diff options
39 files changed, 2224 insertions, 1122 deletions
diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c index 6aab00ef4379..11f467c00d0a 100644 --- a/drivers/bluetooth/ath3k.c +++ b/drivers/bluetooth/ath3k.c | |||
@@ -90,6 +90,7 @@ static struct usb_device_id ath3k_table[] = { | |||
90 | { USB_DEVICE(0x13d3, 0x3393) }, | 90 | { USB_DEVICE(0x13d3, 0x3393) }, |
91 | { USB_DEVICE(0x0489, 0xe04e) }, | 91 | { USB_DEVICE(0x0489, 0xe04e) }, |
92 | { USB_DEVICE(0x0489, 0xe056) }, | 92 | { USB_DEVICE(0x0489, 0xe056) }, |
93 | { USB_DEVICE(0x0489, 0xe04d) }, | ||
93 | 94 | ||
94 | /* Atheros AR5BBU12 with sflash firmware */ | 95 | /* Atheros AR5BBU12 with sflash firmware */ |
95 | { USB_DEVICE(0x0489, 0xE02C) }, | 96 | { USB_DEVICE(0x0489, 0xE02C) }, |
@@ -126,6 +127,7 @@ static struct usb_device_id ath3k_blist_tbl[] = { | |||
126 | { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, | 127 | { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, |
127 | { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, | 128 | { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, |
128 | { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, | 129 | { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, |
130 | { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, | ||
129 | 131 | ||
130 | /* Atheros AR5BBU22 with sflash firmware */ | 132 | /* Atheros AR5BBU22 with sflash firmware */ |
131 | { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 }, | 133 | { USB_DEVICE(0x0489, 0xE03C), .driver_info = BTUSB_ATH3012 }, |
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2cc5f774a29c..3d684d20b584 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c | |||
@@ -148,6 +148,7 @@ static struct usb_device_id blacklist_table[] = { | |||
148 | { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, | 148 | { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, |
149 | { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, | 149 | { USB_DEVICE(0x0489, 0xe04e), .driver_info = BTUSB_ATH3012 }, |
150 | { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, | 150 | { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, |
151 | { USB_DEVICE(0x0489, 0xe04d), .driver_info = BTUSB_ATH3012 }, | ||
151 | 152 | ||
152 | /* Atheros AR5BBU12 with sflash firmware */ | 153 | /* Atheros AR5BBU12 with sflash firmware */ |
153 | { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, | 154 | { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, |
@@ -926,6 +927,22 @@ static void btusb_waker(struct work_struct *work) | |||
926 | usb_autopm_put_interface(data->intf); | 927 | usb_autopm_put_interface(data->intf); |
927 | } | 928 | } |
928 | 929 | ||
930 | static int btusb_setup_bcm92035(struct hci_dev *hdev) | ||
931 | { | ||
932 | struct sk_buff *skb; | ||
933 | u8 val = 0x00; | ||
934 | |||
935 | BT_DBG("%s", hdev->name); | ||
936 | |||
937 | skb = __hci_cmd_sync(hdev, 0xfc3b, 1, &val, HCI_INIT_TIMEOUT); | ||
938 | if (IS_ERR(skb)) | ||
939 | BT_ERR("BCM92035 command failed (%ld)", -PTR_ERR(skb)); | ||
940 | else | ||
941 | kfree_skb(skb); | ||
942 | |||
943 | return 0; | ||
944 | } | ||
945 | |||
929 | static int btusb_probe(struct usb_interface *intf, | 946 | static int btusb_probe(struct usb_interface *intf, |
930 | const struct usb_device_id *id) | 947 | const struct usb_device_id *id) |
931 | { | 948 | { |
@@ -1022,11 +1039,14 @@ static int btusb_probe(struct usb_interface *intf, | |||
1022 | 1039 | ||
1023 | SET_HCIDEV_DEV(hdev, &intf->dev); | 1040 | SET_HCIDEV_DEV(hdev, &intf->dev); |
1024 | 1041 | ||
1025 | hdev->open = btusb_open; | 1042 | hdev->open = btusb_open; |
1026 | hdev->close = btusb_close; | 1043 | hdev->close = btusb_close; |
1027 | hdev->flush = btusb_flush; | 1044 | hdev->flush = btusb_flush; |
1028 | hdev->send = btusb_send_frame; | 1045 | hdev->send = btusb_send_frame; |
1029 | hdev->notify = btusb_notify; | 1046 | hdev->notify = btusb_notify; |
1047 | |||
1048 | if (id->driver_info & BTUSB_BCM92035) | ||
1049 | hdev->setup = btusb_setup_bcm92035; | ||
1030 | 1050 | ||
1031 | /* Interface numbers are hardcoded in the specification */ | 1051 | /* Interface numbers are hardcoded in the specification */ |
1032 | data->isoc = usb_ifnum_to_if(data->udev, 1); | 1052 | data->isoc = usb_ifnum_to_if(data->udev, 1); |
@@ -1065,17 +1085,6 @@ static int btusb_probe(struct usb_interface *intf, | |||
1065 | data->isoc = NULL; | 1085 | data->isoc = NULL; |
1066 | } | 1086 | } |
1067 | 1087 | ||
1068 | if (id->driver_info & BTUSB_BCM92035) { | ||
1069 | unsigned char cmd[] = { 0x3b, 0xfc, 0x01, 0x00 }; | ||
1070 | struct sk_buff *skb; | ||
1071 | |||
1072 | skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL); | ||
1073 | if (skb) { | ||
1074 | memcpy(skb_put(skb, sizeof(cmd)), cmd, sizeof(cmd)); | ||
1075 | skb_queue_tail(&hdev->driver_init, skb); | ||
1076 | } | ||
1077 | } | ||
1078 | |||
1079 | if (data->isoc) { | 1088 | if (data->isoc) { |
1080 | err = usb_driver_claim_interface(&btusb_driver, | 1089 | err = usb_driver_claim_interface(&btusb_driver, |
1081 | data->isoc, data); | 1090 | data->isoc, data); |
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c index c60623f206d4..8ae9f1ea2bb5 100644 --- a/drivers/bluetooth/hci_h4.c +++ b/drivers/bluetooth/hci_h4.c | |||
@@ -153,6 +153,9 @@ static int h4_recv(struct hci_uart *hu, void *data, int count) | |||
153 | { | 153 | { |
154 | int ret; | 154 | int ret; |
155 | 155 | ||
156 | if (!test_bit(HCI_UART_REGISTERED, &hu->flags)) | ||
157 | return -EUNATCH; | ||
158 | |||
156 | ret = hci_recv_stream_fragment(hu->hdev, data, count); | 159 | ret = hci_recv_stream_fragment(hu->hdev, data, count); |
157 | if (ret < 0) { | 160 | if (ret < 0) { |
158 | BT_ERR("Frame Reassembly Failed"); | 161 | BT_ERR("Frame Reassembly Failed"); |
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index ed0fade46aed..bc68a440d432 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c | |||
@@ -260,12 +260,12 @@ static int hci_uart_send_frame(struct sk_buff *skb) | |||
260 | 260 | ||
261 | /* ------ LDISC part ------ */ | 261 | /* ------ LDISC part ------ */ |
262 | /* hci_uart_tty_open | 262 | /* hci_uart_tty_open |
263 | * | 263 | * |
264 | * Called when line discipline changed to HCI_UART. | 264 | * Called when line discipline changed to HCI_UART. |
265 | * | 265 | * |
266 | * Arguments: | 266 | * Arguments: |
267 | * tty pointer to tty info structure | 267 | * tty pointer to tty info structure |
268 | * Return Value: | 268 | * Return Value: |
269 | * 0 if success, otherwise error code | 269 | * 0 if success, otherwise error code |
270 | */ | 270 | */ |
271 | static int hci_uart_tty_open(struct tty_struct *tty) | 271 | static int hci_uart_tty_open(struct tty_struct *tty) |
@@ -365,15 +365,15 @@ static void hci_uart_tty_wakeup(struct tty_struct *tty) | |||
365 | } | 365 | } |
366 | 366 | ||
367 | /* hci_uart_tty_receive() | 367 | /* hci_uart_tty_receive() |
368 | * | 368 | * |
369 | * Called by tty low level driver when receive data is | 369 | * Called by tty low level driver when receive data is |
370 | * available. | 370 | * available. |
371 | * | 371 | * |
372 | * Arguments: tty pointer to tty isntance data | 372 | * Arguments: tty pointer to tty isntance data |
373 | * data pointer to received data | 373 | * data pointer to received data |
374 | * flags pointer to flags for data | 374 | * flags pointer to flags for data |
375 | * count count of received data in bytes | 375 | * count count of received data in bytes |
376 | * | 376 | * |
377 | * Return Value: None | 377 | * Return Value: None |
378 | */ | 378 | */ |
379 | static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *flags, int count) | 379 | static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *flags, int count) |
@@ -388,7 +388,10 @@ static void hci_uart_tty_receive(struct tty_struct *tty, const u8 *data, char *f | |||
388 | 388 | ||
389 | spin_lock(&hu->rx_lock); | 389 | spin_lock(&hu->rx_lock); |
390 | hu->proto->recv(hu, (void *) data, count); | 390 | hu->proto->recv(hu, (void *) data, count); |
391 | hu->hdev->stat.byte_rx += count; | 391 | |
392 | if (hu->hdev) | ||
393 | hu->hdev->stat.byte_rx += count; | ||
394 | |||
392 | spin_unlock(&hu->rx_lock); | 395 | spin_unlock(&hu->rx_lock); |
393 | 396 | ||
394 | tty_unthrottle(tty); | 397 | tty_unthrottle(tty); |
diff --git a/drivers/nfc/Kconfig b/drivers/nfc/Kconfig index e57034971ccc..4775d4e61b88 100644 --- a/drivers/nfc/Kconfig +++ b/drivers/nfc/Kconfig | |||
@@ -26,6 +26,16 @@ config NFC_WILINK | |||
26 | Say Y here to compile support for Texas Instrument's NFC WiLink driver | 26 | Say Y here to compile support for Texas Instrument's NFC WiLink driver |
27 | into the kernel or say M to compile it as module. | 27 | into the kernel or say M to compile it as module. |
28 | 28 | ||
29 | config NFC_MEI_PHY | ||
30 | tristate "MEI bus NFC device support" | ||
31 | depends on INTEL_MEI_BUS_NFC && NFC_HCI | ||
32 | help | ||
33 | This adds support to use an mei bus nfc device. Select this if you | ||
34 | will use an HCI NFC driver for an NFC chip connected behind an | ||
35 | Intel's Management Engine chip. | ||
36 | |||
37 | If unsure, say N. | ||
38 | |||
29 | source "drivers/nfc/pn544/Kconfig" | 39 | source "drivers/nfc/pn544/Kconfig" |
30 | source "drivers/nfc/microread/Kconfig" | 40 | source "drivers/nfc/microread/Kconfig" |
31 | 41 | ||
diff --git a/drivers/nfc/Makefile b/drivers/nfc/Makefile index a189ada0926a..aa6bd657ef40 100644 --- a/drivers/nfc/Makefile +++ b/drivers/nfc/Makefile | |||
@@ -6,5 +6,6 @@ obj-$(CONFIG_NFC_PN544) += pn544/ | |||
6 | obj-$(CONFIG_NFC_MICROREAD) += microread/ | 6 | obj-$(CONFIG_NFC_MICROREAD) += microread/ |
7 | obj-$(CONFIG_NFC_PN533) += pn533.o | 7 | obj-$(CONFIG_NFC_PN533) += pn533.o |
8 | obj-$(CONFIG_NFC_WILINK) += nfcwilink.o | 8 | obj-$(CONFIG_NFC_WILINK) += nfcwilink.o |
9 | obj-$(CONFIG_NFC_MEI_PHY) += mei_phy.o | ||
9 | 10 | ||
10 | ccflags-$(CONFIG_NFC_DEBUG) := -DDEBUG | 11 | ccflags-$(CONFIG_NFC_DEBUG) := -DDEBUG |
diff --git a/drivers/nfc/mei_phy.c b/drivers/nfc/mei_phy.c new file mode 100644 index 000000000000..b8f8abc422f0 --- /dev/null +++ b/drivers/nfc/mei_phy.c | |||
@@ -0,0 +1,164 @@ | |||
1 | /* | ||
2 | * MEI Library for mei bus nfc device access | ||
3 | * | ||
4 | * Copyright (C) 2013 Intel Corporation. All rights reserved. | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms and conditions of the GNU General Public License, | ||
8 | * version 2, as published by the Free Software Foundation. | ||
9 | * | ||
10 | * This program is distributed in the hope that it will be useful, | ||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
13 | * GNU General Public License for more details. | ||
14 | * | ||
15 | * You should have received a copy of the GNU General Public License | ||
16 | * along with this program; if not, write to the | ||
17 | * Free Software Foundation, Inc., | ||
18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | #include <linux/module.h> | ||
22 | #include <linux/slab.h> | ||
23 | #include <linux/nfc.h> | ||
24 | |||
25 | #include "mei_phy.h" | ||
26 | |||
27 | struct mei_nfc_hdr { | ||
28 | u8 cmd; | ||
29 | u8 status; | ||
30 | u16 req_id; | ||
31 | u32 reserved; | ||
32 | u16 data_size; | ||
33 | } __attribute__((packed)); | ||
34 | |||
35 | #define MEI_NFC_MAX_READ (MEI_NFC_HEADER_SIZE + MEI_NFC_MAX_HCI_PAYLOAD) | ||
36 | |||
37 | #define MEI_DUMP_SKB_IN(info, skb) \ | ||
38 | do { \ | ||
39 | pr_debug("%s:\n", info); \ | ||
40 | print_hex_dump_debug("mei in : ", DUMP_PREFIX_OFFSET, \ | ||
41 | 16, 1, (skb)->data, (skb)->len, false); \ | ||
42 | } while (0) | ||
43 | |||
44 | #define MEI_DUMP_SKB_OUT(info, skb) \ | ||
45 | do { \ | ||
46 | pr_debug("%s:\n", info); \ | ||
47 | print_hex_dump_debug("mei out: ", DUMP_PREFIX_OFFSET, \ | ||
48 | 16, 1, (skb)->data, (skb)->len, false); \ | ||
49 | } while (0) | ||
50 | |||
51 | int nfc_mei_phy_enable(void *phy_id) | ||
52 | { | ||
53 | int r; | ||
54 | struct nfc_mei_phy *phy = phy_id; | ||
55 | |||
56 | pr_info("%s\n", __func__); | ||
57 | |||
58 | if (phy->powered == 1) | ||
59 | return 0; | ||
60 | |||
61 | r = mei_cl_enable_device(phy->device); | ||
62 | if (r < 0) { | ||
63 | pr_err("MEI_PHY: Could not enable device\n"); | ||
64 | return r; | ||
65 | } | ||
66 | |||
67 | phy->powered = 1; | ||
68 | |||
69 | return 0; | ||
70 | } | ||
71 | EXPORT_SYMBOL_GPL(nfc_mei_phy_enable); | ||
72 | |||
73 | void nfc_mei_phy_disable(void *phy_id) | ||
74 | { | ||
75 | struct nfc_mei_phy *phy = phy_id; | ||
76 | |||
77 | pr_info("%s\n", __func__); | ||
78 | |||
79 | mei_cl_disable_device(phy->device); | ||
80 | |||
81 | phy->powered = 0; | ||
82 | } | ||
83 | EXPORT_SYMBOL_GPL(nfc_mei_phy_disable); | ||
84 | |||
85 | /* | ||
86 | * Writing a frame must not return the number of written bytes. | ||
87 | * It must return either zero for success, or <0 for error. | ||
88 | * In addition, it must not alter the skb | ||
89 | */ | ||
90 | static int nfc_mei_phy_write(void *phy_id, struct sk_buff *skb) | ||
91 | { | ||
92 | struct nfc_mei_phy *phy = phy_id; | ||
93 | int r; | ||
94 | |||
95 | MEI_DUMP_SKB_OUT("mei frame sent", skb); | ||
96 | |||
97 | r = mei_cl_send(phy->device, skb->data, skb->len); | ||
98 | if (r > 0) | ||
99 | r = 0; | ||
100 | |||
101 | return r; | ||
102 | } | ||
103 | |||
104 | void nfc_mei_event_cb(struct mei_cl_device *device, u32 events, void *context) | ||
105 | { | ||
106 | struct nfc_mei_phy *phy = context; | ||
107 | |||
108 | if (phy->hard_fault != 0) | ||
109 | return; | ||
110 | |||
111 | if (events & BIT(MEI_CL_EVENT_RX)) { | ||
112 | struct sk_buff *skb; | ||
113 | int reply_size; | ||
114 | |||
115 | skb = alloc_skb(MEI_NFC_MAX_READ, GFP_KERNEL); | ||
116 | if (!skb) | ||
117 | return; | ||
118 | |||
119 | reply_size = mei_cl_recv(device, skb->data, MEI_NFC_MAX_READ); | ||
120 | if (reply_size < MEI_NFC_HEADER_SIZE) { | ||
121 | kfree(skb); | ||
122 | return; | ||
123 | } | ||
124 | |||
125 | skb_put(skb, reply_size); | ||
126 | skb_pull(skb, MEI_NFC_HEADER_SIZE); | ||
127 | |||
128 | MEI_DUMP_SKB_IN("mei frame read", skb); | ||
129 | |||
130 | nfc_hci_recv_frame(phy->hdev, skb); | ||
131 | } | ||
132 | } | ||
133 | EXPORT_SYMBOL_GPL(nfc_mei_event_cb); | ||
134 | |||
135 | struct nfc_phy_ops mei_phy_ops = { | ||
136 | .write = nfc_mei_phy_write, | ||
137 | .enable = nfc_mei_phy_enable, | ||
138 | .disable = nfc_mei_phy_disable, | ||
139 | }; | ||
140 | EXPORT_SYMBOL_GPL(mei_phy_ops); | ||
141 | |||
142 | struct nfc_mei_phy *nfc_mei_phy_alloc(struct mei_cl_device *device) | ||
143 | { | ||
144 | struct nfc_mei_phy *phy; | ||
145 | |||
146 | phy = kzalloc(sizeof(struct nfc_mei_phy), GFP_KERNEL); | ||
147 | if (!phy) | ||
148 | return NULL; | ||
149 | |||
150 | phy->device = device; | ||
151 | mei_cl_set_drvdata(device, phy); | ||
152 | |||
153 | return phy; | ||
154 | } | ||
155 | EXPORT_SYMBOL_GPL(nfc_mei_phy_alloc); | ||
156 | |||
157 | void nfc_mei_phy_free(struct nfc_mei_phy *phy) | ||
158 | { | ||
159 | kfree(phy); | ||
160 | } | ||
161 | EXPORT_SYMBOL_GPL(nfc_mei_phy_free); | ||
162 | |||
163 | MODULE_LICENSE("GPL"); | ||
164 | MODULE_DESCRIPTION("mei bus NFC device interface"); | ||
diff --git a/drivers/nfc/mei_phy.h b/drivers/nfc/mei_phy.h new file mode 100644 index 000000000000..d669900f8278 --- /dev/null +++ b/drivers/nfc/mei_phy.h | |||
@@ -0,0 +1,30 @@ | |||
1 | #ifndef __LOCAL_MEI_PHY_H_ | ||
2 | #define __LOCAL_MEI_PHY_H_ | ||
3 | |||
4 | #include <linux/mei_cl_bus.h> | ||
5 | #include <net/nfc/hci.h> | ||
6 | |||
7 | #define MEI_NFC_HEADER_SIZE 10 | ||
8 | #define MEI_NFC_MAX_HCI_PAYLOAD 300 | ||
9 | |||
10 | struct nfc_mei_phy { | ||
11 | struct mei_cl_device *device; | ||
12 | struct nfc_hci_dev *hdev; | ||
13 | |||
14 | int powered; | ||
15 | |||
16 | int hard_fault; /* | ||
17 | * < 0 if hardware error occured | ||
18 | * and prevents normal operation. | ||
19 | */ | ||
20 | }; | ||
21 | |||
22 | extern struct nfc_phy_ops mei_phy_ops; | ||
23 | |||
24 | int nfc_mei_phy_enable(void *phy_id); | ||
25 | void nfc_mei_phy_disable(void *phy_id); | ||
26 | void nfc_mei_event_cb(struct mei_cl_device *device, u32 events, void *context); | ||
27 | struct nfc_mei_phy *nfc_mei_phy_alloc(struct mei_cl_device *device); | ||
28 | void nfc_mei_phy_free(struct nfc_mei_phy *phy); | ||
29 | |||
30 | #endif /* __LOCAL_MEI_PHY_H_ */ | ||
diff --git a/drivers/nfc/microread/Kconfig b/drivers/nfc/microread/Kconfig index 572305be6e37..951d5542f6bc 100644 --- a/drivers/nfc/microread/Kconfig +++ b/drivers/nfc/microread/Kconfig | |||
@@ -25,7 +25,7 @@ config NFC_MICROREAD_I2C | |||
25 | 25 | ||
26 | config NFC_MICROREAD_MEI | 26 | config NFC_MICROREAD_MEI |
27 | tristate "NFC Microread MEI support" | 27 | tristate "NFC Microread MEI support" |
28 | depends on NFC_MICROREAD && INTEL_MEI_BUS_NFC | 28 | depends on NFC_MICROREAD && NFC_MEI_PHY |
29 | ---help--- | 29 | ---help--- |
30 | This module adds support for the mei interface of adapters using | 30 | This module adds support for the mei interface of adapters using |
31 | Inside microread chipsets. Select this if your microread chipset | 31 | Inside microread chipsets. Select this if your microread chipset |
diff --git a/drivers/nfc/microread/mei.c b/drivers/nfc/microread/mei.c index ca33ae193935..1ad044dce7b6 100644 --- a/drivers/nfc/microread/mei.c +++ b/drivers/nfc/microread/mei.c | |||
@@ -19,151 +19,31 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | #include <linux/module.h> | 21 | #include <linux/module.h> |
22 | #include <linux/slab.h> | 22 | #include <linux/mod_devicetable.h> |
23 | #include <linux/interrupt.h> | ||
24 | #include <linux/gpio.h> | ||
25 | #include <linux/mei_cl_bus.h> | ||
26 | |||
27 | #include <linux/nfc.h> | 23 | #include <linux/nfc.h> |
28 | #include <net/nfc/hci.h> | 24 | #include <net/nfc/hci.h> |
29 | #include <net/nfc/llc.h> | 25 | #include <net/nfc/llc.h> |
30 | 26 | ||
27 | #include "../mei_phy.h" | ||
31 | #include "microread.h" | 28 | #include "microread.h" |
32 | 29 | ||
33 | #define MICROREAD_DRIVER_NAME "microread" | 30 | #define MICROREAD_DRIVER_NAME "microread" |
34 | 31 | ||
35 | struct mei_nfc_hdr { | ||
36 | u8 cmd; | ||
37 | u8 status; | ||
38 | u16 req_id; | ||
39 | u32 reserved; | ||
40 | u16 data_size; | ||
41 | } __attribute__((packed)); | ||
42 | |||
43 | #define MEI_NFC_HEADER_SIZE 10 | ||
44 | #define MEI_NFC_MAX_HCI_PAYLOAD 300 | ||
45 | #define MEI_NFC_MAX_READ (MEI_NFC_HEADER_SIZE + MEI_NFC_MAX_HCI_PAYLOAD) | ||
46 | |||
47 | struct microread_mei_phy { | ||
48 | struct mei_cl_device *device; | ||
49 | struct nfc_hci_dev *hdev; | ||
50 | |||
51 | int powered; | ||
52 | |||
53 | int hard_fault; /* | ||
54 | * < 0 if hardware error occured (e.g. i2c err) | ||
55 | * and prevents normal operation. | ||
56 | */ | ||
57 | }; | ||
58 | |||
59 | #define MEI_DUMP_SKB_IN(info, skb) \ | ||
60 | do { \ | ||
61 | pr_debug("%s:\n", info); \ | ||
62 | print_hex_dump(KERN_DEBUG, "mei in : ", DUMP_PREFIX_OFFSET, \ | ||
63 | 16, 1, (skb)->data, (skb)->len, 0); \ | ||
64 | } while (0) | ||
65 | |||
66 | #define MEI_DUMP_SKB_OUT(info, skb) \ | ||
67 | do { \ | ||
68 | pr_debug("%s:\n", info); \ | ||
69 | print_hex_dump(KERN_DEBUG, "mei out: ", DUMP_PREFIX_OFFSET, \ | ||
70 | 16, 1, (skb)->data, (skb)->len, 0); \ | ||
71 | } while (0) | ||
72 | |||
73 | static int microread_mei_enable(void *phy_id) | ||
74 | { | ||
75 | struct microread_mei_phy *phy = phy_id; | ||
76 | |||
77 | pr_info(DRIVER_DESC ": %s\n", __func__); | ||
78 | |||
79 | phy->powered = 1; | ||
80 | |||
81 | return 0; | ||
82 | } | ||
83 | |||
84 | static void microread_mei_disable(void *phy_id) | ||
85 | { | ||
86 | struct microread_mei_phy *phy = phy_id; | ||
87 | |||
88 | pr_info(DRIVER_DESC ": %s\n", __func__); | ||
89 | |||
90 | phy->powered = 0; | ||
91 | } | ||
92 | |||
93 | /* | ||
94 | * Writing a frame must not return the number of written bytes. | ||
95 | * It must return either zero for success, or <0 for error. | ||
96 | * In addition, it must not alter the skb | ||
97 | */ | ||
98 | static int microread_mei_write(void *phy_id, struct sk_buff *skb) | ||
99 | { | ||
100 | struct microread_mei_phy *phy = phy_id; | ||
101 | int r; | ||
102 | |||
103 | MEI_DUMP_SKB_OUT("mei frame sent", skb); | ||
104 | |||
105 | r = mei_cl_send(phy->device, skb->data, skb->len); | ||
106 | if (r > 0) | ||
107 | r = 0; | ||
108 | |||
109 | return r; | ||
110 | } | ||
111 | |||
112 | static void microread_event_cb(struct mei_cl_device *device, u32 events, | ||
113 | void *context) | ||
114 | { | ||
115 | struct microread_mei_phy *phy = context; | ||
116 | |||
117 | if (phy->hard_fault != 0) | ||
118 | return; | ||
119 | |||
120 | if (events & BIT(MEI_CL_EVENT_RX)) { | ||
121 | struct sk_buff *skb; | ||
122 | int reply_size; | ||
123 | |||
124 | skb = alloc_skb(MEI_NFC_MAX_READ, GFP_KERNEL); | ||
125 | if (!skb) | ||
126 | return; | ||
127 | |||
128 | reply_size = mei_cl_recv(device, skb->data, MEI_NFC_MAX_READ); | ||
129 | if (reply_size < MEI_NFC_HEADER_SIZE) { | ||
130 | kfree(skb); | ||
131 | return; | ||
132 | } | ||
133 | |||
134 | skb_put(skb, reply_size); | ||
135 | skb_pull(skb, MEI_NFC_HEADER_SIZE); | ||
136 | |||
137 | MEI_DUMP_SKB_IN("mei frame read", skb); | ||
138 | |||
139 | nfc_hci_recv_frame(phy->hdev, skb); | ||
140 | } | ||
141 | } | ||
142 | |||
143 | static struct nfc_phy_ops mei_phy_ops = { | ||
144 | .write = microread_mei_write, | ||
145 | .enable = microread_mei_enable, | ||
146 | .disable = microread_mei_disable, | ||
147 | }; | ||
148 | |||
149 | static int microread_mei_probe(struct mei_cl_device *device, | 32 | static int microread_mei_probe(struct mei_cl_device *device, |
150 | const struct mei_cl_device_id *id) | 33 | const struct mei_cl_device_id *id) |
151 | { | 34 | { |
152 | struct microread_mei_phy *phy; | 35 | struct nfc_mei_phy *phy; |
153 | int r; | 36 | int r; |
154 | 37 | ||
155 | pr_info("Probing NFC microread\n"); | 38 | pr_info("Probing NFC microread\n"); |
156 | 39 | ||
157 | phy = kzalloc(sizeof(struct microread_mei_phy), GFP_KERNEL); | 40 | phy = nfc_mei_phy_alloc(device); |
158 | if (!phy) { | 41 | if (!phy) { |
159 | pr_err("Cannot allocate memory for microread mei phy.\n"); | 42 | pr_err("Cannot allocate memory for microread mei phy.\n"); |
160 | return -ENOMEM; | 43 | return -ENOMEM; |
161 | } | 44 | } |
162 | 45 | ||
163 | phy->device = device; | 46 | r = mei_cl_register_event_cb(device, nfc_mei_event_cb, phy); |
164 | mei_cl_set_drvdata(device, phy); | ||
165 | |||
166 | r = mei_cl_register_event_cb(device, microread_event_cb, phy); | ||
167 | if (r) { | 47 | if (r) { |
168 | pr_err(MICROREAD_DRIVER_NAME ": event cb registration failed\n"); | 48 | pr_err(MICROREAD_DRIVER_NAME ": event cb registration failed\n"); |
169 | goto err_out; | 49 | goto err_out; |
@@ -178,23 +58,22 @@ static int microread_mei_probe(struct mei_cl_device *device, | |||
178 | return 0; | 58 | return 0; |
179 | 59 | ||
180 | err_out: | 60 | err_out: |
181 | kfree(phy); | 61 | nfc_mei_phy_free(phy); |
182 | 62 | ||
183 | return r; | 63 | return r; |
184 | } | 64 | } |
185 | 65 | ||
186 | static int microread_mei_remove(struct mei_cl_device *device) | 66 | static int microread_mei_remove(struct mei_cl_device *device) |
187 | { | 67 | { |
188 | struct microread_mei_phy *phy = mei_cl_get_drvdata(device); | 68 | struct nfc_mei_phy *phy = mei_cl_get_drvdata(device); |
189 | 69 | ||
190 | pr_info("Removing microread\n"); | 70 | pr_info("Removing microread\n"); |
191 | 71 | ||
192 | microread_remove(phy->hdev); | 72 | microread_remove(phy->hdev); |
193 | 73 | ||
194 | if (phy->powered) | 74 | nfc_mei_phy_disable(phy); |
195 | microread_mei_disable(phy); | ||
196 | 75 | ||
197 | kfree(phy); | 76 | nfc_mei_phy_free(phy); |
198 | 77 | ||
199 | return 0; | 78 | return 0; |
200 | } | 79 | } |
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c index f0f6763d67ae..8f6f2baa930d 100644 --- a/drivers/nfc/pn533.c +++ b/drivers/nfc/pn533.c | |||
@@ -1,9 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia | 2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia |
3 | * | 3 | * Copyright (C) 2012-2013 Tieto Poland |
4 | * Authors: | ||
5 | * Lauro Ramos Venancio <lauro.venancio@openbossa.org> | ||
6 | * Aloisio Almeida Jr <aloisio.almeida@openbossa.org> | ||
7 | * | 4 | * |
8 | * This program is free software; you can redistribute it and/or modify | 5 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License as published by | 6 | * it under the terms of the GNU General Public License as published by |
@@ -30,7 +27,7 @@ | |||
30 | #include <linux/netdevice.h> | 27 | #include <linux/netdevice.h> |
31 | #include <net/nfc/nfc.h> | 28 | #include <net/nfc/nfc.h> |
32 | 29 | ||
33 | #define VERSION "0.1" | 30 | #define VERSION "0.2" |
34 | 31 | ||
35 | #define PN533_VENDOR_ID 0x4CC | 32 | #define PN533_VENDOR_ID 0x4CC |
36 | #define PN533_PRODUCT_ID 0x2533 | 33 | #define PN533_PRODUCT_ID 0x2533 |
@@ -41,8 +38,12 @@ | |||
41 | #define SONY_VENDOR_ID 0x054c | 38 | #define SONY_VENDOR_ID 0x054c |
42 | #define PASORI_PRODUCT_ID 0x02e1 | 39 | #define PASORI_PRODUCT_ID 0x02e1 |
43 | 40 | ||
44 | #define PN533_DEVICE_STD 0x1 | 41 | #define ACS_VENDOR_ID 0x072f |
45 | #define PN533_DEVICE_PASORI 0x2 | 42 | #define ACR122U_PRODUCT_ID 0x2200 |
43 | |||
44 | #define PN533_DEVICE_STD 0x1 | ||
45 | #define PN533_DEVICE_PASORI 0x2 | ||
46 | #define PN533_DEVICE_ACR122U 0x3 | ||
46 | 47 | ||
47 | #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\ | 48 | #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\ |
48 | NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\ | 49 | NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\ |
@@ -71,6 +72,11 @@ static const struct usb_device_id pn533_table[] = { | |||
71 | .idProduct = PASORI_PRODUCT_ID, | 72 | .idProduct = PASORI_PRODUCT_ID, |
72 | .driver_info = PN533_DEVICE_PASORI, | 73 | .driver_info = PN533_DEVICE_PASORI, |
73 | }, | 74 | }, |
75 | { .match_flags = USB_DEVICE_ID_MATCH_DEVICE, | ||
76 | .idVendor = ACS_VENDOR_ID, | ||
77 | .idProduct = ACR122U_PRODUCT_ID, | ||
78 | .driver_info = PN533_DEVICE_ACR122U, | ||
79 | }, | ||
74 | { } | 80 | { } |
75 | }; | 81 | }; |
76 | MODULE_DEVICE_TABLE(usb, pn533_table); | 82 | MODULE_DEVICE_TABLE(usb, pn533_table); |
@@ -78,32 +84,47 @@ MODULE_DEVICE_TABLE(usb, pn533_table); | |||
78 | /* How much time we spend listening for initiators */ | 84 | /* How much time we spend listening for initiators */ |
79 | #define PN533_LISTEN_TIME 2 | 85 | #define PN533_LISTEN_TIME 2 |
80 | 86 | ||
81 | /* frame definitions */ | 87 | /* Standard pn533 frame definitions */ |
82 | #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \ | 88 | #define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \ |
83 | + 2) /* data[0] TFI, data[1] CC */ | 89 | + 2) /* data[0] TFI, data[1] CC */ |
84 | #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/ | 90 | #define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/ |
85 | 91 | ||
86 | /* | 92 | /* |
87 | * Max extended frame payload len, excluding TFI and CC | 93 | * Max extended frame payload len, excluding TFI and CC |
88 | * which are already in PN533_FRAME_HEADER_LEN. | 94 | * which are already in PN533_FRAME_HEADER_LEN. |
89 | */ | 95 | */ |
90 | #define PN533_FRAME_MAX_PAYLOAD_LEN 263 | 96 | #define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263 |
91 | 97 | ||
92 | #define PN533_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2), | 98 | #define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2), |
93 | Postamble (1) */ | 99 | Postamble (1) */ |
94 | #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen]) | 100 | #define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen]) |
95 | #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1]) | 101 | #define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1]) |
96 | 102 | ||
97 | /* start of frame */ | 103 | /* start of frame */ |
98 | #define PN533_SOF 0x00FF | 104 | #define PN533_STD_FRAME_SOF 0x00FF |
105 | |||
106 | /* standard frame identifier: in/out/error */ | ||
107 | #define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */ | ||
108 | #define PN533_STD_FRAME_DIR_OUT 0xD4 | ||
109 | #define PN533_STD_FRAME_DIR_IN 0xD5 | ||
110 | |||
111 | /* ACS ACR122 pn533 frame definitions */ | ||
112 | #define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \ | ||
113 | + 2) | ||
114 | #define PN533_ACR122_TX_FRAME_TAIL_LEN 0 | ||
115 | #define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \ | ||
116 | + 2) | ||
117 | #define PN533_ACR122_RX_FRAME_TAIL_LEN 2 | ||
118 | #define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN | ||
119 | |||
120 | /* CCID messages types */ | ||
121 | #define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62 | ||
122 | #define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B | ||
99 | 123 | ||
100 | /* frame identifier: in/out/error */ | 124 | #define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83 |
101 | #define PN533_FRAME_IDENTIFIER(f) (f->data[0]) | ||
102 | #define PN533_DIR_OUT 0xD4 | ||
103 | #define PN533_DIR_IN 0xD5 | ||
104 | 125 | ||
105 | /* PN533 Commands */ | 126 | /* PN533 Commands */ |
106 | #define PN533_FRAME_CMD(f) (f->data[1]) | 127 | #define PN533_STD_FRAME_CMD(f) (f->data[1]) |
107 | 128 | ||
108 | #define PN533_CMD_GET_FIRMWARE_VERSION 0x02 | 129 | #define PN533_CMD_GET_FIRMWARE_VERSION 0x02 |
109 | #define PN533_CMD_RF_CONFIGURATION 0x32 | 130 | #define PN533_CMD_RF_CONFIGURATION 0x32 |
@@ -128,8 +149,6 @@ MODULE_DEVICE_TABLE(usb, pn533_table); | |||
128 | 149 | ||
129 | struct pn533; | 150 | struct pn533; |
130 | 151 | ||
131 | typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg, int status); | ||
132 | |||
133 | typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg, | 152 | typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg, |
134 | struct sk_buff *resp); | 153 | struct sk_buff *resp); |
135 | 154 | ||
@@ -144,9 +163,13 @@ struct pn533_fw_version { | |||
144 | }; | 163 | }; |
145 | 164 | ||
146 | /* PN533_CMD_RF_CONFIGURATION */ | 165 | /* PN533_CMD_RF_CONFIGURATION */ |
147 | #define PN533_CFGITEM_TIMING 0x02 | 166 | #define PN533_CFGITEM_RF_FIELD 0x01 |
167 | #define PN533_CFGITEM_TIMING 0x02 | ||
148 | #define PN533_CFGITEM_MAX_RETRIES 0x05 | 168 | #define PN533_CFGITEM_MAX_RETRIES 0x05 |
149 | #define PN533_CFGITEM_PASORI 0x82 | 169 | #define PN533_CFGITEM_PASORI 0x82 |
170 | |||
171 | #define PN533_CFGITEM_RF_FIELD_ON 0x1 | ||
172 | #define PN533_CFGITEM_RF_FIELD_OFF 0x0 | ||
150 | 173 | ||
151 | #define PN533_CONFIG_TIMING_102 0xb | 174 | #define PN533_CONFIG_TIMING_102 0xb |
152 | #define PN533_CONFIG_TIMING_204 0xc | 175 | #define PN533_CONFIG_TIMING_204 0xc |
@@ -313,10 +336,17 @@ struct pn533_cmd_jump_dep_response { | |||
313 | #define PN533_INIT_TARGET_RESP_ACTIVE 0x1 | 336 | #define PN533_INIT_TARGET_RESP_ACTIVE 0x1 |
314 | #define PN533_INIT_TARGET_RESP_DEP 0x4 | 337 | #define PN533_INIT_TARGET_RESP_DEP 0x4 |
315 | 338 | ||
339 | enum pn533_protocol_type { | ||
340 | PN533_PROTO_REQ_ACK_RESP = 0, | ||
341 | PN533_PROTO_REQ_RESP | ||
342 | }; | ||
343 | |||
316 | struct pn533 { | 344 | struct pn533 { |
317 | struct usb_device *udev; | 345 | struct usb_device *udev; |
318 | struct usb_interface *interface; | 346 | struct usb_interface *interface; |
319 | struct nfc_dev *nfc_dev; | 347 | struct nfc_dev *nfc_dev; |
348 | u32 device_type; | ||
349 | enum pn533_protocol_type protocol_type; | ||
320 | 350 | ||
321 | struct urb *out_urb; | 351 | struct urb *out_urb; |
322 | struct urb *in_urb; | 352 | struct urb *in_urb; |
@@ -329,21 +359,21 @@ struct pn533 { | |||
329 | struct work_struct poll_work; | 359 | struct work_struct poll_work; |
330 | struct work_struct mi_work; | 360 | struct work_struct mi_work; |
331 | struct work_struct tg_work; | 361 | struct work_struct tg_work; |
332 | struct timer_list listen_timer; | ||
333 | int wq_in_error; | ||
334 | int cancel_listen; | ||
335 | 362 | ||
336 | pn533_cmd_complete_t cmd_complete; | 363 | struct list_head cmd_queue; |
337 | void *cmd_complete_arg; | 364 | struct pn533_cmd *cmd; |
365 | u8 cmd_pending; | ||
366 | struct mutex cmd_lock; /* protects cmd queue */ | ||
367 | |||
338 | void *cmd_complete_mi_arg; | 368 | void *cmd_complete_mi_arg; |
339 | struct mutex cmd_lock; | ||
340 | u8 cmd; | ||
341 | 369 | ||
342 | struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1]; | 370 | struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1]; |
343 | u8 poll_mod_count; | 371 | u8 poll_mod_count; |
344 | u8 poll_mod_curr; | 372 | u8 poll_mod_curr; |
345 | u32 poll_protocols; | 373 | u32 poll_protocols; |
346 | u32 listen_protocols; | 374 | u32 listen_protocols; |
375 | struct timer_list listen_timer; | ||
376 | int cancel_listen; | ||
347 | 377 | ||
348 | u8 *gb; | 378 | u8 *gb; |
349 | size_t gb_len; | 379 | size_t gb_len; |
@@ -352,24 +382,21 @@ struct pn533 { | |||
352 | u8 tgt_active_prot; | 382 | u8 tgt_active_prot; |
353 | u8 tgt_mode; | 383 | u8 tgt_mode; |
354 | 384 | ||
355 | u32 device_type; | ||
356 | |||
357 | struct list_head cmd_queue; | ||
358 | u8 cmd_pending; | ||
359 | |||
360 | struct pn533_frame_ops *ops; | 385 | struct pn533_frame_ops *ops; |
361 | }; | 386 | }; |
362 | 387 | ||
363 | struct pn533_cmd { | 388 | struct pn533_cmd { |
364 | struct list_head queue; | 389 | struct list_head queue; |
365 | u8 cmd_code; | 390 | u8 code; |
391 | int status; | ||
366 | struct sk_buff *req; | 392 | struct sk_buff *req; |
367 | struct sk_buff *resp; | 393 | struct sk_buff *resp; |
368 | int resp_len; | 394 | int resp_len; |
369 | void *arg; | 395 | pn533_send_async_complete_t complete_cb; |
396 | void *complete_cb_context; | ||
370 | }; | 397 | }; |
371 | 398 | ||
372 | struct pn533_frame { | 399 | struct pn533_std_frame { |
373 | u8 preamble; | 400 | u8 preamble; |
374 | __be16 start_frame; | 401 | __be16 start_frame; |
375 | u8 datalen; | 402 | u8 datalen; |
@@ -393,14 +420,124 @@ struct pn533_frame_ops { | |||
393 | u8 (*get_cmd_code)(void *frame); | 420 | u8 (*get_cmd_code)(void *frame); |
394 | }; | 421 | }; |
395 | 422 | ||
423 | struct pn533_acr122_ccid_hdr { | ||
424 | u8 type; | ||
425 | u32 datalen; | ||
426 | u8 slot; | ||
427 | u8 seq; | ||
428 | u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific | ||
429 | byte for reposnse msg */ | ||
430 | u8 data[]; /* payload */ | ||
431 | } __packed; | ||
432 | |||
433 | struct pn533_acr122_apdu_hdr { | ||
434 | u8 class; | ||
435 | u8 ins; | ||
436 | u8 p1; | ||
437 | u8 p2; | ||
438 | } __packed; | ||
439 | |||
440 | struct pn533_acr122_tx_frame { | ||
441 | struct pn533_acr122_ccid_hdr ccid; | ||
442 | struct pn533_acr122_apdu_hdr apdu; | ||
443 | u8 datalen; | ||
444 | u8 data[]; /* pn533 frame: TFI ... */ | ||
445 | } __packed; | ||
446 | |||
447 | struct pn533_acr122_rx_frame { | ||
448 | struct pn533_acr122_ccid_hdr ccid; | ||
449 | u8 data[]; /* pn533 frame : TFI ... */ | ||
450 | } __packed; | ||
451 | |||
452 | static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code) | ||
453 | { | ||
454 | struct pn533_acr122_tx_frame *frame = _frame; | ||
455 | |||
456 | frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE; | ||
457 | frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) + | ||
458 | sizeof(datalen) */ | ||
459 | frame->ccid.slot = 0; | ||
460 | frame->ccid.seq = 0; | ||
461 | frame->ccid.params[0] = 0; | ||
462 | frame->ccid.params[1] = 0; | ||
463 | frame->ccid.params[2] = 0; | ||
464 | |||
465 | frame->data[0] = PN533_STD_FRAME_DIR_OUT; | ||
466 | frame->data[1] = cmd_code; | ||
467 | frame->datalen = 2; /* data[0] + data[1] */ | ||
468 | |||
469 | frame->apdu.class = 0xFF; | ||
470 | frame->apdu.ins = 0; | ||
471 | frame->apdu.p1 = 0; | ||
472 | frame->apdu.p2 = 0; | ||
473 | } | ||
474 | |||
475 | static void pn533_acr122_tx_frame_finish(void *_frame) | ||
476 | { | ||
477 | struct pn533_acr122_tx_frame *frame = _frame; | ||
478 | |||
479 | frame->ccid.datalen += frame->datalen; | ||
480 | } | ||
481 | |||
482 | static void pn533_acr122_tx_update_payload_len(void *_frame, int len) | ||
483 | { | ||
484 | struct pn533_acr122_tx_frame *frame = _frame; | ||
485 | |||
486 | frame->datalen += len; | ||
487 | } | ||
488 | |||
489 | static bool pn533_acr122_is_rx_frame_valid(void *_frame) | ||
490 | { | ||
491 | struct pn533_acr122_rx_frame *frame = _frame; | ||
492 | |||
493 | if (frame->ccid.type != 0x83) | ||
494 | return false; | ||
495 | |||
496 | if (frame->data[frame->ccid.datalen - 2] == 0x63) | ||
497 | return false; | ||
498 | |||
499 | return true; | ||
500 | } | ||
501 | |||
502 | static int pn533_acr122_rx_frame_size(void *frame) | ||
503 | { | ||
504 | struct pn533_acr122_rx_frame *f = frame; | ||
505 | |||
506 | /* f->ccid.datalen already includes tail length */ | ||
507 | return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen; | ||
508 | } | ||
509 | |||
510 | static u8 pn533_acr122_get_cmd_code(void *frame) | ||
511 | { | ||
512 | struct pn533_acr122_rx_frame *f = frame; | ||
513 | |||
514 | return PN533_STD_FRAME_CMD(f); | ||
515 | } | ||
516 | |||
517 | static struct pn533_frame_ops pn533_acr122_frame_ops = { | ||
518 | .tx_frame_init = pn533_acr122_tx_frame_init, | ||
519 | .tx_frame_finish = pn533_acr122_tx_frame_finish, | ||
520 | .tx_update_payload_len = pn533_acr122_tx_update_payload_len, | ||
521 | .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN, | ||
522 | .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN, | ||
523 | |||
524 | .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid, | ||
525 | .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN, | ||
526 | .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN, | ||
527 | .rx_frame_size = pn533_acr122_rx_frame_size, | ||
528 | |||
529 | .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN, | ||
530 | .get_cmd_code = pn533_acr122_get_cmd_code, | ||
531 | }; | ||
532 | |||
396 | /* The rule: value + checksum = 0 */ | 533 | /* The rule: value + checksum = 0 */ |
397 | static inline u8 pn533_checksum(u8 value) | 534 | static inline u8 pn533_std_checksum(u8 value) |
398 | { | 535 | { |
399 | return ~value + 1; | 536 | return ~value + 1; |
400 | } | 537 | } |
401 | 538 | ||
402 | /* The rule: sum(data elements) + checksum = 0 */ | 539 | /* The rule: sum(data elements) + checksum = 0 */ |
403 | static u8 pn533_data_checksum(u8 *data, int datalen) | 540 | static u8 pn533_std_data_checksum(u8 *data, int datalen) |
404 | { | 541 | { |
405 | u8 sum = 0; | 542 | u8 sum = 0; |
406 | int i; | 543 | int i; |
@@ -408,61 +545,61 @@ static u8 pn533_data_checksum(u8 *data, int datalen) | |||
408 | for (i = 0; i < datalen; i++) | 545 | for (i = 0; i < datalen; i++) |
409 | sum += data[i]; | 546 | sum += data[i]; |
410 | 547 | ||
411 | return pn533_checksum(sum); | 548 | return pn533_std_checksum(sum); |
412 | } | 549 | } |
413 | 550 | ||
414 | static void pn533_tx_frame_init(void *_frame, u8 cmd_code) | 551 | static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code) |
415 | { | 552 | { |
416 | struct pn533_frame *frame = _frame; | 553 | struct pn533_std_frame *frame = _frame; |
417 | 554 | ||
418 | frame->preamble = 0; | 555 | frame->preamble = 0; |
419 | frame->start_frame = cpu_to_be16(PN533_SOF); | 556 | frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF); |
420 | PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT; | 557 | PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT; |
421 | PN533_FRAME_CMD(frame) = cmd_code; | 558 | PN533_STD_FRAME_CMD(frame) = cmd_code; |
422 | frame->datalen = 2; | 559 | frame->datalen = 2; |
423 | } | 560 | } |
424 | 561 | ||
425 | static void pn533_tx_frame_finish(void *_frame) | 562 | static void pn533_std_tx_frame_finish(void *_frame) |
426 | { | 563 | { |
427 | struct pn533_frame *frame = _frame; | 564 | struct pn533_std_frame *frame = _frame; |
428 | 565 | ||
429 | frame->datalen_checksum = pn533_checksum(frame->datalen); | 566 | frame->datalen_checksum = pn533_std_checksum(frame->datalen); |
430 | 567 | ||
431 | PN533_FRAME_CHECKSUM(frame) = | 568 | PN533_STD_FRAME_CHECKSUM(frame) = |
432 | pn533_data_checksum(frame->data, frame->datalen); | 569 | pn533_std_data_checksum(frame->data, frame->datalen); |
433 | 570 | ||
434 | PN533_FRAME_POSTAMBLE(frame) = 0; | 571 | PN533_STD_FRAME_POSTAMBLE(frame) = 0; |
435 | } | 572 | } |
436 | 573 | ||
437 | static void pn533_tx_update_payload_len(void *_frame, int len) | 574 | static void pn533_std_tx_update_payload_len(void *_frame, int len) |
438 | { | 575 | { |
439 | struct pn533_frame *frame = _frame; | 576 | struct pn533_std_frame *frame = _frame; |
440 | 577 | ||
441 | frame->datalen += len; | 578 | frame->datalen += len; |
442 | } | 579 | } |
443 | 580 | ||
444 | static bool pn533_rx_frame_is_valid(void *_frame) | 581 | static bool pn533_std_rx_frame_is_valid(void *_frame) |
445 | { | 582 | { |
446 | u8 checksum; | 583 | u8 checksum; |
447 | struct pn533_frame *frame = _frame; | 584 | struct pn533_std_frame *frame = _frame; |
448 | 585 | ||
449 | if (frame->start_frame != cpu_to_be16(PN533_SOF)) | 586 | if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF)) |
450 | return false; | 587 | return false; |
451 | 588 | ||
452 | checksum = pn533_checksum(frame->datalen); | 589 | checksum = pn533_std_checksum(frame->datalen); |
453 | if (checksum != frame->datalen_checksum) | 590 | if (checksum != frame->datalen_checksum) |
454 | return false; | 591 | return false; |
455 | 592 | ||
456 | checksum = pn533_data_checksum(frame->data, frame->datalen); | 593 | checksum = pn533_std_data_checksum(frame->data, frame->datalen); |
457 | if (checksum != PN533_FRAME_CHECKSUM(frame)) | 594 | if (checksum != PN533_STD_FRAME_CHECKSUM(frame)) |
458 | return false; | 595 | return false; |
459 | 596 | ||
460 | return true; | 597 | return true; |
461 | } | 598 | } |
462 | 599 | ||
463 | static bool pn533_rx_frame_is_ack(struct pn533_frame *frame) | 600 | static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame) |
464 | { | 601 | { |
465 | if (frame->start_frame != cpu_to_be16(PN533_SOF)) | 602 | if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF)) |
466 | return false; | 603 | return false; |
467 | 604 | ||
468 | if (frame->datalen != 0 || frame->datalen_checksum != 0xFF) | 605 | if (frame->datalen != 0 || frame->datalen_checksum != 0xFF) |
@@ -471,57 +608,51 @@ static bool pn533_rx_frame_is_ack(struct pn533_frame *frame) | |||
471 | return true; | 608 | return true; |
472 | } | 609 | } |
473 | 610 | ||
474 | static inline int pn533_rx_frame_size(void *frame) | 611 | static inline int pn533_std_rx_frame_size(void *frame) |
475 | { | 612 | { |
476 | struct pn533_frame *f = frame; | 613 | struct pn533_std_frame *f = frame; |
477 | 614 | ||
478 | return sizeof(struct pn533_frame) + f->datalen + PN533_FRAME_TAIL_LEN; | 615 | return sizeof(struct pn533_std_frame) + f->datalen + |
616 | PN533_STD_FRAME_TAIL_LEN; | ||
479 | } | 617 | } |
480 | 618 | ||
481 | static u8 pn533_get_cmd_code(void *frame) | 619 | static u8 pn533_std_get_cmd_code(void *frame) |
482 | { | 620 | { |
483 | struct pn533_frame *f = frame; | 621 | struct pn533_std_frame *f = frame; |
484 | 622 | ||
485 | return PN533_FRAME_CMD(f); | 623 | return PN533_STD_FRAME_CMD(f); |
486 | } | 624 | } |
487 | 625 | ||
488 | static struct pn533_frame_ops pn533_std_frame_ops = { | 626 | static struct pn533_frame_ops pn533_std_frame_ops = { |
489 | .tx_frame_init = pn533_tx_frame_init, | 627 | .tx_frame_init = pn533_std_tx_frame_init, |
490 | .tx_frame_finish = pn533_tx_frame_finish, | 628 | .tx_frame_finish = pn533_std_tx_frame_finish, |
491 | .tx_update_payload_len = pn533_tx_update_payload_len, | 629 | .tx_update_payload_len = pn533_std_tx_update_payload_len, |
492 | .tx_header_len = PN533_FRAME_HEADER_LEN, | 630 | .tx_header_len = PN533_STD_FRAME_HEADER_LEN, |
493 | .tx_tail_len = PN533_FRAME_TAIL_LEN, | 631 | .tx_tail_len = PN533_STD_FRAME_TAIL_LEN, |
494 | 632 | ||
495 | .rx_is_frame_valid = pn533_rx_frame_is_valid, | 633 | .rx_is_frame_valid = pn533_std_rx_frame_is_valid, |
496 | .rx_frame_size = pn533_rx_frame_size, | 634 | .rx_frame_size = pn533_std_rx_frame_size, |
497 | .rx_header_len = PN533_FRAME_HEADER_LEN, | 635 | .rx_header_len = PN533_STD_FRAME_HEADER_LEN, |
498 | .rx_tail_len = PN533_FRAME_TAIL_LEN, | 636 | .rx_tail_len = PN533_STD_FRAME_TAIL_LEN, |
499 | 637 | ||
500 | .max_payload_len = PN533_FRAME_MAX_PAYLOAD_LEN, | 638 | .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN, |
501 | .get_cmd_code = pn533_get_cmd_code, | 639 | .get_cmd_code = pn533_std_get_cmd_code, |
502 | }; | 640 | }; |
503 | 641 | ||
504 | static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame) | 642 | static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame) |
505 | { | 643 | { |
506 | return (dev->ops->get_cmd_code(frame) == PN533_CMD_RESPONSE(dev->cmd)); | 644 | return (dev->ops->get_cmd_code(frame) == |
507 | } | 645 | PN533_CMD_RESPONSE(dev->cmd->code)); |
508 | |||
509 | |||
510 | static void pn533_wq_cmd_complete(struct work_struct *work) | ||
511 | { | ||
512 | struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work); | ||
513 | int rc; | ||
514 | |||
515 | rc = dev->cmd_complete(dev, dev->cmd_complete_arg, dev->wq_in_error); | ||
516 | if (rc != -EINPROGRESS) | ||
517 | queue_work(dev->wq, &dev->cmd_work); | ||
518 | } | 646 | } |
519 | 647 | ||
520 | static void pn533_recv_response(struct urb *urb) | 648 | static void pn533_recv_response(struct urb *urb) |
521 | { | 649 | { |
522 | struct pn533 *dev = urb->context; | 650 | struct pn533 *dev = urb->context; |
651 | struct pn533_cmd *cmd = dev->cmd; | ||
523 | u8 *in_frame; | 652 | u8 *in_frame; |
524 | 653 | ||
654 | cmd->status = urb->status; | ||
655 | |||
525 | switch (urb->status) { | 656 | switch (urb->status) { |
526 | case 0: | 657 | case 0: |
527 | break; /* success */ | 658 | break; /* success */ |
@@ -530,37 +661,33 @@ static void pn533_recv_response(struct urb *urb) | |||
530 | nfc_dev_dbg(&dev->interface->dev, | 661 | nfc_dev_dbg(&dev->interface->dev, |
531 | "The urb has been canceled (status %d)", | 662 | "The urb has been canceled (status %d)", |
532 | urb->status); | 663 | urb->status); |
533 | dev->wq_in_error = urb->status; | ||
534 | goto sched_wq; | 664 | goto sched_wq; |
535 | case -ESHUTDOWN: | 665 | case -ESHUTDOWN: |
536 | default: | 666 | default: |
537 | nfc_dev_err(&dev->interface->dev, | 667 | nfc_dev_err(&dev->interface->dev, |
538 | "Urb failure (status %d)", urb->status); | 668 | "Urb failure (status %d)", urb->status); |
539 | dev->wq_in_error = urb->status; | ||
540 | goto sched_wq; | 669 | goto sched_wq; |
541 | } | 670 | } |
542 | 671 | ||
543 | in_frame = dev->in_urb->transfer_buffer; | 672 | in_frame = dev->in_urb->transfer_buffer; |
544 | 673 | ||
545 | nfc_dev_dbg(&dev->interface->dev, "Received a frame."); | 674 | nfc_dev_dbg(&dev->interface->dev, "Received a frame."); |
546 | print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, | 675 | print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame, |
547 | in_frame, dev->ops->rx_frame_size(in_frame), false); | 676 | dev->ops->rx_frame_size(in_frame), false); |
548 | 677 | ||
549 | if (!dev->ops->rx_is_frame_valid(in_frame)) { | 678 | if (!dev->ops->rx_is_frame_valid(in_frame)) { |
550 | nfc_dev_err(&dev->interface->dev, "Received an invalid frame"); | 679 | nfc_dev_err(&dev->interface->dev, "Received an invalid frame"); |
551 | dev->wq_in_error = -EIO; | 680 | cmd->status = -EIO; |
552 | goto sched_wq; | 681 | goto sched_wq; |
553 | } | 682 | } |
554 | 683 | ||
555 | if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) { | 684 | if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) { |
556 | nfc_dev_err(&dev->interface->dev, | 685 | nfc_dev_err(&dev->interface->dev, |
557 | "It it not the response to the last command"); | 686 | "It it not the response to the last command"); |
558 | dev->wq_in_error = -EIO; | 687 | cmd->status = -EIO; |
559 | goto sched_wq; | 688 | goto sched_wq; |
560 | } | 689 | } |
561 | 690 | ||
562 | dev->wq_in_error = 0; | ||
563 | |||
564 | sched_wq: | 691 | sched_wq: |
565 | queue_work(dev->wq, &dev->cmd_complete_work); | 692 | queue_work(dev->wq, &dev->cmd_complete_work); |
566 | } | 693 | } |
@@ -575,9 +702,12 @@ static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags) | |||
575 | static void pn533_recv_ack(struct urb *urb) | 702 | static void pn533_recv_ack(struct urb *urb) |
576 | { | 703 | { |
577 | struct pn533 *dev = urb->context; | 704 | struct pn533 *dev = urb->context; |
578 | struct pn533_frame *in_frame; | 705 | struct pn533_cmd *cmd = dev->cmd; |
706 | struct pn533_std_frame *in_frame; | ||
579 | int rc; | 707 | int rc; |
580 | 708 | ||
709 | cmd->status = urb->status; | ||
710 | |||
581 | switch (urb->status) { | 711 | switch (urb->status) { |
582 | case 0: | 712 | case 0: |
583 | break; /* success */ | 713 | break; /* success */ |
@@ -586,21 +716,19 @@ static void pn533_recv_ack(struct urb *urb) | |||
586 | nfc_dev_dbg(&dev->interface->dev, | 716 | nfc_dev_dbg(&dev->interface->dev, |
587 | "The urb has been stopped (status %d)", | 717 | "The urb has been stopped (status %d)", |
588 | urb->status); | 718 | urb->status); |
589 | dev->wq_in_error = urb->status; | ||
590 | goto sched_wq; | 719 | goto sched_wq; |
591 | case -ESHUTDOWN: | 720 | case -ESHUTDOWN: |
592 | default: | 721 | default: |
593 | nfc_dev_err(&dev->interface->dev, | 722 | nfc_dev_err(&dev->interface->dev, |
594 | "Urb failure (status %d)", urb->status); | 723 | "Urb failure (status %d)", urb->status); |
595 | dev->wq_in_error = urb->status; | ||
596 | goto sched_wq; | 724 | goto sched_wq; |
597 | } | 725 | } |
598 | 726 | ||
599 | in_frame = dev->in_urb->transfer_buffer; | 727 | in_frame = dev->in_urb->transfer_buffer; |
600 | 728 | ||
601 | if (!pn533_rx_frame_is_ack(in_frame)) { | 729 | if (!pn533_std_rx_frame_is_ack(in_frame)) { |
602 | nfc_dev_err(&dev->interface->dev, "Received an invalid ack"); | 730 | nfc_dev_err(&dev->interface->dev, "Received an invalid ack"); |
603 | dev->wq_in_error = -EIO; | 731 | cmd->status = -EIO; |
604 | goto sched_wq; | 732 | goto sched_wq; |
605 | } | 733 | } |
606 | 734 | ||
@@ -608,7 +736,7 @@ static void pn533_recv_ack(struct urb *urb) | |||
608 | if (rc) { | 736 | if (rc) { |
609 | nfc_dev_err(&dev->interface->dev, | 737 | nfc_dev_err(&dev->interface->dev, |
610 | "usb_submit_urb failed with result %d", rc); | 738 | "usb_submit_urb failed with result %d", rc); |
611 | dev->wq_in_error = rc; | 739 | cmd->status = rc; |
612 | goto sched_wq; | 740 | goto sched_wq; |
613 | } | 741 | } |
614 | 742 | ||
@@ -627,7 +755,7 @@ static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags) | |||
627 | 755 | ||
628 | static int pn533_send_ack(struct pn533 *dev, gfp_t flags) | 756 | static int pn533_send_ack(struct pn533 *dev, gfp_t flags) |
629 | { | 757 | { |
630 | u8 ack[PN533_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00}; | 758 | u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00}; |
631 | /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */ | 759 | /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */ |
632 | int rc; | 760 | int rc; |
633 | 761 | ||
@@ -643,32 +771,34 @@ static int pn533_send_ack(struct pn533 *dev, gfp_t flags) | |||
643 | static int __pn533_send_frame_async(struct pn533 *dev, | 771 | static int __pn533_send_frame_async(struct pn533 *dev, |
644 | struct sk_buff *out, | 772 | struct sk_buff *out, |
645 | struct sk_buff *in, | 773 | struct sk_buff *in, |
646 | int in_len, | 774 | int in_len) |
647 | pn533_cmd_complete_t cmd_complete, | ||
648 | void *arg) | ||
649 | { | 775 | { |
650 | int rc; | 776 | int rc; |
651 | 777 | ||
652 | dev->cmd = dev->ops->get_cmd_code(out->data); | ||
653 | dev->cmd_complete = cmd_complete; | ||
654 | dev->cmd_complete_arg = arg; | ||
655 | |||
656 | dev->out_urb->transfer_buffer = out->data; | 778 | dev->out_urb->transfer_buffer = out->data; |
657 | dev->out_urb->transfer_buffer_length = out->len; | 779 | dev->out_urb->transfer_buffer_length = out->len; |
658 | 780 | ||
659 | dev->in_urb->transfer_buffer = in->data; | 781 | dev->in_urb->transfer_buffer = in->data; |
660 | dev->in_urb->transfer_buffer_length = in_len; | 782 | dev->in_urb->transfer_buffer_length = in_len; |
661 | 783 | ||
662 | print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1, | 784 | print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1, |
663 | out->data, out->len, false); | 785 | out->data, out->len, false); |
664 | 786 | ||
665 | rc = usb_submit_urb(dev->out_urb, GFP_KERNEL); | 787 | rc = usb_submit_urb(dev->out_urb, GFP_KERNEL); |
666 | if (rc) | 788 | if (rc) |
667 | return rc; | 789 | return rc; |
668 | 790 | ||
669 | rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL); | 791 | if (dev->protocol_type == PN533_PROTO_REQ_RESP) { |
670 | if (rc) | 792 | /* request for response for sent packet directly */ |
671 | goto error; | 793 | rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC); |
794 | if (rc) | ||
795 | goto error; | ||
796 | } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) { | ||
797 | /* request for ACK if that's the case */ | ||
798 | rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL); | ||
799 | if (rc) | ||
800 | goto error; | ||
801 | } | ||
672 | 802 | ||
673 | return 0; | 803 | return 0; |
674 | 804 | ||
@@ -693,39 +823,34 @@ static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code, | |||
693 | ops->tx_frame_finish(skb->data); | 823 | ops->tx_frame_finish(skb->data); |
694 | } | 824 | } |
695 | 825 | ||
696 | struct pn533_send_async_complete_arg { | 826 | static int pn533_send_async_complete(struct pn533 *dev) |
697 | pn533_send_async_complete_t complete_cb; | ||
698 | void *complete_cb_context; | ||
699 | struct sk_buff *resp; | ||
700 | struct sk_buff *req; | ||
701 | }; | ||
702 | |||
703 | static int pn533_send_async_complete(struct pn533 *dev, void *_arg, int status) | ||
704 | { | 827 | { |
705 | struct pn533_send_async_complete_arg *arg = _arg; | 828 | struct pn533_cmd *cmd = dev->cmd; |
829 | int status = cmd->status; | ||
706 | 830 | ||
707 | struct sk_buff *req = arg->req; | 831 | struct sk_buff *req = cmd->req; |
708 | struct sk_buff *resp = arg->resp; | 832 | struct sk_buff *resp = cmd->resp; |
709 | 833 | ||
710 | int rc; | 834 | int rc; |
711 | 835 | ||
712 | dev_kfree_skb(req); | 836 | dev_kfree_skb(req); |
713 | 837 | ||
714 | if (status < 0) { | 838 | if (status < 0) { |
715 | arg->complete_cb(dev, arg->complete_cb_context, | 839 | rc = cmd->complete_cb(dev, cmd->complete_cb_context, |
716 | ERR_PTR(status)); | 840 | ERR_PTR(status)); |
717 | dev_kfree_skb(resp); | 841 | dev_kfree_skb(resp); |
718 | kfree(arg); | 842 | goto done; |
719 | return status; | ||
720 | } | 843 | } |
721 | 844 | ||
722 | skb_put(resp, dev->ops->rx_frame_size(resp->data)); | 845 | skb_put(resp, dev->ops->rx_frame_size(resp->data)); |
723 | skb_pull(resp, dev->ops->rx_header_len); | 846 | skb_pull(resp, dev->ops->rx_header_len); |
724 | skb_trim(resp, resp->len - dev->ops->rx_tail_len); | 847 | skb_trim(resp, resp->len - dev->ops->rx_tail_len); |
725 | 848 | ||
726 | rc = arg->complete_cb(dev, arg->complete_cb_context, resp); | 849 | rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp); |
727 | 850 | ||
728 | kfree(arg); | 851 | done: |
852 | kfree(cmd); | ||
853 | dev->cmd = NULL; | ||
729 | return rc; | 854 | return rc; |
730 | } | 855 | } |
731 | 856 | ||
@@ -736,56 +861,45 @@ static int __pn533_send_async(struct pn533 *dev, u8 cmd_code, | |||
736 | void *complete_cb_context) | 861 | void *complete_cb_context) |
737 | { | 862 | { |
738 | struct pn533_cmd *cmd; | 863 | struct pn533_cmd *cmd; |
739 | struct pn533_send_async_complete_arg *arg; | ||
740 | int rc = 0; | 864 | int rc = 0; |
741 | 865 | ||
742 | nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code); | 866 | nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code); |
743 | 867 | ||
744 | arg = kzalloc(sizeof(*arg), GFP_KERNEL); | 868 | cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); |
745 | if (!arg) | 869 | if (!cmd) |
746 | return -ENOMEM; | 870 | return -ENOMEM; |
747 | 871 | ||
748 | arg->complete_cb = complete_cb; | 872 | cmd->code = cmd_code; |
749 | arg->complete_cb_context = complete_cb_context; | 873 | cmd->req = req; |
750 | arg->resp = resp; | 874 | cmd->resp = resp; |
751 | arg->req = req; | 875 | cmd->resp_len = resp_len; |
876 | cmd->complete_cb = complete_cb; | ||
877 | cmd->complete_cb_context = complete_cb_context; | ||
752 | 878 | ||
753 | pn533_build_cmd_frame(dev, cmd_code, req); | 879 | pn533_build_cmd_frame(dev, cmd_code, req); |
754 | 880 | ||
755 | mutex_lock(&dev->cmd_lock); | 881 | mutex_lock(&dev->cmd_lock); |
756 | 882 | ||
757 | if (!dev->cmd_pending) { | 883 | if (!dev->cmd_pending) { |
758 | rc = __pn533_send_frame_async(dev, req, resp, resp_len, | 884 | rc = __pn533_send_frame_async(dev, req, resp, resp_len); |
759 | pn533_send_async_complete, arg); | ||
760 | if (rc) | 885 | if (rc) |
761 | goto error; | 886 | goto error; |
762 | 887 | ||
763 | dev->cmd_pending = 1; | 888 | dev->cmd_pending = 1; |
889 | dev->cmd = cmd; | ||
764 | goto unlock; | 890 | goto unlock; |
765 | } | 891 | } |
766 | 892 | ||
767 | nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__, | 893 | nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__, |
768 | cmd_code); | 894 | cmd_code); |
769 | 895 | ||
770 | cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL); | ||
771 | if (!cmd) { | ||
772 | rc = -ENOMEM; | ||
773 | goto error; | ||
774 | } | ||
775 | |||
776 | INIT_LIST_HEAD(&cmd->queue); | 896 | INIT_LIST_HEAD(&cmd->queue); |
777 | cmd->cmd_code = cmd_code; | ||
778 | cmd->req = req; | ||
779 | cmd->resp = resp; | ||
780 | cmd->resp_len = resp_len; | ||
781 | cmd->arg = arg; | ||
782 | |||
783 | list_add_tail(&cmd->queue, &dev->cmd_queue); | 897 | list_add_tail(&cmd->queue, &dev->cmd_queue); |
784 | 898 | ||
785 | goto unlock; | 899 | goto unlock; |
786 | 900 | ||
787 | error: | 901 | error: |
788 | kfree(arg); | 902 | kfree(cmd); |
789 | unlock: | 903 | unlock: |
790 | mutex_unlock(&dev->cmd_lock); | 904 | mutex_unlock(&dev->cmd_lock); |
791 | return rc; | 905 | return rc; |
@@ -850,8 +964,8 @@ static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code, | |||
850 | pn533_send_async_complete_t complete_cb, | 964 | pn533_send_async_complete_t complete_cb, |
851 | void *complete_cb_context) | 965 | void *complete_cb_context) |
852 | { | 966 | { |
853 | struct pn533_send_async_complete_arg *arg; | ||
854 | struct sk_buff *resp; | 967 | struct sk_buff *resp; |
968 | struct pn533_cmd *cmd; | ||
855 | int rc; | 969 | int rc; |
856 | int resp_len = dev->ops->rx_header_len + | 970 | int resp_len = dev->ops->rx_header_len + |
857 | dev->ops->max_payload_len + | 971 | dev->ops->max_payload_len + |
@@ -861,33 +975,47 @@ static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code, | |||
861 | if (!resp) | 975 | if (!resp) |
862 | return -ENOMEM; | 976 | return -ENOMEM; |
863 | 977 | ||
864 | arg = kzalloc(sizeof(*arg), GFP_KERNEL); | 978 | cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); |
865 | if (!arg) { | 979 | if (!cmd) { |
866 | dev_kfree_skb(resp); | 980 | dev_kfree_skb(resp); |
867 | return -ENOMEM; | 981 | return -ENOMEM; |
868 | } | 982 | } |
869 | 983 | ||
870 | arg->complete_cb = complete_cb; | 984 | cmd->code = cmd_code; |
871 | arg->complete_cb_context = complete_cb_context; | 985 | cmd->req = req; |
872 | arg->resp = resp; | 986 | cmd->resp = resp; |
873 | arg->req = req; | 987 | cmd->resp_len = resp_len; |
988 | cmd->complete_cb = complete_cb; | ||
989 | cmd->complete_cb_context = complete_cb_context; | ||
874 | 990 | ||
875 | pn533_build_cmd_frame(dev, cmd_code, req); | 991 | pn533_build_cmd_frame(dev, cmd_code, req); |
876 | 992 | ||
877 | rc = __pn533_send_frame_async(dev, req, resp, resp_len, | 993 | rc = __pn533_send_frame_async(dev, req, resp, resp_len); |
878 | pn533_send_async_complete, arg); | ||
879 | if (rc < 0) { | 994 | if (rc < 0) { |
880 | dev_kfree_skb(resp); | 995 | dev_kfree_skb(resp); |
881 | kfree(arg); | 996 | kfree(cmd); |
997 | } else { | ||
998 | dev->cmd = cmd; | ||
882 | } | 999 | } |
883 | 1000 | ||
884 | return rc; | 1001 | return rc; |
885 | } | 1002 | } |
886 | 1003 | ||
1004 | static void pn533_wq_cmd_complete(struct work_struct *work) | ||
1005 | { | ||
1006 | struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work); | ||
1007 | int rc; | ||
1008 | |||
1009 | rc = pn533_send_async_complete(dev); | ||
1010 | if (rc != -EINPROGRESS) | ||
1011 | queue_work(dev->wq, &dev->cmd_work); | ||
1012 | } | ||
1013 | |||
887 | static void pn533_wq_cmd(struct work_struct *work) | 1014 | static void pn533_wq_cmd(struct work_struct *work) |
888 | { | 1015 | { |
889 | struct pn533 *dev = container_of(work, struct pn533, cmd_work); | 1016 | struct pn533 *dev = container_of(work, struct pn533, cmd_work); |
890 | struct pn533_cmd *cmd; | 1017 | struct pn533_cmd *cmd; |
1018 | int rc; | ||
891 | 1019 | ||
892 | mutex_lock(&dev->cmd_lock); | 1020 | mutex_lock(&dev->cmd_lock); |
893 | 1021 | ||
@@ -903,10 +1031,15 @@ static void pn533_wq_cmd(struct work_struct *work) | |||
903 | 1031 | ||
904 | mutex_unlock(&dev->cmd_lock); | 1032 | mutex_unlock(&dev->cmd_lock); |
905 | 1033 | ||
906 | __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len, | 1034 | rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len); |
907 | pn533_send_async_complete, cmd->arg); | 1035 | if (rc < 0) { |
1036 | dev_kfree_skb(cmd->req); | ||
1037 | dev_kfree_skb(cmd->resp); | ||
1038 | kfree(cmd); | ||
1039 | return; | ||
1040 | } | ||
908 | 1041 | ||
909 | kfree(cmd); | 1042 | dev->cmd = cmd; |
910 | } | 1043 | } |
911 | 1044 | ||
912 | struct pn533_sync_cmd_response { | 1045 | struct pn533_sync_cmd_response { |
@@ -982,6 +1115,23 @@ static void pn533_send_complete(struct urb *urb) | |||
982 | } | 1115 | } |
983 | } | 1116 | } |
984 | 1117 | ||
1118 | static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags) | ||
1119 | { | ||
1120 | /* ACR122U does not support any command which aborts last | ||
1121 | * issued command i.e. as ACK for standard PN533. Additionally, | ||
1122 | * it behaves stange, sending broken or incorrect responses, | ||
1123 | * when we cancel urb before the chip will send response. | ||
1124 | */ | ||
1125 | if (dev->device_type == PN533_DEVICE_ACR122U) | ||
1126 | return; | ||
1127 | |||
1128 | /* An ack will cancel the last issued command */ | ||
1129 | pn533_send_ack(dev, flags); | ||
1130 | |||
1131 | /* cancel the urb request */ | ||
1132 | usb_kill_urb(dev->in_urb); | ||
1133 | } | ||
1134 | |||
985 | static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size) | 1135 | static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size) |
986 | { | 1136 | { |
987 | struct sk_buff *skb; | 1137 | struct sk_buff *skb; |
@@ -1500,9 +1650,6 @@ static void pn533_listen_mode_timer(unsigned long data) | |||
1500 | 1650 | ||
1501 | nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout"); | 1651 | nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout"); |
1502 | 1652 | ||
1503 | /* An ack will cancel the last issued command (poll) */ | ||
1504 | pn533_send_ack(dev, GFP_ATOMIC); | ||
1505 | |||
1506 | dev->cancel_listen = 1; | 1653 | dev->cancel_listen = 1; |
1507 | 1654 | ||
1508 | pn533_poll_next_mod(dev); | 1655 | pn533_poll_next_mod(dev); |
@@ -1549,6 +1696,11 @@ static int pn533_poll_complete(struct pn533 *dev, void *arg, | |||
1549 | if (!rc) | 1696 | if (!rc) |
1550 | goto done; | 1697 | goto done; |
1551 | 1698 | ||
1699 | if (!dev->poll_mod_count) { | ||
1700 | nfc_dev_dbg(&dev->interface->dev, "Polling has been stoped."); | ||
1701 | goto done; | ||
1702 | } | ||
1703 | |||
1552 | pn533_poll_next_mod(dev); | 1704 | pn533_poll_next_mod(dev); |
1553 | queue_work(dev->wq, &dev->poll_work); | 1705 | queue_work(dev->wq, &dev->poll_work); |
1554 | 1706 | ||
@@ -1627,7 +1779,7 @@ static void pn533_wq_poll(struct work_struct *work) | |||
1627 | 1779 | ||
1628 | if (dev->cancel_listen == 1) { | 1780 | if (dev->cancel_listen == 1) { |
1629 | dev->cancel_listen = 0; | 1781 | dev->cancel_listen = 0; |
1630 | usb_kill_urb(dev->in_urb); | 1782 | pn533_abort_cmd(dev, GFP_ATOMIC); |
1631 | } | 1783 | } |
1632 | 1784 | ||
1633 | rc = pn533_send_poll_frame(dev); | 1785 | rc = pn533_send_poll_frame(dev); |
@@ -1689,12 +1841,7 @@ static void pn533_stop_poll(struct nfc_dev *nfc_dev) | |||
1689 | return; | 1841 | return; |
1690 | } | 1842 | } |
1691 | 1843 | ||
1692 | /* An ack will cancel the last issued command (poll) */ | 1844 | pn533_abort_cmd(dev, GFP_KERNEL); |
1693 | pn533_send_ack(dev, GFP_KERNEL); | ||
1694 | |||
1695 | /* prevent pn533_start_poll_complete to issue a new poll meanwhile */ | ||
1696 | usb_kill_urb(dev->in_urb); | ||
1697 | |||
1698 | pn533_poll_reset_mod_list(dev); | 1845 | pn533_poll_reset_mod_list(dev); |
1699 | } | 1846 | } |
1700 | 1847 | ||
@@ -1723,6 +1870,8 @@ static int pn533_activate_target_nfcdep(struct pn533 *dev) | |||
1723 | rsp = (struct pn533_cmd_activate_response *)resp->data; | 1870 | rsp = (struct pn533_cmd_activate_response *)resp->data; |
1724 | rc = rsp->status & PN533_CMD_RET_MASK; | 1871 | rc = rsp->status & PN533_CMD_RET_MASK; |
1725 | if (rc != PN533_CMD_RET_SUCCESS) { | 1872 | if (rc != PN533_CMD_RET_SUCCESS) { |
1873 | nfc_dev_err(&dev->interface->dev, | ||
1874 | "Target activation failed (error 0x%x)", rc); | ||
1726 | dev_kfree_skb(resp); | 1875 | dev_kfree_skb(resp); |
1727 | return -EIO; | 1876 | return -EIO; |
1728 | } | 1877 | } |
@@ -1850,7 +1999,7 @@ static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg, | |||
1850 | rc = rsp->status & PN533_CMD_RET_MASK; | 1999 | rc = rsp->status & PN533_CMD_RET_MASK; |
1851 | if (rc != PN533_CMD_RET_SUCCESS) { | 2000 | if (rc != PN533_CMD_RET_SUCCESS) { |
1852 | nfc_dev_err(&dev->interface->dev, | 2001 | nfc_dev_err(&dev->interface->dev, |
1853 | "Bringing DEP link up failed %d", rc); | 2002 | "Bringing DEP link up failed (error 0x%x)", rc); |
1854 | goto error; | 2003 | goto error; |
1855 | } | 2004 | } |
1856 | 2005 | ||
@@ -1985,10 +2134,8 @@ static int pn533_dep_link_down(struct nfc_dev *nfc_dev) | |||
1985 | 2134 | ||
1986 | pn533_poll_reset_mod_list(dev); | 2135 | pn533_poll_reset_mod_list(dev); |
1987 | 2136 | ||
1988 | if (dev->tgt_mode || dev->tgt_active_prot) { | 2137 | if (dev->tgt_mode || dev->tgt_active_prot) |
1989 | pn533_send_ack(dev, GFP_KERNEL); | 2138 | pn533_abort_cmd(dev, GFP_KERNEL); |
1990 | usb_kill_urb(dev->in_urb); | ||
1991 | } | ||
1992 | 2139 | ||
1993 | dev->tgt_active_prot = 0; | 2140 | dev->tgt_active_prot = 0; |
1994 | dev->tgt_mode = 0; | 2141 | dev->tgt_mode = 0; |
@@ -2064,8 +2211,7 @@ static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg, | |||
2064 | 2211 | ||
2065 | if (ret != PN533_CMD_RET_SUCCESS) { | 2212 | if (ret != PN533_CMD_RET_SUCCESS) { |
2066 | nfc_dev_err(&dev->interface->dev, | 2213 | nfc_dev_err(&dev->interface->dev, |
2067 | "PN533 reported error %d when exchanging data", | 2214 | "Exchanging data failed (error 0x%x)", ret); |
2068 | ret); | ||
2069 | rc = -EIO; | 2215 | rc = -EIO; |
2070 | goto error; | 2216 | goto error; |
2071 | } | 2217 | } |
@@ -2253,7 +2399,7 @@ static void pn533_wq_mi_recv(struct work_struct *work) | |||
2253 | "Error %d when trying to perform data_exchange", rc); | 2399 | "Error %d when trying to perform data_exchange", rc); |
2254 | 2400 | ||
2255 | dev_kfree_skb(skb); | 2401 | dev_kfree_skb(skb); |
2256 | kfree(dev->cmd_complete_arg); | 2402 | kfree(dev->cmd_complete_mi_arg); |
2257 | 2403 | ||
2258 | error: | 2404 | error: |
2259 | pn533_send_ack(dev, GFP_KERNEL); | 2405 | pn533_send_ack(dev, GFP_KERNEL); |
@@ -2310,7 +2456,7 @@ static int pn533_get_firmware_version(struct pn533 *dev, | |||
2310 | return 0; | 2456 | return 0; |
2311 | } | 2457 | } |
2312 | 2458 | ||
2313 | static int pn533_fw_reset(struct pn533 *dev) | 2459 | static int pn533_pasori_fw_reset(struct pn533 *dev) |
2314 | { | 2460 | { |
2315 | struct sk_buff *skb; | 2461 | struct sk_buff *skb; |
2316 | struct sk_buff *resp; | 2462 | struct sk_buff *resp; |
@@ -2332,9 +2478,102 @@ static int pn533_fw_reset(struct pn533 *dev) | |||
2332 | return 0; | 2478 | return 0; |
2333 | } | 2479 | } |
2334 | 2480 | ||
2481 | struct pn533_acr122_poweron_rdr_arg { | ||
2482 | int rc; | ||
2483 | struct completion done; | ||
2484 | }; | ||
2485 | |||
2486 | static void pn533_acr122_poweron_rdr_resp(struct urb *urb) | ||
2487 | { | ||
2488 | struct pn533_acr122_poweron_rdr_arg *arg = urb->context; | ||
2489 | |||
2490 | nfc_dev_dbg(&urb->dev->dev, "%s", __func__); | ||
2491 | |||
2492 | print_hex_dump(KERN_ERR, "ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1, | ||
2493 | urb->transfer_buffer, urb->transfer_buffer_length, | ||
2494 | false); | ||
2495 | |||
2496 | arg->rc = urb->status; | ||
2497 | complete(&arg->done); | ||
2498 | } | ||
2499 | |||
2500 | static int pn533_acr122_poweron_rdr(struct pn533 *dev) | ||
2501 | { | ||
2502 | /* Power on th reader (CCID cmd) */ | ||
2503 | u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON, | ||
2504 | 0, 0, 0, 0, 0, 0, 3, 0, 0}; | ||
2505 | u8 buf[255]; | ||
2506 | int rc; | ||
2507 | void *cntx; | ||
2508 | struct pn533_acr122_poweron_rdr_arg arg; | ||
2509 | |||
2510 | nfc_dev_dbg(&dev->interface->dev, "%s", __func__); | ||
2511 | |||
2512 | init_completion(&arg.done); | ||
2513 | cntx = dev->in_urb->context; /* backup context */ | ||
2514 | |||
2515 | dev->in_urb->transfer_buffer = buf; | ||
2516 | dev->in_urb->transfer_buffer_length = 255; | ||
2517 | dev->in_urb->complete = pn533_acr122_poweron_rdr_resp; | ||
2518 | dev->in_urb->context = &arg; | ||
2519 | |||
2520 | dev->out_urb->transfer_buffer = cmd; | ||
2521 | dev->out_urb->transfer_buffer_length = sizeof(cmd); | ||
2522 | |||
2523 | print_hex_dump(KERN_ERR, "ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1, | ||
2524 | cmd, sizeof(cmd), false); | ||
2525 | |||
2526 | rc = usb_submit_urb(dev->out_urb, GFP_KERNEL); | ||
2527 | if (rc) { | ||
2528 | nfc_dev_err(&dev->interface->dev, | ||
2529 | "Reader power on cmd error %d", rc); | ||
2530 | return rc; | ||
2531 | } | ||
2532 | |||
2533 | rc = usb_submit_urb(dev->in_urb, GFP_KERNEL); | ||
2534 | if (rc) { | ||
2535 | nfc_dev_err(&dev->interface->dev, | ||
2536 | "Can't submit for reader power on cmd response %d", | ||
2537 | rc); | ||
2538 | return rc; | ||
2539 | } | ||
2540 | |||
2541 | wait_for_completion(&arg.done); | ||
2542 | dev->in_urb->context = cntx; /* restore context */ | ||
2543 | |||
2544 | return arg.rc; | ||
2545 | } | ||
2546 | |||
2547 | static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf) | ||
2548 | { | ||
2549 | struct pn533 *dev = nfc_get_drvdata(nfc_dev); | ||
2550 | u8 rf_field = !!rf; | ||
2551 | int rc; | ||
2552 | |||
2553 | rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD, | ||
2554 | (u8 *)&rf_field, 1); | ||
2555 | if (rc) { | ||
2556 | nfc_dev_err(&dev->interface->dev, | ||
2557 | "Error on setting RF field"); | ||
2558 | return rc; | ||
2559 | } | ||
2560 | |||
2561 | return rc; | ||
2562 | } | ||
2563 | |||
2564 | int pn533_dev_up(struct nfc_dev *nfc_dev) | ||
2565 | { | ||
2566 | return pn533_rf_field(nfc_dev, 1); | ||
2567 | } | ||
2568 | |||
2569 | int pn533_dev_down(struct nfc_dev *nfc_dev) | ||
2570 | { | ||
2571 | return pn533_rf_field(nfc_dev, 0); | ||
2572 | } | ||
2573 | |||
2335 | static struct nfc_ops pn533_nfc_ops = { | 2574 | static struct nfc_ops pn533_nfc_ops = { |
2336 | .dev_up = NULL, | 2575 | .dev_up = pn533_dev_up, |
2337 | .dev_down = NULL, | 2576 | .dev_down = pn533_dev_down, |
2338 | .dep_link_up = pn533_dep_link_up, | 2577 | .dep_link_up = pn533_dep_link_up, |
2339 | .dep_link_down = pn533_dep_link_down, | 2578 | .dep_link_down = pn533_dep_link_down, |
2340 | .start_poll = pn533_start_poll, | 2579 | .start_poll = pn533_start_poll, |
@@ -2366,6 +2605,7 @@ static int pn533_setup(struct pn533 *dev) | |||
2366 | break; | 2605 | break; |
2367 | 2606 | ||
2368 | case PN533_DEVICE_PASORI: | 2607 | case PN533_DEVICE_PASORI: |
2608 | case PN533_DEVICE_ACR122U: | ||
2369 | max_retries.mx_rty_atr = 0x2; | 2609 | max_retries.mx_rty_atr = 0x2; |
2370 | max_retries.mx_rty_psl = 0x1; | 2610 | max_retries.mx_rty_psl = 0x1; |
2371 | max_retries.mx_rty_passive_act = | 2611 | max_retries.mx_rty_passive_act = |
@@ -2405,7 +2645,7 @@ static int pn533_setup(struct pn533 *dev) | |||
2405 | break; | 2645 | break; |
2406 | 2646 | ||
2407 | case PN533_DEVICE_PASORI: | 2647 | case PN533_DEVICE_PASORI: |
2408 | pn533_fw_reset(dev); | 2648 | pn533_pasori_fw_reset(dev); |
2409 | 2649 | ||
2410 | rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI, | 2650 | rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI, |
2411 | pasori_cfg, 3); | 2651 | pasori_cfg, 3); |
@@ -2415,7 +2655,7 @@ static int pn533_setup(struct pn533 *dev) | |||
2415 | return rc; | 2655 | return rc; |
2416 | } | 2656 | } |
2417 | 2657 | ||
2418 | pn533_fw_reset(dev); | 2658 | pn533_pasori_fw_reset(dev); |
2419 | 2659 | ||
2420 | break; | 2660 | break; |
2421 | } | 2661 | } |
@@ -2496,6 +2736,7 @@ static int pn533_probe(struct usb_interface *interface, | |||
2496 | 2736 | ||
2497 | dev->ops = &pn533_std_frame_ops; | 2737 | dev->ops = &pn533_std_frame_ops; |
2498 | 2738 | ||
2739 | dev->protocol_type = PN533_PROTO_REQ_ACK_RESP; | ||
2499 | dev->device_type = id->driver_info; | 2740 | dev->device_type = id->driver_info; |
2500 | switch (dev->device_type) { | 2741 | switch (dev->device_type) { |
2501 | case PN533_DEVICE_STD: | 2742 | case PN533_DEVICE_STD: |
@@ -2506,6 +2747,20 @@ static int pn533_probe(struct usb_interface *interface, | |||
2506 | protocols = PN533_NO_TYPE_B_PROTOCOLS; | 2747 | protocols = PN533_NO_TYPE_B_PROTOCOLS; |
2507 | break; | 2748 | break; |
2508 | 2749 | ||
2750 | case PN533_DEVICE_ACR122U: | ||
2751 | protocols = PN533_NO_TYPE_B_PROTOCOLS; | ||
2752 | dev->ops = &pn533_acr122_frame_ops; | ||
2753 | dev->protocol_type = PN533_PROTO_REQ_RESP, | ||
2754 | |||
2755 | rc = pn533_acr122_poweron_rdr(dev); | ||
2756 | if (rc < 0) { | ||
2757 | nfc_dev_err(&dev->interface->dev, | ||
2758 | "Couldn't poweron the reader (error %d)", | ||
2759 | rc); | ||
2760 | goto destroy_wq; | ||
2761 | } | ||
2762 | break; | ||
2763 | |||
2509 | default: | 2764 | default: |
2510 | nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n", | 2765 | nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n", |
2511 | dev->device_type); | 2766 | dev->device_type); |
@@ -2555,6 +2810,7 @@ destroy_wq: | |||
2555 | error: | 2810 | error: |
2556 | usb_free_urb(dev->in_urb); | 2811 | usb_free_urb(dev->in_urb); |
2557 | usb_free_urb(dev->out_urb); | 2812 | usb_free_urb(dev->out_urb); |
2813 | usb_put_dev(dev->udev); | ||
2558 | kfree(dev); | 2814 | kfree(dev); |
2559 | return rc; | 2815 | return rc; |
2560 | } | 2816 | } |
@@ -2600,8 +2856,9 @@ static struct usb_driver pn533_driver = { | |||
2600 | 2856 | ||
2601 | module_usb_driver(pn533_driver); | 2857 | module_usb_driver(pn533_driver); |
2602 | 2858 | ||
2603 | MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>," | 2859 | MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>"); |
2604 | " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>"); | 2860 | MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>"); |
2861 | MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>"); | ||
2605 | MODULE_DESCRIPTION("PN533 usb driver ver " VERSION); | 2862 | MODULE_DESCRIPTION("PN533 usb driver ver " VERSION); |
2606 | MODULE_VERSION(VERSION); | 2863 | MODULE_VERSION(VERSION); |
2607 | MODULE_LICENSE("GPL"); | 2864 | MODULE_LICENSE("GPL"); |
diff --git a/drivers/nfc/pn544/Kconfig b/drivers/nfc/pn544/Kconfig index c277790ac71c..ccf06f5f6ebb 100644 --- a/drivers/nfc/pn544/Kconfig +++ b/drivers/nfc/pn544/Kconfig | |||
@@ -20,4 +20,15 @@ config NFC_PN544_I2C | |||
20 | Select this if your platform is using the i2c bus. | 20 | Select this if your platform is using the i2c bus. |
21 | 21 | ||
22 | If you choose to build a module, it'll be called pn544_i2c. | 22 | If you choose to build a module, it'll be called pn544_i2c. |
23 | Say N if unsure. \ No newline at end of file | 23 | Say N if unsure. |
24 | |||
25 | config NFC_PN544_MEI | ||
26 | tristate "NFC PN544 MEI support" | ||
27 | depends on NFC_PN544 && NFC_MEI_PHY | ||
28 | ---help--- | ||
29 | This module adds support for the mei interface of adapters using | ||
30 | NXP pn544 chipsets. Select this if your pn544 chipset | ||
31 | is handled by Intel's Management Engine Interface on your platform. | ||
32 | |||
33 | If you choose to build a module, it'll be called pn544_mei. | ||
34 | Say N if unsure. | ||
diff --git a/drivers/nfc/pn544/Makefile b/drivers/nfc/pn544/Makefile index ac076793687d..29fb5a174036 100644 --- a/drivers/nfc/pn544/Makefile +++ b/drivers/nfc/pn544/Makefile | |||
@@ -3,6 +3,8 @@ | |||
3 | # | 3 | # |
4 | 4 | ||
5 | pn544_i2c-objs = i2c.o | 5 | pn544_i2c-objs = i2c.o |
6 | pn544_mei-objs = mei.o | ||
6 | 7 | ||
7 | obj-$(CONFIG_NFC_PN544) += pn544.o | 8 | obj-$(CONFIG_NFC_PN544) += pn544.o |
8 | obj-$(CONFIG_NFC_PN544_I2C) += pn544_i2c.o | 9 | obj-$(CONFIG_NFC_PN544_I2C) += pn544_i2c.o |
10 | obj-$(CONFIG_NFC_PN544_MEI) += pn544_mei.o | ||
diff --git a/drivers/nfc/pn544/mei.c b/drivers/nfc/pn544/mei.c new file mode 100644 index 000000000000..1eb48848a35a --- /dev/null +++ b/drivers/nfc/pn544/mei.c | |||
@@ -0,0 +1,121 @@ | |||
1 | /* | ||
2 | * HCI based Driver for NXP pn544 NFC Chip | ||
3 | * | ||
4 | * Copyright (C) 2013 Intel Corporation. All rights reserved. | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify it | ||
7 | * under the terms and conditions of the GNU General Public License, | ||
8 | * version 2, as published by the Free Software Foundation. | ||
9 | * | ||
10 | * This program is distributed in the hope that it will be useful, | ||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
13 | * GNU General Public License for more details. | ||
14 | * | ||
15 | * You should have received a copy of the GNU General Public License | ||
16 | * along with this program; if not, write to the | ||
17 | * Free Software Foundation, Inc., | ||
18 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | #include <linux/module.h> | ||
22 | #include <linux/mod_devicetable.h> | ||
23 | #include <linux/nfc.h> | ||
24 | #include <net/nfc/hci.h> | ||
25 | #include <net/nfc/llc.h> | ||
26 | |||
27 | #include "../mei_phy.h" | ||
28 | #include "pn544.h" | ||
29 | |||
30 | #define PN544_DRIVER_NAME "pn544" | ||
31 | |||
32 | static int pn544_mei_probe(struct mei_cl_device *device, | ||
33 | const struct mei_cl_device_id *id) | ||
34 | { | ||
35 | struct nfc_mei_phy *phy; | ||
36 | int r; | ||
37 | |||
38 | pr_info("Probing NFC pn544\n"); | ||
39 | |||
40 | phy = nfc_mei_phy_alloc(device); | ||
41 | if (!phy) { | ||
42 | pr_err("Cannot allocate memory for pn544 mei phy.\n"); | ||
43 | return -ENOMEM; | ||
44 | } | ||
45 | |||
46 | r = mei_cl_register_event_cb(device, nfc_mei_event_cb, phy); | ||
47 | if (r) { | ||
48 | pr_err(PN544_DRIVER_NAME ": event cb registration failed\n"); | ||
49 | goto err_out; | ||
50 | } | ||
51 | |||
52 | r = pn544_hci_probe(phy, &mei_phy_ops, LLC_NOP_NAME, | ||
53 | MEI_NFC_HEADER_SIZE, 0, MEI_NFC_MAX_HCI_PAYLOAD, | ||
54 | &phy->hdev); | ||
55 | if (r < 0) | ||
56 | goto err_out; | ||
57 | |||
58 | return 0; | ||
59 | |||
60 | err_out: | ||
61 | nfc_mei_phy_free(phy); | ||
62 | |||
63 | return r; | ||
64 | } | ||
65 | |||
66 | static int pn544_mei_remove(struct mei_cl_device *device) | ||
67 | { | ||
68 | struct nfc_mei_phy *phy = mei_cl_get_drvdata(device); | ||
69 | |||
70 | pr_info("Removing pn544\n"); | ||
71 | |||
72 | pn544_hci_remove(phy->hdev); | ||
73 | |||
74 | nfc_mei_phy_disable(phy); | ||
75 | |||
76 | nfc_mei_phy_free(phy); | ||
77 | |||
78 | return 0; | ||
79 | } | ||
80 | |||
81 | static struct mei_cl_device_id pn544_mei_tbl[] = { | ||
82 | { PN544_DRIVER_NAME }, | ||
83 | |||
84 | /* required last entry */ | ||
85 | { } | ||
86 | }; | ||
87 | MODULE_DEVICE_TABLE(mei, pn544_mei_tbl); | ||
88 | |||
89 | static struct mei_cl_driver pn544_driver = { | ||
90 | .id_table = pn544_mei_tbl, | ||
91 | .name = PN544_DRIVER_NAME, | ||
92 | |||
93 | .probe = pn544_mei_probe, | ||
94 | .remove = pn544_mei_remove, | ||
95 | }; | ||
96 | |||
97 | static int pn544_mei_init(void) | ||
98 | { | ||
99 | int r; | ||
100 | |||
101 | pr_debug(DRIVER_DESC ": %s\n", __func__); | ||
102 | |||
103 | r = mei_cl_driver_register(&pn544_driver); | ||
104 | if (r) { | ||
105 | pr_err(PN544_DRIVER_NAME ": driver registration failed\n"); | ||
106 | return r; | ||
107 | } | ||
108 | |||
109 | return 0; | ||
110 | } | ||
111 | |||
112 | static void pn544_mei_exit(void) | ||
113 | { | ||
114 | mei_cl_driver_unregister(&pn544_driver); | ||
115 | } | ||
116 | |||
117 | module_init(pn544_mei_init); | ||
118 | module_exit(pn544_mei_exit); | ||
119 | |||
120 | MODULE_LICENSE("GPL"); | ||
121 | MODULE_DESCRIPTION(DRIVER_DESC); | ||
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h index ed6e9552252e..6912ef9a1881 100644 --- a/include/net/bluetooth/bluetooth.h +++ b/include/net/bluetooth/bluetooth.h | |||
@@ -193,11 +193,11 @@ static inline bool bdaddr_type_is_le(__u8 type) | |||
193 | #define BDADDR_LOCAL (&(bdaddr_t) {{0, 0, 0, 0xff, 0xff, 0xff} }) | 193 | #define BDADDR_LOCAL (&(bdaddr_t) {{0, 0, 0, 0xff, 0xff, 0xff} }) |
194 | 194 | ||
195 | /* Copy, swap, convert BD Address */ | 195 | /* Copy, swap, convert BD Address */ |
196 | static inline int bacmp(bdaddr_t *ba1, bdaddr_t *ba2) | 196 | static inline int bacmp(const bdaddr_t *ba1, const bdaddr_t *ba2) |
197 | { | 197 | { |
198 | return memcmp(ba1, ba2, sizeof(bdaddr_t)); | 198 | return memcmp(ba1, ba2, sizeof(bdaddr_t)); |
199 | } | 199 | } |
200 | static inline void bacpy(bdaddr_t *dst, bdaddr_t *src) | 200 | static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src) |
201 | { | 201 | { |
202 | memcpy(dst, src, sizeof(bdaddr_t)); | 202 | memcpy(dst, src, sizeof(bdaddr_t)); |
203 | } | 203 | } |
@@ -266,6 +266,7 @@ typedef void (*hci_req_complete_t)(struct hci_dev *hdev, u8 status); | |||
266 | 266 | ||
267 | struct hci_req_ctrl { | 267 | struct hci_req_ctrl { |
268 | bool start; | 268 | bool start; |
269 | u8 event; | ||
269 | hci_req_complete_t complete; | 270 | hci_req_complete_t complete; |
270 | }; | 271 | }; |
271 | 272 | ||
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index b3308927a0a1..e0512aaef4b8 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h | |||
@@ -984,6 +984,9 @@ struct hci_cp_le_set_adv_data { | |||
984 | 984 | ||
985 | #define HCI_OP_LE_SET_ADV_ENABLE 0x200a | 985 | #define HCI_OP_LE_SET_ADV_ENABLE 0x200a |
986 | 986 | ||
987 | #define LE_SCAN_PASSIVE 0x00 | ||
988 | #define LE_SCAN_ACTIVE 0x01 | ||
989 | |||
987 | #define HCI_OP_LE_SET_SCAN_PARAM 0x200b | 990 | #define HCI_OP_LE_SET_SCAN_PARAM 0x200b |
988 | struct hci_cp_le_set_scan_param { | 991 | struct hci_cp_le_set_scan_param { |
989 | __u8 type; | 992 | __u8 type; |
@@ -993,8 +996,10 @@ struct hci_cp_le_set_scan_param { | |||
993 | __u8 filter_policy; | 996 | __u8 filter_policy; |
994 | } __packed; | 997 | } __packed; |
995 | 998 | ||
996 | #define LE_SCANNING_DISABLED 0x00 | 999 | #define LE_SCAN_DISABLE 0x00 |
997 | #define LE_SCANNING_ENABLED 0x01 | 1000 | #define LE_SCAN_ENABLE 0x01 |
1001 | #define LE_SCAN_FILTER_DUP_DISABLE 0x00 | ||
1002 | #define LE_SCAN_FILTER_DUP_ENABLE 0x01 | ||
998 | 1003 | ||
999 | #define HCI_OP_LE_SET_SCAN_ENABLE 0x200c | 1004 | #define HCI_OP_LE_SET_SCAN_ENABLE 0x200c |
1000 | struct hci_cp_le_set_scan_enable { | 1005 | struct hci_cp_le_set_scan_enable { |
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 358a6983d3bb..80d718a9b31f 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h | |||
@@ -134,6 +134,8 @@ struct amp_assoc { | |||
134 | __u8 data[HCI_MAX_AMP_ASSOC_SIZE]; | 134 | __u8 data[HCI_MAX_AMP_ASSOC_SIZE]; |
135 | }; | 135 | }; |
136 | 136 | ||
137 | #define HCI_MAX_PAGES 3 | ||
138 | |||
137 | #define NUM_REASSEMBLY 4 | 139 | #define NUM_REASSEMBLY 4 |
138 | struct hci_dev { | 140 | struct hci_dev { |
139 | struct list_head list; | 141 | struct list_head list; |
@@ -151,8 +153,8 @@ struct hci_dev { | |||
151 | __u8 dev_class[3]; | 153 | __u8 dev_class[3]; |
152 | __u8 major_class; | 154 | __u8 major_class; |
153 | __u8 minor_class; | 155 | __u8 minor_class; |
154 | __u8 features[8]; | 156 | __u8 max_page; |
155 | __u8 host_features[8]; | 157 | __u8 features[HCI_MAX_PAGES][8]; |
156 | __u8 le_features[8]; | 158 | __u8 le_features[8]; |
157 | __u8 le_white_list_size; | 159 | __u8 le_white_list_size; |
158 | __u8 le_states[8]; | 160 | __u8 le_states[8]; |
@@ -244,6 +246,7 @@ struct hci_dev { | |||
244 | struct sk_buff_head raw_q; | 246 | struct sk_buff_head raw_q; |
245 | struct sk_buff_head cmd_q; | 247 | struct sk_buff_head cmd_q; |
246 | 248 | ||
249 | struct sk_buff *recv_evt; | ||
247 | struct sk_buff *sent_cmd; | 250 | struct sk_buff *sent_cmd; |
248 | struct sk_buff *reassembly[NUM_REASSEMBLY]; | 251 | struct sk_buff *reassembly[NUM_REASSEMBLY]; |
249 | 252 | ||
@@ -268,8 +271,6 @@ struct hci_dev { | |||
268 | 271 | ||
269 | struct hci_dev_stats stat; | 272 | struct hci_dev_stats stat; |
270 | 273 | ||
271 | struct sk_buff_head driver_init; | ||
272 | |||
273 | atomic_t promisc; | 274 | atomic_t promisc; |
274 | 275 | ||
275 | struct dentry *debugfs; | 276 | struct dentry *debugfs; |
@@ -292,6 +293,7 @@ struct hci_dev { | |||
292 | int (*open)(struct hci_dev *hdev); | 293 | int (*open)(struct hci_dev *hdev); |
293 | int (*close)(struct hci_dev *hdev); | 294 | int (*close)(struct hci_dev *hdev); |
294 | int (*flush)(struct hci_dev *hdev); | 295 | int (*flush)(struct hci_dev *hdev); |
296 | int (*setup)(struct hci_dev *hdev); | ||
295 | int (*send)(struct sk_buff *skb); | 297 | int (*send)(struct sk_buff *skb); |
296 | void (*notify)(struct hci_dev *hdev, unsigned int evt); | 298 | void (*notify)(struct hci_dev *hdev, unsigned int evt); |
297 | int (*ioctl)(struct hci_dev *hdev, unsigned int cmd, unsigned long arg); | 299 | int (*ioctl)(struct hci_dev *hdev, unsigned int cmd, unsigned long arg); |
@@ -313,7 +315,7 @@ struct hci_conn { | |||
313 | bool out; | 315 | bool out; |
314 | __u8 attempt; | 316 | __u8 attempt; |
315 | __u8 dev_class[3]; | 317 | __u8 dev_class[3]; |
316 | __u8 features[8]; | 318 | __u8 features[HCI_MAX_PAGES][8]; |
317 | __u16 interval; | 319 | __u16 interval; |
318 | __u16 pkt_type; | 320 | __u16 pkt_type; |
319 | __u16 link_policy; | 321 | __u16 link_policy; |
@@ -345,7 +347,6 @@ struct hci_conn { | |||
345 | struct timer_list auto_accept_timer; | 347 | struct timer_list auto_accept_timer; |
346 | 348 | ||
347 | struct device dev; | 349 | struct device dev; |
348 | atomic_t devref; | ||
349 | 350 | ||
350 | struct hci_dev *hdev; | 351 | struct hci_dev *hdev; |
351 | void *l2cap_data; | 352 | void *l2cap_data; |
@@ -584,7 +585,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst); | |||
584 | int hci_conn_del(struct hci_conn *conn); | 585 | int hci_conn_del(struct hci_conn *conn); |
585 | void hci_conn_hash_flush(struct hci_dev *hdev); | 586 | void hci_conn_hash_flush(struct hci_dev *hdev); |
586 | void hci_conn_check_pending(struct hci_dev *hdev); | 587 | void hci_conn_check_pending(struct hci_dev *hdev); |
587 | void hci_conn_accept(struct hci_conn *conn, int mask); | ||
588 | 588 | ||
589 | struct hci_chan *hci_chan_create(struct hci_conn *conn); | 589 | struct hci_chan *hci_chan_create(struct hci_conn *conn); |
590 | void hci_chan_del(struct hci_chan *chan); | 590 | void hci_chan_del(struct hci_chan *chan); |
@@ -601,8 +601,36 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role); | |||
601 | 601 | ||
602 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active); | 602 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active); |
603 | 603 | ||
604 | void hci_conn_hold_device(struct hci_conn *conn); | 604 | /* |
605 | void hci_conn_put_device(struct hci_conn *conn); | 605 | * hci_conn_get() and hci_conn_put() are used to control the life-time of an |
606 | * "hci_conn" object. They do not guarantee that the hci_conn object is running, | ||
607 | * working or anything else. They just guarantee that the object is available | ||
608 | * and can be dereferenced. So you can use its locks, local variables and any | ||
609 | * other constant data. | ||
610 | * Before accessing runtime data, you _must_ lock the object and then check that | ||
611 | * it is still running. As soon as you release the locks, the connection might | ||
612 | * get dropped, though. | ||
613 | * | ||
614 | * On the other hand, hci_conn_hold() and hci_conn_drop() are used to control | ||
615 | * how long the underlying connection is held. So every channel that runs on the | ||
616 | * hci_conn object calls this to prevent the connection from disappearing. As | ||
617 | * long as you hold a device, you must also guarantee that you have a valid | ||
618 | * reference to the device via hci_conn_get() (or the initial reference from | ||
619 | * hci_conn_add()). | ||
620 | * The hold()/drop() ref-count is known to drop below 0 sometimes, which doesn't | ||
621 | * break because nobody cares for that. But this means, we cannot use | ||
622 | * _get()/_drop() in it, but require the caller to have a valid ref (FIXME). | ||
623 | */ | ||
624 | |||
625 | static inline void hci_conn_get(struct hci_conn *conn) | ||
626 | { | ||
627 | get_device(&conn->dev); | ||
628 | } | ||
629 | |||
630 | static inline void hci_conn_put(struct hci_conn *conn) | ||
631 | { | ||
632 | put_device(&conn->dev); | ||
633 | } | ||
606 | 634 | ||
607 | static inline void hci_conn_hold(struct hci_conn *conn) | 635 | static inline void hci_conn_hold(struct hci_conn *conn) |
608 | { | 636 | { |
@@ -612,7 +640,7 @@ static inline void hci_conn_hold(struct hci_conn *conn) | |||
612 | cancel_delayed_work(&conn->disc_work); | 640 | cancel_delayed_work(&conn->disc_work); |
613 | } | 641 | } |
614 | 642 | ||
615 | static inline void hci_conn_put(struct hci_conn *conn) | 643 | static inline void hci_conn_drop(struct hci_conn *conn) |
616 | { | 644 | { |
617 | BT_DBG("hcon %p orig refcnt %d", conn, atomic_read(&conn->refcnt)); | 645 | BT_DBG("hcon %p orig refcnt %d", conn, atomic_read(&conn->refcnt)); |
618 | 646 | ||
@@ -760,29 +788,29 @@ void hci_conn_del_sysfs(struct hci_conn *conn); | |||
760 | #define SET_HCIDEV_DEV(hdev, pdev) ((hdev)->dev.parent = (pdev)) | 788 | #define SET_HCIDEV_DEV(hdev, pdev) ((hdev)->dev.parent = (pdev)) |
761 | 789 | ||
762 | /* ----- LMP capabilities ----- */ | 790 | /* ----- LMP capabilities ----- */ |
763 | #define lmp_encrypt_capable(dev) ((dev)->features[0] & LMP_ENCRYPT) | 791 | #define lmp_encrypt_capable(dev) ((dev)->features[0][0] & LMP_ENCRYPT) |
764 | #define lmp_rswitch_capable(dev) ((dev)->features[0] & LMP_RSWITCH) | 792 | #define lmp_rswitch_capable(dev) ((dev)->features[0][0] & LMP_RSWITCH) |
765 | #define lmp_hold_capable(dev) ((dev)->features[0] & LMP_HOLD) | 793 | #define lmp_hold_capable(dev) ((dev)->features[0][0] & LMP_HOLD) |
766 | #define lmp_sniff_capable(dev) ((dev)->features[0] & LMP_SNIFF) | 794 | #define lmp_sniff_capable(dev) ((dev)->features[0][0] & LMP_SNIFF) |
767 | #define lmp_park_capable(dev) ((dev)->features[1] & LMP_PARK) | 795 | #define lmp_park_capable(dev) ((dev)->features[0][1] & LMP_PARK) |
768 | #define lmp_inq_rssi_capable(dev) ((dev)->features[3] & LMP_RSSI_INQ) | 796 | #define lmp_inq_rssi_capable(dev) ((dev)->features[0][3] & LMP_RSSI_INQ) |
769 | #define lmp_esco_capable(dev) ((dev)->features[3] & LMP_ESCO) | 797 | #define lmp_esco_capable(dev) ((dev)->features[0][3] & LMP_ESCO) |
770 | #define lmp_bredr_capable(dev) (!((dev)->features[4] & LMP_NO_BREDR)) | 798 | #define lmp_bredr_capable(dev) (!((dev)->features[0][4] & LMP_NO_BREDR)) |
771 | #define lmp_le_capable(dev) ((dev)->features[4] & LMP_LE) | 799 | #define lmp_le_capable(dev) ((dev)->features[0][4] & LMP_LE) |
772 | #define lmp_sniffsubr_capable(dev) ((dev)->features[5] & LMP_SNIFF_SUBR) | 800 | #define lmp_sniffsubr_capable(dev) ((dev)->features[0][5] & LMP_SNIFF_SUBR) |
773 | #define lmp_pause_enc_capable(dev) ((dev)->features[5] & LMP_PAUSE_ENC) | 801 | #define lmp_pause_enc_capable(dev) ((dev)->features[0][5] & LMP_PAUSE_ENC) |
774 | #define lmp_ext_inq_capable(dev) ((dev)->features[6] & LMP_EXT_INQ) | 802 | #define lmp_ext_inq_capable(dev) ((dev)->features[0][6] & LMP_EXT_INQ) |
775 | #define lmp_le_br_capable(dev) !!((dev)->features[6] & LMP_SIMUL_LE_BR) | 803 | #define lmp_le_br_capable(dev) (!!((dev)->features[0][6] & LMP_SIMUL_LE_BR)) |
776 | #define lmp_ssp_capable(dev) ((dev)->features[6] & LMP_SIMPLE_PAIR) | 804 | #define lmp_ssp_capable(dev) ((dev)->features[0][6] & LMP_SIMPLE_PAIR) |
777 | #define lmp_no_flush_capable(dev) ((dev)->features[6] & LMP_NO_FLUSH) | 805 | #define lmp_no_flush_capable(dev) ((dev)->features[0][6] & LMP_NO_FLUSH) |
778 | #define lmp_lsto_capable(dev) ((dev)->features[7] & LMP_LSTO) | 806 | #define lmp_lsto_capable(dev) ((dev)->features[0][7] & LMP_LSTO) |
779 | #define lmp_inq_tx_pwr_capable(dev) ((dev)->features[7] & LMP_INQ_TX_PWR) | 807 | #define lmp_inq_tx_pwr_capable(dev) ((dev)->features[0][7] & LMP_INQ_TX_PWR) |
780 | #define lmp_ext_feat_capable(dev) ((dev)->features[7] & LMP_EXTFEATURES) | 808 | #define lmp_ext_feat_capable(dev) ((dev)->features[0][7] & LMP_EXTFEATURES) |
781 | 809 | ||
782 | /* ----- Extended LMP capabilities ----- */ | 810 | /* ----- Extended LMP capabilities ----- */ |
783 | #define lmp_host_ssp_capable(dev) ((dev)->host_features[0] & LMP_HOST_SSP) | 811 | #define lmp_host_ssp_capable(dev) ((dev)->features[1][0] & LMP_HOST_SSP) |
784 | #define lmp_host_le_capable(dev) !!((dev)->host_features[0] & LMP_HOST_LE) | 812 | #define lmp_host_le_capable(dev) (!!((dev)->features[1][0] & LMP_HOST_LE)) |
785 | #define lmp_host_le_br_capable(dev) !!((dev)->host_features[0] & LMP_HOST_LE_BREDR) | 813 | #define lmp_host_le_br_capable(dev) (!!((dev)->features[1][0] & LMP_HOST_LE_BREDR)) |
786 | 814 | ||
787 | /* returns true if at least one AMP active */ | 815 | /* returns true if at least one AMP active */ |
788 | static inline bool hci_amp_capable(void) | 816 | static inline bool hci_amp_capable(void) |
@@ -1054,8 +1082,14 @@ struct hci_request { | |||
1054 | void hci_req_init(struct hci_request *req, struct hci_dev *hdev); | 1082 | void hci_req_init(struct hci_request *req, struct hci_dev *hdev); |
1055 | int hci_req_run(struct hci_request *req, hci_req_complete_t complete); | 1083 | int hci_req_run(struct hci_request *req, hci_req_complete_t complete); |
1056 | void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param); | 1084 | void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param); |
1085 | void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, void *param, | ||
1086 | u8 event); | ||
1057 | void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status); | 1087 | void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status); |
1058 | void hci_req_cmd_status(struct hci_dev *hdev, u16 opcode, u8 status); | 1088 | |
1089 | struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, | ||
1090 | void *param, u32 timeout); | ||
1091 | struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, | ||
1092 | void *param, u8 event, u32 timeout); | ||
1059 | 1093 | ||
1060 | int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param); | 1094 | int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param); |
1061 | void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags); | 1095 | void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags); |
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h index cdd33021f831..fb94cf13c777 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h | |||
@@ -583,6 +583,14 @@ struct l2cap_conn { | |||
583 | 583 | ||
584 | struct list_head chan_l; | 584 | struct list_head chan_l; |
585 | struct mutex chan_lock; | 585 | struct mutex chan_lock; |
586 | struct kref ref; | ||
587 | struct list_head users; | ||
588 | }; | ||
589 | |||
590 | struct l2cap_user { | ||
591 | struct list_head list; | ||
592 | int (*probe) (struct l2cap_conn *conn, struct l2cap_user *user); | ||
593 | void (*remove) (struct l2cap_conn *conn, struct l2cap_user *user); | ||
586 | }; | 594 | }; |
587 | 595 | ||
588 | #define L2CAP_INFO_CL_MTU_REQ_SENT 0x01 | 596 | #define L2CAP_INFO_CL_MTU_REQ_SENT 0x01 |
@@ -786,6 +794,7 @@ extern bool disable_ertm; | |||
786 | 794 | ||
787 | int l2cap_init_sockets(void); | 795 | int l2cap_init_sockets(void); |
788 | void l2cap_cleanup_sockets(void); | 796 | void l2cap_cleanup_sockets(void); |
797 | bool l2cap_is_socket(struct socket *sock); | ||
789 | 798 | ||
790 | void __l2cap_connect_rsp_defer(struct l2cap_chan *chan); | 799 | void __l2cap_connect_rsp_defer(struct l2cap_chan *chan); |
791 | int __l2cap_wait_ack(struct sock *sk); | 800 | int __l2cap_wait_ack(struct sock *sk); |
@@ -812,4 +821,10 @@ void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan, | |||
812 | u8 status); | 821 | u8 status); |
813 | void __l2cap_physical_cfm(struct l2cap_chan *chan, int result); | 822 | void __l2cap_physical_cfm(struct l2cap_chan *chan, int result); |
814 | 823 | ||
824 | void l2cap_conn_get(struct l2cap_conn *conn); | ||
825 | void l2cap_conn_put(struct l2cap_conn *conn); | ||
826 | |||
827 | int l2cap_register_user(struct l2cap_conn *conn, struct l2cap_user *user); | ||
828 | void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user); | ||
829 | |||
815 | #endif /* __L2CAP_H */ | 830 | #endif /* __L2CAP_H */ |
diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h index 87a6417fc934..5eb80bb3cbb2 100644 --- a/include/net/nfc/nfc.h +++ b/include/net/nfc/nfc.h | |||
@@ -122,6 +122,8 @@ struct nfc_dev { | |||
122 | 122 | ||
123 | bool shutting_down; | 123 | bool shutting_down; |
124 | 124 | ||
125 | struct rfkill *rfkill; | ||
126 | |||
125 | struct nfc_ops *ops; | 127 | struct nfc_ops *ops; |
126 | }; | 128 | }; |
127 | #define to_nfc_dev(_dev) container_of(_dev, struct nfc_dev, dev) | 129 | #define to_nfc_dev(_dev) container_of(_dev, struct nfc_dev, dev) |
diff --git a/include/uapi/linux/nfc.h b/include/uapi/linux/nfc.h index 7440bc81a04b..7c6f627a717d 100644 --- a/include/uapi/linux/nfc.h +++ b/include/uapi/linux/nfc.h | |||
@@ -233,7 +233,10 @@ struct sockaddr_nfc_llcp { | |||
233 | #define NFC_LLCP_DIRECTION_TX 0x01 | 233 | #define NFC_LLCP_DIRECTION_TX 0x01 |
234 | 234 | ||
235 | /* socket option names */ | 235 | /* socket option names */ |
236 | #define NFC_LLCP_RW 0 | 236 | #define NFC_LLCP_RW 0 |
237 | #define NFC_LLCP_MIUX 1 | 237 | #define NFC_LLCP_MIUX 1 |
238 | #define NFC_LLCP_REMOTE_MIU 2 | ||
239 | #define NFC_LLCP_REMOTE_LTO 3 | ||
240 | #define NFC_LLCP_REMOTE_RW 4 | ||
238 | 241 | ||
239 | #endif /*__LINUX_NFC_H */ | 242 | #endif /*__LINUX_NFC_H */ |
diff --git a/include/uapi/linux/rfkill.h b/include/uapi/linux/rfkill.h index 2753c6cc9740..058757f7a733 100644 --- a/include/uapi/linux/rfkill.h +++ b/include/uapi/linux/rfkill.h | |||
@@ -37,6 +37,7 @@ | |||
37 | * @RFKILL_TYPE_WWAN: switch is on a wireless WAN device. | 37 | * @RFKILL_TYPE_WWAN: switch is on a wireless WAN device. |
38 | * @RFKILL_TYPE_GPS: switch is on a GPS device. | 38 | * @RFKILL_TYPE_GPS: switch is on a GPS device. |
39 | * @RFKILL_TYPE_FM: switch is on a FM radio device. | 39 | * @RFKILL_TYPE_FM: switch is on a FM radio device. |
40 | * @RFKILL_TYPE_NFC: switch is on an NFC device. | ||
40 | * @NUM_RFKILL_TYPES: number of defined rfkill types | 41 | * @NUM_RFKILL_TYPES: number of defined rfkill types |
41 | */ | 42 | */ |
42 | enum rfkill_type { | 43 | enum rfkill_type { |
@@ -48,6 +49,7 @@ enum rfkill_type { | |||
48 | RFKILL_TYPE_WWAN, | 49 | RFKILL_TYPE_WWAN, |
49 | RFKILL_TYPE_GPS, | 50 | RFKILL_TYPE_GPS, |
50 | RFKILL_TYPE_FM, | 51 | RFKILL_TYPE_FM, |
52 | RFKILL_TYPE_NFC, | ||
51 | NUM_RFKILL_TYPES, | 53 | NUM_RFKILL_TYPES, |
52 | }; | 54 | }; |
53 | 55 | ||
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b9f90169940b..6c7f36379722 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -117,6 +117,16 @@ static void hci_acl_create_connection_cancel(struct hci_conn *conn) | |||
117 | hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); | 117 | hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); |
118 | } | 118 | } |
119 | 119 | ||
120 | static void hci_reject_sco(struct hci_conn *conn) | ||
121 | { | ||
122 | struct hci_cp_reject_sync_conn_req cp; | ||
123 | |||
124 | cp.reason = HCI_ERROR_REMOTE_USER_TERM; | ||
125 | bacpy(&cp.bdaddr, &conn->dst); | ||
126 | |||
127 | hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp); | ||
128 | } | ||
129 | |||
120 | void hci_disconnect(struct hci_conn *conn, __u8 reason) | 130 | void hci_disconnect(struct hci_conn *conn, __u8 reason) |
121 | { | 131 | { |
122 | struct hci_cp_disconnect cp; | 132 | struct hci_cp_disconnect cp; |
@@ -276,6 +286,8 @@ static void hci_conn_timeout(struct work_struct *work) | |||
276 | hci_acl_create_connection_cancel(conn); | 286 | hci_acl_create_connection_cancel(conn); |
277 | else if (conn->type == LE_LINK) | 287 | else if (conn->type == LE_LINK) |
278 | hci_le_create_connection_cancel(conn); | 288 | hci_le_create_connection_cancel(conn); |
289 | } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { | ||
290 | hci_reject_sco(conn); | ||
279 | } | 291 | } |
280 | break; | 292 | break; |
281 | case BT_CONFIG: | 293 | case BT_CONFIG: |
@@ -398,8 +410,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) | |||
398 | if (hdev->notify) | 410 | if (hdev->notify) |
399 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); | 411 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); |
400 | 412 | ||
401 | atomic_set(&conn->devref, 0); | ||
402 | |||
403 | hci_conn_init_sysfs(conn); | 413 | hci_conn_init_sysfs(conn); |
404 | 414 | ||
405 | return conn; | 415 | return conn; |
@@ -433,7 +443,7 @@ int hci_conn_del(struct hci_conn *conn) | |||
433 | struct hci_conn *acl = conn->link; | 443 | struct hci_conn *acl = conn->link; |
434 | if (acl) { | 444 | if (acl) { |
435 | acl->link = NULL; | 445 | acl->link = NULL; |
436 | hci_conn_put(acl); | 446 | hci_conn_drop(acl); |
437 | } | 447 | } |
438 | } | 448 | } |
439 | 449 | ||
@@ -448,12 +458,11 @@ int hci_conn_del(struct hci_conn *conn) | |||
448 | 458 | ||
449 | skb_queue_purge(&conn->data_q); | 459 | skb_queue_purge(&conn->data_q); |
450 | 460 | ||
451 | hci_conn_put_device(conn); | 461 | hci_conn_del_sysfs(conn); |
452 | 462 | ||
453 | hci_dev_put(hdev); | 463 | hci_dev_put(hdev); |
454 | 464 | ||
455 | if (conn->handle == 0) | 465 | hci_conn_put(conn); |
456 | kfree(conn); | ||
457 | 466 | ||
458 | return 0; | 467 | return 0; |
459 | } | 468 | } |
@@ -565,7 +574,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, | |||
565 | if (!sco) { | 574 | if (!sco) { |
566 | sco = hci_conn_add(hdev, type, dst); | 575 | sco = hci_conn_add(hdev, type, dst); |
567 | if (!sco) { | 576 | if (!sco) { |
568 | hci_conn_put(acl); | 577 | hci_conn_drop(acl); |
569 | return ERR_PTR(-ENOMEM); | 578 | return ERR_PTR(-ENOMEM); |
570 | } | 579 | } |
571 | } | 580 | } |
@@ -835,19 +844,6 @@ void hci_conn_check_pending(struct hci_dev *hdev) | |||
835 | hci_dev_unlock(hdev); | 844 | hci_dev_unlock(hdev); |
836 | } | 845 | } |
837 | 846 | ||
838 | void hci_conn_hold_device(struct hci_conn *conn) | ||
839 | { | ||
840 | atomic_inc(&conn->devref); | ||
841 | } | ||
842 | EXPORT_SYMBOL(hci_conn_hold_device); | ||
843 | |||
844 | void hci_conn_put_device(struct hci_conn *conn) | ||
845 | { | ||
846 | if (atomic_dec_and_test(&conn->devref)) | ||
847 | hci_conn_del_sysfs(conn); | ||
848 | } | ||
849 | EXPORT_SYMBOL(hci_conn_put_device); | ||
850 | |||
851 | int hci_get_conn_list(void __user *arg) | 847 | int hci_get_conn_list(void __user *arg) |
852 | { | 848 | { |
853 | struct hci_conn *c; | 849 | struct hci_conn *c; |
@@ -980,7 +976,7 @@ void hci_chan_del(struct hci_chan *chan) | |||
980 | 976 | ||
981 | synchronize_rcu(); | 977 | synchronize_rcu(); |
982 | 978 | ||
983 | hci_conn_put(conn); | 979 | hci_conn_drop(conn); |
984 | 980 | ||
985 | skb_queue_purge(&chan->data_q); | 981 | skb_queue_purge(&chan->data_q); |
986 | kfree(chan); | 982 | kfree(chan); |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index cfcad5423f1c..ce82265f5619 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -79,6 +79,121 @@ static void hci_req_cancel(struct hci_dev *hdev, int err) | |||
79 | } | 79 | } |
80 | } | 80 | } |
81 | 81 | ||
82 | struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 event) | ||
83 | { | ||
84 | struct hci_ev_cmd_complete *ev; | ||
85 | struct hci_event_hdr *hdr; | ||
86 | struct sk_buff *skb; | ||
87 | |||
88 | hci_dev_lock(hdev); | ||
89 | |||
90 | skb = hdev->recv_evt; | ||
91 | hdev->recv_evt = NULL; | ||
92 | |||
93 | hci_dev_unlock(hdev); | ||
94 | |||
95 | if (!skb) | ||
96 | return ERR_PTR(-ENODATA); | ||
97 | |||
98 | if (skb->len < sizeof(*hdr)) { | ||
99 | BT_ERR("Too short HCI event"); | ||
100 | goto failed; | ||
101 | } | ||
102 | |||
103 | hdr = (void *) skb->data; | ||
104 | skb_pull(skb, HCI_EVENT_HDR_SIZE); | ||
105 | |||
106 | if (event) { | ||
107 | if (hdr->evt != event) | ||
108 | goto failed; | ||
109 | return skb; | ||
110 | } | ||
111 | |||
112 | if (hdr->evt != HCI_EV_CMD_COMPLETE) { | ||
113 | BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt); | ||
114 | goto failed; | ||
115 | } | ||
116 | |||
117 | if (skb->len < sizeof(*ev)) { | ||
118 | BT_ERR("Too short cmd_complete event"); | ||
119 | goto failed; | ||
120 | } | ||
121 | |||
122 | ev = (void *) skb->data; | ||
123 | skb_pull(skb, sizeof(*ev)); | ||
124 | |||
125 | if (opcode == __le16_to_cpu(ev->opcode)) | ||
126 | return skb; | ||
127 | |||
128 | BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode, | ||
129 | __le16_to_cpu(ev->opcode)); | ||
130 | |||
131 | failed: | ||
132 | kfree_skb(skb); | ||
133 | return ERR_PTR(-ENODATA); | ||
134 | } | ||
135 | |||
136 | struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, | ||
137 | void *param, u8 event, u32 timeout) | ||
138 | { | ||
139 | DECLARE_WAITQUEUE(wait, current); | ||
140 | struct hci_request req; | ||
141 | int err = 0; | ||
142 | |||
143 | BT_DBG("%s", hdev->name); | ||
144 | |||
145 | hci_req_init(&req, hdev); | ||
146 | |||
147 | hci_req_add_ev(&req, opcode, plen, param, event); | ||
148 | |||
149 | hdev->req_status = HCI_REQ_PEND; | ||
150 | |||
151 | err = hci_req_run(&req, hci_req_sync_complete); | ||
152 | if (err < 0) | ||
153 | return ERR_PTR(err); | ||
154 | |||
155 | add_wait_queue(&hdev->req_wait_q, &wait); | ||
156 | set_current_state(TASK_INTERRUPTIBLE); | ||
157 | |||
158 | schedule_timeout(timeout); | ||
159 | |||
160 | remove_wait_queue(&hdev->req_wait_q, &wait); | ||
161 | |||
162 | if (signal_pending(current)) | ||
163 | return ERR_PTR(-EINTR); | ||
164 | |||
165 | switch (hdev->req_status) { | ||
166 | case HCI_REQ_DONE: | ||
167 | err = -bt_to_errno(hdev->req_result); | ||
168 | break; | ||
169 | |||
170 | case HCI_REQ_CANCELED: | ||
171 | err = -hdev->req_result; | ||
172 | break; | ||
173 | |||
174 | default: | ||
175 | err = -ETIMEDOUT; | ||
176 | break; | ||
177 | } | ||
178 | |||
179 | hdev->req_status = hdev->req_result = 0; | ||
180 | |||
181 | BT_DBG("%s end: err %d", hdev->name, err); | ||
182 | |||
183 | if (err < 0) | ||
184 | return ERR_PTR(err); | ||
185 | |||
186 | return hci_get_cmd_complete(hdev, opcode, event); | ||
187 | } | ||
188 | EXPORT_SYMBOL(__hci_cmd_sync_ev); | ||
189 | |||
190 | struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, | ||
191 | void *param, u32 timeout) | ||
192 | { | ||
193 | return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); | ||
194 | } | ||
195 | EXPORT_SYMBOL(__hci_cmd_sync); | ||
196 | |||
82 | /* Execute request and wait for completion. */ | 197 | /* Execute request and wait for completion. */ |
83 | static int __hci_req_sync(struct hci_dev *hdev, | 198 | static int __hci_req_sync(struct hci_dev *hdev, |
84 | void (*func)(struct hci_request *req, | 199 | void (*func)(struct hci_request *req, |
@@ -201,29 +316,9 @@ static void amp_init(struct hci_request *req) | |||
201 | static void hci_init1_req(struct hci_request *req, unsigned long opt) | 316 | static void hci_init1_req(struct hci_request *req, unsigned long opt) |
202 | { | 317 | { |
203 | struct hci_dev *hdev = req->hdev; | 318 | struct hci_dev *hdev = req->hdev; |
204 | struct hci_request init_req; | ||
205 | struct sk_buff *skb; | ||
206 | 319 | ||
207 | BT_DBG("%s %ld", hdev->name, opt); | 320 | BT_DBG("%s %ld", hdev->name, opt); |
208 | 321 | ||
209 | /* Driver initialization */ | ||
210 | |||
211 | hci_req_init(&init_req, hdev); | ||
212 | |||
213 | /* Special commands */ | ||
214 | while ((skb = skb_dequeue(&hdev->driver_init))) { | ||
215 | bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; | ||
216 | skb->dev = (void *) hdev; | ||
217 | |||
218 | if (skb_queue_empty(&init_req.cmd_q)) | ||
219 | bt_cb(skb)->req.start = true; | ||
220 | |||
221 | skb_queue_tail(&init_req.cmd_q, skb); | ||
222 | } | ||
223 | skb_queue_purge(&hdev->driver_init); | ||
224 | |||
225 | hci_req_run(&init_req, NULL); | ||
226 | |||
227 | /* Reset */ | 322 | /* Reset */ |
228 | if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) | 323 | if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) |
229 | hci_reset_req(req, 0); | 324 | hci_reset_req(req, 0); |
@@ -494,6 +589,7 @@ static void hci_set_le_support(struct hci_request *req) | |||
494 | static void hci_init3_req(struct hci_request *req, unsigned long opt) | 589 | static void hci_init3_req(struct hci_request *req, unsigned long opt) |
495 | { | 590 | { |
496 | struct hci_dev *hdev = req->hdev; | 591 | struct hci_dev *hdev = req->hdev; |
592 | u8 p; | ||
497 | 593 | ||
498 | if (hdev->commands[5] & 0x10) | 594 | if (hdev->commands[5] & 0x10) |
499 | hci_setup_link_policy(req); | 595 | hci_setup_link_policy(req); |
@@ -502,6 +598,15 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt) | |||
502 | hci_set_le_support(req); | 598 | hci_set_le_support(req); |
503 | hci_update_ad(req); | 599 | hci_update_ad(req); |
504 | } | 600 | } |
601 | |||
602 | /* Read features beyond page 1 if available */ | ||
603 | for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { | ||
604 | struct hci_cp_read_local_ext_features cp; | ||
605 | |||
606 | cp.page = p; | ||
607 | hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES, | ||
608 | sizeof(cp), &cp); | ||
609 | } | ||
505 | } | 610 | } |
506 | 611 | ||
507 | static int __hci_init(struct hci_dev *hdev) | 612 | static int __hci_init(struct hci_dev *hdev) |
@@ -818,6 +923,12 @@ static void hci_inq_req(struct hci_request *req, unsigned long opt) | |||
818 | hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); | 923 | hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); |
819 | } | 924 | } |
820 | 925 | ||
926 | static int wait_inquiry(void *word) | ||
927 | { | ||
928 | schedule(); | ||
929 | return signal_pending(current); | ||
930 | } | ||
931 | |||
821 | int hci_inquiry(void __user *arg) | 932 | int hci_inquiry(void __user *arg) |
822 | { | 933 | { |
823 | __u8 __user *ptr = arg; | 934 | __u8 __user *ptr = arg; |
@@ -849,6 +960,13 @@ int hci_inquiry(void __user *arg) | |||
849 | timeo); | 960 | timeo); |
850 | if (err < 0) | 961 | if (err < 0) |
851 | goto done; | 962 | goto done; |
963 | |||
964 | /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is | ||
965 | * cleared). If it is interrupted by a signal, return -EINTR. | ||
966 | */ | ||
967 | if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry, | ||
968 | TASK_INTERRUPTIBLE)) | ||
969 | return -EINTR; | ||
852 | } | 970 | } |
853 | 971 | ||
854 | /* for unlimited number of responses we will use buffer with | 972 | /* for unlimited number of responses we will use buffer with |
@@ -999,26 +1117,33 @@ int hci_dev_open(__u16 dev) | |||
999 | goto done; | 1117 | goto done; |
1000 | } | 1118 | } |
1001 | 1119 | ||
1002 | if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) | ||
1003 | set_bit(HCI_RAW, &hdev->flags); | ||
1004 | |||
1005 | /* Treat all non BR/EDR controllers as raw devices if | ||
1006 | enable_hs is not set */ | ||
1007 | if (hdev->dev_type != HCI_BREDR && !enable_hs) | ||
1008 | set_bit(HCI_RAW, &hdev->flags); | ||
1009 | |||
1010 | if (hdev->open(hdev)) { | 1120 | if (hdev->open(hdev)) { |
1011 | ret = -EIO; | 1121 | ret = -EIO; |
1012 | goto done; | 1122 | goto done; |
1013 | } | 1123 | } |
1014 | 1124 | ||
1015 | if (!test_bit(HCI_RAW, &hdev->flags)) { | 1125 | atomic_set(&hdev->cmd_cnt, 1); |
1016 | atomic_set(&hdev->cmd_cnt, 1); | 1126 | set_bit(HCI_INIT, &hdev->flags); |
1017 | set_bit(HCI_INIT, &hdev->flags); | 1127 | |
1018 | ret = __hci_init(hdev); | 1128 | if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags)) |
1019 | clear_bit(HCI_INIT, &hdev->flags); | 1129 | ret = hdev->setup(hdev); |
1130 | |||
1131 | if (!ret) { | ||
1132 | /* Treat all non BR/EDR controllers as raw devices if | ||
1133 | * enable_hs is not set. | ||
1134 | */ | ||
1135 | if (hdev->dev_type != HCI_BREDR && !enable_hs) | ||
1136 | set_bit(HCI_RAW, &hdev->flags); | ||
1137 | |||
1138 | if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) | ||
1139 | set_bit(HCI_RAW, &hdev->flags); | ||
1140 | |||
1141 | if (!test_bit(HCI_RAW, &hdev->flags)) | ||
1142 | ret = __hci_init(hdev); | ||
1020 | } | 1143 | } |
1021 | 1144 | ||
1145 | clear_bit(HCI_INIT, &hdev->flags); | ||
1146 | |||
1022 | if (!ret) { | 1147 | if (!ret) { |
1023 | hci_dev_hold(hdev); | 1148 | hci_dev_hold(hdev); |
1024 | set_bit(HCI_UP, &hdev->flags); | 1149 | set_bit(HCI_UP, &hdev->flags); |
@@ -1123,6 +1248,9 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
1123 | hdev->sent_cmd = NULL; | 1248 | hdev->sent_cmd = NULL; |
1124 | } | 1249 | } |
1125 | 1250 | ||
1251 | kfree_skb(hdev->recv_evt); | ||
1252 | hdev->recv_evt = NULL; | ||
1253 | |||
1126 | /* After this point our queues are empty | 1254 | /* After this point our queues are empty |
1127 | * and no tasks are scheduled. */ | 1255 | * and no tasks are scheduled. */ |
1128 | hdev->close(hdev); | 1256 | hdev->close(hdev); |
@@ -1861,8 +1989,8 @@ static void le_scan_enable_req(struct hci_request *req, unsigned long opt) | |||
1861 | struct hci_cp_le_set_scan_enable cp; | 1989 | struct hci_cp_le_set_scan_enable cp; |
1862 | 1990 | ||
1863 | memset(&cp, 0, sizeof(cp)); | 1991 | memset(&cp, 0, sizeof(cp)); |
1864 | cp.enable = 1; | 1992 | cp.enable = LE_SCAN_ENABLE; |
1865 | cp.filter_dup = 1; | 1993 | cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; |
1866 | 1994 | ||
1867 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); | 1995 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); |
1868 | } | 1996 | } |
@@ -1896,7 +2024,7 @@ static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval, | |||
1896 | return err; | 2024 | return err; |
1897 | 2025 | ||
1898 | queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, | 2026 | queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, |
1899 | msecs_to_jiffies(timeout)); | 2027 | timeout); |
1900 | 2028 | ||
1901 | return 0; | 2029 | return 0; |
1902 | } | 2030 | } |
@@ -2006,7 +2134,6 @@ struct hci_dev *hci_alloc_dev(void) | |||
2006 | INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); | 2134 | INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); |
2007 | INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); | 2135 | INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); |
2008 | 2136 | ||
2009 | skb_queue_head_init(&hdev->driver_init); | ||
2010 | skb_queue_head_init(&hdev->rx_q); | 2137 | skb_queue_head_init(&hdev->rx_q); |
2011 | skb_queue_head_init(&hdev->cmd_q); | 2138 | skb_queue_head_init(&hdev->cmd_q); |
2012 | skb_queue_head_init(&hdev->raw_q); | 2139 | skb_queue_head_init(&hdev->raw_q); |
@@ -2025,8 +2152,6 @@ EXPORT_SYMBOL(hci_alloc_dev); | |||
2025 | /* Free HCI device */ | 2152 | /* Free HCI device */ |
2026 | void hci_free_dev(struct hci_dev *hdev) | 2153 | void hci_free_dev(struct hci_dev *hdev) |
2027 | { | 2154 | { |
2028 | skb_queue_purge(&hdev->driver_init); | ||
2029 | |||
2030 | /* will free via device release */ | 2155 | /* will free via device release */ |
2031 | put_device(&hdev->dev); | 2156 | put_device(&hdev->dev); |
2032 | } | 2157 | } |
@@ -2527,7 +2652,8 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param) | |||
2527 | } | 2652 | } |
2528 | 2653 | ||
2529 | /* Queue a command to an asynchronous HCI request */ | 2654 | /* Queue a command to an asynchronous HCI request */ |
2530 | void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) | 2655 | void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, void *param, |
2656 | u8 event) | ||
2531 | { | 2657 | { |
2532 | struct hci_dev *hdev = req->hdev; | 2658 | struct hci_dev *hdev = req->hdev; |
2533 | struct sk_buff *skb; | 2659 | struct sk_buff *skb; |
@@ -2551,9 +2677,16 @@ void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) | |||
2551 | if (skb_queue_empty(&req->cmd_q)) | 2677 | if (skb_queue_empty(&req->cmd_q)) |
2552 | bt_cb(skb)->req.start = true; | 2678 | bt_cb(skb)->req.start = true; |
2553 | 2679 | ||
2680 | bt_cb(skb)->req.event = event; | ||
2681 | |||
2554 | skb_queue_tail(&req->cmd_q, skb); | 2682 | skb_queue_tail(&req->cmd_q, skb); |
2555 | } | 2683 | } |
2556 | 2684 | ||
2685 | void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) | ||
2686 | { | ||
2687 | hci_req_add_ev(req, opcode, plen, param, 0); | ||
2688 | } | ||
2689 | |||
2557 | /* Get data from the previously sent command */ | 2690 | /* Get data from the previously sent command */ |
2558 | void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) | 2691 | void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) |
2559 | { | 2692 | { |
@@ -3309,32 +3442,6 @@ call_complete: | |||
3309 | req_complete(hdev, status); | 3442 | req_complete(hdev, status); |
3310 | } | 3443 | } |
3311 | 3444 | ||
3312 | void hci_req_cmd_status(struct hci_dev *hdev, u16 opcode, u8 status) | ||
3313 | { | ||
3314 | hci_req_complete_t req_complete = NULL; | ||
3315 | |||
3316 | BT_DBG("opcode 0x%04x status 0x%02x", opcode, status); | ||
3317 | |||
3318 | if (status) { | ||
3319 | hci_req_cmd_complete(hdev, opcode, status); | ||
3320 | return; | ||
3321 | } | ||
3322 | |||
3323 | /* No need to handle success status if there are more commands */ | ||
3324 | if (!hci_req_is_complete(hdev)) | ||
3325 | return; | ||
3326 | |||
3327 | if (hdev->sent_cmd) | ||
3328 | req_complete = bt_cb(hdev->sent_cmd)->req.complete; | ||
3329 | |||
3330 | /* If the request doesn't have a complete callback or there | ||
3331 | * are other commands/requests in the hdev queue we consider | ||
3332 | * this request as completed. | ||
3333 | */ | ||
3334 | if (!req_complete || !skb_queue_empty(&hdev->cmd_q)) | ||
3335 | hci_req_cmd_complete(hdev, opcode, status); | ||
3336 | } | ||
3337 | |||
3338 | static void hci_rx_work(struct work_struct *work) | 3445 | static void hci_rx_work(struct work_struct *work) |
3339 | { | 3446 | { |
3340 | struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); | 3447 | struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 138580745c2c..b93cd2eb5d58 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -48,13 +48,13 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) | |||
48 | } | 48 | } |
49 | 49 | ||
50 | clear_bit(HCI_INQUIRY, &hdev->flags); | 50 | clear_bit(HCI_INQUIRY, &hdev->flags); |
51 | smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ | ||
52 | wake_up_bit(&hdev->flags, HCI_INQUIRY); | ||
51 | 53 | ||
52 | hci_dev_lock(hdev); | 54 | hci_dev_lock(hdev); |
53 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); | 55 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); |
54 | hci_dev_unlock(hdev); | 56 | hci_dev_unlock(hdev); |
55 | 57 | ||
56 | hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status); | ||
57 | |||
58 | hci_conn_check_pending(hdev); | 58 | hci_conn_check_pending(hdev); |
59 | } | 59 | } |
60 | 60 | ||
@@ -433,9 +433,9 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) | |||
433 | 433 | ||
434 | if (!status) { | 434 | if (!status) { |
435 | if (sent->mode) | 435 | if (sent->mode) |
436 | hdev->host_features[0] |= LMP_HOST_SSP; | 436 | hdev->features[1][0] |= LMP_HOST_SSP; |
437 | else | 437 | else |
438 | hdev->host_features[0] &= ~LMP_HOST_SSP; | 438 | hdev->features[1][0] &= ~LMP_HOST_SSP; |
439 | } | 439 | } |
440 | 440 | ||
441 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) | 441 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) |
@@ -493,18 +493,18 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, | |||
493 | /* Adjust default settings according to features | 493 | /* Adjust default settings according to features |
494 | * supported by device. */ | 494 | * supported by device. */ |
495 | 495 | ||
496 | if (hdev->features[0] & LMP_3SLOT) | 496 | if (hdev->features[0][0] & LMP_3SLOT) |
497 | hdev->pkt_type |= (HCI_DM3 | HCI_DH3); | 497 | hdev->pkt_type |= (HCI_DM3 | HCI_DH3); |
498 | 498 | ||
499 | if (hdev->features[0] & LMP_5SLOT) | 499 | if (hdev->features[0][0] & LMP_5SLOT) |
500 | hdev->pkt_type |= (HCI_DM5 | HCI_DH5); | 500 | hdev->pkt_type |= (HCI_DM5 | HCI_DH5); |
501 | 501 | ||
502 | if (hdev->features[1] & LMP_HV2) { | 502 | if (hdev->features[0][1] & LMP_HV2) { |
503 | hdev->pkt_type |= (HCI_HV2); | 503 | hdev->pkt_type |= (HCI_HV2); |
504 | hdev->esco_type |= (ESCO_HV2); | 504 | hdev->esco_type |= (ESCO_HV2); |
505 | } | 505 | } |
506 | 506 | ||
507 | if (hdev->features[1] & LMP_HV3) { | 507 | if (hdev->features[0][1] & LMP_HV3) { |
508 | hdev->pkt_type |= (HCI_HV3); | 508 | hdev->pkt_type |= (HCI_HV3); |
509 | hdev->esco_type |= (ESCO_HV3); | 509 | hdev->esco_type |= (ESCO_HV3); |
510 | } | 510 | } |
@@ -512,26 +512,26 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, | |||
512 | if (lmp_esco_capable(hdev)) | 512 | if (lmp_esco_capable(hdev)) |
513 | hdev->esco_type |= (ESCO_EV3); | 513 | hdev->esco_type |= (ESCO_EV3); |
514 | 514 | ||
515 | if (hdev->features[4] & LMP_EV4) | 515 | if (hdev->features[0][4] & LMP_EV4) |
516 | hdev->esco_type |= (ESCO_EV4); | 516 | hdev->esco_type |= (ESCO_EV4); |
517 | 517 | ||
518 | if (hdev->features[4] & LMP_EV5) | 518 | if (hdev->features[0][4] & LMP_EV5) |
519 | hdev->esco_type |= (ESCO_EV5); | 519 | hdev->esco_type |= (ESCO_EV5); |
520 | 520 | ||
521 | if (hdev->features[5] & LMP_EDR_ESCO_2M) | 521 | if (hdev->features[0][5] & LMP_EDR_ESCO_2M) |
522 | hdev->esco_type |= (ESCO_2EV3); | 522 | hdev->esco_type |= (ESCO_2EV3); |
523 | 523 | ||
524 | if (hdev->features[5] & LMP_EDR_ESCO_3M) | 524 | if (hdev->features[0][5] & LMP_EDR_ESCO_3M) |
525 | hdev->esco_type |= (ESCO_3EV3); | 525 | hdev->esco_type |= (ESCO_3EV3); |
526 | 526 | ||
527 | if (hdev->features[5] & LMP_EDR_3S_ESCO) | 527 | if (hdev->features[0][5] & LMP_EDR_3S_ESCO) |
528 | hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); | 528 | hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); |
529 | 529 | ||
530 | BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, | 530 | BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, |
531 | hdev->features[0], hdev->features[1], | 531 | hdev->features[0][0], hdev->features[0][1], |
532 | hdev->features[2], hdev->features[3], | 532 | hdev->features[0][2], hdev->features[0][3], |
533 | hdev->features[4], hdev->features[5], | 533 | hdev->features[0][4], hdev->features[0][5], |
534 | hdev->features[6], hdev->features[7]); | 534 | hdev->features[0][6], hdev->features[0][7]); |
535 | } | 535 | } |
536 | 536 | ||
537 | static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | 537 | static void hci_cc_read_local_ext_features(struct hci_dev *hdev, |
@@ -544,14 +544,10 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | |||
544 | if (rp->status) | 544 | if (rp->status) |
545 | return; | 545 | return; |
546 | 546 | ||
547 | switch (rp->page) { | 547 | hdev->max_page = rp->max_page; |
548 | case 0: | 548 | |
549 | memcpy(hdev->features, rp->features, 8); | 549 | if (rp->page < HCI_MAX_PAGES) |
550 | break; | 550 | memcpy(hdev->features[rp->page], rp->features, 8); |
551 | case 1: | ||
552 | memcpy(hdev->host_features, rp->features, 8); | ||
553 | break; | ||
554 | } | ||
555 | } | 551 | } |
556 | 552 | ||
557 | static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, | 553 | static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, |
@@ -968,7 +964,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
968 | return; | 964 | return; |
969 | 965 | ||
970 | switch (cp->enable) { | 966 | switch (cp->enable) { |
971 | case LE_SCANNING_ENABLED: | 967 | case LE_SCAN_ENABLE: |
972 | if (status) { | 968 | if (status) { |
973 | hci_dev_lock(hdev); | 969 | hci_dev_lock(hdev); |
974 | mgmt_start_discovery_failed(hdev, status); | 970 | mgmt_start_discovery_failed(hdev, status); |
@@ -983,7 +979,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
983 | hci_dev_unlock(hdev); | 979 | hci_dev_unlock(hdev); |
984 | break; | 980 | break; |
985 | 981 | ||
986 | case LE_SCANNING_DISABLED: | 982 | case LE_SCAN_DISABLE: |
987 | if (status) { | 983 | if (status) { |
988 | hci_dev_lock(hdev); | 984 | hci_dev_lock(hdev); |
989 | mgmt_stop_discovery_failed(hdev, status); | 985 | mgmt_stop_discovery_failed(hdev, status); |
@@ -1046,14 +1042,14 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev, | |||
1046 | 1042 | ||
1047 | if (!status) { | 1043 | if (!status) { |
1048 | if (sent->le) | 1044 | if (sent->le) |
1049 | hdev->host_features[0] |= LMP_HOST_LE; | 1045 | hdev->features[1][0] |= LMP_HOST_LE; |
1050 | else | 1046 | else |
1051 | hdev->host_features[0] &= ~LMP_HOST_LE; | 1047 | hdev->features[1][0] &= ~LMP_HOST_LE; |
1052 | 1048 | ||
1053 | if (sent->simul) | 1049 | if (sent->simul) |
1054 | hdev->host_features[0] |= LMP_HOST_LE_BREDR; | 1050 | hdev->features[1][0] |= LMP_HOST_LE_BREDR; |
1055 | else | 1051 | else |
1056 | hdev->host_features[0] &= ~LMP_HOST_LE_BREDR; | 1052 | hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; |
1057 | } | 1053 | } |
1058 | 1054 | ||
1059 | if (test_bit(HCI_MGMT, &hdev->dev_flags) && | 1055 | if (test_bit(HCI_MGMT, &hdev->dev_flags) && |
@@ -1190,7 +1186,7 @@ static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) | |||
1190 | if (conn) { | 1186 | if (conn) { |
1191 | if (conn->state == BT_CONFIG) { | 1187 | if (conn->state == BT_CONFIG) { |
1192 | hci_proto_connect_cfm(conn, status); | 1188 | hci_proto_connect_cfm(conn, status); |
1193 | hci_conn_put(conn); | 1189 | hci_conn_drop(conn); |
1194 | } | 1190 | } |
1195 | } | 1191 | } |
1196 | 1192 | ||
@@ -1217,7 +1213,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) | |||
1217 | if (conn) { | 1213 | if (conn) { |
1218 | if (conn->state == BT_CONFIG) { | 1214 | if (conn->state == BT_CONFIG) { |
1219 | hci_proto_connect_cfm(conn, status); | 1215 | hci_proto_connect_cfm(conn, status); |
1220 | hci_conn_put(conn); | 1216 | hci_conn_drop(conn); |
1221 | } | 1217 | } |
1222 | } | 1218 | } |
1223 | 1219 | ||
@@ -1379,7 +1375,7 @@ static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) | |||
1379 | if (conn) { | 1375 | if (conn) { |
1380 | if (conn->state == BT_CONFIG) { | 1376 | if (conn->state == BT_CONFIG) { |
1381 | hci_proto_connect_cfm(conn, status); | 1377 | hci_proto_connect_cfm(conn, status); |
1382 | hci_conn_put(conn); | 1378 | hci_conn_drop(conn); |
1383 | } | 1379 | } |
1384 | } | 1380 | } |
1385 | 1381 | ||
@@ -1406,7 +1402,7 @@ static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) | |||
1406 | if (conn) { | 1402 | if (conn) { |
1407 | if (conn->state == BT_CONFIG) { | 1403 | if (conn->state == BT_CONFIG) { |
1408 | hci_proto_connect_cfm(conn, status); | 1404 | hci_proto_connect_cfm(conn, status); |
1409 | hci_conn_put(conn); | 1405 | hci_conn_drop(conn); |
1410 | } | 1406 | } |
1411 | } | 1407 | } |
1412 | 1408 | ||
@@ -1600,13 +1596,14 @@ static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1600 | 1596 | ||
1601 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | 1597 | BT_DBG("%s status 0x%2.2x", hdev->name, status); |
1602 | 1598 | ||
1603 | hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status); | ||
1604 | |||
1605 | hci_conn_check_pending(hdev); | 1599 | hci_conn_check_pending(hdev); |
1606 | 1600 | ||
1607 | if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) | 1601 | if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) |
1608 | return; | 1602 | return; |
1609 | 1603 | ||
1604 | smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ | ||
1605 | wake_up_bit(&hdev->flags, HCI_INQUIRY); | ||
1606 | |||
1610 | if (!test_bit(HCI_MGMT, &hdev->dev_flags)) | 1607 | if (!test_bit(HCI_MGMT, &hdev->dev_flags)) |
1611 | return; | 1608 | return; |
1612 | 1609 | ||
@@ -1705,7 +1702,6 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1705 | } else | 1702 | } else |
1706 | conn->state = BT_CONNECTED; | 1703 | conn->state = BT_CONNECTED; |
1707 | 1704 | ||
1708 | hci_conn_hold_device(conn); | ||
1709 | hci_conn_add_sysfs(conn); | 1705 | hci_conn_add_sysfs(conn); |
1710 | 1706 | ||
1711 | if (test_bit(HCI_AUTH, &hdev->flags)) | 1707 | if (test_bit(HCI_AUTH, &hdev->flags)) |
@@ -1752,42 +1748,6 @@ unlock: | |||
1752 | hci_conn_check_pending(hdev); | 1748 | hci_conn_check_pending(hdev); |
1753 | } | 1749 | } |
1754 | 1750 | ||
1755 | void hci_conn_accept(struct hci_conn *conn, int mask) | ||
1756 | { | ||
1757 | struct hci_dev *hdev = conn->hdev; | ||
1758 | |||
1759 | BT_DBG("conn %p", conn); | ||
1760 | |||
1761 | conn->state = BT_CONFIG; | ||
1762 | |||
1763 | if (!lmp_esco_capable(hdev)) { | ||
1764 | struct hci_cp_accept_conn_req cp; | ||
1765 | |||
1766 | bacpy(&cp.bdaddr, &conn->dst); | ||
1767 | |||
1768 | if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) | ||
1769 | cp.role = 0x00; /* Become master */ | ||
1770 | else | ||
1771 | cp.role = 0x01; /* Remain slave */ | ||
1772 | |||
1773 | hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); | ||
1774 | } else /* lmp_esco_capable(hdev)) */ { | ||
1775 | struct hci_cp_accept_sync_conn_req cp; | ||
1776 | |||
1777 | bacpy(&cp.bdaddr, &conn->dst); | ||
1778 | cp.pkt_type = cpu_to_le16(conn->pkt_type); | ||
1779 | |||
1780 | cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
1781 | cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
1782 | cp.max_latency = __constant_cpu_to_le16(0xffff); | ||
1783 | cp.content_format = cpu_to_le16(hdev->voice_setting); | ||
1784 | cp.retrans_effort = 0xff; | ||
1785 | |||
1786 | hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, | ||
1787 | sizeof(cp), &cp); | ||
1788 | } | ||
1789 | } | ||
1790 | |||
1791 | static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | 1751 | static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) |
1792 | { | 1752 | { |
1793 | struct hci_ev_conn_request *ev = (void *) skb->data; | 1753 | struct hci_ev_conn_request *ev = (void *) skb->data; |
@@ -1859,7 +1819,6 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1859 | } else { | 1819 | } else { |
1860 | conn->state = BT_CONNECT2; | 1820 | conn->state = BT_CONNECT2; |
1861 | hci_proto_connect_cfm(conn, 0); | 1821 | hci_proto_connect_cfm(conn, 0); |
1862 | hci_conn_put(conn); | ||
1863 | } | 1822 | } |
1864 | } else { | 1823 | } else { |
1865 | /* Connection rejected */ | 1824 | /* Connection rejected */ |
@@ -1966,14 +1925,14 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1966 | } else { | 1925 | } else { |
1967 | conn->state = BT_CONNECTED; | 1926 | conn->state = BT_CONNECTED; |
1968 | hci_proto_connect_cfm(conn, ev->status); | 1927 | hci_proto_connect_cfm(conn, ev->status); |
1969 | hci_conn_put(conn); | 1928 | hci_conn_drop(conn); |
1970 | } | 1929 | } |
1971 | } else { | 1930 | } else { |
1972 | hci_auth_cfm(conn, ev->status); | 1931 | hci_auth_cfm(conn, ev->status); |
1973 | 1932 | ||
1974 | hci_conn_hold(conn); | 1933 | hci_conn_hold(conn); |
1975 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; | 1934 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
1976 | hci_conn_put(conn); | 1935 | hci_conn_drop(conn); |
1977 | } | 1936 | } |
1978 | 1937 | ||
1979 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { | 1938 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { |
@@ -2057,7 +2016,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2057 | 2016 | ||
2058 | if (ev->status && conn->state == BT_CONNECTED) { | 2017 | if (ev->status && conn->state == BT_CONNECTED) { |
2059 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); | 2018 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); |
2060 | hci_conn_put(conn); | 2019 | hci_conn_drop(conn); |
2061 | goto unlock; | 2020 | goto unlock; |
2062 | } | 2021 | } |
2063 | 2022 | ||
@@ -2066,7 +2025,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2066 | conn->state = BT_CONNECTED; | 2025 | conn->state = BT_CONNECTED; |
2067 | 2026 | ||
2068 | hci_proto_connect_cfm(conn, ev->status); | 2027 | hci_proto_connect_cfm(conn, ev->status); |
2069 | hci_conn_put(conn); | 2028 | hci_conn_drop(conn); |
2070 | } else | 2029 | } else |
2071 | hci_encrypt_cfm(conn, ev->status, ev->encrypt); | 2030 | hci_encrypt_cfm(conn, ev->status, ev->encrypt); |
2072 | } | 2031 | } |
@@ -2113,7 +2072,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev, | |||
2113 | goto unlock; | 2072 | goto unlock; |
2114 | 2073 | ||
2115 | if (!ev->status) | 2074 | if (!ev->status) |
2116 | memcpy(conn->features, ev->features, 8); | 2075 | memcpy(conn->features[0], ev->features, 8); |
2117 | 2076 | ||
2118 | if (conn->state != BT_CONFIG) | 2077 | if (conn->state != BT_CONFIG) |
2119 | goto unlock; | 2078 | goto unlock; |
@@ -2141,7 +2100,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev, | |||
2141 | if (!hci_outgoing_auth_needed(hdev, conn)) { | 2100 | if (!hci_outgoing_auth_needed(hdev, conn)) { |
2142 | conn->state = BT_CONNECTED; | 2101 | conn->state = BT_CONNECTED; |
2143 | hci_proto_connect_cfm(conn, ev->status); | 2102 | hci_proto_connect_cfm(conn, ev->status); |
2144 | hci_conn_put(conn); | 2103 | hci_conn_drop(conn); |
2145 | } | 2104 | } |
2146 | 2105 | ||
2147 | unlock: | 2106 | unlock: |
@@ -2462,7 +2421,9 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2462 | if (opcode != HCI_OP_NOP) | 2421 | if (opcode != HCI_OP_NOP) |
2463 | del_timer(&hdev->cmd_timer); | 2422 | del_timer(&hdev->cmd_timer); |
2464 | 2423 | ||
2465 | hci_req_cmd_status(hdev, opcode, ev->status); | 2424 | if (ev->status || |
2425 | (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event)) | ||
2426 | hci_req_cmd_complete(hdev, opcode, ev->status); | ||
2466 | 2427 | ||
2467 | if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { | 2428 | if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { |
2468 | atomic_set(&hdev->cmd_cnt, 1); | 2429 | atomic_set(&hdev->cmd_cnt, 1); |
@@ -2679,7 +2640,7 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2679 | if (conn->state == BT_CONNECTED) { | 2640 | if (conn->state == BT_CONNECTED) { |
2680 | hci_conn_hold(conn); | 2641 | hci_conn_hold(conn); |
2681 | conn->disc_timeout = HCI_PAIRING_TIMEOUT; | 2642 | conn->disc_timeout = HCI_PAIRING_TIMEOUT; |
2682 | hci_conn_put(conn); | 2643 | hci_conn_drop(conn); |
2683 | } | 2644 | } |
2684 | 2645 | ||
2685 | if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) | 2646 | if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) |
@@ -2782,7 +2743,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2782 | if (ev->key_type != HCI_LK_CHANGED_COMBINATION) | 2743 | if (ev->key_type != HCI_LK_CHANGED_COMBINATION) |
2783 | conn->key_type = ev->key_type; | 2744 | conn->key_type = ev->key_type; |
2784 | 2745 | ||
2785 | hci_conn_put(conn); | 2746 | hci_conn_drop(conn); |
2786 | } | 2747 | } |
2787 | 2748 | ||
2788 | if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) | 2749 | if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) |
@@ -2923,6 +2884,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2923 | if (!conn) | 2884 | if (!conn) |
2924 | goto unlock; | 2885 | goto unlock; |
2925 | 2886 | ||
2887 | if (ev->page < HCI_MAX_PAGES) | ||
2888 | memcpy(conn->features[ev->page], ev->features, 8); | ||
2889 | |||
2926 | if (!ev->status && ev->page == 0x01) { | 2890 | if (!ev->status && ev->page == 0x01) { |
2927 | struct inquiry_entry *ie; | 2891 | struct inquiry_entry *ie; |
2928 | 2892 | ||
@@ -2930,8 +2894,19 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2930 | if (ie) | 2894 | if (ie) |
2931 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); | 2895 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); |
2932 | 2896 | ||
2933 | if (ev->features[0] & LMP_HOST_SSP) | 2897 | if (ev->features[0] & LMP_HOST_SSP) { |
2934 | set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); | 2898 | set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); |
2899 | } else { | ||
2900 | /* It is mandatory by the Bluetooth specification that | ||
2901 | * Extended Inquiry Results are only used when Secure | ||
2902 | * Simple Pairing is enabled, but some devices violate | ||
2903 | * this. | ||
2904 | * | ||
2905 | * To make these devices work, the internal SSP | ||
2906 | * enabled flag needs to be cleared if the remote host | ||
2907 | * features do not indicate SSP support */ | ||
2908 | clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); | ||
2909 | } | ||
2935 | } | 2910 | } |
2936 | 2911 | ||
2937 | if (conn->state != BT_CONFIG) | 2912 | if (conn->state != BT_CONFIG) |
@@ -2951,7 +2926,7 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2951 | if (!hci_outgoing_auth_needed(hdev, conn)) { | 2926 | if (!hci_outgoing_auth_needed(hdev, conn)) { |
2952 | conn->state = BT_CONNECTED; | 2927 | conn->state = BT_CONNECTED; |
2953 | hci_proto_connect_cfm(conn, ev->status); | 2928 | hci_proto_connect_cfm(conn, ev->status); |
2954 | hci_conn_put(conn); | 2929 | hci_conn_drop(conn); |
2955 | } | 2930 | } |
2956 | 2931 | ||
2957 | unlock: | 2932 | unlock: |
@@ -2985,7 +2960,6 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev, | |||
2985 | conn->handle = __le16_to_cpu(ev->handle); | 2960 | conn->handle = __le16_to_cpu(ev->handle); |
2986 | conn->state = BT_CONNECTED; | 2961 | conn->state = BT_CONNECTED; |
2987 | 2962 | ||
2988 | hci_conn_hold_device(conn); | ||
2989 | hci_conn_add_sysfs(conn); | 2963 | hci_conn_add_sysfs(conn); |
2990 | break; | 2964 | break; |
2991 | 2965 | ||
@@ -3084,7 +3058,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, | |||
3084 | 3058 | ||
3085 | if (ev->status && conn->state == BT_CONNECTED) { | 3059 | if (ev->status && conn->state == BT_CONNECTED) { |
3086 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); | 3060 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); |
3087 | hci_conn_put(conn); | 3061 | hci_conn_drop(conn); |
3088 | goto unlock; | 3062 | goto unlock; |
3089 | } | 3063 | } |
3090 | 3064 | ||
@@ -3093,13 +3067,13 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, | |||
3093 | conn->state = BT_CONNECTED; | 3067 | conn->state = BT_CONNECTED; |
3094 | 3068 | ||
3095 | hci_proto_connect_cfm(conn, ev->status); | 3069 | hci_proto_connect_cfm(conn, ev->status); |
3096 | hci_conn_put(conn); | 3070 | hci_conn_drop(conn); |
3097 | } else { | 3071 | } else { |
3098 | hci_auth_cfm(conn, ev->status); | 3072 | hci_auth_cfm(conn, ev->status); |
3099 | 3073 | ||
3100 | hci_conn_hold(conn); | 3074 | hci_conn_hold(conn); |
3101 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; | 3075 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
3102 | hci_conn_put(conn); | 3076 | hci_conn_drop(conn); |
3103 | } | 3077 | } |
3104 | 3078 | ||
3105 | unlock: | 3079 | unlock: |
@@ -3360,7 +3334,7 @@ static void hci_simple_pair_complete_evt(struct hci_dev *hdev, | |||
3360 | mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, | 3334 | mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, |
3361 | ev->status); | 3335 | ev->status); |
3362 | 3336 | ||
3363 | hci_conn_put(conn); | 3337 | hci_conn_drop(conn); |
3364 | 3338 | ||
3365 | unlock: | 3339 | unlock: |
3366 | hci_dev_unlock(hdev); | 3340 | hci_dev_unlock(hdev); |
@@ -3371,11 +3345,16 @@ static void hci_remote_host_features_evt(struct hci_dev *hdev, | |||
3371 | { | 3345 | { |
3372 | struct hci_ev_remote_host_features *ev = (void *) skb->data; | 3346 | struct hci_ev_remote_host_features *ev = (void *) skb->data; |
3373 | struct inquiry_entry *ie; | 3347 | struct inquiry_entry *ie; |
3348 | struct hci_conn *conn; | ||
3374 | 3349 | ||
3375 | BT_DBG("%s", hdev->name); | 3350 | BT_DBG("%s", hdev->name); |
3376 | 3351 | ||
3377 | hci_dev_lock(hdev); | 3352 | hci_dev_lock(hdev); |
3378 | 3353 | ||
3354 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); | ||
3355 | if (conn) | ||
3356 | memcpy(conn->features[1], ev->features, 8); | ||
3357 | |||
3379 | ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); | 3358 | ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); |
3380 | if (ie) | 3359 | if (ie) |
3381 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); | 3360 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); |
@@ -3448,9 +3427,8 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev, | |||
3448 | 3427 | ||
3449 | hci_conn_hold(hcon); | 3428 | hci_conn_hold(hcon); |
3450 | hcon->disc_timeout = HCI_DISCONN_TIMEOUT; | 3429 | hcon->disc_timeout = HCI_DISCONN_TIMEOUT; |
3451 | hci_conn_put(hcon); | 3430 | hci_conn_drop(hcon); |
3452 | 3431 | ||
3453 | hci_conn_hold_device(hcon); | ||
3454 | hci_conn_add_sysfs(hcon); | 3432 | hci_conn_add_sysfs(hcon); |
3455 | 3433 | ||
3456 | amp_physical_cfm(bredr_hcon, hcon); | 3434 | amp_physical_cfm(bredr_hcon, hcon); |
@@ -3584,7 +3562,6 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3584 | conn->handle = __le16_to_cpu(ev->handle); | 3562 | conn->handle = __le16_to_cpu(ev->handle); |
3585 | conn->state = BT_CONNECTED; | 3563 | conn->state = BT_CONNECTED; |
3586 | 3564 | ||
3587 | hci_conn_hold_device(conn); | ||
3588 | hci_conn_add_sysfs(conn); | 3565 | hci_conn_add_sysfs(conn); |
3589 | 3566 | ||
3590 | hci_proto_connect_cfm(conn, ev->status); | 3567 | hci_proto_connect_cfm(conn, ev->status); |
@@ -3698,8 +3675,27 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) | |||
3698 | struct hci_event_hdr *hdr = (void *) skb->data; | 3675 | struct hci_event_hdr *hdr = (void *) skb->data; |
3699 | __u8 event = hdr->evt; | 3676 | __u8 event = hdr->evt; |
3700 | 3677 | ||
3678 | hci_dev_lock(hdev); | ||
3679 | |||
3680 | /* Received events are (currently) only needed when a request is | ||
3681 | * ongoing so avoid unnecessary memory allocation. | ||
3682 | */ | ||
3683 | if (hdev->req_status == HCI_REQ_PEND) { | ||
3684 | kfree_skb(hdev->recv_evt); | ||
3685 | hdev->recv_evt = skb_clone(skb, GFP_KERNEL); | ||
3686 | } | ||
3687 | |||
3688 | hci_dev_unlock(hdev); | ||
3689 | |||
3701 | skb_pull(skb, HCI_EVENT_HDR_SIZE); | 3690 | skb_pull(skb, HCI_EVENT_HDR_SIZE); |
3702 | 3691 | ||
3692 | if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) { | ||
3693 | struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data; | ||
3694 | u16 opcode = __le16_to_cpu(hdr->opcode); | ||
3695 | |||
3696 | hci_req_cmd_complete(hdev, opcode, 0); | ||
3697 | } | ||
3698 | |||
3703 | switch (event) { | 3699 | switch (event) { |
3704 | case HCI_EV_INQUIRY_COMPLETE: | 3700 | case HCI_EV_INQUIRY_COMPLETE: |
3705 | hci_inquiry_complete_evt(hdev, skb); | 3701 | hci_inquiry_complete_evt(hdev, skb); |
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c index ff38561385de..7ad6ecf36f20 100644 --- a/net/bluetooth/hci_sysfs.c +++ b/net/bluetooth/hci_sysfs.c | |||
@@ -48,10 +48,10 @@ static ssize_t show_link_features(struct device *dev, | |||
48 | struct hci_conn *conn = to_hci_conn(dev); | 48 | struct hci_conn *conn = to_hci_conn(dev); |
49 | 49 | ||
50 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", | 50 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", |
51 | conn->features[0], conn->features[1], | 51 | conn->features[0][0], conn->features[0][1], |
52 | conn->features[2], conn->features[3], | 52 | conn->features[0][2], conn->features[0][3], |
53 | conn->features[4], conn->features[5], | 53 | conn->features[0][4], conn->features[0][5], |
54 | conn->features[6], conn->features[7]); | 54 | conn->features[0][6], conn->features[0][7]); |
55 | } | 55 | } |
56 | 56 | ||
57 | #define LINK_ATTR(_name, _mode, _show, _store) \ | 57 | #define LINK_ATTR(_name, _mode, _show, _store) \ |
@@ -146,7 +146,6 @@ void hci_conn_del_sysfs(struct hci_conn *conn) | |||
146 | } | 146 | } |
147 | 147 | ||
148 | device_del(&conn->dev); | 148 | device_del(&conn->dev); |
149 | put_device(&conn->dev); | ||
150 | 149 | ||
151 | hci_dev_put(hdev); | 150 | hci_dev_put(hdev); |
152 | } | 151 | } |
@@ -234,10 +233,10 @@ static ssize_t show_features(struct device *dev, | |||
234 | struct hci_dev *hdev = to_hci_dev(dev); | 233 | struct hci_dev *hdev = to_hci_dev(dev); |
235 | 234 | ||
236 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", | 235 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", |
237 | hdev->features[0], hdev->features[1], | 236 | hdev->features[0][0], hdev->features[0][1], |
238 | hdev->features[2], hdev->features[3], | 237 | hdev->features[0][2], hdev->features[0][3], |
239 | hdev->features[4], hdev->features[5], | 238 | hdev->features[0][4], hdev->features[0][5], |
240 | hdev->features[6], hdev->features[7]); | 239 | hdev->features[0][6], hdev->features[0][7]); |
241 | } | 240 | } |
242 | 241 | ||
243 | static ssize_t show_manufacturer(struct device *dev, | 242 | static ssize_t show_manufacturer(struct device *dev, |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 2342327f3335..940f5acb6694 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c | |||
@@ -1,6 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | HIDP implementation for Linux Bluetooth stack (BlueZ). | 2 | HIDP implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> | 3 | Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> |
4 | Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com> | ||
4 | 5 | ||
5 | This program is free software; you can redistribute it and/or modify | 6 | This program is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License version 2 as | 7 | it under the terms of the GNU General Public License version 2 as |
@@ -20,6 +21,7 @@ | |||
20 | SOFTWARE IS DISCLAIMED. | 21 | SOFTWARE IS DISCLAIMED. |
21 | */ | 22 | */ |
22 | 23 | ||
24 | #include <linux/kref.h> | ||
23 | #include <linux/module.h> | 25 | #include <linux/module.h> |
24 | #include <linux/file.h> | 26 | #include <linux/file.h> |
25 | #include <linux/kthread.h> | 27 | #include <linux/kthread.h> |
@@ -59,39 +61,20 @@ static unsigned char hidp_keycode[256] = { | |||
59 | 61 | ||
60 | static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; | 62 | static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; |
61 | 63 | ||
62 | static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) | 64 | static int hidp_session_probe(struct l2cap_conn *conn, |
63 | { | 65 | struct l2cap_user *user); |
64 | struct hidp_session *session; | 66 | static void hidp_session_remove(struct l2cap_conn *conn, |
65 | 67 | struct l2cap_user *user); | |
66 | BT_DBG(""); | 68 | static int hidp_session_thread(void *arg); |
69 | static void hidp_session_terminate(struct hidp_session *s); | ||
67 | 70 | ||
68 | list_for_each_entry(session, &hidp_session_list, list) { | 71 | static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) |
69 | if (!bacmp(bdaddr, &session->bdaddr)) | ||
70 | return session; | ||
71 | } | ||
72 | |||
73 | return NULL; | ||
74 | } | ||
75 | |||
76 | static void __hidp_link_session(struct hidp_session *session) | ||
77 | { | ||
78 | list_add(&session->list, &hidp_session_list); | ||
79 | } | ||
80 | |||
81 | static void __hidp_unlink_session(struct hidp_session *session) | ||
82 | { | ||
83 | hci_conn_put_device(session->conn); | ||
84 | |||
85 | list_del(&session->list); | ||
86 | } | ||
87 | |||
88 | static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) | ||
89 | { | 72 | { |
90 | memset(ci, 0, sizeof(*ci)); | 73 | memset(ci, 0, sizeof(*ci)); |
91 | bacpy(&ci->bdaddr, &session->bdaddr); | 74 | bacpy(&ci->bdaddr, &session->bdaddr); |
92 | 75 | ||
93 | ci->flags = session->flags; | 76 | ci->flags = session->flags; |
94 | ci->state = session->state; | 77 | ci->state = BT_CONNECTED; |
95 | 78 | ||
96 | ci->vendor = 0x0000; | 79 | ci->vendor = 0x0000; |
97 | ci->product = 0x0000; | 80 | ci->product = 0x0000; |
@@ -115,58 +98,80 @@ static void __hidp_copy_session(struct hidp_session *session, struct hidp_connin | |||
115 | } | 98 | } |
116 | } | 99 | } |
117 | 100 | ||
118 | static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, | 101 | /* assemble skb, queue message on @transmit and wake up the session thread */ |
119 | unsigned int type, unsigned int code, int value) | 102 | static int hidp_send_message(struct hidp_session *session, struct socket *sock, |
103 | struct sk_buff_head *transmit, unsigned char hdr, | ||
104 | const unsigned char *data, int size) | ||
120 | { | 105 | { |
121 | unsigned char newleds; | ||
122 | struct sk_buff *skb; | 106 | struct sk_buff *skb; |
107 | struct sock *sk = sock->sk; | ||
123 | 108 | ||
124 | BT_DBG("session %p type %d code %d value %d", session, type, code, value); | 109 | BT_DBG("session %p data %p size %d", session, data, size); |
125 | |||
126 | if (type != EV_LED) | ||
127 | return -1; | ||
128 | |||
129 | newleds = (!!test_bit(LED_KANA, dev->led) << 3) | | ||
130 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | | ||
131 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | | ||
132 | (!!test_bit(LED_CAPSL, dev->led) << 1) | | ||
133 | (!!test_bit(LED_NUML, dev->led)); | ||
134 | |||
135 | if (session->leds == newleds) | ||
136 | return 0; | ||
137 | 110 | ||
138 | session->leds = newleds; | 111 | if (atomic_read(&session->terminate)) |
112 | return -EIO; | ||
139 | 113 | ||
140 | skb = alloc_skb(3, GFP_ATOMIC); | 114 | skb = alloc_skb(size + 1, GFP_ATOMIC); |
141 | if (!skb) { | 115 | if (!skb) { |
142 | BT_ERR("Can't allocate memory for new frame"); | 116 | BT_ERR("Can't allocate memory for new frame"); |
143 | return -ENOMEM; | 117 | return -ENOMEM; |
144 | } | 118 | } |
145 | 119 | ||
146 | *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; | 120 | *skb_put(skb, 1) = hdr; |
147 | *skb_put(skb, 1) = 0x01; | 121 | if (data && size > 0) |
148 | *skb_put(skb, 1) = newleds; | 122 | memcpy(skb_put(skb, size), data, size); |
149 | |||
150 | skb_queue_tail(&session->intr_transmit, skb); | ||
151 | 123 | ||
152 | hidp_schedule(session); | 124 | skb_queue_tail(transmit, skb); |
125 | wake_up_interruptible(sk_sleep(sk)); | ||
153 | 126 | ||
154 | return 0; | 127 | return 0; |
155 | } | 128 | } |
156 | 129 | ||
157 | static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) | 130 | static int hidp_send_ctrl_message(struct hidp_session *session, |
131 | unsigned char hdr, const unsigned char *data, | ||
132 | int size) | ||
158 | { | 133 | { |
159 | struct hid_device *hid = input_get_drvdata(dev); | 134 | return hidp_send_message(session, session->ctrl_sock, |
160 | struct hidp_session *session = hid->driver_data; | 135 | &session->ctrl_transmit, hdr, data, size); |
136 | } | ||
161 | 137 | ||
162 | return hidp_queue_event(session, dev, type, code, value); | 138 | static int hidp_send_intr_message(struct hidp_session *session, |
139 | unsigned char hdr, const unsigned char *data, | ||
140 | int size) | ||
141 | { | ||
142 | return hidp_send_message(session, session->intr_sock, | ||
143 | &session->intr_transmit, hdr, data, size); | ||
163 | } | 144 | } |
164 | 145 | ||
165 | static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) | 146 | static int hidp_input_event(struct input_dev *dev, unsigned int type, |
147 | unsigned int code, int value) | ||
166 | { | 148 | { |
167 | struct hidp_session *session = input_get_drvdata(dev); | 149 | struct hidp_session *session = input_get_drvdata(dev); |
150 | unsigned char newleds; | ||
151 | unsigned char hdr, data[2]; | ||
152 | |||
153 | BT_DBG("session %p type %d code %d value %d", | ||
154 | session, type, code, value); | ||
155 | |||
156 | if (type != EV_LED) | ||
157 | return -1; | ||
158 | |||
159 | newleds = (!!test_bit(LED_KANA, dev->led) << 3) | | ||
160 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | | ||
161 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | | ||
162 | (!!test_bit(LED_CAPSL, dev->led) << 1) | | ||
163 | (!!test_bit(LED_NUML, dev->led)); | ||
168 | 164 | ||
169 | return hidp_queue_event(session, dev, type, code, value); | 165 | if (session->leds == newleds) |
166 | return 0; | ||
167 | |||
168 | session->leds = newleds; | ||
169 | |||
170 | hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; | ||
171 | data[0] = 0x01; | ||
172 | data[1] = newleds; | ||
173 | |||
174 | return hidp_send_intr_message(session, hdr, data, 2); | ||
170 | } | 175 | } |
171 | 176 | ||
172 | static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) | 177 | static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) |
@@ -224,71 +229,9 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) | |||
224 | input_sync(dev); | 229 | input_sync(dev); |
225 | } | 230 | } |
226 | 231 | ||
227 | static int __hidp_send_ctrl_message(struct hidp_session *session, | ||
228 | unsigned char hdr, unsigned char *data, | ||
229 | int size) | ||
230 | { | ||
231 | struct sk_buff *skb; | ||
232 | |||
233 | BT_DBG("session %p data %p size %d", session, data, size); | ||
234 | |||
235 | if (atomic_read(&session->terminate)) | ||
236 | return -EIO; | ||
237 | |||
238 | skb = alloc_skb(size + 1, GFP_ATOMIC); | ||
239 | if (!skb) { | ||
240 | BT_ERR("Can't allocate memory for new frame"); | ||
241 | return -ENOMEM; | ||
242 | } | ||
243 | |||
244 | *skb_put(skb, 1) = hdr; | ||
245 | if (data && size > 0) | ||
246 | memcpy(skb_put(skb, size), data, size); | ||
247 | |||
248 | skb_queue_tail(&session->ctrl_transmit, skb); | ||
249 | |||
250 | return 0; | ||
251 | } | ||
252 | |||
253 | static int hidp_send_ctrl_message(struct hidp_session *session, | ||
254 | unsigned char hdr, unsigned char *data, int size) | ||
255 | { | ||
256 | int err; | ||
257 | |||
258 | err = __hidp_send_ctrl_message(session, hdr, data, size); | ||
259 | |||
260 | hidp_schedule(session); | ||
261 | |||
262 | return err; | ||
263 | } | ||
264 | |||
265 | static int hidp_queue_report(struct hidp_session *session, | ||
266 | unsigned char *data, int size) | ||
267 | { | ||
268 | struct sk_buff *skb; | ||
269 | |||
270 | BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); | ||
271 | |||
272 | skb = alloc_skb(size + 1, GFP_ATOMIC); | ||
273 | if (!skb) { | ||
274 | BT_ERR("Can't allocate memory for new frame"); | ||
275 | return -ENOMEM; | ||
276 | } | ||
277 | |||
278 | *skb_put(skb, 1) = 0xa2; | ||
279 | if (size > 0) | ||
280 | memcpy(skb_put(skb, size), data, size); | ||
281 | |||
282 | skb_queue_tail(&session->intr_transmit, skb); | ||
283 | |||
284 | hidp_schedule(session); | ||
285 | |||
286 | return 0; | ||
287 | } | ||
288 | |||
289 | static int hidp_send_report(struct hidp_session *session, struct hid_report *report) | 232 | static int hidp_send_report(struct hidp_session *session, struct hid_report *report) |
290 | { | 233 | { |
291 | unsigned char buf[32]; | 234 | unsigned char buf[32], hdr; |
292 | int rsize; | 235 | int rsize; |
293 | 236 | ||
294 | rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); | 237 | rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); |
@@ -296,8 +239,9 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep | |||
296 | return -EIO; | 239 | return -EIO; |
297 | 240 | ||
298 | hid_output_report(report, buf); | 241 | hid_output_report(report, buf); |
242 | hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; | ||
299 | 243 | ||
300 | return hidp_queue_report(session, buf, rsize); | 244 | return hidp_send_intr_message(session, hdr, buf, rsize); |
301 | } | 245 | } |
302 | 246 | ||
303 | static int hidp_get_raw_report(struct hid_device *hid, | 247 | static int hidp_get_raw_report(struct hid_device *hid, |
@@ -336,17 +280,19 @@ static int hidp_get_raw_report(struct hid_device *hid, | |||
336 | session->waiting_report_number = numbered_reports ? report_number : -1; | 280 | session->waiting_report_number = numbered_reports ? report_number : -1; |
337 | set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | 281 | set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); |
338 | data[0] = report_number; | 282 | data[0] = report_number; |
339 | ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1); | 283 | ret = hidp_send_ctrl_message(session, report_type, data, 1); |
340 | if (ret) | 284 | if (ret) |
341 | goto err; | 285 | goto err; |
342 | 286 | ||
343 | /* Wait for the return of the report. The returned report | 287 | /* Wait for the return of the report. The returned report |
344 | gets put in session->report_return. */ | 288 | gets put in session->report_return. */ |
345 | while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { | 289 | while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && |
290 | !atomic_read(&session->terminate)) { | ||
346 | int res; | 291 | int res; |
347 | 292 | ||
348 | res = wait_event_interruptible_timeout(session->report_queue, | 293 | res = wait_event_interruptible_timeout(session->report_queue, |
349 | !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), | 294 | !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) |
295 | || atomic_read(&session->terminate), | ||
350 | 5*HZ); | 296 | 5*HZ); |
351 | if (res == 0) { | 297 | if (res == 0) { |
352 | /* timeout */ | 298 | /* timeout */ |
@@ -389,14 +335,11 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s | |||
389 | struct hidp_session *session = hid->driver_data; | 335 | struct hidp_session *session = hid->driver_data; |
390 | int ret; | 336 | int ret; |
391 | 337 | ||
392 | switch (report_type) { | 338 | if (report_type == HID_OUTPUT_REPORT) { |
393 | case HID_FEATURE_REPORT: | 339 | report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; |
394 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; | 340 | return hidp_send_intr_message(session, report_type, |
395 | break; | 341 | data, count); |
396 | case HID_OUTPUT_REPORT: | 342 | } else if (report_type != HID_FEATURE_REPORT) { |
397 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; | ||
398 | break; | ||
399 | default: | ||
400 | return -EINVAL; | 343 | return -EINVAL; |
401 | } | 344 | } |
402 | 345 | ||
@@ -405,17 +348,19 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s | |||
405 | 348 | ||
406 | /* Set up our wait, and send the report request to the device. */ | 349 | /* Set up our wait, and send the report request to the device. */ |
407 | set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); | 350 | set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); |
408 | ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, | 351 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; |
409 | count); | 352 | ret = hidp_send_ctrl_message(session, report_type, data, count); |
410 | if (ret) | 353 | if (ret) |
411 | goto err; | 354 | goto err; |
412 | 355 | ||
413 | /* Wait for the ACK from the device. */ | 356 | /* Wait for the ACK from the device. */ |
414 | while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { | 357 | while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) && |
358 | !atomic_read(&session->terminate)) { | ||
415 | int res; | 359 | int res; |
416 | 360 | ||
417 | res = wait_event_interruptible_timeout(session->report_queue, | 361 | res = wait_event_interruptible_timeout(session->report_queue, |
418 | !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), | 362 | !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) |
363 | || atomic_read(&session->terminate), | ||
419 | 10*HZ); | 364 | 10*HZ); |
420 | if (res == 0) { | 365 | if (res == 0) { |
421 | /* timeout */ | 366 | /* timeout */ |
@@ -446,8 +391,7 @@ static void hidp_idle_timeout(unsigned long arg) | |||
446 | { | 391 | { |
447 | struct hidp_session *session = (struct hidp_session *) arg; | 392 | struct hidp_session *session = (struct hidp_session *) arg; |
448 | 393 | ||
449 | atomic_inc(&session->terminate); | 394 | hidp_session_terminate(session); |
450 | wake_up_process(session->task); | ||
451 | } | 395 | } |
452 | 396 | ||
453 | static void hidp_set_timer(struct hidp_session *session) | 397 | static void hidp_set_timer(struct hidp_session *session) |
@@ -490,12 +434,12 @@ static void hidp_process_handshake(struct hidp_session *session, | |||
490 | case HIDP_HSHK_ERR_FATAL: | 434 | case HIDP_HSHK_ERR_FATAL: |
491 | /* Device requests a reboot, as this is the only way this error | 435 | /* Device requests a reboot, as this is the only way this error |
492 | * can be recovered. */ | 436 | * can be recovered. */ |
493 | __hidp_send_ctrl_message(session, | 437 | hidp_send_ctrl_message(session, |
494 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); | 438 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); |
495 | break; | 439 | break; |
496 | 440 | ||
497 | default: | 441 | default: |
498 | __hidp_send_ctrl_message(session, | 442 | hidp_send_ctrl_message(session, |
499 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); | 443 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); |
500 | break; | 444 | break; |
501 | } | 445 | } |
@@ -515,8 +459,7 @@ static void hidp_process_hid_control(struct hidp_session *session, | |||
515 | skb_queue_purge(&session->ctrl_transmit); | 459 | skb_queue_purge(&session->ctrl_transmit); |
516 | skb_queue_purge(&session->intr_transmit); | 460 | skb_queue_purge(&session->intr_transmit); |
517 | 461 | ||
518 | atomic_inc(&session->terminate); | 462 | hidp_session_terminate(session); |
519 | wake_up_process(current); | ||
520 | } | 463 | } |
521 | } | 464 | } |
522 | 465 | ||
@@ -544,7 +487,7 @@ static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, | |||
544 | break; | 487 | break; |
545 | 488 | ||
546 | default: | 489 | default: |
547 | __hidp_send_ctrl_message(session, | 490 | hidp_send_ctrl_message(session, |
548 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); | 491 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); |
549 | } | 492 | } |
550 | 493 | ||
@@ -591,7 +534,7 @@ static void hidp_recv_ctrl_frame(struct hidp_session *session, | |||
591 | break; | 534 | break; |
592 | 535 | ||
593 | default: | 536 | default: |
594 | __hidp_send_ctrl_message(session, | 537 | hidp_send_ctrl_message(session, |
595 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); | 538 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); |
596 | break; | 539 | break; |
597 | } | 540 | } |
@@ -642,32 +585,24 @@ static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) | |||
642 | return kernel_sendmsg(sock, &msg, &iv, 1, len); | 585 | return kernel_sendmsg(sock, &msg, &iv, 1, len); |
643 | } | 586 | } |
644 | 587 | ||
645 | static void hidp_process_intr_transmit(struct hidp_session *session) | 588 | /* dequeue message from @transmit and send via @sock */ |
589 | static void hidp_process_transmit(struct hidp_session *session, | ||
590 | struct sk_buff_head *transmit, | ||
591 | struct socket *sock) | ||
646 | { | 592 | { |
647 | struct sk_buff *skb; | 593 | struct sk_buff *skb; |
594 | int ret; | ||
648 | 595 | ||
649 | BT_DBG("session %p", session); | 596 | BT_DBG("session %p", session); |
650 | 597 | ||
651 | while ((skb = skb_dequeue(&session->intr_transmit))) { | 598 | while ((skb = skb_dequeue(transmit))) { |
652 | if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { | 599 | ret = hidp_send_frame(sock, skb->data, skb->len); |
653 | skb_queue_head(&session->intr_transmit, skb); | 600 | if (ret == -EAGAIN) { |
601 | skb_queue_head(transmit, skb); | ||
654 | break; | 602 | break; |
655 | } | 603 | } else if (ret < 0) { |
656 | 604 | hidp_session_terminate(session); | |
657 | hidp_set_timer(session); | 605 | kfree_skb(skb); |
658 | kfree_skb(skb); | ||
659 | } | ||
660 | } | ||
661 | |||
662 | static void hidp_process_ctrl_transmit(struct hidp_session *session) | ||
663 | { | ||
664 | struct sk_buff *skb; | ||
665 | |||
666 | BT_DBG("session %p", session); | ||
667 | |||
668 | while ((skb = skb_dequeue(&session->ctrl_transmit))) { | ||
669 | if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { | ||
670 | skb_queue_head(&session->ctrl_transmit, skb); | ||
671 | break; | 606 | break; |
672 | } | 607 | } |
673 | 608 | ||
@@ -676,122 +611,6 @@ static void hidp_process_ctrl_transmit(struct hidp_session *session) | |||
676 | } | 611 | } |
677 | } | 612 | } |
678 | 613 | ||
679 | static int hidp_session(void *arg) | ||
680 | { | ||
681 | struct hidp_session *session = arg; | ||
682 | struct sock *ctrl_sk = session->ctrl_sock->sk; | ||
683 | struct sock *intr_sk = session->intr_sock->sk; | ||
684 | struct sk_buff *skb; | ||
685 | wait_queue_t ctrl_wait, intr_wait; | ||
686 | |||
687 | BT_DBG("session %p", session); | ||
688 | |||
689 | __module_get(THIS_MODULE); | ||
690 | set_user_nice(current, -15); | ||
691 | |||
692 | init_waitqueue_entry(&ctrl_wait, current); | ||
693 | init_waitqueue_entry(&intr_wait, current); | ||
694 | add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); | ||
695 | add_wait_queue(sk_sleep(intr_sk), &intr_wait); | ||
696 | session->waiting_for_startup = 0; | ||
697 | wake_up_interruptible(&session->startup_queue); | ||
698 | set_current_state(TASK_INTERRUPTIBLE); | ||
699 | while (!atomic_read(&session->terminate)) { | ||
700 | if (ctrl_sk->sk_state != BT_CONNECTED || | ||
701 | intr_sk->sk_state != BT_CONNECTED) | ||
702 | break; | ||
703 | |||
704 | while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { | ||
705 | skb_orphan(skb); | ||
706 | if (!skb_linearize(skb)) | ||
707 | hidp_recv_intr_frame(session, skb); | ||
708 | else | ||
709 | kfree_skb(skb); | ||
710 | } | ||
711 | |||
712 | hidp_process_intr_transmit(session); | ||
713 | |||
714 | while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { | ||
715 | skb_orphan(skb); | ||
716 | if (!skb_linearize(skb)) | ||
717 | hidp_recv_ctrl_frame(session, skb); | ||
718 | else | ||
719 | kfree_skb(skb); | ||
720 | } | ||
721 | |||
722 | hidp_process_ctrl_transmit(session); | ||
723 | |||
724 | schedule(); | ||
725 | set_current_state(TASK_INTERRUPTIBLE); | ||
726 | } | ||
727 | set_current_state(TASK_RUNNING); | ||
728 | atomic_inc(&session->terminate); | ||
729 | remove_wait_queue(sk_sleep(intr_sk), &intr_wait); | ||
730 | remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); | ||
731 | |||
732 | clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); | ||
733 | clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | ||
734 | wake_up_interruptible(&session->report_queue); | ||
735 | |||
736 | down_write(&hidp_session_sem); | ||
737 | |||
738 | hidp_del_timer(session); | ||
739 | |||
740 | if (session->input) { | ||
741 | input_unregister_device(session->input); | ||
742 | session->input = NULL; | ||
743 | } | ||
744 | |||
745 | if (session->hid) { | ||
746 | hid_destroy_device(session->hid); | ||
747 | session->hid = NULL; | ||
748 | } | ||
749 | |||
750 | /* Wakeup user-space polling for socket errors */ | ||
751 | session->intr_sock->sk->sk_err = EUNATCH; | ||
752 | session->ctrl_sock->sk->sk_err = EUNATCH; | ||
753 | |||
754 | hidp_schedule(session); | ||
755 | |||
756 | fput(session->intr_sock->file); | ||
757 | |||
758 | wait_event_timeout(*(sk_sleep(ctrl_sk)), | ||
759 | (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); | ||
760 | |||
761 | fput(session->ctrl_sock->file); | ||
762 | |||
763 | __hidp_unlink_session(session); | ||
764 | |||
765 | up_write(&hidp_session_sem); | ||
766 | |||
767 | kfree(session->rd_data); | ||
768 | kfree(session); | ||
769 | module_put_and_exit(0); | ||
770 | return 0; | ||
771 | } | ||
772 | |||
773 | static struct hci_conn *hidp_get_connection(struct hidp_session *session) | ||
774 | { | ||
775 | bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; | ||
776 | bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; | ||
777 | struct hci_conn *conn; | ||
778 | struct hci_dev *hdev; | ||
779 | |||
780 | hdev = hci_get_route(dst, src); | ||
781 | if (!hdev) | ||
782 | return NULL; | ||
783 | |||
784 | hci_dev_lock(hdev); | ||
785 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); | ||
786 | if (conn) | ||
787 | hci_conn_hold_device(conn); | ||
788 | hci_dev_unlock(hdev); | ||
789 | |||
790 | hci_dev_put(hdev); | ||
791 | |||
792 | return conn; | ||
793 | } | ||
794 | |||
795 | static int hidp_setup_input(struct hidp_session *session, | 614 | static int hidp_setup_input(struct hidp_session *session, |
796 | struct hidp_connadd_req *req) | 615 | struct hidp_connadd_req *req) |
797 | { | 616 | { |
@@ -839,7 +658,7 @@ static int hidp_setup_input(struct hidp_session *session, | |||
839 | input->relbit[0] |= BIT_MASK(REL_WHEEL); | 658 | input->relbit[0] |= BIT_MASK(REL_WHEEL); |
840 | } | 659 | } |
841 | 660 | ||
842 | input->dev.parent = &session->conn->dev; | 661 | input->dev.parent = &session->conn->hcon->dev; |
843 | 662 | ||
844 | input->event = hidp_input_event; | 663 | input->event = hidp_input_event; |
845 | 664 | ||
@@ -898,7 +717,6 @@ static struct hid_ll_driver hidp_hid_driver = { | |||
898 | .stop = hidp_stop, | 717 | .stop = hidp_stop, |
899 | .open = hidp_open, | 718 | .open = hidp_open, |
900 | .close = hidp_close, | 719 | .close = hidp_close, |
901 | .hidinput_input_event = hidp_hidinput_event, | ||
902 | }; | 720 | }; |
903 | 721 | ||
904 | /* This function sets up the hid device. It does not add it | 722 | /* This function sets up the hid device. It does not add it |
@@ -943,7 +761,7 @@ static int hidp_setup_hid(struct hidp_session *session, | |||
943 | snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", | 761 | snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", |
944 | &bt_sk(session->ctrl_sock->sk)->dst); | 762 | &bt_sk(session->ctrl_sock->sk)->dst); |
945 | 763 | ||
946 | hid->dev.parent = &session->conn->dev; | 764 | hid->dev.parent = &session->conn->hcon->dev; |
947 | hid->ll_driver = &hidp_hid_driver; | 765 | hid->ll_driver = &hidp_hid_driver; |
948 | 766 | ||
949 | hid->hid_get_raw_report = hidp_get_raw_report; | 767 | hid->hid_get_raw_report = hidp_get_raw_report; |
@@ -965,80 +783,217 @@ fault: | |||
965 | return err; | 783 | return err; |
966 | } | 784 | } |
967 | 785 | ||
968 | int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) | 786 | /* initialize session devices */ |
787 | static int hidp_session_dev_init(struct hidp_session *session, | ||
788 | struct hidp_connadd_req *req) | ||
969 | { | 789 | { |
970 | struct hidp_session *session, *s; | 790 | int ret; |
971 | int vendor, product; | ||
972 | int err; | ||
973 | 791 | ||
974 | BT_DBG(""); | 792 | if (req->rd_size > 0) { |
793 | ret = hidp_setup_hid(session, req); | ||
794 | if (ret && ret != -ENODEV) | ||
795 | return ret; | ||
796 | } | ||
975 | 797 | ||
976 | if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || | 798 | if (!session->hid) { |
977 | bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) | 799 | ret = hidp_setup_input(session, req); |
978 | return -ENOTUNIQ; | 800 | if (ret < 0) |
801 | return ret; | ||
802 | } | ||
979 | 803 | ||
980 | BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); | 804 | return 0; |
805 | } | ||
981 | 806 | ||
982 | down_write(&hidp_session_sem); | 807 | /* destroy session devices */ |
808 | static void hidp_session_dev_destroy(struct hidp_session *session) | ||
809 | { | ||
810 | if (session->hid) | ||
811 | put_device(&session->hid->dev); | ||
812 | else if (session->input) | ||
813 | input_put_device(session->input); | ||
983 | 814 | ||
984 | s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); | 815 | kfree(session->rd_data); |
985 | if (s && s->state == BT_CONNECTED) { | 816 | session->rd_data = NULL; |
986 | up_write(&hidp_session_sem); | 817 | } |
987 | return -EEXIST; | ||
988 | } | ||
989 | 818 | ||
990 | session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); | 819 | /* add HID/input devices to their underlying bus systems */ |
991 | if (!session) { | 820 | static int hidp_session_dev_add(struct hidp_session *session) |
992 | up_write(&hidp_session_sem); | 821 | { |
993 | return -ENOMEM; | 822 | int ret; |
994 | } | ||
995 | 823 | ||
996 | bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); | 824 | /* Both HID and input systems drop a ref-count when unregistering the |
825 | * device but they don't take a ref-count when registering them. Work | ||
826 | * around this by explicitly taking a refcount during registration | ||
827 | * which is dropped automatically by unregistering the devices. */ | ||
997 | 828 | ||
998 | session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, | 829 | if (session->hid) { |
999 | l2cap_pi(ctrl_sock->sk)->chan->imtu); | 830 | ret = hid_add_device(session->hid); |
1000 | session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, | 831 | if (ret) |
1001 | l2cap_pi(intr_sock->sk)->chan->imtu); | 832 | return ret; |
833 | get_device(&session->hid->dev); | ||
834 | } else if (session->input) { | ||
835 | ret = input_register_device(session->input); | ||
836 | if (ret) | ||
837 | return ret; | ||
838 | input_get_device(session->input); | ||
839 | } | ||
1002 | 840 | ||
1003 | BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); | 841 | return 0; |
842 | } | ||
1004 | 843 | ||
1005 | session->ctrl_sock = ctrl_sock; | 844 | /* remove HID/input devices from their bus systems */ |
1006 | session->intr_sock = intr_sock; | 845 | static void hidp_session_dev_del(struct hidp_session *session) |
1007 | session->state = BT_CONNECTED; | 846 | { |
847 | if (session->hid) | ||
848 | hid_destroy_device(session->hid); | ||
849 | else if (session->input) | ||
850 | input_unregister_device(session->input); | ||
851 | } | ||
1008 | 852 | ||
1009 | session->conn = hidp_get_connection(session); | 853 | /* |
1010 | if (!session->conn) { | 854 | * Create new session object |
1011 | err = -ENOTCONN; | 855 | * Allocate session object, initialize static fields, copy input data into the |
1012 | goto failed; | 856 | * object and take a reference to all sub-objects. |
1013 | } | 857 | * This returns 0 on success and puts a pointer to the new session object in |
858 | * \out. Otherwise, an error code is returned. | ||
859 | * The new session object has an initial ref-count of 1. | ||
860 | */ | ||
861 | static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr, | ||
862 | struct socket *ctrl_sock, | ||
863 | struct socket *intr_sock, | ||
864 | struct hidp_connadd_req *req, | ||
865 | struct l2cap_conn *conn) | ||
866 | { | ||
867 | struct hidp_session *session; | ||
868 | int ret; | ||
869 | struct bt_sock *ctrl, *intr; | ||
870 | |||
871 | ctrl = bt_sk(ctrl_sock->sk); | ||
872 | intr = bt_sk(intr_sock->sk); | ||
1014 | 873 | ||
1015 | setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); | 874 | session = kzalloc(sizeof(*session), GFP_KERNEL); |
875 | if (!session) | ||
876 | return -ENOMEM; | ||
1016 | 877 | ||
878 | /* object and runtime management */ | ||
879 | kref_init(&session->ref); | ||
880 | atomic_set(&session->state, HIDP_SESSION_IDLING); | ||
881 | init_waitqueue_head(&session->state_queue); | ||
882 | session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); | ||
883 | |||
884 | /* connection management */ | ||
885 | bacpy(&session->bdaddr, bdaddr); | ||
886 | session->conn = conn; | ||
887 | session->user.probe = hidp_session_probe; | ||
888 | session->user.remove = hidp_session_remove; | ||
889 | session->ctrl_sock = ctrl_sock; | ||
890 | session->intr_sock = intr_sock; | ||
1017 | skb_queue_head_init(&session->ctrl_transmit); | 891 | skb_queue_head_init(&session->ctrl_transmit); |
1018 | skb_queue_head_init(&session->intr_transmit); | 892 | skb_queue_head_init(&session->intr_transmit); |
893 | session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu, | ||
894 | l2cap_pi(ctrl)->chan->imtu); | ||
895 | session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu, | ||
896 | l2cap_pi(intr)->chan->imtu); | ||
897 | session->idle_to = req->idle_to; | ||
898 | |||
899 | /* device management */ | ||
900 | setup_timer(&session->timer, hidp_idle_timeout, | ||
901 | (unsigned long)session); | ||
1019 | 902 | ||
903 | /* session data */ | ||
1020 | mutex_init(&session->report_mutex); | 904 | mutex_init(&session->report_mutex); |
1021 | init_waitqueue_head(&session->report_queue); | 905 | init_waitqueue_head(&session->report_queue); |
1022 | init_waitqueue_head(&session->startup_queue); | ||
1023 | session->waiting_for_startup = 1; | ||
1024 | session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); | ||
1025 | session->idle_to = req->idle_to; | ||
1026 | 906 | ||
1027 | __hidp_link_session(session); | 907 | ret = hidp_session_dev_init(session, req); |
908 | if (ret) | ||
909 | goto err_free; | ||
1028 | 910 | ||
1029 | if (req->rd_size > 0) { | 911 | l2cap_conn_get(session->conn); |
1030 | err = hidp_setup_hid(session, req); | 912 | get_file(session->intr_sock->file); |
1031 | if (err && err != -ENODEV) | 913 | get_file(session->ctrl_sock->file); |
1032 | goto purge; | 914 | *out = session; |
1033 | } | 915 | return 0; |
1034 | 916 | ||
1035 | if (!session->hid) { | 917 | err_free: |
1036 | err = hidp_setup_input(session, req); | 918 | kfree(session); |
1037 | if (err < 0) | 919 | return ret; |
1038 | goto purge; | 920 | } |
921 | |||
922 | /* increase ref-count of the given session by one */ | ||
923 | static void hidp_session_get(struct hidp_session *session) | ||
924 | { | ||
925 | kref_get(&session->ref); | ||
926 | } | ||
927 | |||
928 | /* release callback */ | ||
929 | static void session_free(struct kref *ref) | ||
930 | { | ||
931 | struct hidp_session *session = container_of(ref, struct hidp_session, | ||
932 | ref); | ||
933 | |||
934 | hidp_session_dev_destroy(session); | ||
935 | skb_queue_purge(&session->ctrl_transmit); | ||
936 | skb_queue_purge(&session->intr_transmit); | ||
937 | fput(session->intr_sock->file); | ||
938 | fput(session->ctrl_sock->file); | ||
939 | l2cap_conn_put(session->conn); | ||
940 | kfree(session); | ||
941 | } | ||
942 | |||
943 | /* decrease ref-count of the given session by one */ | ||
944 | static void hidp_session_put(struct hidp_session *session) | ||
945 | { | ||
946 | kref_put(&session->ref, session_free); | ||
947 | } | ||
948 | |||
949 | /* | ||
950 | * Search the list of active sessions for a session with target address | ||
951 | * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as | ||
952 | * you do not release this lock, the session objects cannot vanish and you can | ||
953 | * safely take a reference to the session yourself. | ||
954 | */ | ||
955 | static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr) | ||
956 | { | ||
957 | struct hidp_session *session; | ||
958 | |||
959 | list_for_each_entry(session, &hidp_session_list, list) { | ||
960 | if (!bacmp(bdaddr, &session->bdaddr)) | ||
961 | return session; | ||
1039 | } | 962 | } |
1040 | 963 | ||
1041 | hidp_set_timer(session); | 964 | return NULL; |
965 | } | ||
966 | |||
967 | /* | ||
968 | * Same as __hidp_session_find() but no locks must be held. This also takes a | ||
969 | * reference of the returned session (if non-NULL) so you must drop this | ||
970 | * reference if you no longer use the object. | ||
971 | */ | ||
972 | static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr) | ||
973 | { | ||
974 | struct hidp_session *session; | ||
975 | |||
976 | down_read(&hidp_session_sem); | ||
977 | |||
978 | session = __hidp_session_find(bdaddr); | ||
979 | if (session) | ||
980 | hidp_session_get(session); | ||
981 | |||
982 | up_read(&hidp_session_sem); | ||
983 | |||
984 | return session; | ||
985 | } | ||
986 | |||
987 | /* | ||
988 | * Start session synchronously | ||
989 | * This starts a session thread and waits until initialization | ||
990 | * is done or returns an error if it couldn't be started. | ||
991 | * If this returns 0 the session thread is up and running. You must call | ||
992 | * hipd_session_stop_sync() before deleting any runtime resources. | ||
993 | */ | ||
994 | static int hidp_session_start_sync(struct hidp_session *session) | ||
995 | { | ||
996 | unsigned int vendor, product; | ||
1042 | 997 | ||
1043 | if (session->hid) { | 998 | if (session->hid) { |
1044 | vendor = session->hid->vendor; | 999 | vendor = session->hid->vendor; |
@@ -1051,98 +1006,320 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, | |||
1051 | product = 0x0000; | 1006 | product = 0x0000; |
1052 | } | 1007 | } |
1053 | 1008 | ||
1054 | session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", | 1009 | session->task = kthread_run(hidp_session_thread, session, |
1055 | vendor, product); | 1010 | "khidpd_%04x%04x", vendor, product); |
1056 | if (IS_ERR(session->task)) { | 1011 | if (IS_ERR(session->task)) |
1057 | err = PTR_ERR(session->task); | 1012 | return PTR_ERR(session->task); |
1058 | goto unlink; | ||
1059 | } | ||
1060 | 1013 | ||
1061 | while (session->waiting_for_startup) { | 1014 | while (atomic_read(&session->state) <= HIDP_SESSION_IDLING) |
1062 | wait_event_interruptible(session->startup_queue, | 1015 | wait_event(session->state_queue, |
1063 | !session->waiting_for_startup); | 1016 | atomic_read(&session->state) > HIDP_SESSION_IDLING); |
1064 | } | ||
1065 | 1017 | ||
1066 | if (session->hid) | 1018 | return 0; |
1067 | err = hid_add_device(session->hid); | 1019 | } |
1068 | else | ||
1069 | err = input_register_device(session->input); | ||
1070 | 1020 | ||
1071 | if (err < 0) { | 1021 | /* |
1072 | atomic_inc(&session->terminate); | 1022 | * Terminate session thread |
1073 | wake_up_process(session->task); | 1023 | * Wake up session thread and notify it to stop. This is asynchronous and |
1074 | up_write(&hidp_session_sem); | 1024 | * returns immediately. Call this whenever a runtime error occurs and you want |
1075 | return err; | 1025 | * the session to stop. |
1076 | } | 1026 | * Note: wake_up_process() performs any necessary memory-barriers for us. |
1027 | */ | ||
1028 | static void hidp_session_terminate(struct hidp_session *session) | ||
1029 | { | ||
1030 | atomic_inc(&session->terminate); | ||
1031 | wake_up_process(session->task); | ||
1032 | } | ||
1077 | 1033 | ||
1078 | if (session->input) { | 1034 | /* |
1079 | hidp_send_ctrl_message(session, | 1035 | * Probe HIDP session |
1080 | HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); | 1036 | * This is called from the l2cap_conn core when our l2cap_user object is bound |
1081 | session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); | 1037 | * to the hci-connection. We get the session via the \user object and can now |
1038 | * start the session thread, register the HID/input devices and link it into | ||
1039 | * the global session list. | ||
1040 | * The global session-list owns its own reference to the session object so you | ||
1041 | * can drop your own reference after registering the l2cap_user object. | ||
1042 | */ | ||
1043 | static int hidp_session_probe(struct l2cap_conn *conn, | ||
1044 | struct l2cap_user *user) | ||
1045 | { | ||
1046 | struct hidp_session *session = container_of(user, | ||
1047 | struct hidp_session, | ||
1048 | user); | ||
1049 | struct hidp_session *s; | ||
1050 | int ret; | ||
1051 | |||
1052 | down_write(&hidp_session_sem); | ||
1082 | 1053 | ||
1083 | session->leds = 0xff; | 1054 | /* check that no other session for this device exists */ |
1084 | hidp_input_event(session->input, EV_LED, 0, 0); | 1055 | s = __hidp_session_find(&session->bdaddr); |
1056 | if (s) { | ||
1057 | ret = -EEXIST; | ||
1058 | goto out_unlock; | ||
1085 | } | 1059 | } |
1086 | 1060 | ||
1061 | ret = hidp_session_start_sync(session); | ||
1062 | if (ret) | ||
1063 | goto out_unlock; | ||
1064 | |||
1065 | ret = hidp_session_dev_add(session); | ||
1066 | if (ret) | ||
1067 | goto out_stop; | ||
1068 | |||
1069 | hidp_session_get(session); | ||
1070 | list_add(&session->list, &hidp_session_list); | ||
1071 | ret = 0; | ||
1072 | goto out_unlock; | ||
1073 | |||
1074 | out_stop: | ||
1075 | hidp_session_terminate(session); | ||
1076 | out_unlock: | ||
1087 | up_write(&hidp_session_sem); | 1077 | up_write(&hidp_session_sem); |
1088 | return 0; | 1078 | return ret; |
1079 | } | ||
1080 | |||
1081 | /* | ||
1082 | * Remove HIDP session | ||
1083 | * Called from the l2cap_conn core when either we explicitly unregistered | ||
1084 | * the l2cap_user object or if the underlying connection is shut down. | ||
1085 | * We signal the hidp-session thread to shut down, unregister the HID/input | ||
1086 | * devices and unlink the session from the global list. | ||
1087 | * This drops the reference to the session that is owned by the global | ||
1088 | * session-list. | ||
1089 | * Note: We _must_ not synchronosly wait for the session-thread to shut down. | ||
1090 | * This is, because the session-thread might be waiting for an HCI lock that is | ||
1091 | * held while we are called. Therefore, we only unregister the devices and | ||
1092 | * notify the session-thread to terminate. The thread itself owns a reference | ||
1093 | * to the session object so it can safely shut down. | ||
1094 | */ | ||
1095 | static void hidp_session_remove(struct l2cap_conn *conn, | ||
1096 | struct l2cap_user *user) | ||
1097 | { | ||
1098 | struct hidp_session *session = container_of(user, | ||
1099 | struct hidp_session, | ||
1100 | user); | ||
1101 | |||
1102 | down_write(&hidp_session_sem); | ||
1103 | |||
1104 | hidp_session_terminate(session); | ||
1105 | hidp_session_dev_del(session); | ||
1106 | list_del(&session->list); | ||
1107 | |||
1108 | up_write(&hidp_session_sem); | ||
1109 | |||
1110 | hidp_session_put(session); | ||
1111 | } | ||
1112 | |||
1113 | /* | ||
1114 | * Session Worker | ||
1115 | * This performs the actual main-loop of the HIDP worker. We first check | ||
1116 | * whether the underlying connection is still alive, then parse all pending | ||
1117 | * messages and finally send all outstanding messages. | ||
1118 | */ | ||
1119 | static void hidp_session_run(struct hidp_session *session) | ||
1120 | { | ||
1121 | struct sock *ctrl_sk = session->ctrl_sock->sk; | ||
1122 | struct sock *intr_sk = session->intr_sock->sk; | ||
1123 | struct sk_buff *skb; | ||
1124 | |||
1125 | for (;;) { | ||
1126 | /* | ||
1127 | * This thread can be woken up two ways: | ||
1128 | * - You call hidp_session_terminate() which sets the | ||
1129 | * session->terminate flag and wakes this thread up. | ||
1130 | * - Via modifying the socket state of ctrl/intr_sock. This | ||
1131 | * thread is woken up by ->sk_state_changed(). | ||
1132 | * | ||
1133 | * Note: set_current_state() performs any necessary | ||
1134 | * memory-barriers for us. | ||
1135 | */ | ||
1136 | set_current_state(TASK_INTERRUPTIBLE); | ||
1137 | |||
1138 | if (atomic_read(&session->terminate)) | ||
1139 | break; | ||
1140 | |||
1141 | if (ctrl_sk->sk_state != BT_CONNECTED || | ||
1142 | intr_sk->sk_state != BT_CONNECTED) | ||
1143 | break; | ||
1144 | |||
1145 | /* parse incoming intr-skbs */ | ||
1146 | while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { | ||
1147 | skb_orphan(skb); | ||
1148 | if (!skb_linearize(skb)) | ||
1149 | hidp_recv_intr_frame(session, skb); | ||
1150 | else | ||
1151 | kfree_skb(skb); | ||
1152 | } | ||
1153 | |||
1154 | /* send pending intr-skbs */ | ||
1155 | hidp_process_transmit(session, &session->intr_transmit, | ||
1156 | session->intr_sock); | ||
1089 | 1157 | ||
1090 | unlink: | 1158 | /* parse incoming ctrl-skbs */ |
1159 | while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { | ||
1160 | skb_orphan(skb); | ||
1161 | if (!skb_linearize(skb)) | ||
1162 | hidp_recv_ctrl_frame(session, skb); | ||
1163 | else | ||
1164 | kfree_skb(skb); | ||
1165 | } | ||
1166 | |||
1167 | /* send pending ctrl-skbs */ | ||
1168 | hidp_process_transmit(session, &session->ctrl_transmit, | ||
1169 | session->ctrl_sock); | ||
1170 | |||
1171 | schedule(); | ||
1172 | } | ||
1173 | |||
1174 | atomic_inc(&session->terminate); | ||
1175 | set_current_state(TASK_RUNNING); | ||
1176 | } | ||
1177 | |||
1178 | /* | ||
1179 | * HIDP session thread | ||
1180 | * This thread runs the I/O for a single HIDP session. Startup is synchronous | ||
1181 | * which allows us to take references to ourself here instead of doing that in | ||
1182 | * the caller. | ||
1183 | * When we are ready to run we notify the caller and call hidp_session_run(). | ||
1184 | */ | ||
1185 | static int hidp_session_thread(void *arg) | ||
1186 | { | ||
1187 | struct hidp_session *session = arg; | ||
1188 | wait_queue_t ctrl_wait, intr_wait; | ||
1189 | |||
1190 | BT_DBG("session %p", session); | ||
1191 | |||
1192 | /* initialize runtime environment */ | ||
1193 | hidp_session_get(session); | ||
1194 | __module_get(THIS_MODULE); | ||
1195 | set_user_nice(current, -15); | ||
1196 | hidp_set_timer(session); | ||
1197 | |||
1198 | init_waitqueue_entry(&ctrl_wait, current); | ||
1199 | init_waitqueue_entry(&intr_wait, current); | ||
1200 | add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait); | ||
1201 | add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); | ||
1202 | /* This memory barrier is paired with wq_has_sleeper(). See | ||
1203 | * sock_poll_wait() for more information why this is needed. */ | ||
1204 | smp_mb(); | ||
1205 | |||
1206 | /* notify synchronous startup that we're ready */ | ||
1207 | atomic_inc(&session->state); | ||
1208 | wake_up(&session->state_queue); | ||
1209 | |||
1210 | /* run session */ | ||
1211 | hidp_session_run(session); | ||
1212 | |||
1213 | /* cleanup runtime environment */ | ||
1214 | remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); | ||
1215 | remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait); | ||
1216 | wake_up_interruptible(&session->report_queue); | ||
1091 | hidp_del_timer(session); | 1217 | hidp_del_timer(session); |
1092 | 1218 | ||
1093 | if (session->input) { | 1219 | /* |
1094 | input_unregister_device(session->input); | 1220 | * If we stopped ourself due to any internal signal, we should try to |
1095 | session->input = NULL; | 1221 | * unregister our own session here to avoid having it linger until the |
1222 | * parent l2cap_conn dies or user-space cleans it up. | ||
1223 | * This does not deadlock as we don't do any synchronous shutdown. | ||
1224 | * Instead, this call has the same semantics as if user-space tried to | ||
1225 | * delete the session. | ||
1226 | */ | ||
1227 | l2cap_unregister_user(session->conn, &session->user); | ||
1228 | hidp_session_put(session); | ||
1229 | |||
1230 | module_put_and_exit(0); | ||
1231 | return 0; | ||
1232 | } | ||
1233 | |||
1234 | static int hidp_verify_sockets(struct socket *ctrl_sock, | ||
1235 | struct socket *intr_sock) | ||
1236 | { | ||
1237 | struct bt_sock *ctrl, *intr; | ||
1238 | struct hidp_session *session; | ||
1239 | |||
1240 | if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) | ||
1241 | return -EINVAL; | ||
1242 | |||
1243 | ctrl = bt_sk(ctrl_sock->sk); | ||
1244 | intr = bt_sk(intr_sock->sk); | ||
1245 | |||
1246 | if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst)) | ||
1247 | return -ENOTUNIQ; | ||
1248 | if (ctrl->sk.sk_state != BT_CONNECTED || | ||
1249 | intr->sk.sk_state != BT_CONNECTED) | ||
1250 | return -EBADFD; | ||
1251 | |||
1252 | /* early session check, we check again during session registration */ | ||
1253 | session = hidp_session_find(&ctrl->dst); | ||
1254 | if (session) { | ||
1255 | hidp_session_put(session); | ||
1256 | return -EEXIST; | ||
1096 | } | 1257 | } |
1097 | 1258 | ||
1098 | if (session->hid) { | 1259 | return 0; |
1099 | hid_destroy_device(session->hid); | 1260 | } |
1100 | session->hid = NULL; | 1261 | |
1262 | int hidp_connection_add(struct hidp_connadd_req *req, | ||
1263 | struct socket *ctrl_sock, | ||
1264 | struct socket *intr_sock) | ||
1265 | { | ||
1266 | struct hidp_session *session; | ||
1267 | struct l2cap_conn *conn; | ||
1268 | struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan; | ||
1269 | int ret; | ||
1270 | |||
1271 | ret = hidp_verify_sockets(ctrl_sock, intr_sock); | ||
1272 | if (ret) | ||
1273 | return ret; | ||
1274 | |||
1275 | conn = NULL; | ||
1276 | l2cap_chan_lock(chan); | ||
1277 | if (chan->conn) { | ||
1278 | l2cap_conn_get(chan->conn); | ||
1279 | conn = chan->conn; | ||
1101 | } | 1280 | } |
1281 | l2cap_chan_unlock(chan); | ||
1102 | 1282 | ||
1103 | kfree(session->rd_data); | 1283 | if (!conn) |
1104 | session->rd_data = NULL; | 1284 | return -EBADFD; |
1105 | 1285 | ||
1106 | purge: | 1286 | ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock, |
1107 | __hidp_unlink_session(session); | 1287 | intr_sock, req, conn); |
1288 | if (ret) | ||
1289 | goto out_conn; | ||
1108 | 1290 | ||
1109 | skb_queue_purge(&session->ctrl_transmit); | 1291 | ret = l2cap_register_user(conn, &session->user); |
1110 | skb_queue_purge(&session->intr_transmit); | 1292 | if (ret) |
1293 | goto out_session; | ||
1111 | 1294 | ||
1112 | failed: | 1295 | ret = 0; |
1113 | up_write(&hidp_session_sem); | ||
1114 | 1296 | ||
1115 | kfree(session); | 1297 | out_session: |
1116 | return err; | 1298 | hidp_session_put(session); |
1299 | out_conn: | ||
1300 | l2cap_conn_put(conn); | ||
1301 | return ret; | ||
1117 | } | 1302 | } |
1118 | 1303 | ||
1119 | int hidp_del_connection(struct hidp_conndel_req *req) | 1304 | int hidp_connection_del(struct hidp_conndel_req *req) |
1120 | { | 1305 | { |
1121 | struct hidp_session *session; | 1306 | struct hidp_session *session; |
1122 | int err = 0; | ||
1123 | 1307 | ||
1124 | BT_DBG(""); | 1308 | session = hidp_session_find(&req->bdaddr); |
1309 | if (!session) | ||
1310 | return -ENOENT; | ||
1125 | 1311 | ||
1126 | down_read(&hidp_session_sem); | 1312 | if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) |
1313 | hidp_send_ctrl_message(session, | ||
1314 | HIDP_TRANS_HID_CONTROL | | ||
1315 | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, | ||
1316 | NULL, 0); | ||
1317 | else | ||
1318 | l2cap_unregister_user(session->conn, &session->user); | ||
1127 | 1319 | ||
1128 | session = __hidp_get_session(&req->bdaddr); | 1320 | hidp_session_put(session); |
1129 | if (session) { | ||
1130 | if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { | ||
1131 | hidp_send_ctrl_message(session, | ||
1132 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); | ||
1133 | } else { | ||
1134 | /* Flush the transmit queues */ | ||
1135 | skb_queue_purge(&session->ctrl_transmit); | ||
1136 | skb_queue_purge(&session->intr_transmit); | ||
1137 | |||
1138 | atomic_inc(&session->terminate); | ||
1139 | wake_up_process(session->task); | ||
1140 | } | ||
1141 | } else | ||
1142 | err = -ENOENT; | ||
1143 | 1321 | ||
1144 | up_read(&hidp_session_sem); | 1322 | return 0; |
1145 | return err; | ||
1146 | } | 1323 | } |
1147 | 1324 | ||
1148 | int hidp_get_connlist(struct hidp_connlist_req *req) | 1325 | int hidp_get_connlist(struct hidp_connlist_req *req) |
@@ -1157,7 +1334,7 @@ int hidp_get_connlist(struct hidp_connlist_req *req) | |||
1157 | list_for_each_entry(session, &hidp_session_list, list) { | 1334 | list_for_each_entry(session, &hidp_session_list, list) { |
1158 | struct hidp_conninfo ci; | 1335 | struct hidp_conninfo ci; |
1159 | 1336 | ||
1160 | __hidp_copy_session(session, &ci); | 1337 | hidp_copy_session(session, &ci); |
1161 | 1338 | ||
1162 | if (copy_to_user(req->ci, &ci, sizeof(ci))) { | 1339 | if (copy_to_user(req->ci, &ci, sizeof(ci))) { |
1163 | err = -EFAULT; | 1340 | err = -EFAULT; |
@@ -1178,18 +1355,14 @@ int hidp_get_connlist(struct hidp_connlist_req *req) | |||
1178 | int hidp_get_conninfo(struct hidp_conninfo *ci) | 1355 | int hidp_get_conninfo(struct hidp_conninfo *ci) |
1179 | { | 1356 | { |
1180 | struct hidp_session *session; | 1357 | struct hidp_session *session; |
1181 | int err = 0; | ||
1182 | |||
1183 | down_read(&hidp_session_sem); | ||
1184 | 1358 | ||
1185 | session = __hidp_get_session(&ci->bdaddr); | 1359 | session = hidp_session_find(&ci->bdaddr); |
1186 | if (session) | 1360 | if (session) { |
1187 | __hidp_copy_session(session, ci); | 1361 | hidp_copy_session(session, ci); |
1188 | else | 1362 | hidp_session_put(session); |
1189 | err = -ENOENT; | 1363 | } |
1190 | 1364 | ||
1191 | up_read(&hidp_session_sem); | 1365 | return session ? 0 : -ENOENT; |
1192 | return err; | ||
1193 | } | 1366 | } |
1194 | 1367 | ||
1195 | static int __init hidp_init(void) | 1368 | static int __init hidp_init(void) |
@@ -1208,6 +1381,7 @@ module_init(hidp_init); | |||
1208 | module_exit(hidp_exit); | 1381 | module_exit(hidp_exit); |
1209 | 1382 | ||
1210 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); | 1383 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
1384 | MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>"); | ||
1211 | MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); | 1385 | MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); |
1212 | MODULE_VERSION(VERSION); | 1386 | MODULE_VERSION(VERSION); |
1213 | MODULE_LICENSE("GPL"); | 1387 | MODULE_LICENSE("GPL"); |
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h index af1bcc823f26..6162ce8606ac 100644 --- a/net/bluetooth/hidp/hidp.h +++ b/net/bluetooth/hidp/hidp.h | |||
@@ -24,7 +24,9 @@ | |||
24 | #define __HIDP_H | 24 | #define __HIDP_H |
25 | 25 | ||
26 | #include <linux/types.h> | 26 | #include <linux/types.h> |
27 | #include <linux/kref.h> | ||
27 | #include <net/bluetooth/bluetooth.h> | 28 | #include <net/bluetooth/bluetooth.h> |
29 | #include <net/bluetooth/l2cap.h> | ||
28 | 30 | ||
29 | /* HIDP header masks */ | 31 | /* HIDP header masks */ |
30 | #define HIDP_HEADER_TRANS_MASK 0xf0 | 32 | #define HIDP_HEADER_TRANS_MASK 0xf0 |
@@ -119,43 +121,52 @@ struct hidp_connlist_req { | |||
119 | struct hidp_conninfo __user *ci; | 121 | struct hidp_conninfo __user *ci; |
120 | }; | 122 | }; |
121 | 123 | ||
122 | int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock); | 124 | int hidp_connection_add(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock); |
123 | int hidp_del_connection(struct hidp_conndel_req *req); | 125 | int hidp_connection_del(struct hidp_conndel_req *req); |
124 | int hidp_get_connlist(struct hidp_connlist_req *req); | 126 | int hidp_get_connlist(struct hidp_connlist_req *req); |
125 | int hidp_get_conninfo(struct hidp_conninfo *ci); | 127 | int hidp_get_conninfo(struct hidp_conninfo *ci); |
126 | 128 | ||
129 | enum hidp_session_state { | ||
130 | HIDP_SESSION_IDLING, | ||
131 | HIDP_SESSION_RUNNING, | ||
132 | }; | ||
133 | |||
127 | /* HIDP session defines */ | 134 | /* HIDP session defines */ |
128 | struct hidp_session { | 135 | struct hidp_session { |
129 | struct list_head list; | 136 | struct list_head list; |
137 | struct kref ref; | ||
130 | 138 | ||
131 | struct hci_conn *conn; | 139 | /* runtime management */ |
140 | atomic_t state; | ||
141 | wait_queue_head_t state_queue; | ||
142 | atomic_t terminate; | ||
143 | struct task_struct *task; | ||
144 | unsigned long flags; | ||
132 | 145 | ||
146 | /* connection management */ | ||
147 | bdaddr_t bdaddr; | ||
148 | struct l2cap_conn *conn; | ||
149 | struct l2cap_user user; | ||
133 | struct socket *ctrl_sock; | 150 | struct socket *ctrl_sock; |
134 | struct socket *intr_sock; | 151 | struct socket *intr_sock; |
135 | 152 | struct sk_buff_head ctrl_transmit; | |
136 | bdaddr_t bdaddr; | 153 | struct sk_buff_head intr_transmit; |
137 | |||
138 | unsigned long state; | ||
139 | unsigned long flags; | ||
140 | unsigned long idle_to; | ||
141 | |||
142 | uint ctrl_mtu; | 154 | uint ctrl_mtu; |
143 | uint intr_mtu; | 155 | uint intr_mtu; |
156 | unsigned long idle_to; | ||
144 | 157 | ||
145 | atomic_t terminate; | 158 | /* device management */ |
146 | struct task_struct *task; | ||
147 | |||
148 | unsigned char keys[8]; | ||
149 | unsigned char leds; | ||
150 | |||
151 | struct input_dev *input; | 159 | struct input_dev *input; |
152 | |||
153 | struct hid_device *hid; | 160 | struct hid_device *hid; |
154 | |||
155 | struct timer_list timer; | 161 | struct timer_list timer; |
156 | 162 | ||
157 | struct sk_buff_head ctrl_transmit; | 163 | /* Report descriptor */ |
158 | struct sk_buff_head intr_transmit; | 164 | __u8 *rd_data; |
165 | uint rd_size; | ||
166 | |||
167 | /* session data */ | ||
168 | unsigned char keys[8]; | ||
169 | unsigned char leds; | ||
159 | 170 | ||
160 | /* Used in hidp_get_raw_report() */ | 171 | /* Used in hidp_get_raw_report() */ |
161 | int waiting_report_type; /* HIDP_DATA_RTYPE_* */ | 172 | int waiting_report_type; /* HIDP_DATA_RTYPE_* */ |
@@ -166,24 +177,8 @@ struct hidp_session { | |||
166 | 177 | ||
167 | /* Used in hidp_output_raw_report() */ | 178 | /* Used in hidp_output_raw_report() */ |
168 | int output_report_success; /* boolean */ | 179 | int output_report_success; /* boolean */ |
169 | |||
170 | /* Report descriptor */ | ||
171 | __u8 *rd_data; | ||
172 | uint rd_size; | ||
173 | |||
174 | wait_queue_head_t startup_queue; | ||
175 | int waiting_for_startup; | ||
176 | }; | 180 | }; |
177 | 181 | ||
178 | static inline void hidp_schedule(struct hidp_session *session) | ||
179 | { | ||
180 | struct sock *ctrl_sk = session->ctrl_sock->sk; | ||
181 | struct sock *intr_sk = session->intr_sock->sk; | ||
182 | |||
183 | wake_up_interruptible(sk_sleep(ctrl_sk)); | ||
184 | wake_up_interruptible(sk_sleep(intr_sk)); | ||
185 | } | ||
186 | |||
187 | /* HIDP init defines */ | 182 | /* HIDP init defines */ |
188 | extern int __init hidp_init_sockets(void); | 183 | extern int __init hidp_init_sockets(void); |
189 | extern void __exit hidp_cleanup_sockets(void); | 184 | extern void __exit hidp_cleanup_sockets(void); |
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c index 5d0f1ca0a314..2f4cbb0865ca 100644 --- a/net/bluetooth/hidp/sock.c +++ b/net/bluetooth/hidp/sock.c | |||
@@ -77,21 +77,12 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long | |||
77 | return err; | 77 | return err; |
78 | } | 78 | } |
79 | 79 | ||
80 | if (csock->sk->sk_state != BT_CONNECTED || | 80 | err = hidp_connection_add(&ca, csock, isock); |
81 | isock->sk->sk_state != BT_CONNECTED) { | 81 | if (!err && copy_to_user(argp, &ca, sizeof(ca))) |
82 | sockfd_put(csock); | 82 | err = -EFAULT; |
83 | sockfd_put(isock); | ||
84 | return -EBADFD; | ||
85 | } | ||
86 | 83 | ||
87 | err = hidp_add_connection(&ca, csock, isock); | 84 | sockfd_put(csock); |
88 | if (!err) { | 85 | sockfd_put(isock); |
89 | if (copy_to_user(argp, &ca, sizeof(ca))) | ||
90 | err = -EFAULT; | ||
91 | } else { | ||
92 | sockfd_put(csock); | ||
93 | sockfd_put(isock); | ||
94 | } | ||
95 | 86 | ||
96 | return err; | 87 | return err; |
97 | 88 | ||
@@ -102,7 +93,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long | |||
102 | if (copy_from_user(&cd, argp, sizeof(cd))) | 93 | if (copy_from_user(&cd, argp, sizeof(cd))) |
103 | return -EFAULT; | 94 | return -EFAULT; |
104 | 95 | ||
105 | return hidp_del_connection(&cd); | 96 | return hidp_connection_del(&cd); |
106 | 97 | ||
107 | case HIDPGETCONNLIST: | 98 | case HIDPGETCONNLIST: |
108 | if (copy_from_user(&cl, argp, sizeof(cl))) | 99 | if (copy_from_user(&cl, argp, sizeof(cl))) |
@@ -296,7 +287,6 @@ int __init hidp_init_sockets(void) | |||
296 | return 0; | 287 | return 0; |
297 | 288 | ||
298 | error: | 289 | error: |
299 | BT_ERR("Can't register HIDP socket"); | ||
300 | proto_unregister(&hidp_proto); | 290 | proto_unregister(&hidp_proto); |
301 | return err; | 291 | return err; |
302 | } | 292 | } |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 7c7e9321f1ea..eae1d9f90b68 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
@@ -571,7 +571,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
571 | chan->conn = NULL; | 571 | chan->conn = NULL; |
572 | 572 | ||
573 | if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) | 573 | if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) |
574 | hci_conn_put(conn->hcon); | 574 | hci_conn_drop(conn->hcon); |
575 | 575 | ||
576 | if (mgr && mgr->bredr_chan == chan) | 576 | if (mgr && mgr->bredr_chan == chan) |
577 | mgr->bredr_chan = NULL; | 577 | mgr->bredr_chan = NULL; |
@@ -1446,6 +1446,89 @@ static void l2cap_info_timeout(struct work_struct *work) | |||
1446 | l2cap_conn_start(conn); | 1446 | l2cap_conn_start(conn); |
1447 | } | 1447 | } |
1448 | 1448 | ||
1449 | /* | ||
1450 | * l2cap_user | ||
1451 | * External modules can register l2cap_user objects on l2cap_conn. The ->probe | ||
1452 | * callback is called during registration. The ->remove callback is called | ||
1453 | * during unregistration. | ||
1454 | * An l2cap_user object can either be explicitly unregistered or when the | ||
1455 | * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon, | ||
1456 | * l2cap->hchan, .. are valid as long as the remove callback hasn't been called. | ||
1457 | * External modules must own a reference to the l2cap_conn object if they intend | ||
1458 | * to call l2cap_unregister_user(). The l2cap_conn object might get destroyed at | ||
1459 | * any time if they don't. | ||
1460 | */ | ||
1461 | |||
1462 | int l2cap_register_user(struct l2cap_conn *conn, struct l2cap_user *user) | ||
1463 | { | ||
1464 | struct hci_dev *hdev = conn->hcon->hdev; | ||
1465 | int ret; | ||
1466 | |||
1467 | /* We need to check whether l2cap_conn is registered. If it is not, we | ||
1468 | * must not register the l2cap_user. l2cap_conn_del() is unregisters | ||
1469 | * l2cap_conn objects, but doesn't provide its own locking. Instead, it | ||
1470 | * relies on the parent hci_conn object to be locked. This itself relies | ||
1471 | * on the hci_dev object to be locked. So we must lock the hci device | ||
1472 | * here, too. */ | ||
1473 | |||
1474 | hci_dev_lock(hdev); | ||
1475 | |||
1476 | if (user->list.next || user->list.prev) { | ||
1477 | ret = -EINVAL; | ||
1478 | goto out_unlock; | ||
1479 | } | ||
1480 | |||
1481 | /* conn->hchan is NULL after l2cap_conn_del() was called */ | ||
1482 | if (!conn->hchan) { | ||
1483 | ret = -ENODEV; | ||
1484 | goto out_unlock; | ||
1485 | } | ||
1486 | |||
1487 | ret = user->probe(conn, user); | ||
1488 | if (ret) | ||
1489 | goto out_unlock; | ||
1490 | |||
1491 | list_add(&user->list, &conn->users); | ||
1492 | ret = 0; | ||
1493 | |||
1494 | out_unlock: | ||
1495 | hci_dev_unlock(hdev); | ||
1496 | return ret; | ||
1497 | } | ||
1498 | EXPORT_SYMBOL(l2cap_register_user); | ||
1499 | |||
1500 | void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user) | ||
1501 | { | ||
1502 | struct hci_dev *hdev = conn->hcon->hdev; | ||
1503 | |||
1504 | hci_dev_lock(hdev); | ||
1505 | |||
1506 | if (!user->list.next || !user->list.prev) | ||
1507 | goto out_unlock; | ||
1508 | |||
1509 | list_del(&user->list); | ||
1510 | user->list.next = NULL; | ||
1511 | user->list.prev = NULL; | ||
1512 | user->remove(conn, user); | ||
1513 | |||
1514 | out_unlock: | ||
1515 | hci_dev_unlock(hdev); | ||
1516 | } | ||
1517 | EXPORT_SYMBOL(l2cap_unregister_user); | ||
1518 | |||
1519 | static void l2cap_unregister_all_users(struct l2cap_conn *conn) | ||
1520 | { | ||
1521 | struct l2cap_user *user; | ||
1522 | |||
1523 | while (!list_empty(&conn->users)) { | ||
1524 | user = list_first_entry(&conn->users, struct l2cap_user, list); | ||
1525 | list_del(&user->list); | ||
1526 | user->list.next = NULL; | ||
1527 | user->list.prev = NULL; | ||
1528 | user->remove(conn, user); | ||
1529 | } | ||
1530 | } | ||
1531 | |||
1449 | static void l2cap_conn_del(struct hci_conn *hcon, int err) | 1532 | static void l2cap_conn_del(struct hci_conn *hcon, int err) |
1450 | { | 1533 | { |
1451 | struct l2cap_conn *conn = hcon->l2cap_data; | 1534 | struct l2cap_conn *conn = hcon->l2cap_data; |
@@ -1458,6 +1541,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) | |||
1458 | 1541 | ||
1459 | kfree_skb(conn->rx_skb); | 1542 | kfree_skb(conn->rx_skb); |
1460 | 1543 | ||
1544 | l2cap_unregister_all_users(conn); | ||
1545 | |||
1461 | mutex_lock(&conn->chan_lock); | 1546 | mutex_lock(&conn->chan_lock); |
1462 | 1547 | ||
1463 | /* Kill channels */ | 1548 | /* Kill channels */ |
@@ -1486,7 +1571,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) | |||
1486 | } | 1571 | } |
1487 | 1572 | ||
1488 | hcon->l2cap_data = NULL; | 1573 | hcon->l2cap_data = NULL; |
1489 | kfree(conn); | 1574 | conn->hchan = NULL; |
1575 | l2cap_conn_put(conn); | ||
1490 | } | 1576 | } |
1491 | 1577 | ||
1492 | static void security_timeout(struct work_struct *work) | 1578 | static void security_timeout(struct work_struct *work) |
@@ -1502,12 +1588,12 @@ static void security_timeout(struct work_struct *work) | |||
1502 | } | 1588 | } |
1503 | } | 1589 | } |
1504 | 1590 | ||
1505 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | 1591 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) |
1506 | { | 1592 | { |
1507 | struct l2cap_conn *conn = hcon->l2cap_data; | 1593 | struct l2cap_conn *conn = hcon->l2cap_data; |
1508 | struct hci_chan *hchan; | 1594 | struct hci_chan *hchan; |
1509 | 1595 | ||
1510 | if (conn || status) | 1596 | if (conn) |
1511 | return conn; | 1597 | return conn; |
1512 | 1598 | ||
1513 | hchan = hci_chan_create(hcon); | 1599 | hchan = hci_chan_create(hcon); |
@@ -1520,8 +1606,10 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
1520 | return NULL; | 1606 | return NULL; |
1521 | } | 1607 | } |
1522 | 1608 | ||
1609 | kref_init(&conn->ref); | ||
1523 | hcon->l2cap_data = conn; | 1610 | hcon->l2cap_data = conn; |
1524 | conn->hcon = hcon; | 1611 | conn->hcon = hcon; |
1612 | hci_conn_get(conn->hcon); | ||
1525 | conn->hchan = hchan; | 1613 | conn->hchan = hchan; |
1526 | 1614 | ||
1527 | BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); | 1615 | BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); |
@@ -1547,6 +1635,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
1547 | mutex_init(&conn->chan_lock); | 1635 | mutex_init(&conn->chan_lock); |
1548 | 1636 | ||
1549 | INIT_LIST_HEAD(&conn->chan_l); | 1637 | INIT_LIST_HEAD(&conn->chan_l); |
1638 | INIT_LIST_HEAD(&conn->users); | ||
1550 | 1639 | ||
1551 | if (hcon->type == LE_LINK) | 1640 | if (hcon->type == LE_LINK) |
1552 | INIT_DELAYED_WORK(&conn->security_timer, security_timeout); | 1641 | INIT_DELAYED_WORK(&conn->security_timer, security_timeout); |
@@ -1558,6 +1647,26 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
1558 | return conn; | 1647 | return conn; |
1559 | } | 1648 | } |
1560 | 1649 | ||
1650 | static void l2cap_conn_free(struct kref *ref) | ||
1651 | { | ||
1652 | struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref); | ||
1653 | |||
1654 | hci_conn_put(conn->hcon); | ||
1655 | kfree(conn); | ||
1656 | } | ||
1657 | |||
1658 | void l2cap_conn_get(struct l2cap_conn *conn) | ||
1659 | { | ||
1660 | kref_get(&conn->ref); | ||
1661 | } | ||
1662 | EXPORT_SYMBOL(l2cap_conn_get); | ||
1663 | |||
1664 | void l2cap_conn_put(struct l2cap_conn *conn) | ||
1665 | { | ||
1666 | kref_put(&conn->ref, l2cap_conn_free); | ||
1667 | } | ||
1668 | EXPORT_SYMBOL(l2cap_conn_put); | ||
1669 | |||
1561 | /* ---- Socket interface ---- */ | 1670 | /* ---- Socket interface ---- */ |
1562 | 1671 | ||
1563 | /* Find socket with psm and source / destination bdaddr. | 1672 | /* Find socket with psm and source / destination bdaddr. |
@@ -1695,9 +1804,9 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | |||
1695 | goto done; | 1804 | goto done; |
1696 | } | 1805 | } |
1697 | 1806 | ||
1698 | conn = l2cap_conn_add(hcon, 0); | 1807 | conn = l2cap_conn_add(hcon); |
1699 | if (!conn) { | 1808 | if (!conn) { |
1700 | hci_conn_put(hcon); | 1809 | hci_conn_drop(hcon); |
1701 | err = -ENOMEM; | 1810 | err = -ENOMEM; |
1702 | goto done; | 1811 | goto done; |
1703 | } | 1812 | } |
@@ -1707,7 +1816,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | |||
1707 | 1816 | ||
1708 | if (!list_empty(&conn->chan_l)) { | 1817 | if (!list_empty(&conn->chan_l)) { |
1709 | err = -EBUSY; | 1818 | err = -EBUSY; |
1710 | hci_conn_put(hcon); | 1819 | hci_conn_drop(hcon); |
1711 | } | 1820 | } |
1712 | 1821 | ||
1713 | if (err) | 1822 | if (err) |
@@ -6313,7 +6422,7 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status) | |||
6313 | BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); | 6422 | BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); |
6314 | 6423 | ||
6315 | if (!status) { | 6424 | if (!status) { |
6316 | conn = l2cap_conn_add(hcon, status); | 6425 | conn = l2cap_conn_add(hcon); |
6317 | if (conn) | 6426 | if (conn) |
6318 | l2cap_conn_ready(conn); | 6427 | l2cap_conn_ready(conn); |
6319 | } else { | 6428 | } else { |
@@ -6482,7 +6591,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) | |||
6482 | goto drop; | 6591 | goto drop; |
6483 | 6592 | ||
6484 | if (!conn) | 6593 | if (!conn) |
6485 | conn = l2cap_conn_add(hcon, 0); | 6594 | conn = l2cap_conn_add(hcon); |
6486 | 6595 | ||
6487 | if (!conn) | 6596 | if (!conn) |
6488 | goto drop; | 6597 | goto drop; |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 7f9704993b74..141e7b058b7e 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
@@ -43,6 +43,12 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent); | |||
43 | static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, | 43 | static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, |
44 | int proto, gfp_t prio); | 44 | int proto, gfp_t prio); |
45 | 45 | ||
46 | bool l2cap_is_socket(struct socket *sock) | ||
47 | { | ||
48 | return sock && sock->ops == &l2cap_sock_ops; | ||
49 | } | ||
50 | EXPORT_SYMBOL(l2cap_is_socket); | ||
51 | |||
46 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | 52 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) |
47 | { | 53 | { |
48 | struct sock *sk = sock->sk; | 54 | struct sock *sk = sock->sk; |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 03e7e732215f..4c830c62ef74 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -106,11 +106,10 @@ static const u16 mgmt_events[] = { | |||
106 | * These LE scan and inquiry parameters were chosen according to LE General | 106 | * These LE scan and inquiry parameters were chosen according to LE General |
107 | * Discovery Procedure specification. | 107 | * Discovery Procedure specification. |
108 | */ | 108 | */ |
109 | #define LE_SCAN_TYPE 0x01 | ||
110 | #define LE_SCAN_WIN 0x12 | 109 | #define LE_SCAN_WIN 0x12 |
111 | #define LE_SCAN_INT 0x12 | 110 | #define LE_SCAN_INT 0x12 |
112 | #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ | 111 | #define LE_SCAN_TIMEOUT_LE_ONLY msecs_to_jiffies(10240) |
113 | #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ | 112 | #define LE_SCAN_TIMEOUT_BREDR_LE msecs_to_jiffies(5120) |
114 | 113 | ||
115 | #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ | 114 | #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ |
116 | #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ | 115 | #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ |
@@ -2131,7 +2130,7 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status) | |||
2131 | conn->security_cfm_cb = NULL; | 2130 | conn->security_cfm_cb = NULL; |
2132 | conn->disconn_cfm_cb = NULL; | 2131 | conn->disconn_cfm_cb = NULL; |
2133 | 2132 | ||
2134 | hci_conn_put(conn); | 2133 | hci_conn_drop(conn); |
2135 | 2134 | ||
2136 | mgmt_pending_remove(cmd); | 2135 | mgmt_pending_remove(cmd); |
2137 | } | 2136 | } |
@@ -2222,7 +2221,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2222 | } | 2221 | } |
2223 | 2222 | ||
2224 | if (conn->connect_cfm_cb) { | 2223 | if (conn->connect_cfm_cb) { |
2225 | hci_conn_put(conn); | 2224 | hci_conn_drop(conn); |
2226 | err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, | 2225 | err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, |
2227 | MGMT_STATUS_BUSY, &rp, sizeof(rp)); | 2226 | MGMT_STATUS_BUSY, &rp, sizeof(rp)); |
2228 | goto unlock; | 2227 | goto unlock; |
@@ -2231,7 +2230,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2231 | cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); | 2230 | cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); |
2232 | if (!cmd) { | 2231 | if (!cmd) { |
2233 | err = -ENOMEM; | 2232 | err = -ENOMEM; |
2234 | hci_conn_put(conn); | 2233 | hci_conn_drop(conn); |
2235 | goto unlock; | 2234 | goto unlock; |
2236 | } | 2235 | } |
2237 | 2236 | ||
@@ -2703,7 +2702,7 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, | |||
2703 | goto failed; | 2702 | goto failed; |
2704 | } | 2703 | } |
2705 | 2704 | ||
2706 | err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, | 2705 | err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT, |
2707 | LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); | 2706 | LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); |
2708 | break; | 2707 | break; |
2709 | 2708 | ||
@@ -2715,8 +2714,8 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, | |||
2715 | goto failed; | 2714 | goto failed; |
2716 | } | 2715 | } |
2717 | 2716 | ||
2718 | err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN, | 2717 | err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT, |
2719 | LE_SCAN_TIMEOUT_BREDR_LE); | 2718 | LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE); |
2720 | break; | 2719 | break; |
2721 | 2720 | ||
2722 | default: | 2721 | default: |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index d919d1161ab4..9e62102443dc 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -83,7 +83,7 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) | |||
83 | if (conn) | 83 | if (conn) |
84 | return conn; | 84 | return conn; |
85 | 85 | ||
86 | conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); | 86 | conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); |
87 | if (!conn) | 87 | if (!conn) |
88 | return NULL; | 88 | return NULL; |
89 | 89 | ||
@@ -185,7 +185,7 @@ static int sco_connect(struct sock *sk) | |||
185 | 185 | ||
186 | conn = sco_conn_add(hcon); | 186 | conn = sco_conn_add(hcon); |
187 | if (!conn) { | 187 | if (!conn) { |
188 | hci_conn_put(hcon); | 188 | hci_conn_drop(hcon); |
189 | err = -ENOMEM; | 189 | err = -ENOMEM; |
190 | goto done; | 190 | goto done; |
191 | } | 191 | } |
@@ -353,7 +353,7 @@ static void __sco_sock_close(struct sock *sk) | |||
353 | if (sco_pi(sk)->conn->hcon) { | 353 | if (sco_pi(sk)->conn->hcon) { |
354 | sk->sk_state = BT_DISCONN; | 354 | sk->sk_state = BT_DISCONN; |
355 | sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); | 355 | sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); |
356 | hci_conn_put(sco_pi(sk)->conn->hcon); | 356 | hci_conn_drop(sco_pi(sk)->conn->hcon); |
357 | sco_pi(sk)->conn->hcon = NULL; | 357 | sco_pi(sk)->conn->hcon = NULL; |
358 | } else | 358 | } else |
359 | sco_chan_del(sk, ECONNRESET); | 359 | sco_chan_del(sk, ECONNRESET); |
@@ -481,8 +481,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen | |||
481 | { | 481 | { |
482 | struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; | 482 | struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; |
483 | struct sock *sk = sock->sk; | 483 | struct sock *sk = sock->sk; |
484 | int err = 0; | 484 | int err; |
485 | |||
486 | 485 | ||
487 | BT_DBG("sk %p", sk); | 486 | BT_DBG("sk %p", sk); |
488 | 487 | ||
@@ -653,6 +652,42 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
653 | return err; | 652 | return err; |
654 | } | 653 | } |
655 | 654 | ||
655 | static void sco_conn_defer_accept(struct hci_conn *conn, int mask) | ||
656 | { | ||
657 | struct hci_dev *hdev = conn->hdev; | ||
658 | |||
659 | BT_DBG("conn %p", conn); | ||
660 | |||
661 | conn->state = BT_CONFIG; | ||
662 | |||
663 | if (!lmp_esco_capable(hdev)) { | ||
664 | struct hci_cp_accept_conn_req cp; | ||
665 | |||
666 | bacpy(&cp.bdaddr, &conn->dst); | ||
667 | |||
668 | if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) | ||
669 | cp.role = 0x00; /* Become master */ | ||
670 | else | ||
671 | cp.role = 0x01; /* Remain slave */ | ||
672 | |||
673 | hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); | ||
674 | } else { | ||
675 | struct hci_cp_accept_sync_conn_req cp; | ||
676 | |||
677 | bacpy(&cp.bdaddr, &conn->dst); | ||
678 | cp.pkt_type = cpu_to_le16(conn->pkt_type); | ||
679 | |||
680 | cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
681 | cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
682 | cp.max_latency = __constant_cpu_to_le16(0xffff); | ||
683 | cp.content_format = cpu_to_le16(hdev->voice_setting); | ||
684 | cp.retrans_effort = 0xff; | ||
685 | |||
686 | hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, | ||
687 | sizeof(cp), &cp); | ||
688 | } | ||
689 | } | ||
690 | |||
656 | static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | 691 | static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, |
657 | struct msghdr *msg, size_t len, int flags) | 692 | struct msghdr *msg, size_t len, int flags) |
658 | { | 693 | { |
@@ -663,7 +698,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
663 | 698 | ||
664 | if (sk->sk_state == BT_CONNECT2 && | 699 | if (sk->sk_state == BT_CONNECT2 && |
665 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { | 700 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { |
666 | hci_conn_accept(pi->conn->hcon, 0); | 701 | sco_conn_defer_accept(pi->conn->hcon, 0); |
667 | sk->sk_state = BT_CONFIG; | 702 | sk->sk_state = BT_CONFIG; |
668 | 703 | ||
669 | release_sock(sk); | 704 | release_sock(sk); |
@@ -882,7 +917,7 @@ static void sco_chan_del(struct sock *sk, int err) | |||
882 | sco_conn_unlock(conn); | 917 | sco_conn_unlock(conn); |
883 | 918 | ||
884 | if (conn->hcon) | 919 | if (conn->hcon) |
885 | hci_conn_put(conn->hcon); | 920 | hci_conn_drop(conn->hcon); |
886 | } | 921 | } |
887 | 922 | ||
888 | sk->sk_state = BT_CLOSED; | 923 | sk->sk_state = BT_CLOSED; |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 5abefb12891d..b2296d3857a0 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
@@ -522,7 +522,7 @@ void smp_chan_destroy(struct l2cap_conn *conn) | |||
522 | kfree(smp); | 522 | kfree(smp); |
523 | conn->smp_chan = NULL; | 523 | conn->smp_chan = NULL; |
524 | conn->hcon->smp_conn = NULL; | 524 | conn->hcon->smp_conn = NULL; |
525 | hci_conn_put(conn->hcon); | 525 | hci_conn_drop(conn->hcon); |
526 | } | 526 | } |
527 | 527 | ||
528 | int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) | 528 | int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) |
diff --git a/net/nfc/core.c b/net/nfc/core.c index 6ceee8e181ca..40d2527693da 100644 --- a/net/nfc/core.c +++ b/net/nfc/core.c | |||
@@ -27,6 +27,7 @@ | |||
27 | #include <linux/kernel.h> | 27 | #include <linux/kernel.h> |
28 | #include <linux/module.h> | 28 | #include <linux/module.h> |
29 | #include <linux/slab.h> | 29 | #include <linux/slab.h> |
30 | #include <linux/rfkill.h> | ||
30 | #include <linux/nfc.h> | 31 | #include <linux/nfc.h> |
31 | 32 | ||
32 | #include <net/genetlink.h> | 33 | #include <net/genetlink.h> |
@@ -58,6 +59,11 @@ int nfc_dev_up(struct nfc_dev *dev) | |||
58 | 59 | ||
59 | device_lock(&dev->dev); | 60 | device_lock(&dev->dev); |
60 | 61 | ||
62 | if (dev->rfkill && rfkill_blocked(dev->rfkill)) { | ||
63 | rc = -ERFKILL; | ||
64 | goto error; | ||
65 | } | ||
66 | |||
61 | if (!device_is_registered(&dev->dev)) { | 67 | if (!device_is_registered(&dev->dev)) { |
62 | rc = -ENODEV; | 68 | rc = -ENODEV; |
63 | goto error; | 69 | goto error; |
@@ -117,6 +123,24 @@ error: | |||
117 | return rc; | 123 | return rc; |
118 | } | 124 | } |
119 | 125 | ||
126 | static int nfc_rfkill_set_block(void *data, bool blocked) | ||
127 | { | ||
128 | struct nfc_dev *dev = data; | ||
129 | |||
130 | pr_debug("%s blocked %d", dev_name(&dev->dev), blocked); | ||
131 | |||
132 | if (!blocked) | ||
133 | return 0; | ||
134 | |||
135 | nfc_dev_down(dev); | ||
136 | |||
137 | return 0; | ||
138 | } | ||
139 | |||
140 | static const struct rfkill_ops nfc_rfkill_ops = { | ||
141 | .set_block = nfc_rfkill_set_block, | ||
142 | }; | ||
143 | |||
120 | /** | 144 | /** |
121 | * nfc_start_poll - start polling for nfc targets | 145 | * nfc_start_poll - start polling for nfc targets |
122 | * | 146 | * |
@@ -143,6 +167,11 @@ int nfc_start_poll(struct nfc_dev *dev, u32 im_protocols, u32 tm_protocols) | |||
143 | goto error; | 167 | goto error; |
144 | } | 168 | } |
145 | 169 | ||
170 | if (!dev->dev_up) { | ||
171 | rc = -ENODEV; | ||
172 | goto error; | ||
173 | } | ||
174 | |||
146 | if (dev->polling) { | 175 | if (dev->polling) { |
147 | rc = -EBUSY; | 176 | rc = -EBUSY; |
148 | goto error; | 177 | goto error; |
@@ -835,6 +864,15 @@ int nfc_register_device(struct nfc_dev *dev) | |||
835 | pr_debug("The userspace won't be notified that the device %s was added\n", | 864 | pr_debug("The userspace won't be notified that the device %s was added\n", |
836 | dev_name(&dev->dev)); | 865 | dev_name(&dev->dev)); |
837 | 866 | ||
867 | dev->rfkill = rfkill_alloc(dev_name(&dev->dev), &dev->dev, | ||
868 | RFKILL_TYPE_NFC, &nfc_rfkill_ops, dev); | ||
869 | if (dev->rfkill) { | ||
870 | if (rfkill_register(dev->rfkill) < 0) { | ||
871 | rfkill_destroy(dev->rfkill); | ||
872 | dev->rfkill = NULL; | ||
873 | } | ||
874 | } | ||
875 | |||
838 | return 0; | 876 | return 0; |
839 | } | 877 | } |
840 | EXPORT_SYMBOL(nfc_register_device); | 878 | EXPORT_SYMBOL(nfc_register_device); |
@@ -852,6 +890,11 @@ void nfc_unregister_device(struct nfc_dev *dev) | |||
852 | 890 | ||
853 | id = dev->idx; | 891 | id = dev->idx; |
854 | 892 | ||
893 | if (dev->rfkill) { | ||
894 | rfkill_unregister(dev->rfkill); | ||
895 | rfkill_destroy(dev->rfkill); | ||
896 | } | ||
897 | |||
855 | if (dev->ops->check_presence) { | 898 | if (dev->ops->check_presence) { |
856 | device_lock(&dev->dev); | 899 | device_lock(&dev->dev); |
857 | dev->shutting_down = true; | 900 | dev->shutting_down = true; |
diff --git a/net/nfc/llcp/commands.c b/net/nfc/llcp/commands.c index b75a9b3f9e89..094f7e27e910 100644 --- a/net/nfc/llcp/commands.c +++ b/net/nfc/llcp/commands.c | |||
@@ -420,7 +420,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock) | |||
420 | } | 420 | } |
421 | 421 | ||
422 | /* If the socket parameters are not set, use the local ones */ | 422 | /* If the socket parameters are not set, use the local ones */ |
423 | miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; | 423 | miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ? |
424 | local->miux : sock->miux; | ||
424 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; | 425 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; |
425 | 426 | ||
426 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, | 427 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, |
@@ -475,7 +476,8 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock) | |||
475 | return -ENODEV; | 476 | return -ENODEV; |
476 | 477 | ||
477 | /* If the socket parameters are not set, use the local ones */ | 478 | /* If the socket parameters are not set, use the local ones */ |
478 | miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; | 479 | miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ? |
480 | local->miux : sock->miux; | ||
479 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; | 481 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; |
480 | 482 | ||
481 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, | 483 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, |
@@ -656,6 +658,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
656 | struct nfc_llcp_local *local; | 658 | struct nfc_llcp_local *local; |
657 | size_t frag_len = 0, remaining_len; | 659 | size_t frag_len = 0, remaining_len; |
658 | u8 *msg_data, *msg_ptr; | 660 | u8 *msg_data, *msg_ptr; |
661 | u16 remote_miu; | ||
659 | 662 | ||
660 | pr_debug("Send I frame len %zd\n", len); | 663 | pr_debug("Send I frame len %zd\n", len); |
661 | 664 | ||
@@ -692,9 +695,11 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
692 | remaining_len = len; | 695 | remaining_len = len; |
693 | msg_ptr = msg_data; | 696 | msg_ptr = msg_data; |
694 | 697 | ||
695 | while (remaining_len > 0) { | 698 | do { |
699 | remote_miu = sock->remote_miu > LLCP_MAX_MIU ? | ||
700 | local->remote_miu : sock->remote_miu; | ||
696 | 701 | ||
697 | frag_len = min_t(size_t, sock->remote_miu, remaining_len); | 702 | frag_len = min_t(size_t, remote_miu, remaining_len); |
698 | 703 | ||
699 | pr_debug("Fragment %zd bytes remaining %zd", | 704 | pr_debug("Fragment %zd bytes remaining %zd", |
700 | frag_len, remaining_len); | 705 | frag_len, remaining_len); |
@@ -706,7 +711,8 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
706 | 711 | ||
707 | skb_put(pdu, LLCP_SEQUENCE_SIZE); | 712 | skb_put(pdu, LLCP_SEQUENCE_SIZE); |
708 | 713 | ||
709 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | 714 | if (likely(frag_len > 0)) |
715 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | ||
710 | 716 | ||
711 | skb_queue_tail(&sock->tx_queue, pdu); | 717 | skb_queue_tail(&sock->tx_queue, pdu); |
712 | 718 | ||
@@ -718,7 +724,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
718 | 724 | ||
719 | remaining_len -= frag_len; | 725 | remaining_len -= frag_len; |
720 | msg_ptr += frag_len; | 726 | msg_ptr += frag_len; |
721 | } | 727 | } while (remaining_len > 0); |
722 | 728 | ||
723 | kfree(msg_data); | 729 | kfree(msg_data); |
724 | 730 | ||
@@ -732,6 +738,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |||
732 | struct nfc_llcp_local *local; | 738 | struct nfc_llcp_local *local; |
733 | size_t frag_len = 0, remaining_len; | 739 | size_t frag_len = 0, remaining_len; |
734 | u8 *msg_ptr, *msg_data; | 740 | u8 *msg_ptr, *msg_data; |
741 | u16 remote_miu; | ||
735 | int err; | 742 | int err; |
736 | 743 | ||
737 | pr_debug("Send UI frame len %zd\n", len); | 744 | pr_debug("Send UI frame len %zd\n", len); |
@@ -752,9 +759,11 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |||
752 | remaining_len = len; | 759 | remaining_len = len; |
753 | msg_ptr = msg_data; | 760 | msg_ptr = msg_data; |
754 | 761 | ||
755 | while (remaining_len > 0) { | 762 | do { |
763 | remote_miu = sock->remote_miu > LLCP_MAX_MIU ? | ||
764 | local->remote_miu : sock->remote_miu; | ||
756 | 765 | ||
757 | frag_len = min_t(size_t, sock->remote_miu, remaining_len); | 766 | frag_len = min_t(size_t, remote_miu, remaining_len); |
758 | 767 | ||
759 | pr_debug("Fragment %zd bytes remaining %zd", | 768 | pr_debug("Fragment %zd bytes remaining %zd", |
760 | frag_len, remaining_len); | 769 | frag_len, remaining_len); |
@@ -768,14 +777,15 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |||
768 | 777 | ||
769 | pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); | 778 | pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); |
770 | 779 | ||
771 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | 780 | if (likely(frag_len > 0)) |
781 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | ||
772 | 782 | ||
773 | /* No need to check for the peer RW for UI frames */ | 783 | /* No need to check for the peer RW for UI frames */ |
774 | skb_queue_tail(&local->tx_queue, pdu); | 784 | skb_queue_tail(&local->tx_queue, pdu); |
775 | 785 | ||
776 | remaining_len -= frag_len; | 786 | remaining_len -= frag_len; |
777 | msg_ptr += frag_len; | 787 | msg_ptr += frag_len; |
778 | } | 788 | } while (remaining_len > 0); |
779 | 789 | ||
780 | kfree(msg_data); | 790 | kfree(msg_data); |
781 | 791 | ||
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c index 7de0368aff0c..9e483c8e52f8 100644 --- a/net/nfc/llcp/llcp.c +++ b/net/nfc/llcp/llcp.c | |||
@@ -31,6 +31,8 @@ static u8 llcp_magic[3] = {0x46, 0x66, 0x6d}; | |||
31 | 31 | ||
32 | static struct list_head llcp_devices; | 32 | static struct list_head llcp_devices; |
33 | 33 | ||
34 | static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb); | ||
35 | |||
34 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) | 36 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) |
35 | { | 37 | { |
36 | write_lock(&l->lock); | 38 | write_lock(&l->lock); |
@@ -45,6 +47,12 @@ void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk) | |||
45 | write_unlock(&l->lock); | 47 | write_unlock(&l->lock); |
46 | } | 48 | } |
47 | 49 | ||
50 | void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock) | ||
51 | { | ||
52 | sock->remote_rw = LLCP_DEFAULT_RW; | ||
53 | sock->remote_miu = LLCP_MAX_MIU + 1; | ||
54 | } | ||
55 | |||
48 | static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) | 56 | static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) |
49 | { | 57 | { |
50 | struct nfc_llcp_local *local = sock->local; | 58 | struct nfc_llcp_local *local = sock->local; |
@@ -68,7 +76,7 @@ static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) | |||
68 | } | 76 | } |
69 | } | 77 | } |
70 | 78 | ||
71 | static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | 79 | static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, |
72 | int err) | 80 | int err) |
73 | { | 81 | { |
74 | struct sock *sk; | 82 | struct sock *sk; |
@@ -108,21 +116,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
108 | 116 | ||
109 | bh_unlock_sock(accept_sk); | 117 | bh_unlock_sock(accept_sk); |
110 | } | 118 | } |
111 | |||
112 | if (listen == true) { | ||
113 | bh_unlock_sock(sk); | ||
114 | continue; | ||
115 | } | ||
116 | } | ||
117 | |||
118 | /* | ||
119 | * If we have a connection less socket bound, we keep it alive | ||
120 | * if the device is still present. | ||
121 | */ | ||
122 | if (sk->sk_state == LLCP_BOUND && sk->sk_type == SOCK_DGRAM && | ||
123 | listen == true) { | ||
124 | bh_unlock_sock(sk); | ||
125 | continue; | ||
126 | } | 119 | } |
127 | 120 | ||
128 | if (err) | 121 | if (err) |
@@ -137,11 +130,8 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
137 | 130 | ||
138 | write_unlock(&local->sockets.lock); | 131 | write_unlock(&local->sockets.lock); |
139 | 132 | ||
140 | /* | 133 | /* If we still have a device, we keep the RAW sockets alive */ |
141 | * If we want to keep the listening sockets alive, | 134 | if (device == true) |
142 | * we don't touch the RAW ones. | ||
143 | */ | ||
144 | if (listen == true) | ||
145 | return; | 135 | return; |
146 | 136 | ||
147 | write_lock(&local->raw_sockets.lock); | 137 | write_lock(&local->raw_sockets.lock); |
@@ -173,9 +163,9 @@ struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local) | |||
173 | return local; | 163 | return local; |
174 | } | 164 | } |
175 | 165 | ||
176 | static void local_cleanup(struct nfc_llcp_local *local, bool listen) | 166 | static void local_cleanup(struct nfc_llcp_local *local) |
177 | { | 167 | { |
178 | nfc_llcp_socket_release(local, listen, ENXIO); | 168 | nfc_llcp_socket_release(local, false, ENXIO); |
179 | del_timer_sync(&local->link_timer); | 169 | del_timer_sync(&local->link_timer); |
180 | skb_queue_purge(&local->tx_queue); | 170 | skb_queue_purge(&local->tx_queue); |
181 | cancel_work_sync(&local->tx_work); | 171 | cancel_work_sync(&local->tx_work); |
@@ -194,7 +184,7 @@ static void local_release(struct kref *ref) | |||
194 | local = container_of(ref, struct nfc_llcp_local, ref); | 184 | local = container_of(ref, struct nfc_llcp_local, ref); |
195 | 185 | ||
196 | list_del(&local->list); | 186 | list_del(&local->list); |
197 | local_cleanup(local, false); | 187 | local_cleanup(local); |
198 | kfree(local); | 188 | kfree(local); |
199 | } | 189 | } |
200 | 190 | ||
@@ -1116,6 +1106,12 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local *local, | |||
1116 | dsap = nfc_llcp_dsap(skb); | 1106 | dsap = nfc_llcp_dsap(skb); |
1117 | ssap = nfc_llcp_ssap(skb); | 1107 | ssap = nfc_llcp_ssap(skb); |
1118 | 1108 | ||
1109 | if ((dsap == 0) && (ssap == 0)) { | ||
1110 | pr_debug("Connection termination"); | ||
1111 | nfc_dep_link_down(local->dev); | ||
1112 | return; | ||
1113 | } | ||
1114 | |||
1119 | llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); | 1115 | llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); |
1120 | if (llcp_sock == NULL) { | 1116 | if (llcp_sock == NULL) { |
1121 | nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); | 1117 | nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); |
@@ -1349,19 +1345,54 @@ exit: | |||
1349 | nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); | 1345 | nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); |
1350 | } | 1346 | } |
1351 | 1347 | ||
1352 | static void nfc_llcp_rx_work(struct work_struct *work) | 1348 | static void nfc_llcp_recv_agf(struct nfc_llcp_local *local, struct sk_buff *skb) |
1353 | { | 1349 | { |
1354 | struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, | 1350 | u8 ptype; |
1355 | rx_work); | 1351 | u16 pdu_len; |
1356 | u8 dsap, ssap, ptype; | 1352 | struct sk_buff *new_skb; |
1357 | struct sk_buff *skb; | ||
1358 | 1353 | ||
1359 | skb = local->rx_pending; | 1354 | if (skb->len <= LLCP_HEADER_SIZE) { |
1360 | if (skb == NULL) { | 1355 | pr_err("Malformed AGF PDU\n"); |
1361 | pr_debug("No pending SKB\n"); | ||
1362 | return; | 1356 | return; |
1363 | } | 1357 | } |
1364 | 1358 | ||
1359 | skb_pull(skb, LLCP_HEADER_SIZE); | ||
1360 | |||
1361 | while (skb->len > LLCP_AGF_PDU_HEADER_SIZE) { | ||
1362 | pdu_len = skb->data[0] << 8 | skb->data[1]; | ||
1363 | |||
1364 | skb_pull(skb, LLCP_AGF_PDU_HEADER_SIZE); | ||
1365 | |||
1366 | if (pdu_len < LLCP_HEADER_SIZE || pdu_len > skb->len) { | ||
1367 | pr_err("Malformed AGF PDU\n"); | ||
1368 | return; | ||
1369 | } | ||
1370 | |||
1371 | ptype = nfc_llcp_ptype(skb); | ||
1372 | |||
1373 | if (ptype == LLCP_PDU_SYMM || ptype == LLCP_PDU_AGF) | ||
1374 | goto next; | ||
1375 | |||
1376 | new_skb = nfc_alloc_recv_skb(pdu_len, GFP_KERNEL); | ||
1377 | if (new_skb == NULL) { | ||
1378 | pr_err("Could not allocate PDU\n"); | ||
1379 | return; | ||
1380 | } | ||
1381 | |||
1382 | memcpy(skb_put(new_skb, pdu_len), skb->data, pdu_len); | ||
1383 | |||
1384 | nfc_llcp_rx_skb(local, new_skb); | ||
1385 | |||
1386 | kfree_skb(new_skb); | ||
1387 | next: | ||
1388 | skb_pull(skb, pdu_len); | ||
1389 | } | ||
1390 | } | ||
1391 | |||
1392 | static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb) | ||
1393 | { | ||
1394 | u8 dsap, ssap, ptype; | ||
1395 | |||
1365 | ptype = nfc_llcp_ptype(skb); | 1396 | ptype = nfc_llcp_ptype(skb); |
1366 | dsap = nfc_llcp_dsap(skb); | 1397 | dsap = nfc_llcp_dsap(skb); |
1367 | ssap = nfc_llcp_ssap(skb); | 1398 | ssap = nfc_llcp_ssap(skb); |
@@ -1372,10 +1403,6 @@ static void nfc_llcp_rx_work(struct work_struct *work) | |||
1372 | print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET, | 1403 | print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET, |
1373 | 16, 1, skb->data, skb->len, true); | 1404 | 16, 1, skb->data, skb->len, true); |
1374 | 1405 | ||
1375 | __net_timestamp(skb); | ||
1376 | |||
1377 | nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX); | ||
1378 | |||
1379 | switch (ptype) { | 1406 | switch (ptype) { |
1380 | case LLCP_PDU_SYMM: | 1407 | case LLCP_PDU_SYMM: |
1381 | pr_debug("SYMM\n"); | 1408 | pr_debug("SYMM\n"); |
@@ -1418,7 +1445,30 @@ static void nfc_llcp_rx_work(struct work_struct *work) | |||
1418 | nfc_llcp_recv_hdlc(local, skb); | 1445 | nfc_llcp_recv_hdlc(local, skb); |
1419 | break; | 1446 | break; |
1420 | 1447 | ||
1448 | case LLCP_PDU_AGF: | ||
1449 | pr_debug("AGF frame\n"); | ||
1450 | nfc_llcp_recv_agf(local, skb); | ||
1451 | break; | ||
1421 | } | 1452 | } |
1453 | } | ||
1454 | |||
1455 | static void nfc_llcp_rx_work(struct work_struct *work) | ||
1456 | { | ||
1457 | struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, | ||
1458 | rx_work); | ||
1459 | struct sk_buff *skb; | ||
1460 | |||
1461 | skb = local->rx_pending; | ||
1462 | if (skb == NULL) { | ||
1463 | pr_debug("No pending SKB\n"); | ||
1464 | return; | ||
1465 | } | ||
1466 | |||
1467 | __net_timestamp(skb); | ||
1468 | |||
1469 | nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX); | ||
1470 | |||
1471 | nfc_llcp_rx_skb(local, skb); | ||
1422 | 1472 | ||
1423 | schedule_work(&local->tx_work); | 1473 | schedule_work(&local->tx_work); |
1424 | kfree_skb(local->rx_pending); | 1474 | kfree_skb(local->rx_pending); |
@@ -1466,6 +1516,9 @@ void nfc_llcp_mac_is_down(struct nfc_dev *dev) | |||
1466 | if (local == NULL) | 1516 | if (local == NULL) |
1467 | return; | 1517 | return; |
1468 | 1518 | ||
1519 | local->remote_miu = LLCP_DEFAULT_MIU; | ||
1520 | local->remote_lto = LLCP_DEFAULT_LTO; | ||
1521 | |||
1469 | /* Close and purge all existing sockets */ | 1522 | /* Close and purge all existing sockets */ |
1470 | nfc_llcp_socket_release(local, true, 0); | 1523 | nfc_llcp_socket_release(local, true, 0); |
1471 | } | 1524 | } |
@@ -1553,7 +1606,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev) | |||
1553 | return; | 1606 | return; |
1554 | } | 1607 | } |
1555 | 1608 | ||
1556 | local_cleanup(local, false); | 1609 | local_cleanup(local); |
1557 | 1610 | ||
1558 | nfc_llcp_local_put(local); | 1611 | nfc_llcp_local_put(local); |
1559 | } | 1612 | } |
diff --git a/net/nfc/llcp/llcp.h b/net/nfc/llcp/llcp.h index 7e87a66b02ec..ff8c434f7df8 100644 --- a/net/nfc/llcp/llcp.h +++ b/net/nfc/llcp/llcp.h | |||
@@ -31,6 +31,7 @@ enum llcp_state { | |||
31 | #define LLCP_MAX_LTO 0xff | 31 | #define LLCP_MAX_LTO 0xff |
32 | #define LLCP_MAX_RW 15 | 32 | #define LLCP_MAX_RW 15 |
33 | #define LLCP_MAX_MIUX 0x7ff | 33 | #define LLCP_MAX_MIUX 0x7ff |
34 | #define LLCP_MAX_MIU (LLCP_MAX_MIUX + 128) | ||
34 | 35 | ||
35 | #define LLCP_WKS_NUM_SAP 16 | 36 | #define LLCP_WKS_NUM_SAP 16 |
36 | #define LLCP_SDP_NUM_SAP 16 | 37 | #define LLCP_SDP_NUM_SAP 16 |
@@ -124,7 +125,7 @@ struct nfc_llcp_sock { | |||
124 | char *service_name; | 125 | char *service_name; |
125 | size_t service_name_len; | 126 | size_t service_name_len; |
126 | u8 rw; | 127 | u8 rw; |
127 | u16 miux; | 128 | __be16 miux; |
128 | 129 | ||
129 | 130 | ||
130 | /* Remote link parameters */ | 131 | /* Remote link parameters */ |
@@ -162,6 +163,7 @@ struct nfc_llcp_ui_cb { | |||
162 | 163 | ||
163 | #define LLCP_HEADER_SIZE 2 | 164 | #define LLCP_HEADER_SIZE 2 |
164 | #define LLCP_SEQUENCE_SIZE 1 | 165 | #define LLCP_SEQUENCE_SIZE 1 |
166 | #define LLCP_AGF_PDU_HEADER_SIZE 2 | ||
165 | 167 | ||
166 | /* LLCP versions: 1.1 is 1.0 plus SDP */ | 168 | /* LLCP versions: 1.1 is 1.0 plus SDP */ |
167 | #define LLCP_VERSION_10 0x10 | 169 | #define LLCP_VERSION_10 0x10 |
@@ -210,6 +212,7 @@ struct nfc_llcp_ui_cb { | |||
210 | 212 | ||
211 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s); | 213 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s); |
212 | void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s); | 214 | void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s); |
215 | void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock); | ||
213 | struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev); | 216 | struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev); |
214 | struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local); | 217 | struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local); |
215 | int nfc_llcp_local_put(struct nfc_llcp_local *local); | 218 | int nfc_llcp_local_put(struct nfc_llcp_local *local); |
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 6fa76704cb13..fd01ac6e0bf4 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c | |||
@@ -279,7 +279,7 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname, | |||
279 | break; | 279 | break; |
280 | } | 280 | } |
281 | 281 | ||
282 | llcp_sock->miux = (u16) opt; | 282 | llcp_sock->miux = cpu_to_be16((u16) opt); |
283 | 283 | ||
284 | break; | 284 | break; |
285 | 285 | ||
@@ -299,9 +299,12 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname, | |||
299 | static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, | 299 | static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, |
300 | char __user *optval, int __user *optlen) | 300 | char __user *optval, int __user *optlen) |
301 | { | 301 | { |
302 | struct nfc_llcp_local *local; | ||
302 | struct sock *sk = sock->sk; | 303 | struct sock *sk = sock->sk; |
303 | struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); | 304 | struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); |
304 | int len, err = 0; | 305 | int len, err = 0; |
306 | u16 miux, remote_miu; | ||
307 | u8 rw; | ||
305 | 308 | ||
306 | pr_debug("%p optname %d\n", sk, optname); | 309 | pr_debug("%p optname %d\n", sk, optname); |
307 | 310 | ||
@@ -311,19 +314,48 @@ static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, | |||
311 | if (get_user(len, optlen)) | 314 | if (get_user(len, optlen)) |
312 | return -EFAULT; | 315 | return -EFAULT; |
313 | 316 | ||
317 | local = llcp_sock->local; | ||
318 | if (!local) | ||
319 | return -ENODEV; | ||
320 | |||
314 | len = min_t(u32, len, sizeof(u32)); | 321 | len = min_t(u32, len, sizeof(u32)); |
315 | 322 | ||
316 | lock_sock(sk); | 323 | lock_sock(sk); |
317 | 324 | ||
318 | switch (optname) { | 325 | switch (optname) { |
319 | case NFC_LLCP_RW: | 326 | case NFC_LLCP_RW: |
320 | if (put_user(llcp_sock->rw, (u32 __user *) optval)) | 327 | rw = llcp_sock->rw > LLCP_MAX_RW ? local->rw : llcp_sock->rw; |
328 | if (put_user(rw, (u32 __user *) optval)) | ||
321 | err = -EFAULT; | 329 | err = -EFAULT; |
322 | 330 | ||
323 | break; | 331 | break; |
324 | 332 | ||
325 | case NFC_LLCP_MIUX: | 333 | case NFC_LLCP_MIUX: |
326 | if (put_user(llcp_sock->miux, (u32 __user *) optval)) | 334 | miux = be16_to_cpu(llcp_sock->miux) > LLCP_MAX_MIUX ? |
335 | be16_to_cpu(local->miux) : be16_to_cpu(llcp_sock->miux); | ||
336 | |||
337 | if (put_user(miux, (u32 __user *) optval)) | ||
338 | err = -EFAULT; | ||
339 | |||
340 | break; | ||
341 | |||
342 | case NFC_LLCP_REMOTE_MIU: | ||
343 | remote_miu = llcp_sock->remote_miu > LLCP_MAX_MIU ? | ||
344 | local->remote_miu : llcp_sock->remote_miu; | ||
345 | |||
346 | if (put_user(remote_miu, (u32 __user *) optval)) | ||
347 | err = -EFAULT; | ||
348 | |||
349 | break; | ||
350 | |||
351 | case NFC_LLCP_REMOTE_LTO: | ||
352 | if (put_user(local->remote_lto / 10, (u32 __user *) optval)) | ||
353 | err = -EFAULT; | ||
354 | |||
355 | break; | ||
356 | |||
357 | case NFC_LLCP_REMOTE_RW: | ||
358 | if (put_user(llcp_sock->remote_rw, (u32 __user *) optval)) | ||
327 | err = -EFAULT; | 359 | err = -EFAULT; |
328 | 360 | ||
329 | break; | 361 | break; |
@@ -921,13 +953,12 @@ struct sock *nfc_llcp_sock_alloc(struct socket *sock, int type, gfp_t gfp) | |||
921 | llcp_sock->ssap = 0; | 953 | llcp_sock->ssap = 0; |
922 | llcp_sock->dsap = LLCP_SAP_SDP; | 954 | llcp_sock->dsap = LLCP_SAP_SDP; |
923 | llcp_sock->rw = LLCP_MAX_RW + 1; | 955 | llcp_sock->rw = LLCP_MAX_RW + 1; |
924 | llcp_sock->miux = LLCP_MAX_MIUX + 1; | 956 | llcp_sock->miux = cpu_to_be16(LLCP_MAX_MIUX + 1); |
925 | llcp_sock->remote_rw = LLCP_DEFAULT_RW; | ||
926 | llcp_sock->remote_miu = LLCP_DEFAULT_MIU; | ||
927 | llcp_sock->send_n = llcp_sock->send_ack_n = 0; | 957 | llcp_sock->send_n = llcp_sock->send_ack_n = 0; |
928 | llcp_sock->recv_n = llcp_sock->recv_ack_n = 0; | 958 | llcp_sock->recv_n = llcp_sock->recv_ack_n = 0; |
929 | llcp_sock->remote_ready = 1; | 959 | llcp_sock->remote_ready = 1; |
930 | llcp_sock->reserved_ssap = LLCP_SAP_MAX; | 960 | llcp_sock->reserved_ssap = LLCP_SAP_MAX; |
961 | nfc_llcp_socket_remote_param_init(llcp_sock); | ||
931 | skb_queue_head_init(&llcp_sock->tx_queue); | 962 | skb_queue_head_init(&llcp_sock->tx_queue); |
932 | skb_queue_head_init(&llcp_sock->tx_pending_queue); | 963 | skb_queue_head_init(&llcp_sock->tx_pending_queue); |
933 | INIT_LIST_HEAD(&llcp_sock->accept_queue); | 964 | INIT_LIST_HEAD(&llcp_sock->accept_queue); |
diff --git a/net/rfkill/core.c b/net/rfkill/core.c index 9b9be5279f5d..1cec5e4f3a5e 100644 --- a/net/rfkill/core.c +++ b/net/rfkill/core.c | |||
@@ -587,7 +587,7 @@ static ssize_t rfkill_name_show(struct device *dev, | |||
587 | 587 | ||
588 | static const char *rfkill_get_type_str(enum rfkill_type type) | 588 | static const char *rfkill_get_type_str(enum rfkill_type type) |
589 | { | 589 | { |
590 | BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_FM + 1); | 590 | BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_NFC + 1); |
591 | 591 | ||
592 | switch (type) { | 592 | switch (type) { |
593 | case RFKILL_TYPE_WLAN: | 593 | case RFKILL_TYPE_WLAN: |
@@ -604,6 +604,8 @@ static const char *rfkill_get_type_str(enum rfkill_type type) | |||
604 | return "gps"; | 604 | return "gps"; |
605 | case RFKILL_TYPE_FM: | 605 | case RFKILL_TYPE_FM: |
606 | return "fm"; | 606 | return "fm"; |
607 | case RFKILL_TYPE_NFC: | ||
608 | return "nfc"; | ||
607 | default: | 609 | default: |
608 | BUG(); | 610 | BUG(); |
609 | } | 611 | } |