aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/af_bluetooth.c12
-rw-r--r--net/bluetooth/bnep/core.c10
-rw-r--r--net/bluetooth/bnep/netdev.c7
-rw-r--r--net/bluetooth/bnep/sock.c7
-rw-r--r--net/bluetooth/cmtp/capi.c37
-rw-r--r--net/bluetooth/cmtp/sock.c7
-rw-r--r--net/bluetooth/hci_conn.c3
-rw-r--r--net/bluetooth/hci_core.c51
-rw-r--r--net/bluetooth/hci_event.c8
-rw-r--r--net/bluetooth/hci_sock.c20
-rw-r--r--net/bluetooth/hci_sysfs.c125
-rw-r--r--net/bluetooth/hidp/core.c137
-rw-r--r--net/bluetooth/hidp/hidp.h4
-rw-r--r--net/bluetooth/hidp/sock.c7
-rw-r--r--net/bluetooth/l2cap.c210
-rw-r--r--net/bluetooth/rfcomm/core.c54
-rw-r--r--net/bluetooth/rfcomm/sock.c46
-rw-r--r--net/bluetooth/sco.c44
18 files changed, 540 insertions, 249 deletions
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 8cfb5a849841..404a8500fd03 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -31,7 +31,6 @@
31#include <linux/errno.h> 31#include <linux/errno.h>
32#include <linux/kernel.h> 32#include <linux/kernel.h>
33#include <linux/sched.h> 33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/skbuff.h> 34#include <linux/skbuff.h>
36#include <linux/init.h> 35#include <linux/init.h>
37#include <linux/poll.h> 36#include <linux/poll.h>
@@ -45,7 +44,7 @@
45 44
46/* Bluetooth sockets */ 45/* Bluetooth sockets */
47#define BT_MAX_PROTO 8 46#define BT_MAX_PROTO 8
48static struct net_proto_family *bt_proto[BT_MAX_PROTO]; 47static const struct net_proto_family *bt_proto[BT_MAX_PROTO];
49static DEFINE_RWLOCK(bt_proto_lock); 48static DEFINE_RWLOCK(bt_proto_lock);
50 49
51static struct lock_class_key bt_lock_key[BT_MAX_PROTO]; 50static struct lock_class_key bt_lock_key[BT_MAX_PROTO];
@@ -86,7 +85,7 @@ static inline void bt_sock_reclassify_lock(struct socket *sock, int proto)
86 bt_key_strings[proto], &bt_lock_key[proto]); 85 bt_key_strings[proto], &bt_lock_key[proto]);
87} 86}
88 87
89int bt_sock_register(int proto, struct net_proto_family *ops) 88int bt_sock_register(int proto, const struct net_proto_family *ops)
90{ 89{
91 int err = 0; 90 int err = 0;
92 91
@@ -126,7 +125,8 @@ int bt_sock_unregister(int proto)
126} 125}
127EXPORT_SYMBOL(bt_sock_unregister); 126EXPORT_SYMBOL(bt_sock_unregister);
128 127
129static int bt_sock_create(struct net *net, struct socket *sock, int proto) 128static int bt_sock_create(struct net *net, struct socket *sock, int proto,
129 int kern)
130{ 130{
131 int err; 131 int err;
132 132
@@ -144,7 +144,7 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto)
144 read_lock(&bt_proto_lock); 144 read_lock(&bt_proto_lock);
145 145
146 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { 146 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
147 err = bt_proto[proto]->create(net, sock, proto); 147 err = bt_proto[proto]->create(net, sock, proto, kern);
148 bt_sock_reclassify_lock(sock, proto); 148 bt_sock_reclassify_lock(sock, proto);
149 module_put(bt_proto[proto]->owner); 149 module_put(bt_proto[proto]->owner);
150 } 150 }
@@ -257,7 +257,7 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
257 skb_reset_transport_header(skb); 257 skb_reset_transport_header(skb);
258 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 258 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
259 if (err == 0) 259 if (err == 0)
260 sock_recv_timestamp(msg, sk, skb); 260 sock_recv_ts_and_drops(msg, sk, skb);
261 261
262 skb_free_datagram(sk, skb); 262 skb_free_datagram(sk, skb);
263 263
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index cafe9f54d841..8062dad6d10d 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -35,6 +35,7 @@
35#include <linux/freezer.h> 35#include <linux/freezer.h>
36#include <linux/errno.h> 36#include <linux/errno.h>
37#include <linux/net.h> 37#include <linux/net.h>
38#include <linux/slab.h>
38#include <net/sock.h> 39#include <net/sock.h>
39 40
40#include <linux/socket.h> 41#include <linux/socket.h>
@@ -78,7 +79,7 @@ static struct bnep_session *__bnep_get_session(u8 *dst)
78static void __bnep_link_session(struct bnep_session *s) 79static void __bnep_link_session(struct bnep_session *s)
79{ 80{
80 /* It's safe to call __module_get() here because sessions are added 81 /* It's safe to call __module_get() here because sessions are added
81 by the socket layer which has to hold the refference to this module. 82 by the socket layer which has to hold the reference to this module.
82 */ 83 */
83 __module_get(THIS_MODULE); 84 __module_get(THIS_MODULE);
84 list_add(&s->list, &bnep_session_list); 85 list_add(&s->list, &bnep_session_list);
@@ -230,7 +231,6 @@ static int bnep_rx_control(struct bnep_session *s, void *data, int len)
230 231
231 switch (cmd) { 232 switch (cmd) {
232 case BNEP_CMD_NOT_UNDERSTOOD: 233 case BNEP_CMD_NOT_UNDERSTOOD:
233 case BNEP_SETUP_CONN_REQ:
234 case BNEP_SETUP_CONN_RSP: 234 case BNEP_SETUP_CONN_RSP:
235 case BNEP_FILTER_NET_TYPE_RSP: 235 case BNEP_FILTER_NET_TYPE_RSP:
236 case BNEP_FILTER_MULTI_ADDR_RSP: 236 case BNEP_FILTER_MULTI_ADDR_RSP:
@@ -245,6 +245,10 @@ static int bnep_rx_control(struct bnep_session *s, void *data, int len)
245 err = bnep_ctrl_set_mcfilter(s, data, len); 245 err = bnep_ctrl_set_mcfilter(s, data, len);
246 break; 246 break;
247 247
248 case BNEP_SETUP_CONN_REQ:
249 err = bnep_send_rsp(s, BNEP_SETUP_CONN_RSP, BNEP_CONN_NOT_ALLOWED);
250 break;
251
248 default: { 252 default: {
249 u8 pkt[3]; 253 u8 pkt[3];
250 pkt[0] = BNEP_CONTROL; 254 pkt[0] = BNEP_CONTROL;
@@ -629,7 +633,7 @@ int bnep_del_connection(struct bnep_conndel_req *req)
629 s = __bnep_get_session(req->dst); 633 s = __bnep_get_session(req->dst);
630 if (s) { 634 if (s) {
631 /* Wakeup user-space which is polling for socket errors. 635 /* Wakeup user-space which is polling for socket errors.
632 * This is temporary hack untill we have shutdown in L2CAP */ 636 * This is temporary hack until we have shutdown in L2CAP */
633 s->sock->sk->sk_err = EUNATCH; 637 s->sock->sk->sk_err = EUNATCH;
634 638
635 /* Kill session thread */ 639 /* Kill session thread */
diff --git a/net/bluetooth/bnep/netdev.c b/net/bluetooth/bnep/netdev.c
index 26fb831ef7e0..5643a2391e76 100644
--- a/net/bluetooth/bnep/netdev.c
+++ b/net/bluetooth/bnep/netdev.c
@@ -26,6 +26,7 @@
26*/ 26*/
27 27
28#include <linux/module.h> 28#include <linux/module.h>
29#include <linux/slab.h>
29 30
30#include <linux/socket.h> 31#include <linux/socket.h>
31#include <linux/netdevice.h> 32#include <linux/netdevice.h>
@@ -64,7 +65,7 @@ static void bnep_net_set_mc_list(struct net_device *dev)
64 struct sk_buff *skb; 65 struct sk_buff *skb;
65 int size; 66 int size;
66 67
67 BT_DBG("%s mc_count %d", dev->name, dev->mc_count); 68 BT_DBG("%s mc_count %d", dev->name, netdev_mc_count(dev));
68 69
69 size = sizeof(*r) + (BNEP_MAX_MULTICAST_FILTERS + 1) * ETH_ALEN * 2; 70 size = sizeof(*r) + (BNEP_MAX_MULTICAST_FILTERS + 1) * ETH_ALEN * 2;
70 skb = alloc_skb(size, GFP_ATOMIC); 71 skb = alloc_skb(size, GFP_ATOMIC);
@@ -97,7 +98,9 @@ static void bnep_net_set_mc_list(struct net_device *dev)
97 98
98 /* FIXME: We should group addresses here. */ 99 /* FIXME: We should group addresses here. */
99 100
100 for (i = 0; i < dev->mc_count && i < BNEP_MAX_MULTICAST_FILTERS; i++) { 101 for (i = 0;
102 i < netdev_mc_count(dev) && i < BNEP_MAX_MULTICAST_FILTERS;
103 i++) {
101 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN); 104 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN);
102 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN); 105 memcpy(__skb_put(skb, ETH_ALEN), dmi->dmi_addr, ETH_ALEN);
103 dmi = dmi->next; 106 dmi = dmi->next;
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index e857628b0b27..2862f53b66b1 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -30,7 +30,6 @@
30#include <linux/capability.h> 30#include <linux/capability.h>
31#include <linux/errno.h> 31#include <linux/errno.h>
32#include <linux/kernel.h> 32#include <linux/kernel.h>
33#include <linux/slab.h>
34#include <linux/poll.h> 33#include <linux/poll.h>
35#include <linux/fcntl.h> 34#include <linux/fcntl.h>
36#include <linux/skbuff.h> 35#include <linux/skbuff.h>
@@ -39,6 +38,7 @@
39#include <linux/file.h> 38#include <linux/file.h>
40#include <linux/init.h> 39#include <linux/init.h>
41#include <linux/compat.h> 40#include <linux/compat.h>
41#include <linux/gfp.h>
42#include <net/sock.h> 42#include <net/sock.h>
43 43
44#include <asm/system.h> 44#include <asm/system.h>
@@ -195,7 +195,8 @@ static struct proto bnep_proto = {
195 .obj_size = sizeof(struct bt_sock) 195 .obj_size = sizeof(struct bt_sock)
196}; 196};
197 197
198static int bnep_sock_create(struct net *net, struct socket *sock, int protocol) 198static int bnep_sock_create(struct net *net, struct socket *sock, int protocol,
199 int kern)
199{ 200{
200 struct sock *sk; 201 struct sock *sk;
201 202
@@ -222,7 +223,7 @@ static int bnep_sock_create(struct net *net, struct socket *sock, int protocol)
222 return 0; 223 return 0;
223} 224}
224 225
225static struct net_proto_family bnep_sock_family_ops = { 226static const struct net_proto_family bnep_sock_family_ops = {
226 .family = PF_BLUETOOTH, 227 .family = PF_BLUETOOTH,
227 .owner = THIS_MODULE, 228 .owner = THIS_MODULE,
228 .create = bnep_sock_create 229 .create = bnep_sock_create
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c
index 97f8d68d574d..3487cfe74aec 100644
--- a/net/bluetooth/cmtp/capi.c
+++ b/net/bluetooth/cmtp/capi.c
@@ -21,7 +21,8 @@
21*/ 21*/
22 22
23#include <linux/module.h> 23#include <linux/module.h>
24 24#include <linux/proc_fs.h>
25#include <linux/seq_file.h>
25#include <linux/types.h> 26#include <linux/types.h>
26#include <linux/errno.h> 27#include <linux/errno.h>
27#include <linux/kernel.h> 28#include <linux/kernel.h>
@@ -516,33 +517,37 @@ static char *cmtp_procinfo(struct capi_ctr *ctrl)
516 return "CAPI Message Transport Protocol"; 517 return "CAPI Message Transport Protocol";
517} 518}
518 519
519static int cmtp_ctr_read_proc(char *page, char **start, off_t off, int count, int *eof, struct capi_ctr *ctrl) 520static int cmtp_proc_show(struct seq_file *m, void *v)
520{ 521{
522 struct capi_ctr *ctrl = m->private;
521 struct cmtp_session *session = ctrl->driverdata; 523 struct cmtp_session *session = ctrl->driverdata;
522 struct cmtp_application *app; 524 struct cmtp_application *app;
523 struct list_head *p, *n; 525 struct list_head *p, *n;
524 int len = 0;
525 526
526 len += sprintf(page + len, "%s\n\n", cmtp_procinfo(ctrl)); 527 seq_printf(m, "%s\n\n", cmtp_procinfo(ctrl));
527 len += sprintf(page + len, "addr %s\n", session->name); 528 seq_printf(m, "addr %s\n", session->name);
528 len += sprintf(page + len, "ctrl %d\n", session->num); 529 seq_printf(m, "ctrl %d\n", session->num);
529 530
530 list_for_each_safe(p, n, &session->applications) { 531 list_for_each_safe(p, n, &session->applications) {
531 app = list_entry(p, struct cmtp_application, list); 532 app = list_entry(p, struct cmtp_application, list);
532 len += sprintf(page + len, "appl %d -> %d\n", app->appl, app->mapping); 533 seq_printf(m, "appl %d -> %d\n", app->appl, app->mapping);
533 } 534 }
534 535
535 if (off + count >= len) 536 return 0;
536 *eof = 1; 537}
537
538 if (len < off)
539 return 0;
540
541 *start = page + off;
542 538
543 return ((count < len - off) ? count : len - off); 539static int cmtp_proc_open(struct inode *inode, struct file *file)
540{
541 return single_open(file, cmtp_proc_show, PDE(inode)->data);
544} 542}
545 543
544static const struct file_operations cmtp_proc_fops = {
545 .owner = THIS_MODULE,
546 .open = cmtp_proc_open,
547 .read = seq_read,
548 .llseek = seq_lseek,
549 .release = single_release,
550};
546 551
547int cmtp_attach_device(struct cmtp_session *session) 552int cmtp_attach_device(struct cmtp_session *session)
548{ 553{
@@ -582,7 +587,7 @@ int cmtp_attach_device(struct cmtp_session *session)
582 session->ctrl.send_message = cmtp_send_message; 587 session->ctrl.send_message = cmtp_send_message;
583 588
584 session->ctrl.procinfo = cmtp_procinfo; 589 session->ctrl.procinfo = cmtp_procinfo;
585 session->ctrl.ctr_read_proc = cmtp_ctr_read_proc; 590 session->ctrl.proc_fops = &cmtp_proc_fops;
586 591
587 if (attach_capi_ctr(&session->ctrl) < 0) { 592 if (attach_capi_ctr(&session->ctrl) < 0) {
588 BT_ERR("Can't attach new controller"); 593 BT_ERR("Can't attach new controller");
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 16b0fad74f6e..7ea1979a8e4f 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -26,7 +26,6 @@
26#include <linux/capability.h> 26#include <linux/capability.h>
27#include <linux/errno.h> 27#include <linux/errno.h>
28#include <linux/kernel.h> 28#include <linux/kernel.h>
29#include <linux/slab.h>
30#include <linux/poll.h> 29#include <linux/poll.h>
31#include <linux/fcntl.h> 30#include <linux/fcntl.h>
32#include <linux/skbuff.h> 31#include <linux/skbuff.h>
@@ -34,6 +33,7 @@
34#include <linux/ioctl.h> 33#include <linux/ioctl.h>
35#include <linux/file.h> 34#include <linux/file.h>
36#include <linux/compat.h> 35#include <linux/compat.h>
36#include <linux/gfp.h>
37#include <net/sock.h> 37#include <net/sock.h>
38 38
39#include <linux/isdn/capilli.h> 39#include <linux/isdn/capilli.h>
@@ -190,7 +190,8 @@ static struct proto cmtp_proto = {
190 .obj_size = sizeof(struct bt_sock) 190 .obj_size = sizeof(struct bt_sock)
191}; 191};
192 192
193static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol) 193static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol,
194 int kern)
194{ 195{
195 struct sock *sk; 196 struct sock *sk;
196 197
@@ -217,7 +218,7 @@ static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol)
217 return 0; 218 return 0;
218} 219}
219 220
220static struct net_proto_family cmtp_sock_family_ops = { 221static const struct net_proto_family cmtp_sock_family_ops = {
221 .family = PF_BLUETOOTH, 222 .family = PF_BLUETOOTH,
222 .owner = THIS_MODULE, 223 .owner = THIS_MODULE,
223 .create = cmtp_sock_create 224 .create = cmtp_sock_create
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b7c4224f4e7d..b10e3cdb08f8 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -377,6 +377,9 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
377 377
378 if (acl->state == BT_CONNECTED && 378 if (acl->state == BT_CONNECTED &&
379 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { 379 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
380 acl->power_save = 1;
381 hci_conn_enter_active_mode(acl);
382
380 if (lmp_esco_capable(hdev)) 383 if (lmp_esco_capable(hdev))
381 hci_setup_sync(sco, acl->handle); 384 hci_setup_sync(sco, acl->handle);
382 else 385 else
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index e1da8f68759c..4ad23192c7a5 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -193,8 +193,9 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
193 while ((skb = skb_dequeue(&hdev->driver_init))) { 193 while ((skb = skb_dequeue(&hdev->driver_init))) {
194 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 194 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
195 skb->dev = (void *) hdev; 195 skb->dev = (void *) hdev;
196
196 skb_queue_tail(&hdev->cmd_q, skb); 197 skb_queue_tail(&hdev->cmd_q, skb);
197 hci_sched_cmd(hdev); 198 tasklet_schedule(&hdev->cmd_task);
198 } 199 }
199 skb_queue_purge(&hdev->driver_init); 200 skb_queue_purge(&hdev->driver_init);
200 201
@@ -490,6 +491,10 @@ int hci_dev_open(__u16 dev)
490 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 491 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
491 set_bit(HCI_RAW, &hdev->flags); 492 set_bit(HCI_RAW, &hdev->flags);
492 493
494 /* Treat all non BR/EDR controllers as raw devices for now */
495 if (hdev->dev_type != HCI_BREDR)
496 set_bit(HCI_RAW, &hdev->flags);
497
493 if (hdev->open(hdev)) { 498 if (hdev->open(hdev)) {
494 ret = -EIO; 499 ret = -EIO;
495 goto done; 500 goto done;
@@ -796,7 +801,7 @@ int hci_get_dev_info(void __user *arg)
796 801
797 strcpy(di.name, hdev->name); 802 strcpy(di.name, hdev->name);
798 di.bdaddr = hdev->bdaddr; 803 di.bdaddr = hdev->bdaddr;
799 di.type = hdev->type; 804 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
800 di.flags = hdev->flags; 805 di.flags = hdev->flags;
801 di.pkt_type = hdev->pkt_type; 806 di.pkt_type = hdev->pkt_type;
802 di.acl_mtu = hdev->acl_mtu; 807 di.acl_mtu = hdev->acl_mtu;
@@ -868,8 +873,8 @@ int hci_register_dev(struct hci_dev *hdev)
868 struct list_head *head = &hci_dev_list, *p; 873 struct list_head *head = &hci_dev_list, *p;
869 int i, id = 0; 874 int i, id = 0;
870 875
871 BT_DBG("%p name %s type %d owner %p", hdev, hdev->name, 876 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
872 hdev->type, hdev->owner); 877 hdev->bus, hdev->owner);
873 878
874 if (!hdev->open || !hdev->close || !hdev->destruct) 879 if (!hdev->open || !hdev->close || !hdev->destruct)
875 return -EINVAL; 880 return -EINVAL;
@@ -945,7 +950,7 @@ int hci_unregister_dev(struct hci_dev *hdev)
945{ 950{
946 int i; 951 int i;
947 952
948 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 953 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
949 954
950 write_lock_bh(&hci_dev_list_lock); 955 write_lock_bh(&hci_dev_list_lock);
951 list_del(&hdev->list); 956 list_del(&hdev->list);
@@ -987,6 +992,30 @@ int hci_resume_dev(struct hci_dev *hdev)
987} 992}
988EXPORT_SYMBOL(hci_resume_dev); 993EXPORT_SYMBOL(hci_resume_dev);
989 994
995/* Receive frame from HCI drivers */
996int hci_recv_frame(struct sk_buff *skb)
997{
998 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
999 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1000 && !test_bit(HCI_INIT, &hdev->flags))) {
1001 kfree_skb(skb);
1002 return -ENXIO;
1003 }
1004
1005 /* Incomming skb */
1006 bt_cb(skb)->incoming = 1;
1007
1008 /* Time stamp */
1009 __net_timestamp(skb);
1010
1011 /* Queue frame for rx task */
1012 skb_queue_tail(&hdev->rx_q, skb);
1013 tasklet_schedule(&hdev->rx_task);
1014
1015 return 0;
1016}
1017EXPORT_SYMBOL(hci_recv_frame);
1018
990/* Receive packet type fragment */ 1019/* Receive packet type fragment */
991#define __reassembly(hdev, type) ((hdev)->reassembly[(type) - 2]) 1020#define __reassembly(hdev, type) ((hdev)->reassembly[(type) - 2])
992 1021
@@ -1193,8 +1222,9 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1193 1222
1194 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; 1223 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1195 skb->dev = (void *) hdev; 1224 skb->dev = (void *) hdev;
1225
1196 skb_queue_tail(&hdev->cmd_q, skb); 1226 skb_queue_tail(&hdev->cmd_q, skb);
1197 hci_sched_cmd(hdev); 1227 tasklet_schedule(&hdev->cmd_task);
1198 1228
1199 return 0; 1229 return 0;
1200} 1230}
@@ -1271,7 +1301,8 @@ int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1271 spin_unlock_bh(&conn->data_q.lock); 1301 spin_unlock_bh(&conn->data_q.lock);
1272 } 1302 }
1273 1303
1274 hci_sched_tx(hdev); 1304 tasklet_schedule(&hdev->tx_task);
1305
1275 return 0; 1306 return 0;
1276} 1307}
1277EXPORT_SYMBOL(hci_send_acl); 1308EXPORT_SYMBOL(hci_send_acl);
@@ -1298,8 +1329,10 @@ int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1298 1329
1299 skb->dev = (void *) hdev; 1330 skb->dev = (void *) hdev;
1300 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT; 1331 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
1332
1301 skb_queue_tail(&conn->data_q, skb); 1333 skb_queue_tail(&conn->data_q, skb);
1302 hci_sched_tx(hdev); 1334 tasklet_schedule(&hdev->tx_task);
1335
1303 return 0; 1336 return 0;
1304} 1337}
1305EXPORT_SYMBOL(hci_send_sco); 1338EXPORT_SYMBOL(hci_send_sco);
@@ -1612,7 +1645,7 @@ static void hci_cmd_task(unsigned long arg)
1612 hdev->cmd_last_tx = jiffies; 1645 hdev->cmd_last_tx = jiffies;
1613 } else { 1646 } else {
1614 skb_queue_head(&hdev->cmd_q, skb); 1647 skb_queue_head(&hdev->cmd_q, skb);
1615 hci_sched_cmd(hdev); 1648 tasklet_schedule(&hdev->cmd_task);
1616 } 1649 }
1617 } 1650 }
1618} 1651}
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index e99fe385fba2..6c57fc71c7e2 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1320,7 +1320,7 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk
1320 if (ev->ncmd) { 1320 if (ev->ncmd) {
1321 atomic_set(&hdev->cmd_cnt, 1); 1321 atomic_set(&hdev->cmd_cnt, 1);
1322 if (!skb_queue_empty(&hdev->cmd_q)) 1322 if (!skb_queue_empty(&hdev->cmd_q))
1323 hci_sched_cmd(hdev); 1323 tasklet_schedule(&hdev->cmd_task);
1324 } 1324 }
1325} 1325}
1326 1326
@@ -1386,7 +1386,7 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1386 if (ev->ncmd) { 1386 if (ev->ncmd) {
1387 atomic_set(&hdev->cmd_cnt, 1); 1387 atomic_set(&hdev->cmd_cnt, 1);
1388 if (!skb_queue_empty(&hdev->cmd_q)) 1388 if (!skb_queue_empty(&hdev->cmd_q))
1389 hci_sched_cmd(hdev); 1389 tasklet_schedule(&hdev->cmd_task);
1390 } 1390 }
1391} 1391}
1392 1392
@@ -1454,7 +1454,7 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
1454 } 1454 }
1455 } 1455 }
1456 1456
1457 hci_sched_tx(hdev); 1457 tasklet_schedule(&hdev->tx_task);
1458 1458
1459 tasklet_enable(&hdev->tx_task); 1459 tasklet_enable(&hdev->tx_task);
1460} 1460}
@@ -1698,7 +1698,9 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu
1698 hci_conn_add_sysfs(conn); 1698 hci_conn_add_sysfs(conn);
1699 break; 1699 break;
1700 1700
1701 case 0x11: /* Unsupported Feature or Parameter Value */
1701 case 0x1c: /* SCO interval rejected */ 1702 case 0x1c: /* SCO interval rejected */
1703 case 0x1a: /* Unsupported Remote Feature */
1702 case 0x1f: /* Unspecified error */ 1704 case 0x1f: /* Unspecified error */
1703 if (conn->out && conn->attempt < 2) { 1705 if (conn->out && conn->attempt < 2) {
1704 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | 1706 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 75302a986067..38f08f6b86f6 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -329,6 +329,9 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
329 } 329 }
330 330
331 if (mask & HCI_CMSG_TSTAMP) { 331 if (mask & HCI_CMSG_TSTAMP) {
332#ifdef CONFIG_COMPAT
333 struct compat_timeval ctv;
334#endif
332 struct timeval tv; 335 struct timeval tv;
333 void *data; 336 void *data;
334 int len; 337 int len;
@@ -339,7 +342,6 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
339 len = sizeof(tv); 342 len = sizeof(tv);
340#ifdef CONFIG_COMPAT 343#ifdef CONFIG_COMPAT
341 if (msg->msg_flags & MSG_CMSG_COMPAT) { 344 if (msg->msg_flags & MSG_CMSG_COMPAT) {
342 struct compat_timeval ctv;
343 ctv.tv_sec = tv.tv_sec; 345 ctv.tv_sec = tv.tv_sec;
344 ctv.tv_usec = tv.tv_usec; 346 ctv.tv_usec = tv.tv_usec;
345 data = &ctv; 347 data = &ctv;
@@ -414,6 +416,11 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
414 goto done; 416 goto done;
415 } 417 }
416 418
419 if (!test_bit(HCI_UP, &hdev->flags)) {
420 err = -ENETDOWN;
421 goto done;
422 }
423
417 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err))) 424 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err)))
418 goto done; 425 goto done;
419 426
@@ -440,10 +447,10 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
440 447
441 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) { 448 if (test_bit(HCI_RAW, &hdev->flags) || (ogf == 0x3f)) {
442 skb_queue_tail(&hdev->raw_q, skb); 449 skb_queue_tail(&hdev->raw_q, skb);
443 hci_sched_tx(hdev); 450 tasklet_schedule(&hdev->tx_task);
444 } else { 451 } else {
445 skb_queue_tail(&hdev->cmd_q, skb); 452 skb_queue_tail(&hdev->cmd_q, skb);
446 hci_sched_cmd(hdev); 453 tasklet_schedule(&hdev->cmd_task);
447 } 454 }
448 } else { 455 } else {
449 if (!capable(CAP_NET_RAW)) { 456 if (!capable(CAP_NET_RAW)) {
@@ -452,7 +459,7 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
452 } 459 }
453 460
454 skb_queue_tail(&hdev->raw_q, skb); 461 skb_queue_tail(&hdev->raw_q, skb);
455 hci_sched_tx(hdev); 462 tasklet_schedule(&hdev->tx_task);
456 } 463 }
457 464
458 err = len; 465 err = len;
@@ -621,7 +628,8 @@ static struct proto hci_sk_proto = {
621 .obj_size = sizeof(struct hci_pinfo) 628 .obj_size = sizeof(struct hci_pinfo)
622}; 629};
623 630
624static int hci_sock_create(struct net *net, struct socket *sock, int protocol) 631static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
632 int kern)
625{ 633{
626 struct sock *sk; 634 struct sock *sk;
627 635
@@ -687,7 +695,7 @@ static int hci_sock_dev_event(struct notifier_block *this, unsigned long event,
687 return NOTIFY_DONE; 695 return NOTIFY_DONE;
688} 696}
689 697
690static struct net_proto_family hci_sock_family_ops = { 698static const struct net_proto_family hci_sock_family_ops = {
691 .family = PF_BLUETOOTH, 699 .family = PF_BLUETOOTH,
692 .owner = THIS_MODULE, 700 .owner = THIS_MODULE,
693 .create = hci_sock_create, 701 .create = hci_sock_create,
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 2bc6f6a8de68..0e8e1a59856c 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -1,13 +1,18 @@
1/* Bluetooth HCI driver model support. */ 1/* Bluetooth HCI driver model support. */
2 2
3#include <linux/kernel.h> 3#include <linux/kernel.h>
4#include <linux/slab.h>
4#include <linux/init.h> 5#include <linux/init.h>
6#include <linux/debugfs.h>
7#include <linux/seq_file.h>
5 8
6#include <net/bluetooth/bluetooth.h> 9#include <net/bluetooth/bluetooth.h>
7#include <net/bluetooth/hci_core.h> 10#include <net/bluetooth/hci_core.h>
8 11
9struct class *bt_class = NULL; 12static struct class *bt_class;
10EXPORT_SYMBOL_GPL(bt_class); 13
14struct dentry *bt_debugfs = NULL;
15EXPORT_SYMBOL_GPL(bt_debugfs);
11 16
12static struct workqueue_struct *bt_workq; 17static struct workqueue_struct *bt_workq;
13 18
@@ -166,9 +171,9 @@ void hci_conn_del_sysfs(struct hci_conn *conn)
166 queue_work(bt_workq, &conn->work_del); 171 queue_work(bt_workq, &conn->work_del);
167} 172}
168 173
169static inline char *host_typetostr(int type) 174static inline char *host_bustostr(int bus)
170{ 175{
171 switch (type) { 176 switch (bus) {
172 case HCI_VIRTUAL: 177 case HCI_VIRTUAL:
173 return "VIRTUAL"; 178 return "VIRTUAL";
174 case HCI_USB: 179 case HCI_USB:
@@ -188,10 +193,28 @@ static inline char *host_typetostr(int type)
188 } 193 }
189} 194}
190 195
196static inline char *host_typetostr(int type)
197{
198 switch (type) {
199 case HCI_BREDR:
200 return "BR/EDR";
201 case HCI_80211:
202 return "802.11";
203 default:
204 return "UNKNOWN";
205 }
206}
207
208static ssize_t show_bus(struct device *dev, struct device_attribute *attr, char *buf)
209{
210 struct hci_dev *hdev = dev_get_drvdata(dev);
211 return sprintf(buf, "%s\n", host_bustostr(hdev->bus));
212}
213
191static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf) 214static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf)
192{ 215{
193 struct hci_dev *hdev = dev_get_drvdata(dev); 216 struct hci_dev *hdev = dev_get_drvdata(dev);
194 return sprintf(buf, "%s\n", host_typetostr(hdev->type)); 217 return sprintf(buf, "%s\n", host_typetostr(hdev->dev_type));
195} 218}
196 219
197static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf) 220static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf)
@@ -251,32 +274,6 @@ static ssize_t show_hci_revision(struct device *dev, struct device_attribute *at
251 return sprintf(buf, "%d\n", hdev->hci_rev); 274 return sprintf(buf, "%d\n", hdev->hci_rev);
252} 275}
253 276
254static ssize_t show_inquiry_cache(struct device *dev, struct device_attribute *attr, char *buf)
255{
256 struct hci_dev *hdev = dev_get_drvdata(dev);
257 struct inquiry_cache *cache = &hdev->inq_cache;
258 struct inquiry_entry *e;
259 int n = 0;
260
261 hci_dev_lock_bh(hdev);
262
263 for (e = cache->list; e; e = e->next) {
264 struct inquiry_data *data = &e->data;
265 bdaddr_t bdaddr;
266 baswap(&bdaddr, &data->bdaddr);
267 n += sprintf(buf + n, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
268 batostr(&bdaddr),
269 data->pscan_rep_mode, data->pscan_period_mode,
270 data->pscan_mode, data->dev_class[2],
271 data->dev_class[1], data->dev_class[0],
272 __le16_to_cpu(data->clock_offset),
273 data->rssi, data->ssp_mode, e->timestamp);
274 }
275
276 hci_dev_unlock_bh(hdev);
277 return n;
278}
279
280static ssize_t show_idle_timeout(struct device *dev, struct device_attribute *attr, char *buf) 277static ssize_t show_idle_timeout(struct device *dev, struct device_attribute *attr, char *buf)
281{ 278{
282 struct hci_dev *hdev = dev_get_drvdata(dev); 279 struct hci_dev *hdev = dev_get_drvdata(dev);
@@ -355,6 +352,7 @@ static ssize_t store_sniff_min_interval(struct device *dev, struct device_attrib
355 return count; 352 return count;
356} 353}
357 354
355static DEVICE_ATTR(bus, S_IRUGO, show_bus, NULL);
358static DEVICE_ATTR(type, S_IRUGO, show_type, NULL); 356static DEVICE_ATTR(type, S_IRUGO, show_type, NULL);
359static DEVICE_ATTR(name, S_IRUGO, show_name, NULL); 357static DEVICE_ATTR(name, S_IRUGO, show_name, NULL);
360static DEVICE_ATTR(class, S_IRUGO, show_class, NULL); 358static DEVICE_ATTR(class, S_IRUGO, show_class, NULL);
@@ -363,7 +361,6 @@ static DEVICE_ATTR(features, S_IRUGO, show_features, NULL);
363static DEVICE_ATTR(manufacturer, S_IRUGO, show_manufacturer, NULL); 361static DEVICE_ATTR(manufacturer, S_IRUGO, show_manufacturer, NULL);
364static DEVICE_ATTR(hci_version, S_IRUGO, show_hci_version, NULL); 362static DEVICE_ATTR(hci_version, S_IRUGO, show_hci_version, NULL);
365static DEVICE_ATTR(hci_revision, S_IRUGO, show_hci_revision, NULL); 363static DEVICE_ATTR(hci_revision, S_IRUGO, show_hci_revision, NULL);
366static DEVICE_ATTR(inquiry_cache, S_IRUGO, show_inquiry_cache, NULL);
367 364
368static DEVICE_ATTR(idle_timeout, S_IRUGO | S_IWUSR, 365static DEVICE_ATTR(idle_timeout, S_IRUGO | S_IWUSR,
369 show_idle_timeout, store_idle_timeout); 366 show_idle_timeout, store_idle_timeout);
@@ -373,6 +370,7 @@ static DEVICE_ATTR(sniff_min_interval, S_IRUGO | S_IWUSR,
373 show_sniff_min_interval, store_sniff_min_interval); 370 show_sniff_min_interval, store_sniff_min_interval);
374 371
375static struct attribute *bt_host_attrs[] = { 372static struct attribute *bt_host_attrs[] = {
373 &dev_attr_bus.attr,
376 &dev_attr_type.attr, 374 &dev_attr_type.attr,
377 &dev_attr_name.attr, 375 &dev_attr_name.attr,
378 &dev_attr_class.attr, 376 &dev_attr_class.attr,
@@ -381,7 +379,6 @@ static struct attribute *bt_host_attrs[] = {
381 &dev_attr_manufacturer.attr, 379 &dev_attr_manufacturer.attr,
382 &dev_attr_hci_version.attr, 380 &dev_attr_hci_version.attr,
383 &dev_attr_hci_revision.attr, 381 &dev_attr_hci_revision.attr,
384 &dev_attr_inquiry_cache.attr,
385 &dev_attr_idle_timeout.attr, 382 &dev_attr_idle_timeout.attr,
386 &dev_attr_sniff_max_interval.attr, 383 &dev_attr_sniff_max_interval.attr,
387 &dev_attr_sniff_min_interval.attr, 384 &dev_attr_sniff_min_interval.attr,
@@ -409,12 +406,50 @@ static struct device_type bt_host = {
409 .release = bt_host_release, 406 .release = bt_host_release,
410}; 407};
411 408
409static int inquiry_cache_show(struct seq_file *f, void *p)
410{
411 struct hci_dev *hdev = f->private;
412 struct inquiry_cache *cache = &hdev->inq_cache;
413 struct inquiry_entry *e;
414
415 hci_dev_lock_bh(hdev);
416
417 for (e = cache->list; e; e = e->next) {
418 struct inquiry_data *data = &e->data;
419 bdaddr_t bdaddr;
420 baswap(&bdaddr, &data->bdaddr);
421 seq_printf(f, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
422 batostr(&bdaddr),
423 data->pscan_rep_mode, data->pscan_period_mode,
424 data->pscan_mode, data->dev_class[2],
425 data->dev_class[1], data->dev_class[0],
426 __le16_to_cpu(data->clock_offset),
427 data->rssi, data->ssp_mode, e->timestamp);
428 }
429
430 hci_dev_unlock_bh(hdev);
431
432 return 0;
433}
434
435static int inquiry_cache_open(struct inode *inode, struct file *file)
436{
437 return single_open(file, inquiry_cache_show, inode->i_private);
438}
439
440static const struct file_operations inquiry_cache_fops = {
441 .open = inquiry_cache_open,
442 .read = seq_read,
443 .llseek = seq_lseek,
444 .release = single_release,
445};
446
412int hci_register_sysfs(struct hci_dev *hdev) 447int hci_register_sysfs(struct hci_dev *hdev)
413{ 448{
414 struct device *dev = &hdev->dev; 449 struct device *dev = &hdev->dev;
415 int err; 450 int err;
416 451
417 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 452 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
418 453
419 dev->type = &bt_host; 454 dev->type = &bt_host;
420 dev->class = bt_class; 455 dev->class = bt_class;
@@ -428,12 +463,24 @@ int hci_register_sysfs(struct hci_dev *hdev)
428 if (err < 0) 463 if (err < 0)
429 return err; 464 return err;
430 465
466 if (!bt_debugfs)
467 return 0;
468
469 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
470 if (!hdev->debugfs)
471 return 0;
472
473 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
474 hdev, &inquiry_cache_fops);
475
431 return 0; 476 return 0;
432} 477}
433 478
434void hci_unregister_sysfs(struct hci_dev *hdev) 479void hci_unregister_sysfs(struct hci_dev *hdev)
435{ 480{
436 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 481 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
482
483 debugfs_remove_recursive(hdev->debugfs);
437 484
438 device_del(&hdev->dev); 485 device_del(&hdev->dev);
439} 486}
@@ -444,6 +491,8 @@ int __init bt_sysfs_init(void)
444 if (!bt_workq) 491 if (!bt_workq)
445 return -ENOMEM; 492 return -ENOMEM;
446 493
494 bt_debugfs = debugfs_create_dir("bluetooth", NULL);
495
447 bt_class = class_create(THIS_MODULE, "bluetooth"); 496 bt_class = class_create(THIS_MODULE, "bluetooth");
448 if (IS_ERR(bt_class)) { 497 if (IS_ERR(bt_class)) {
449 destroy_workqueue(bt_workq); 498 destroy_workqueue(bt_workq);
@@ -455,7 +504,9 @@ int __init bt_sysfs_init(void)
455 504
456void bt_sysfs_cleanup(void) 505void bt_sysfs_cleanup(void)
457{ 506{
458 destroy_workqueue(bt_workq);
459
460 class_destroy(bt_class); 507 class_destroy(bt_class);
508
509 debugfs_remove_recursive(bt_debugfs);
510
511 destroy_workqueue(bt_workq);
461} 512}
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 49d8495d69be..280529ad9274 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -243,6 +243,39 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
243 input_sync(dev); 243 input_sync(dev);
244} 244}
245 245
246static int __hidp_send_ctrl_message(struct hidp_session *session,
247 unsigned char hdr, unsigned char *data, int size)
248{
249 struct sk_buff *skb;
250
251 BT_DBG("session %p data %p size %d", session, data, size);
252
253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 BT_ERR("Can't allocate memory for new frame");
255 return -ENOMEM;
256 }
257
258 *skb_put(skb, 1) = hdr;
259 if (data && size > 0)
260 memcpy(skb_put(skb, size), data, size);
261
262 skb_queue_tail(&session->ctrl_transmit, skb);
263
264 return 0;
265}
266
267static inline int hidp_send_ctrl_message(struct hidp_session *session,
268 unsigned char hdr, unsigned char *data, int size)
269{
270 int err;
271
272 err = __hidp_send_ctrl_message(session, hdr, data, size);
273
274 hidp_schedule(session);
275
276 return err;
277}
278
246static int hidp_queue_report(struct hidp_session *session, 279static int hidp_queue_report(struct hidp_session *session,
247 unsigned char *data, int size) 280 unsigned char *data, int size)
248{ 281{
@@ -280,6 +313,26 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep
280 return hidp_queue_report(session, buf, rsize); 313 return hidp_queue_report(session, buf, rsize);
281} 314}
282 315
316static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
317 unsigned char report_type)
318{
319 switch (report_type) {
320 case HID_FEATURE_REPORT:
321 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
322 break;
323 case HID_OUTPUT_REPORT:
324 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
325 break;
326 default:
327 return -EINVAL;
328 }
329
330 if (hidp_send_ctrl_message(hid->driver_data, report_type,
331 data, count))
332 return -ENOMEM;
333 return count;
334}
335
283static void hidp_idle_timeout(unsigned long arg) 336static void hidp_idle_timeout(unsigned long arg)
284{ 337{
285 struct hidp_session *session = (struct hidp_session *) arg; 338 struct hidp_session *session = (struct hidp_session *) arg;
@@ -300,39 +353,6 @@ static inline void hidp_del_timer(struct hidp_session *session)
300 del_timer(&session->timer); 353 del_timer(&session->timer);
301} 354}
302 355
303static int __hidp_send_ctrl_message(struct hidp_session *session,
304 unsigned char hdr, unsigned char *data, int size)
305{
306 struct sk_buff *skb;
307
308 BT_DBG("session %p data %p size %d", session, data, size);
309
310 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
311 BT_ERR("Can't allocate memory for new frame");
312 return -ENOMEM;
313 }
314
315 *skb_put(skb, 1) = hdr;
316 if (data && size > 0)
317 memcpy(skb_put(skb, size), data, size);
318
319 skb_queue_tail(&session->ctrl_transmit, skb);
320
321 return 0;
322}
323
324static inline int hidp_send_ctrl_message(struct hidp_session *session,
325 unsigned char hdr, unsigned char *data, int size)
326{
327 int err;
328
329 err = __hidp_send_ctrl_message(session, hdr, data, size);
330
331 hidp_schedule(session);
332
333 return err;
334}
335
336static void hidp_process_handshake(struct hidp_session *session, 356static void hidp_process_handshake(struct hidp_session *session,
337 unsigned char param) 357 unsigned char param)
338{ 358{
@@ -694,29 +714,9 @@ static void hidp_close(struct hid_device *hid)
694static int hidp_parse(struct hid_device *hid) 714static int hidp_parse(struct hid_device *hid)
695{ 715{
696 struct hidp_session *session = hid->driver_data; 716 struct hidp_session *session = hid->driver_data;
697 struct hidp_connadd_req *req = session->req;
698 unsigned char *buf;
699 int ret;
700
701 buf = kmalloc(req->rd_size, GFP_KERNEL);
702 if (!buf)
703 return -ENOMEM;
704
705 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
706 kfree(buf);
707 return -EFAULT;
708 }
709
710 ret = hid_parse_report(session->hid, buf, req->rd_size);
711
712 kfree(buf);
713
714 if (ret)
715 return ret;
716 717
717 session->req = NULL; 718 return hid_parse_report(session->hid, session->rd_data,
718 719 session->rd_size);
719 return 0;
720} 720}
721 721
722static int hidp_start(struct hid_device *hid) 722static int hidp_start(struct hid_device *hid)
@@ -761,12 +761,24 @@ static int hidp_setup_hid(struct hidp_session *session,
761 bdaddr_t src, dst; 761 bdaddr_t src, dst;
762 int err; 762 int err;
763 763
764 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
765 if (!session->rd_data)
766 return -ENOMEM;
767
768 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
769 err = -EFAULT;
770 goto fault;
771 }
772 session->rd_size = req->rd_size;
773
764 hid = hid_allocate_device(); 774 hid = hid_allocate_device();
765 if (IS_ERR(hid)) 775 if (IS_ERR(hid)) {
766 return PTR_ERR(session->hid); 776 err = PTR_ERR(hid);
777 goto fault;
778 }
767 779
768 session->hid = hid; 780 session->hid = hid;
769 session->req = req; 781
770 hid->driver_data = session; 782 hid->driver_data = session;
771 783
772 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 784 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
@@ -785,6 +797,8 @@ static int hidp_setup_hid(struct hidp_session *session,
785 hid->dev.parent = hidp_get_device(session); 797 hid->dev.parent = hidp_get_device(session);
786 hid->ll_driver = &hidp_hid_driver; 798 hid->ll_driver = &hidp_hid_driver;
787 799
800 hid->hid_output_raw_report = hidp_output_raw_report;
801
788 err = hid_add_device(hid); 802 err = hid_add_device(hid);
789 if (err < 0) 803 if (err < 0)
790 goto failed; 804 goto failed;
@@ -795,6 +809,10 @@ failed:
795 hid_destroy_device(hid); 809 hid_destroy_device(hid);
796 session->hid = NULL; 810 session->hid = NULL;
797 811
812fault:
813 kfree(session->rd_data);
814 session->rd_data = NULL;
815
798 return err; 816 return err;
799} 817}
800 818
@@ -889,6 +907,9 @@ unlink:
889 session->hid = NULL; 907 session->hid = NULL;
890 } 908 }
891 909
910 kfree(session->rd_data);
911 session->rd_data = NULL;
912
892purge: 913purge:
893 skb_queue_purge(&session->ctrl_transmit); 914 skb_queue_purge(&session->ctrl_transmit);
894 skb_queue_purge(&session->intr_transmit); 915 skb_queue_purge(&session->intr_transmit);
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index faf3d74c3586..a4e215d50c10 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -154,7 +154,9 @@ struct hidp_session {
154 struct sk_buff_head ctrl_transmit; 154 struct sk_buff_head ctrl_transmit;
155 struct sk_buff_head intr_transmit; 155 struct sk_buff_head intr_transmit;
156 156
157 struct hidp_connadd_req *req; 157 /* Report descriptor */
158 __u8 *rd_data;
159 uint rd_size;
158}; 160};
159 161
160static inline void hidp_schedule(struct hidp_session *session) 162static inline void hidp_schedule(struct hidp_session *session)
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 37c9d7d2e688..250dfd46237d 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -26,7 +26,6 @@
26#include <linux/capability.h> 26#include <linux/capability.h>
27#include <linux/errno.h> 27#include <linux/errno.h>
28#include <linux/kernel.h> 28#include <linux/kernel.h>
29#include <linux/slab.h>
30#include <linux/poll.h> 29#include <linux/poll.h>
31#include <linux/fcntl.h> 30#include <linux/fcntl.h>
32#include <linux/skbuff.h> 31#include <linux/skbuff.h>
@@ -35,6 +34,7 @@
35#include <linux/file.h> 34#include <linux/file.h>
36#include <linux/init.h> 35#include <linux/init.h>
37#include <linux/compat.h> 36#include <linux/compat.h>
37#include <linux/gfp.h>
38#include <net/sock.h> 38#include <net/sock.h>
39 39
40#include "hidp.h" 40#include "hidp.h"
@@ -241,7 +241,8 @@ static struct proto hidp_proto = {
241 .obj_size = sizeof(struct bt_sock) 241 .obj_size = sizeof(struct bt_sock)
242}; 242};
243 243
244static int hidp_sock_create(struct net *net, struct socket *sock, int protocol) 244static int hidp_sock_create(struct net *net, struct socket *sock, int protocol,
245 int kern)
245{ 246{
246 struct sock *sk; 247 struct sock *sk;
247 248
@@ -268,7 +269,7 @@ static int hidp_sock_create(struct net *net, struct socket *sock, int protocol)
268 return 0; 269 return 0;
269} 270}
270 271
271static struct net_proto_family hidp_sock_family_ops = { 272static const struct net_proto_family hidp_sock_family_ops = {
272 .family = PF_BLUETOOTH, 273 .family = PF_BLUETOOTH,
273 .owner = THIS_MODULE, 274 .owner = THIS_MODULE,
274 .create = hidp_sock_create 275 .create = hidp_sock_create
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 947f8bbb4bb3..9753b690a8b3 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -40,6 +40,8 @@
40#include <linux/skbuff.h> 40#include <linux/skbuff.h>
41#include <linux/list.h> 41#include <linux/list.h>
42#include <linux/device.h> 42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
43#include <linux/uaccess.h> 45#include <linux/uaccess.h>
44#include <linux/crc16.h> 46#include <linux/crc16.h>
45#include <net/sock.h> 47#include <net/sock.h>
@@ -54,6 +56,7 @@
54#define VERSION "2.14" 56#define VERSION "2.14"
55 57
56static int enable_ertm = 0; 58static int enable_ertm = 0;
59static int max_transmit = L2CAP_DEFAULT_MAX_TX;
57 60
58static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN; 61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
59static u8 l2cap_fixed_chan[8] = { 0x02, }; 62static u8 l2cap_fixed_chan[8] = { 0x02, };
@@ -373,6 +376,8 @@ static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
373 else 376 else
374 control |= L2CAP_SUPER_RCV_READY; 377 control |= L2CAP_SUPER_RCV_READY;
375 378
379 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
380
376 return l2cap_send_sframe(pi, control); 381 return l2cap_send_sframe(pi, control);
377} 382}
378 383
@@ -819,7 +824,8 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
819 return sk; 824 return sk;
820} 825}
821 826
822static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) 827static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
828 int kern)
823{ 829{
824 struct sock *sk; 830 struct sock *sk;
825 831
@@ -831,7 +837,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
831 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 837 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
832 return -ESOCKTNOSUPPORT; 838 return -ESOCKTNOSUPPORT;
833 839
834 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW)) 840 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
835 return -EPERM; 841 return -EPERM;
836 842
837 sock->ops = &l2cap_sock_ops; 843 sock->ops = &l2cap_sock_ops;
@@ -996,7 +1002,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
996 1002
997 BT_DBG("sk %p", sk); 1003 BT_DBG("sk %p", sk);
998 1004
999 if (!addr || addr->sa_family != AF_BLUETOOTH) 1005 if (!addr || alen < sizeof(addr->sa_family) ||
1006 addr->sa_family != AF_BLUETOOTH)
1000 return -EINVAL; 1007 return -EINVAL;
1001 1008
1002 memset(&la, 0, sizeof(la)); 1009 memset(&la, 0, sizeof(la));
@@ -1208,6 +1215,7 @@ static void l2cap_monitor_timeout(unsigned long arg)
1208 bh_lock_sock(sk); 1215 bh_lock_sock(sk);
1209 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) { 1216 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1210 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk); 1217 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1218 bh_unlock_sock(sk);
1211 return; 1219 return;
1212 } 1220 }
1213 1221
@@ -1332,7 +1340,7 @@ static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1332 tx_skb = skb_clone(skb, GFP_ATOMIC); 1340 tx_skb = skb_clone(skb, GFP_ATOMIC);
1333 bt_cb(skb)->retries++; 1341 bt_cb(skb)->retries++;
1334 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1342 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1335 control |= (pi->req_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1343 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1336 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1344 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1337 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1345 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1338 1346
@@ -1361,9 +1369,8 @@ static int l2cap_ertm_send(struct sock *sk)
1361 if (pi->conn_state & L2CAP_CONN_WAIT_F) 1369 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1362 return 0; 1370 return 0;
1363 1371
1364 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) 1372 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1365 && !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) { 1373 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1366 tx_skb = skb_clone(skb, GFP_ATOMIC);
1367 1374
1368 if (pi->remote_max_tx && 1375 if (pi->remote_max_tx &&
1369 bt_cb(skb)->retries == pi->remote_max_tx) { 1376 bt_cb(skb)->retries == pi->remote_max_tx) {
@@ -1371,10 +1378,12 @@ static int l2cap_ertm_send(struct sock *sk)
1371 break; 1378 break;
1372 } 1379 }
1373 1380
1381 tx_skb = skb_clone(skb, GFP_ATOMIC);
1382
1374 bt_cb(skb)->retries++; 1383 bt_cb(skb)->retries++;
1375 1384
1376 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1385 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1377 control |= (pi->req_seq << L2CAP_CTRL_REQSEQ_SHIFT) 1386 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1378 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); 1387 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1379 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); 1388 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1380 1389
@@ -1603,8 +1612,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1603 return -EOPNOTSUPP; 1612 return -EOPNOTSUPP;
1604 1613
1605 /* Check outgoing MTU */ 1614 /* Check outgoing MTU */
1606 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC 1615 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC &&
1607 && len > pi->omtu) 1616 len > pi->omtu)
1608 return -EINVAL; 1617 return -EINVAL;
1609 1618
1610 lock_sock(sk); 1619 lock_sock(sk);
@@ -1617,7 +1626,10 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
1617 /* Connectionless channel */ 1626 /* Connectionless channel */
1618 if (sk->sk_type == SOCK_DGRAM) { 1627 if (sk->sk_type == SOCK_DGRAM) {
1619 skb = l2cap_create_connless_pdu(sk, msg, len); 1628 skb = l2cap_create_connless_pdu(sk, msg, len);
1620 err = l2cap_do_send(sk, skb); 1629 if (IS_ERR(skb))
1630 err = PTR_ERR(skb);
1631 else
1632 err = l2cap_do_send(sk, skb);
1621 goto done; 1633 goto done;
1622 } 1634 }
1623 1635
@@ -2172,6 +2184,21 @@ static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2172 *ptr += L2CAP_CONF_OPT_SIZE + len; 2184 *ptr += L2CAP_CONF_OPT_SIZE + len;
2173} 2185}
2174 2186
2187static inline void l2cap_ertm_init(struct sock *sk)
2188{
2189 l2cap_pi(sk)->expected_ack_seq = 0;
2190 l2cap_pi(sk)->unacked_frames = 0;
2191 l2cap_pi(sk)->buffer_seq = 0;
2192 l2cap_pi(sk)->num_to_ack = 0;
2193
2194 setup_timer(&l2cap_pi(sk)->retrans_timer,
2195 l2cap_retrans_timeout, (unsigned long) sk);
2196 setup_timer(&l2cap_pi(sk)->monitor_timer,
2197 l2cap_monitor_timeout, (unsigned long) sk);
2198
2199 __skb_queue_head_init(SREJ_QUEUE(sk));
2200}
2201
2175static int l2cap_mode_supported(__u8 mode, __u32 feat_mask) 2202static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2176{ 2203{
2177 u32 local_feat_mask = l2cap_feat_mask; 2204 u32 local_feat_mask = l2cap_feat_mask;
@@ -2235,7 +2262,7 @@ done:
2235 case L2CAP_MODE_ERTM: 2262 case L2CAP_MODE_ERTM:
2236 rfc.mode = L2CAP_MODE_ERTM; 2263 rfc.mode = L2CAP_MODE_ERTM;
2237 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW; 2264 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2238 rfc.max_transmit = L2CAP_DEFAULT_MAX_TX; 2265 rfc.max_transmit = max_transmit;
2239 rfc.retrans_timeout = 0; 2266 rfc.retrans_timeout = 0;
2240 rfc.monitor_timeout = 0; 2267 rfc.monitor_timeout = 0;
2241 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE); 2268 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
@@ -2755,22 +2782,18 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2755 goto unlock; 2782 goto unlock;
2756 2783
2757 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { 2784 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2758 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) 2785 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2759 || l2cap_pi(sk)->fcs != L2CAP_FCS_NONE) 2786 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2760 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16; 2787 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2761 2788
2762 sk->sk_state = BT_CONNECTED; 2789 sk->sk_state = BT_CONNECTED;
2763 l2cap_pi(sk)->next_tx_seq = 0;
2764 l2cap_pi(sk)->expected_ack_seq = 0;
2765 l2cap_pi(sk)->unacked_frames = 0;
2766
2767 setup_timer(&l2cap_pi(sk)->retrans_timer,
2768 l2cap_retrans_timeout, (unsigned long) sk);
2769 setup_timer(&l2cap_pi(sk)->monitor_timer,
2770 l2cap_monitor_timeout, (unsigned long) sk);
2771 2790
2791 l2cap_pi(sk)->next_tx_seq = 0;
2792 l2cap_pi(sk)->expected_tx_seq = 0;
2772 __skb_queue_head_init(TX_QUEUE(sk)); 2793 __skb_queue_head_init(TX_QUEUE(sk));
2773 __skb_queue_head_init(SREJ_QUEUE(sk)); 2794 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2795 l2cap_ertm_init(sk);
2796
2774 l2cap_chan_ready(sk); 2797 l2cap_chan_ready(sk);
2775 goto unlock; 2798 goto unlock;
2776 } 2799 }
@@ -2813,6 +2836,11 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2813 int len = cmd->len - sizeof(*rsp); 2836 int len = cmd->len - sizeof(*rsp);
2814 char req[64]; 2837 char req[64];
2815 2838
2839 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
2840 l2cap_send_disconn_req(conn, sk);
2841 goto done;
2842 }
2843
2816 /* throw out any old stored conf requests */ 2844 /* throw out any old stored conf requests */
2817 result = L2CAP_CONF_SUCCESS; 2845 result = L2CAP_CONF_SUCCESS;
2818 len = l2cap_parse_conf_rsp(sk, rsp->data, 2846 len = l2cap_parse_conf_rsp(sk, rsp->data,
@@ -2844,16 +2872,17 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
2844 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; 2872 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2845 2873
2846 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { 2874 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2847 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) 2875 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2848 || l2cap_pi(sk)->fcs != L2CAP_FCS_NONE) 2876 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2849 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16; 2877 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2850 2878
2851 sk->sk_state = BT_CONNECTED; 2879 sk->sk_state = BT_CONNECTED;
2880 l2cap_pi(sk)->next_tx_seq = 0;
2852 l2cap_pi(sk)->expected_tx_seq = 0; 2881 l2cap_pi(sk)->expected_tx_seq = 0;
2853 l2cap_pi(sk)->buffer_seq = 0;
2854 l2cap_pi(sk)->num_to_ack = 0;
2855 __skb_queue_head_init(TX_QUEUE(sk)); 2882 __skb_queue_head_init(TX_QUEUE(sk));
2856 __skb_queue_head_init(SREJ_QUEUE(sk)); 2883 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2884 l2cap_ertm_init(sk);
2885
2857 l2cap_chan_ready(sk); 2886 l2cap_chan_ready(sk);
2858 } 2887 }
2859 2888
@@ -2885,9 +2914,12 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
2885 sk->sk_shutdown = SHUTDOWN_MASK; 2914 sk->sk_shutdown = SHUTDOWN_MASK;
2886 2915
2887 skb_queue_purge(TX_QUEUE(sk)); 2916 skb_queue_purge(TX_QUEUE(sk));
2888 skb_queue_purge(SREJ_QUEUE(sk)); 2917
2889 del_timer(&l2cap_pi(sk)->retrans_timer); 2918 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2890 del_timer(&l2cap_pi(sk)->monitor_timer); 2919 skb_queue_purge(SREJ_QUEUE(sk));
2920 del_timer(&l2cap_pi(sk)->retrans_timer);
2921 del_timer(&l2cap_pi(sk)->monitor_timer);
2922 }
2891 2923
2892 l2cap_chan_del(sk, ECONNRESET); 2924 l2cap_chan_del(sk, ECONNRESET);
2893 bh_unlock_sock(sk); 2925 bh_unlock_sock(sk);
@@ -2912,9 +2944,12 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
2912 return 0; 2944 return 0;
2913 2945
2914 skb_queue_purge(TX_QUEUE(sk)); 2946 skb_queue_purge(TX_QUEUE(sk));
2915 skb_queue_purge(SREJ_QUEUE(sk)); 2947
2916 del_timer(&l2cap_pi(sk)->retrans_timer); 2948 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2917 del_timer(&l2cap_pi(sk)->monitor_timer); 2949 skb_queue_purge(SREJ_QUEUE(sk));
2950 del_timer(&l2cap_pi(sk)->retrans_timer);
2951 del_timer(&l2cap_pi(sk)->monitor_timer);
2952 }
2918 2953
2919 l2cap_chan_del(sk, 0); 2954 l2cap_chan_del(sk, 0);
2920 bh_unlock_sock(sk); 2955 bh_unlock_sock(sk);
@@ -3279,12 +3314,16 @@ static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, str
3279{ 3314{
3280 struct l2cap_pinfo *pi = l2cap_pi(sk); 3315 struct l2cap_pinfo *pi = l2cap_pi(sk);
3281 u8 tx_seq = __get_txseq(rx_control); 3316 u8 tx_seq = __get_txseq(rx_control);
3317 u8 req_seq = __get_reqseq(rx_control);
3282 u16 tx_control = 0; 3318 u16 tx_control = 0;
3283 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT; 3319 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3284 int err = 0; 3320 int err = 0;
3285 3321
3286 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len); 3322 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3287 3323
3324 pi->expected_ack_seq = req_seq;
3325 l2cap_drop_acked_frames(sk);
3326
3288 if (tx_seq == pi->expected_tx_seq) 3327 if (tx_seq == pi->expected_tx_seq)
3289 goto expected; 3328 goto expected;
3290 3329
@@ -3339,6 +3378,16 @@ expected:
3339 return 0; 3378 return 0;
3340 } 3379 }
3341 3380
3381 if (rx_control & L2CAP_CTRL_FINAL) {
3382 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3383 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3384 else {
3385 sk->sk_send_head = TX_QUEUE(sk)->next;
3386 pi->next_tx_seq = pi->expected_ack_seq;
3387 l2cap_ertm_send(sk);
3388 }
3389 }
3390
3342 pi->buffer_seq = (pi->buffer_seq + 1) % 64; 3391 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3343 3392
3344 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control); 3393 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
@@ -3375,6 +3424,14 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3375 pi->expected_ack_seq = tx_seq; 3424 pi->expected_ack_seq = tx_seq;
3376 l2cap_drop_acked_frames(sk); 3425 l2cap_drop_acked_frames(sk);
3377 3426
3427 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3428 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3429 else {
3430 sk->sk_send_head = TX_QUEUE(sk)->next;
3431 pi->next_tx_seq = pi->expected_ack_seq;
3432 l2cap_ertm_send(sk);
3433 }
3434
3378 if (!(pi->conn_state & L2CAP_CONN_WAIT_F)) 3435 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3379 break; 3436 break;
3380 3437
@@ -3387,12 +3444,12 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3387 pi->expected_ack_seq = tx_seq; 3444 pi->expected_ack_seq = tx_seq;
3388 l2cap_drop_acked_frames(sk); 3445 l2cap_drop_acked_frames(sk);
3389 3446
3390 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) 3447 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3391 && (pi->unacked_frames > 0)) 3448 (pi->unacked_frames > 0))
3392 __mod_retrans_timer(); 3449 __mod_retrans_timer();
3393 3450
3394 l2cap_ertm_send(sk);
3395 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3451 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3452 l2cap_ertm_send(sk);
3396 } 3453 }
3397 break; 3454 break;
3398 3455
@@ -3402,10 +3459,24 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3402 pi->expected_ack_seq = __get_reqseq(rx_control); 3459 pi->expected_ack_seq = __get_reqseq(rx_control);
3403 l2cap_drop_acked_frames(sk); 3460 l2cap_drop_acked_frames(sk);
3404 3461
3405 sk->sk_send_head = TX_QUEUE(sk)->next; 3462 if (rx_control & L2CAP_CTRL_FINAL) {
3406 pi->next_tx_seq = pi->expected_ack_seq; 3463 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3464 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3465 else {
3466 sk->sk_send_head = TX_QUEUE(sk)->next;
3467 pi->next_tx_seq = pi->expected_ack_seq;
3468 l2cap_ertm_send(sk);
3469 }
3470 } else {
3471 sk->sk_send_head = TX_QUEUE(sk)->next;
3472 pi->next_tx_seq = pi->expected_ack_seq;
3473 l2cap_ertm_send(sk);
3407 3474
3408 l2cap_ertm_send(sk); 3475 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3476 pi->srej_save_reqseq = tx_seq;
3477 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3478 }
3479 }
3409 3480
3410 break; 3481 break;
3411 3482
@@ -3413,9 +3484,9 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3413 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; 3484 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3414 3485
3415 if (rx_control & L2CAP_CTRL_POLL) { 3486 if (rx_control & L2CAP_CTRL_POLL) {
3416 l2cap_retransmit_frame(sk, tx_seq);
3417 pi->expected_ack_seq = tx_seq; 3487 pi->expected_ack_seq = tx_seq;
3418 l2cap_drop_acked_frames(sk); 3488 l2cap_drop_acked_frames(sk);
3489 l2cap_retransmit_frame(sk, tx_seq);
3419 l2cap_ertm_send(sk); 3490 l2cap_ertm_send(sk);
3420 if (pi->conn_state & L2CAP_CONN_WAIT_F) { 3491 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3421 pi->srej_save_reqseq = tx_seq; 3492 pi->srej_save_reqseq = tx_seq;
@@ -3424,7 +3495,7 @@ static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, str
3424 } else if (rx_control & L2CAP_CTRL_FINAL) { 3495 } else if (rx_control & L2CAP_CTRL_FINAL) {
3425 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) && 3496 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3426 pi->srej_save_reqseq == tx_seq) 3497 pi->srej_save_reqseq == tx_seq)
3427 pi->srej_save_reqseq &= ~L2CAP_CONN_SREJ_ACT; 3498 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3428 else 3499 else
3429 l2cap_retransmit_frame(sk, tx_seq); 3500 l2cap_retransmit_frame(sk, tx_seq);
3430 } 3501 }
@@ -3459,7 +3530,6 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3459 struct l2cap_pinfo *pi; 3530 struct l2cap_pinfo *pi;
3460 u16 control, len; 3531 u16 control, len;
3461 u8 tx_seq; 3532 u8 tx_seq;
3462 int err;
3463 3533
3464 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid); 3534 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3465 if (!sk) { 3535 if (!sk) {
@@ -3511,13 +3581,11 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3511 goto drop; 3581 goto drop;
3512 3582
3513 if (__is_iframe(control)) 3583 if (__is_iframe(control))
3514 err = l2cap_data_channel_iframe(sk, control, skb); 3584 l2cap_data_channel_iframe(sk, control, skb);
3515 else 3585 else
3516 err = l2cap_data_channel_sframe(sk, control, skb); 3586 l2cap_data_channel_sframe(sk, control, skb);
3517 3587
3518 if (!err) 3588 goto done;
3519 goto done;
3520 break;
3521 3589
3522 case L2CAP_MODE_STREAMING: 3590 case L2CAP_MODE_STREAMING:
3523 control = get_unaligned_le16(skb->data); 3591 control = get_unaligned_le16(skb->data);
@@ -3543,7 +3611,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk
3543 else 3611 else
3544 pi->expected_tx_seq = tx_seq + 1; 3612 pi->expected_tx_seq = tx_seq + 1;
3545 3613
3546 err = l2cap_sar_reassembly_sdu(sk, skb, control); 3614 l2cap_sar_reassembly_sdu(sk, skb, control);
3547 3615
3548 goto done; 3616 goto done;
3549 3617
@@ -3880,29 +3948,42 @@ drop:
3880 return 0; 3948 return 0;
3881} 3949}
3882 3950
3883static ssize_t l2cap_sysfs_show(struct class *dev, char *buf) 3951static int l2cap_debugfs_show(struct seq_file *f, void *p)
3884{ 3952{
3885 struct sock *sk; 3953 struct sock *sk;
3886 struct hlist_node *node; 3954 struct hlist_node *node;
3887 char *str = buf;
3888 3955
3889 read_lock_bh(&l2cap_sk_list.lock); 3956 read_lock_bh(&l2cap_sk_list.lock);
3890 3957
3891 sk_for_each(sk, node, &l2cap_sk_list.head) { 3958 sk_for_each(sk, node, &l2cap_sk_list.head) {
3892 struct l2cap_pinfo *pi = l2cap_pi(sk); 3959 struct l2cap_pinfo *pi = l2cap_pi(sk);
3893 3960
3894 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n", 3961 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
3895 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 3962 batostr(&bt_sk(sk)->src),
3896 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid, 3963 batostr(&bt_sk(sk)->dst),
3897 pi->dcid, pi->imtu, pi->omtu, pi->sec_level); 3964 sk->sk_state, __le16_to_cpu(pi->psm),
3965 pi->scid, pi->dcid,
3966 pi->imtu, pi->omtu, pi->sec_level);
3898 } 3967 }
3899 3968
3900 read_unlock_bh(&l2cap_sk_list.lock); 3969 read_unlock_bh(&l2cap_sk_list.lock);
3901 3970
3902 return str - buf; 3971 return 0;
3972}
3973
3974static int l2cap_debugfs_open(struct inode *inode, struct file *file)
3975{
3976 return single_open(file, l2cap_debugfs_show, inode->i_private);
3903} 3977}
3904 3978
3905static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL); 3979static const struct file_operations l2cap_debugfs_fops = {
3980 .open = l2cap_debugfs_open,
3981 .read = seq_read,
3982 .llseek = seq_lseek,
3983 .release = single_release,
3984};
3985
3986static struct dentry *l2cap_debugfs;
3906 3987
3907static const struct proto_ops l2cap_sock_ops = { 3988static const struct proto_ops l2cap_sock_ops = {
3908 .family = PF_BLUETOOTH, 3989 .family = PF_BLUETOOTH,
@@ -3924,7 +4005,7 @@ static const struct proto_ops l2cap_sock_ops = {
3924 .getsockopt = l2cap_sock_getsockopt 4005 .getsockopt = l2cap_sock_getsockopt
3925}; 4006};
3926 4007
3927static struct net_proto_family l2cap_sock_family_ops = { 4008static const struct net_proto_family l2cap_sock_family_ops = {
3928 .family = PF_BLUETOOTH, 4009 .family = PF_BLUETOOTH,
3929 .owner = THIS_MODULE, 4010 .owner = THIS_MODULE,
3930 .create = l2cap_sock_create, 4011 .create = l2cap_sock_create,
@@ -3962,8 +4043,12 @@ static int __init l2cap_init(void)
3962 goto error; 4043 goto error;
3963 } 4044 }
3964 4045
3965 if (class_create_file(bt_class, &class_attr_l2cap) < 0) 4046 if (bt_debugfs) {
3966 BT_ERR("Failed to create L2CAP info file"); 4047 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4048 bt_debugfs, NULL, &l2cap_debugfs_fops);
4049 if (!l2cap_debugfs)
4050 BT_ERR("Failed to create L2CAP debug file");
4051 }
3967 4052
3968 BT_INFO("L2CAP ver %s", VERSION); 4053 BT_INFO("L2CAP ver %s", VERSION);
3969 BT_INFO("L2CAP socket layer initialized"); 4054 BT_INFO("L2CAP socket layer initialized");
@@ -3977,7 +4062,7 @@ error:
3977 4062
3978static void __exit l2cap_exit(void) 4063static void __exit l2cap_exit(void)
3979{ 4064{
3980 class_remove_file(bt_class, &class_attr_l2cap); 4065 debugfs_remove(l2cap_debugfs);
3981 4066
3982 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 4067 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
3983 BT_ERR("L2CAP socket unregistration failed"); 4068 BT_ERR("L2CAP socket unregistration failed");
@@ -4003,6 +4088,9 @@ module_exit(l2cap_exit);
4003module_param(enable_ertm, bool, 0644); 4088module_param(enable_ertm, bool, 0644);
4004MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode"); 4089MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4005 4090
4091module_param(max_transmit, uint, 0644);
4092MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4093
4006MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 4094MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4007MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION); 4095MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4008MODULE_VERSION(VERSION); 4096MODULE_VERSION(VERSION);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 25692bc0a342..7dca91bb8c57 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -33,9 +33,12 @@
33#include <linux/init.h> 33#include <linux/init.h>
34#include <linux/wait.h> 34#include <linux/wait.h>
35#include <linux/device.h> 35#include <linux/device.h>
36#include <linux/debugfs.h>
37#include <linux/seq_file.h>
36#include <linux/net.h> 38#include <linux/net.h>
37#include <linux/mutex.h> 39#include <linux/mutex.h>
38#include <linux/kthread.h> 40#include <linux/kthread.h>
41#include <linux/slab.h>
39 42
40#include <net/sock.h> 43#include <net/sock.h>
41#include <asm/uaccess.h> 44#include <asm/uaccess.h>
@@ -51,6 +54,7 @@
51static int disable_cfc = 0; 54static int disable_cfc = 0;
52static int channel_mtu = -1; 55static int channel_mtu = -1;
53static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 56static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57static int l2cap_ertm = 0;
54 58
55static struct task_struct *rfcomm_thread; 59static struct task_struct *rfcomm_thread;
56 60
@@ -251,7 +255,6 @@ static void rfcomm_session_timeout(unsigned long arg)
251 BT_DBG("session %p state %ld", s, s->state); 255 BT_DBG("session %p state %ld", s, s->state);
252 256
253 set_bit(RFCOMM_TIMED_OUT, &s->flags); 257 set_bit(RFCOMM_TIMED_OUT, &s->flags);
254 rfcomm_session_put(s);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 258 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
256} 259}
257 260
@@ -702,6 +705,8 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst
702 sk = sock->sk; 705 sk = sock->sk;
703 lock_sock(sk); 706 lock_sock(sk);
704 l2cap_pi(sk)->imtu = l2cap_mtu; 707 l2cap_pi(sk)->imtu = l2cap_mtu;
708 if (l2cap_ertm)
709 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
705 release_sock(sk); 710 release_sock(sk);
706 711
707 s = rfcomm_session_add(sock, BT_BOUND); 712 s = rfcomm_session_add(sock, BT_BOUND);
@@ -1148,7 +1153,11 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1148 break; 1153 break;
1149 1154
1150 case BT_DISCONN: 1155 case BT_DISCONN:
1151 rfcomm_session_put(s); 1156 /* When socket is closed and we are not RFCOMM
1157 * initiator rfcomm_process_rx already calls
1158 * rfcomm_session_put() */
1159 if (s->sock->sk->sk_state != BT_CLOSED)
1160 rfcomm_session_put(s);
1152 break; 1161 break;
1153 } 1162 }
1154 } 1163 }
@@ -1917,6 +1926,7 @@ static inline void rfcomm_process_sessions(void)
1917 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { 1926 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1918 s->state = BT_DISCONN; 1927 s->state = BT_DISCONN;
1919 rfcomm_send_disc(s, 0); 1928 rfcomm_send_disc(s, 0);
1929 rfcomm_session_put(s);
1920 continue; 1930 continue;
1921 } 1931 }
1922 1932
@@ -2091,11 +2101,10 @@ static struct hci_cb rfcomm_cb = {
2091 .security_cfm = rfcomm_security_cfm 2101 .security_cfm = rfcomm_security_cfm
2092}; 2102};
2093 2103
2094static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2104static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2095{ 2105{
2096 struct rfcomm_session *s; 2106 struct rfcomm_session *s;
2097 struct list_head *pp, *p; 2107 struct list_head *pp, *p;
2098 char *str = buf;
2099 2108
2100 rfcomm_lock(); 2109 rfcomm_lock();
2101 2110
@@ -2105,18 +2114,32 @@ static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2105 struct sock *sk = s->sock->sk; 2114 struct sock *sk = s->sock->sk;
2106 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2115 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2107 2116
2108 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2117 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2109 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2118 batostr(&bt_sk(sk)->src),
2110 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2119 batostr(&bt_sk(sk)->dst),
2120 d->state, d->dlci, d->mtu,
2121 d->rx_credits, d->tx_credits);
2111 } 2122 }
2112 } 2123 }
2113 2124
2114 rfcomm_unlock(); 2125 rfcomm_unlock();
2115 2126
2116 return (str - buf); 2127 return 0;
2117} 2128}
2118 2129
2119static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2130static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2131{
2132 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2133}
2134
2135static const struct file_operations rfcomm_dlc_debugfs_fops = {
2136 .open = rfcomm_dlc_debugfs_open,
2137 .read = seq_read,
2138 .llseek = seq_lseek,
2139 .release = single_release,
2140};
2141
2142static struct dentry *rfcomm_dlc_debugfs;
2120 2143
2121/* ---- Initialization ---- */ 2144/* ---- Initialization ---- */
2122static int __init rfcomm_init(void) 2145static int __init rfcomm_init(void)
@@ -2133,8 +2156,12 @@ static int __init rfcomm_init(void)
2133 goto unregister; 2156 goto unregister;
2134 } 2157 }
2135 2158
2136 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2159 if (bt_debugfs) {
2137 BT_ERR("Failed to create RFCOMM info file"); 2160 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2161 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2162 if (!rfcomm_dlc_debugfs)
2163 BT_ERR("Failed to create RFCOMM debug file");
2164 }
2138 2165
2139 err = rfcomm_init_ttys(); 2166 err = rfcomm_init_ttys();
2140 if (err < 0) 2167 if (err < 0)
@@ -2162,7 +2189,7 @@ unregister:
2162 2189
2163static void __exit rfcomm_exit(void) 2190static void __exit rfcomm_exit(void)
2164{ 2191{
2165 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2192 debugfs_remove(rfcomm_dlc_debugfs);
2166 2193
2167 hci_unregister_cb(&rfcomm_cb); 2194 hci_unregister_cb(&rfcomm_cb);
2168 2195
@@ -2185,6 +2212,9 @@ MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2185module_param(l2cap_mtu, uint, 0644); 2212module_param(l2cap_mtu, uint, 0644);
2186MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2213MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2187 2214
2215module_param(l2cap_ertm, bool, 0644);
2216MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2217
2188MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2218MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2189MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2219MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2190MODULE_VERSION(VERSION); 2220MODULE_VERSION(VERSION);
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 8a20aaf1f231..8ed3c37684fa 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -40,6 +40,8 @@
40#include <linux/skbuff.h> 40#include <linux/skbuff.h>
41#include <linux/list.h> 41#include <linux/list.h>
42#include <linux/device.h> 42#include <linux/device.h>
43#include <linux/debugfs.h>
44#include <linux/seq_file.h>
43#include <net/sock.h> 45#include <net/sock.h>
44 46
45#include <asm/system.h> 47#include <asm/system.h>
@@ -323,7 +325,8 @@ static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int
323 return sk; 325 return sk;
324} 326}
325 327
326static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) 328static int rfcomm_sock_create(struct net *net, struct socket *sock,
329 int protocol, int kern)
327{ 330{
328 struct sock *sk; 331 struct sock *sk;
329 332
@@ -394,7 +397,8 @@ static int rfcomm_sock_connect(struct socket *sock, struct sockaddr *addr, int a
394 397
395 BT_DBG("sk %p", sk); 398 BT_DBG("sk %p", sk);
396 399
397 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_rc)) 400 if (alen < sizeof(struct sockaddr_rc) ||
401 addr->sa_family != AF_BLUETOOTH)
398 return -EINVAL; 402 return -EINVAL;
399 403
400 lock_sock(sk); 404 lock_sock(sk);
@@ -703,7 +707,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
703 copied += chunk; 707 copied += chunk;
704 size -= chunk; 708 size -= chunk;
705 709
706 sock_recv_timestamp(msg, sk, skb); 710 sock_recv_ts_and_drops(msg, sk, skb);
707 711
708 if (!(flags & MSG_PEEK)) { 712 if (!(flags & MSG_PEEK)) {
709 atomic_sub(chunk, &sk->sk_rmem_alloc); 713 atomic_sub(chunk, &sk->sk_rmem_alloc);
@@ -1060,26 +1064,38 @@ done:
1060 return result; 1064 return result;
1061} 1065}
1062 1066
1063static ssize_t rfcomm_sock_sysfs_show(struct class *dev, char *buf) 1067static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
1064{ 1068{
1065 struct sock *sk; 1069 struct sock *sk;
1066 struct hlist_node *node; 1070 struct hlist_node *node;
1067 char *str = buf;
1068 1071
1069 read_lock_bh(&rfcomm_sk_list.lock); 1072 read_lock_bh(&rfcomm_sk_list.lock);
1070 1073
1071 sk_for_each(sk, node, &rfcomm_sk_list.head) { 1074 sk_for_each(sk, node, &rfcomm_sk_list.head) {
1072 str += sprintf(str, "%s %s %d %d\n", 1075 seq_printf(f, "%s %s %d %d\n",
1073 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 1076 batostr(&bt_sk(sk)->src),
1077 batostr(&bt_sk(sk)->dst),
1074 sk->sk_state, rfcomm_pi(sk)->channel); 1078 sk->sk_state, rfcomm_pi(sk)->channel);
1075 } 1079 }
1076 1080
1077 read_unlock_bh(&rfcomm_sk_list.lock); 1081 read_unlock_bh(&rfcomm_sk_list.lock);
1078 1082
1079 return (str - buf); 1083 return 0;
1080} 1084}
1081 1085
1082static CLASS_ATTR(rfcomm, S_IRUGO, rfcomm_sock_sysfs_show, NULL); 1086static int rfcomm_sock_debugfs_open(struct inode *inode, struct file *file)
1087{
1088 return single_open(file, rfcomm_sock_debugfs_show, inode->i_private);
1089}
1090
1091static const struct file_operations rfcomm_sock_debugfs_fops = {
1092 .open = rfcomm_sock_debugfs_open,
1093 .read = seq_read,
1094 .llseek = seq_lseek,
1095 .release = single_release,
1096};
1097
1098static struct dentry *rfcomm_sock_debugfs;
1083 1099
1084static const struct proto_ops rfcomm_sock_ops = { 1100static const struct proto_ops rfcomm_sock_ops = {
1085 .family = PF_BLUETOOTH, 1101 .family = PF_BLUETOOTH,
@@ -1101,7 +1117,7 @@ static const struct proto_ops rfcomm_sock_ops = {
1101 .mmap = sock_no_mmap 1117 .mmap = sock_no_mmap
1102}; 1118};
1103 1119
1104static struct net_proto_family rfcomm_sock_family_ops = { 1120static const struct net_proto_family rfcomm_sock_family_ops = {
1105 .family = PF_BLUETOOTH, 1121 .family = PF_BLUETOOTH,
1106 .owner = THIS_MODULE, 1122 .owner = THIS_MODULE,
1107 .create = rfcomm_sock_create 1123 .create = rfcomm_sock_create
@@ -1119,8 +1135,12 @@ int __init rfcomm_init_sockets(void)
1119 if (err < 0) 1135 if (err < 0)
1120 goto error; 1136 goto error;
1121 1137
1122 if (class_create_file(bt_class, &class_attr_rfcomm) < 0) 1138 if (bt_debugfs) {
1123 BT_ERR("Failed to create RFCOMM info file"); 1139 rfcomm_sock_debugfs = debugfs_create_file("rfcomm", 0444,
1140 bt_debugfs, NULL, &rfcomm_sock_debugfs_fops);
1141 if (!rfcomm_sock_debugfs)
1142 BT_ERR("Failed to create RFCOMM debug file");
1143 }
1124 1144
1125 BT_INFO("RFCOMM socket layer initialized"); 1145 BT_INFO("RFCOMM socket layer initialized");
1126 1146
@@ -1134,7 +1154,7 @@ error:
1134 1154
1135void rfcomm_cleanup_sockets(void) 1155void rfcomm_cleanup_sockets(void)
1136{ 1156{
1137 class_remove_file(bt_class, &class_attr_rfcomm); 1157 debugfs_remove(rfcomm_sock_debugfs);
1138 1158
1139 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 1159 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0)
1140 BT_ERR("RFCOMM socket layer unregistration failed"); 1160 BT_ERR("RFCOMM socket layer unregistration failed");
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 77f4153bdb5e..ca6b2ad1c3fc 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -38,6 +38,8 @@
38#include <linux/socket.h> 38#include <linux/socket.h>
39#include <linux/skbuff.h> 39#include <linux/skbuff.h>
40#include <linux/device.h> 40#include <linux/device.h>
41#include <linux/debugfs.h>
42#include <linux/seq_file.h>
41#include <linux/list.h> 43#include <linux/list.h>
42#include <net/sock.h> 44#include <net/sock.h>
43 45
@@ -430,7 +432,8 @@ static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int pro
430 return sk; 432 return sk;
431} 433}
432 434
433static int sco_sock_create(struct net *net, struct socket *sock, int protocol) 435static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
436 int kern)
434{ 437{
435 struct sock *sk; 438 struct sock *sk;
436 439
@@ -496,7 +499,8 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
496 499
497 BT_DBG("sk %p", sk); 500 BT_DBG("sk %p", sk);
498 501
499 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_sco)) 502 if (alen < sizeof(struct sockaddr_sco) ||
503 addr->sa_family != AF_BLUETOOTH)
500 return -EINVAL; 504 return -EINVAL;
501 505
502 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) 506 if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
@@ -952,26 +956,36 @@ drop:
952 return 0; 956 return 0;
953} 957}
954 958
955static ssize_t sco_sysfs_show(struct class *dev, char *buf) 959static int sco_debugfs_show(struct seq_file *f, void *p)
956{ 960{
957 struct sock *sk; 961 struct sock *sk;
958 struct hlist_node *node; 962 struct hlist_node *node;
959 char *str = buf;
960 963
961 read_lock_bh(&sco_sk_list.lock); 964 read_lock_bh(&sco_sk_list.lock);
962 965
963 sk_for_each(sk, node, &sco_sk_list.head) { 966 sk_for_each(sk, node, &sco_sk_list.head) {
964 str += sprintf(str, "%s %s %d\n", 967 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src),
965 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 968 batostr(&bt_sk(sk)->dst), sk->sk_state);
966 sk->sk_state);
967 } 969 }
968 970
969 read_unlock_bh(&sco_sk_list.lock); 971 read_unlock_bh(&sco_sk_list.lock);
970 972
971 return (str - buf); 973 return 0;
972} 974}
973 975
974static CLASS_ATTR(sco, S_IRUGO, sco_sysfs_show, NULL); 976static int sco_debugfs_open(struct inode *inode, struct file *file)
977{
978 return single_open(file, sco_debugfs_show, inode->i_private);
979}
980
981static const struct file_operations sco_debugfs_fops = {
982 .open = sco_debugfs_open,
983 .read = seq_read,
984 .llseek = seq_lseek,
985 .release = single_release,
986};
987
988static struct dentry *sco_debugfs;
975 989
976static const struct proto_ops sco_sock_ops = { 990static const struct proto_ops sco_sock_ops = {
977 .family = PF_BLUETOOTH, 991 .family = PF_BLUETOOTH,
@@ -993,7 +1007,7 @@ static const struct proto_ops sco_sock_ops = {
993 .getsockopt = sco_sock_getsockopt 1007 .getsockopt = sco_sock_getsockopt
994}; 1008};
995 1009
996static struct net_proto_family sco_sock_family_ops = { 1010static const struct net_proto_family sco_sock_family_ops = {
997 .family = PF_BLUETOOTH, 1011 .family = PF_BLUETOOTH,
998 .owner = THIS_MODULE, 1012 .owner = THIS_MODULE,
999 .create = sco_sock_create, 1013 .create = sco_sock_create,
@@ -1029,8 +1043,12 @@ static int __init sco_init(void)
1029 goto error; 1043 goto error;
1030 } 1044 }
1031 1045
1032 if (class_create_file(bt_class, &class_attr_sco) < 0) 1046 if (bt_debugfs) {
1033 BT_ERR("Failed to create SCO info file"); 1047 sco_debugfs = debugfs_create_file("sco", 0444,
1048 bt_debugfs, NULL, &sco_debugfs_fops);
1049 if (!sco_debugfs)
1050 BT_ERR("Failed to create SCO debug file");
1051 }
1034 1052
1035 BT_INFO("SCO (Voice Link) ver %s", VERSION); 1053 BT_INFO("SCO (Voice Link) ver %s", VERSION);
1036 BT_INFO("SCO socket layer initialized"); 1054 BT_INFO("SCO socket layer initialized");
@@ -1044,7 +1062,7 @@ error:
1044 1062
1045static void __exit sco_exit(void) 1063static void __exit sco_exit(void)
1046{ 1064{
1047 class_remove_file(bt_class, &class_attr_sco); 1065 debugfs_remove(sco_debugfs);
1048 1066
1049 if (bt_sock_unregister(BTPROTO_SCO) < 0) 1067 if (bt_sock_unregister(BTPROTO_SCO) < 0)
1050 BT_ERR("SCO socket unregistration failed"); 1068 BT_ERR("SCO socket unregistration failed");
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-03 16:11:06 -0400