aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c28
-rw-r--r--include/net/bluetooth/a2mp.h24
-rw-r--r--include/net/bluetooth/amp.h50
-rw-r--r--include/net/bluetooth/bluetooth.h1
-rw-r--r--include/net/bluetooth/hci.h40
-rw-r--r--include/net/bluetooth/hci_core.h48
-rw-r--r--include/net/bluetooth/l2cap.h14
-rw-r--r--net/bluetooth/Kconfig1
-rw-r--r--net/bluetooth/Makefile2
-rw-r--r--net/bluetooth/a2mp.c459
-rw-r--r--net/bluetooth/af_bluetooth.c10
-rw-r--r--net/bluetooth/amp.c374
-rw-r--r--net/bluetooth/bnep/core.c3
-rw-r--r--net/bluetooth/cmtp/core.c2
-rw-r--r--net/bluetooth/hci_conn.c70
-rw-r--r--net/bluetooth/hci_core.c65
-rw-r--r--net/bluetooth/hci_event.c167
-rw-r--r--net/bluetooth/hci_sysfs.c10
-rw-r--r--net/bluetooth/hidp/core.c8
-rw-r--r--net/bluetooth/l2cap_core.c503
-rw-r--r--net/bluetooth/l2cap_sock.c89
-rw-r--r--net/bluetooth/lib.c14
-rw-r--r--net/bluetooth/mgmt.c5
-rw-r--r--net/bluetooth/rfcomm/core.c19
-rw-r--r--net/bluetooth/rfcomm/sock.c9
-rw-r--r--net/bluetooth/rfcomm/tty.c6
-rw-r--r--net/bluetooth/sco.c12
-rw-r--r--net/bluetooth/smp.c2
28 files changed, 1641 insertions, 394 deletions
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
index 3f4bfc814dc7..9959d4cb23dc 100644
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -492,7 +492,7 @@ done:
492static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv) 492static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
493{ 493{
494 u16 buf_len = 0; 494 u16 buf_len = 0;
495 int ret, buf_block_len, blksz; 495 int ret, num_blocks, blksz;
496 struct sk_buff *skb = NULL; 496 struct sk_buff *skb = NULL;
497 u32 type; 497 u32 type;
498 u8 *payload = NULL; 498 u8 *payload = NULL;
@@ -514,18 +514,17 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
514 } 514 }
515 515
516 blksz = SDIO_BLOCK_SIZE; 516 blksz = SDIO_BLOCK_SIZE;
517 buf_block_len = (buf_len + blksz - 1) / blksz; 517 num_blocks = DIV_ROUND_UP(buf_len, blksz);
518 518
519 if (buf_len <= SDIO_HEADER_LEN 519 if (buf_len <= SDIO_HEADER_LEN
520 || (buf_block_len * blksz) > ALLOC_BUF_SIZE) { 520 || (num_blocks * blksz) > ALLOC_BUF_SIZE) {
521 BT_ERR("invalid packet length: %d", buf_len); 521 BT_ERR("invalid packet length: %d", buf_len);
522 ret = -EINVAL; 522 ret = -EINVAL;
523 goto exit; 523 goto exit;
524 } 524 }
525 525
526 /* Allocate buffer */ 526 /* Allocate buffer */
527 skb = bt_skb_alloc(buf_block_len * blksz + BTSDIO_DMA_ALIGN, 527 skb = bt_skb_alloc(num_blocks * blksz + BTSDIO_DMA_ALIGN, GFP_ATOMIC);
528 GFP_ATOMIC);
529 if (skb == NULL) { 528 if (skb == NULL) {
530 BT_ERR("No free skb"); 529 BT_ERR("No free skb");
531 goto exit; 530 goto exit;
@@ -541,7 +540,7 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
541 payload = skb->data; 540 payload = skb->data;
542 541
543 ret = sdio_readsb(card->func, payload, card->ioport, 542 ret = sdio_readsb(card->func, payload, card->ioport,
544 buf_block_len * blksz); 543 num_blocks * blksz);
545 if (ret < 0) { 544 if (ret < 0) {
546 BT_ERR("readsb failed: %d", ret); 545 BT_ERR("readsb failed: %d", ret);
547 ret = -EIO; 546 ret = -EIO;
@@ -553,7 +552,16 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
553 */ 552 */
554 553
555 buf_len = payload[0]; 554 buf_len = payload[0];
556 buf_len |= (u16) payload[1] << 8; 555 buf_len |= payload[1] << 8;
556 buf_len |= payload[2] << 16;
557
558 if (buf_len > blksz * num_blocks) {
559 BT_ERR("Skip incorrect packet: hdrlen %d buffer %d",
560 buf_len, blksz * num_blocks);
561 ret = -EIO;
562 goto exit;
563 }
564
557 type = payload[3]; 565 type = payload[3];
558 566
559 switch (type) { 567 switch (type) {
@@ -589,8 +597,7 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
589 597
590 default: 598 default:
591 BT_ERR("Unknown packet type:%d", type); 599 BT_ERR("Unknown packet type:%d", type);
592 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, payload, 600 BT_ERR("hex: %*ph", blksz * num_blocks, payload);
593 blksz * buf_block_len);
594 601
595 kfree_skb(skb); 602 kfree_skb(skb);
596 skb = NULL; 603 skb = NULL;
@@ -849,8 +856,7 @@ static int btmrvl_sdio_host_to_card(struct btmrvl_private *priv,
849 if (ret < 0) { 856 if (ret < 0) {
850 i++; 857 i++;
851 BT_ERR("i=%d writesb failed: %d", i, ret); 858 BT_ERR("i=%d writesb failed: %d", i, ret);
852 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 859 BT_ERR("hex: %*ph", nb, payload);
853 payload, nb);
854 ret = -EIO; 860 ret = -EIO;
855 if (i > MAX_WRITE_IOMEM_RETRY) 861 if (i > MAX_WRITE_IOMEM_RETRY)
856 goto exit; 862 goto exit;
diff --git a/include/net/bluetooth/a2mp.h b/include/net/bluetooth/a2mp.h
index 6a76e0a0705e..42f21766c538 100644
--- a/include/net/bluetooth/a2mp.h
+++ b/include/net/bluetooth/a2mp.h
@@ -19,13 +19,25 @@
19 19
20#define A2MP_FEAT_EXT 0x8000 20#define A2MP_FEAT_EXT 0x8000
21 21
22enum amp_mgr_state {
23 READ_LOC_AMP_INFO,
24 READ_LOC_AMP_ASSOC,
25 READ_LOC_AMP_ASSOC_FINAL,
26};
27
22struct amp_mgr { 28struct amp_mgr {
29 struct list_head list;
23 struct l2cap_conn *l2cap_conn; 30 struct l2cap_conn *l2cap_conn;
24 struct l2cap_chan *a2mp_chan; 31 struct l2cap_chan *a2mp_chan;
32 struct l2cap_chan *bredr_chan;
25 struct kref kref; 33 struct kref kref;
26 __u8 ident; 34 __u8 ident;
27 __u8 handle; 35 __u8 handle;
36 enum amp_mgr_state state;
28 unsigned long flags; 37 unsigned long flags;
38
39 struct list_head amp_ctrls;
40 struct mutex amp_ctrls_lock;
29}; 41};
30 42
31struct a2mp_cmd { 43struct a2mp_cmd {
@@ -118,9 +130,19 @@ struct a2mp_physlink_rsp {
118#define A2MP_STATUS_PHYS_LINK_EXISTS 0x05 130#define A2MP_STATUS_PHYS_LINK_EXISTS 0x05
119#define A2MP_STATUS_SECURITY_VIOLATION 0x06 131#define A2MP_STATUS_SECURITY_VIOLATION 0x06
120 132
121void amp_mgr_get(struct amp_mgr *mgr); 133extern struct list_head amp_mgr_list;
134extern struct mutex amp_mgr_list_lock;
135
136struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr);
122int amp_mgr_put(struct amp_mgr *mgr); 137int amp_mgr_put(struct amp_mgr *mgr);
138u8 __next_ident(struct amp_mgr *mgr);
123struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn, 139struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
124 struct sk_buff *skb); 140 struct sk_buff *skb);
141struct amp_mgr *amp_mgr_lookup_by_state(u8 state);
142void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data);
143void a2mp_discover_amp(struct l2cap_chan *chan);
144void a2mp_send_getinfo_rsp(struct hci_dev *hdev);
145void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status);
146void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status);
125 147
126#endif /* __A2MP_H */ 148#endif /* __A2MP_H */
diff --git a/include/net/bluetooth/amp.h b/include/net/bluetooth/amp.h
new file mode 100644
index 000000000000..2e7c79ea0463
--- /dev/null
+++ b/include/net/bluetooth/amp.h
@@ -0,0 +1,50 @@
1/*
2 Copyright (c) 2011,2012 Intel Corp.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2 and
6 only version 2 as published by the Free Software Foundation.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12*/
13
14#ifndef __AMP_H
15#define __AMP_H
16
17struct amp_ctrl {
18 struct list_head list;
19 struct kref kref;
20 __u8 id;
21 __u16 assoc_len_so_far;
22 __u16 assoc_rem_len;
23 __u16 assoc_len;
24 __u8 *assoc;
25};
26
27int amp_ctrl_put(struct amp_ctrl *ctrl);
28void amp_ctrl_get(struct amp_ctrl *ctrl);
29struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id);
30struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id);
31void amp_ctrl_list_flush(struct amp_mgr *mgr);
32
33struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
34 u8 remote_id, bool out);
35
36int phylink_gen_key(struct hci_conn *hcon, u8 *data, u8 *len, u8 *type);
37
38void amp_read_loc_info(struct hci_dev *hdev, struct amp_mgr *mgr);
39void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle);
40void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr);
41void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
42 struct hci_conn *hcon);
43void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
44 struct hci_conn *hcon);
45void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
46 struct hci_conn *hcon);
47void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle);
48void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle);
49
50#endif /* __AMP_H */
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index ede036977ae8..2554b3f5222a 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -180,7 +180,6 @@ static inline void bacpy(bdaddr_t *dst, bdaddr_t *src)
180} 180}
181 181
182void baswap(bdaddr_t *dst, bdaddr_t *src); 182void baswap(bdaddr_t *dst, bdaddr_t *src);
183char *batostr(bdaddr_t *ba);
184 183
185/* Common socket structures and functions */ 184/* Common socket structures and functions */
186 185
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 76b2b6bdcf36..88cbbda61027 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -33,6 +33,8 @@
33#define HCI_LINK_KEY_SIZE 16 33#define HCI_LINK_KEY_SIZE 16
34#define HCI_AMP_LINK_KEY_SIZE (2 * HCI_LINK_KEY_SIZE) 34#define HCI_AMP_LINK_KEY_SIZE (2 * HCI_LINK_KEY_SIZE)
35 35
36#define HCI_MAX_AMP_ASSOC_SIZE 672
37
36/* HCI dev events */ 38/* HCI dev events */
37#define HCI_DEV_REG 1 39#define HCI_DEV_REG 1
38#define HCI_DEV_UNREG 2 40#define HCI_DEV_UNREG 2
@@ -196,6 +198,7 @@ enum {
196#define ACL_START_NO_FLUSH 0x00 198#define ACL_START_NO_FLUSH 0x00
197#define ACL_CONT 0x01 199#define ACL_CONT 0x01
198#define ACL_START 0x02 200#define ACL_START 0x02
201#define ACL_COMPLETE 0x03
199#define ACL_ACTIVE_BCAST 0x04 202#define ACL_ACTIVE_BCAST 0x04
200#define ACL_PICO_BCAST 0x08 203#define ACL_PICO_BCAST 0x08
201 204
@@ -205,6 +208,7 @@ enum {
205#define ESCO_LINK 0x02 208#define ESCO_LINK 0x02
206/* Low Energy links do not have defined link type. Use invented one */ 209/* Low Energy links do not have defined link type. Use invented one */
207#define LE_LINK 0x80 210#define LE_LINK 0x80
211#define AMP_LINK 0x81
208 212
209/* LMP features */ 213/* LMP features */
210#define LMP_3SLOT 0x01 214#define LMP_3SLOT 0x01
@@ -556,12 +560,46 @@ struct hci_cp_accept_phy_link {
556 __u8 key[HCI_AMP_LINK_KEY_SIZE]; 560 __u8 key[HCI_AMP_LINK_KEY_SIZE];
557} __packed; 561} __packed;
558 562
559#define HCI_OP_DISCONN_PHY_LINK 0x0437 563#define HCI_OP_DISCONN_PHY_LINK 0x0437
560struct hci_cp_disconn_phy_link { 564struct hci_cp_disconn_phy_link {
561 __u8 phy_handle; 565 __u8 phy_handle;
562 __u8 reason; 566 __u8 reason;
563} __packed; 567} __packed;
564 568
569struct ext_flow_spec {
570 __u8 id;
571 __u8 stype;
572 __le16 msdu;
573 __le32 sdu_itime;
574 __le32 acc_lat;
575 __le32 flush_to;
576} __packed;
577
578#define HCI_OP_CREATE_LOGICAL_LINK 0x0438
579#define HCI_OP_ACCEPT_LOGICAL_LINK 0x0439
580struct hci_cp_create_accept_logical_link {
581 __u8 phy_handle;
582 struct ext_flow_spec tx_flow_spec;
583 struct ext_flow_spec rx_flow_spec;
584} __packed;
585
586#define HCI_OP_DISCONN_LOGICAL_LINK 0x043a
587struct hci_cp_disconn_logical_link {
588 __le16 log_handle;
589} __packed;
590
591#define HCI_OP_LOGICAL_LINK_CANCEL 0x043b
592struct hci_cp_logical_link_cancel {
593 __u8 phy_handle;
594 __u8 flow_spec_id;
595} __packed;
596
597struct hci_rp_logical_link_cancel {
598 __u8 status;
599 __u8 phy_handle;
600 __u8 flow_spec_id;
601} __packed;
602
565#define HCI_OP_SNIFF_MODE 0x0803 603#define HCI_OP_SNIFF_MODE 0x0803
566struct hci_cp_sniff_mode { 604struct hci_cp_sniff_mode {
567 __le16 handle; 605 __le16 handle;
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index e7d454609881..9fe8e2dec870 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -73,6 +73,7 @@ struct discovery_state {
73struct hci_conn_hash { 73struct hci_conn_hash {
74 struct list_head list; 74 struct list_head list;
75 unsigned int acl_num; 75 unsigned int acl_num;
76 unsigned int amp_num;
76 unsigned int sco_num; 77 unsigned int sco_num;
77 unsigned int le_num; 78 unsigned int le_num;
78}; 79};
@@ -124,6 +125,14 @@ struct le_scan_params {
124 125
125#define HCI_MAX_SHORT_NAME_LENGTH 10 126#define HCI_MAX_SHORT_NAME_LENGTH 10
126 127
128struct amp_assoc {
129 __u16 len;
130 __u16 offset;
131 __u16 rem_len;
132 __u16 len_so_far;
133 __u8 data[HCI_MAX_AMP_ASSOC_SIZE];
134};
135
127#define NUM_REASSEMBLY 4 136#define NUM_REASSEMBLY 4
128struct hci_dev { 137struct hci_dev {
129 struct list_head list; 138 struct list_head list;
@@ -177,6 +186,8 @@ struct hci_dev {
177 __u32 amp_max_flush_to; 186 __u32 amp_max_flush_to;
178 __u32 amp_be_flush_to; 187 __u32 amp_be_flush_to;
179 188
189 struct amp_assoc loc_assoc;
190
180 __u8 flow_ctl_mode; 191 __u8 flow_ctl_mode;
181 192
182 unsigned int auto_accept_delay; 193 unsigned int auto_accept_delay;
@@ -252,8 +263,6 @@ struct hci_dev {
252 263
253 struct sk_buff_head driver_init; 264 struct sk_buff_head driver_init;
254 265
255 void *core_data;
256
257 atomic_t promisc; 266 atomic_t promisc;
258 267
259 struct dentry *debugfs; 268 struct dentry *debugfs;
@@ -277,6 +286,8 @@ struct hci_dev {
277 int (*ioctl)(struct hci_dev *hdev, unsigned int cmd, unsigned long arg); 286 int (*ioctl)(struct hci_dev *hdev, unsigned int cmd, unsigned long arg);
278}; 287};
279 288
289#define HCI_PHY_HANDLE(handle) (handle & 0xff)
290
280struct hci_conn { 291struct hci_conn {
281 struct list_head list; 292 struct list_head list;
282 293
@@ -310,6 +321,7 @@ struct hci_conn {
310 321
311 __u8 remote_cap; 322 __u8 remote_cap;
312 __u8 remote_auth; 323 __u8 remote_auth;
324 __u8 remote_id;
313 bool flush_key; 325 bool flush_key;
314 326
315 unsigned int sent; 327 unsigned int sent;
@@ -339,7 +351,7 @@ struct hci_conn {
339 351
340struct hci_chan { 352struct hci_chan {
341 struct list_head list; 353 struct list_head list;
342 354 __u16 handle;
343 struct hci_conn *conn; 355 struct hci_conn *conn;
344 struct sk_buff_head data_q; 356 struct sk_buff_head data_q;
345 unsigned int sent; 357 unsigned int sent;
@@ -438,6 +450,9 @@ static inline void hci_conn_hash_add(struct hci_dev *hdev, struct hci_conn *c)
438 case ACL_LINK: 450 case ACL_LINK:
439 h->acl_num++; 451 h->acl_num++;
440 break; 452 break;
453 case AMP_LINK:
454 h->amp_num++;
455 break;
441 case LE_LINK: 456 case LE_LINK:
442 h->le_num++; 457 h->le_num++;
443 break; 458 break;
@@ -459,6 +474,9 @@ static inline void hci_conn_hash_del(struct hci_dev *hdev, struct hci_conn *c)
459 case ACL_LINK: 474 case ACL_LINK:
460 h->acl_num--; 475 h->acl_num--;
461 break; 476 break;
477 case AMP_LINK:
478 h->amp_num--;
479 break;
462 case LE_LINK: 480 case LE_LINK:
463 h->le_num--; 481 h->le_num--;
464 break; 482 break;
@@ -475,6 +493,8 @@ static inline unsigned int hci_conn_num(struct hci_dev *hdev, __u8 type)
475 switch (type) { 493 switch (type) {
476 case ACL_LINK: 494 case ACL_LINK:
477 return h->acl_num; 495 return h->acl_num;
496 case AMP_LINK:
497 return h->amp_num;
478 case LE_LINK: 498 case LE_LINK:
479 return h->le_num; 499 return h->le_num;
480 case SCO_LINK: 500 case SCO_LINK:
@@ -556,6 +576,7 @@ void hci_conn_check_pending(struct hci_dev *hdev);
556struct hci_chan *hci_chan_create(struct hci_conn *conn); 576struct hci_chan *hci_chan_create(struct hci_conn *conn);
557void hci_chan_del(struct hci_chan *chan); 577void hci_chan_del(struct hci_chan *chan);
558void hci_chan_list_flush(struct hci_conn *conn); 578void hci_chan_list_flush(struct hci_conn *conn);
579struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle);
559 580
560struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, 581struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
561 __u8 dst_type, __u8 sec_level, __u8 auth_type); 582 __u8 dst_type, __u8 sec_level, __u8 auth_type);
@@ -584,7 +605,10 @@ static inline void hci_conn_put(struct hci_conn *conn)
584 605
585 if (atomic_dec_and_test(&conn->refcnt)) { 606 if (atomic_dec_and_test(&conn->refcnt)) {
586 unsigned long timeo; 607 unsigned long timeo;
587 if (conn->type == ACL_LINK || conn->type == LE_LINK) { 608
609 switch (conn->type) {
610 case ACL_LINK:
611 case LE_LINK:
588 del_timer(&conn->idle_timer); 612 del_timer(&conn->idle_timer);
589 if (conn->state == BT_CONNECTED) { 613 if (conn->state == BT_CONNECTED) {
590 timeo = conn->disc_timeout; 614 timeo = conn->disc_timeout;
@@ -593,12 +617,20 @@ static inline void hci_conn_put(struct hci_conn *conn)
593 } else { 617 } else {
594 timeo = msecs_to_jiffies(10); 618 timeo = msecs_to_jiffies(10);
595 } 619 }
596 } else { 620 break;
621
622 case AMP_LINK:
623 timeo = conn->disc_timeout;
624 break;
625
626 default:
597 timeo = msecs_to_jiffies(10); 627 timeo = msecs_to_jiffies(10);
628 break;
598 } 629 }
630
599 cancel_delayed_work(&conn->disc_work); 631 cancel_delayed_work(&conn->disc_work);
600 queue_delayed_work(conn->hdev->workqueue, 632 queue_delayed_work(conn->hdev->workqueue,
601 &conn->disc_work, timeo); 633 &conn->disc_work, timeo);
602 } 634 }
603} 635}
604 636
@@ -789,6 +821,10 @@ static inline void hci_proto_disconn_cfm(struct hci_conn *conn, __u8 reason)
789 sco_disconn_cfm(conn, reason); 821 sco_disconn_cfm(conn, reason);
790 break; 822 break;
791 823
824 /* L2CAP would be handled for BREDR chan */
825 case AMP_LINK:
826 break;
827
792 default: 828 default:
793 BT_ERR("unknown link type %d", conn->type); 829 BT_ERR("unknown link type %d", conn->type);
794 break; 830 break;
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 7ed8e356425a..6e23afdf65c1 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -32,13 +32,14 @@
32/* L2CAP defaults */ 32/* L2CAP defaults */
33#define L2CAP_DEFAULT_MTU 672 33#define L2CAP_DEFAULT_MTU 672
34#define L2CAP_DEFAULT_MIN_MTU 48 34#define L2CAP_DEFAULT_MIN_MTU 48
35#define L2CAP_DEFAULT_FLUSH_TO 0xffff 35#define L2CAP_DEFAULT_FLUSH_TO 0xFFFF
36#define L2CAP_EFS_DEFAULT_FLUSH_TO 0xFFFFFFFF
36#define L2CAP_DEFAULT_TX_WINDOW 63 37#define L2CAP_DEFAULT_TX_WINDOW 63
37#define L2CAP_DEFAULT_EXT_WINDOW 0x3FFF 38#define L2CAP_DEFAULT_EXT_WINDOW 0x3FFF
38#define L2CAP_DEFAULT_MAX_TX 3 39#define L2CAP_DEFAULT_MAX_TX 3
39#define L2CAP_DEFAULT_RETRANS_TO 2000 /* 2 seconds */ 40#define L2CAP_DEFAULT_RETRANS_TO 2000 /* 2 seconds */
40#define L2CAP_DEFAULT_MONITOR_TO 12000 /* 12 seconds */ 41#define L2CAP_DEFAULT_MONITOR_TO 12000 /* 12 seconds */
41#define L2CAP_DEFAULT_MAX_PDU_SIZE 1009 /* Sized for 3-DH5 packet */ 42#define L2CAP_DEFAULT_MAX_PDU_SIZE 1492 /* Sized for AMP packet */
42#define L2CAP_DEFAULT_ACK_TO 200 43#define L2CAP_DEFAULT_ACK_TO 200
43#define L2CAP_DEFAULT_MAX_SDU_SIZE 0xFFFF 44#define L2CAP_DEFAULT_MAX_SDU_SIZE 0xFFFF
44#define L2CAP_DEFAULT_SDU_ITIME 0xFFFFFFFF 45#define L2CAP_DEFAULT_SDU_ITIME 0xFFFFFFFF
@@ -508,6 +509,8 @@ struct l2cap_chan {
508 __u32 remote_acc_lat; 509 __u32 remote_acc_lat;
509 __u32 remote_flush_to; 510 __u32 remote_flush_to;
510 511
512 __u8 ctrl_id;
513
511 struct delayed_work chan_timer; 514 struct delayed_work chan_timer;
512 struct delayed_work retrans_timer; 515 struct delayed_work retrans_timer;
513 struct delayed_work monitor_timer; 516 struct delayed_work monitor_timer;
@@ -538,6 +541,7 @@ struct l2cap_ops {
538 void (*state_change) (struct l2cap_chan *chan, 541 void (*state_change) (struct l2cap_chan *chan,
539 int state); 542 int state);
540 void (*ready) (struct l2cap_chan *chan); 543 void (*ready) (struct l2cap_chan *chan);
544 void (*defer) (struct l2cap_chan *chan);
541 struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan, 545 struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan,
542 unsigned long len, int nb); 546 unsigned long len, int nb);
543}; 547};
@@ -745,6 +749,10 @@ static inline void l2cap_chan_no_ready(struct l2cap_chan *chan)
745{ 749{
746} 750}
747 751
752static inline void l2cap_chan_no_defer(struct l2cap_chan *chan)
753{
754}
755
748extern bool disable_ertm; 756extern bool disable_ertm;
749 757
750int l2cap_init_sockets(void); 758int l2cap_init_sockets(void);
@@ -767,6 +775,8 @@ int l2cap_chan_check_security(struct l2cap_chan *chan);
767void l2cap_chan_set_defaults(struct l2cap_chan *chan); 775void l2cap_chan_set_defaults(struct l2cap_chan *chan);
768int l2cap_ertm_init(struct l2cap_chan *chan); 776int l2cap_ertm_init(struct l2cap_chan *chan);
769void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan); 777void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan);
778void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan);
770void l2cap_chan_del(struct l2cap_chan *chan, int err); 779void l2cap_chan_del(struct l2cap_chan *chan, int err);
780void l2cap_send_conn_req(struct l2cap_chan *chan);
771 781
772#endif /* __L2CAP_H */ 782#endif /* __L2CAP_H */
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 3537d385035e..1c11d0dcd863 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -11,6 +11,7 @@ menuconfig BT
11 select CRYPTO_BLKCIPHER 11 select CRYPTO_BLKCIPHER
12 select CRYPTO_AES 12 select CRYPTO_AES
13 select CRYPTO_ECB 13 select CRYPTO_ECB
14 select CRYPTO_SHA256
14 help 15 help
15 Bluetooth is low-cost, low-power, short-range wireless technology. 16 Bluetooth is low-cost, low-power, short-range wireless technology.
16 It was designed as a replacement for cables and other short-range 17 It was designed as a replacement for cables and other short-range
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile
index fa6d94a4602a..dea6a287daca 100644
--- a/net/bluetooth/Makefile
+++ b/net/bluetooth/Makefile
@@ -10,4 +10,4 @@ obj-$(CONFIG_BT_HIDP) += hidp/
10 10
11bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ 11bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \
12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \ 12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \
13 a2mp.o 13 a2mp.o amp.o
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index 0760d1fed6f0..d5136cfb57e2 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -16,6 +16,11 @@
16#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/l2cap.h> 17#include <net/bluetooth/l2cap.h>
18#include <net/bluetooth/a2mp.h> 18#include <net/bluetooth/a2mp.h>
19#include <net/bluetooth/amp.h>
20
21/* Global AMP Manager list */
22LIST_HEAD(amp_mgr_list);
23DEFINE_MUTEX(amp_mgr_list_lock);
19 24
20/* A2MP build & send command helper functions */ 25/* A2MP build & send command helper functions */
21static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data) 26static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
@@ -37,8 +42,7 @@ static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
37 return cmd; 42 return cmd;
38} 43}
39 44
40static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, 45void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data)
41 void *data)
42{ 46{
43 struct l2cap_chan *chan = mgr->a2mp_chan; 47 struct l2cap_chan *chan = mgr->a2mp_chan;
44 struct a2mp_cmd *cmd; 48 struct a2mp_cmd *cmd;
@@ -63,6 +67,14 @@ static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len,
63 kfree(cmd); 67 kfree(cmd);
64} 68}
65 69
70u8 __next_ident(struct amp_mgr *mgr)
71{
72 if (++mgr->ident == 0)
73 mgr->ident = 1;
74
75 return mgr->ident;
76}
77
66static inline void __a2mp_cl_bredr(struct a2mp_cl *cl) 78static inline void __a2mp_cl_bredr(struct a2mp_cl *cl)
67{ 79{
68 cl->id = 0; 80 cl->id = 0;
@@ -161,6 +173,83 @@ static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
161 return 0; 173 return 0;
162} 174}
163 175
176static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
177 struct a2mp_cmd *hdr)
178{
179 struct a2mp_discov_rsp *rsp = (void *) skb->data;
180 u16 len = le16_to_cpu(hdr->len);
181 struct a2mp_cl *cl;
182 u16 ext_feat;
183 bool found = false;
184
185 if (len < sizeof(*rsp))
186 return -EINVAL;
187
188 len -= sizeof(*rsp);
189 skb_pull(skb, sizeof(*rsp));
190
191 ext_feat = le16_to_cpu(rsp->ext_feat);
192
193 BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(rsp->mtu), ext_feat);
194
195 /* check that packet is not broken for now */
196 while (ext_feat & A2MP_FEAT_EXT) {
197 if (len < sizeof(ext_feat))
198 return -EINVAL;
199
200 ext_feat = get_unaligned_le16(skb->data);
201 BT_DBG("efm 0x%4.4x", ext_feat);
202 len -= sizeof(ext_feat);
203 skb_pull(skb, sizeof(ext_feat));
204 }
205
206 cl = (void *) skb->data;
207 while (len >= sizeof(*cl)) {
208 BT_DBG("Remote AMP id %d type %d status %d", cl->id, cl->type,
209 cl->status);
210
211 if (cl->id != HCI_BREDR_ID && cl->type == HCI_AMP) {
212 struct a2mp_info_req req;
213
214 found = true;
215 req.id = cl->id;
216 a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr),
217 sizeof(req), &req);
218 }
219
220 len -= sizeof(*cl);
221 cl = (void *) skb_pull(skb, sizeof(*cl));
222 }
223
224 /* Fall back to L2CAP init sequence */
225 if (!found) {
226 struct l2cap_conn *conn = mgr->l2cap_conn;
227 struct l2cap_chan *chan;
228
229 mutex_lock(&conn->chan_lock);
230
231 list_for_each_entry(chan, &conn->chan_l, list) {
232
233 BT_DBG("chan %p state %s", chan,
234 state_to_string(chan->state));
235
236 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP)
237 continue;
238
239 l2cap_chan_lock(chan);
240
241 if (chan->state == BT_CONNECT)
242 l2cap_send_conn_req(chan);
243
244 l2cap_chan_unlock(chan);
245 }
246
247 mutex_unlock(&conn->chan_lock);
248 }
249
250 return 0;
251}
252
164static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb, 253static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb,
165 struct a2mp_cmd *hdr) 254 struct a2mp_cmd *hdr)
166{ 255{
@@ -181,7 +270,6 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
181 struct a2mp_cmd *hdr) 270 struct a2mp_cmd *hdr)
182{ 271{
183 struct a2mp_info_req *req = (void *) skb->data; 272 struct a2mp_info_req *req = (void *) skb->data;
184 struct a2mp_info_rsp rsp;
185 struct hci_dev *hdev; 273 struct hci_dev *hdev;
186 274
187 if (le16_to_cpu(hdr->len) < sizeof(*req)) 275 if (le16_to_cpu(hdr->len) < sizeof(*req))
@@ -189,53 +277,93 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
189 277
190 BT_DBG("id %d", req->id); 278 BT_DBG("id %d", req->id);
191 279
192 rsp.id = req->id;
193 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
194
195 hdev = hci_dev_get(req->id); 280 hdev = hci_dev_get(req->id);
196 if (hdev && hdev->amp_type != HCI_BREDR) { 281 if (!hdev || hdev->dev_type != HCI_AMP) {
197 rsp.status = 0; 282 struct a2mp_info_rsp rsp;
198 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw); 283
199 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw); 284 rsp.id = req->id;
200 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency); 285 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
201 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap); 286
202 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size); 287 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp),
288 &rsp);
289
290 goto done;
203 } 291 }
204 292
293 mgr->state = READ_LOC_AMP_INFO;
294 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
295
296done:
205 if (hdev) 297 if (hdev)
206 hci_dev_put(hdev); 298 hci_dev_put(hdev);
207 299
208 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp), &rsp);
209
210 skb_pull(skb, sizeof(*req)); 300 skb_pull(skb, sizeof(*req));
211 return 0; 301 return 0;
212} 302}
213 303
304static int a2mp_getinfo_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
305 struct a2mp_cmd *hdr)
306{
307 struct a2mp_info_rsp *rsp = (struct a2mp_info_rsp *) skb->data;
308 struct a2mp_amp_assoc_req req;
309 struct amp_ctrl *ctrl;
310
311 if (le16_to_cpu(hdr->len) < sizeof(*rsp))
312 return -EINVAL;
313
314 BT_DBG("id %d status 0x%2.2x", rsp->id, rsp->status);
315
316 if (rsp->status)
317 return -EINVAL;
318
319 ctrl = amp_ctrl_add(mgr, rsp->id);
320 if (!ctrl)
321 return -ENOMEM;
322
323 req.id = rsp->id;
324 a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req),
325 &req);
326
327 skb_pull(skb, sizeof(*rsp));
328 return 0;
329}
330
214static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, 331static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
215 struct a2mp_cmd *hdr) 332 struct a2mp_cmd *hdr)
216{ 333{
217 struct a2mp_amp_assoc_req *req = (void *) skb->data; 334 struct a2mp_amp_assoc_req *req = (void *) skb->data;
218 struct hci_dev *hdev; 335 struct hci_dev *hdev;
336 struct amp_mgr *tmp;
219 337
220 if (le16_to_cpu(hdr->len) < sizeof(*req)) 338 if (le16_to_cpu(hdr->len) < sizeof(*req))
221 return -EINVAL; 339 return -EINVAL;
222 340
223 BT_DBG("id %d", req->id); 341 BT_DBG("id %d", req->id);
224 342
343 /* Make sure that other request is not processed */
344 tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
345
225 hdev = hci_dev_get(req->id); 346 hdev = hci_dev_get(req->id);
226 if (!hdev || hdev->amp_type == HCI_BREDR) { 347 if (!hdev || hdev->amp_type == HCI_BREDR || tmp) {
227 struct a2mp_amp_assoc_rsp rsp; 348 struct a2mp_amp_assoc_rsp rsp;
228 rsp.id = req->id; 349 rsp.id = req->id;
229 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 350
351 if (tmp) {
352 rsp.status = A2MP_STATUS_COLLISION_OCCURED;
353 amp_mgr_put(tmp);
354 } else {
355 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
356 }
230 357
231 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp), 358 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp),
232 &rsp); 359 &rsp);
233 goto clean; 360
361 goto done;
234 } 362 }
235 363
236 /* Placeholder for HCI Read AMP Assoc */ 364 amp_read_loc_assoc(hdev, mgr);
237 365
238clean: 366done:
239 if (hdev) 367 if (hdev)
240 hci_dev_put(hdev); 368 hci_dev_put(hdev);
241 369
@@ -243,6 +371,68 @@ clean:
243 return 0; 371 return 0;
244} 372}
245 373
374static int a2mp_getampassoc_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
375 struct a2mp_cmd *hdr)
376{
377 struct a2mp_amp_assoc_rsp *rsp = (void *) skb->data;
378 u16 len = le16_to_cpu(hdr->len);
379 struct hci_dev *hdev;
380 struct amp_ctrl *ctrl;
381 struct hci_conn *hcon;
382 size_t assoc_len;
383
384 if (len < sizeof(*rsp))
385 return -EINVAL;
386
387 assoc_len = len - sizeof(*rsp);
388
389 BT_DBG("id %d status 0x%2.2x assoc len %zu", rsp->id, rsp->status,
390 assoc_len);
391
392 if (rsp->status)
393 return -EINVAL;
394
395 /* Save remote ASSOC data */
396 ctrl = amp_ctrl_lookup(mgr, rsp->id);
397 if (ctrl) {
398 u8 *assoc;
399
400 assoc = kzalloc(assoc_len, GFP_KERNEL);
401 if (!assoc) {
402 amp_ctrl_put(ctrl);
403 return -ENOMEM;
404 }
405
406 memcpy(assoc, rsp->amp_assoc, assoc_len);
407 ctrl->assoc = assoc;
408 ctrl->assoc_len = assoc_len;
409 ctrl->assoc_rem_len = assoc_len;
410 ctrl->assoc_len_so_far = 0;
411
412 amp_ctrl_put(ctrl);
413 }
414
415 /* Create Phys Link */
416 hdev = hci_dev_get(rsp->id);
417 if (!hdev)
418 return -EINVAL;
419
420 hcon = phylink_add(hdev, mgr, rsp->id, true);
421 if (!hcon)
422 goto done;
423
424 BT_DBG("Created hcon %p: loc:%d -> rem:%d", hcon, hdev->id, rsp->id);
425
426 mgr->bredr_chan->ctrl_id = rsp->id;
427
428 amp_create_phylink(hdev, mgr, hcon);
429
430done:
431 hci_dev_put(hdev);
432 skb_pull(skb, len);
433 return 0;
434}
435
246static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb, 436static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
247 struct a2mp_cmd *hdr) 437 struct a2mp_cmd *hdr)
248{ 438{
@@ -250,6 +440,8 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
250 440
251 struct a2mp_physlink_rsp rsp; 441 struct a2mp_physlink_rsp rsp;
252 struct hci_dev *hdev; 442 struct hci_dev *hdev;
443 struct hci_conn *hcon;
444 struct amp_ctrl *ctrl;
253 445
254 if (le16_to_cpu(hdr->len) < sizeof(*req)) 446 if (le16_to_cpu(hdr->len) < sizeof(*req))
255 return -EINVAL; 447 return -EINVAL;
@@ -265,9 +457,43 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
265 goto send_rsp; 457 goto send_rsp;
266 } 458 }
267 459
268 /* TODO process physlink create */ 460 ctrl = amp_ctrl_lookup(mgr, rsp.remote_id);
461 if (!ctrl) {
462 ctrl = amp_ctrl_add(mgr, rsp.remote_id);
463 if (ctrl) {
464 amp_ctrl_get(ctrl);
465 } else {
466 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
467 goto send_rsp;
468 }
469 }
269 470
270 rsp.status = A2MP_STATUS_SUCCESS; 471 if (ctrl) {
472 size_t assoc_len = le16_to_cpu(hdr->len) - sizeof(*req);
473 u8 *assoc;
474
475 assoc = kzalloc(assoc_len, GFP_KERNEL);
476 if (!assoc) {
477 amp_ctrl_put(ctrl);
478 return -ENOMEM;
479 }
480
481 memcpy(assoc, req->amp_assoc, assoc_len);
482 ctrl->assoc = assoc;
483 ctrl->assoc_len = assoc_len;
484 ctrl->assoc_rem_len = assoc_len;
485 ctrl->assoc_len_so_far = 0;
486
487 amp_ctrl_put(ctrl);
488 }
489
490 hcon = phylink_add(hdev, mgr, req->local_id, false);
491 if (hcon) {
492 amp_accept_phylink(hdev, mgr, hcon);
493 rsp.status = A2MP_STATUS_SUCCESS;
494 } else {
495 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
496 }
271 497
272send_rsp: 498send_rsp:
273 if (hdev) 499 if (hdev)
@@ -286,6 +512,7 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
286 struct a2mp_physlink_req *req = (void *) skb->data; 512 struct a2mp_physlink_req *req = (void *) skb->data;
287 struct a2mp_physlink_rsp rsp; 513 struct a2mp_physlink_rsp rsp;
288 struct hci_dev *hdev; 514 struct hci_dev *hdev;
515 struct hci_conn *hcon;
289 516
290 if (le16_to_cpu(hdr->len) < sizeof(*req)) 517 if (le16_to_cpu(hdr->len) < sizeof(*req))
291 return -EINVAL; 518 return -EINVAL;
@@ -296,14 +523,22 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
296 rsp.remote_id = req->local_id; 523 rsp.remote_id = req->local_id;
297 rsp.status = A2MP_STATUS_SUCCESS; 524 rsp.status = A2MP_STATUS_SUCCESS;
298 525
299 hdev = hci_dev_get(req->local_id); 526 hdev = hci_dev_get(req->remote_id);
300 if (!hdev) { 527 if (!hdev) {
301 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 528 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
302 goto send_rsp; 529 goto send_rsp;
303 } 530 }
304 531
532 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, mgr->l2cap_conn->dst);
533 if (!hcon) {
534 BT_ERR("No phys link exist");
535 rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS;
536 goto clean;
537 }
538
305 /* TODO Disconnect Phys Link here */ 539 /* TODO Disconnect Phys Link here */
306 540
541clean:
307 hci_dev_put(hdev); 542 hci_dev_put(hdev);
308 543
309send_rsp: 544send_rsp:
@@ -377,10 +612,19 @@ static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
377 err = a2mp_discphyslink_req(mgr, skb, hdr); 612 err = a2mp_discphyslink_req(mgr, skb, hdr);
378 break; 613 break;
379 614
380 case A2MP_CHANGE_RSP:
381 case A2MP_DISCOVER_RSP: 615 case A2MP_DISCOVER_RSP:
616 err = a2mp_discover_rsp(mgr, skb, hdr);
617 break;
618
382 case A2MP_GETINFO_RSP: 619 case A2MP_GETINFO_RSP:
620 err = a2mp_getinfo_rsp(mgr, skb, hdr);
621 break;
622
383 case A2MP_GETAMPASSOC_RSP: 623 case A2MP_GETAMPASSOC_RSP:
624 err = a2mp_getampassoc_rsp(mgr, skb, hdr);
625 break;
626
627 case A2MP_CHANGE_RSP:
384 case A2MP_CREATEPHYSLINK_RSP: 628 case A2MP_CREATEPHYSLINK_RSP:
385 case A2MP_DISCONNPHYSLINK_RSP: 629 case A2MP_DISCONNPHYSLINK_RSP:
386 err = a2mp_cmd_rsp(mgr, skb, hdr); 630 err = a2mp_cmd_rsp(mgr, skb, hdr);
@@ -455,9 +699,10 @@ static struct l2cap_ops a2mp_chan_ops = {
455 .new_connection = l2cap_chan_no_new_connection, 699 .new_connection = l2cap_chan_no_new_connection,
456 .teardown = l2cap_chan_no_teardown, 700 .teardown = l2cap_chan_no_teardown,
457 .ready = l2cap_chan_no_ready, 701 .ready = l2cap_chan_no_ready,
702 .defer = l2cap_chan_no_defer,
458}; 703};
459 704
460static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn) 705static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked)
461{ 706{
462 struct l2cap_chan *chan; 707 struct l2cap_chan *chan;
463 int err; 708 int err;
@@ -492,7 +737,10 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
492 737
493 chan->conf_state = 0; 738 chan->conf_state = 0;
494 739
495 l2cap_chan_add(conn, chan); 740 if (locked)
741 __l2cap_chan_add(conn, chan);
742 else
743 l2cap_chan_add(conn, chan);
496 744
497 chan->remote_mps = chan->omtu; 745 chan->remote_mps = chan->omtu;
498 chan->mps = chan->omtu; 746 chan->mps = chan->omtu;
@@ -503,11 +751,13 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
503} 751}
504 752
505/* AMP Manager functions */ 753/* AMP Manager functions */
506void amp_mgr_get(struct amp_mgr *mgr) 754struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr)
507{ 755{
508 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount)); 756 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
509 757
510 kref_get(&mgr->kref); 758 kref_get(&mgr->kref);
759
760 return mgr;
511} 761}
512 762
513static void amp_mgr_destroy(struct kref *kref) 763static void amp_mgr_destroy(struct kref *kref)
@@ -516,6 +766,11 @@ static void amp_mgr_destroy(struct kref *kref)
516 766
517 BT_DBG("mgr %p", mgr); 767 BT_DBG("mgr %p", mgr);
518 768
769 mutex_lock(&amp_mgr_list_lock);
770 list_del(&mgr->list);
771 mutex_unlock(&amp_mgr_list_lock);
772
773 amp_ctrl_list_flush(mgr);
519 kfree(mgr); 774 kfree(mgr);
520} 775}
521 776
@@ -526,7 +781,7 @@ int amp_mgr_put(struct amp_mgr *mgr)
526 return kref_put(&mgr->kref, &amp_mgr_destroy); 781 return kref_put(&mgr->kref, &amp_mgr_destroy);
527} 782}
528 783
529static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn) 784static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn, bool locked)
530{ 785{
531 struct amp_mgr *mgr; 786 struct amp_mgr *mgr;
532 struct l2cap_chan *chan; 787 struct l2cap_chan *chan;
@@ -539,7 +794,7 @@ static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn)
539 794
540 mgr->l2cap_conn = conn; 795 mgr->l2cap_conn = conn;
541 796
542 chan = a2mp_chan_open(conn); 797 chan = a2mp_chan_open(conn, locked);
543 if (!chan) { 798 if (!chan) {
544 kfree(mgr); 799 kfree(mgr);
545 return NULL; 800 return NULL;
@@ -552,6 +807,14 @@ static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn)
552 807
553 kref_init(&mgr->kref); 808 kref_init(&mgr->kref);
554 809
810 /* Remote AMP ctrl list initialization */
811 INIT_LIST_HEAD(&mgr->amp_ctrls);
812 mutex_init(&mgr->amp_ctrls_lock);
813
814 mutex_lock(&amp_mgr_list_lock);
815 list_add(&mgr->list, &amp_mgr_list);
816 mutex_unlock(&amp_mgr_list_lock);
817
555 return mgr; 818 return mgr;
556} 819}
557 820
@@ -560,7 +823,7 @@ struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
560{ 823{
561 struct amp_mgr *mgr; 824 struct amp_mgr *mgr;
562 825
563 mgr = amp_mgr_create(conn); 826 mgr = amp_mgr_create(conn, false);
564 if (!mgr) { 827 if (!mgr) {
565 BT_ERR("Could not create AMP manager"); 828 BT_ERR("Could not create AMP manager");
566 return NULL; 829 return NULL;
@@ -570,3 +833,139 @@ struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
570 833
571 return mgr->a2mp_chan; 834 return mgr->a2mp_chan;
572} 835}
836
837struct amp_mgr *amp_mgr_lookup_by_state(u8 state)
838{
839 struct amp_mgr *mgr;
840
841 mutex_lock(&amp_mgr_list_lock);
842 list_for_each_entry(mgr, &amp_mgr_list, list) {
843 if (mgr->state == state) {
844 amp_mgr_get(mgr);
845 mutex_unlock(&amp_mgr_list_lock);
846 return mgr;
847 }
848 }
849 mutex_unlock(&amp_mgr_list_lock);
850
851 return NULL;
852}
853
854void a2mp_send_getinfo_rsp(struct hci_dev *hdev)
855{
856 struct amp_mgr *mgr;
857 struct a2mp_info_rsp rsp;
858
859 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_INFO);
860 if (!mgr)
861 return;
862
863 BT_DBG("%s mgr %p", hdev->name, mgr);
864
865 rsp.id = hdev->id;
866 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
867
868 if (hdev->amp_type != HCI_BREDR) {
869 rsp.status = 0;
870 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
871 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
872 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency);
873 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap);
874 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size);
875 }
876
877 a2mp_send(mgr, A2MP_GETINFO_RSP, mgr->ident, sizeof(rsp), &rsp);
878 amp_mgr_put(mgr);
879}
880
881void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status)
882{
883 struct amp_mgr *mgr;
884 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
885 struct a2mp_amp_assoc_rsp *rsp;
886 size_t len;
887
888 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
889 if (!mgr)
890 return;
891
892 BT_DBG("%s mgr %p", hdev->name, mgr);
893
894 len = sizeof(struct a2mp_amp_assoc_rsp) + loc_assoc->len;
895 rsp = kzalloc(len, GFP_KERNEL);
896 if (!rsp) {
897 amp_mgr_put(mgr);
898 return;
899 }
900
901 rsp->id = hdev->id;
902
903 if (status) {
904 rsp->status = A2MP_STATUS_INVALID_CTRL_ID;
905 } else {
906 rsp->status = A2MP_STATUS_SUCCESS;
907 memcpy(rsp->amp_assoc, loc_assoc->data, loc_assoc->len);
908 }
909
910 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, mgr->ident, len, rsp);
911 amp_mgr_put(mgr);
912 kfree(rsp);
913}
914
915void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status)
916{
917 struct amp_mgr *mgr;
918 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
919 struct a2mp_physlink_req *req;
920 struct l2cap_chan *bredr_chan;
921 size_t len;
922
923 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC_FINAL);
924 if (!mgr)
925 return;
926
927 len = sizeof(*req) + loc_assoc->len;
928
929 BT_DBG("%s mgr %p assoc_len %zu", hdev->name, mgr, len);
930
931 req = kzalloc(len, GFP_KERNEL);
932 if (!req) {
933 amp_mgr_put(mgr);
934 return;
935 }
936
937 bredr_chan = mgr->bredr_chan;
938 if (!bredr_chan)
939 goto clean;
940
941 req->local_id = hdev->id;
942 req->remote_id = bredr_chan->ctrl_id;
943 memcpy(req->amp_assoc, loc_assoc->data, loc_assoc->len);
944
945 a2mp_send(mgr, A2MP_CREATEPHYSLINK_REQ, __next_ident(mgr), len, req);
946
947clean:
948 amp_mgr_put(mgr);
949 kfree(req);
950}
951
952void a2mp_discover_amp(struct l2cap_chan *chan)
953{
954 struct l2cap_conn *conn = chan->conn;
955 struct amp_mgr *mgr = conn->hcon->amp_mgr;
956 struct a2mp_discov_req req;
957
958 BT_DBG("chan %p conn %p mgr %p", chan, conn, mgr);
959
960 if (!mgr) {
961 mgr = amp_mgr_create(conn, true);
962 if (!mgr)
963 return;
964 }
965
966 mgr->bredr_chan = chan;
967
968 req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
969 req.ext_feat = 0;
970 a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req);
971}
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index ba033f09196e..5355df63d39b 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -569,7 +569,6 @@ static int bt_seq_show(struct seq_file *seq, void *v)
569{ 569{
570 struct bt_seq_state *s = seq->private; 570 struct bt_seq_state *s = seq->private;
571 struct bt_sock_list *l = s->l; 571 struct bt_sock_list *l = s->l;
572 bdaddr_t src_baswapped, dst_baswapped;
573 572
574 if (v == SEQ_START_TOKEN) { 573 if (v == SEQ_START_TOKEN) {
575 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent"); 574 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent");
@@ -583,18 +582,17 @@ static int bt_seq_show(struct seq_file *seq, void *v)
583 } else { 582 } else {
584 struct sock *sk = sk_entry(v); 583 struct sock *sk = sk_entry(v);
585 struct bt_sock *bt = bt_sk(sk); 584 struct bt_sock *bt = bt_sk(sk);
586 baswap(&src_baswapped, &bt->src);
587 baswap(&dst_baswapped, &bt->dst);
588 585
589 seq_printf(seq, "%pK %-6d %-6u %-6u %-6u %-6lu %pM %pM %-6lu", 586 seq_printf(seq,
587 "%pK %-6d %-6u %-6u %-6u %-6lu %pMR %pMR %-6lu",
590 sk, 588 sk,
591 atomic_read(&sk->sk_refcnt), 589 atomic_read(&sk->sk_refcnt),
592 sk_rmem_alloc_get(sk), 590 sk_rmem_alloc_get(sk),
593 sk_wmem_alloc_get(sk), 591 sk_wmem_alloc_get(sk),
594 from_kuid(seq_user_ns(seq), sock_i_uid(sk)), 592 from_kuid(seq_user_ns(seq), sock_i_uid(sk)),
595 sock_i_ino(sk), 593 sock_i_ino(sk),
596 &src_baswapped, 594 &bt->src,
597 &dst_baswapped, 595 &bt->dst,
598 bt->parent? sock_i_ino(bt->parent): 0LU); 596 bt->parent? sock_i_ino(bt->parent): 0LU);
599 597
600 if (l->custom_seq_show) { 598 if (l->custom_seq_show) {
diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c
new file mode 100644
index 000000000000..231d7ef53ecb
--- /dev/null
+++ b/net/bluetooth/amp.c
@@ -0,0 +1,374 @@
1/*
2 Copyright (c) 2011,2012 Intel Corp.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2 and
6 only version 2 as published by the Free Software Foundation.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12*/
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci.h>
16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/a2mp.h>
18#include <net/bluetooth/amp.h>
19#include <crypto/hash.h>
20
21/* Remote AMP Controllers interface */
22void amp_ctrl_get(struct amp_ctrl *ctrl)
23{
24 BT_DBG("ctrl %p orig refcnt %d", ctrl,
25 atomic_read(&ctrl->kref.refcount));
26
27 kref_get(&ctrl->kref);
28}
29
30static void amp_ctrl_destroy(struct kref *kref)
31{
32 struct amp_ctrl *ctrl = container_of(kref, struct amp_ctrl, kref);
33
34 BT_DBG("ctrl %p", ctrl);
35
36 kfree(ctrl->assoc);
37 kfree(ctrl);
38}
39
40int amp_ctrl_put(struct amp_ctrl *ctrl)
41{
42 BT_DBG("ctrl %p orig refcnt %d", ctrl,
43 atomic_read(&ctrl->kref.refcount));
44
45 return kref_put(&ctrl->kref, &amp_ctrl_destroy);
46}
47
48struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id)
49{
50 struct amp_ctrl *ctrl;
51
52 ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
53 if (!ctrl)
54 return NULL;
55
56 kref_init(&ctrl->kref);
57 ctrl->id = id;
58
59 mutex_lock(&mgr->amp_ctrls_lock);
60 list_add(&ctrl->list, &mgr->amp_ctrls);
61 mutex_unlock(&mgr->amp_ctrls_lock);
62
63 BT_DBG("mgr %p ctrl %p", mgr, ctrl);
64
65 return ctrl;
66}
67
68void amp_ctrl_list_flush(struct amp_mgr *mgr)
69{
70 struct amp_ctrl *ctrl, *n;
71
72 BT_DBG("mgr %p", mgr);
73
74 mutex_lock(&mgr->amp_ctrls_lock);
75 list_for_each_entry_safe(ctrl, n, &mgr->amp_ctrls, list) {
76 list_del(&ctrl->list);
77 amp_ctrl_put(ctrl);
78 }
79 mutex_unlock(&mgr->amp_ctrls_lock);
80}
81
82struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id)
83{
84 struct amp_ctrl *ctrl;
85
86 BT_DBG("mgr %p id %d", mgr, id);
87
88 mutex_lock(&mgr->amp_ctrls_lock);
89 list_for_each_entry(ctrl, &mgr->amp_ctrls, list) {
90 if (ctrl->id == id) {
91 amp_ctrl_get(ctrl);
92 mutex_unlock(&mgr->amp_ctrls_lock);
93 return ctrl;
94 }
95 }
96 mutex_unlock(&mgr->amp_ctrls_lock);
97
98 return NULL;
99}
100
101/* Physical Link interface */
102static u8 __next_handle(struct amp_mgr *mgr)
103{
104 if (++mgr->handle == 0)
105 mgr->handle = 1;
106
107 return mgr->handle;
108}
109
110struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
111 u8 remote_id, bool out)
112{
113 bdaddr_t *dst = mgr->l2cap_conn->dst;
114 struct hci_conn *hcon;
115
116 hcon = hci_conn_add(hdev, AMP_LINK, dst);
117 if (!hcon)
118 return NULL;
119
120 BT_DBG("hcon %p dst %pMR", hcon, dst);
121
122 hcon->state = BT_CONNECT;
123 hcon->attempt++;
124 hcon->handle = __next_handle(mgr);
125 hcon->remote_id = remote_id;
126 hcon->amp_mgr = amp_mgr_get(mgr);
127 hcon->out = out;
128
129 return hcon;
130}
131
132/* AMP crypto key generation interface */
133static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output)
134{
135 int ret = 0;
136 struct crypto_shash *tfm;
137
138 if (!ksize)
139 return -EINVAL;
140
141 tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
142 if (IS_ERR(tfm)) {
143 BT_DBG("crypto_alloc_ahash failed: err %ld", PTR_ERR(tfm));
144 return PTR_ERR(tfm);
145 }
146
147 ret = crypto_shash_setkey(tfm, key, ksize);
148 if (ret) {
149 BT_DBG("crypto_ahash_setkey failed: err %d", ret);
150 } else {
151 struct {
152 struct shash_desc shash;
153 char ctx[crypto_shash_descsize(tfm)];
154 } desc;
155
156 desc.shash.tfm = tfm;
157 desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
158
159 ret = crypto_shash_digest(&desc.shash, plaintext, psize,
160 output);
161 }
162
163 crypto_free_shash(tfm);
164 return ret;
165}
166
167int phylink_gen_key(struct hci_conn *conn, u8 *data, u8 *len, u8 *type)
168{
169 struct hci_dev *hdev = conn->hdev;
170 struct link_key *key;
171 u8 keybuf[HCI_AMP_LINK_KEY_SIZE];
172 u8 gamp_key[HCI_AMP_LINK_KEY_SIZE];
173 int err;
174
175 if (!hci_conn_check_link_mode(conn))
176 return -EACCES;
177
178 BT_DBG("conn %p key_type %d", conn, conn->key_type);
179
180 /* Legacy key */
181 if (conn->key_type < 3) {
182 BT_ERR("Legacy key type %d", conn->key_type);
183 return -EACCES;
184 }
185
186 *type = conn->key_type;
187 *len = HCI_AMP_LINK_KEY_SIZE;
188
189 key = hci_find_link_key(hdev, &conn->dst);
190 if (!key) {
191 BT_DBG("No Link key for conn %p dst %pMR", conn, &conn->dst);
192 return -EACCES;
193 }
194
195 /* BR/EDR Link Key concatenated together with itself */
196 memcpy(&keybuf[0], key->val, HCI_LINK_KEY_SIZE);
197 memcpy(&keybuf[HCI_LINK_KEY_SIZE], key->val, HCI_LINK_KEY_SIZE);
198
199 /* Derive Generic AMP Link Key (gamp) */
200 err = hmac_sha256(keybuf, HCI_AMP_LINK_KEY_SIZE, "gamp", 4, gamp_key);
201 if (err) {
202 BT_ERR("Could not derive Generic AMP Key: err %d", err);
203 return err;
204 }
205
206 if (conn->key_type == HCI_LK_DEBUG_COMBINATION) {
207 BT_DBG("Use Generic AMP Key (gamp)");
208 memcpy(data, gamp_key, HCI_AMP_LINK_KEY_SIZE);
209 return err;
210 }
211
212 /* Derive Dedicated AMP Link Key: "802b" is 802.11 PAL keyID */
213 return hmac_sha256(gamp_key, HCI_AMP_LINK_KEY_SIZE, "802b", 4, data);
214}
215
216void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle)
217{
218 struct hci_cp_read_local_amp_assoc cp;
219 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
220
221 BT_DBG("%s handle %d", hdev->name, phy_handle);
222
223 cp.phy_handle = phy_handle;
224 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
225 cp.len_so_far = cpu_to_le16(loc_assoc->offset);
226
227 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
228}
229
230void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr)
231{
232 struct hci_cp_read_local_amp_assoc cp;
233
234 memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc));
235 memset(&cp, 0, sizeof(cp));
236
237 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
238
239 mgr->state = READ_LOC_AMP_ASSOC;
240 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
241}
242
243void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
244 struct hci_conn *hcon)
245{
246 struct hci_cp_read_local_amp_assoc cp;
247 struct amp_mgr *mgr = hcon->amp_mgr;
248
249 cp.phy_handle = hcon->handle;
250 cp.len_so_far = cpu_to_le16(0);
251 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
252
253 mgr->state = READ_LOC_AMP_ASSOC_FINAL;
254
255 /* Read Local AMP Assoc final link information data */
256 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
257}
258
259/* Write AMP Assoc data fragments, returns true with last fragment written*/
260static bool amp_write_rem_assoc_frag(struct hci_dev *hdev,
261 struct hci_conn *hcon)
262{
263 struct hci_cp_write_remote_amp_assoc *cp;
264 struct amp_mgr *mgr = hcon->amp_mgr;
265 struct amp_ctrl *ctrl;
266 u16 frag_len, len;
267
268 ctrl = amp_ctrl_lookup(mgr, hcon->remote_id);
269 if (!ctrl)
270 return false;
271
272 if (!ctrl->assoc_rem_len) {
273 BT_DBG("all fragments are written");
274 ctrl->assoc_rem_len = ctrl->assoc_len;
275 ctrl->assoc_len_so_far = 0;
276
277 amp_ctrl_put(ctrl);
278 return true;
279 }
280
281 frag_len = min_t(u16, 248, ctrl->assoc_rem_len);
282 len = frag_len + sizeof(*cp);
283
284 cp = kzalloc(len, GFP_KERNEL);
285 if (!cp) {
286 amp_ctrl_put(ctrl);
287 return false;
288 }
289
290 BT_DBG("hcon %p ctrl %p frag_len %u assoc_len %u rem_len %u",
291 hcon, ctrl, frag_len, ctrl->assoc_len, ctrl->assoc_rem_len);
292
293 cp->phy_handle = hcon->handle;
294 cp->len_so_far = cpu_to_le16(ctrl->assoc_len_so_far);
295 cp->rem_len = cpu_to_le16(ctrl->assoc_rem_len);
296 memcpy(cp->frag, ctrl->assoc, frag_len);
297
298 ctrl->assoc_len_so_far += frag_len;
299 ctrl->assoc_rem_len -= frag_len;
300
301 amp_ctrl_put(ctrl);
302
303 hci_send_cmd(hdev, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp);
304
305 kfree(cp);
306
307 return false;
308}
309
310void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle)
311{
312 struct hci_conn *hcon;
313
314 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
315
316 hcon = hci_conn_hash_lookup_handle(hdev, handle);
317 if (!hcon)
318 return;
319
320 amp_write_rem_assoc_frag(hdev, hcon);
321}
322
323void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle)
324{
325 struct hci_conn *hcon;
326
327 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
328
329 hcon = hci_conn_hash_lookup_handle(hdev, handle);
330 if (!hcon)
331 return;
332
333 BT_DBG("%s phy handle 0x%2.2x hcon %p", hdev->name, handle, hcon);
334
335 amp_write_rem_assoc_frag(hdev, hcon);
336}
337
338void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
339 struct hci_conn *hcon)
340{
341 struct hci_cp_create_phy_link cp;
342
343 cp.phy_handle = hcon->handle;
344
345 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
346 hcon->handle);
347
348 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
349 &cp.key_type)) {
350 BT_DBG("Cannot create link key");
351 return;
352 }
353
354 hci_send_cmd(hdev, HCI_OP_CREATE_PHY_LINK, sizeof(cp), &cp);
355}
356
357void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
358 struct hci_conn *hcon)
359{
360 struct hci_cp_accept_phy_link cp;
361
362 cp.phy_handle = hcon->handle;
363
364 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
365 hcon->handle);
366
367 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
368 &cp.key_type)) {
369 BT_DBG("Cannot create link key");
370 return;
371 }
372
373 hci_send_cmd(hdev, HCI_OP_ACCEPT_PHY_LINK, sizeof(cp), &cp);
374}
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 4a6620bc1570..a5b639702637 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -182,8 +182,7 @@ static int bnep_ctrl_set_mcfilter(struct bnep_session *s, u8 *data, int len)
182 a2 = data; 182 a2 = data;
183 data += ETH_ALEN; 183 data += ETH_ALEN;
184 184
185 BT_DBG("mc filter %s -> %s", 185 BT_DBG("mc filter %pMR -> %pMR", a1, a2);
186 batostr((void *) a1), batostr((void *) a2));
187 186
188 /* Iterate from a1 to a2 */ 187 /* Iterate from a1 to a2 */
189 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter); 188 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter);
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 6c9c1fd601ca..e0a6ebf2baa6 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -353,7 +353,7 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
353 353
354 BT_DBG("mtu %d", session->mtu); 354 BT_DBG("mtu %d", session->mtu);
355 355
356 sprintf(session->name, "%s", batostr(&bt_sk(sock->sk)->dst)); 356 sprintf(session->name, "%pMR", &bt_sk(sock->sk)->dst);
357 357
358 session->sock = sock; 358 session->sock = sock;
359 session->state = BT_CONFIG; 359 session->state = BT_CONFIG;
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b9196a44f759..fe646211c61f 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -130,6 +130,20 @@ void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
131} 131}
132 132
133static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
134{
135 struct hci_cp_disconn_phy_link cp;
136
137 BT_DBG("hcon %p", conn);
138
139 conn->state = BT_DISCONN;
140
141 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
142 cp.reason = reason;
143 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
144 sizeof(cp), &cp);
145}
146
133static void hci_add_sco(struct hci_conn *conn, __u16 handle) 147static void hci_add_sco(struct hci_conn *conn, __u16 handle)
134{ 148{
135 struct hci_dev *hdev = conn->hdev; 149 struct hci_dev *hdev = conn->hdev;
@@ -230,11 +244,24 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
230 } 244 }
231} 245}
232 246
247static void hci_conn_disconnect(struct hci_conn *conn)
248{
249 __u8 reason = hci_proto_disconn_ind(conn);
250
251 switch (conn->type) {
252 case ACL_LINK:
253 hci_acl_disconn(conn, reason);
254 break;
255 case AMP_LINK:
256 hci_amp_disconn(conn, reason);
257 break;
258 }
259}
260
233static void hci_conn_timeout(struct work_struct *work) 261static void hci_conn_timeout(struct work_struct *work)
234{ 262{
235 struct hci_conn *conn = container_of(work, struct hci_conn, 263 struct hci_conn *conn = container_of(work, struct hci_conn,
236 disc_work.work); 264 disc_work.work);
237 __u8 reason;
238 265
239 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); 266 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
240 267
@@ -253,8 +280,7 @@ static void hci_conn_timeout(struct work_struct *work)
253 break; 280 break;
254 case BT_CONFIG: 281 case BT_CONFIG:
255 case BT_CONNECTED: 282 case BT_CONNECTED:
256 reason = hci_proto_disconn_ind(conn); 283 hci_conn_disconnect(conn);
257 hci_acl_disconn(conn, reason);
258 break; 284 break;
259 default: 285 default:
260 conn->state = BT_CLOSED; 286 conn->state = BT_CLOSED;
@@ -320,7 +346,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
320{ 346{
321 struct hci_conn *conn; 347 struct hci_conn *conn;
322 348
323 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 349 BT_DBG("%s dst %pMR", hdev->name, dst);
324 350
325 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL); 351 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
326 if (!conn) 352 if (!conn)
@@ -437,7 +463,7 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
437 int use_src = bacmp(src, BDADDR_ANY); 463 int use_src = bacmp(src, BDADDR_ANY);
438 struct hci_dev *hdev = NULL, *d; 464 struct hci_dev *hdev = NULL, *d;
439 465
440 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 466 BT_DBG("%pMR -> %pMR", src, dst);
441 467
442 read_lock(&hci_dev_list_lock); 468 read_lock(&hci_dev_list_lock);
443 469
@@ -567,7 +593,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
567struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, 593struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
568 __u8 dst_type, __u8 sec_level, __u8 auth_type) 594 __u8 dst_type, __u8 sec_level, __u8 auth_type)
569{ 595{
570 BT_DBG("%s dst %s type 0x%x", hdev->name, batostr(dst), type); 596 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
571 597
572 switch (type) { 598 switch (type) {
573 case LE_LINK: 599 case LE_LINK:
@@ -963,3 +989,35 @@ void hci_chan_list_flush(struct hci_conn *conn)
963 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 989 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
964 hci_chan_del(chan); 990 hci_chan_del(chan);
965} 991}
992
993static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
994 __u16 handle)
995{
996 struct hci_chan *hchan;
997
998 list_for_each_entry(hchan, &hcon->chan_list, list) {
999 if (hchan->handle == handle)
1000 return hchan;
1001 }
1002
1003 return NULL;
1004}
1005
1006struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1007{
1008 struct hci_conn_hash *h = &hdev->conn_hash;
1009 struct hci_conn *hcon;
1010 struct hci_chan *hchan = NULL;
1011
1012 rcu_read_lock();
1013
1014 list_for_each_entry_rcu(hcon, &h->list, list) {
1015 hchan = __hci_chan_lookup_handle(hcon, handle);
1016 if (hchan)
1017 break;
1018 }
1019
1020 rcu_read_unlock();
1021
1022 return hchan;
1023}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 8a0ce706aebd..5a3f941b610f 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -405,7 +405,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
405 struct discovery_state *cache = &hdev->discovery; 405 struct discovery_state *cache = &hdev->discovery;
406 struct inquiry_entry *e; 406 struct inquiry_entry *e;
407 407
408 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 408 BT_DBG("cache %p, %pMR", cache, bdaddr);
409 409
410 list_for_each_entry(e, &cache->all, all) { 410 list_for_each_entry(e, &cache->all, all) {
411 if (!bacmp(&e->data.bdaddr, bdaddr)) 411 if (!bacmp(&e->data.bdaddr, bdaddr))
@@ -421,7 +421,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
421 struct discovery_state *cache = &hdev->discovery; 421 struct discovery_state *cache = &hdev->discovery;
422 struct inquiry_entry *e; 422 struct inquiry_entry *e;
423 423
424 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 424 BT_DBG("cache %p, %pMR", cache, bdaddr);
425 425
426 list_for_each_entry(e, &cache->unknown, list) { 426 list_for_each_entry(e, &cache->unknown, list) {
427 if (!bacmp(&e->data.bdaddr, bdaddr)) 427 if (!bacmp(&e->data.bdaddr, bdaddr))
@@ -438,7 +438,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
438 struct discovery_state *cache = &hdev->discovery; 438 struct discovery_state *cache = &hdev->discovery;
439 struct inquiry_entry *e; 439 struct inquiry_entry *e;
440 440
441 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state); 441 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
442 442
443 list_for_each_entry(e, &cache->resolve, list) { 443 list_for_each_entry(e, &cache->resolve, list) {
444 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state) 444 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
@@ -475,7 +475,7 @@ bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
475 struct discovery_state *cache = &hdev->discovery; 475 struct discovery_state *cache = &hdev->discovery;
476 struct inquiry_entry *ie; 476 struct inquiry_entry *ie;
477 477
478 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 478 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
479 479
480 if (ssp) 480 if (ssp)
481 *ssp = data->ssp_mode; 481 *ssp = data->ssp_mode;
@@ -1259,7 +1259,7 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1259 list_add(&key->list, &hdev->link_keys); 1259 list_add(&key->list, &hdev->link_keys);
1260 } 1260 }
1261 1261
1262 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type); 1262 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
1263 1263
1264 /* Some buggy controller combinations generate a changed 1264 /* Some buggy controller combinations generate a changed
1265 * combination key for legacy pairing even when there's no 1265 * combination key for legacy pairing even when there's no
@@ -1338,7 +1338,7 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1338 if (!key) 1338 if (!key)
1339 return -ENOENT; 1339 return -ENOENT;
1340 1340
1341 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1341 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1342 1342
1343 list_del(&key->list); 1343 list_del(&key->list);
1344 kfree(key); 1344 kfree(key);
@@ -1354,7 +1354,7 @@ int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1354 if (bacmp(bdaddr, &k->bdaddr)) 1354 if (bacmp(bdaddr, &k->bdaddr))
1355 continue; 1355 continue;
1356 1356
1357 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1357 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1358 1358
1359 list_del(&k->list); 1359 list_del(&k->list);
1360 kfree(k); 1360 kfree(k);
@@ -1401,7 +1401,7 @@ int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1401 if (!data) 1401 if (!data)
1402 return -ENOENT; 1402 return -ENOENT;
1403 1403
1404 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1404 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1405 1405
1406 list_del(&data->list); 1406 list_del(&data->list);
1407 kfree(data); 1407 kfree(data);
@@ -1440,7 +1440,7 @@ int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1440 memcpy(data->hash, hash, sizeof(data->hash)); 1440 memcpy(data->hash, hash, sizeof(data->hash));
1441 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 1441 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1442 1442
1443 BT_DBG("%s for %s", hdev->name, batostr(bdaddr)); 1443 BT_DBG("%s for %pMR", hdev->name, bdaddr);
1444 1444
1445 return 0; 1445 return 0;
1446} 1446}
@@ -2153,9 +2153,10 @@ static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2153 hdr->dlen = cpu_to_le16(len); 2153 hdr->dlen = cpu_to_le16(len);
2154} 2154}
2155 2155
2156static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue, 2156static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2157 struct sk_buff *skb, __u16 flags) 2157 struct sk_buff *skb, __u16 flags)
2158{ 2158{
2159 struct hci_conn *conn = chan->conn;
2159 struct hci_dev *hdev = conn->hdev; 2160 struct hci_dev *hdev = conn->hdev;
2160 struct sk_buff *list; 2161 struct sk_buff *list;
2161 2162
@@ -2163,7 +2164,18 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2163 skb->data_len = 0; 2164 skb->data_len = 0;
2164 2165
2165 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2166 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2166 hci_add_acl_hdr(skb, conn->handle, flags); 2167
2168 switch (hdev->dev_type) {
2169 case HCI_BREDR:
2170 hci_add_acl_hdr(skb, conn->handle, flags);
2171 break;
2172 case HCI_AMP:
2173 hci_add_acl_hdr(skb, chan->handle, flags);
2174 break;
2175 default:
2176 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2177 return;
2178 }
2167 2179
2168 list = skb_shinfo(skb)->frag_list; 2180 list = skb_shinfo(skb)->frag_list;
2169 if (!list) { 2181 if (!list) {
@@ -2202,14 +2214,13 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2202 2214
2203void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags) 2215void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2204{ 2216{
2205 struct hci_conn *conn = chan->conn; 2217 struct hci_dev *hdev = chan->conn->hdev;
2206 struct hci_dev *hdev = conn->hdev;
2207 2218
2208 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 2219 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2209 2220
2210 skb->dev = (void *) hdev; 2221 skb->dev = (void *) hdev;
2211 2222
2212 hci_queue_acl(conn, &chan->data_q, skb, flags); 2223 hci_queue_acl(chan, &chan->data_q, skb, flags);
2213 2224
2214 queue_work(hdev->workqueue, &hdev->tx_work); 2225 queue_work(hdev->workqueue, &hdev->tx_work);
2215} 2226}
@@ -2311,8 +2322,8 @@ static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2311 /* Kill stalled connections */ 2322 /* Kill stalled connections */
2312 list_for_each_entry_rcu(c, &h->list, list) { 2323 list_for_each_entry_rcu(c, &h->list, list) {
2313 if (c->type == type && c->sent) { 2324 if (c->type == type && c->sent) {
2314 BT_ERR("%s killing stalled connection %s", 2325 BT_ERR("%s killing stalled connection %pMR",
2315 hdev->name, batostr(&c->dst)); 2326 hdev->name, &c->dst);
2316 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM); 2327 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM);
2317 } 2328 }
2318 } 2329 }
@@ -2381,6 +2392,9 @@ static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2381 case ACL_LINK: 2392 case ACL_LINK:
2382 cnt = hdev->acl_cnt; 2393 cnt = hdev->acl_cnt;
2383 break; 2394 break;
2395 case AMP_LINK:
2396 cnt = hdev->block_cnt;
2397 break;
2384 case SCO_LINK: 2398 case SCO_LINK:
2385 case ESCO_LINK: 2399 case ESCO_LINK:
2386 cnt = hdev->sco_cnt; 2400 cnt = hdev->sco_cnt;
@@ -2510,11 +2524,19 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
2510 struct hci_chan *chan; 2524 struct hci_chan *chan;
2511 struct sk_buff *skb; 2525 struct sk_buff *skb;
2512 int quote; 2526 int quote;
2527 u8 type;
2513 2528
2514 __check_timeout(hdev, cnt); 2529 __check_timeout(hdev, cnt);
2515 2530
2531 BT_DBG("%s", hdev->name);
2532
2533 if (hdev->dev_type == HCI_AMP)
2534 type = AMP_LINK;
2535 else
2536 type = ACL_LINK;
2537
2516 while (hdev->block_cnt > 0 && 2538 while (hdev->block_cnt > 0 &&
2517 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) { 2539 (chan = hci_chan_sent(hdev, type, &quote))) {
2518 u32 priority = (skb_peek(&chan->data_q))->priority; 2540 u32 priority = (skb_peek(&chan->data_q))->priority;
2519 while (quote > 0 && (skb = skb_peek(&chan->data_q))) { 2541 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2520 int blocks; 2542 int blocks;
@@ -2547,14 +2569,19 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
2547 } 2569 }
2548 2570
2549 if (cnt != hdev->block_cnt) 2571 if (cnt != hdev->block_cnt)
2550 hci_prio_recalculate(hdev, ACL_LINK); 2572 hci_prio_recalculate(hdev, type);
2551} 2573}
2552 2574
2553static void hci_sched_acl(struct hci_dev *hdev) 2575static void hci_sched_acl(struct hci_dev *hdev)
2554{ 2576{
2555 BT_DBG("%s", hdev->name); 2577 BT_DBG("%s", hdev->name);
2556 2578
2557 if (!hci_conn_num(hdev, ACL_LINK)) 2579 /* No ACL link over BR/EDR controller */
2580 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
2581 return;
2582
2583 /* No AMP link over AMP controller */
2584 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
2558 return; 2585 return;
2559 2586
2560 switch (hdev->flow_ctl_mode) { 2587 switch (hdev->flow_ctl_mode) {
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 2022b43c7353..0383635f91fb 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -30,6 +30,8 @@
30#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h> 31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h> 32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/a2mp.h>
34#include <net/bluetooth/amp.h>
33 35
34/* Handle HCI Event packets */ 36/* Handle HCI Event packets */
35 37
@@ -846,7 +848,7 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 848 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
847 849
848 if (rp->status) 850 if (rp->status)
849 return; 851 goto a2mp_rsp;
850 852
851 hdev->amp_status = rp->amp_status; 853 hdev->amp_status = rp->amp_status;
852 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw); 854 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
@@ -860,6 +862,46 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
860 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to); 862 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 863
862 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status); 864 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
865
866a2mp_rsp:
867 a2mp_send_getinfo_rsp(hdev);
868}
869
870static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
871 struct sk_buff *skb)
872{
873 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
874 struct amp_assoc *assoc = &hdev->loc_assoc;
875 size_t rem_len, frag_len;
876
877 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
878
879 if (rp->status)
880 goto a2mp_rsp;
881
882 frag_len = skb->len - sizeof(*rp);
883 rem_len = __le16_to_cpu(rp->rem_len);
884
885 if (rem_len > frag_len) {
886 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
887
888 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
889 assoc->offset += frag_len;
890
891 /* Read other fragments */
892 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
893
894 return;
895 }
896
897 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
898 assoc->len = assoc->offset + rem_len;
899 assoc->offset = 0;
900
901a2mp_rsp:
902 /* Send A2MP Rsp when all fragments are received */
903 a2mp_send_getampassoc_rsp(hdev, rp->status);
904 a2mp_send_create_phy_link_req(hdev, rp->status);
863} 905}
864 906
865static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 907static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
@@ -1174,6 +1216,20 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1174 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status); 1216 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1175} 1217}
1176 1218
1219static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1220 struct sk_buff *skb)
1221{
1222 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1223
1224 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1225 hdev->name, rp->status, rp->phy_handle);
1226
1227 if (rp->status)
1228 return;
1229
1230 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1231}
1232
1177static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1233static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1178{ 1234{
1179 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1235 BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -1210,7 +1266,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1210 1266
1211 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1267 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1212 1268
1213 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn); 1269 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1214 1270
1215 if (status) { 1271 if (status) {
1216 if (conn && conn->state == BT_CONNECT) { 1272 if (conn && conn->state == BT_CONNECT) {
@@ -1639,8 +1695,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1639 return; 1695 return;
1640 } 1696 }
1641 1697
1642 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst), 1698 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1643 conn);
1644 1699
1645 conn->state = BT_CLOSED; 1700 conn->state = BT_CLOSED;
1646 mgmt_connect_failed(hdev, &conn->dst, conn->type, 1701 mgmt_connect_failed(hdev, &conn->dst, conn->type,
@@ -1657,6 +1712,38 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1712 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1658} 1713}
1659 1714
1715static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1716{
1717 struct hci_cp_create_phy_link *cp;
1718
1719 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1720
1721 if (status)
1722 return;
1723
1724 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1725 if (!cp)
1726 return;
1727
1728 amp_write_remote_assoc(hdev, cp->phy_handle);
1729}
1730
1731static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1732{
1733 struct hci_cp_accept_phy_link *cp;
1734
1735 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1736
1737 if (status)
1738 return;
1739
1740 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1741 if (!cp)
1742 return;
1743
1744 amp_write_remote_assoc(hdev, cp->phy_handle);
1745}
1746
1660static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1747static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1661{ 1748{
1662 __u8 status = *((__u8 *) skb->data); 1749 __u8 status = *((__u8 *) skb->data);
@@ -1822,7 +1909,7 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1822 struct hci_ev_conn_request *ev = (void *) skb->data; 1909 struct hci_ev_conn_request *ev = (void *) skb->data;
1823 int mask = hdev->link_mode; 1910 int mask = hdev->link_mode;
1824 1911
1825 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr), 1912 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1826 ev->link_type); 1913 ev->link_type);
1827 1914
1828 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 1915 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
@@ -2314,6 +2401,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2314 hci_cc_read_local_amp_info(hdev, skb); 2401 hci_cc_read_local_amp_info(hdev, skb);
2315 break; 2402 break;
2316 2403
2404 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2405 hci_cc_read_local_amp_assoc(hdev, skb);
2406 break;
2407
2317 case HCI_OP_DELETE_STORED_LINK_KEY: 2408 case HCI_OP_DELETE_STORED_LINK_KEY:
2318 hci_cc_delete_stored_link_key(hdev, skb); 2409 hci_cc_delete_stored_link_key(hdev, skb);
2319 break; 2410 break;
@@ -2386,6 +2477,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2386 hci_cc_write_le_host_supported(hdev, skb); 2477 hci_cc_write_le_host_supported(hdev, skb);
2387 break; 2478 break;
2388 2479
2480 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2481 hci_cc_write_remote_amp_assoc(hdev, skb);
2482 break;
2483
2389 default: 2484 default:
2390 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2485 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2391 break; 2486 break;
@@ -2467,6 +2562,14 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2467 hci_cs_le_start_enc(hdev, ev->status); 2562 hci_cs_le_start_enc(hdev, ev->status);
2468 break; 2563 break;
2469 2564
2565 case HCI_OP_CREATE_PHY_LINK:
2566 hci_cs_create_phylink(hdev, ev->status);
2567 break;
2568
2569 case HCI_OP_ACCEPT_PHY_LINK:
2570 hci_cs_accept_phylink(hdev, ev->status);
2571 break;
2572
2470 default: 2573 default:
2471 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2574 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2472 break; 2575 break;
@@ -2574,6 +2677,27 @@ static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2574 queue_work(hdev->workqueue, &hdev->tx_work); 2677 queue_work(hdev->workqueue, &hdev->tx_work);
2575} 2678}
2576 2679
2680static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2681 __u16 handle)
2682{
2683 struct hci_chan *chan;
2684
2685 switch (hdev->dev_type) {
2686 case HCI_BREDR:
2687 return hci_conn_hash_lookup_handle(hdev, handle);
2688 case HCI_AMP:
2689 chan = hci_chan_lookup_handle(hdev, handle);
2690 if (chan)
2691 return chan->conn;
2692 break;
2693 default:
2694 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2695 break;
2696 }
2697
2698 return NULL;
2699}
2700
2577static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb) 2701static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2578{ 2702{
2579 struct hci_ev_num_comp_blocks *ev = (void *) skb->data; 2703 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
@@ -2595,13 +2719,13 @@ static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 2719
2596 for (i = 0; i < ev->num_hndl; i++) { 2720 for (i = 0; i < ev->num_hndl; i++) {
2597 struct hci_comp_blocks_info *info = &ev->handles[i]; 2721 struct hci_comp_blocks_info *info = &ev->handles[i];
2598 struct hci_conn *conn; 2722 struct hci_conn *conn = NULL;
2599 __u16 handle, block_count; 2723 __u16 handle, block_count;
2600 2724
2601 handle = __le16_to_cpu(info->handle); 2725 handle = __le16_to_cpu(info->handle);
2602 block_count = __le16_to_cpu(info->blocks); 2726 block_count = __le16_to_cpu(info->blocks);
2603 2727
2604 conn = hci_conn_hash_lookup_handle(hdev, handle); 2728 conn = __hci_conn_lookup_handle(hdev, handle);
2605 if (!conn) 2729 if (!conn)
2606 continue; 2730 continue;
2607 2731
@@ -2609,6 +2733,7 @@ static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609 2733
2610 switch (conn->type) { 2734 switch (conn->type) {
2611 case ACL_LINK: 2735 case ACL_LINK:
2736 case AMP_LINK:
2612 hdev->block_cnt += block_count; 2737 hdev->block_cnt += block_count;
2613 if (hdev->block_cnt > hdev->num_blocks) 2738 if (hdev->block_cnt > hdev->num_blocks)
2614 hdev->block_cnt = hdev->num_blocks; 2739 hdev->block_cnt = hdev->num_blocks;
@@ -2705,13 +2830,13 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2705 2830
2706 key = hci_find_link_key(hdev, &ev->bdaddr); 2831 key = hci_find_link_key(hdev, &ev->bdaddr);
2707 if (!key) { 2832 if (!key) {
2708 BT_DBG("%s link key not found for %s", hdev->name, 2833 BT_DBG("%s link key not found for %pMR", hdev->name,
2709 batostr(&ev->bdaddr)); 2834 &ev->bdaddr);
2710 goto not_found; 2835 goto not_found;
2711 } 2836 }
2712 2837
2713 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2838 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2714 batostr(&ev->bdaddr)); 2839 &ev->bdaddr);
2715 2840
2716 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) && 2841 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2717 key->type == HCI_LK_DEBUG_COMBINATION) { 2842 key->type == HCI_LK_DEBUG_COMBINATION) {
@@ -3558,6 +3683,22 @@ static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3558 } 3683 }
3559} 3684}
3560 3685
3686static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3687{
3688 struct hci_ev_channel_selected *ev = (void *) skb->data;
3689 struct hci_conn *hcon;
3690
3691 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3692
3693 skb_pull(skb, sizeof(*ev));
3694
3695 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3696 if (!hcon)
3697 return;
3698
3699 amp_read_loc_assoc_final_data(hdev, hcon);
3700}
3701
3561void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 3702void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3562{ 3703{
3563 struct hci_event_hdr *hdr = (void *) skb->data; 3704 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -3722,6 +3863,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3722 hci_le_meta_evt(hdev, skb); 3863 hci_le_meta_evt(hdev, skb);
3723 break; 3864 break;
3724 3865
3866 case HCI_EV_CHANNEL_SELECTED:
3867 hci_chan_selected_evt(hdev, skb);
3868 break;
3869
3725 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 3870 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3726 hci_remote_oob_data_request_evt(hdev, skb); 3871 hci_remote_oob_data_request_evt(hdev, skb);
3727 break; 3872 break;
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index a20e61c3653d..55cceee02a84 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -38,7 +38,7 @@ static ssize_t show_link_address(struct device *dev,
38 struct device_attribute *attr, char *buf) 38 struct device_attribute *attr, char *buf)
39{ 39{
40 struct hci_conn *conn = to_hci_conn(dev); 40 struct hci_conn *conn = to_hci_conn(dev);
41 return sprintf(buf, "%s\n", batostr(&conn->dst)); 41 return sprintf(buf, "%pMR\n", &conn->dst);
42} 42}
43 43
44static ssize_t show_link_features(struct device *dev, 44static ssize_t show_link_features(struct device *dev,
@@ -224,7 +224,7 @@ static ssize_t show_address(struct device *dev,
224 struct device_attribute *attr, char *buf) 224 struct device_attribute *attr, char *buf)
225{ 225{
226 struct hci_dev *hdev = to_hci_dev(dev); 226 struct hci_dev *hdev = to_hci_dev(dev);
227 return sprintf(buf, "%s\n", batostr(&hdev->bdaddr)); 227 return sprintf(buf, "%pMR\n", &hdev->bdaddr);
228} 228}
229 229
230static ssize_t show_features(struct device *dev, 230static ssize_t show_features(struct device *dev,
@@ -406,8 +406,8 @@ static int inquiry_cache_show(struct seq_file *f, void *p)
406 406
407 list_for_each_entry(e, &cache->all, all) { 407 list_for_each_entry(e, &cache->all, all) {
408 struct inquiry_data *data = &e->data; 408 struct inquiry_data *data = &e->data;
409 seq_printf(f, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n", 409 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
410 batostr(&data->bdaddr), 410 &data->bdaddr,
411 data->pscan_rep_mode, data->pscan_period_mode, 411 data->pscan_rep_mode, data->pscan_period_mode,
412 data->pscan_mode, data->dev_class[2], 412 data->pscan_mode, data->dev_class[2],
413 data->dev_class[1], data->dev_class[0], 413 data->dev_class[1], data->dev_class[0],
@@ -440,7 +440,7 @@ static int blacklist_show(struct seq_file *f, void *p)
440 hci_dev_lock(hdev); 440 hci_dev_lock(hdev);
441 441
442 list_for_each_entry(b, &hdev->blacklist, list) 442 list_for_each_entry(b, &hdev->blacklist, list)
443 seq_printf(f, "%s\n", batostr(&b->bdaddr)); 443 seq_printf(f, "%pMR\n", &b->bdaddr);
444 444
445 hci_dev_unlock(hdev); 445 hci_dev_unlock(hdev);
446 446
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index ccd985da6518..0c0028463fa3 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -932,8 +932,12 @@ static int hidp_setup_hid(struct hidp_session *session,
932 hid->country = req->country; 932 hid->country = req->country;
933 933
934 strncpy(hid->name, req->name, 128); 934 strncpy(hid->name, req->name, 128);
935 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 935
936 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 936 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
937 &bt_sk(session->ctrl_sock->sk)->src);
938
939 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
940 &bt_sk(session->ctrl_sock->sk)->dst);
937 941
938 hid->dev.parent = &session->conn->dev; 942 hid->dev.parent = &session->conn->dev;
939 hid->ll_driver = &hidp_hid_driver; 943 hid->ll_driver = &hidp_hid_driver;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index a91239dcda41..08efc256c931 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -48,19 +48,20 @@ static LIST_HEAD(chan_list);
48static DEFINE_RWLOCK(chan_list_lock); 48static DEFINE_RWLOCK(chan_list_lock);
49 49
50static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 50static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
51 u8 code, u8 ident, u16 dlen, void *data); 51 u8 code, u8 ident, u16 dlen, void *data);
52static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, 52static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
53 void *data); 53 void *data);
54static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data); 54static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
55static void l2cap_send_disconn_req(struct l2cap_conn *conn, 55static void l2cap_send_disconn_req(struct l2cap_conn *conn,
56 struct l2cap_chan *chan, int err); 56 struct l2cap_chan *chan, int err);
57 57
58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control, 58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
59 struct sk_buff_head *skbs, u8 event); 59 struct sk_buff_head *skbs, u8 event);
60 60
61/* ---- L2CAP channels ---- */ 61/* ---- L2CAP channels ---- */
62 62
63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) 63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
64 u16 cid)
64{ 65{
65 struct l2cap_chan *c; 66 struct l2cap_chan *c;
66 67
@@ -71,7 +72,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16
71 return NULL; 72 return NULL;
72} 73}
73 74
74static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 75static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn,
76 u16 cid)
75{ 77{
76 struct l2cap_chan *c; 78 struct l2cap_chan *c;
77 79
@@ -84,7 +86,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16
84 86
85/* Find channel with given SCID. 87/* Find channel with given SCID.
86 * Returns locked channel. */ 88 * Returns locked channel. */
87static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 89static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn,
90 u16 cid)
88{ 91{
89 struct l2cap_chan *c; 92 struct l2cap_chan *c;
90 93
@@ -97,7 +100,8 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 ci
97 return c; 100 return c;
98} 101}
99 102
100static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 103static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn,
104 u8 ident)
101{ 105{
102 struct l2cap_chan *c; 106 struct l2cap_chan *c;
103 107
@@ -178,7 +182,7 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
178static void __l2cap_state_change(struct l2cap_chan *chan, int state) 182static void __l2cap_state_change(struct l2cap_chan *chan, int state)
179{ 183{
180 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state), 184 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
181 state_to_string(state)); 185 state_to_string(state));
182 186
183 chan->state = state; 187 chan->state = state;
184 chan->ops->state_change(chan, state); 188 chan->ops->state_change(chan, state);
@@ -361,7 +365,7 @@ static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
361static void l2cap_chan_timeout(struct work_struct *work) 365static void l2cap_chan_timeout(struct work_struct *work)
362{ 366{
363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan, 367 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work); 368 chan_timer.work);
365 struct l2cap_conn *conn = chan->conn; 369 struct l2cap_conn *conn = chan->conn;
366 int reason; 370 int reason;
367 371
@@ -373,7 +377,7 @@ static void l2cap_chan_timeout(struct work_struct *work)
373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) 377 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
374 reason = ECONNREFUSED; 378 reason = ECONNREFUSED;
375 else if (chan->state == BT_CONNECT && 379 else if (chan->state == BT_CONNECT &&
376 chan->sec_level != BT_SECURITY_SDP) 380 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED; 381 reason = ECONNREFUSED;
378 else 382 else
379 reason = ETIMEDOUT; 383 reason = ETIMEDOUT;
@@ -455,7 +459,7 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
455 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 459 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
456} 460}
457 461
458static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 462void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
459{ 463{
460 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 464 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
461 __le16_to_cpu(chan->psm), chan->dcid); 465 __le16_to_cpu(chan->psm), chan->dcid);
@@ -504,7 +508,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
504 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE; 508 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
505 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME; 509 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
506 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT; 510 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
507 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO; 511 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO;
508 512
509 l2cap_chan_hold(chan); 513 l2cap_chan_hold(chan);
510 514
@@ -527,6 +531,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
527 BT_DBG("chan %p, conn %p, err %d", chan, conn, err); 531 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
528 532
529 if (conn) { 533 if (conn) {
534 struct amp_mgr *mgr = conn->hcon->amp_mgr;
530 /* Delete from channel list */ 535 /* Delete from channel list */
531 list_del(&chan->list); 536 list_del(&chan->list);
532 537
@@ -536,10 +541,12 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
536 541
537 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) 542 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP)
538 hci_conn_put(conn->hcon); 543 hci_conn_put(conn->hcon);
544
545 if (mgr && mgr->bredr_chan == chan)
546 mgr->bredr_chan = NULL;
539 } 547 }
540 548
541 if (chan->ops->teardown) 549 chan->ops->teardown(chan, err);
542 chan->ops->teardown(chan, err);
543 550
544 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state)) 551 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
545 return; 552 return;
@@ -573,19 +580,18 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
573 struct l2cap_conn *conn = chan->conn; 580 struct l2cap_conn *conn = chan->conn;
574 struct sock *sk = chan->sk; 581 struct sock *sk = chan->sk;
575 582
576 BT_DBG("chan %p state %s sk %p", chan, 583 BT_DBG("chan %p state %s sk %p", chan, state_to_string(chan->state),
577 state_to_string(chan->state), sk); 584 sk);
578 585
579 switch (chan->state) { 586 switch (chan->state) {
580 case BT_LISTEN: 587 case BT_LISTEN:
581 if (chan->ops->teardown) 588 chan->ops->teardown(chan, 0);
582 chan->ops->teardown(chan, 0);
583 break; 589 break;
584 590
585 case BT_CONNECTED: 591 case BT_CONNECTED:
586 case BT_CONFIG: 592 case BT_CONFIG:
587 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 593 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
588 conn->hcon->type == ACL_LINK) { 594 conn->hcon->type == ACL_LINK) {
589 __set_chan_timer(chan, sk->sk_sndtimeo); 595 __set_chan_timer(chan, sk->sk_sndtimeo);
590 l2cap_send_disconn_req(conn, chan, reason); 596 l2cap_send_disconn_req(conn, chan, reason);
591 } else 597 } else
@@ -594,7 +600,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
594 600
595 case BT_CONNECT2: 601 case BT_CONNECT2:
596 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 602 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
597 conn->hcon->type == ACL_LINK) { 603 conn->hcon->type == ACL_LINK) {
598 struct l2cap_conn_rsp rsp; 604 struct l2cap_conn_rsp rsp;
599 __u16 result; 605 __u16 result;
600 606
@@ -609,7 +615,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
609 rsp.result = cpu_to_le16(result); 615 rsp.result = cpu_to_le16(result);
610 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 616 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
611 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 617 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
612 sizeof(rsp), &rsp); 618 sizeof(rsp), &rsp);
613 } 619 }
614 620
615 l2cap_chan_del(chan, reason); 621 l2cap_chan_del(chan, reason);
@@ -621,8 +627,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
621 break; 627 break;
622 628
623 default: 629 default:
624 if (chan->ops->teardown) 630 chan->ops->teardown(chan, 0);
625 chan->ops->teardown(chan, 0);
626 break; 631 break;
627 } 632 }
628} 633}
@@ -691,7 +696,8 @@ static u8 l2cap_get_ident(struct l2cap_conn *conn)
691 return id; 696 return id;
692} 697}
693 698
694static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) 699static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
700 void *data)
695{ 701{
696 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); 702 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
697 u8 flags; 703 u8 flags;
@@ -718,10 +724,10 @@ static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
718 u16 flags; 724 u16 flags;
719 725
720 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len, 726 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
721 skb->priority); 727 skb->priority);
722 728
723 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) && 729 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
724 lmp_no_flush_capable(hcon->hdev)) 730 lmp_no_flush_capable(hcon->hdev))
725 flags = ACL_START_NO_FLUSH; 731 flags = ACL_START_NO_FLUSH;
726 else 732 else
727 flags = ACL_START; 733 flags = ACL_START;
@@ -946,7 +952,19 @@ static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
946 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); 952 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
947} 953}
948 954
949static void l2cap_send_conn_req(struct l2cap_chan *chan) 955static bool __amp_capable(struct l2cap_chan *chan)
956{
957 struct l2cap_conn *conn = chan->conn;
958
959 if (enable_hs &&
960 chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED &&
961 conn->fixed_chan_mask & L2CAP_FC_A2MP)
962 return true;
963 else
964 return false;
965}
966
967void l2cap_send_conn_req(struct l2cap_chan *chan)
950{ 968{
951 struct l2cap_conn *conn = chan->conn; 969 struct l2cap_conn *conn = chan->conn;
952 struct l2cap_conn_req req; 970 struct l2cap_conn_req req;
@@ -972,6 +990,16 @@ static void l2cap_chan_ready(struct l2cap_chan *chan)
972 chan->ops->ready(chan); 990 chan->ops->ready(chan);
973} 991}
974 992
993static void l2cap_start_connection(struct l2cap_chan *chan)
994{
995 if (__amp_capable(chan)) {
996 BT_DBG("chan %p AMP capable: discover AMPs", chan);
997 a2mp_discover_amp(chan);
998 } else {
999 l2cap_send_conn_req(chan);
1000 }
1001}
1002
975static void l2cap_do_start(struct l2cap_chan *chan) 1003static void l2cap_do_start(struct l2cap_chan *chan)
976{ 1004{
977 struct l2cap_conn *conn = chan->conn; 1005 struct l2cap_conn *conn = chan->conn;
@@ -986,8 +1014,9 @@ static void l2cap_do_start(struct l2cap_chan *chan)
986 return; 1014 return;
987 1015
988 if (l2cap_chan_check_security(chan) && 1016 if (l2cap_chan_check_security(chan) &&
989 __l2cap_no_conn_pending(chan)) 1017 __l2cap_no_conn_pending(chan)) {
990 l2cap_send_conn_req(chan); 1018 l2cap_start_connection(chan);
1019 }
991 } else { 1020 } else {
992 struct l2cap_info_req req; 1021 struct l2cap_info_req req;
993 req.type = __constant_cpu_to_le16(L2CAP_IT_FEAT_MASK); 1022 req.type = __constant_cpu_to_le16(L2CAP_IT_FEAT_MASK);
@@ -997,8 +1026,8 @@ static void l2cap_do_start(struct l2cap_chan *chan)
997 1026
998 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); 1027 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
999 1028
1000 l2cap_send_cmd(conn, conn->info_ident, 1029 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
1001 L2CAP_INFO_REQ, sizeof(req), &req); 1030 sizeof(req), &req);
1002 } 1031 }
1003} 1032}
1004 1033
@@ -1018,7 +1047,8 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1018 } 1047 }
1019} 1048}
1020 1049
1021static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err) 1050static void l2cap_send_disconn_req(struct l2cap_conn *conn,
1051 struct l2cap_chan *chan, int err)
1022{ 1052{
1023 struct sock *sk = chan->sk; 1053 struct sock *sk = chan->sk;
1024 struct l2cap_disconn_req req; 1054 struct l2cap_disconn_req req;
@@ -1033,14 +1063,14 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
1033 } 1063 }
1034 1064
1035 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) { 1065 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) {
1036 __l2cap_state_change(chan, BT_DISCONN); 1066 l2cap_state_change(chan, BT_DISCONN);
1037 return; 1067 return;
1038 } 1068 }
1039 1069
1040 req.dcid = cpu_to_le16(chan->dcid); 1070 req.dcid = cpu_to_le16(chan->dcid);
1041 req.scid = cpu_to_le16(chan->scid); 1071 req.scid = cpu_to_le16(chan->scid);
1042 l2cap_send_cmd(conn, l2cap_get_ident(conn), 1072 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_DISCONN_REQ,
1043 L2CAP_DISCONN_REQ, sizeof(req), &req); 1073 sizeof(req), &req);
1044 1074
1045 lock_sock(sk); 1075 lock_sock(sk);
1046 __l2cap_state_change(chan, BT_DISCONN); 1076 __l2cap_state_change(chan, BT_DISCONN);
@@ -1069,20 +1099,20 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1069 1099
1070 if (chan->state == BT_CONNECT) { 1100 if (chan->state == BT_CONNECT) {
1071 if (!l2cap_chan_check_security(chan) || 1101 if (!l2cap_chan_check_security(chan) ||
1072 !__l2cap_no_conn_pending(chan)) { 1102 !__l2cap_no_conn_pending(chan)) {
1073 l2cap_chan_unlock(chan); 1103 l2cap_chan_unlock(chan);
1074 continue; 1104 continue;
1075 } 1105 }
1076 1106
1077 if (!l2cap_mode_supported(chan->mode, conn->feat_mask) 1107 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1078 && test_bit(CONF_STATE2_DEVICE, 1108 && test_bit(CONF_STATE2_DEVICE,
1079 &chan->conf_state)) { 1109 &chan->conf_state)) {
1080 l2cap_chan_close(chan, ECONNRESET); 1110 l2cap_chan_close(chan, ECONNRESET);
1081 l2cap_chan_unlock(chan); 1111 l2cap_chan_unlock(chan);
1082 continue; 1112 continue;
1083 } 1113 }
1084 1114
1085 l2cap_send_conn_req(chan); 1115 l2cap_start_connection(chan);
1086 1116
1087 } else if (chan->state == BT_CONNECT2) { 1117 } else if (chan->state == BT_CONNECT2) {
1088 struct l2cap_conn_rsp rsp; 1118 struct l2cap_conn_rsp rsp;
@@ -1094,11 +1124,9 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1094 lock_sock(sk); 1124 lock_sock(sk);
1095 if (test_bit(BT_SK_DEFER_SETUP, 1125 if (test_bit(BT_SK_DEFER_SETUP,
1096 &bt_sk(sk)->flags)) { 1126 &bt_sk(sk)->flags)) {
1097 struct sock *parent = bt_sk(sk)->parent;
1098 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND); 1127 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND);
1099 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND); 1128 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
1100 if (parent) 1129 chan->ops->defer(chan);
1101 parent->sk_data_ready(parent, 0);
1102 1130
1103 } else { 1131 } else {
1104 __l2cap_state_change(chan, BT_CONFIG); 1132 __l2cap_state_change(chan, BT_CONFIG);
@@ -1112,17 +1140,17 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1112 } 1140 }
1113 1141
1114 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 1142 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1115 sizeof(rsp), &rsp); 1143 sizeof(rsp), &rsp);
1116 1144
1117 if (test_bit(CONF_REQ_SENT, &chan->conf_state) || 1145 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
1118 rsp.result != L2CAP_CR_SUCCESS) { 1146 rsp.result != L2CAP_CR_SUCCESS) {
1119 l2cap_chan_unlock(chan); 1147 l2cap_chan_unlock(chan);
1120 continue; 1148 continue;
1121 } 1149 }
1122 1150
1123 set_bit(CONF_REQ_SENT, &chan->conf_state); 1151 set_bit(CONF_REQ_SENT, &chan->conf_state);
1124 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1152 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1125 l2cap_build_conf_req(chan, buf), buf); 1153 l2cap_build_conf_req(chan, buf), buf);
1126 chan->num_conf_req++; 1154 chan->num_conf_req++;
1127 } 1155 }
1128 1156
@@ -1204,8 +1232,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1204 bacpy(&bt_sk(sk)->src, conn->src); 1232 bacpy(&bt_sk(sk)->src, conn->src);
1205 bacpy(&bt_sk(sk)->dst, conn->dst); 1233 bacpy(&bt_sk(sk)->dst, conn->dst);
1206 1234
1207 bt_accept_enqueue(parent, sk);
1208
1209 l2cap_chan_add(conn, chan); 1235 l2cap_chan_add(conn, chan);
1210 1236
1211 l2cap_chan_ready(chan); 1237 l2cap_chan_ready(chan);
@@ -1270,7 +1296,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1270 1296
1271 list_for_each_entry(chan, &conn->chan_l, list) { 1297 list_for_each_entry(chan, &conn->chan_l, list) {
1272 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 1298 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
1273 __l2cap_chan_set_err(chan, err); 1299 l2cap_chan_set_err(chan, err);
1274 } 1300 }
1275 1301
1276 mutex_unlock(&conn->chan_lock); 1302 mutex_unlock(&conn->chan_lock);
@@ -1279,7 +1305,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1279static void l2cap_info_timeout(struct work_struct *work) 1305static void l2cap_info_timeout(struct work_struct *work)
1280{ 1306{
1281 struct l2cap_conn *conn = container_of(work, struct l2cap_conn, 1307 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1282 info_timer.work); 1308 info_timer.work);
1283 1309
1284 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 1310 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1285 conn->info_ident = 0; 1311 conn->info_ident = 0;
@@ -1333,7 +1359,7 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1333static void security_timeout(struct work_struct *work) 1359static void security_timeout(struct work_struct *work)
1334{ 1360{
1335 struct l2cap_conn *conn = container_of(work, struct l2cap_conn, 1361 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1336 security_timer.work); 1362 security_timer.work);
1337 1363
1338 BT_DBG("conn %p", conn); 1364 BT_DBG("conn %p", conn);
1339 1365
@@ -1355,7 +1381,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1355 if (!hchan) 1381 if (!hchan)
1356 return NULL; 1382 return NULL;
1357 1383
1358 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC); 1384 conn = kzalloc(sizeof(struct l2cap_conn), GFP_KERNEL);
1359 if (!conn) { 1385 if (!conn) {
1360 hci_chan_del(hchan); 1386 hci_chan_del(hchan);
1361 return NULL; 1387 return NULL;
@@ -1367,10 +1393,22 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1367 1393
1368 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); 1394 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
1369 1395
1370 if (hcon->hdev->le_mtu && hcon->type == LE_LINK) 1396 switch (hcon->type) {
1371 conn->mtu = hcon->hdev->le_mtu; 1397 case AMP_LINK:
1372 else 1398 conn->mtu = hcon->hdev->block_mtu;
1399 break;
1400
1401 case LE_LINK:
1402 if (hcon->hdev->le_mtu) {
1403 conn->mtu = hcon->hdev->le_mtu;
1404 break;
1405 }
1406 /* fall through */
1407
1408 default:
1373 conn->mtu = hcon->hdev->acl_mtu; 1409 conn->mtu = hcon->hdev->acl_mtu;
1410 break;
1411 }
1374 1412
1375 conn->src = &hcon->hdev->bdaddr; 1413 conn->src = &hcon->hdev->bdaddr;
1376 conn->dst = &hcon->dst; 1414 conn->dst = &hcon->dst;
@@ -1448,7 +1486,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1448 __u8 auth_type; 1486 __u8 auth_type;
1449 int err; 1487 int err;
1450 1488
1451 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst), 1489 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", src, dst,
1452 dst_type, __le16_to_cpu(psm)); 1490 dst_type, __le16_to_cpu(psm));
1453 1491
1454 hdev = hci_get_route(dst, src); 1492 hdev = hci_get_route(dst, src);
@@ -1461,7 +1499,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1461 1499
1462 /* PSM must be odd and lsb of upper byte must be 0 */ 1500 /* PSM must be odd and lsb of upper byte must be 0 */
1463 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid && 1501 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1464 chan->chan_type != L2CAP_CHAN_RAW) { 1502 chan->chan_type != L2CAP_CHAN_RAW) {
1465 err = -EINVAL; 1503 err = -EINVAL;
1466 goto done; 1504 goto done;
1467 } 1505 }
@@ -1770,7 +1808,7 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1770 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq); 1808 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
1771 if (!skb) { 1809 if (!skb) {
1772 BT_DBG("Error: Can't retransmit seq %d, frame missing", 1810 BT_DBG("Error: Can't retransmit seq %d, frame missing",
1773 seq); 1811 seq);
1774 continue; 1812 continue;
1775 } 1813 }
1776 1814
@@ -1795,9 +1833,9 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1795 /* Cloned sk_buffs are read-only, so we need a 1833 /* Cloned sk_buffs are read-only, so we need a
1796 * writeable copy 1834 * writeable copy
1797 */ 1835 */
1798 tx_skb = skb_copy(skb, GFP_ATOMIC); 1836 tx_skb = skb_copy(skb, GFP_KERNEL);
1799 } else { 1837 } else {
1800 tx_skb = skb_clone(skb, GFP_ATOMIC); 1838 tx_skb = skb_clone(skb, GFP_KERNEL);
1801 } 1839 }
1802 1840
1803 if (!tx_skb) { 1841 if (!tx_skb) {
@@ -1855,7 +1893,7 @@ static void l2cap_retransmit_all(struct l2cap_chan *chan,
1855 if (chan->unacked_frames) { 1893 if (chan->unacked_frames) {
1856 skb_queue_walk(&chan->tx_q, skb) { 1894 skb_queue_walk(&chan->tx_q, skb) {
1857 if (bt_cb(skb)->control.txseq == control->reqseq || 1895 if (bt_cb(skb)->control.txseq == control->reqseq ||
1858 skb == chan->tx_send_head) 1896 skb == chan->tx_send_head)
1859 break; 1897 break;
1860 } 1898 }
1861 1899
@@ -2156,7 +2194,7 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2156} 2194}
2157 2195
2158int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, 2196int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2159 u32 priority) 2197 u32 priority)
2160{ 2198{
2161 struct sk_buff *skb; 2199 struct sk_buff *skb;
2162 int err; 2200 int err;
@@ -2543,7 +2581,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2543 /* Don't send frame to the socket it came from */ 2581 /* Don't send frame to the socket it came from */
2544 if (skb->sk == sk) 2582 if (skb->sk == sk)
2545 continue; 2583 continue;
2546 nskb = skb_clone(skb, GFP_ATOMIC); 2584 nskb = skb_clone(skb, GFP_KERNEL);
2547 if (!nskb) 2585 if (!nskb)
2548 continue; 2586 continue;
2549 2587
@@ -2569,7 +2607,7 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2569 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; 2607 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2570 count = min_t(unsigned int, conn->mtu, len); 2608 count = min_t(unsigned int, conn->mtu, len);
2571 2609
2572 skb = bt_skb_alloc(count, GFP_ATOMIC); 2610 skb = bt_skb_alloc(count, GFP_KERNEL);
2573 if (!skb) 2611 if (!skb)
2574 return NULL; 2612 return NULL;
2575 2613
@@ -2599,7 +2637,7 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2599 while (len) { 2637 while (len) {
2600 count = min_t(unsigned int, conn->mtu, len); 2638 count = min_t(unsigned int, conn->mtu, len);
2601 2639
2602 *frag = bt_skb_alloc(count, GFP_ATOMIC); 2640 *frag = bt_skb_alloc(count, GFP_KERNEL);
2603 if (!*frag) 2641 if (!*frag)
2604 goto fail; 2642 goto fail;
2605 2643
@@ -2618,7 +2656,8 @@ fail:
2618 return NULL; 2656 return NULL;
2619} 2657}
2620 2658
2621static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val) 2659static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen,
2660 unsigned long *val)
2622{ 2661{
2623 struct l2cap_conf_opt *opt = *ptr; 2662 struct l2cap_conf_opt *opt = *ptr;
2624 int len; 2663 int len;
@@ -2692,7 +2731,7 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2692 efs.msdu = cpu_to_le16(chan->local_msdu); 2731 efs.msdu = cpu_to_le16(chan->local_msdu);
2693 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); 2732 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2694 efs.acc_lat = __constant_cpu_to_le32(L2CAP_DEFAULT_ACC_LAT); 2733 efs.acc_lat = __constant_cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2695 efs.flush_to = __constant_cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO); 2734 efs.flush_to = __constant_cpu_to_le32(L2CAP_EFS_DEFAULT_FLUSH_TO);
2696 break; 2735 break;
2697 2736
2698 case L2CAP_MODE_STREAMING: 2737 case L2CAP_MODE_STREAMING:
@@ -2709,7 +2748,7 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2709 } 2748 }
2710 2749
2711 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs), 2750 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2712 (unsigned long) &efs); 2751 (unsigned long) &efs);
2713} 2752}
2714 2753
2715static void l2cap_ack_timeout(struct work_struct *work) 2754static void l2cap_ack_timeout(struct work_struct *work)
@@ -2798,13 +2837,13 @@ static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2798static inline void l2cap_txwin_setup(struct l2cap_chan *chan) 2837static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2799{ 2838{
2800 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW && 2839 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
2801 __l2cap_ews_supported(chan)) { 2840 __l2cap_ews_supported(chan)) {
2802 /* use extended control field */ 2841 /* use extended control field */
2803 set_bit(FLAG_EXT_CTRL, &chan->flags); 2842 set_bit(FLAG_EXT_CTRL, &chan->flags);
2804 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; 2843 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2805 } else { 2844 } else {
2806 chan->tx_win = min_t(u16, chan->tx_win, 2845 chan->tx_win = min_t(u16, chan->tx_win,
2807 L2CAP_DEFAULT_TX_WINDOW); 2846 L2CAP_DEFAULT_TX_WINDOW);
2808 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 2847 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2809 } 2848 }
2810 chan->ack_win = chan->tx_win; 2849 chan->ack_win = chan->tx_win;
@@ -2844,7 +2883,7 @@ done:
2844 switch (chan->mode) { 2883 switch (chan->mode) {
2845 case L2CAP_MODE_BASIC: 2884 case L2CAP_MODE_BASIC:
2846 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) && 2885 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2847 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING)) 2886 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
2848 break; 2887 break;
2849 2888
2850 rfc.mode = L2CAP_MODE_BASIC; 2889 rfc.mode = L2CAP_MODE_BASIC;
@@ -2855,7 +2894,7 @@ done:
2855 rfc.max_pdu_size = 0; 2894 rfc.max_pdu_size = 0;
2856 2895
2857 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 2896 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2858 (unsigned long) &rfc); 2897 (unsigned long) &rfc);
2859 break; 2898 break;
2860 2899
2861 case L2CAP_MODE_ERTM: 2900 case L2CAP_MODE_ERTM:
@@ -2865,18 +2904,17 @@ done:
2865 rfc.monitor_timeout = 0; 2904 rfc.monitor_timeout = 0;
2866 2905
2867 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - 2906 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2868 L2CAP_EXT_HDR_SIZE - 2907 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
2869 L2CAP_SDULEN_SIZE - 2908 L2CAP_FCS_SIZE);
2870 L2CAP_FCS_SIZE);
2871 rfc.max_pdu_size = cpu_to_le16(size); 2909 rfc.max_pdu_size = cpu_to_le16(size);
2872 2910
2873 l2cap_txwin_setup(chan); 2911 l2cap_txwin_setup(chan);
2874 2912
2875 rfc.txwin_size = min_t(u16, chan->tx_win, 2913 rfc.txwin_size = min_t(u16, chan->tx_win,
2876 L2CAP_DEFAULT_TX_WINDOW); 2914 L2CAP_DEFAULT_TX_WINDOW);
2877 2915
2878 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 2916 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2879 (unsigned long) &rfc); 2917 (unsigned long) &rfc);
2880 2918
2881 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 2919 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2882 l2cap_add_opt_efs(&ptr, chan); 2920 l2cap_add_opt_efs(&ptr, chan);
@@ -2885,14 +2923,14 @@ done:
2885 break; 2923 break;
2886 2924
2887 if (chan->fcs == L2CAP_FCS_NONE || 2925 if (chan->fcs == L2CAP_FCS_NONE ||
2888 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 2926 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
2889 chan->fcs = L2CAP_FCS_NONE; 2927 chan->fcs = L2CAP_FCS_NONE;
2890 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 2928 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
2891 } 2929 }
2892 2930
2893 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) 2931 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2894 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2, 2932 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2895 chan->tx_win); 2933 chan->tx_win);
2896 break; 2934 break;
2897 2935
2898 case L2CAP_MODE_STREAMING: 2936 case L2CAP_MODE_STREAMING:
@@ -2904,13 +2942,12 @@ done:
2904 rfc.monitor_timeout = 0; 2942 rfc.monitor_timeout = 0;
2905 2943
2906 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - 2944 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2907 L2CAP_EXT_HDR_SIZE - 2945 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
2908 L2CAP_SDULEN_SIZE - 2946 L2CAP_FCS_SIZE);
2909 L2CAP_FCS_SIZE);
2910 rfc.max_pdu_size = cpu_to_le16(size); 2947 rfc.max_pdu_size = cpu_to_le16(size);
2911 2948
2912 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 2949 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2913 (unsigned long) &rfc); 2950 (unsigned long) &rfc);
2914 2951
2915 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 2952 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2916 l2cap_add_opt_efs(&ptr, chan); 2953 l2cap_add_opt_efs(&ptr, chan);
@@ -2919,7 +2956,7 @@ done:
2919 break; 2956 break;
2920 2957
2921 if (chan->fcs == L2CAP_FCS_NONE || 2958 if (chan->fcs == L2CAP_FCS_NONE ||
2922 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 2959 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
2923 chan->fcs = L2CAP_FCS_NONE; 2960 chan->fcs = L2CAP_FCS_NONE;
2924 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 2961 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
2925 } 2962 }
@@ -3011,7 +3048,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
3011 case L2CAP_MODE_ERTM: 3048 case L2CAP_MODE_ERTM:
3012 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { 3049 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
3013 chan->mode = l2cap_select_mode(rfc.mode, 3050 chan->mode = l2cap_select_mode(rfc.mode,
3014 chan->conn->feat_mask); 3051 chan->conn->feat_mask);
3015 break; 3052 break;
3016 } 3053 }
3017 3054
@@ -3036,8 +3073,8 @@ done:
3036 if (chan->num_conf_rsp == 1) 3073 if (chan->num_conf_rsp == 1)
3037 return -ECONNREFUSED; 3074 return -ECONNREFUSED;
3038 3075
3039 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3076 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3040 sizeof(rfc), (unsigned long) &rfc); 3077 (unsigned long) &rfc);
3041 } 3078 }
3042 3079
3043 if (result == L2CAP_CONF_SUCCESS) { 3080 if (result == L2CAP_CONF_SUCCESS) {
@@ -3054,8 +3091,8 @@ done:
3054 3091
3055 if (remote_efs) { 3092 if (remote_efs) {
3056 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && 3093 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3057 efs.stype != L2CAP_SERV_NOTRAFIC && 3094 efs.stype != L2CAP_SERV_NOTRAFIC &&
3058 efs.stype != chan->local_stype) { 3095 efs.stype != chan->local_stype) {
3059 3096
3060 result = L2CAP_CONF_UNACCEPT; 3097 result = L2CAP_CONF_UNACCEPT;
3061 3098
@@ -3063,8 +3100,8 @@ done:
3063 return -ECONNREFUSED; 3100 return -ECONNREFUSED;
3064 3101
3065 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3102 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3066 sizeof(efs), 3103 sizeof(efs),
3067 (unsigned long) &efs); 3104 (unsigned long) &efs);
3068 } else { 3105 } else {
3069 /* Send PENDING Conf Rsp */ 3106 /* Send PENDING Conf Rsp */
3070 result = L2CAP_CONF_PENDING; 3107 result = L2CAP_CONF_PENDING;
@@ -3087,10 +3124,8 @@ done:
3087 chan->remote_max_tx = rfc.max_transmit; 3124 chan->remote_max_tx = rfc.max_transmit;
3088 3125
3089 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), 3126 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3090 chan->conn->mtu - 3127 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3091 L2CAP_EXT_HDR_SIZE - 3128 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
3092 L2CAP_SDULEN_SIZE -
3093 L2CAP_FCS_SIZE);
3094 rfc.max_pdu_size = cpu_to_le16(size); 3129 rfc.max_pdu_size = cpu_to_le16(size);
3095 chan->remote_mps = size; 3130 chan->remote_mps = size;
3096 3131
@@ -3102,36 +3137,35 @@ done:
3102 set_bit(CONF_MODE_DONE, &chan->conf_state); 3137 set_bit(CONF_MODE_DONE, &chan->conf_state);
3103 3138
3104 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3139 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3105 sizeof(rfc), (unsigned long) &rfc); 3140 sizeof(rfc), (unsigned long) &rfc);
3106 3141
3107 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3142 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3108 chan->remote_id = efs.id; 3143 chan->remote_id = efs.id;
3109 chan->remote_stype = efs.stype; 3144 chan->remote_stype = efs.stype;
3110 chan->remote_msdu = le16_to_cpu(efs.msdu); 3145 chan->remote_msdu = le16_to_cpu(efs.msdu);
3111 chan->remote_flush_to = 3146 chan->remote_flush_to =
3112 le32_to_cpu(efs.flush_to); 3147 le32_to_cpu(efs.flush_to);
3113 chan->remote_acc_lat = 3148 chan->remote_acc_lat =
3114 le32_to_cpu(efs.acc_lat); 3149 le32_to_cpu(efs.acc_lat);
3115 chan->remote_sdu_itime = 3150 chan->remote_sdu_itime =
3116 le32_to_cpu(efs.sdu_itime); 3151 le32_to_cpu(efs.sdu_itime);
3117 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3152 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3118 sizeof(efs), (unsigned long) &efs); 3153 sizeof(efs),
3154 (unsigned long) &efs);
3119 } 3155 }
3120 break; 3156 break;
3121 3157
3122 case L2CAP_MODE_STREAMING: 3158 case L2CAP_MODE_STREAMING:
3123 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), 3159 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3124 chan->conn->mtu - 3160 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3125 L2CAP_EXT_HDR_SIZE - 3161 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
3126 L2CAP_SDULEN_SIZE -
3127 L2CAP_FCS_SIZE);
3128 rfc.max_pdu_size = cpu_to_le16(size); 3162 rfc.max_pdu_size = cpu_to_le16(size);
3129 chan->remote_mps = size; 3163 chan->remote_mps = size;
3130 3164
3131 set_bit(CONF_MODE_DONE, &chan->conf_state); 3165 set_bit(CONF_MODE_DONE, &chan->conf_state);
3132 3166
3133 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3167 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3134 sizeof(rfc), (unsigned long) &rfc); 3168 (unsigned long) &rfc);
3135 3169
3136 break; 3170 break;
3137 3171
@@ -3152,7 +3186,8 @@ done:
3152 return ptr - data; 3186 return ptr - data;
3153} 3187}
3154 3188
3155static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result) 3189static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3190 void *data, u16 *result)
3156{ 3191{
3157 struct l2cap_conf_req *req = data; 3192 struct l2cap_conf_req *req = data;
3158 void *ptr = req->data; 3193 void *ptr = req->data;
@@ -3179,7 +3214,7 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3179 case L2CAP_CONF_FLUSH_TO: 3214 case L2CAP_CONF_FLUSH_TO:
3180 chan->flush_to = val; 3215 chan->flush_to = val;
3181 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 3216 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
3182 2, chan->flush_to); 3217 2, chan->flush_to);
3183 break; 3218 break;
3184 3219
3185 case L2CAP_CONF_RFC: 3220 case L2CAP_CONF_RFC:
@@ -3187,13 +3222,13 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3187 memcpy(&rfc, (void *)val, olen); 3222 memcpy(&rfc, (void *)val, olen);
3188 3223
3189 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && 3224 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3190 rfc.mode != chan->mode) 3225 rfc.mode != chan->mode)
3191 return -ECONNREFUSED; 3226 return -ECONNREFUSED;
3192 3227
3193 chan->fcs = 0; 3228 chan->fcs = 0;
3194 3229
3195 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3230 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3196 sizeof(rfc), (unsigned long) &rfc); 3231 sizeof(rfc), (unsigned long) &rfc);
3197 break; 3232 break;
3198 3233
3199 case L2CAP_CONF_EWS: 3234 case L2CAP_CONF_EWS:
@@ -3207,12 +3242,12 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3207 memcpy(&efs, (void *)val, olen); 3242 memcpy(&efs, (void *)val, olen);
3208 3243
3209 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && 3244 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3210 efs.stype != L2CAP_SERV_NOTRAFIC && 3245 efs.stype != L2CAP_SERV_NOTRAFIC &&
3211 efs.stype != chan->local_stype) 3246 efs.stype != chan->local_stype)
3212 return -ECONNREFUSED; 3247 return -ECONNREFUSED;
3213 3248
3214 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3249 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
3215 sizeof(efs), (unsigned long) &efs); 3250 (unsigned long) &efs);
3216 break; 3251 break;
3217 } 3252 }
3218 } 3253 }
@@ -3235,10 +3270,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3235 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3270 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3236 chan->local_msdu = le16_to_cpu(efs.msdu); 3271 chan->local_msdu = le16_to_cpu(efs.msdu);
3237 chan->local_sdu_itime = 3272 chan->local_sdu_itime =
3238 le32_to_cpu(efs.sdu_itime); 3273 le32_to_cpu(efs.sdu_itime);
3239 chan->local_acc_lat = le32_to_cpu(efs.acc_lat); 3274 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3240 chan->local_flush_to = 3275 chan->local_flush_to =
3241 le32_to_cpu(efs.flush_to); 3276 le32_to_cpu(efs.flush_to);
3242 } 3277 }
3243 break; 3278 break;
3244 3279
@@ -3253,7 +3288,8 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3253 return ptr - data; 3288 return ptr - data;
3254} 3289}
3255 3290
3256static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags) 3291static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3292 u16 result, u16 flags)
3257{ 3293{
3258 struct l2cap_conf_rsp *rsp = data; 3294 struct l2cap_conf_rsp *rsp = data;
3259 void *ptr = rsp->data; 3295 void *ptr = rsp->data;
@@ -3277,14 +3313,13 @@ void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
3277 rsp.dcid = cpu_to_le16(chan->scid); 3313 rsp.dcid = cpu_to_le16(chan->scid);
3278 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS); 3314 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS);
3279 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 3315 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
3280 l2cap_send_cmd(conn, chan->ident, 3316 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3281 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3282 3317
3283 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) 3318 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
3284 return; 3319 return;
3285 3320
3286 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3321 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3287 l2cap_build_conf_req(chan, buf), buf); 3322 l2cap_build_conf_req(chan, buf), buf);
3288 chan->num_conf_req++; 3323 chan->num_conf_req++;
3289} 3324}
3290 3325
@@ -3339,7 +3374,8 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3339 } 3374 }
3340} 3375}
3341 3376
3342static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3377static inline int l2cap_command_rej(struct l2cap_conn *conn,
3378 struct l2cap_cmd_hdr *cmd, u8 *data)
3343{ 3379{
3344 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data; 3380 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
3345 3381
@@ -3347,7 +3383,7 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
3347 return 0; 3383 return 0;
3348 3384
3349 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && 3385 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3350 cmd->ident == conn->info_ident) { 3386 cmd->ident == conn->info_ident) {
3351 cancel_delayed_work(&conn->info_timer); 3387 cancel_delayed_work(&conn->info_timer);
3352 3388
3353 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 3389 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
@@ -3359,7 +3395,8 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
3359 return 0; 3395 return 0;
3360} 3396}
3361 3397
3362static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3398static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd,
3399 u8 *data, u8 rsp_code, u8 amp_id)
3363{ 3400{
3364 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 3401 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3365 struct l2cap_conn_rsp rsp; 3402 struct l2cap_conn_rsp rsp;
@@ -3386,7 +3423,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3386 3423
3387 /* Check if the ACL is secure enough (if not SDP) */ 3424 /* Check if the ACL is secure enough (if not SDP) */
3388 if (psm != __constant_cpu_to_le16(L2CAP_PSM_SDP) && 3425 if (psm != __constant_cpu_to_le16(L2CAP_PSM_SDP) &&
3389 !hci_conn_check_link_mode(conn->hcon)) { 3426 !hci_conn_check_link_mode(conn->hcon)) {
3390 conn->disc_reason = HCI_ERROR_AUTH_FAILURE; 3427 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
3391 result = L2CAP_CR_SEC_BLOCK; 3428 result = L2CAP_CR_SEC_BLOCK;
3392 goto response; 3429 goto response;
@@ -3411,8 +3448,6 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3411 chan->psm = psm; 3448 chan->psm = psm;
3412 chan->dcid = scid; 3449 chan->dcid = scid;
3413 3450
3414 bt_accept_enqueue(parent, sk);
3415
3416 __l2cap_chan_add(conn, chan); 3451 __l2cap_chan_add(conn, chan);
3417 3452
3418 dcid = chan->scid; 3453 dcid = chan->scid;
@@ -3427,7 +3462,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3427 __l2cap_state_change(chan, BT_CONNECT2); 3462 __l2cap_state_change(chan, BT_CONNECT2);
3428 result = L2CAP_CR_PEND; 3463 result = L2CAP_CR_PEND;
3429 status = L2CAP_CS_AUTHOR_PEND; 3464 status = L2CAP_CS_AUTHOR_PEND;
3430 parent->sk_data_ready(parent, 0); 3465 chan->ops->defer(chan);
3431 } else { 3466 } else {
3432 __l2cap_state_change(chan, BT_CONFIG); 3467 __l2cap_state_change(chan, BT_CONFIG);
3433 result = L2CAP_CR_SUCCESS; 3468 result = L2CAP_CR_SUCCESS;
@@ -3453,7 +3488,7 @@ sendresp:
3453 rsp.dcid = cpu_to_le16(dcid); 3488 rsp.dcid = cpu_to_le16(dcid);
3454 rsp.result = cpu_to_le16(result); 3489 rsp.result = cpu_to_le16(result);
3455 rsp.status = cpu_to_le16(status); 3490 rsp.status = cpu_to_le16(status);
3456 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3491 l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp);
3457 3492
3458 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { 3493 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3459 struct l2cap_info_req info; 3494 struct l2cap_info_req info;
@@ -3464,23 +3499,29 @@ sendresp:
3464 3499
3465 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); 3500 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
3466 3501
3467 l2cap_send_cmd(conn, conn->info_ident, 3502 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
3468 L2CAP_INFO_REQ, sizeof(info), &info); 3503 sizeof(info), &info);
3469 } 3504 }
3470 3505
3471 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) && 3506 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
3472 result == L2CAP_CR_SUCCESS) { 3507 result == L2CAP_CR_SUCCESS) {
3473 u8 buf[128]; 3508 u8 buf[128];
3474 set_bit(CONF_REQ_SENT, &chan->conf_state); 3509 set_bit(CONF_REQ_SENT, &chan->conf_state);
3475 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3510 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3476 l2cap_build_conf_req(chan, buf), buf); 3511 l2cap_build_conf_req(chan, buf), buf);
3477 chan->num_conf_req++; 3512 chan->num_conf_req++;
3478 } 3513 }
3514}
3479 3515
3516static int l2cap_connect_req(struct l2cap_conn *conn,
3517 struct l2cap_cmd_hdr *cmd, u8 *data)
3518{
3519 l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0);
3480 return 0; 3520 return 0;
3481} 3521}
3482 3522
3483static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3523static inline int l2cap_connect_rsp(struct l2cap_conn *conn,
3524 struct l2cap_cmd_hdr *cmd, u8 *data)
3484{ 3525{
3485 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 3526 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3486 u16 scid, dcid, result, status; 3527 u16 scid, dcid, result, status;
@@ -3494,7 +3535,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
3494 status = __le16_to_cpu(rsp->status); 3535 status = __le16_to_cpu(rsp->status);
3495 3536
3496 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", 3537 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3497 dcid, scid, result, status); 3538 dcid, scid, result, status);
3498 3539
3499 mutex_lock(&conn->chan_lock); 3540 mutex_lock(&conn->chan_lock);
3500 3541
@@ -3527,7 +3568,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
3527 break; 3568 break;
3528 3569
3529 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3570 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3530 l2cap_build_conf_req(chan, req), req); 3571 l2cap_build_conf_req(chan, req), req);
3531 chan->num_conf_req++; 3572 chan->num_conf_req++;
3532 break; 3573 break;
3533 3574
@@ -3559,7 +3600,25 @@ static inline void set_default_fcs(struct l2cap_chan *chan)
3559 chan->fcs = L2CAP_FCS_CRC16; 3600 chan->fcs = L2CAP_FCS_CRC16;
3560} 3601}
3561 3602
3562static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 3603static void l2cap_send_efs_conf_rsp(struct l2cap_chan *chan, void *data,
3604 u8 ident, u16 flags)
3605{
3606 struct l2cap_conn *conn = chan->conn;
3607
3608 BT_DBG("conn %p chan %p ident %d flags 0x%4.4x", conn, chan, ident,
3609 flags);
3610
3611 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3612 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3613
3614 l2cap_send_cmd(conn, ident, L2CAP_CONF_RSP,
3615 l2cap_build_conf_rsp(chan, data,
3616 L2CAP_CONF_SUCCESS, flags), data);
3617}
3618
3619static inline int l2cap_config_req(struct l2cap_conn *conn,
3620 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3621 u8 *data)
3563{ 3622{
3564 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 3623 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3565 u16 dcid, flags; 3624 u16 dcid, flags;
@@ -3584,7 +3643,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3584 rej.dcid = cpu_to_le16(chan->dcid); 3643 rej.dcid = cpu_to_le16(chan->dcid);
3585 3644
3586 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, 3645 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3587 sizeof(rej), &rej); 3646 sizeof(rej), &rej);
3588 goto unlock; 3647 goto unlock;
3589 } 3648 }
3590 3649
@@ -3592,8 +3651,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3592 len = cmd_len - sizeof(*req); 3651 len = cmd_len - sizeof(*req);
3593 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) { 3652 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
3594 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3653 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3595 l2cap_build_conf_rsp(chan, rsp, 3654 l2cap_build_conf_rsp(chan, rsp,
3596 L2CAP_CONF_REJECT, flags), rsp); 3655 L2CAP_CONF_REJECT, flags), rsp);
3597 goto unlock; 3656 goto unlock;
3598 } 3657 }
3599 3658
@@ -3604,8 +3663,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3604 if (flags & L2CAP_CONF_FLAG_CONTINUATION) { 3663 if (flags & L2CAP_CONF_FLAG_CONTINUATION) {
3605 /* Incomplete config. Send empty response. */ 3664 /* Incomplete config. Send empty response. */
3606 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3665 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3607 l2cap_build_conf_rsp(chan, rsp, 3666 l2cap_build_conf_rsp(chan, rsp,
3608 L2CAP_CONF_SUCCESS, flags), rsp); 3667 L2CAP_CONF_SUCCESS, flags), rsp);
3609 goto unlock; 3668 goto unlock;
3610 } 3669 }
3611 3670
@@ -3643,23 +3702,22 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3643 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) { 3702 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
3644 u8 buf[64]; 3703 u8 buf[64];
3645 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3704 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3646 l2cap_build_conf_req(chan, buf), buf); 3705 l2cap_build_conf_req(chan, buf), buf);
3647 chan->num_conf_req++; 3706 chan->num_conf_req++;
3648 } 3707 }
3649 3708
3650 /* Got Conf Rsp PENDING from remote side and asume we sent 3709 /* Got Conf Rsp PENDING from remote side and asume we sent
3651 Conf Rsp PENDING in the code above */ 3710 Conf Rsp PENDING in the code above */
3652 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) && 3711 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3653 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { 3712 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3654 3713
3655 /* check compatibility */ 3714 /* check compatibility */
3656 3715
3657 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); 3716 /* Send rsp for BR/EDR channel */
3658 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); 3717 if (!chan->ctrl_id)
3659 3718 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags);
3660 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3719 else
3661 l2cap_build_conf_rsp(chan, rsp, 3720 chan->ident = cmd->ident;
3662 L2CAP_CONF_SUCCESS, flags), rsp);
3663 } 3721 }
3664 3722
3665unlock: 3723unlock:
@@ -3667,7 +3725,8 @@ unlock:
3667 return err; 3725 return err;
3668} 3726}
3669 3727
3670static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3728static inline int l2cap_config_rsp(struct l2cap_conn *conn,
3729 struct l2cap_cmd_hdr *cmd, u8 *data)
3671{ 3730{
3672 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 3731 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3673 u16 scid, flags, result; 3732 u16 scid, flags, result;
@@ -3699,7 +3758,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3699 char buf[64]; 3758 char buf[64];
3700 3759
3701 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 3760 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3702 buf, &result); 3761 buf, &result);
3703 if (len < 0) { 3762 if (len < 0) {
3704 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3763 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3705 goto done; 3764 goto done;
@@ -3707,12 +3766,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3707 3766
3708 /* check compatibility */ 3767 /* check compatibility */
3709 3768
3710 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); 3769 if (!chan->ctrl_id)
3711 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); 3770 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident,
3712 3771 0);
3713 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3772 else
3714 l2cap_build_conf_rsp(chan, buf, 3773 chan->ident = cmd->ident;
3715 L2CAP_CONF_SUCCESS, 0x0000), buf);
3716 } 3774 }
3717 goto done; 3775 goto done;
3718 3776
@@ -3728,14 +3786,14 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3728 /* throw out any old stored conf requests */ 3786 /* throw out any old stored conf requests */
3729 result = L2CAP_CONF_SUCCESS; 3787 result = L2CAP_CONF_SUCCESS;
3730 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 3788 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3731 req, &result); 3789 req, &result);
3732 if (len < 0) { 3790 if (len < 0) {
3733 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3791 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3734 goto done; 3792 goto done;
3735 } 3793 }
3736 3794
3737 l2cap_send_cmd(conn, l2cap_get_ident(conn), 3795 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3738 L2CAP_CONF_REQ, len, req); 3796 L2CAP_CONF_REQ, len, req);
3739 chan->num_conf_req++; 3797 chan->num_conf_req++;
3740 if (result != L2CAP_CONF_SUCCESS) 3798 if (result != L2CAP_CONF_SUCCESS)
3741 goto done; 3799 goto done;
@@ -3773,7 +3831,8 @@ done:
3773 return err; 3831 return err;
3774} 3832}
3775 3833
3776static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3834static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
3835 struct l2cap_cmd_hdr *cmd, u8 *data)
3777{ 3836{
3778 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 3837 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3779 struct l2cap_disconn_rsp rsp; 3838 struct l2cap_disconn_rsp rsp;
@@ -3819,7 +3878,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3819 return 0; 3878 return 0;
3820} 3879}
3821 3880
3822static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3881static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
3882 struct l2cap_cmd_hdr *cmd, u8 *data)
3823{ 3883{
3824 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 3884 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3825 u16 dcid, scid; 3885 u16 dcid, scid;
@@ -3853,7 +3913,8 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3853 return 0; 3913 return 0;
3854} 3914}
3855 3915
3856static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3916static inline int l2cap_information_req(struct l2cap_conn *conn,
3917 struct l2cap_cmd_hdr *cmd, u8 *data)
3857{ 3918{
3858 struct l2cap_info_req *req = (struct l2cap_info_req *) data; 3919 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3859 u16 type; 3920 u16 type;
@@ -3870,14 +3931,14 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3870 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS); 3931 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS);
3871 if (!disable_ertm) 3932 if (!disable_ertm)
3872 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 3933 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3873 | L2CAP_FEAT_FCS; 3934 | L2CAP_FEAT_FCS;
3874 if (enable_hs) 3935 if (enable_hs)
3875 feat_mask |= L2CAP_FEAT_EXT_FLOW 3936 feat_mask |= L2CAP_FEAT_EXT_FLOW
3876 | L2CAP_FEAT_EXT_WINDOW; 3937 | L2CAP_FEAT_EXT_WINDOW;
3877 3938
3878 put_unaligned_le32(feat_mask, rsp->data); 3939 put_unaligned_le32(feat_mask, rsp->data);
3879 l2cap_send_cmd(conn, cmd->ident, 3940 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
3880 L2CAP_INFO_RSP, sizeof(buf), buf); 3941 buf);
3881 } else if (type == L2CAP_IT_FIXED_CHAN) { 3942 } else if (type == L2CAP_IT_FIXED_CHAN) {
3882 u8 buf[12]; 3943 u8 buf[12];
3883 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 3944 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
@@ -3890,20 +3951,21 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3890 rsp->type = __constant_cpu_to_le16(L2CAP_IT_FIXED_CHAN); 3951 rsp->type = __constant_cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3891 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS); 3952 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS);
3892 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan)); 3953 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
3893 l2cap_send_cmd(conn, cmd->ident, 3954 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
3894 L2CAP_INFO_RSP, sizeof(buf), buf); 3955 buf);
3895 } else { 3956 } else {
3896 struct l2cap_info_rsp rsp; 3957 struct l2cap_info_rsp rsp;
3897 rsp.type = cpu_to_le16(type); 3958 rsp.type = cpu_to_le16(type);
3898 rsp.result = __constant_cpu_to_le16(L2CAP_IR_NOTSUPP); 3959 rsp.result = __constant_cpu_to_le16(L2CAP_IR_NOTSUPP);
3899 l2cap_send_cmd(conn, cmd->ident, 3960 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp),
3900 L2CAP_INFO_RSP, sizeof(rsp), &rsp); 3961 &rsp);
3901 } 3962 }
3902 3963
3903 return 0; 3964 return 0;
3904} 3965}
3905 3966
3906static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3967static inline int l2cap_information_rsp(struct l2cap_conn *conn,
3968 struct l2cap_cmd_hdr *cmd, u8 *data)
3907{ 3969{
3908 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data; 3970 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3909 u16 type, result; 3971 u16 type, result;
@@ -3915,7 +3977,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3915 3977
3916 /* L2CAP Info req/rsp are unbound to channels, add extra checks */ 3978 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3917 if (cmd->ident != conn->info_ident || 3979 if (cmd->ident != conn->info_ident ||
3918 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) 3980 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3919 return 0; 3981 return 0;
3920 3982
3921 cancel_delayed_work(&conn->info_timer); 3983 cancel_delayed_work(&conn->info_timer);
@@ -3940,7 +4002,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3940 conn->info_ident = l2cap_get_ident(conn); 4002 conn->info_ident = l2cap_get_ident(conn);
3941 4003
3942 l2cap_send_cmd(conn, conn->info_ident, 4004 l2cap_send_cmd(conn, conn->info_ident,
3943 L2CAP_INFO_REQ, sizeof(req), &req); 4005 L2CAP_INFO_REQ, sizeof(req), &req);
3944 } else { 4006 } else {
3945 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 4007 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3946 conn->info_ident = 0; 4008 conn->info_ident = 0;
@@ -3962,8 +4024,8 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3962} 4024}
3963 4025
3964static inline int l2cap_create_channel_req(struct l2cap_conn *conn, 4026static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3965 struct l2cap_cmd_hdr *cmd, u16 cmd_len, 4027 struct l2cap_cmd_hdr *cmd,
3966 void *data) 4028 u16 cmd_len, void *data)
3967{ 4029{
3968 struct l2cap_create_chan_req *req = data; 4030 struct l2cap_create_chan_req *req = data;
3969 struct l2cap_create_chan_rsp rsp; 4031 struct l2cap_create_chan_rsp rsp;
@@ -3993,7 +4055,8 @@ static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3993} 4055}
3994 4056
3995static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn, 4057static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3996 struct l2cap_cmd_hdr *cmd, void *data) 4058 struct l2cap_cmd_hdr *cmd,
4059 void *data)
3997{ 4060{
3998 BT_DBG("conn %p", conn); 4061 BT_DBG("conn %p", conn);
3999 4062
@@ -4126,7 +4189,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4126} 4189}
4127 4190
4128static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency, 4191static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
4129 u16 to_multiplier) 4192 u16 to_multiplier)
4130{ 4193{
4131 u16 max_latency; 4194 u16 max_latency;
4132 4195
@@ -4147,7 +4210,8 @@ static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
4147} 4210}
4148 4211
4149static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, 4212static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4150 struct l2cap_cmd_hdr *cmd, u8 *data) 4213 struct l2cap_cmd_hdr *cmd,
4214 u8 *data)
4151{ 4215{
4152 struct hci_conn *hcon = conn->hcon; 4216 struct hci_conn *hcon = conn->hcon;
4153 struct l2cap_conn_param_update_req *req; 4217 struct l2cap_conn_param_update_req *req;
@@ -4169,7 +4233,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4169 to_multiplier = __le16_to_cpu(req->to_multiplier); 4233 to_multiplier = __le16_to_cpu(req->to_multiplier);
4170 4234
4171 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x", 4235 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4172 min, max, latency, to_multiplier); 4236 min, max, latency, to_multiplier);
4173 4237
4174 memset(&rsp, 0, sizeof(rsp)); 4238 memset(&rsp, 0, sizeof(rsp));
4175 4239
@@ -4180,7 +4244,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4180 rsp.result = __constant_cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED); 4244 rsp.result = __constant_cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4181 4245
4182 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP, 4246 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4183 sizeof(rsp), &rsp); 4247 sizeof(rsp), &rsp);
4184 4248
4185 if (!err) 4249 if (!err)
4186 hci_le_conn_update(hcon, min, max, latency, to_multiplier); 4250 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
@@ -4189,7 +4253,8 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4189} 4253}
4190 4254
4191static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, 4255static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4192 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 4256 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4257 u8 *data)
4193{ 4258{
4194 int err = 0; 4259 int err = 0;
4195 4260
@@ -4203,6 +4268,7 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4203 break; 4268 break;
4204 4269
4205 case L2CAP_CONN_RSP: 4270 case L2CAP_CONN_RSP:
4271 case L2CAP_CREATE_CHAN_RSP:
4206 err = l2cap_connect_rsp(conn, cmd, data); 4272 err = l2cap_connect_rsp(conn, cmd, data);
4207 break; 4273 break;
4208 4274
@@ -4241,10 +4307,6 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4241 err = l2cap_create_channel_req(conn, cmd, cmd_len, data); 4307 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4242 break; 4308 break;
4243 4309
4244 case L2CAP_CREATE_CHAN_RSP:
4245 err = l2cap_create_channel_rsp(conn, cmd, data);
4246 break;
4247
4248 case L2CAP_MOVE_CHAN_REQ: 4310 case L2CAP_MOVE_CHAN_REQ:
4249 err = l2cap_move_channel_req(conn, cmd, cmd_len, data); 4311 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4250 break; 4312 break;
@@ -4271,7 +4333,7 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4271} 4333}
4272 4334
4273static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn, 4335static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4274 struct l2cap_cmd_hdr *cmd, u8 *data) 4336 struct l2cap_cmd_hdr *cmd, u8 *data)
4275{ 4337{
4276 switch (cmd->code) { 4338 switch (cmd->code) {
4277 case L2CAP_COMMAND_REJ: 4339 case L2CAP_COMMAND_REJ:
@@ -4290,7 +4352,7 @@ static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4290} 4352}
4291 4353
4292static inline void l2cap_sig_channel(struct l2cap_conn *conn, 4354static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4293 struct sk_buff *skb) 4355 struct sk_buff *skb)
4294{ 4356{
4295 u8 *data = skb->data; 4357 u8 *data = skb->data;
4296 int len = skb->len; 4358 int len = skb->len;
@@ -4307,7 +4369,8 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4307 4369
4308 cmd_len = le16_to_cpu(cmd.len); 4370 cmd_len = le16_to_cpu(cmd.len);
4309 4371
4310 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident); 4372 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len,
4373 cmd.ident);
4311 4374
4312 if (cmd_len > len || !cmd.ident) { 4375 if (cmd_len > len || !cmd.ident) {
4313 BT_DBG("corrupted command"); 4376 BT_DBG("corrupted command");
@@ -4326,7 +4389,8 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4326 4389
4327 /* FIXME: Map err to a valid reason */ 4390 /* FIXME: Map err to a valid reason */
4328 rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); 4391 rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
4329 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); 4392 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ,
4393 sizeof(rej), &rej);
4330 } 4394 }
4331 4395
4332 data += cmd_len; 4396 data += cmd_len;
@@ -4391,8 +4455,8 @@ static void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
4391 } 4455 }
4392} 4456}
4393 4457
4394static void append_skb_frag(struct sk_buff *skb, 4458static void append_skb_frag(struct sk_buff *skb, struct sk_buff *new_frag,
4395 struct sk_buff *new_frag, struct sk_buff **last_frag) 4459 struct sk_buff **last_frag)
4396{ 4460{
4397 /* skb->len reflects data in skb as well as all fragments 4461 /* skb->len reflects data in skb as well as all fragments
4398 * skb->data_len reflects only data in fragments 4462 * skb->data_len reflects only data in fragments
@@ -4641,7 +4705,7 @@ static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4641 4705
4642 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { 4706 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
4643 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= 4707 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
4644 chan->tx_win) { 4708 chan->tx_win) {
4645 /* See notes below regarding "double poll" and 4709 /* See notes below regarding "double poll" and
4646 * invalid packets. 4710 * invalid packets.
4647 */ 4711 */
@@ -4682,8 +4746,7 @@ static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4682 } 4746 }
4683 4747
4684 if (__seq_offset(chan, txseq, chan->last_acked_seq) < 4748 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
4685 __seq_offset(chan, chan->expected_tx_seq, 4749 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) {
4686 chan->last_acked_seq)){
4687 BT_DBG("Duplicate - expected_tx_seq later than txseq"); 4750 BT_DBG("Duplicate - expected_tx_seq later than txseq");
4688 return L2CAP_TXSEQ_DUPLICATE; 4751 return L2CAP_TXSEQ_DUPLICATE;
4689 } 4752 }
@@ -5323,7 +5386,7 @@ int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
5323 int exact = 0, lm1 = 0, lm2 = 0; 5386 int exact = 0, lm1 = 0, lm2 = 0;
5324 struct l2cap_chan *c; 5387 struct l2cap_chan *c;
5325 5388
5326 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 5389 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
5327 5390
5328 /* Find listening sockets and check their link_mode */ 5391 /* Find listening sockets and check their link_mode */
5329 read_lock(&chan_list_lock); 5392 read_lock(&chan_list_lock);
@@ -5353,7 +5416,7 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
5353{ 5416{
5354 struct l2cap_conn *conn; 5417 struct l2cap_conn *conn;
5355 5418
5356 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 5419 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
5357 5420
5358 if (!status) { 5421 if (!status) {
5359 conn = l2cap_conn_add(hcon, status); 5422 conn = l2cap_conn_add(hcon, status);
@@ -5443,7 +5506,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5443 } 5506 }
5444 5507
5445 if (!status && (chan->state == BT_CONNECTED || 5508 if (!status && (chan->state == BT_CONNECTED ||
5446 chan->state == BT_CONFIG)) { 5509 chan->state == BT_CONFIG)) {
5447 struct sock *sk = chan->sk; 5510 struct sock *sk = chan->sk;
5448 5511
5449 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 5512 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
@@ -5456,7 +5519,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5456 5519
5457 if (chan->state == BT_CONNECT) { 5520 if (chan->state == BT_CONNECT) {
5458 if (!status) { 5521 if (!status) {
5459 l2cap_send_conn_req(chan); 5522 l2cap_start_connection(chan);
5460 } else { 5523 } else {
5461 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT); 5524 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
5462 } 5525 }
@@ -5470,11 +5533,9 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5470 if (!status) { 5533 if (!status) {
5471 if (test_bit(BT_SK_DEFER_SETUP, 5534 if (test_bit(BT_SK_DEFER_SETUP,
5472 &bt_sk(sk)->flags)) { 5535 &bt_sk(sk)->flags)) {
5473 struct sock *parent = bt_sk(sk)->parent;
5474 res = L2CAP_CR_PEND; 5536 res = L2CAP_CR_PEND;
5475 stat = L2CAP_CS_AUTHOR_PEND; 5537 stat = L2CAP_CS_AUTHOR_PEND;
5476 if (parent) 5538 chan->ops->defer(chan);
5477 parent->sk_data_ready(parent, 0);
5478 } else { 5539 } else {
5479 __l2cap_state_change(chan, BT_CONFIG); 5540 __l2cap_state_change(chan, BT_CONFIG);
5480 res = L2CAP_CR_SUCCESS; 5541 res = L2CAP_CR_SUCCESS;
@@ -5494,7 +5555,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5494 rsp.result = cpu_to_le16(res); 5555 rsp.result = cpu_to_le16(res);
5495 rsp.status = cpu_to_le16(stat); 5556 rsp.status = cpu_to_le16(stat);
5496 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 5557 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5497 sizeof(rsp), &rsp); 5558 sizeof(rsp), &rsp);
5498 5559
5499 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) && 5560 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) &&
5500 res == L2CAP_CR_SUCCESS) { 5561 res == L2CAP_CR_SUCCESS) {
@@ -5519,6 +5580,12 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5519int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 5580int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5520{ 5581{
5521 struct l2cap_conn *conn = hcon->l2cap_data; 5582 struct l2cap_conn *conn = hcon->l2cap_data;
5583 struct l2cap_hdr *hdr;
5584 int len;
5585
5586 /* For AMP controller do not create l2cap conn */
5587 if (!conn && hcon->hdev->dev_type != HCI_BREDR)
5588 goto drop;
5522 5589
5523 if (!conn) 5590 if (!conn)
5524 conn = l2cap_conn_add(hcon, 0); 5591 conn = l2cap_conn_add(hcon, 0);
@@ -5528,10 +5595,10 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5528 5595
5529 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags); 5596 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5530 5597
5531 if (!(flags & ACL_CONT)) { 5598 switch (flags) {
5532 struct l2cap_hdr *hdr; 5599 case ACL_START:
5533 int len; 5600 case ACL_START_NO_FLUSH:
5534 5601 case ACL_COMPLETE:
5535 if (conn->rx_len) { 5602 if (conn->rx_len) {
5536 BT_ERR("Unexpected start frame (len %d)", skb->len); 5603 BT_ERR("Unexpected start frame (len %d)", skb->len);
5537 kfree_skb(conn->rx_skb); 5604 kfree_skb(conn->rx_skb);
@@ -5560,20 +5627,22 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5560 5627
5561 if (skb->len > len) { 5628 if (skb->len > len) {
5562 BT_ERR("Frame is too long (len %d, expected len %d)", 5629 BT_ERR("Frame is too long (len %d, expected len %d)",
5563 skb->len, len); 5630 skb->len, len);
5564 l2cap_conn_unreliable(conn, ECOMM); 5631 l2cap_conn_unreliable(conn, ECOMM);
5565 goto drop; 5632 goto drop;
5566 } 5633 }
5567 5634
5568 /* Allocate skb for the complete frame (with header) */ 5635 /* Allocate skb for the complete frame (with header) */
5569 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC); 5636 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
5570 if (!conn->rx_skb) 5637 if (!conn->rx_skb)
5571 goto drop; 5638 goto drop;
5572 5639
5573 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 5640 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
5574 skb->len); 5641 skb->len);
5575 conn->rx_len = len - skb->len; 5642 conn->rx_len = len - skb->len;
5576 } else { 5643 break;
5644
5645 case ACL_CONT:
5577 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len); 5646 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5578 5647
5579 if (!conn->rx_len) { 5648 if (!conn->rx_len) {
@@ -5584,7 +5653,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5584 5653
5585 if (skb->len > conn->rx_len) { 5654 if (skb->len > conn->rx_len) {
5586 BT_ERR("Fragment is too long (len %d, expected %d)", 5655 BT_ERR("Fragment is too long (len %d, expected %d)",
5587 skb->len, conn->rx_len); 5656 skb->len, conn->rx_len);
5588 kfree_skb(conn->rx_skb); 5657 kfree_skb(conn->rx_skb);
5589 conn->rx_skb = NULL; 5658 conn->rx_skb = NULL;
5590 conn->rx_len = 0; 5659 conn->rx_len = 0;
@@ -5593,7 +5662,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5593 } 5662 }
5594 5663
5595 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 5664 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
5596 skb->len); 5665 skb->len);
5597 conn->rx_len -= skb->len; 5666 conn->rx_len -= skb->len;
5598 5667
5599 if (!conn->rx_len) { 5668 if (!conn->rx_len) {
@@ -5601,6 +5670,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5601 l2cap_recv_frame(conn, conn->rx_skb); 5670 l2cap_recv_frame(conn, conn->rx_skb);
5602 conn->rx_skb = NULL; 5671 conn->rx_skb = NULL;
5603 } 5672 }
5673 break;
5604 } 5674 }
5605 5675
5606drop: 5676drop:
@@ -5617,12 +5687,11 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
5617 list_for_each_entry(c, &chan_list, global_l) { 5687 list_for_each_entry(c, &chan_list, global_l) {
5618 struct sock *sk = c->sk; 5688 struct sock *sk = c->sk;
5619 5689
5620 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", 5690 seq_printf(f, "%pMR %pMR %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
5621 batostr(&bt_sk(sk)->src), 5691 &bt_sk(sk)->src, &bt_sk(sk)->dst,
5622 batostr(&bt_sk(sk)->dst), 5692 c->state, __le16_to_cpu(c->psm),
5623 c->state, __le16_to_cpu(c->psm), 5693 c->scid, c->dcid, c->imtu, c->omtu,
5624 c->scid, c->dcid, c->imtu, c->omtu, 5694 c->sec_level, c->mode);
5625 c->sec_level, c->mode);
5626 } 5695 }
5627 5696
5628 read_unlock(&chan_list_lock); 5697 read_unlock(&chan_list_lock);
@@ -5653,8 +5722,8 @@ int __init l2cap_init(void)
5653 return err; 5722 return err;
5654 5723
5655 if (bt_debugfs) { 5724 if (bt_debugfs) {
5656 l2cap_debugfs = debugfs_create_file("l2cap", 0444, 5725 l2cap_debugfs = debugfs_create_file("l2cap", 0444, bt_debugfs,
5657 bt_debugfs, NULL, &l2cap_debugfs_fops); 5726 NULL, &l2cap_debugfs_fops);
5658 if (!l2cap_debugfs) 5727 if (!l2cap_debugfs)
5659 BT_ERR("Failed to create L2CAP debug file"); 5728 BT_ERR("Failed to create L2CAP debug file");
5660 } 5729 }
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 083f2bf065d4..89f1472939ec 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -40,7 +40,8 @@ static struct bt_sock_list l2cap_sk_list = {
40 40
41static const struct proto_ops l2cap_sock_ops; 41static const struct proto_ops l2cap_sock_ops;
42static void l2cap_sock_init(struct sock *sk, struct sock *parent); 42static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio);
44 45
45static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
46{ 47{
@@ -106,7 +107,8 @@ done:
106 return err; 107 return err;
107} 108}
108 109
109static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 110static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
111 int alen, int flags)
110{ 112{
111 struct sock *sk = sock->sk; 113 struct sock *sk = sock->sk;
112 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 114 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -134,7 +136,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
134 lock_sock(sk); 136 lock_sock(sk);
135 137
136 err = bt_sock_wait_state(sk, BT_CONNECTED, 138 err = bt_sock_wait_state(sk, BT_CONNECTED,
137 sock_sndtimeo(sk, flags & O_NONBLOCK)); 139 sock_sndtimeo(sk, flags & O_NONBLOCK));
138 140
139 release_sock(sk); 141 release_sock(sk);
140 142
@@ -185,7 +187,8 @@ done:
185 return err; 187 return err;
186} 188}
187 189
188static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 190static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
191 int flags)
189{ 192{
190 DECLARE_WAITQUEUE(wait, current); 193 DECLARE_WAITQUEUE(wait, current);
191 struct sock *sk = sock->sk, *nsk; 194 struct sock *sk = sock->sk, *nsk;
@@ -241,7 +244,8 @@ done:
241 return err; 244 return err;
242} 245}
243 246
244static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 247static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
248 int *len, int peer)
245{ 249{
246 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
247 struct sock *sk = sock->sk; 251 struct sock *sk = sock->sk;
@@ -266,7 +270,8 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
266 return 0; 270 return 0;
267} 271}
268 272
269static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 273static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
274 char __user *optval, int __user *optlen)
270{ 275{
271 struct sock *sk = sock->sk; 276 struct sock *sk = sock->sk;
272 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 277 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -309,7 +314,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
309 break; 314 break;
310 case BT_SECURITY_HIGH: 315 case BT_SECURITY_HIGH:
311 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 316 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
312 L2CAP_LM_SECURE; 317 L2CAP_LM_SECURE;
313 break; 318 break;
314 default: 319 default:
315 opt = 0; 320 opt = 0;
@@ -353,7 +358,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
353 return err; 358 return err;
354} 359}
355 360
356static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 361static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
362 char __user *optval, int __user *optlen)
357{ 363{
358 struct sock *sk = sock->sk; 364 struct sock *sk = sock->sk;
359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -377,19 +383,20 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
377 switch (optname) { 383 switch (optname) {
378 case BT_SECURITY: 384 case BT_SECURITY:
379 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 385 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
380 chan->chan_type != L2CAP_CHAN_RAW) { 386 chan->chan_type != L2CAP_CHAN_RAW) {
381 err = -EINVAL; 387 err = -EINVAL;
382 break; 388 break;
383 } 389 }
384 390
385 memset(&sec, 0, sizeof(sec)); 391 memset(&sec, 0, sizeof(sec));
386 if (chan->conn) 392 if (chan->conn) {
387 sec.level = chan->conn->hcon->sec_level; 393 sec.level = chan->conn->hcon->sec_level;
388 else
389 sec.level = chan->sec_level;
390 394
391 if (sk->sk_state == BT_CONNECTED) 395 if (sk->sk_state == BT_CONNECTED)
392 sec.key_size = chan->conn->hcon->enc_key_size; 396 sec.key_size = chan->conn->hcon->enc_key_size;
397 } else {
398 sec.level = chan->sec_level;
399 }
393 400
394 len = min_t(unsigned int, len, sizeof(sec)); 401 len = min_t(unsigned int, len, sizeof(sec));
395 if (copy_to_user(optval, (char *) &sec, len)) 402 if (copy_to_user(optval, (char *) &sec, len))
@@ -411,14 +418,14 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
411 418
412 case BT_FLUSHABLE: 419 case BT_FLUSHABLE:
413 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 420 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
414 (u32 __user *) optval)) 421 (u32 __user *) optval))
415 err = -EFAULT; 422 err = -EFAULT;
416 423
417 break; 424 break;
418 425
419 case BT_POWER: 426 case BT_POWER:
420 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 427 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
421 && sk->sk_type != SOCK_RAW) { 428 && sk->sk_type != SOCK_RAW) {
422 err = -EINVAL; 429 err = -EINVAL;
423 break; 430 break;
424 } 431 }
@@ -466,7 +473,8 @@ static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
466 return true; 473 return true;
467} 474}
468 475
469static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 476static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
477 char __user *optval, unsigned int optlen)
470{ 478{
471 struct sock *sk = sock->sk; 479 struct sock *sk = sock->sk;
472 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 480 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -529,6 +537,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
529 chan->fcs = opts.fcs; 537 chan->fcs = opts.fcs;
530 chan->max_tx = opts.max_tx; 538 chan->max_tx = opts.max_tx;
531 chan->tx_win = opts.txwin_size; 539 chan->tx_win = opts.txwin_size;
540 chan->flush_to = opts.flush_to;
532 break; 541 break;
533 542
534 case L2CAP_LM: 543 case L2CAP_LM:
@@ -564,7 +573,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
564 return err; 573 return err;
565} 574}
566 575
567static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 576static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
577 char __user *optval, unsigned int optlen)
568{ 578{
569 struct sock *sk = sock->sk; 579 struct sock *sk = sock->sk;
570 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 580 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -587,7 +597,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
587 switch (optname) { 597 switch (optname) {
588 case BT_SECURITY: 598 case BT_SECURITY:
589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 599 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
590 chan->chan_type != L2CAP_CHAN_RAW) { 600 chan->chan_type != L2CAP_CHAN_RAW) {
591 err = -EINVAL; 601 err = -EINVAL;
592 break; 602 break;
593 } 603 }
@@ -601,7 +611,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
601 } 611 }
602 612
603 if (sec.level < BT_SECURITY_LOW || 613 if (sec.level < BT_SECURITY_LOW ||
604 sec.level > BT_SECURITY_HIGH) { 614 sec.level > BT_SECURITY_HIGH) {
605 err = -EINVAL; 615 err = -EINVAL;
606 break; 616 break;
607 } 617 }
@@ -627,7 +637,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
627 637
628 /* or for ACL link */ 638 /* or for ACL link */
629 } else if ((sk->sk_state == BT_CONNECT2 && 639 } else if ((sk->sk_state == BT_CONNECT2 &&
630 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 640 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
631 sk->sk_state == BT_CONNECTED) { 641 sk->sk_state == BT_CONNECTED) {
632 if (!l2cap_chan_check_security(chan)) 642 if (!l2cap_chan_check_security(chan))
633 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 643 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
@@ -684,7 +694,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
684 694
685 case BT_POWER: 695 case BT_POWER:
686 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 696 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
687 chan->chan_type != L2CAP_CHAN_RAW) { 697 chan->chan_type != L2CAP_CHAN_RAW) {
688 err = -EINVAL; 698 err = -EINVAL;
689 break; 699 break;
690 } 700 }
@@ -720,7 +730,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
720 } 730 }
721 731
722 if (chan->mode != L2CAP_MODE_ERTM && 732 if (chan->mode != L2CAP_MODE_ERTM &&
723 chan->mode != L2CAP_MODE_STREAMING) { 733 chan->mode != L2CAP_MODE_STREAMING) {
724 err = -EOPNOTSUPP; 734 err = -EOPNOTSUPP;
725 break; 735 break;
726 } 736 }
@@ -737,7 +747,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
737 return err; 747 return err;
738} 748}
739 749
740static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 750static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
751 struct msghdr *msg, size_t len)
741{ 752{
742 struct sock *sk = sock->sk; 753 struct sock *sk = sock->sk;
743 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 754 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -762,7 +773,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
762 return err; 773 return err;
763} 774}
764 775
765static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 776static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
777 struct msghdr *msg, size_t len, int flags)
766{ 778{
767 struct sock *sk = sock->sk; 779 struct sock *sk = sock->sk;
768 struct l2cap_pinfo *pi = l2cap_pi(sk); 780 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -866,7 +878,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
866 878
867 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 879 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
868 err = bt_sock_wait_state(sk, BT_CLOSED, 880 err = bt_sock_wait_state(sk, BT_CLOSED,
869 sk->sk_lingertime); 881 sk->sk_lingertime);
870 } 882 }
871 883
872 if (!err && sk->sk_err) 884 if (!err && sk->sk_err)
@@ -930,7 +942,7 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
930 } 942 }
931 943
932 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 944 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
933 GFP_ATOMIC); 945 GFP_ATOMIC);
934 if (!sk) 946 if (!sk)
935 return NULL; 947 return NULL;
936 948
@@ -938,6 +950,8 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
938 950
939 l2cap_sock_init(sk, parent); 951 l2cap_sock_init(sk, parent);
940 952
953 bt_accept_enqueue(parent, sk);
954
941 return l2cap_pi(sk)->chan; 955 return l2cap_pi(sk)->chan;
942} 956}
943 957
@@ -1068,6 +1082,15 @@ static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1068 release_sock(sk); 1082 release_sock(sk);
1069} 1083}
1070 1084
1085static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1086{
1087 struct sock *sk = chan->data;
1088 struct sock *parent = bt_sk(sk)->parent;
1089
1090 if (parent)
1091 parent->sk_data_ready(parent, 0);
1092}
1093
1071static struct l2cap_ops l2cap_chan_ops = { 1094static struct l2cap_ops l2cap_chan_ops = {
1072 .name = "L2CAP Socket Interface", 1095 .name = "L2CAP Socket Interface",
1073 .new_connection = l2cap_sock_new_connection_cb, 1096 .new_connection = l2cap_sock_new_connection_cb,
@@ -1076,6 +1099,7 @@ static struct l2cap_ops l2cap_chan_ops = {
1076 .teardown = l2cap_sock_teardown_cb, 1099 .teardown = l2cap_sock_teardown_cb,
1077 .state_change = l2cap_sock_state_change_cb, 1100 .state_change = l2cap_sock_state_change_cb,
1078 .ready = l2cap_sock_ready_cb, 1101 .ready = l2cap_sock_ready_cb,
1102 .defer = l2cap_sock_defer_cb,
1079 .alloc_skb = l2cap_sock_alloc_skb_cb, 1103 .alloc_skb = l2cap_sock_alloc_skb_cb,
1080}; 1104};
1081 1105
@@ -1083,7 +1107,8 @@ static void l2cap_sock_destruct(struct sock *sk)
1083{ 1107{
1084 BT_DBG("sk %p", sk); 1108 BT_DBG("sk %p", sk);
1085 1109
1086 l2cap_chan_put(l2cap_pi(sk)->chan); 1110 if (l2cap_pi(sk)->chan)
1111 l2cap_chan_put(l2cap_pi(sk)->chan);
1087 if (l2cap_pi(sk)->rx_busy_skb) { 1112 if (l2cap_pi(sk)->rx_busy_skb) {
1088 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1113 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1089 l2cap_pi(sk)->rx_busy_skb = NULL; 1114 l2cap_pi(sk)->rx_busy_skb = NULL;
@@ -1159,7 +1184,8 @@ static struct proto l2cap_proto = {
1159 .obj_size = sizeof(struct l2cap_pinfo) 1184 .obj_size = sizeof(struct l2cap_pinfo)
1160}; 1185};
1161 1186
1162static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1187static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1188 int proto, gfp_t prio)
1163{ 1189{
1164 struct sock *sk; 1190 struct sock *sk;
1165 struct l2cap_chan *chan; 1191 struct l2cap_chan *chan;
@@ -1204,7 +1230,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1204 sock->state = SS_UNCONNECTED; 1230 sock->state = SS_UNCONNECTED;
1205 1231
1206 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1232 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1207 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1233 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1208 return -ESOCKTNOSUPPORT; 1234 return -ESOCKTNOSUPPORT;
1209 1235
1210 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1236 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
@@ -1261,7 +1287,8 @@ int __init l2cap_init_sockets(void)
1261 goto error; 1287 goto error;
1262 } 1288 }
1263 1289
1264 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL); 1290 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list,
1291 NULL);
1265 if (err < 0) { 1292 if (err < 0) {
1266 BT_ERR("Failed to create L2CAP proc file"); 1293 BT_ERR("Failed to create L2CAP proc file");
1267 bt_sock_unregister(BTPROTO_L2CAP); 1294 bt_sock_unregister(BTPROTO_L2CAP);
diff --git a/net/bluetooth/lib.c b/net/bluetooth/lib.c
index e1c97527e16c..b3fbc73516c4 100644
--- a/net/bluetooth/lib.c
+++ b/net/bluetooth/lib.c
@@ -41,20 +41,6 @@ void baswap(bdaddr_t *dst, bdaddr_t *src)
41} 41}
42EXPORT_SYMBOL(baswap); 42EXPORT_SYMBOL(baswap);
43 43
44char *batostr(bdaddr_t *ba)
45{
46 static char str[2][18];
47 static int i = 1;
48
49 i ^= 1;
50 sprintf(str[i], "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
51 ba->b[5], ba->b[4], ba->b[3],
52 ba->b[2], ba->b[1], ba->b[0]);
53
54 return str[i];
55}
56EXPORT_SYMBOL(batostr);
57
58/* Bluetooth error codes to Unix errno mapping */ 44/* Bluetooth error codes to Unix errno mapping */
59int bt_to_errno(__u16 code) 45int bt_to_errno(__u16 code)
60{ 46{
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index aa2ea0a8142c..399e5024b5bd 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3125,6 +3125,9 @@ int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3125 struct pending_cmd *cmd; 3125 struct pending_cmd *cmd;
3126 int err; 3126 int err;
3127 3127
3128 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3129 hdev);
3130
3128 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3131 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3129 if (!cmd) 3132 if (!cmd)
3130 return -ENOENT; 3133 return -ENOENT;
@@ -3137,8 +3140,6 @@ int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3137 3140
3138 mgmt_pending_remove(cmd); 3141 mgmt_pending_remove(cmd);
3139 3142
3140 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3141 hdev);
3142 return err; 3143 return err;
3143} 3144}
3144 3145
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index c75107ef8920..201fdf737209 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -377,8 +377,8 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
377 int err = 0; 377 int err = 0;
378 u8 dlci; 378 u8 dlci;
379 379
380 BT_DBG("dlc %p state %ld %s %s channel %d", 380 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
381 d, d->state, batostr(src), batostr(dst), channel); 381 d, d->state, src, dst, channel);
382 382
383 if (channel < 1 || channel > 30) 383 if (channel < 1 || channel > 30)
384 return -EINVAL; 384 return -EINVAL;
@@ -676,7 +676,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
676 struct socket *sock; 676 struct socket *sock;
677 struct sock *sk; 677 struct sock *sk;
678 678
679 BT_DBG("%s %s", batostr(src), batostr(dst)); 679 BT_DBG("%pMR -> %pMR", src, dst);
680 680
681 *err = rfcomm_l2sock_create(&sock); 681 *err = rfcomm_l2sock_create(&sock);
682 if (*err < 0) 682 if (*err < 0)
@@ -709,7 +709,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
709 709
710 bacpy(&addr.l2_bdaddr, dst); 710 bacpy(&addr.l2_bdaddr, dst);
711 addr.l2_family = AF_BLUETOOTH; 711 addr.l2_family = AF_BLUETOOTH;
712 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 712 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
713 addr.l2_cid = 0; 713 addr.l2_cid = 0;
714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
715 if (*err == 0 || *err == -EINPROGRESS) 715 if (*err == 0 || *err == -EINPROGRESS)
@@ -1987,7 +1987,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1987 /* Bind socket */ 1987 /* Bind socket */
1988 bacpy(&addr.l2_bdaddr, ba); 1988 bacpy(&addr.l2_bdaddr, ba);
1989 addr.l2_family = AF_BLUETOOTH; 1989 addr.l2_family = AF_BLUETOOTH;
1990 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1990 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1991 addr.l2_cid = 0; 1991 addr.l2_cid = 0;
1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1993 if (err < 0) { 1993 if (err < 0) {
@@ -2125,11 +2125,10 @@ static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2125 list_for_each_entry(d, &s->dlcs, list) { 2125 list_for_each_entry(d, &s->dlcs, list) {
2126 struct sock *sk = s->sock->sk; 2126 struct sock *sk = s->sock->sk;
2127 2127
2128 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2128 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2129 batostr(&bt_sk(sk)->src), 2129 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2130 batostr(&bt_sk(sk)->dst), 2130 d->state, d->dlci, d->mtu,
2131 d->state, d->dlci, d->mtu, 2131 d->rx_credits, d->tx_credits);
2132 d->rx_credits, d->tx_credits);
2133 } 2132 }
2134 } 2133 }
2135 2134
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index b3226f3658cf..4ddef57d03a7 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -334,7 +334,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
334 struct sock *sk = sock->sk; 334 struct sock *sk = sock->sk;
335 int err = 0; 335 int err = 0;
336 336
337 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 337 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
338 338
339 if (!addr || addr->sa_family != AF_BLUETOOTH) 339 if (!addr || addr->sa_family != AF_BLUETOOTH)
340 return -EINVAL; 340 return -EINVAL;
@@ -975,10 +975,9 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
975 read_lock(&rfcomm_sk_list.lock); 975 read_lock(&rfcomm_sk_list.lock);
976 976
977 sk_for_each(sk, node, &rfcomm_sk_list.head) { 977 sk_for_each(sk, node, &rfcomm_sk_list.head) {
978 seq_printf(f, "%s %s %d %d\n", 978 seq_printf(f, "%pMR %pMR %d %d\n",
979 batostr(&bt_sk(sk)->src), 979 &bt_sk(sk)->src, &bt_sk(sk)->dst,
980 batostr(&bt_sk(sk)->dst), 980 sk->sk_state, rfcomm_pi(sk)->channel);
981 sk->sk_state, rfcomm_pi(sk)->channel);
982 } 981 }
983 982
984 read_unlock(&rfcomm_sk_list.lock); 983 read_unlock(&rfcomm_sk_list.lock);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index ccc248791d50..bd6fd0f43d2b 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -166,7 +166,7 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
166static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 166static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
167{ 167{
168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
169 return sprintf(buf, "%s\n", batostr(&dev->dst)); 169 return sprintf(buf, "%pMR\n", &dev->dst);
170} 170}
171 171
172static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 172static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
@@ -663,8 +663,8 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
663 if (!dev) 663 if (!dev)
664 return -ENODEV; 664 return -ENODEV;
665 665
666 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 666 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
667 dev->channel, dev->port.count); 667 dev->channel, dev->port.count);
668 668
669 spin_lock_irqsave(&dev->port.lock, flags); 669 spin_lock_irqsave(&dev->port.lock, flags);
670 if (++dev->port.count > 1) { 670 if (++dev->port.count > 1) {
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index dc42b917aaaf..450cdcd88e5c 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -172,7 +172,7 @@ static int sco_connect(struct sock *sk)
172 struct hci_dev *hdev; 172 struct hci_dev *hdev;
173 int err, type; 173 int err, type;
174 174
175 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 175 BT_DBG("%pMR -> %pMR", src, dst);
176 176
177 hdev = hci_get_route(dst, src); 177 hdev = hci_get_route(dst, src);
178 if (!hdev) 178 if (!hdev)
@@ -460,7 +460,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
460 struct sock *sk = sock->sk; 460 struct sock *sk = sock->sk;
461 int err = 0; 461 int err = 0;
462 462
463 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr)); 463 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
464 464
465 if (!addr || addr->sa_family != AF_BLUETOOTH) 465 if (!addr || addr->sa_family != AF_BLUETOOTH)
466 return -EINVAL; 466 return -EINVAL;
@@ -893,7 +893,7 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
893 struct hlist_node *node; 893 struct hlist_node *node;
894 int lm = 0; 894 int lm = 0;
895 895
896 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 896 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
897 897
898 /* Find listening sockets */ 898 /* Find listening sockets */
899 read_lock(&sco_sk_list.lock); 899 read_lock(&sco_sk_list.lock);
@@ -914,7 +914,7 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
914 914
915void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 915void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
916{ 916{
917 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 917 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
918 if (!status) { 918 if (!status) {
919 struct sco_conn *conn; 919 struct sco_conn *conn;
920 920
@@ -959,8 +959,8 @@ static int sco_debugfs_show(struct seq_file *f, void *p)
959 read_lock(&sco_sk_list.lock); 959 read_lock(&sco_sk_list.lock);
960 960
961 sk_for_each(sk, node, &sco_sk_list.head) { 961 sk_for_each(sk, node, &sco_sk_list.head) {
962 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), 962 seq_printf(f, "%pMR %pMR %d\n", &bt_sk(sk)->src,
963 batostr(&bt_sk(sk)->dst), sk->sk_state); 963 &bt_sk(sk)->dst, sk->sk_state);
964 } 964 }
965 965
966 read_unlock(&sco_sk_list.lock); 966 read_unlock(&sco_sk_list.lock);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 8c225ef349cd..9b54fea080c9 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -165,7 +165,7 @@ static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
165 165
166 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 166 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
167 lh->len = cpu_to_le16(sizeof(code) + dlen); 167 lh->len = cpu_to_le16(sizeof(code) + dlen);
168 lh->cid = cpu_to_le16(L2CAP_CID_SMP); 168 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
169 169
170 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code)); 170 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
171 171
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-14 08:56:46 -0500