struct sdio_func *func;
85 u32 ioport;
86 const char *helper;
87 const char *firmware;
88 u8 rx_unit;
89 struct btmrvl_private *priv;
90};
91
92struct btmrvl_sdio_device {
93 const char *helper;
94 const char *firmware;
95};
96
97
98/* Platform specific DMA alignment */
99#define BTSDIO_DMA_ALIGN 8
100
101/* Macros for Data Alignment : size */
102#define ALIGN_SZ(p, a) \
103 (((p) + ((a) - 1)) & ~((a) - 1))
104
105/* Macros for Data Alignment : address */
106#define ALIGN_ADDR(p, a) \
107 ((((unsigned long)(p)) + (((unsigned long)(a)) - 1)) & \
108 ~(((unsigned long)(a)) - 1))
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index e70c57ee4221..7ba91aa3fe8b 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -35,7 +35,7 @@
35#include <net/bluetooth/bluetooth.h> 35#include <net/bluetooth/bluetooth.h>
36#include <net/bluetooth/hci_core.h> 36#include <net/bluetooth/hci_core.h>
37 37
38#define VERSION "0.5" 38#define VERSION "0.6"
39 39
40static int ignore_dga; 40static int ignore_dga;
41static int ignore_csr; 41static int ignore_csr;
@@ -145,6 +145,7 @@ static struct usb_device_id blacklist_table[] = {
145#define BTUSB_INTR_RUNNING 0 145#define BTUSB_INTR_RUNNING 0
146#define BTUSB_BULK_RUNNING 1 146#define BTUSB_BULK_RUNNING 1
147#define BTUSB_ISOC_RUNNING 2 147#define BTUSB_ISOC_RUNNING 2
148#define BTUSB_SUSPENDING 3
148 149
149struct btusb_data { 150struct btusb_data {
150 struct hci_dev *hdev; 151 struct hci_dev *hdev;
@@ -157,11 +158,15 @@ struct btusb_data {
157 unsigned long flags; 158 unsigned long flags;
158 159
159 struct work_struct work; 160 struct work_struct work;
161 struct work_struct waker;
160 162
161 struct usb_anchor tx_anchor; 163 struct usb_anchor tx_anchor;
162 struct usb_anchor intr_anchor; 164 struct usb_anchor intr_anchor;
163 struct usb_anchor bulk_anchor; 165 struct usb_anchor bulk_anchor;
164 struct usb_anchor isoc_anchor; 166 struct usb_anchor isoc_anchor;
167 struct usb_anchor deferred;
168 int tx_in_flight;
169 spinlock_t txlock;
165 170
166 struct usb_endpoint_descriptor *intr_ep; 171 struct usb_endpoint_descriptor *intr_ep;
167 struct usb_endpoint_descriptor *bulk_tx_ep; 172 struct usb_endpoint_descriptor *bulk_tx_ep;
@@ -174,8 +179,23 @@ struct btusb_data {
174 unsigned int sco_num; 179 unsigned int sco_num;
175 int isoc_altsetting; 180 int isoc_altsetting;
176 int suspend_count; 181 int suspend_count;
182 int did_iso_resume:1;
177}; 183};
178 184
185static int inc_tx(struct btusb_data *data)
186{
187 unsigned long flags;
188 int rv;
189
190 spin_lock_irqsave(&data->txlock, flags);
191 rv = test_bit(BTUSB_SUSPENDING, &data->flags);
192 if (!rv)
193 data->tx_in_flight++;
194 spin_unlock_irqrestore(&data->txlock, flags);
195
196 return rv;
197}
198
179static void btusb_intr_complete(struct urb *urb) 199static void btusb_intr_complete(struct urb *urb)
180{ 200{
181 struct hci_dev *hdev = urb->context; 201 struct hci_dev *hdev = urb->context;
@@ -202,6 +222,7 @@ static void btusb_intr_complete(struct urb *urb)
202 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags)) 222 if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
203 return; 223 return;
204 224
225 usb_mark_last_busy(data->udev);
205 usb_anchor_urb(urb, &data->intr_anchor); 226 usb_anchor_urb(urb, &data->intr_anchor);
206 227
207 err = usb_submit_urb(urb, GFP_ATOMIC); 228 err = usb_submit_urb(urb, GFP_ATOMIC);
@@ -301,7 +322,7 @@ static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
301 struct urb *urb; 322 struct urb *urb;
302 unsigned char *buf; 323 unsigned char *buf;
303 unsigned int pipe; 324 unsigned int pipe;
304 int err, size; 325 int err, size = HCI_MAX_FRAME_SIZE;
305 326
306 BT_DBG("%s", hdev->name); 327 BT_DBG("%s", hdev->name);
307 328
@@ -312,8 +333,6 @@ static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
312 if (!urb) 333 if (!urb)
313 return -ENOMEM; 334 return -ENOMEM;
314 335
315 size = le16_to_cpu(data->bulk_rx_ep->wMaxPacketSize);
316
317 buf = kmalloc(size, mem_flags); 336 buf = kmalloc(size, mem_flags);
318 if (!buf) { 337 if (!buf) {
319 usb_free_urb(urb); 338 usb_free_urb(urb);
@@ -327,6 +346,7 @@ static int btusb_submit_bulk_urb(struct hci_dev *hdev, gfp_t mem_flags)
327 346
328 urb->transfer_flags |= URB_FREE_BUFFER; 347 urb->transfer_flags |= URB_FREE_BUFFER;
329 348
349 usb_mark_last_busy(data->udev);
330 usb_anchor_urb(urb, &data->bulk_anchor); 350 usb_anchor_urb(urb, &data->bulk_anchor);
331 351
332 err = usb_submit_urb(urb, mem_flags); 352 err = usb_submit_urb(urb, mem_flags);
@@ -465,6 +485,33 @@ static void btusb_tx_complete(struct urb *urb)
465{ 485{
466 struct sk_buff *skb = urb->context; 486 struct sk_buff *skb = urb->context;
467 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 487 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
488 struct btusb_data *data = hdev->driver_data;
489
490 BT_DBG("%s urb %p status %d count %d", hdev->name,
491 urb, urb->status, urb->actual_length);
492
493 if (!test_bit(HCI_RUNNING, &hdev->flags))
494 goto done;
495
496 if (!urb->status)
497 hdev->stat.byte_tx += urb->transfer_buffer_length;
498 else
499 hdev->stat.err_tx++;
500
501done:
502 spin_lock(&data->txlock);
503 data->tx_in_flight--;
504 spin_unlock(&data->txlock);
505
506 kfree(urb->setup_packet);
507
508 kfree_skb(skb);
509}
510
511static void btusb_isoc_tx_complete(struct urb *urb)
512{
513 struct sk_buff *skb = urb->context;
514 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
468 515
469 BT_DBG("%s urb %p status %d count %d", hdev->name, 516 BT_DBG("%s urb %p status %d count %d", hdev->name,
470 urb, urb->status, urb->actual_length); 517 urb, urb->status, urb->actual_length);
@@ -490,11 +537,17 @@ static int btusb_open(struct hci_dev *hdev)
490 537
491 BT_DBG("%s", hdev->name); 538 BT_DBG("%s", hdev->name);
492 539
540 err = usb_autopm_get_interface(data->intf);
541 if (err < 0)
542 return err;
543
544 data->intf->needs_remote_wakeup = 1;
545
493 if (test_and_set_bit(HCI_RUNNING, &hdev->flags)) 546 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
494 return 0; 547 goto done;
495 548
496 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) 549 if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags))
497 return 0; 550 goto done;
498 551
499 err = btusb_submit_intr_urb(hdev, GFP_KERNEL); 552 err = btusb_submit_intr_urb(hdev, GFP_KERNEL);
500 if (err < 0) 553 if (err < 0)
@@ -509,17 +562,28 @@ static int btusb_open(struct hci_dev *hdev)
509 set_bit(BTUSB_BULK_RUNNING, &data->flags); 562 set_bit(BTUSB_BULK_RUNNING, &data->flags);
510 btusb_submit_bulk_urb(hdev, GFP_KERNEL); 563 btusb_submit_bulk_urb(hdev, GFP_KERNEL);
511 564
565done:
566 usb_autopm_put_interface(data->intf);
512 return 0; 567 return 0;
513 568
514failed: 569failed:
515 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 570 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
516 clear_bit(HCI_RUNNING, &hdev->flags); 571 clear_bit(HCI_RUNNING, &hdev->flags);
572 usb_autopm_put_interface(data->intf);
517 return err; 573 return err;
518} 574}
519 575
576static void btusb_stop_traffic(struct btusb_data *data)
577{
578 usb_kill_anchored_urbs(&data->intr_anchor);
579 usb_kill_anchored_urbs(&data->bulk_anchor);
580 usb_kill_anchored_urbs(&data->isoc_anchor);
581}
582
520static int btusb_close(struct hci_dev *hdev) 583static int btusb_close(struct hci_dev *hdev)
521{ 584{
522 struct btusb_data *data = hdev->driver_data; 585 struct btusb_data *data = hdev->driver_data;
586 int err;
523 587
524 BT_DBG("%s", hdev->name); 588 BT_DBG("%s", hdev->name);
525 589
@@ -529,13 +593,16 @@ static int btusb_close(struct hci_dev *hdev)
529 cancel_work_sync(&data->work); 593 cancel_work_sync(&data->work);
530 594
531 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 595 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
532 usb_kill_anchored_urbs(&data->isoc_anchor);
533
534 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 596 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
535 usb_kill_anchored_urbs(&data->bulk_anchor);
536
537 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 597 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
538 usb_kill_anchored_urbs(&data->intr_anchor); 598
599 btusb_stop_traffic(data);
600 err = usb_autopm_get_interface(data->intf);
601 if (err < 0)
602 return 0;
603
604 data->intf->needs_remote_wakeup = 0;
605 usb_autopm_put_interface(data->intf);
539 606
540 return 0; 607 return 0;
541} 608}
@@ -622,7 +689,7 @@ static int btusb_send_frame(struct sk_buff *skb)
622 urb->dev = data->udev; 689 urb->dev = data->udev;
623 urb->pipe = pipe; 690 urb->pipe = pipe;
624 urb->context = skb; 691 urb->context = skb;
625 urb->complete = btusb_tx_complete; 692 urb->complete = btusb_isoc_tx_complete;
626 urb->interval = data->isoc_tx_ep->bInterval; 693 urb->interval = data->isoc_tx_ep->bInterval;
627 694
628 urb->transfer_flags = URB_ISO_ASAP; 695 urb->transfer_flags = URB_ISO_ASAP;
@@ -633,12 +700,21 @@ static int btusb_send_frame(struct sk_buff *skb)
633 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize)); 700 le16_to_cpu(data->isoc_tx_ep->wMaxPacketSize));
634 701
635 hdev->stat.sco_tx++; 702 hdev->stat.sco_tx++;
636 break; 703 goto skip_waking;
637 704
638 default: 705 default:
639 return -EILSEQ; 706 return -EILSEQ;
640 } 707 }
641 708
709 err = inc_tx(data);
710 if (err) {
711 usb_anchor_urb(urb, &data->deferred);
712 schedule_work(&data->waker);
713 err = 0;
714 goto done;
715 }
716
717skip_waking:
642 usb_anchor_urb(urb, &data->tx_anchor); 718 usb_anchor_urb(urb, &data->tx_anchor);
643 719
644 err = usb_submit_urb(urb, GFP_ATOMIC); 720 err = usb_submit_urb(urb, GFP_ATOMIC);
@@ -646,10 +722,13 @@ static int btusb_send_frame(struct sk_buff *skb)
646 BT_ERR("%s urb %p submission failed", hdev->name, urb); 722 BT_ERR("%s urb %p submission failed", hdev->name, urb);
647 kfree(urb->setup_packet); 723 kfree(urb->setup_packet);
648 usb_unanchor_urb(urb); 724 usb_unanchor_urb(urb);
725 } else {
726 usb_mark_last_busy(data->udev);
649 } 727 }
650 728
651 usb_free_urb(urb); 729 usb_free_urb(urb);
652 730
731done:
653 return err; 732 return err;
654} 733}
655 734
@@ -721,8 +800,19 @@ static void btusb_work(struct work_struct *work)
721{ 800{
722 struct btusb_data *data = container_of(work, struct btusb_data, work); 801 struct btusb_data *data = container_of(work, struct btusb_data, work);
723 struct hci_dev *hdev = data->hdev; 802 struct hci_dev *hdev = data->hdev;
803 int err;
724 804
725 if (hdev->conn_hash.sco_num > 0) { 805 if (hdev->conn_hash.sco_num > 0) {
806 if (!data->did_iso_resume) {
807 err = usb_autopm_get_interface(data->isoc);
808 if (err < 0) {
809 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
810 usb_kill_anchored_urbs(&data->isoc_anchor);
811 return;
812 }
813
814 data->did_iso_resume = 1;
815 }
726 if (data->isoc_altsetting != 2) { 816 if (data->isoc_altsetting != 2) {
727 clear_bit(BTUSB_ISOC_RUNNING, &data->flags); 817 clear_bit(BTUSB_ISOC_RUNNING, &data->flags);
728 usb_kill_anchored_urbs(&data->isoc_anchor); 818 usb_kill_anchored_urbs(&data->isoc_anchor);
@@ -742,9 +832,25 @@ static void btusb_work(struct work_struct *work)
742 usb_kill_anchored_urbs(&data->isoc_anchor); 832 usb_kill_anchored_urbs(&data->isoc_anchor);
743 833
744 __set_isoc_interface(hdev, 0); 834 __set_isoc_interface(hdev, 0);
835 if (data->did_iso_resume) {
836 data->did_iso_resume = 0;
837 usb_autopm_put_interface(data->isoc);
838 }
745 } 839 }
746} 840}
747 841
842static void btusb_waker(struct work_struct *work)
843{
844 struct btusb_data *data = container_of(work, struct btusb_data, waker);
845 int err;
846
847 err = usb_autopm_get_interface(data->intf);
848 if (err < 0)
849 return;
850
851 usb_autopm_put_interface(data->intf);
852}
853
748static int btusb_probe(struct usb_interface *intf, 854static int btusb_probe(struct usb_interface *intf,
749 const struct usb_device_id *id) 855 const struct usb_device_id *id)
750{ 856{
@@ -814,11 +920,14 @@ static int btusb_probe(struct usb_interface *intf,
814 spin_lock_init(&data->lock); 920 spin_lock_init(&data->lock);
815 921
816 INIT_WORK(&data->work, btusb_work); 922 INIT_WORK(&data->work, btusb_work);
923 INIT_WORK(&data->waker, btusb_waker);
924 spin_lock_init(&data->txlock);
817 925
818 init_usb_anchor(&data->tx_anchor); 926 init_usb_anchor(&data->tx_anchor);
819 init_usb_anchor(&data->intr_anchor); 927 init_usb_anchor(&data->intr_anchor);
820 init_usb_anchor(&data->bulk_anchor); 928 init_usb_anchor(&data->bulk_anchor);
821 init_usb_anchor(&data->isoc_anchor); 929 init_usb_anchor(&data->isoc_anchor);
930 init_usb_anchor(&data->deferred);
822 931
823 hdev = hci_alloc_dev(); 932 hdev = hci_alloc_dev();
824 if (!hdev) { 933 if (!hdev) {
@@ -943,6 +1052,7 @@ static void btusb_disconnect(struct usb_interface *intf)
943 hci_free_dev(hdev); 1052 hci_free_dev(hdev);
944} 1053}
945 1054
1055#ifdef CONFIG_PM
946static int btusb_suspend(struct usb_interface *intf, pm_message_t message) 1056static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
947{ 1057{
948 struct btusb_data *data = usb_get_intfdata(intf); 1058 struct btusb_data *data = usb_get_intfdata(intf);
@@ -952,22 +1062,44 @@ static int btusb_suspend(struct usb_interface *intf, pm_message_t message)
952 if (data->suspend_count++) 1062 if (data->suspend_count++)
953 return 0; 1063 return 0;
954 1064
1065 spin_lock_irq(&data->txlock);
1066 if (!(interface_to_usbdev(intf)->auto_pm && data->tx_in_flight)) {
1067 set_bit(BTUSB_SUSPENDING, &data->flags);
1068 spin_unlock_irq(&data->txlock);
1069 } else {
1070 spin_unlock_irq(&data->txlock);
1071 data->suspend_count--;
1072 return -EBUSY;
1073 }
1074
955 cancel_work_sync(&data->work); 1075 cancel_work_sync(&data->work);
956 1076
1077 btusb_stop_traffic(data);
957 usb_kill_anchored_urbs(&data->tx_anchor); 1078 usb_kill_anchored_urbs(&data->tx_anchor);
958 1079
959 usb_kill_anchored_urbs(&data->isoc_anchor);
960 usb_kill_anchored_urbs(&data->bulk_anchor);
961 usb_kill_anchored_urbs(&data->intr_anchor);
962
963 return 0; 1080 return 0;
964} 1081}
965 1082
1083static void play_deferred(struct btusb_data *data)
1084{
1085 struct urb *urb;
1086 int err;
1087
1088 while ((urb = usb_get_from_anchor(&data->deferred))) {
1089 err = usb_submit_urb(urb, GFP_ATOMIC);
1090 if (err < 0)
1091 break;
1092
1093 data->tx_in_flight++;
1094 }
1095 usb_scuttle_anchored_urbs(&data->deferred);
1096}
1097
966static int btusb_resume(struct usb_interface *intf) 1098static int btusb_resume(struct usb_interface *intf)
967{ 1099{
968 struct btusb_data *data = usb_get_intfdata(intf); 1100 struct btusb_data *data = usb_get_intfdata(intf);
969 struct hci_dev *hdev = data->hdev; 1101 struct hci_dev *hdev = data->hdev;
970 int err; 1102 int err = 0;
971 1103
972 BT_DBG("intf %p", intf); 1104 BT_DBG("intf %p", intf);
973 1105
@@ -975,13 +1107,13 @@ static int btusb_resume(struct usb_interface *intf)
975 return 0; 1107 return 0;
976 1108
977 if (!test_bit(HCI_RUNNING, &hdev->flags)) 1109 if (!test_bit(HCI_RUNNING, &hdev->flags))
978 return 0; 1110 goto done;
979 1111
980 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) { 1112 if (test_bit(BTUSB_INTR_RUNNING, &data->flags)) {
981 err = btusb_submit_intr_urb(hdev, GFP_NOIO); 1113 err = btusb_submit_intr_urb(hdev, GFP_NOIO);
982 if (err < 0) { 1114 if (err < 0) {
983 clear_bit(BTUSB_INTR_RUNNING, &data->flags); 1115 clear_bit(BTUSB_INTR_RUNNING, &data->flags);
984 return err; 1116 goto failed;
985 } 1117 }
986 } 1118 }
987 1119
@@ -989,9 +1121,10 @@ static int btusb_resume(struct usb_interface *intf)
989 err = btusb_submit_bulk_urb(hdev, GFP_NOIO); 1121 err = btusb_submit_bulk_urb(hdev, GFP_NOIO);
990 if (err < 0) { 1122 if (err < 0) {
991 clear_bit(BTUSB_BULK_RUNNING, &data->flags); 1123 clear_bit(BTUSB_BULK_RUNNING, &data->flags);
992 return err; 1124 goto failed;
993 } else 1125 }
994 btusb_submit_bulk_urb(hdev, GFP_NOIO); 1126
1127 btusb_submit_bulk_urb(hdev, GFP_NOIO);
995 } 1128 }
996 1129
997 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) { 1130 if (test_bit(BTUSB_ISOC_RUNNING, &data->flags)) {
@@ -1001,16 +1134,35 @@ static int btusb_resume(struct usb_interface *intf)
1001 btusb_submit_isoc_urb(hdev, GFP_NOIO); 1134 btusb_submit_isoc_urb(hdev, GFP_NOIO);
1002 } 1135 }
1003 1136
1137 spin_lock_irq(&data->txlock);
1138 play_deferred(data);
1139 clear_bit(BTUSB_SUSPENDING, &data->flags);
1140 spin_unlock_irq(&data->txlock);
1141 schedule_work(&data->work);
1142
1004 return 0; 1143 return 0;
1144
1145failed:
1146 usb_scuttle_anchored_urbs(&data->deferred);
1147done:
1148 spin_lock_irq(&data->txlock);
1149 clear_bit(BTUSB_SUSPENDING, &data->flags);
1150 spin_unlock_irq(&data->txlock);
1151
1152 return err;
1005} 1153}
1154#endif
1006 1155
1007static struct usb_driver btusb_driver = { 1156static struct usb_driver btusb_driver = {
1008 .name = "btusb", 1157 .name = "btusb",
1009 .probe = btusb_probe, 1158 .probe = btusb_probe,
1010 .disconnect = btusb_disconnect, 1159 .disconnect = btusb_disconnect,
1160#ifdef CONFIG_PM
1011 .suspend = btusb_suspend, 1161 .suspend = btusb_suspend,
1012 .resume = btusb_resume, 1162 .resume = btusb_resume,
1163#endif
1013 .id_table = btusb_table, 1164 .id_table = btusb_table,
1165 .supports_autosuspend = 1,
1014}; 1166};
1015 1167
1016static int __init btusb_init(void) 1168static int __init btusb_init(void)
diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
index 894b2cb11ea6..40aec0fb8596 100644
--- a/drivers/bluetooth/hci_bcsp.c
+++ b/drivers/bluetooth/hci_bcsp.c
@@ -373,8 +373,9 @@ static void bcsp_pkt_cull(struct bcsp_struct *bcsp)
373 373
374 i = 0; 374 i = 0;
375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) { 375 skb_queue_walk_safe(&bcsp->unack, skb, tmp) {
376 if (i++ >= pkts_to_be_removed) 376 if (i >= pkts_to_be_removed)
377 break; 377 break;
378 i++;
378 379
379 __skb_unlink(skb, &bcsp->unack); 380 __skb_unlink(skb, &bcsp->unack);
380 kfree_skb(skb); 381 kfree_skb(skb);
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index 968166a45f86..718394e2c01e 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -138,8 +138,11 @@ struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock);
138struct bt_skb_cb { 138struct bt_skb_cb {
139 __u8 pkt_type; 139 __u8 pkt_type;
140 __u8 incoming; 140 __u8 incoming;
141 __u8 tx_seq;
142 __u8 retries;
143 __u8 sar;
141}; 144};
142#define bt_cb(skb) ((struct bt_skb_cb *)(skb->cb)) 145#define bt_cb(skb) ((struct bt_skb_cb *)((skb)->cb))
143 146
144static inline struct sk_buff *bt_skb_alloc(unsigned int len, gfp_t how) 147static inline struct sk_buff *bt_skb_alloc(unsigned int len, gfp_t how)
145{ 148{
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index c4ca4228b083..7b640aeddb64 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -117,7 +117,7 @@ struct hci_dev {
117 struct sk_buff *sent_cmd; 117 struct sk_buff *sent_cmd;
118 struct sk_buff *reassembly[3]; 118 struct sk_buff *reassembly[3];
119 119
120 struct semaphore req_lock; 120 struct mutex req_lock;
121 wait_queue_head_t req_wait_q; 121 wait_queue_head_t req_wait_q;
122 __u32 req_status; 122 __u32 req_status;
123 __u32 req_result; 123 __u32 req_result;
@@ -187,6 +187,7 @@ struct hci_conn {
187 struct work_struct work_del; 187 struct work_struct work_del;
188 188
189 struct device dev; 189 struct device dev;
190 atomic_t devref;
190 191
191 struct hci_dev *hdev; 192 struct hci_dev *hdev;
192 void *l2cap_data; 193 void *l2cap_data;
@@ -339,6 +340,9 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role);
339void hci_conn_enter_active_mode(struct hci_conn *conn); 340void hci_conn_enter_active_mode(struct hci_conn *conn);
340void hci_conn_enter_sniff_mode(struct hci_conn *conn); 341void hci_conn_enter_sniff_mode(struct hci_conn *conn);
341 342
343void hci_conn_hold_device(struct hci_conn *conn);
344void hci_conn_put_device(struct hci_conn *conn);
345
342static inline void hci_conn_hold(struct hci_conn *conn) 346static inline void hci_conn_hold(struct hci_conn *conn)
343{ 347{
344 atomic_inc(&conn->refcnt); 348 atomic_inc(&conn->refcnt);
@@ -700,8 +704,8 @@ struct hci_sec_filter {
700#define HCI_REQ_PEND 1 704#define HCI_REQ_PEND 1
701#define HCI_REQ_CANCELED 2 705#define HCI_REQ_CANCELED 2
702 706
703#define hci_req_lock(d) down(&d->req_lock) 707#define hci_req_lock(d) mutex_lock(&d->req_lock)
704#define hci_req_unlock(d) up(&d->req_lock) 708#define hci_req_unlock(d) mutex_unlock(&d->req_lock)
705 709
706void hci_req_complete(struct hci_dev *hdev, int result); 710void hci_req_complete(struct hci_dev *hdev, int result);
707 711
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index e919fca1072a..9516f4b4a3c2 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -27,12 +27,14 @@
27 27
28/* L2CAP defaults */ 28/* L2CAP defaults */
29#define L2CAP_DEFAULT_MTU 672 29#define L2CAP_DEFAULT_MTU 672
30#define L2CAP_DEFAULT_MIN_MTU 48
30#define L2CAP_DEFAULT_FLUSH_TO 0xffff 31#define L2CAP_DEFAULT_FLUSH_TO 0xffff
31#define L2CAP_DEFAULT_RX_WINDOW 1 32#define L2CAP_DEFAULT_TX_WINDOW 63
32#define L2CAP_DEFAULT_MAX_RECEIVE 1 33#define L2CAP_DEFAULT_NUM_TO_ACK (L2CAP_DEFAULT_TX_WINDOW/5)
33#define L2CAP_DEFAULT_RETRANS_TO 300 /* 300 milliseconds */ 34#define L2CAP_DEFAULT_MAX_TX 3
34#define L2CAP_DEFAULT_MONITOR_TO 1000 /* 1 second */ 35#define L2CAP_DEFAULT_RETRANS_TO 1000 /* 1 second */
35#define L2CAP_DEFAULT_MAX_RX_APDU 0xfff7 36#define L2CAP_DEFAULT_MONITOR_TO 12000 /* 12 seconds */
37#define L2CAP_DEFAULT_MAX_PDU_SIZE 672
36 38
37#define L2CAP_CONN_TIMEOUT (40000) /* 40 seconds */ 39#define L2CAP_CONN_TIMEOUT (40000) /* 40 seconds */
38#define L2CAP_INFO_TIMEOUT (4000) /* 4 seconds */ 40#define L2CAP_INFO_TIMEOUT (4000) /* 4 seconds */
@@ -52,6 +54,7 @@ struct l2cap_options {
52 __u16 imtu; 54 __u16 imtu;
53 __u16 flush_to; 55 __u16 flush_to;
54 __u8 mode; 56 __u8 mode;
57 __u8 fcs;
55}; 58};
56 59
57#define L2CAP_CONNINFO 0x02 60#define L2CAP_CONNINFO 0x02
@@ -93,6 +96,32 @@ struct l2cap_conninfo {
93#define L2CAP_FCS_NONE 0x00 96#define L2CAP_FCS_NONE 0x00
94#define L2CAP_FCS_CRC16 0x01 97#define L2CAP_FCS_CRC16 0x01
95 98
99/* L2CAP Control Field bit masks */
100#define L2CAP_CTRL_SAR 0xC000
101#define L2CAP_CTRL_REQSEQ 0x3F00
102#define L2CAP_CTRL_TXSEQ 0x007E
103#define L2CAP_CTRL_RETRANS 0x0080
104#define L2CAP_CTRL_FINAL 0x0080
105#define L2CAP_CTRL_POLL 0x0010
106#define L2CAP_CTRL_SUPERVISE 0x000C
107#define L2CAP_CTRL_FRAME_TYPE 0x0001 /* I- or S-Frame */
108
109#define L2CAP_CTRL_TXSEQ_SHIFT 1
110#define L2CAP_CTRL_REQSEQ_SHIFT 8
111#define L2CAP_CTRL_SAR_SHIFT 14
112
113/* L2CAP Supervisory Function */
114#define L2CAP_SUPER_RCV_READY 0x0000
115#define L2CAP_SUPER_REJECT 0x0004
116#define L2CAP_SUPER_RCV_NOT_READY 0x0008
117#define L2CAP_SUPER_SELECT_REJECT 0x000C
118
119/* L2CAP Segmentation and Reassembly */
120#define L2CAP_SDU_UNSEGMENTED 0x0000
121#define L2CAP_SDU_START 0x4000
122#define L2CAP_SDU_END 0x8000
123#define L2CAP_SDU_CONTINUE 0xC000
124
96/* L2CAP structures */ 125/* L2CAP structures */
97struct l2cap_hdr { 126struct l2cap_hdr {
98 __le16 len; 127 __le16 len;
@@ -190,7 +219,7 @@ struct l2cap_conf_rfc {
190#define L2CAP_MODE_RETRANS 0x01 219#define L2CAP_MODE_RETRANS 0x01
191#define L2CAP_MODE_FLOWCTL 0x02 220#define L2CAP_MODE_FLOWCTL 0x02
192#define L2CAP_MODE_ERTM 0x03 221#define L2CAP_MODE_ERTM 0x03
193#define L2CAP_MODE_STREAM 0x04 222#define L2CAP_MODE_STREAMING 0x04
194 223
195struct l2cap_disconn_req { 224struct l2cap_disconn_req {
196 __le16 dcid; 225 __le16 dcid;
@@ -261,6 +290,14 @@ struct l2cap_conn {
261 290
262/* ----- L2CAP channel and socket info ----- */ 291/* ----- L2CAP channel and socket info ----- */
263#define l2cap_pi(sk) ((struct l2cap_pinfo *) sk) 292#define l2cap_pi(sk) ((struct l2cap_pinfo *) sk)
293#define TX_QUEUE(sk) (&l2cap_pi(sk)->tx_queue)
294#define SREJ_QUEUE(sk) (&l2cap_pi(sk)->srej_queue)
295#define SREJ_LIST(sk) (&l2cap_pi(sk)->srej_l.list)
296
297struct srej_list {
298 __u8 tx_seq;
299 struct list_head list;
300};
264 301
265struct l2cap_pinfo { 302struct l2cap_pinfo {
266 struct bt_sock bt; 303 struct bt_sock bt;
@@ -271,30 +308,97 @@ struct l2cap_pinfo {
271 __u16 imtu; 308 __u16 imtu;
272 __u16 omtu; 309 __u16 omtu;
273 __u16 flush_to; 310 __u16 flush_to;
274 __u8 sec_level; 311 __u8 mode;
312 __u8 num_conf_req;
313 __u8 num_conf_rsp;
314
315 __u8 fcs;
316 __u8 sec_level;
275 __u8 role_switch; 317 __u8 role_switch;
276 __u8 force_reliable; 318 __u8 force_reliable;
277 319
278 __u8 conf_req[64]; 320 __u8 conf_req[64];
279 __u8 conf_len; 321 __u8 conf_len;
280 __u8 conf_state; 322 __u8 conf_state;
281 __u8 conf_retry; 323 __u8 conn_state;
324
325 __u8 next_tx_seq;
326 __u8 expected_ack_seq;
327 __u8 req_seq;
328 __u8 expected_tx_seq;
329 __u8 buffer_seq;
330 __u8 buffer_seq_srej;
331 __u8 srej_save_reqseq;
332 __u8 unacked_frames;
333 __u8 retry_count;
334 __u8 num_to_ack;
335 __u16 sdu_len;
336 __u16 partial_sdu_len;
337 struct sk_buff *sdu;
282 338
283 __u8 ident; 339 __u8 ident;
284 340
341 __u8 remote_tx_win;
342 __u8 remote_max_tx;
343 __u16 retrans_timeout;
344 __u16 monitor_timeout;
345 __u16 max_pdu_size;
346
285 __le16 sport; 347 __le16 sport;
286 348
349 struct timer_list retrans_timer;
350 struct timer_list monitor_timer;
351 struct sk_buff_head tx_queue;
352 struct sk_buff_head srej_queue;
353 struct srej_list srej_l;
287 struct l2cap_conn *conn; 354 struct l2cap_conn *conn;
288 struct sock *next_c; 355 struct sock *next_c;
289 struct sock *prev_c; 356 struct sock *prev_c;
290}; 357};
291 358
292#define L2CAP_CONF_REQ_SENT 0x01 359#define L2CAP_CONF_REQ_SENT 0x01
293#define L2CAP_CONF_INPUT_DONE 0x02 360#define L2CAP_CONF_INPUT_DONE 0x02
294#define L2CAP_CONF_OUTPUT_DONE 0x04 361#define L2CAP_CONF_OUTPUT_DONE 0x04
295#define L2CAP_CONF_CONNECT_PEND 0x80 362#define L2CAP_CONF_MTU_DONE 0x08
296 363#define L2CAP_CONF_MODE_DONE 0x10
297#define L2CAP_CONF_MAX_RETRIES 2 364#define L2CAP_CONF_CONNECT_PEND 0x20
365#define L2CAP_CONF_NO_FCS_RECV 0x40
366#define L2CAP_CONF_STATE2_DEVICE 0x80
367
368#define L2CAP_CONF_MAX_CONF_REQ 2
369#define L2CAP_CONF_MAX_CONF_RSP 2
370
371#define L2CAP_CONN_SAR_SDU 0x01
372#define L2CAP_CONN_SREJ_SENT 0x02
373#define L2CAP_CONN_WAIT_F 0x04
374#define L2CAP_CONN_SREJ_ACT 0x08
375#define L2CAP_CONN_SEND_PBIT 0x10
376#define L2CAP_CONN_REMOTE_BUSY 0x20
377#define L2CAP_CONN_LOCAL_BUSY 0x40
378
379#define __mod_retrans_timer() mod_timer(&l2cap_pi(sk)->retrans_timer, \
380 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_RETRANS_TO));
381#define __mod_monitor_timer() mod_timer(&l2cap_pi(sk)->monitor_timer, \
382 jiffies + msecs_to_jiffies(L2CAP_DEFAULT_MONITOR_TO));
383
384static inline int l2cap_tx_window_full(struct sock *sk)
385{
386 struct l2cap_pinfo *pi = l2cap_pi(sk);
387 int sub;
388
389 sub = (pi->next_tx_seq - pi->expected_ack_seq) % 64;
390
391 if (sub < 0)
392 sub += 64;
393
394 return (sub == pi->remote_tx_win);
395}
396
397#define __get_txseq(ctrl) ((ctrl) & L2CAP_CTRL_TXSEQ) >> 1
398#define __get_reqseq(ctrl) ((ctrl) & L2CAP_CTRL_REQSEQ) >> 8
399#define __is_iframe(ctrl) !((ctrl) & L2CAP_CTRL_FRAME_TYPE)
400#define __is_sframe(ctrl) (ctrl) & L2CAP_CTRL_FRAME_TYPE
401#define __is_sar_start(ctrl) ((ctrl) & L2CAP_CTRL_SAR) == L2CAP_SDU_START
298 402
299void l2cap_load(void); 403void l2cap_load(void);
300 404
diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
index c274993234e3..921d7b3c7f8d 100644
--- a/include/net/bluetooth/rfcomm.h
+++ b/include/net/bluetooth/rfcomm.h
@@ -29,6 +29,7 @@
29#define RFCOMM_CONN_TIMEOUT (HZ * 30) 29#define RFCOMM_CONN_TIMEOUT (HZ * 30)
30#define RFCOMM_DISC_TIMEOUT (HZ * 20) 30#define RFCOMM_DISC_TIMEOUT (HZ * 20)
31#define RFCOMM_AUTH_TIMEOUT (HZ * 25) 31#define RFCOMM_AUTH_TIMEOUT (HZ * 25)
32#define RFCOMM_IDLE_TIMEOUT (HZ * 2)
32 33
33#define RFCOMM_DEFAULT_MTU 127 34#define RFCOMM_DEFAULT_MTU 127
34#define RFCOMM_DEFAULT_CREDITS 7 35#define RFCOMM_DEFAULT_CREDITS 7
@@ -154,6 +155,7 @@ struct rfcomm_msc {
154struct rfcomm_session { 155struct rfcomm_session {
155 struct list_head list; 156 struct list_head list;
156 struct socket *sock; 157 struct socket *sock;
158 struct timer_list timer;
157 unsigned long state; 159 unsigned long state;
158 unsigned long flags; 160 unsigned long flags;
159 atomic_t refcnt; 161 atomic_t refcnt;
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 59fdb1d2e8ed..ed371684c133 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -34,6 +34,7 @@ menuconfig BT
34config BT_L2CAP 34config BT_L2CAP
35 tristate "L2CAP protocol support" 35 tristate "L2CAP protocol support"
36 depends on BT 36 depends on BT
37 select CRC16
37 help 38 help
38 L2CAP (Logical Link Control and Adaptation Protocol) provides 39 L2CAP (Logical Link Control and Adaptation Protocol) provides
39 connection oriented and connection-less data transport. L2CAP 40 connection oriented and connection-less data transport. L2CAP
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index fa47d5d84f5c..a9750984f772 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -246,6 +246,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
246 if (hdev->notify) 246 if (hdev->notify)
247 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 247 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
248 248
249 atomic_set(&conn->devref, 0);
250
249 hci_conn_init_sysfs(conn); 251 hci_conn_init_sysfs(conn);
250 252
251 tasklet_enable(&hdev->tx_task); 253 tasklet_enable(&hdev->tx_task);
@@ -288,7 +290,7 @@ int hci_conn_del(struct hci_conn *conn)
288 290
289 skb_queue_purge(&conn->data_q); 291 skb_queue_purge(&conn->data_q);
290 292
291 hci_conn_del_sysfs(conn); 293 hci_conn_put_device(conn);
292 294
293 hci_dev_put(hdev); 295 hci_dev_put(hdev);
294 296
@@ -583,6 +585,19 @@ void hci_conn_check_pending(struct hci_dev *hdev)
583 hci_dev_unlock(hdev); 585 hci_dev_unlock(hdev);
584} 586}
585 587
588void hci_conn_hold_device(struct hci_conn *conn)
589{
590 atomic_inc(&conn->devref);
591}
592EXPORT_SYMBOL(hci_conn_hold_device);
593
594void hci_conn_put_device(struct hci_conn *conn)
595{
596 if (atomic_dec_and_test(&conn->devref))
597 hci_conn_del_sysfs(conn);
598}
599EXPORT_SYMBOL(hci_conn_put_device);
600
586int hci_get_conn_list(void __user *arg) 601int hci_get_conn_list(void __user *arg)
587{ 602{
588 struct hci_conn_list_req req, *cl; 603 struct hci_conn_list_req req, *cl;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 406ad07cdea1..e1da8f68759c 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -911,7 +911,7 @@ int hci_register_dev(struct hci_dev *hdev)
911 hdev->reassembly[i] = NULL; 911 hdev->reassembly[i] = NULL;
912 912
913 init_waitqueue_head(&hdev->req_wait_q); 913 init_waitqueue_head(&hdev->req_wait_q);
914 init_MUTEX(&hdev->req_lock); 914 mutex_init(&hdev->req_lock);
915 915
916 inquiry_cache_init(hdev); 916 inquiry_cache_init(hdev);
917 917
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 184ba0a88ec0..e99fe385fba2 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -887,6 +887,7 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
887 } else 887 } else
888 conn->state = BT_CONNECTED; 888 conn->state = BT_CONNECTED;
889 889
890 hci_conn_hold_device(conn);
890 hci_conn_add_sysfs(conn); 891 hci_conn_add_sysfs(conn);
891 892
892 if (test_bit(HCI_AUTH, &hdev->flags)) 893 if (test_bit(HCI_AUTH, &hdev->flags))
@@ -1693,6 +1694,7 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
1693 conn->handle = __le16_to_cpu(ev->handle); 1694 conn->handle = __le16_to_cpu(ev->handle);
1694 conn->state = BT_CONNECTED; 1695 conn->state = BT_CONNECTED;
1695 1696
1697 hci_conn_hold_device(conn);
1696 hci_conn_add_sysfs(conn); 1698 hci_conn_add_sysfs(conn);
1697 break; 1699 break;
1698 1700
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index b18676870d55..09bedeb5579c 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -40,6 +40,7 @@
40 40
41#include <linux/input.h> 41#include <linux/input.h>
42#include <linux/hid.h> 42#include <linux/hid.h>
43#include <linux/hidraw.h>
43 44
44#include <net/bluetooth/bluetooth.h> 45#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h> 46#include <net/bluetooth/hci_core.h>
@@ -92,10 +93,14 @@ static void __hidp_link_session(struct hidp_session *session)
92{ 93{
93 __module_get(THIS_MODULE); 94 __module_get(THIS_MODULE);
94 list_add(&session->list, &hidp_session_list); 95 list_add(&session->list, &hidp_session_list);
96
97 hci_conn_hold_device(session->conn);
95} 98}
96 99
97static void __hidp_unlink_session(struct hidp_session *session) 100static void __hidp_unlink_session(struct hidp_session *session)
98{ 101{
102 hci_conn_put_device(session->conn);
103
99 list_del(&session->list); 104 list_del(&session->list);
100 module_put(THIS_MODULE); 105 module_put(THIS_MODULE);
101} 106}
@@ -374,6 +379,7 @@ static void hidp_process_hid_control(struct hidp_session *session,
374 379
375 /* Kill session thread */ 380 /* Kill session thread */
376 atomic_inc(&session->terminate); 381 atomic_inc(&session->terminate);
382 hidp_schedule(session);
377 } 383 }
378} 384}
379 385
@@ -573,7 +579,11 @@ static int hidp_session(void *arg)
573 if (session->hid) { 579 if (session->hid) {
574 if (session->hid->claimed & HID_CLAIMED_INPUT) 580 if (session->hid->claimed & HID_CLAIMED_INPUT)
575 hidinput_disconnect(session->hid); 581 hidinput_disconnect(session->hid);
582 if (session->hid->claimed & HID_CLAIMED_HIDRAW)
583 hidraw_disconnect(session->hid);
584
576 hid_destroy_device(session->hid); 585 hid_destroy_device(session->hid);
586 session->hid = NULL;
577 } 587 }
578 588
579 /* Wakeup user-space polling for socket errors */ 589 /* Wakeup user-space polling for socket errors */
@@ -601,25 +611,27 @@ static struct device *hidp_get_device(struct hidp_session *session)
601{ 611{
602 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 612 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
603 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 613 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
614 struct device *device = NULL;
604 struct hci_dev *hdev; 615 struct hci_dev *hdev;
605 struct hci_conn *conn;
606 616
607 hdev = hci_get_route(dst, src); 617 hdev = hci_get_route(dst, src);
608 if (!hdev) 618 if (!hdev)
609 return NULL; 619 return NULL;
610 620
611 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 621 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
622 if (session->conn)
623 device = &session->conn->dev;
612 624
613 hci_dev_put(hdev); 625 hci_dev_put(hdev);
614 626
615 return conn ? &conn->dev : NULL; 627 return device;
616} 628}
617 629
618static int hidp_setup_input(struct hidp_session *session, 630static int hidp_setup_input(struct hidp_session *session,
619 struct hidp_connadd_req *req) 631 struct hidp_connadd_req *req)
620{ 632{
621 struct input_dev *input; 633 struct input_dev *input;
622 int i; 634 int err, i;
623 635
624 input = input_allocate_device(); 636 input = input_allocate_device();
625 if (!input) 637 if (!input)
@@ -666,7 +678,13 @@ static int hidp_setup_input(struct hidp_session *session,
666 678
667 input->event = hidp_input_event; 679 input->event = hidp_input_event;
668 680
669 return input_register_device(input); 681 err = input_register_device(input);
682 if (err < 0) {
683 hci_conn_put_device(session->conn);
684 return err;
685 }
686
687 return 0;
670} 688}
671 689
672static int hidp_open(struct hid_device *hid) 690static int hidp_open(struct hid_device *hid)
@@ -748,13 +766,11 @@ static int hidp_setup_hid(struct hidp_session *session,
748{ 766{
749 struct hid_device *hid; 767 struct hid_device *hid;
750 bdaddr_t src, dst; 768 bdaddr_t src, dst;
751 int ret; 769 int err;
752 770
753 hid = hid_allocate_device(); 771 hid = hid_allocate_device();
754 if (IS_ERR(hid)) { 772 if (IS_ERR(hid))
755 ret = PTR_ERR(session->hid); 773 return PTR_ERR(session->hid);
756 goto err;
757 }
758 774
759 session->hid = hid; 775 session->hid = hid;
760 session->req = req; 776 session->req = req;
@@ -776,16 +792,17 @@ static int hidp_setup_hid(struct hidp_session *session,
776 hid->dev.parent = hidp_get_device(session); 792 hid->dev.parent = hidp_get_device(session);
777 hid->ll_driver = &hidp_hid_driver; 793 hid->ll_driver = &hidp_hid_driver;
778 794
779 ret = hid_add_device(hid); 795 err = hid_add_device(hid);
780 if (ret) 796 if (err < 0)
781 goto err_hid; 797 goto failed;
782 798
783 return 0; 799 return 0;
784err_hid: 800
801failed:
785 hid_destroy_device(hid); 802 hid_destroy_device(hid);
786 session->hid = NULL; 803 session->hid = NULL;
787err: 804
788 return ret; 805 return err;
789} 806}
790 807
791int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 808int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
@@ -835,13 +852,13 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
835 if (req->rd_size > 0) { 852 if (req->rd_size > 0) {
836 err = hidp_setup_hid(session, req); 853 err = hidp_setup_hid(session, req);
837 if (err && err != -ENODEV) 854 if (err && err != -ENODEV)
838 goto err_skb; 855 goto purge;
839 } 856 }
840 857
841 if (!session->hid) { 858 if (!session->hid) {
842 err = hidp_setup_input(session, req); 859 err = hidp_setup_input(session, req);
843 if (err < 0) 860 if (err < 0)
844 goto err_skb; 861 goto purge;
845 } 862 }
846 863
847 __hidp_link_session(session); 864 __hidp_link_session(session);
@@ -869,13 +886,20 @@ unlink:
869 886
870 __hidp_unlink_session(session); 887 __hidp_unlink_session(session);
871 888
872 if (session->input) 889 if (session->input) {
873 input_unregister_device(session->input); 890 input_unregister_device(session->input);
874 if (session->hid) 891 session->input = NULL;
892 }
893
894 if (session->hid) {
875 hid_destroy_device(session->hid); 895 hid_destroy_device(session->hid);
876err_skb: 896 session->hid = NULL;
897 }
898
899purge:
877 skb_queue_purge(&session->ctrl_transmit); 900 skb_queue_purge(&session->ctrl_transmit);
878 skb_queue_purge(&session->intr_transmit); 901 skb_queue_purge(&session->intr_transmit);
902
879failed: 903failed:
880 up_write(&hidp_session_sem); 904 up_write(&hidp_session_sem);
881 905
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index e503c89057ad..faf3d74c3586 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -126,6 +126,8 @@ int hidp_get_conninfo(struct hidp_conninfo *ci);
126struct hidp_session { 126struct hidp_session {
127 struct list_head list; 127 struct list_head list;
128 128
129 struct hci_conn *conn;
130
129 struct socket *ctrl_sock; 131 struct socket *ctrl_sock;
130 struct socket *intr_sock; 132 struct socket *intr_sock;
131 133
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index bd0a4c1bced0..b03012564647 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -41,6 +41,7 @@
41#include <linux/list.h> 41#include <linux/list.h>
42#include <linux/device.h> 42#include <linux/device.h>
43#include <linux/uaccess.h> 43#include <linux/uaccess.h>
44#include <linux/crc16.h>
44#include <net/sock.h> 45#include <net/sock.h>
45 46
46#include <asm/system.h> 47#include <asm/system.h>
@@ -50,7 +51,9 @@
50#include <net/bluetooth/hci_core.h> 51#include <net/bluetooth/hci_core.h>
51#include <net/bluetooth/l2cap.h> 52#include <net/bluetooth/l2cap.h>
52 53
53#define VERSION "2.13" 54#define VERSION "2.14"
55
56static int enable_ertm = 0;
54 57
55static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 58static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
56static u8 l2cap_fixed_chan[8] = { 0x02, }; 59static u8 l2cap_fixed_chan[8] = { 0x02, };
@@ -331,6 +334,48 @@ static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16
331 return hci_send_acl(conn->hcon, skb, 0); 334 return hci_send_acl(conn->hcon, skb, 0);
332} 335}
333 336
337static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
338{
339 struct sk_buff *skb;
340 struct l2cap_hdr *lh;
341 struct l2cap_conn *conn = pi->conn;
342 int count, hlen = L2CAP_HDR_SIZE + 2;
343
344 if (pi->fcs == L2CAP_FCS_CRC16)
345 hlen += 2;
346
347 BT_DBG("pi %p, control 0x%2.2x", pi, control);
348
349 count = min_t(unsigned int, conn->mtu, hlen);
350 control |= L2CAP_CTRL_FRAME_TYPE;
351
352 skb = bt_skb_alloc(count, GFP_ATOMIC);
353 if (!skb)
354 return -ENOMEM;
355
356 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
357 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
358 lh->cid = cpu_to_le16(pi->dcid);
359 put_unaligned_le16(control, skb_put(skb, 2));
360
361 if (pi->fcs == L2CAP_FCS_CRC16) {
362 u16 fcs = crc16(0, (u8 *)lh, count - 2);
363 put_unaligned_le16(fcs, skb_put(skb, 2));
364 }
365
366 return hci_send_acl(pi->conn->hcon, skb, 0);
367}
368
369static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
370{
371 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY)
372 control |= L2CAP_SUPER_RCV_NOT_READY;
373 else
374 control |= L2CAP_SUPER_RCV_READY;
375
376 return l2cap_send_sframe(pi, control);
377}
378
334static void l2cap_do_start(struct sock *sk) 379static void l2cap_do_start(struct sock *sk)
335{ 380{
336 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 381 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
@@ -364,6 +409,16 @@ static void l2cap_do_start(struct sock *sk)
364 } 409 }
365} 410}
366 411
412static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
413{
414 struct l2cap_disconn_req req;
415
416 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
417 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
418 l2cap_send_cmd(conn, l2cap_get_ident(conn),
419 L2CAP_DISCONN_REQ, sizeof(req), &req);
420}
421
367/* ---- L2CAP connections ---- */ 422/* ---- L2CAP connections ---- */
368static void l2cap_conn_start(struct l2cap_conn *conn) 423static void l2cap_conn_start(struct l2cap_conn *conn)
369{ 424{
@@ -648,15 +703,10 @@ static void __l2cap_sock_close(struct sock *sk, int reason)
648 case BT_CONFIG: 703 case BT_CONFIG:
649 if (sk->sk_type == SOCK_SEQPACKET) { 704 if (sk->sk_type == SOCK_SEQPACKET) {
650 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 705 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
651 struct l2cap_disconn_req req;
652 706
653 sk->sk_state = BT_DISCONN; 707 sk->sk_state = BT_DISCONN;
654 l2cap_sock_set_timer(sk, sk->sk_sndtimeo); 708 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
655 709 l2cap_send_disconn_req(conn, sk);
656 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
657 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
658 l2cap_send_cmd(conn, l2cap_get_ident(conn),
659 L2CAP_DISCONN_REQ, sizeof(req), &req);
660 } else 710 } else
661 l2cap_chan_del(sk, reason); 711 l2cap_chan_del(sk, reason);
662 break; 712 break;
@@ -715,12 +765,16 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
715 765
716 pi->imtu = l2cap_pi(parent)->imtu; 766 pi->imtu = l2cap_pi(parent)->imtu;
717 pi->omtu = l2cap_pi(parent)->omtu; 767 pi->omtu = l2cap_pi(parent)->omtu;
768 pi->mode = l2cap_pi(parent)->mode;
769 pi->fcs = l2cap_pi(parent)->fcs;
718 pi->sec_level = l2cap_pi(parent)->sec_level; 770 pi->sec_level = l2cap_pi(parent)->sec_level;
719 pi->role_switch = l2cap_pi(parent)->role_switch; 771 pi->role_switch = l2cap_pi(parent)->role_switch;
720 pi->force_reliable = l2cap_pi(parent)->force_reliable; 772 pi->force_reliable = l2cap_pi(parent)->force_reliable;
721 } else { 773 } else {
722 pi->imtu = L2CAP_DEFAULT_MTU; 774 pi->imtu = L2CAP_DEFAULT_MTU;
723 pi->omtu = 0; 775 pi->omtu = 0;
776 pi->mode = L2CAP_MODE_BASIC;
777 pi->fcs = L2CAP_FCS_CRC16;
724 pi->sec_level = BT_SECURITY_LOW; 778 pi->sec_level = BT_SECURITY_LOW;
725 pi->role_switch = 0; 779 pi->role_switch = 0;
726 pi->force_reliable = 0; 780 pi->force_reliable = 0;
@@ -956,6 +1010,19 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
956 goto done; 1010 goto done;
957 } 1011 }
958 1012
1013 switch (l2cap_pi(sk)->mode) {
1014 case L2CAP_MODE_BASIC:
1015 break;
1016 case L2CAP_MODE_ERTM:
1017 case L2CAP_MODE_STREAMING:
1018 if (enable_ertm)
1019 break;
1020 /* fall through */
1021 default:
1022 err = -ENOTSUPP;
1023 goto done;
1024 }
1025
959 switch (sk->sk_state) { 1026 switch (sk->sk_state) {
960 case BT_CONNECT: 1027 case BT_CONNECT:
961 case BT_CONNECT2: 1028 case BT_CONNECT2:
@@ -1007,6 +1074,19 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
1007 goto done; 1074 goto done;
1008 } 1075 }
1009 1076
1077 switch (l2cap_pi(sk)->mode) {
1078 case L2CAP_MODE_BASIC:
1079 break;
1080 case L2CAP_MODE_ERTM:
1081 case L2CAP_MODE_STREAMING:
1082 if (enable_ertm)
1083 break;
1084 /* fall through */
1085 default:
1086 err = -ENOTSUPP;
1087 goto done;
1088 }
1089
1010 if (!l2cap_pi(sk)->psm) { 1090 if (!l2cap_pi(sk)->psm) {
1011 bdaddr_t *src = &bt_sk(sk)->src; 1091 bdaddr_t *src = &bt_sk(sk)->src;
1012 u16 psm; 1092 u16 psm;
@@ -1117,39 +1197,219 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
1117 return 0; 1197 return 0;
1118} 1198}
1119 1199
1120static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len) 1200static void l2cap_monitor_timeout(unsigned long arg)
1121{ 1201{
1122 struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1202 struct sock *sk = (void *) arg;
1123 struct sk_buff *skb, **frag; 1203 u16 control;
1124 int err, hlen, count, sent = 0;
1125 struct l2cap_hdr *lh;
1126 1204
1127 BT_DBG("sk %p len %d", sk, len); 1205 bh_lock_sock(sk);
1206 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1207 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1208 return;
1209 }
1128 1210
1129 /* First fragment (with L2CAP header) */ 1211 l2cap_pi(sk)->retry_count++;
1130 if (sk->sk_type == SOCK_DGRAM) 1212 __mod_monitor_timer();
1131 hlen = L2CAP_HDR_SIZE + 2;
1132 else
1133 hlen = L2CAP_HDR_SIZE;
1134 1213
1135 count = min_t(unsigned int, (conn->mtu - hlen), len); 1214 control = L2CAP_CTRL_POLL;
1215 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1216 bh_unlock_sock(sk);
1217}
1136 1218
1137 skb = bt_skb_send_alloc(sk, hlen + count, 1219static void l2cap_retrans_timeout(unsigned long arg)
1138 msg->msg_flags & MSG_DONTWAIT, &err); 1220{
1139 if (!skb) 1221 struct sock *sk = (void *) arg;
1140 return err; 1222 u16 control;
1141 1223
1142 /* Create L2CAP header */ 1224 bh_lock_sock(sk);
1143 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 1225 l2cap_pi(sk)->retry_count = 1;
1144 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid); 1226 __mod_monitor_timer();
1145 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); 1227
1228 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1229
1230 control = L2CAP_CTRL_POLL;
1231 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1232 bh_unlock_sock(sk);
1233}
1234
1235static void l2cap_drop_acked_frames(struct sock *sk)
1236{
1237 struct sk_buff *skb;
1238
1239 while ((skb = skb_peek(TX_QUEUE(sk)))) {
1240 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1241 break;
1242
1243 skb = skb_dequeue(TX_QUEUE(sk));
1244 kfree_skb(skb);
1245
1246 l2cap_pi(sk)->unacked_frames--;
1247 }
1248
1249 if (!l2cap_pi(sk)->unacked_frames)
1250 del_timer(&l2cap_pi(sk)->retrans_timer);
1146 1251
1147 if (sk->sk_type == SOCK_DGRAM) 1252 return;
1148 put_unaligned(l2cap_pi(sk)->psm, (__le16 *) skb_put(skb, 2)); 1253}
1254
1255static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1256{
1257 struct l2cap_pinfo *pi = l2cap_pi(sk);
1258 int err;
1259
1260 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1261
1262 err = hci_send_acl(pi->conn->hcon, skb, 0);
1263 if (err < 0)
1264 kfree_skb(skb);
1265
1266 return err;
1267}
1268
1269static int l2cap_streaming_send(struct sock *sk)
1270{
1271 struct sk_buff *skb, *tx_skb;
1272 struct l2cap_pinfo *pi = l2cap_pi(sk);
1273 u16 control, fcs;
1274 int err;
1275
1276 while ((skb = sk->sk_send_head)) {
1277 tx_skb = skb_clone(skb, GFP_ATOMIC);
1278
1279 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1280 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1281 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1282
1283 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1284 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1285 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1286 }
1287
1288 err = l2cap_do_send(sk, tx_skb);
1289 if (err < 0) {
1290 l2cap_send_disconn_req(pi->conn, sk);
1291 return err;
1292 }
1293
1294 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1295
1296 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1297 sk->sk_send_head = NULL;
1298 else
1299 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1300
1301 skb = skb_dequeue(TX_QUEUE(sk));
1302 kfree_skb(skb);
1303 }
1304 return 0;
1305}
1306
1307static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1308{
1309 struct l2cap_pinfo *pi = l2cap_pi(sk);
1310 struct sk_buff *skb, *tx_skb;
1311 u16 control, fcs;
1312 int err;
1313
1314 skb = skb_peek(TX_QUEUE(sk));
1315 do {
1316 if (bt_cb(skb)->tx_seq != tx_seq) {
1317 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1318 break;
1319 skb = skb_queue_next(TX_QUEUE(sk), skb);
1320 continue;
1321 }
1322
1323 if (pi->remote_max_tx &&
1324 bt_cb(skb)->retries == pi->remote_max_tx) {
1325 l2cap_send_disconn_req(pi->conn, sk);
1326 break;
1327 }
1328
1329 tx_skb = skb_clone(skb, GFP_ATOMIC);
1330 bt_cb(skb)->retries++;
1331 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1332 control |= (pi->req_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1333 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1334 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1335
1336 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1337 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1338 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1339 }
1340
1341 err = l2cap_do_send(sk, tx_skb);
1342 if (err < 0) {
1343 l2cap_send_disconn_req(pi->conn, sk);
1344 return err;
1345 }
1346 break;
1347 } while(1);
1348 return 0;
1349}
1350
1351static int l2cap_ertm_send(struct sock *sk)
1352{
1353 struct sk_buff *skb, *tx_skb;
1354 struct l2cap_pinfo *pi = l2cap_pi(sk);
1355 u16 control, fcs;
1356 int err;
1357
1358 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1359 return 0;
1360
1361 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))
1362 && !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1363 tx_skb = skb_clone(skb, GFP_ATOMIC);
1364
1365 if (pi->remote_max_tx &&
1366 bt_cb(skb)->retries == pi->remote_max_tx) {
1367 l2cap_send_disconn_req(pi->conn, sk);
1368 break;
1369 }
1370
1371 bt_cb(skb)->retries++;
1372
1373 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1374 control |= (pi->req_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1375 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1376 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1377
1378
1379 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1380 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1381 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1382 }
1383
1384 err = l2cap_do_send(sk, tx_skb);
1385 if (err < 0) {
1386 l2cap_send_disconn_req(pi->conn, sk);
1387 return err;
1388 }
1389 __mod_retrans_timer();
1390
1391 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1392 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1393
1394 pi->unacked_frames++;
1395
1396 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1397 sk->sk_send_head = NULL;
1398 else
1399 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1400 }
1401
1402 return 0;
1403}
1404
1405static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1406{
1407 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1408 struct sk_buff **frag;
1409 int err, sent = 0;
1149 1410
1150 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) { 1411 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1151 err = -EFAULT; 1412 return -EFAULT;
1152 goto fail;
1153 } 1413 }
1154 1414
1155 sent += count; 1415 sent += count;
@@ -1162,33 +1422,173 @@ static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
1162 1422
1163 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err); 1423 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1164 if (!*frag) 1424 if (!*frag)
1165 goto fail; 1425 return -EFAULT;
1166 1426 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1167 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) { 1427 return -EFAULT;
1168 err = -EFAULT;
1169 goto fail;
1170 }
1171 1428
1172 sent += count; 1429 sent += count;
1173 len -= count; 1430 len -= count;
1174 1431
1175 frag = &(*frag)->next; 1432 frag = &(*frag)->next;
1176 } 1433 }
1177 err = hci_send_acl(conn->hcon, skb, 0);
1178 if (err < 0)
1179 goto fail;
1180 1434
1181 return sent; 1435 return sent;
1436}
1182 1437
1183fail: 1438static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1184 kfree_skb(skb); 1439{
1185 return err; 1440 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1441 struct sk_buff *skb;
1442 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1443 struct l2cap_hdr *lh;
1444
1445 BT_DBG("sk %p len %d", sk, (int)len);
1446
1447 count = min_t(unsigned int, (conn->mtu - hlen), len);
1448 skb = bt_skb_send_alloc(sk, count + hlen,
1449 msg->msg_flags & MSG_DONTWAIT, &err);
1450 if (!skb)
1451 return ERR_PTR(-ENOMEM);
1452
1453 /* Create L2CAP header */
1454 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1455 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1456 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1457 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1458
1459 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1460 if (unlikely(err < 0)) {
1461 kfree_skb(skb);
1462 return ERR_PTR(err);
1463 }
1464 return skb;
1465}
1466
1467static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1468{
1469 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1470 struct sk_buff *skb;
1471 int err, count, hlen = L2CAP_HDR_SIZE;
1472 struct l2cap_hdr *lh;
1473
1474 BT_DBG("sk %p len %d", sk, (int)len);
1475
1476 count = min_t(unsigned int, (conn->mtu - hlen), len);
1477 skb = bt_skb_send_alloc(sk, count + hlen,
1478 msg->msg_flags & MSG_DONTWAIT, &err);
1479 if (!skb)
1480 return ERR_PTR(-ENOMEM);
1481
1482 /* Create L2CAP header */
1483 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1484 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1485 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1486
1487 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1488 if (unlikely(err < 0)) {
1489 kfree_skb(skb);
1490 return ERR_PTR(err);
1491 }
1492 return skb;
1493}
1494
1495static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1496{
1497 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1498 struct sk_buff *skb;
1499 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1500 struct l2cap_hdr *lh;
1501
1502 BT_DBG("sk %p len %d", sk, (int)len);
1503
1504 if (sdulen)
1505 hlen += 2;
1506
1507 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1508 hlen += 2;
1509
1510 count = min_t(unsigned int, (conn->mtu - hlen), len);
1511 skb = bt_skb_send_alloc(sk, count + hlen,
1512 msg->msg_flags & MSG_DONTWAIT, &err);
1513 if (!skb)
1514 return ERR_PTR(-ENOMEM);
1515
1516 /* Create L2CAP header */
1517 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1518 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1519 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1520 put_unaligned_le16(control, skb_put(skb, 2));
1521 if (sdulen)
1522 put_unaligned_le16(sdulen, skb_put(skb, 2));
1523
1524 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1525 if (unlikely(err < 0)) {
1526 kfree_skb(skb);
1527 return ERR_PTR(err);
1528 }
1529
1530 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1531 put_unaligned_le16(0, skb_put(skb, 2));
1532
1533 bt_cb(skb)->retries = 0;
1534 return skb;
1535}
1536
1537static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1538{
1539 struct l2cap_pinfo *pi = l2cap_pi(sk);
1540 struct sk_buff *skb;
1541 struct sk_buff_head sar_queue;
1542 u16 control;
1543 size_t size = 0;
1544
1545 __skb_queue_head_init(&sar_queue);
1546 control = L2CAP_SDU_START;
1547 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
1548 if (IS_ERR(skb))
1549 return PTR_ERR(skb);
1550
1551 __skb_queue_tail(&sar_queue, skb);
1552 len -= pi->max_pdu_size;
1553 size +=pi->max_pdu_size;
1554 control = 0;
1555
1556 while (len > 0) {
1557 size_t buflen;
1558
1559 if (len > pi->max_pdu_size) {
1560 control |= L2CAP_SDU_CONTINUE;
1561 buflen = pi->max_pdu_size;
1562 } else {
1563 control |= L2CAP_SDU_END;
1564 buflen = len;
1565 }
1566
1567 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1568 if (IS_ERR(skb)) {
1569 skb_queue_purge(&sar_queue);
1570 return PTR_ERR(skb);
1571 }
1572
1573 __skb_queue_tail(&sar_queue, skb);
1574 len -= buflen;
1575 size += buflen;
1576 control = 0;
1577 }
1578 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1579 if (sk->sk_send_head == NULL)
1580 sk->sk_send_head = sar_queue.next;
1581
1582 return size;
1186} 1583}
1187 1584
1188static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 1585static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1189{ 1586{
1190 struct sock *sk = sock->sk; 1587 struct sock *sk = sock->sk;
1191 int err = 0; 1588 struct l2cap_pinfo *pi = l2cap_pi(sk);
1589 struct sk_buff *skb;
1590 u16 control;
1591 int err;
1192 1592
1193 BT_DBG("sock %p, sk %p", sock, sk); 1593 BT_DBG("sock %p, sk %p", sock, sk);
1194 1594
@@ -1200,16 +1600,73 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1200 return -EOPNOTSUPP; 1600 return -EOPNOTSUPP;
1201 1601
1202 /* Check outgoing MTU */ 1602 /* Check outgoing MTU */
1203 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu) 1603 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC
1604 && len > pi->omtu)
1204 return -EINVAL; 1605 return -EINVAL;
1205 1606
1206 lock_sock(sk); 1607 lock_sock(sk);
1207 1608
1208 if (sk->sk_state == BT_CONNECTED) 1609 if (sk->sk_state != BT_CONNECTED) {
1209 err = l2cap_do_send(sk, msg, len);
1210 else
1211 err = -ENOTCONN; 1610 err = -ENOTCONN;
1611 goto done;
1612 }
1613
1614 /* Connectionless channel */
1615 if (sk->sk_type == SOCK_DGRAM) {
1616 skb = l2cap_create_connless_pdu(sk, msg, len);
1617 err = l2cap_do_send(sk, skb);
1618 goto done;
1619 }
1620
1621 switch (pi->mode) {
1622 case L2CAP_MODE_BASIC:
1623 /* Create a basic PDU */
1624 skb = l2cap_create_basic_pdu(sk, msg, len);
1625 if (IS_ERR(skb)) {
1626 err = PTR_ERR(skb);
1627 goto done;
1628 }
1629
1630 err = l2cap_do_send(sk, skb);
1631 if (!err)
1632 err = len;
1633 break;
1634
1635 case L2CAP_MODE_ERTM:
1636 case L2CAP_MODE_STREAMING:
1637 /* Entire SDU fits into one PDU */
1638 if (len <= pi->max_pdu_size) {
1639 control = L2CAP_SDU_UNSEGMENTED;
1640 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1641 if (IS_ERR(skb)) {
1642 err = PTR_ERR(skb);
1643 goto done;
1644 }
1645 __skb_queue_tail(TX_QUEUE(sk), skb);
1646 if (sk->sk_send_head == NULL)
1647 sk->sk_send_head = skb;
1648 } else {
1649 /* Segment SDU into multiples PDUs */
1650 err = l2cap_sar_segment_sdu(sk, msg, len);
1651 if (err < 0)
1652 goto done;
1653 }
1654
1655 if (pi->mode == L2CAP_MODE_STREAMING)
1656 err = l2cap_streaming_send(sk);
1657 else
1658 err = l2cap_ertm_send(sk);
1659
1660 if (!err)
1661 err = len;
1662 break;
1663
1664 default:
1665 BT_DBG("bad state %1.1x", pi->mode);
1666 err = -EINVAL;
1667 }
1212 1668
1669done:
1213 release_sock(sk); 1670 release_sock(sk);
1214 return err; 1671 return err;
1215} 1672}
@@ -1257,7 +1714,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1257 opts.imtu = l2cap_pi(sk)->imtu; 1714 opts.imtu = l2cap_pi(sk)->imtu;
1258 opts.omtu = l2cap_pi(sk)->omtu; 1715 opts.omtu = l2cap_pi(sk)->omtu;
1259 opts.flush_to = l2cap_pi(sk)->flush_to; 1716 opts.flush_to = l2cap_pi(sk)->flush_to;
1260 opts.mode = L2CAP_MODE_BASIC; 1717 opts.mode = l2cap_pi(sk)->mode;
1718 opts.fcs = l2cap_pi(sk)->fcs;
1261 1719
1262 len = min_t(unsigned int, sizeof(opts), optlen); 1720 len = min_t(unsigned int, sizeof(opts), optlen);
1263 if (copy_from_user((char *) &opts, optval, len)) { 1721 if (copy_from_user((char *) &opts, optval, len)) {
@@ -1265,8 +1723,10 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
1265 break; 1723 break;
1266 } 1724 }
1267 1725
1268 l2cap_pi(sk)->imtu = opts.imtu; 1726 l2cap_pi(sk)->imtu = opts.imtu;
1269 l2cap_pi(sk)->omtu = opts.omtu; 1727 l2cap_pi(sk)->omtu = opts.omtu;
1728 l2cap_pi(sk)->mode = opts.mode;
1729 l2cap_pi(sk)->fcs = opts.fcs;
1270 break; 1730 break;
1271 1731
1272 case L2CAP_LM: 1732 case L2CAP_LM:
@@ -1379,7 +1839,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
1379 opts.imtu = l2cap_pi(sk)->imtu; 1839 opts.imtu = l2cap_pi(sk)->imtu;
1380 opts.omtu = l2cap_pi(sk)->omtu; 1840 opts.omtu = l2cap_pi(sk)->omtu;
1381 opts.flush_to = l2cap_pi(sk)->flush_to; 1841 opts.flush_to = l2cap_pi(sk)->flush_to;
1382 opts.mode = L2CAP_MODE_BASIC; 1842 opts.mode = l2cap_pi(sk)->mode;
1843 opts.fcs = l2cap_pi(sk)->fcs;
1383 1844
1384 len = min_t(unsigned int, len, sizeof(opts)); 1845 len = min_t(unsigned int, len, sizeof(opts));
1385 if (copy_to_user(optval, (char *) &opts, len)) 1846 if (copy_to_user(optval, (char *) &opts, len))
@@ -1708,16 +2169,108 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1708 *ptr += L2CAP_CONF_OPT_SIZE + len; 2169 *ptr += L2CAP_CONF_OPT_SIZE + len;
1709} 2170}
1710 2171
2172static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2173{
2174 u32 local_feat_mask = l2cap_feat_mask;
2175 if (enable_ertm)
2176 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2177
2178 switch (mode) {
2179 case L2CAP_MODE_ERTM:
2180 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2181 case L2CAP_MODE_STREAMING:
2182 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2183 default:
2184 return 0x00;
2185 }
2186}
2187
2188static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2189{
2190 switch (mode) {
2191 case L2CAP_MODE_STREAMING:
2192 case L2CAP_MODE_ERTM:
2193 if (l2cap_mode_supported(mode, remote_feat_mask))
2194 return mode;
2195 /* fall through */
2196 default:
2197 return L2CAP_MODE_BASIC;
2198 }
2199}
2200
1711static int l2cap_build_conf_req(struct sock *sk, void *data) 2201static int l2cap_build_conf_req(struct sock *sk, void *data)
1712{ 2202{
1713 struct l2cap_pinfo *pi = l2cap_pi(sk); 2203 struct l2cap_pinfo *pi = l2cap_pi(sk);
1714 struct l2cap_conf_req *req = data; 2204 struct l2cap_conf_req *req = data;
2205 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_ERTM };
1715 void *ptr = req->data; 2206 void *ptr = req->data;
1716 2207
1717 BT_DBG("sk %p", sk); 2208 BT_DBG("sk %p", sk);
1718 2209
1719 if (pi->imtu != L2CAP_DEFAULT_MTU) 2210 if (pi->num_conf_req || pi->num_conf_rsp)
1720 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); 2211 goto done;
2212
2213 switch (pi->mode) {
2214 case L2CAP_MODE_STREAMING:
2215 case L2CAP_MODE_ERTM:
2216 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2217 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2218 l2cap_send_disconn_req(pi->conn, sk);
2219 break;
2220 default:
2221 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2222 break;
2223 }
2224
2225done:
2226 switch (pi->mode) {
2227 case L2CAP_MODE_BASIC:
2228 if (pi->imtu != L2CAP_DEFAULT_MTU)
2229 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2230 break;
2231
2232 case L2CAP_MODE_ERTM:
2233 rfc.mode = L2CAP_MODE_ERTM;
2234 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2235 rfc.max_transmit = L2CAP_DEFAULT_MAX_TX;
2236 rfc.retrans_timeout = 0;
2237 rfc.monitor_timeout = 0;
2238 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2239
2240 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2241 sizeof(rfc), (unsigned long) &rfc);
2242
2243 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2244 break;
2245
2246 if (pi->fcs == L2CAP_FCS_NONE ||
2247 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2248 pi->fcs = L2CAP_FCS_NONE;
2249 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2250 }
2251 break;
2252
2253 case L2CAP_MODE_STREAMING:
2254 rfc.mode = L2CAP_MODE_STREAMING;
2255 rfc.txwin_size = 0;
2256 rfc.max_transmit = 0;
2257 rfc.retrans_timeout = 0;
2258 rfc.monitor_timeout = 0;
2259 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2260
2261 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2262 sizeof(rfc), (unsigned long) &rfc);
2263
2264 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2265 break;
2266
2267 if (pi->fcs == L2CAP_FCS_NONE ||
2268 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2269 pi->fcs = L2CAP_FCS_NONE;
2270 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2271 }
2272 break;
2273 }
1721 2274
1722 /* FIXME: Need actual value of the flush timeout */ 2275 /* FIXME: Need actual value of the flush timeout */
1723 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO) 2276 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
@@ -1767,6 +2320,12 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1767 memcpy(&rfc, (void *) val, olen); 2320 memcpy(&rfc, (void *) val, olen);
1768 break; 2321 break;
1769 2322
2323 case L2CAP_CONF_FCS:
2324 if (val == L2CAP_FCS_NONE)
2325 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2326
2327 break;
2328
1770 default: 2329 default:
1771 if (hint) 2330 if (hint)
1772 break; 2331 break;
@@ -1777,30 +2336,83 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1777 } 2336 }
1778 } 2337 }
1779 2338
2339 if (pi->num_conf_rsp || pi->num_conf_req)
2340 goto done;
2341
2342 switch (pi->mode) {
2343 case L2CAP_MODE_STREAMING:
2344 case L2CAP_MODE_ERTM:
2345 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2346 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2347 return -ECONNREFUSED;
2348 break;
2349 default:
2350 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2351 break;
2352 }
2353
2354done:
2355 if (pi->mode != rfc.mode) {
2356 result = L2CAP_CONF_UNACCEPT;
2357 rfc.mode = pi->mode;
2358
2359 if (pi->num_conf_rsp == 1)
2360 return -ECONNREFUSED;
2361
2362 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2363 sizeof(rfc), (unsigned long) &rfc);
2364 }
2365
2366
1780 if (result == L2CAP_CONF_SUCCESS) { 2367 if (result == L2CAP_CONF_SUCCESS) {
1781 /* Configure output options and let the other side know 2368 /* Configure output options and let the other side know
1782 * which ones we don't like. */ 2369 * which ones we don't like. */
1783 2370
1784 if (rfc.mode == L2CAP_MODE_BASIC) { 2371 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1785 if (mtu < pi->omtu) 2372 result = L2CAP_CONF_UNACCEPT;
1786 result = L2CAP_CONF_UNACCEPT; 2373 else {
1787 else { 2374 pi->omtu = mtu;
1788 pi->omtu = mtu; 2375 pi->conf_state |= L2CAP_CONF_MTU_DONE;
1789 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE; 2376 }
1790 } 2377 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1791 2378
1792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); 2379 switch (rfc.mode) {
1793 } else { 2380 case L2CAP_MODE_BASIC:
2381 pi->fcs = L2CAP_FCS_NONE;
2382 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2383 break;
2384
2385 case L2CAP_MODE_ERTM:
2386 pi->remote_tx_win = rfc.txwin_size;
2387 pi->remote_max_tx = rfc.max_transmit;
2388 pi->max_pdu_size = rfc.max_pdu_size;
2389
2390 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
2391 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
2392
2393 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2394 break;
2395
2396 case L2CAP_MODE_STREAMING:
2397 pi->remote_tx_win = rfc.txwin_size;
2398 pi->max_pdu_size = rfc.max_pdu_size;
2399
2400 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2401 break;
2402
2403 default:
1794 result = L2CAP_CONF_UNACCEPT; 2404 result = L2CAP_CONF_UNACCEPT;
1795 2405
1796 memset(&rfc, 0, sizeof(rfc)); 2406 memset(&rfc, 0, sizeof(rfc));
1797 rfc.mode = L2CAP_MODE_BASIC; 2407 rfc.mode = pi->mode;
1798
1799 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1800 sizeof(rfc), (unsigned long) &rfc);
1801 } 2408 }
1802 }
1803 2409
2410 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2411 sizeof(rfc), (unsigned long) &rfc);
2412
2413 if (result == L2CAP_CONF_SUCCESS)
2414 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2415 }
1804 rsp->scid = cpu_to_le16(pi->dcid); 2416 rsp->scid = cpu_to_le16(pi->dcid);
1805 rsp->result = cpu_to_le16(result); 2417 rsp->result = cpu_to_le16(result);
1806 rsp->flags = cpu_to_le16(0x0000); 2418 rsp->flags = cpu_to_le16(0x0000);
@@ -1808,6 +2420,73 @@ static int l2cap_parse_conf_req(struct sock *sk, void *data)
1808 return ptr - data; 2420 return ptr - data;
1809} 2421}
1810 2422
2423static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2424{
2425 struct l2cap_pinfo *pi = l2cap_pi(sk);
2426 struct l2cap_conf_req *req = data;
2427 void *ptr = req->data;
2428 int type, olen;
2429 unsigned long val;
2430 struct l2cap_conf_rfc rfc;
2431
2432 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2433
2434 while (len >= L2CAP_CONF_OPT_SIZE) {
2435 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2436
2437 switch (type) {
2438 case L2CAP_CONF_MTU:
2439 if (val < L2CAP_DEFAULT_MIN_MTU) {
2440 *result = L2CAP_CONF_UNACCEPT;
2441 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2442 } else
2443 pi->omtu = val;
2444 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2445 break;
2446
2447 case L2CAP_CONF_FLUSH_TO:
2448 pi->flush_to = val;
2449 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2450 2, pi->flush_to);
2451 break;
2452
2453 case L2CAP_CONF_RFC:
2454 if (olen == sizeof(rfc))
2455 memcpy(&rfc, (void *)val, olen);
2456
2457 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2458 rfc.mode != pi->mode)
2459 return -ECONNREFUSED;
2460
2461 pi->mode = rfc.mode;
2462 pi->fcs = 0;
2463
2464 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2465 sizeof(rfc), (unsigned long) &rfc);
2466 break;
2467 }
2468 }
2469
2470 if (*result == L2CAP_CONF_SUCCESS) {
2471 switch (rfc.mode) {
2472 case L2CAP_MODE_ERTM:
2473 pi->remote_tx_win = rfc.txwin_size;
2474 pi->retrans_timeout = rfc.retrans_timeout;
2475 pi->monitor_timeout = rfc.monitor_timeout;
2476 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2477 break;
2478 case L2CAP_MODE_STREAMING:
2479 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2480 break;
2481 }
2482 }
2483
2484 req->dcid = cpu_to_le16(pi->dcid);
2485 req->flags = cpu_to_le16(0x0000);
2486
2487 return ptr - data;
2488}
2489
1811static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags) 2490static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
1812{ 2491{
1813 struct l2cap_conf_rsp *rsp = data; 2492 struct l2cap_conf_rsp *rsp = data;
@@ -1994,6 +2673,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
1994 2673
1995 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2674 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1996 l2cap_build_conf_req(sk, req), req); 2675 l2cap_build_conf_req(sk, req), req);
2676 l2cap_pi(sk)->num_conf_req++;
1997 break; 2677 break;
1998 2678
1999 case L2CAP_CR_PEND: 2679 case L2CAP_CR_PEND:
@@ -2052,10 +2732,13 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2052 2732
2053 /* Complete config. */ 2733 /* Complete config. */
2054 len = l2cap_parse_conf_req(sk, rsp); 2734 len = l2cap_parse_conf_req(sk, rsp);
2055 if (len < 0) 2735 if (len < 0) {
2736 l2cap_send_disconn_req(conn, sk);
2056 goto unlock; 2737 goto unlock;
2738 }
2057 2739
2058 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 2740 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2741 l2cap_pi(sk)->num_conf_rsp++;
2059 2742
2060 /* Reset config buffer. */ 2743 /* Reset config buffer. */
2061 l2cap_pi(sk)->conf_len = 0; 2744 l2cap_pi(sk)->conf_len = 0;
@@ -2064,7 +2747,22 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2064 goto unlock; 2747 goto unlock;
2065 2748
2066 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { 2749 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2750 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV)
2751 || l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2752 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2753
2067 sk->sk_state = BT_CONNECTED; 2754 sk->sk_state = BT_CONNECTED;
2755 l2cap_pi(sk)->next_tx_seq = 0;
2756 l2cap_pi(sk)->expected_ack_seq = 0;
2757 l2cap_pi(sk)->unacked_frames = 0;
2758
2759 setup_timer(&l2cap_pi(sk)->retrans_timer,
2760 l2cap_retrans_timeout, (unsigned long) sk);
2761 setup_timer(&l2cap_pi(sk)->monitor_timer,
2762 l2cap_monitor_timeout, (unsigned long) sk);
2763
2764 __skb_queue_head_init(TX_QUEUE(sk));
2765 __skb_queue_head_init(SREJ_QUEUE(sk));
2068 l2cap_chan_ready(sk); 2766 l2cap_chan_ready(sk);
2069 goto unlock; 2767 goto unlock;
2070 } 2768 }
@@ -2073,6 +2771,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2073 u8 buf[64]; 2771 u8 buf[64];
2074 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2772 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2075 l2cap_build_conf_req(sk, buf), buf); 2773 l2cap_build_conf_req(sk, buf), buf);
2774 l2cap_pi(sk)->num_conf_req++;
2076 } 2775 }
2077 2776
2078unlock: 2777unlock:
@@ -2102,29 +2801,32 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2102 break; 2801 break;
2103 2802
2104 case L2CAP_CONF_UNACCEPT: 2803 case L2CAP_CONF_UNACCEPT:
2105 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) { 2804 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2106 char req[128]; 2805 int len = cmd->len - sizeof(*rsp);
2107 /* It does not make sense to adjust L2CAP parameters 2806 char req[64];
2108 * that are currently defined in the spec. We simply 2807
2109 * resend config request that we sent earlier. It is 2808 /* throw out any old stored conf requests */
2110 * stupid, but it helps qualification testing which 2809 result = L2CAP_CONF_SUCCESS;
2111 * expects at least some response from us. */ 2810 len = l2cap_parse_conf_rsp(sk, rsp->data,
2112 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 2811 len, req, &result);
2113 l2cap_build_conf_req(sk, req), req); 2812 if (len < 0) {
2114 goto done; 2813 l2cap_send_disconn_req(conn, sk);
2814 goto done;
2815 }
2816
2817 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2818 L2CAP_CONF_REQ, len, req);
2819 l2cap_pi(sk)->num_conf_req++;
2820 if (result != L2CAP_CONF_SUCCESS)
2821 goto done;
2822 break;
2115 } 2823 }
2116 2824
2117 default: 2825 default:
2118 sk->sk_state = BT_DISCONN; 2826 sk->sk_state = BT_DISCONN;
2119 sk->sk_err = ECONNRESET; 2827 sk->sk_err = ECONNRESET;
2120 l2cap_sock_set_timer(sk, HZ * 5); 2828 l2cap_sock_set_timer(sk, HZ * 5);
2121 { 2829 l2cap_send_disconn_req(conn, sk);
2122 struct l2cap_disconn_req req;
2123 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
2124 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
2125 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2126 L2CAP_DISCONN_REQ, sizeof(req), &req);
2127 }
2128 goto done; 2830 goto done;
2129 } 2831 }
2130 2832
@@ -2134,7 +2836,16 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2134 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; 2836 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2135 2837
2136 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { 2838 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2839 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV)
2840 || l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2841 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2842
2137 sk->sk_state = BT_CONNECTED; 2843 sk->sk_state = BT_CONNECTED;
2844 l2cap_pi(sk)->expected_tx_seq = 0;
2845 l2cap_pi(sk)->buffer_seq = 0;
2846 l2cap_pi(sk)->num_to_ack = 0;
2847 __skb_queue_head_init(TX_QUEUE(sk));
2848 __skb_queue_head_init(SREJ_QUEUE(sk));
2138 l2cap_chan_ready(sk); 2849 l2cap_chan_ready(sk);
2139 } 2850 }
2140 2851
@@ -2165,6 +2876,11 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2165 2876
2166 sk->sk_shutdown = SHUTDOWN_MASK; 2877 sk->sk_shutdown = SHUTDOWN_MASK;
2167 2878
2879 skb_queue_purge(TX_QUEUE(sk));
2880 skb_queue_purge(SREJ_QUEUE(sk));
2881 del_timer(&l2cap_pi(sk)->retrans_timer);
2882 del_timer(&l2cap_pi(sk)->monitor_timer);
2883
2168 l2cap_chan_del(sk, ECONNRESET); 2884 l2cap_chan_del(sk, ECONNRESET);
2169 bh_unlock_sock(sk); 2885 bh_unlock_sock(sk);
2170 2886
@@ -2187,6 +2903,11 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2187 if (!sk) 2903 if (!sk)
2188 return 0; 2904 return 0;
2189 2905
2906 skb_queue_purge(TX_QUEUE(sk));
2907 skb_queue_purge(SREJ_QUEUE(sk));
2908 del_timer(&l2cap_pi(sk)->retrans_timer);
2909 del_timer(&l2cap_pi(sk)->monitor_timer);
2910
2190 l2cap_chan_del(sk, 0); 2911 l2cap_chan_del(sk, 0);
2191 bh_unlock_sock(sk); 2912 bh_unlock_sock(sk);
2192 2913
@@ -2205,10 +2926,14 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
2205 2926
2206 if (type == L2CAP_IT_FEAT_MASK) { 2927 if (type == L2CAP_IT_FEAT_MASK) {
2207 u8 buf[8]; 2928 u8 buf[8];
2929 u32 feat_mask = l2cap_feat_mask;
2208 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 2930 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2209 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK); 2931 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2210 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); 2932 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2211 put_unaligned(cpu_to_le32(l2cap_feat_mask), (__le32 *) rsp->data); 2933 if (enable_ertm)
2934 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2935 | L2CAP_FEAT_FCS;
2936 put_unaligned_le32(feat_mask, rsp->data);
2212 l2cap_send_cmd(conn, cmd->ident, 2937 l2cap_send_cmd(conn, cmd->ident,
2213 L2CAP_INFO_RSP, sizeof(buf), buf); 2938 L2CAP_INFO_RSP, sizeof(buf), buf);
2214 } else if (type == L2CAP_IT_FIXED_CHAN) { 2939 } else if (type == L2CAP_IT_FIXED_CHAN) {
@@ -2359,9 +3084,374 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *sk
2359 kfree_skb(skb); 3084 kfree_skb(skb);
2360} 3085}
2361 3086
3087static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3088{
3089 u16 our_fcs, rcv_fcs;
3090 int hdr_size = L2CAP_HDR_SIZE + 2;
3091
3092 if (pi->fcs == L2CAP_FCS_CRC16) {
3093 skb_trim(skb, skb->len - 2);
3094 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3095 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3096
3097 if (our_fcs != rcv_fcs)
3098 return -EINVAL;
3099 }
3100 return 0;
3101}
3102
3103static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3104{
3105 struct sk_buff *next_skb;
3106
3107 bt_cb(skb)->tx_seq = tx_seq;
3108 bt_cb(skb)->sar = sar;
3109
3110 next_skb = skb_peek(SREJ_QUEUE(sk));
3111 if (!next_skb) {
3112 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3113 return;
3114 }
3115
3116 do {
3117 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3118 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3119 return;
3120 }
3121
3122 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3123 break;
3124
3125 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3126
3127 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3128}
3129
3130static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3131{
3132 struct l2cap_pinfo *pi = l2cap_pi(sk);
3133 struct sk_buff *_skb;
3134 int err = -EINVAL;
3135
3136 switch (control & L2CAP_CTRL_SAR) {
3137 case L2CAP_SDU_UNSEGMENTED:
3138 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3139 kfree_skb(pi->sdu);
3140 break;
3141 }
3142
3143 err = sock_queue_rcv_skb(sk, skb);
3144 if (!err)
3145 return 0;
3146
3147 break;
3148
3149 case L2CAP_SDU_START:
3150 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3151 kfree_skb(pi->sdu);
3152 break;
3153 }
3154
3155 pi->sdu_len = get_unaligned_le16(skb->data);
3156 skb_pull(skb, 2);
3157
3158 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3159 if (!pi->sdu) {
3160 err = -ENOMEM;
3161 break;
3162 }
3163
3164 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3165
3166 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3167 pi->partial_sdu_len = skb->len;
3168 err = 0;
3169 break;
3170
3171 case L2CAP_SDU_CONTINUE:
3172 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3173 break;
3174
3175 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3176
3177 pi->partial_sdu_len += skb->len;
3178 if (pi->partial_sdu_len > pi->sdu_len)
3179 kfree_skb(pi->sdu);
3180 else
3181 err = 0;
3182
3183 break;
3184
3185 case L2CAP_SDU_END:
3186 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3187 break;
3188
3189 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3190
3191 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3192 pi->partial_sdu_len += skb->len;
3193
3194 if (pi->partial_sdu_len == pi->sdu_len) {
3195 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3196 err = sock_queue_rcv_skb(sk, _skb);
3197 if (err < 0)
3198 kfree_skb(_skb);
3199 }
3200 kfree_skb(pi->sdu);
3201 err = 0;
3202
3203 break;
3204 }
3205
3206 kfree_skb(skb);
3207 return err;
3208}
3209
3210static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3211{
3212 struct sk_buff *skb;
3213 u16 control = 0;
3214
3215 while((skb = skb_peek(SREJ_QUEUE(sk)))) {
3216 if (bt_cb(skb)->tx_seq != tx_seq)
3217 break;
3218
3219 skb = skb_dequeue(SREJ_QUEUE(sk));
3220 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3221 l2cap_sar_reassembly_sdu(sk, skb, control);
3222 l2cap_pi(sk)->buffer_seq_srej =
3223 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3224 tx_seq++;
3225 }
3226}
3227
3228static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3229{
3230 struct l2cap_pinfo *pi = l2cap_pi(sk);
3231 struct srej_list *l, *tmp;
3232 u16 control;
3233
3234 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) {
3235 if (l->tx_seq == tx_seq) {
3236 list_del(&l->list);
3237 kfree(l);
3238 return;
3239 }
3240 control = L2CAP_SUPER_SELECT_REJECT;
3241 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3242 l2cap_send_sframe(pi, control);
3243 list_del(&l->list);
3244 list_add_tail(&l->list, SREJ_LIST(sk));
3245 }
3246}
3247
3248static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3249{
3250 struct l2cap_pinfo *pi = l2cap_pi(sk);
3251 struct srej_list *new;
3252 u16 control;
3253
3254 while (tx_seq != pi->expected_tx_seq) {
3255 control = L2CAP_SUPER_SELECT_REJECT;
3256 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3257 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
3258 control |= L2CAP_CTRL_POLL;
3259 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
3260 }
3261 l2cap_send_sframe(pi, control);
3262
3263 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3264 new->tx_seq = pi->expected_tx_seq++;
3265 list_add_tail(&new->list, SREJ_LIST(sk));
3266 }
3267 pi->expected_tx_seq++;
3268}
3269
3270static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3271{
3272 struct l2cap_pinfo *pi = l2cap_pi(sk);
3273 u8 tx_seq = __get_txseq(rx_control);
3274 u16 tx_control = 0;
3275 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3276 int err = 0;
3277
3278 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3279
3280 if (tx_seq == pi->expected_tx_seq)
3281 goto expected;
3282
3283 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3284 struct srej_list *first;
3285
3286 first = list_first_entry(SREJ_LIST(sk),
3287 struct srej_list, list);
3288 if (tx_seq == first->tx_seq) {
3289 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3290 l2cap_check_srej_gap(sk, tx_seq);
3291
3292 list_del(&first->list);
3293 kfree(first);
3294
3295 if (list_empty(SREJ_LIST(sk))) {
3296 pi->buffer_seq = pi->buffer_seq_srej;
3297 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3298 }
3299 } else {
3300 struct srej_list *l;
3301 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3302
3303 list_for_each_entry(l, SREJ_LIST(sk), list) {
3304 if (l->tx_seq == tx_seq) {
3305 l2cap_resend_srejframe(sk, tx_seq);
3306 return 0;
3307 }
3308 }
3309 l2cap_send_srejframe(sk, tx_seq);
3310 }
3311 } else {
3312 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3313
3314 INIT_LIST_HEAD(SREJ_LIST(sk));
3315 pi->buffer_seq_srej = pi->buffer_seq;
3316
3317 __skb_queue_head_init(SREJ_QUEUE(sk));
3318 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3319
3320 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3321
3322 l2cap_send_srejframe(sk, tx_seq);
3323 }
3324 return 0;
3325
3326expected:
3327 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3328
3329 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3330 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3331 return 0;
3332 }
3333
3334 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3335
3336 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3337 if (err < 0)
3338 return err;
3339
3340 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK;
3341 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1) {
3342 tx_control |= L2CAP_SUPER_RCV_READY;
3343 tx_control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3344 l2cap_send_sframe(pi, tx_control);
3345 }
3346 return 0;
3347}
3348
3349static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3350{
3351 struct l2cap_pinfo *pi = l2cap_pi(sk);
3352 u8 tx_seq = __get_reqseq(rx_control);
3353
3354 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3355
3356 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3357 case L2CAP_SUPER_RCV_READY:
3358 if (rx_control & L2CAP_CTRL_POLL) {
3359 u16 control = L2CAP_CTRL_FINAL;
3360 control |= L2CAP_SUPER_RCV_READY |
3361 (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT);
3362 l2cap_send_sframe(l2cap_pi(sk), control);
3363 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3364
3365 } else if (rx_control & L2CAP_CTRL_FINAL) {
3366 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3367 pi->expected_ack_seq = tx_seq;
3368 l2cap_drop_acked_frames(sk);
3369
3370 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3371 break;
3372
3373 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3374 del_timer(&pi->monitor_timer);
3375
3376 if (pi->unacked_frames > 0)
3377 __mod_retrans_timer();
3378 } else {
3379 pi->expected_ack_seq = tx_seq;
3380 l2cap_drop_acked_frames(sk);
3381
3382 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3383 && (pi->unacked_frames > 0))
3384 __mod_retrans_timer();
3385
3386 l2cap_ertm_send(sk);
3387 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3388 }
3389 break;
3390
3391 case L2CAP_SUPER_REJECT:
3392 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3393
3394 pi->expected_ack_seq = __get_reqseq(rx_control);
3395 l2cap_drop_acked_frames(sk);
3396
3397 sk->sk_send_head = TX_QUEUE(sk)->next;
3398 pi->next_tx_seq = pi->expected_ack_seq;
3399
3400 l2cap_ertm_send(sk);
3401
3402 break;
3403
3404 case L2CAP_SUPER_SELECT_REJECT:
3405 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3406
3407 if (rx_control & L2CAP_CTRL_POLL) {
3408 l2cap_retransmit_frame(sk, tx_seq);
3409 pi->expected_ack_seq = tx_seq;
3410 l2cap_drop_acked_frames(sk);
3411 l2cap_ertm_send(sk);
3412 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3413 pi->srej_save_reqseq = tx_seq;
3414 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3415 }
3416 } else if (rx_control & L2CAP_CTRL_FINAL) {
3417 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3418 pi->srej_save_reqseq == tx_seq)
3419 pi->srej_save_reqseq &= ~L2CAP_CONN_SREJ_ACT;
3420 else
3421 l2cap_retransmit_frame(sk, tx_seq);
3422 }
3423 else {
3424 l2cap_retransmit_frame(sk, tx_seq);
3425 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3426 pi->srej_save_reqseq = tx_seq;
3427 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3428 }
3429 }
3430 break;
3431
3432 case L2CAP_SUPER_RCV_NOT_READY:
3433 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3434 pi->expected_ack_seq = tx_seq;
3435 l2cap_drop_acked_frames(sk);
3436
3437 del_timer(&l2cap_pi(sk)->retrans_timer);
3438 if (rx_control & L2CAP_CTRL_POLL) {
3439 u16 control = L2CAP_CTRL_FINAL;
3440 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
3441 }
3442 break;
3443 }
3444
3445 return 0;
3446}
3447
2362static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb) 3448static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
2363{ 3449{
2364 struct sock *sk; 3450 struct sock *sk;
3451 struct l2cap_pinfo *pi;
3452 u16 control, len;
3453 u8 tx_seq;
3454 int err;
2365 3455
2366 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3456 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
2367 if (!sk) { 3457 if (!sk) {
@@ -2369,22 +3459,91 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
2369 goto drop; 3459 goto drop;
2370 } 3460 }
2371 3461
3462 pi = l2cap_pi(sk);
3463
2372 BT_DBG("sk %p, len %d", sk, skb->len); 3464 BT_DBG("sk %p, len %d", sk, skb->len);
2373 3465
2374 if (sk->sk_state != BT_CONNECTED) 3466 if (sk->sk_state != BT_CONNECTED)
2375 goto drop; 3467 goto drop;
2376 3468
2377 if (l2cap_pi(sk)->imtu < skb->len) 3469 switch (pi->mode) {
2378 goto drop; 3470 case L2CAP_MODE_BASIC:
3471 /* If socket recv buffers overflows we drop data here
3472 * which is *bad* because L2CAP has to be reliable.
3473 * But we don't have any other choice. L2CAP doesn't
3474 * provide flow control mechanism. */
2379 3475
2380 /* If socket recv buffers overflows we drop data here 3476 if (pi->imtu < skb->len)
2381 * which is *bad* because L2CAP has to be reliable. 3477 goto drop;
2382 * But we don't have any other choice. L2CAP doesn't 3478
2383 * provide flow control mechanism. */ 3479 if (!sock_queue_rcv_skb(sk, skb))
3480 goto done;
3481 break;
3482
3483 case L2CAP_MODE_ERTM:
3484 control = get_unaligned_le16(skb->data);
3485 skb_pull(skb, 2);
3486 len = skb->len;
3487
3488 if (__is_sar_start(control))
3489 len -= 2;
3490
3491 if (pi->fcs == L2CAP_FCS_CRC16)
3492 len -= 2;
3493
3494 /*
3495 * We can just drop the corrupted I-frame here.
3496 * Receiver will miss it and start proper recovery
3497 * procedures and ask retransmission.
3498 */
3499 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
3500 goto drop;
3501
3502 if (l2cap_check_fcs(pi, skb))
3503 goto drop;
3504
3505 if (__is_iframe(control))
3506 err = l2cap_data_channel_iframe(sk, control, skb);
3507 else
3508 err = l2cap_data_channel_sframe(sk, control, skb);
3509
3510 if (!err)
3511 goto done;
3512 break;
3513
3514 case L2CAP_MODE_STREAMING:
3515 control = get_unaligned_le16(skb->data);
3516 skb_pull(skb, 2);
3517 len = skb->len;
3518
3519 if (__is_sar_start(control))
3520 len -= 2;
3521
3522 if (pi->fcs == L2CAP_FCS_CRC16)
3523 len -= 2;
3524
3525 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || __is_sframe(control))
3526 goto drop;
3527
3528 if (l2cap_check_fcs(pi, skb))
3529 goto drop;
3530
3531 tx_seq = __get_txseq(control);
3532
3533 if (pi->expected_tx_seq == tx_seq)
3534 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3535 else
3536 pi->expected_tx_seq = tx_seq + 1;
3537
3538 err = l2cap_sar_reassembly_sdu(sk, skb, control);
2384 3539
2385 if (!sock_queue_rcv_skb(sk, skb))
2386 goto done; 3540 goto done;
2387 3541
3542 default:
3543 BT_DBG("sk %p: bad mode 0x%2.2x", sk, l2cap_pi(sk)->mode);
3544 break;
3545 }
3546
2388drop: 3547drop:
2389 kfree_skb(skb); 3548 kfree_skb(skb);
2390 3549
@@ -2433,6 +3592,11 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2433 cid = __le16_to_cpu(lh->cid); 3592 cid = __le16_to_cpu(lh->cid);
2434 len = __le16_to_cpu(lh->len); 3593 len = __le16_to_cpu(lh->len);
2435 3594
3595 if (len != skb->len) {
3596 kfree_skb(skb);
3597 return;
3598 }
3599
2436 BT_DBG("len %d, cid 0x%4.4x", len, cid); 3600 BT_DBG("len %d, cid 0x%4.4x", len, cid);
2437 3601
2438 switch (cid) { 3602 switch (cid) {
@@ -2441,7 +3605,7 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2441 break; 3605 break;
2442 3606
2443 case L2CAP_CID_CONN_LESS: 3607 case L2CAP_CID_CONN_LESS:
2444 psm = get_unaligned((__le16 *) skb->data); 3608 psm = get_unaligned_le16(skb->data);
2445 skb_pull(skb, 2); 3609 skb_pull(skb, 2);
2446 l2cap_conless_channel(conn, psm, skb); 3610 l2cap_conless_channel(conn, psm, skb);
2447 break; 3611 break;
@@ -2828,6 +3992,9 @@ EXPORT_SYMBOL(l2cap_load);
2828module_init(l2cap_init); 3992module_init(l2cap_init);
2829module_exit(l2cap_exit); 3993module_exit(l2cap_exit);
2830 3994
3995module_param(enable_ertm, bool, 0644);
3996MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
3997
2831MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 3998MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2832MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 3999MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2833MODULE_VERSION(VERSION); 4000MODULE_VERSION(VERSION);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 94b3388c188b..25692bc0a342 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -244,6 +244,33 @@ static inline int rfcomm_check_security(struct rfcomm_dlc *d)
244 auth_type); 244 auth_type);
245} 245}
246 246
247static void rfcomm_session_timeout(unsigned long arg)
248{
249 struct rfcomm_session *s = (void *) arg;
250
251 BT_DBG("session %p state %ld", s, s->state);
252
253 set_bit(RFCOMM_TIMED_OUT, &s->flags);
254 rfcomm_session_put(s);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
256}
257
258static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
259{
260 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
261
262 if (!mod_timer(&s->timer, jiffies + timeout))
263 rfcomm_session_hold(s);
264}
265
266static void rfcomm_session_clear_timer(struct rfcomm_session *s)
267{
268 BT_DBG("session %p state %ld", s, s->state);
269
270 if (timer_pending(&s->timer) && del_timer(&s->timer))
271 rfcomm_session_put(s);
272}
273
247/* ---- RFCOMM DLCs ---- */ 274/* ---- RFCOMM DLCs ---- */
248static void rfcomm_dlc_timeout(unsigned long arg) 275static void rfcomm_dlc_timeout(unsigned long arg)
249{ 276{
@@ -320,6 +347,7 @@ static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
320 347
321 rfcomm_session_hold(s); 348 rfcomm_session_hold(s);
322 349
350 rfcomm_session_clear_timer(s);
323 rfcomm_dlc_hold(d); 351 rfcomm_dlc_hold(d);
324 list_add(&d->list, &s->dlcs); 352 list_add(&d->list, &s->dlcs);
325 d->session = s; 353 d->session = s;
@@ -335,6 +363,9 @@ static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
335 d->session = NULL; 363 d->session = NULL;
336 rfcomm_dlc_put(d); 364 rfcomm_dlc_put(d);
337 365
366 if (list_empty(&s->dlcs))
367 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
368
338 rfcomm_session_put(s); 369 rfcomm_session_put(s);
339} 370}
340 371
@@ -567,6 +598,8 @@ static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
567 598
568 BT_DBG("session %p sock %p", s, sock); 599 BT_DBG("session %p sock %p", s, sock);
569 600
601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602
570 INIT_LIST_HEAD(&s->dlcs); 603 INIT_LIST_HEAD(&s->dlcs);
571 s->state = state; 604 s->state = state;
572 s->sock = sock; 605 s->sock = sock;
@@ -598,6 +631,7 @@ static void rfcomm_session_del(struct rfcomm_session *s)
598 if (state == BT_CONNECTED) 631 if (state == BT_CONNECTED)
599 rfcomm_send_disc(s, 0); 632 rfcomm_send_disc(s, 0);
600 633
634 rfcomm_session_clear_timer(s);
601 sock_release(s->sock); 635 sock_release(s->sock);
602 kfree(s); 636 kfree(s);
603 637
@@ -639,6 +673,7 @@ static void rfcomm_session_close(struct rfcomm_session *s, int err)
639 __rfcomm_dlc_close(d, err); 673 __rfcomm_dlc_close(d, err);
640 } 674 }
641 675
676 rfcomm_session_clear_timer(s);
642 rfcomm_session_put(s); 677 rfcomm_session_put(s);
643} 678}
644 679
@@ -1879,6 +1914,12 @@ static inline void rfcomm_process_sessions(void)
1879 struct rfcomm_session *s; 1914 struct rfcomm_session *s;
1880 s = list_entry(p, struct rfcomm_session, list); 1915 s = list_entry(p, struct rfcomm_session, list);
1881 1916
1917 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1918 s->state = BT_DISCONN;
1919 rfcomm_send_disc(s, 0);
1920 continue;
1921 }
1922
1882 if (s->state == BT_LISTEN) { 1923 if (s->state == BT_LISTEN) {
1883 rfcomm_accept_connection(s); 1924 rfcomm_accept_connection(s);
1884 continue; 1925 continue;
@@ -2080,7 +2121,7 @@ static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2080/* ---- Initialization ---- */ 2121/* ---- Initialization ---- */
2081static int __init rfcomm_init(void) 2122static int __init rfcomm_init(void)
2082{ 2123{
2083 int ret; 2124 int err;
2084 2125
2085 l2cap_load(); 2126 l2cap_load();
2086 2127
@@ -2088,33 +2129,35 @@ static int __init rfcomm_init(void)
2088 2129
2089 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2130 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2090 if (IS_ERR(rfcomm_thread)) { 2131 if (IS_ERR(rfcomm_thread)) {
2091 ret = PTR_ERR(rfcomm_thread); 2132 err = PTR_ERR(rfcomm_thread);
2092 goto out_thread; 2133 goto unregister;
2093 } 2134 }
2094 2135
2095 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2136 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2096 BT_ERR("Failed to create RFCOMM info file"); 2137 BT_ERR("Failed to create RFCOMM info file");
2097 2138
2098 ret = rfcomm_init_ttys(); 2139 err = rfcomm_init_ttys();
2099 if (ret) 2140 if (err < 0)
2100 goto out_tty; 2141 goto stop;
2101 2142
2102 ret = rfcomm_init_sockets(); 2143 err = rfcomm_init_sockets();
2103 if (ret) 2144 if (err < 0)
2104 goto out_sock; 2145 goto cleanup;
2105 2146
2106 BT_INFO("RFCOMM ver %s", VERSION); 2147 BT_INFO("RFCOMM ver %s", VERSION);
2107 2148
2108 return 0; 2149 return 0;
2109 2150
2110out_sock: 2151cleanup:
2111 rfcomm_cleanup_ttys(); 2152 rfcomm_cleanup_ttys();
2112out_tty: 2153
2154stop:
2113 kthread_stop(rfcomm_thread); 2155 kthread_stop(rfcomm_thread);
2114out_thread: 2156
2157unregister:
2115 hci_unregister_cb(&rfcomm_cb); 2158 hci_unregister_cb(&rfcomm_cb);
2116 2159
2117 return ret; 2160 return err;
2118} 2161}
2119 2162
2120static void __exit rfcomm_exit(void) 2163static void __exit rfcomm_exit(void)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 51ae0c3e470a..13c27f17192c 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -359,20 +359,9 @@ static void sco_sock_kill(struct sock *sk)
359 sock_put(sk); 359 sock_put(sk);
360} 360}
361 361
362/* Close socket. 362static void __sco_sock_close(struct sock *sk)
363 * Must be called on unlocked socket.
364 */
365static void sco_sock_close(struct sock *sk)
366{ 363{
367 struct sco_conn *conn; 364 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
368
369 sco_sock_clear_timer(sk);
370
371 lock_sock(sk);
372
373 conn = sco_pi(sk)->conn;
374
375 BT_DBG("sk %p state %d conn %p socket %p", sk, sk->sk_state, conn, sk->sk_socket);
376 365
377 switch (sk->sk_state) { 366 switch (sk->sk_state) {
378 case BT_LISTEN: 367 case BT_LISTEN:
@@ -390,9 +379,15 @@ static void sco_sock_close(struct sock *sk)
390 sock_set_flag(sk, SOCK_ZAPPED); 379 sock_set_flag(sk, SOCK_ZAPPED);
391 break; 380 break;
392 } 381 }
382}
393 383
384/* Must be called on unlocked socket. */
385static void sco_sock_close(struct sock *sk)
386{
387 sco_sock_clear_timer(sk);
388 lock_sock(sk);
389 __sco_sock_close(sk);
394 release_sock(sk); 390 release_sock(sk);
395
396 sco_sock_kill(sk); 391 sco_sock_kill(sk);
397} 392}
398 393
@@ -748,6 +743,30 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char
748 return err; 743 return err;
749} 744}
750 745
746static int sco_sock_shutdown(struct socket *sock, int how)
747{
748 struct sock *sk = sock->sk;
749 int err = 0;
750
751 BT_DBG("sock %p, sk %p", sock, sk);
752
753 if (!sk)
754 return 0;
755
756 lock_sock(sk);
757 if (!sk->sk_shutdown) {
758 sk->sk_shutdown = SHUTDOWN_MASK;
759 sco_sock_clear_timer(sk);
760 __sco_sock_close(sk);
761
762 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
763 err = bt_sock_wait_state(sk, BT_CLOSED,
764 sk->sk_lingertime);
765 }
766 release_sock(sk);
767 return err;
768}
769
751static int sco_sock_release(struct socket *sock) 770static int sco_sock_release(struct socket *sock)
752{ 771{
753 struct sock *sk = sock->sk; 772 struct sock *sk = sock->sk;
@@ -969,7 +988,7 @@ static const struct proto_ops sco_sock_ops = {
969 .ioctl = bt_sock_ioctl, 988 .ioctl = bt_sock_ioctl,
970 .mmap = sock_no_mmap, 989 .mmap = sock_no_mmap,
971 .socketpair = sock_no_socketpair, 990 .socketpair = sock_no_socketpair,
972 .shutdown = sock_no_shutdown, 991 .shutdown = sco_sock_shutdown,
973 .setsockopt = sco_sock_setsockopt, 992 .setsockopt = sco_sock_setsockopt,
974 .getsockopt = sco_sock_getsockopt 993 .getsockopt = sco_sock_getsockopt
975}; 994};
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-26 08:06:10 -0500