aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/Kconfig2
-rw-r--r--net/bluetooth/Makefile2
-rw-r--r--net/bluetooth/a2mp.c459
-rw-r--r--net/bluetooth/af_bluetooth.c10
-rw-r--r--net/bluetooth/amp.c471
-rw-r--r--net/bluetooth/bnep/core.c3
-rw-r--r--net/bluetooth/bnep/netdev.c1
-rw-r--r--net/bluetooth/cmtp/capi.c2
-rw-r--r--net/bluetooth/cmtp/core.c2
-rw-r--r--net/bluetooth/cmtp/sock.c2
-rw-r--r--net/bluetooth/hci_conn.c76
-rw-r--r--net/bluetooth/hci_core.c245
-rw-r--r--net/bluetooth/hci_event.c564
-rw-r--r--net/bluetooth/hci_sysfs.c10
-rw-r--r--net/bluetooth/hidp/core.c19
-rw-r--r--net/bluetooth/l2cap_core.c1588
-rw-r--r--net/bluetooth/l2cap_sock.c94
-rw-r--r--net/bluetooth/lib.c14
-rw-r--r--net/bluetooth/mgmt.c117
-rw-r--r--net/bluetooth/rfcomm/core.c19
-rw-r--r--net/bluetooth/rfcomm/sock.c13
-rw-r--r--net/bluetooth/rfcomm/tty.c6
-rw-r--r--net/bluetooth/sco.c100
-rw-r--r--net/bluetooth/smp.c4
24 files changed, 3211 insertions, 612 deletions
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig
index 3537d385035e..d3f3f7b1d32c 100644
--- a/net/bluetooth/Kconfig
+++ b/net/bluetooth/Kconfig
@@ -11,6 +11,7 @@ menuconfig BT
11 select CRYPTO_BLKCIPHER 11 select CRYPTO_BLKCIPHER
12 select CRYPTO_AES 12 select CRYPTO_AES
13 select CRYPTO_ECB 13 select CRYPTO_ECB
14 select CRYPTO_SHA256
14 help 15 help
15 Bluetooth is low-cost, low-power, short-range wireless technology. 16 Bluetooth is low-cost, low-power, short-range wireless technology.
16 It was designed as a replacement for cables and other short-range 17 It was designed as a replacement for cables and other short-range
@@ -47,4 +48,3 @@ source "net/bluetooth/cmtp/Kconfig"
47source "net/bluetooth/hidp/Kconfig" 48source "net/bluetooth/hidp/Kconfig"
48 49
49source "drivers/bluetooth/Kconfig" 50source "drivers/bluetooth/Kconfig"
50
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile
index fa6d94a4602a..dea6a287daca 100644
--- a/net/bluetooth/Makefile
+++ b/net/bluetooth/Makefile
@@ -10,4 +10,4 @@ obj-$(CONFIG_BT_HIDP) += hidp/
10 10
11bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ 11bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \
12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \ 12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \
13 a2mp.o 13 a2mp.o amp.o
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
index 0760d1fed6f0..2f67d5ecc907 100644
--- a/net/bluetooth/a2mp.c
+++ b/net/bluetooth/a2mp.c
@@ -16,6 +16,11 @@
16#include <net/bluetooth/hci_core.h> 16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/l2cap.h> 17#include <net/bluetooth/l2cap.h>
18#include <net/bluetooth/a2mp.h> 18#include <net/bluetooth/a2mp.h>
19#include <net/bluetooth/amp.h>
20
21/* Global AMP Manager list */
22LIST_HEAD(amp_mgr_list);
23DEFINE_MUTEX(amp_mgr_list_lock);
19 24
20/* A2MP build & send command helper functions */ 25/* A2MP build & send command helper functions */
21static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data) 26static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
@@ -37,8 +42,7 @@ static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
37 return cmd; 42 return cmd;
38} 43}
39 44
40static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, 45void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data)
41 void *data)
42{ 46{
43 struct l2cap_chan *chan = mgr->a2mp_chan; 47 struct l2cap_chan *chan = mgr->a2mp_chan;
44 struct a2mp_cmd *cmd; 48 struct a2mp_cmd *cmd;
@@ -63,6 +67,14 @@ static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len,
63 kfree(cmd); 67 kfree(cmd);
64} 68}
65 69
70u8 __next_ident(struct amp_mgr *mgr)
71{
72 if (++mgr->ident == 0)
73 mgr->ident = 1;
74
75 return mgr->ident;
76}
77
66static inline void __a2mp_cl_bredr(struct a2mp_cl *cl) 78static inline void __a2mp_cl_bredr(struct a2mp_cl *cl)
67{ 79{
68 cl->id = 0; 80 cl->id = 0;
@@ -161,6 +173,83 @@ static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
161 return 0; 173 return 0;
162} 174}
163 175
176static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
177 struct a2mp_cmd *hdr)
178{
179 struct a2mp_discov_rsp *rsp = (void *) skb->data;
180 u16 len = le16_to_cpu(hdr->len);
181 struct a2mp_cl *cl;
182 u16 ext_feat;
183 bool found = false;
184
185 if (len < sizeof(*rsp))
186 return -EINVAL;
187
188 len -= sizeof(*rsp);
189 skb_pull(skb, sizeof(*rsp));
190
191 ext_feat = le16_to_cpu(rsp->ext_feat);
192
193 BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(rsp->mtu), ext_feat);
194
195 /* check that packet is not broken for now */
196 while (ext_feat & A2MP_FEAT_EXT) {
197 if (len < sizeof(ext_feat))
198 return -EINVAL;
199
200 ext_feat = get_unaligned_le16(skb->data);
201 BT_DBG("efm 0x%4.4x", ext_feat);
202 len -= sizeof(ext_feat);
203 skb_pull(skb, sizeof(ext_feat));
204 }
205
206 cl = (void *) skb->data;
207 while (len >= sizeof(*cl)) {
208 BT_DBG("Remote AMP id %d type %d status %d", cl->id, cl->type,
209 cl->status);
210
211 if (cl->id != HCI_BREDR_ID && cl->type == HCI_AMP) {
212 struct a2mp_info_req req;
213
214 found = true;
215 req.id = cl->id;
216 a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr),
217 sizeof(req), &req);
218 }
219
220 len -= sizeof(*cl);
221 cl = (void *) skb_pull(skb, sizeof(*cl));
222 }
223
224 /* Fall back to L2CAP init sequence */
225 if (!found) {
226 struct l2cap_conn *conn = mgr->l2cap_conn;
227 struct l2cap_chan *chan;
228
229 mutex_lock(&conn->chan_lock);
230
231 list_for_each_entry(chan, &conn->chan_l, list) {
232
233 BT_DBG("chan %p state %s", chan,
234 state_to_string(chan->state));
235
236 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP)
237 continue;
238
239 l2cap_chan_lock(chan);
240
241 if (chan->state == BT_CONNECT)
242 l2cap_send_conn_req(chan);
243
244 l2cap_chan_unlock(chan);
245 }
246
247 mutex_unlock(&conn->chan_lock);
248 }
249
250 return 0;
251}
252
164static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb, 253static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb,
165 struct a2mp_cmd *hdr) 254 struct a2mp_cmd *hdr)
166{ 255{
@@ -181,7 +270,6 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
181 struct a2mp_cmd *hdr) 270 struct a2mp_cmd *hdr)
182{ 271{
183 struct a2mp_info_req *req = (void *) skb->data; 272 struct a2mp_info_req *req = (void *) skb->data;
184 struct a2mp_info_rsp rsp;
185 struct hci_dev *hdev; 273 struct hci_dev *hdev;
186 274
187 if (le16_to_cpu(hdr->len) < sizeof(*req)) 275 if (le16_to_cpu(hdr->len) < sizeof(*req))
@@ -189,53 +277,93 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
189 277
190 BT_DBG("id %d", req->id); 278 BT_DBG("id %d", req->id);
191 279
192 rsp.id = req->id;
193 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
194
195 hdev = hci_dev_get(req->id); 280 hdev = hci_dev_get(req->id);
196 if (hdev && hdev->amp_type != HCI_BREDR) { 281 if (!hdev || hdev->dev_type != HCI_AMP) {
197 rsp.status = 0; 282 struct a2mp_info_rsp rsp;
198 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw); 283
199 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw); 284 rsp.id = req->id;
200 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency); 285 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
201 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap); 286
202 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size); 287 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp),
288 &rsp);
289
290 goto done;
203 } 291 }
204 292
293 mgr->state = READ_LOC_AMP_INFO;
294 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
295
296done:
205 if (hdev) 297 if (hdev)
206 hci_dev_put(hdev); 298 hci_dev_put(hdev);
207 299
208 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp), &rsp);
209
210 skb_pull(skb, sizeof(*req)); 300 skb_pull(skb, sizeof(*req));
211 return 0; 301 return 0;
212} 302}
213 303
304static int a2mp_getinfo_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
305 struct a2mp_cmd *hdr)
306{
307 struct a2mp_info_rsp *rsp = (struct a2mp_info_rsp *) skb->data;
308 struct a2mp_amp_assoc_req req;
309 struct amp_ctrl *ctrl;
310
311 if (le16_to_cpu(hdr->len) < sizeof(*rsp))
312 return -EINVAL;
313
314 BT_DBG("id %d status 0x%2.2x", rsp->id, rsp->status);
315
316 if (rsp->status)
317 return -EINVAL;
318
319 ctrl = amp_ctrl_add(mgr, rsp->id);
320 if (!ctrl)
321 return -ENOMEM;
322
323 req.id = rsp->id;
324 a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req),
325 &req);
326
327 skb_pull(skb, sizeof(*rsp));
328 return 0;
329}
330
214static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, 331static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
215 struct a2mp_cmd *hdr) 332 struct a2mp_cmd *hdr)
216{ 333{
217 struct a2mp_amp_assoc_req *req = (void *) skb->data; 334 struct a2mp_amp_assoc_req *req = (void *) skb->data;
218 struct hci_dev *hdev; 335 struct hci_dev *hdev;
336 struct amp_mgr *tmp;
219 337
220 if (le16_to_cpu(hdr->len) < sizeof(*req)) 338 if (le16_to_cpu(hdr->len) < sizeof(*req))
221 return -EINVAL; 339 return -EINVAL;
222 340
223 BT_DBG("id %d", req->id); 341 BT_DBG("id %d", req->id);
224 342
343 /* Make sure that other request is not processed */
344 tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
345
225 hdev = hci_dev_get(req->id); 346 hdev = hci_dev_get(req->id);
226 if (!hdev || hdev->amp_type == HCI_BREDR) { 347 if (!hdev || hdev->amp_type == HCI_BREDR || tmp) {
227 struct a2mp_amp_assoc_rsp rsp; 348 struct a2mp_amp_assoc_rsp rsp;
228 rsp.id = req->id; 349 rsp.id = req->id;
229 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 350
351 if (tmp) {
352 rsp.status = A2MP_STATUS_COLLISION_OCCURED;
353 amp_mgr_put(tmp);
354 } else {
355 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
356 }
230 357
231 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp), 358 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp),
232 &rsp); 359 &rsp);
233 goto clean; 360
361 goto done;
234 } 362 }
235 363
236 /* Placeholder for HCI Read AMP Assoc */ 364 amp_read_loc_assoc(hdev, mgr);
237 365
238clean: 366done:
239 if (hdev) 367 if (hdev)
240 hci_dev_put(hdev); 368 hci_dev_put(hdev);
241 369
@@ -243,6 +371,68 @@ clean:
243 return 0; 371 return 0;
244} 372}
245 373
374static int a2mp_getampassoc_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
375 struct a2mp_cmd *hdr)
376{
377 struct a2mp_amp_assoc_rsp *rsp = (void *) skb->data;
378 u16 len = le16_to_cpu(hdr->len);
379 struct hci_dev *hdev;
380 struct amp_ctrl *ctrl;
381 struct hci_conn *hcon;
382 size_t assoc_len;
383
384 if (len < sizeof(*rsp))
385 return -EINVAL;
386
387 assoc_len = len - sizeof(*rsp);
388
389 BT_DBG("id %d status 0x%2.2x assoc len %zu", rsp->id, rsp->status,
390 assoc_len);
391
392 if (rsp->status)
393 return -EINVAL;
394
395 /* Save remote ASSOC data */
396 ctrl = amp_ctrl_lookup(mgr, rsp->id);
397 if (ctrl) {
398 u8 *assoc;
399
400 assoc = kzalloc(assoc_len, GFP_KERNEL);
401 if (!assoc) {
402 amp_ctrl_put(ctrl);
403 return -ENOMEM;
404 }
405
406 memcpy(assoc, rsp->amp_assoc, assoc_len);
407 ctrl->assoc = assoc;
408 ctrl->assoc_len = assoc_len;
409 ctrl->assoc_rem_len = assoc_len;
410 ctrl->assoc_len_so_far = 0;
411
412 amp_ctrl_put(ctrl);
413 }
414
415 /* Create Phys Link */
416 hdev = hci_dev_get(rsp->id);
417 if (!hdev)
418 return -EINVAL;
419
420 hcon = phylink_add(hdev, mgr, rsp->id, true);
421 if (!hcon)
422 goto done;
423
424 BT_DBG("Created hcon %p: loc:%d -> rem:%d", hcon, hdev->id, rsp->id);
425
426 mgr->bredr_chan->remote_amp_id = rsp->id;
427
428 amp_create_phylink(hdev, mgr, hcon);
429
430done:
431 hci_dev_put(hdev);
432 skb_pull(skb, len);
433 return 0;
434}
435
246static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb, 436static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
247 struct a2mp_cmd *hdr) 437 struct a2mp_cmd *hdr)
248{ 438{
@@ -250,6 +440,8 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
250 440
251 struct a2mp_physlink_rsp rsp; 441 struct a2mp_physlink_rsp rsp;
252 struct hci_dev *hdev; 442 struct hci_dev *hdev;
443 struct hci_conn *hcon;
444 struct amp_ctrl *ctrl;
253 445
254 if (le16_to_cpu(hdr->len) < sizeof(*req)) 446 if (le16_to_cpu(hdr->len) < sizeof(*req))
255 return -EINVAL; 447 return -EINVAL;
@@ -265,9 +457,43 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
265 goto send_rsp; 457 goto send_rsp;
266 } 458 }
267 459
268 /* TODO process physlink create */ 460 ctrl = amp_ctrl_lookup(mgr, rsp.remote_id);
461 if (!ctrl) {
462 ctrl = amp_ctrl_add(mgr, rsp.remote_id);
463 if (ctrl) {
464 amp_ctrl_get(ctrl);
465 } else {
466 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
467 goto send_rsp;
468 }
469 }
269 470
270 rsp.status = A2MP_STATUS_SUCCESS; 471 if (ctrl) {
472 size_t assoc_len = le16_to_cpu(hdr->len) - sizeof(*req);
473 u8 *assoc;
474
475 assoc = kzalloc(assoc_len, GFP_KERNEL);
476 if (!assoc) {
477 amp_ctrl_put(ctrl);
478 return -ENOMEM;
479 }
480
481 memcpy(assoc, req->amp_assoc, assoc_len);
482 ctrl->assoc = assoc;
483 ctrl->assoc_len = assoc_len;
484 ctrl->assoc_rem_len = assoc_len;
485 ctrl->assoc_len_so_far = 0;
486
487 amp_ctrl_put(ctrl);
488 }
489
490 hcon = phylink_add(hdev, mgr, req->local_id, false);
491 if (hcon) {
492 amp_accept_phylink(hdev, mgr, hcon);
493 rsp.status = A2MP_STATUS_SUCCESS;
494 } else {
495 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
496 }
271 497
272send_rsp: 498send_rsp:
273 if (hdev) 499 if (hdev)
@@ -286,6 +512,7 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
286 struct a2mp_physlink_req *req = (void *) skb->data; 512 struct a2mp_physlink_req *req = (void *) skb->data;
287 struct a2mp_physlink_rsp rsp; 513 struct a2mp_physlink_rsp rsp;
288 struct hci_dev *hdev; 514 struct hci_dev *hdev;
515 struct hci_conn *hcon;
289 516
290 if (le16_to_cpu(hdr->len) < sizeof(*req)) 517 if (le16_to_cpu(hdr->len) < sizeof(*req))
291 return -EINVAL; 518 return -EINVAL;
@@ -296,14 +523,22 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
296 rsp.remote_id = req->local_id; 523 rsp.remote_id = req->local_id;
297 rsp.status = A2MP_STATUS_SUCCESS; 524 rsp.status = A2MP_STATUS_SUCCESS;
298 525
299 hdev = hci_dev_get(req->local_id); 526 hdev = hci_dev_get(req->remote_id);
300 if (!hdev) { 527 if (!hdev) {
301 rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 528 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
302 goto send_rsp; 529 goto send_rsp;
303 } 530 }
304 531
532 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, mgr->l2cap_conn->dst);
533 if (!hcon) {
534 BT_ERR("No phys link exist");
535 rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS;
536 goto clean;
537 }
538
305 /* TODO Disconnect Phys Link here */ 539 /* TODO Disconnect Phys Link here */
306 540
541clean:
307 hci_dev_put(hdev); 542 hci_dev_put(hdev);
308 543
309send_rsp: 544send_rsp:
@@ -377,10 +612,19 @@ static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
377 err = a2mp_discphyslink_req(mgr, skb, hdr); 612 err = a2mp_discphyslink_req(mgr, skb, hdr);
378 break; 613 break;
379 614
380 case A2MP_CHANGE_RSP:
381 case A2MP_DISCOVER_RSP: 615 case A2MP_DISCOVER_RSP:
616 err = a2mp_discover_rsp(mgr, skb, hdr);
617 break;
618
382 case A2MP_GETINFO_RSP: 619 case A2MP_GETINFO_RSP:
620 err = a2mp_getinfo_rsp(mgr, skb, hdr);
621 break;
622
383 case A2MP_GETAMPASSOC_RSP: 623 case A2MP_GETAMPASSOC_RSP:
624 err = a2mp_getampassoc_rsp(mgr, skb, hdr);
625 break;
626
627 case A2MP_CHANGE_RSP:
384 case A2MP_CREATEPHYSLINK_RSP: 628 case A2MP_CREATEPHYSLINK_RSP:
385 case A2MP_DISCONNPHYSLINK_RSP: 629 case A2MP_DISCONNPHYSLINK_RSP:
386 err = a2mp_cmd_rsp(mgr, skb, hdr); 630 err = a2mp_cmd_rsp(mgr, skb, hdr);
@@ -455,9 +699,10 @@ static struct l2cap_ops a2mp_chan_ops = {
455 .new_connection = l2cap_chan_no_new_connection, 699 .new_connection = l2cap_chan_no_new_connection,
456 .teardown = l2cap_chan_no_teardown, 700 .teardown = l2cap_chan_no_teardown,
457 .ready = l2cap_chan_no_ready, 701 .ready = l2cap_chan_no_ready,
702 .defer = l2cap_chan_no_defer,
458}; 703};
459 704
460static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn) 705static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked)
461{ 706{
462 struct l2cap_chan *chan; 707 struct l2cap_chan *chan;
463 int err; 708 int err;
@@ -492,7 +737,10 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
492 737
493 chan->conf_state = 0; 738 chan->conf_state = 0;
494 739
495 l2cap_chan_add(conn, chan); 740 if (locked)
741 __l2cap_chan_add(conn, chan);
742 else
743 l2cap_chan_add(conn, chan);
496 744
497 chan->remote_mps = chan->omtu; 745 chan->remote_mps = chan->omtu;
498 chan->mps = chan->omtu; 746 chan->mps = chan->omtu;
@@ -503,11 +751,13 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn)
503} 751}
504 752
505/* AMP Manager functions */ 753/* AMP Manager functions */
506void amp_mgr_get(struct amp_mgr *mgr) 754struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr)
507{ 755{
508 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount)); 756 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
509 757
510 kref_get(&mgr->kref); 758 kref_get(&mgr->kref);
759
760 return mgr;
511} 761}
512 762
513static void amp_mgr_destroy(struct kref *kref) 763static void amp_mgr_destroy(struct kref *kref)
@@ -516,6 +766,11 @@ static void amp_mgr_destroy(struct kref *kref)
516 766
517 BT_DBG("mgr %p", mgr); 767 BT_DBG("mgr %p", mgr);
518 768
769 mutex_lock(&amp_mgr_list_lock);
770 list_del(&mgr->list);
771 mutex_unlock(&amp_mgr_list_lock);
772
773 amp_ctrl_list_flush(mgr);
519 kfree(mgr); 774 kfree(mgr);
520} 775}
521 776
@@ -526,7 +781,7 @@ int amp_mgr_put(struct amp_mgr *mgr)
526 return kref_put(&mgr->kref, &amp_mgr_destroy); 781 return kref_put(&mgr->kref, &amp_mgr_destroy);
527} 782}
528 783
529static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn) 784static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn, bool locked)
530{ 785{
531 struct amp_mgr *mgr; 786 struct amp_mgr *mgr;
532 struct l2cap_chan *chan; 787 struct l2cap_chan *chan;
@@ -539,7 +794,7 @@ static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn)
539 794
540 mgr->l2cap_conn = conn; 795 mgr->l2cap_conn = conn;
541 796
542 chan = a2mp_chan_open(conn); 797 chan = a2mp_chan_open(conn, locked);
543 if (!chan) { 798 if (!chan) {
544 kfree(mgr); 799 kfree(mgr);
545 return NULL; 800 return NULL;
@@ -552,6 +807,14 @@ static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn)
552 807
553 kref_init(&mgr->kref); 808 kref_init(&mgr->kref);
554 809
810 /* Remote AMP ctrl list initialization */
811 INIT_LIST_HEAD(&mgr->amp_ctrls);
812 mutex_init(&mgr->amp_ctrls_lock);
813
814 mutex_lock(&amp_mgr_list_lock);
815 list_add(&mgr->list, &amp_mgr_list);
816 mutex_unlock(&amp_mgr_list_lock);
817
555 return mgr; 818 return mgr;
556} 819}
557 820
@@ -560,7 +823,7 @@ struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
560{ 823{
561 struct amp_mgr *mgr; 824 struct amp_mgr *mgr;
562 825
563 mgr = amp_mgr_create(conn); 826 mgr = amp_mgr_create(conn, false);
564 if (!mgr) { 827 if (!mgr) {
565 BT_ERR("Could not create AMP manager"); 828 BT_ERR("Could not create AMP manager");
566 return NULL; 829 return NULL;
@@ -570,3 +833,139 @@ struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
570 833
571 return mgr->a2mp_chan; 834 return mgr->a2mp_chan;
572} 835}
836
837struct amp_mgr *amp_mgr_lookup_by_state(u8 state)
838{
839 struct amp_mgr *mgr;
840
841 mutex_lock(&amp_mgr_list_lock);
842 list_for_each_entry(mgr, &amp_mgr_list, list) {
843 if (mgr->state == state) {
844 amp_mgr_get(mgr);
845 mutex_unlock(&amp_mgr_list_lock);
846 return mgr;
847 }
848 }
849 mutex_unlock(&amp_mgr_list_lock);
850
851 return NULL;
852}
853
854void a2mp_send_getinfo_rsp(struct hci_dev *hdev)
855{
856 struct amp_mgr *mgr;
857 struct a2mp_info_rsp rsp;
858
859 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_INFO);
860 if (!mgr)
861 return;
862
863 BT_DBG("%s mgr %p", hdev->name, mgr);
864
865 rsp.id = hdev->id;
866 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
867
868 if (hdev->amp_type != HCI_BREDR) {
869 rsp.status = 0;
870 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
871 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
872 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency);
873 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap);
874 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size);
875 }
876
877 a2mp_send(mgr, A2MP_GETINFO_RSP, mgr->ident, sizeof(rsp), &rsp);
878 amp_mgr_put(mgr);
879}
880
881void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status)
882{
883 struct amp_mgr *mgr;
884 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
885 struct a2mp_amp_assoc_rsp *rsp;
886 size_t len;
887
888 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
889 if (!mgr)
890 return;
891
892 BT_DBG("%s mgr %p", hdev->name, mgr);
893
894 len = sizeof(struct a2mp_amp_assoc_rsp) + loc_assoc->len;
895 rsp = kzalloc(len, GFP_KERNEL);
896 if (!rsp) {
897 amp_mgr_put(mgr);
898 return;
899 }
900
901 rsp->id = hdev->id;
902
903 if (status) {
904 rsp->status = A2MP_STATUS_INVALID_CTRL_ID;
905 } else {
906 rsp->status = A2MP_STATUS_SUCCESS;
907 memcpy(rsp->amp_assoc, loc_assoc->data, loc_assoc->len);
908 }
909
910 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, mgr->ident, len, rsp);
911 amp_mgr_put(mgr);
912 kfree(rsp);
913}
914
915void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status)
916{
917 struct amp_mgr *mgr;
918 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
919 struct a2mp_physlink_req *req;
920 struct l2cap_chan *bredr_chan;
921 size_t len;
922
923 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC_FINAL);
924 if (!mgr)
925 return;
926
927 len = sizeof(*req) + loc_assoc->len;
928
929 BT_DBG("%s mgr %p assoc_len %zu", hdev->name, mgr, len);
930
931 req = kzalloc(len, GFP_KERNEL);
932 if (!req) {
933 amp_mgr_put(mgr);
934 return;
935 }
936
937 bredr_chan = mgr->bredr_chan;
938 if (!bredr_chan)
939 goto clean;
940
941 req->local_id = hdev->id;
942 req->remote_id = bredr_chan->remote_amp_id;
943 memcpy(req->amp_assoc, loc_assoc->data, loc_assoc->len);
944
945 a2mp_send(mgr, A2MP_CREATEPHYSLINK_REQ, __next_ident(mgr), len, req);
946
947clean:
948 amp_mgr_put(mgr);
949 kfree(req);
950}
951
952void a2mp_discover_amp(struct l2cap_chan *chan)
953{
954 struct l2cap_conn *conn = chan->conn;
955 struct amp_mgr *mgr = conn->hcon->amp_mgr;
956 struct a2mp_discov_req req;
957
958 BT_DBG("chan %p conn %p mgr %p", chan, conn, mgr);
959
960 if (!mgr) {
961 mgr = amp_mgr_create(conn, true);
962 if (!mgr)
963 return;
964 }
965
966 mgr->bredr_chan = chan;
967
968 req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
969 req.ext_feat = 0;
970 a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req);
971}
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index ba033f09196e..5355df63d39b 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -569,7 +569,6 @@ static int bt_seq_show(struct seq_file *seq, void *v)
569{ 569{
570 struct bt_seq_state *s = seq->private; 570 struct bt_seq_state *s = seq->private;
571 struct bt_sock_list *l = s->l; 571 struct bt_sock_list *l = s->l;
572 bdaddr_t src_baswapped, dst_baswapped;
573 572
574 if (v == SEQ_START_TOKEN) { 573 if (v == SEQ_START_TOKEN) {
575 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent"); 574 seq_puts(seq ,"sk RefCnt Rmem Wmem User Inode Src Dst Parent");
@@ -583,18 +582,17 @@ static int bt_seq_show(struct seq_file *seq, void *v)
583 } else { 582 } else {
584 struct sock *sk = sk_entry(v); 583 struct sock *sk = sk_entry(v);
585 struct bt_sock *bt = bt_sk(sk); 584 struct bt_sock *bt = bt_sk(sk);
586 baswap(&src_baswapped, &bt->src);
587 baswap(&dst_baswapped, &bt->dst);
588 585
589 seq_printf(seq, "%pK %-6d %-6u %-6u %-6u %-6lu %pM %pM %-6lu", 586 seq_printf(seq,
587 "%pK %-6d %-6u %-6u %-6u %-6lu %pMR %pMR %-6lu",
590 sk, 588 sk,
591 atomic_read(&sk->sk_refcnt), 589 atomic_read(&sk->sk_refcnt),
592 sk_rmem_alloc_get(sk), 590 sk_rmem_alloc_get(sk),
593 sk_wmem_alloc_get(sk), 591 sk_wmem_alloc_get(sk),
594 from_kuid(seq_user_ns(seq), sock_i_uid(sk)), 592 from_kuid(seq_user_ns(seq), sock_i_uid(sk)),
595 sock_i_ino(sk), 593 sock_i_ino(sk),
596 &src_baswapped, 594 &bt->src,
597 &dst_baswapped, 595 &bt->dst,
598 bt->parent? sock_i_ino(bt->parent): 0LU); 596 bt->parent? sock_i_ino(bt->parent): 0LU);
599 597
600 if (l->custom_seq_show) { 598 if (l->custom_seq_show) {
diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c
new file mode 100644
index 000000000000..1b0d92c0643a
--- /dev/null
+++ b/net/bluetooth/amp.c
@@ -0,0 +1,471 @@
1/*
2 Copyright (c) 2011,2012 Intel Corp.
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License version 2 and
6 only version 2 as published by the Free Software Foundation.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12*/
13
14#include <net/bluetooth/bluetooth.h>
15#include <net/bluetooth/hci.h>
16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/a2mp.h>
18#include <net/bluetooth/amp.h>
19#include <crypto/hash.h>
20
21/* Remote AMP Controllers interface */
22void amp_ctrl_get(struct amp_ctrl *ctrl)
23{
24 BT_DBG("ctrl %p orig refcnt %d", ctrl,
25 atomic_read(&ctrl->kref.refcount));
26
27 kref_get(&ctrl->kref);
28}
29
30static void amp_ctrl_destroy(struct kref *kref)
31{
32 struct amp_ctrl *ctrl = container_of(kref, struct amp_ctrl, kref);
33
34 BT_DBG("ctrl %p", ctrl);
35
36 kfree(ctrl->assoc);
37 kfree(ctrl);
38}
39
40int amp_ctrl_put(struct amp_ctrl *ctrl)
41{
42 BT_DBG("ctrl %p orig refcnt %d", ctrl,
43 atomic_read(&ctrl->kref.refcount));
44
45 return kref_put(&ctrl->kref, &amp_ctrl_destroy);
46}
47
48struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id)
49{
50 struct amp_ctrl *ctrl;
51
52 ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
53 if (!ctrl)
54 return NULL;
55
56 kref_init(&ctrl->kref);
57 ctrl->id = id;
58
59 mutex_lock(&mgr->amp_ctrls_lock);
60 list_add(&ctrl->list, &mgr->amp_ctrls);
61 mutex_unlock(&mgr->amp_ctrls_lock);
62
63 BT_DBG("mgr %p ctrl %p", mgr, ctrl);
64
65 return ctrl;
66}
67
68void amp_ctrl_list_flush(struct amp_mgr *mgr)
69{
70 struct amp_ctrl *ctrl, *n;
71
72 BT_DBG("mgr %p", mgr);
73
74 mutex_lock(&mgr->amp_ctrls_lock);
75 list_for_each_entry_safe(ctrl, n, &mgr->amp_ctrls, list) {
76 list_del(&ctrl->list);
77 amp_ctrl_put(ctrl);
78 }
79 mutex_unlock(&mgr->amp_ctrls_lock);
80}
81
82struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id)
83{
84 struct amp_ctrl *ctrl;
85
86 BT_DBG("mgr %p id %d", mgr, id);
87
88 mutex_lock(&mgr->amp_ctrls_lock);
89 list_for_each_entry(ctrl, &mgr->amp_ctrls, list) {
90 if (ctrl->id == id) {
91 amp_ctrl_get(ctrl);
92 mutex_unlock(&mgr->amp_ctrls_lock);
93 return ctrl;
94 }
95 }
96 mutex_unlock(&mgr->amp_ctrls_lock);
97
98 return NULL;
99}
100
101/* Physical Link interface */
102static u8 __next_handle(struct amp_mgr *mgr)
103{
104 if (++mgr->handle == 0)
105 mgr->handle = 1;
106
107 return mgr->handle;
108}
109
110struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
111 u8 remote_id, bool out)
112{
113 bdaddr_t *dst = mgr->l2cap_conn->dst;
114 struct hci_conn *hcon;
115
116 hcon = hci_conn_add(hdev, AMP_LINK, dst);
117 if (!hcon)
118 return NULL;
119
120 BT_DBG("hcon %p dst %pMR", hcon, dst);
121
122 hcon->state = BT_CONNECT;
123 hcon->attempt++;
124 hcon->handle = __next_handle(mgr);
125 hcon->remote_id = remote_id;
126 hcon->amp_mgr = amp_mgr_get(mgr);
127 hcon->out = out;
128
129 return hcon;
130}
131
132/* AMP crypto key generation interface */
133static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output)
134{
135 int ret = 0;
136 struct crypto_shash *tfm;
137
138 if (!ksize)
139 return -EINVAL;
140
141 tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
142 if (IS_ERR(tfm)) {
143 BT_DBG("crypto_alloc_ahash failed: err %ld", PTR_ERR(tfm));
144 return PTR_ERR(tfm);
145 }
146
147 ret = crypto_shash_setkey(tfm, key, ksize);
148 if (ret) {
149 BT_DBG("crypto_ahash_setkey failed: err %d", ret);
150 } else {
151 struct {
152 struct shash_desc shash;
153 char ctx[crypto_shash_descsize(tfm)];
154 } desc;
155
156 desc.shash.tfm = tfm;
157 desc.shash.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
158
159 ret = crypto_shash_digest(&desc.shash, plaintext, psize,
160 output);
161 }
162
163 crypto_free_shash(tfm);
164 return ret;
165}
166
167int phylink_gen_key(struct hci_conn *conn, u8 *data, u8 *len, u8 *type)
168{
169 struct hci_dev *hdev = conn->hdev;
170 struct link_key *key;
171 u8 keybuf[HCI_AMP_LINK_KEY_SIZE];
172 u8 gamp_key[HCI_AMP_LINK_KEY_SIZE];
173 int err;
174
175 if (!hci_conn_check_link_mode(conn))
176 return -EACCES;
177
178 BT_DBG("conn %p key_type %d", conn, conn->key_type);
179
180 /* Legacy key */
181 if (conn->key_type < 3) {
182 BT_ERR("Legacy key type %d", conn->key_type);
183 return -EACCES;
184 }
185
186 *type = conn->key_type;
187 *len = HCI_AMP_LINK_KEY_SIZE;
188
189 key = hci_find_link_key(hdev, &conn->dst);
190 if (!key) {
191 BT_DBG("No Link key for conn %p dst %pMR", conn, &conn->dst);
192 return -EACCES;
193 }
194
195 /* BR/EDR Link Key concatenated together with itself */
196 memcpy(&keybuf[0], key->val, HCI_LINK_KEY_SIZE);
197 memcpy(&keybuf[HCI_LINK_KEY_SIZE], key->val, HCI_LINK_KEY_SIZE);
198
199 /* Derive Generic AMP Link Key (gamp) */
200 err = hmac_sha256(keybuf, HCI_AMP_LINK_KEY_SIZE, "gamp", 4, gamp_key);
201 if (err) {
202 BT_ERR("Could not derive Generic AMP Key: err %d", err);
203 return err;
204 }
205
206 if (conn->key_type == HCI_LK_DEBUG_COMBINATION) {
207 BT_DBG("Use Generic AMP Key (gamp)");
208 memcpy(data, gamp_key, HCI_AMP_LINK_KEY_SIZE);
209 return err;
210 }
211
212 /* Derive Dedicated AMP Link Key: "802b" is 802.11 PAL keyID */
213 return hmac_sha256(gamp_key, HCI_AMP_LINK_KEY_SIZE, "802b", 4, data);
214}
215
216void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle)
217{
218 struct hci_cp_read_local_amp_assoc cp;
219 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
220
221 BT_DBG("%s handle %d", hdev->name, phy_handle);
222
223 cp.phy_handle = phy_handle;
224 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
225 cp.len_so_far = cpu_to_le16(loc_assoc->offset);
226
227 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
228}
229
230void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr)
231{
232 struct hci_cp_read_local_amp_assoc cp;
233
234 memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc));
235 memset(&cp, 0, sizeof(cp));
236
237 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
238
239 mgr->state = READ_LOC_AMP_ASSOC;
240 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
241}
242
243void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
244 struct hci_conn *hcon)
245{
246 struct hci_cp_read_local_amp_assoc cp;
247 struct amp_mgr *mgr = hcon->amp_mgr;
248
249 cp.phy_handle = hcon->handle;
250 cp.len_so_far = cpu_to_le16(0);
251 cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
252
253 mgr->state = READ_LOC_AMP_ASSOC_FINAL;
254
255 /* Read Local AMP Assoc final link information data */
256 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp);
257}
258
259/* Write AMP Assoc data fragments, returns true with last fragment written*/
260static bool amp_write_rem_assoc_frag(struct hci_dev *hdev,
261 struct hci_conn *hcon)
262{
263 struct hci_cp_write_remote_amp_assoc *cp;
264 struct amp_mgr *mgr = hcon->amp_mgr;
265 struct amp_ctrl *ctrl;
266 u16 frag_len, len;
267
268 ctrl = amp_ctrl_lookup(mgr, hcon->remote_id);
269 if (!ctrl)
270 return false;
271
272 if (!ctrl->assoc_rem_len) {
273 BT_DBG("all fragments are written");
274 ctrl->assoc_rem_len = ctrl->assoc_len;
275 ctrl->assoc_len_so_far = 0;
276
277 amp_ctrl_put(ctrl);
278 return true;
279 }
280
281 frag_len = min_t(u16, 248, ctrl->assoc_rem_len);
282 len = frag_len + sizeof(*cp);
283
284 cp = kzalloc(len, GFP_KERNEL);
285 if (!cp) {
286 amp_ctrl_put(ctrl);
287 return false;
288 }
289
290 BT_DBG("hcon %p ctrl %p frag_len %u assoc_len %u rem_len %u",
291 hcon, ctrl, frag_len, ctrl->assoc_len, ctrl->assoc_rem_len);
292
293 cp->phy_handle = hcon->handle;
294 cp->len_so_far = cpu_to_le16(ctrl->assoc_len_so_far);
295 cp->rem_len = cpu_to_le16(ctrl->assoc_rem_len);
296 memcpy(cp->frag, ctrl->assoc, frag_len);
297
298 ctrl->assoc_len_so_far += frag_len;
299 ctrl->assoc_rem_len -= frag_len;
300
301 amp_ctrl_put(ctrl);
302
303 hci_send_cmd(hdev, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp);
304
305 kfree(cp);
306
307 return false;
308}
309
310void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle)
311{
312 struct hci_conn *hcon;
313
314 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
315
316 hcon = hci_conn_hash_lookup_handle(hdev, handle);
317 if (!hcon)
318 return;
319
320 amp_write_rem_assoc_frag(hdev, hcon);
321}
322
323void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle)
324{
325 struct hci_conn *hcon;
326
327 BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle);
328
329 hcon = hci_conn_hash_lookup_handle(hdev, handle);
330 if (!hcon)
331 return;
332
333 BT_DBG("%s phy handle 0x%2.2x hcon %p", hdev->name, handle, hcon);
334
335 amp_write_rem_assoc_frag(hdev, hcon);
336}
337
338void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
339 struct hci_conn *hcon)
340{
341 struct hci_cp_create_phy_link cp;
342
343 cp.phy_handle = hcon->handle;
344
345 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
346 hcon->handle);
347
348 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
349 &cp.key_type)) {
350 BT_DBG("Cannot create link key");
351 return;
352 }
353
354 hci_send_cmd(hdev, HCI_OP_CREATE_PHY_LINK, sizeof(cp), &cp);
355}
356
357void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr,
358 struct hci_conn *hcon)
359{
360 struct hci_cp_accept_phy_link cp;
361
362 cp.phy_handle = hcon->handle;
363
364 BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon,
365 hcon->handle);
366
367 if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len,
368 &cp.key_type)) {
369 BT_DBG("Cannot create link key");
370 return;
371 }
372
373 hci_send_cmd(hdev, HCI_OP_ACCEPT_PHY_LINK, sizeof(cp), &cp);
374}
375
376void amp_physical_cfm(struct hci_conn *bredr_hcon, struct hci_conn *hs_hcon)
377{
378 struct hci_dev *bredr_hdev = hci_dev_hold(bredr_hcon->hdev);
379 struct amp_mgr *mgr = hs_hcon->amp_mgr;
380 struct l2cap_chan *bredr_chan;
381
382 BT_DBG("bredr_hcon %p hs_hcon %p mgr %p", bredr_hcon, hs_hcon, mgr);
383
384 if (!bredr_hdev || !mgr || !mgr->bredr_chan)
385 return;
386
387 bredr_chan = mgr->bredr_chan;
388
389 l2cap_chan_lock(bredr_chan);
390
391 set_bit(FLAG_EFS_ENABLE, &bredr_chan->flags);
392 bredr_chan->remote_amp_id = hs_hcon->remote_id;
393 bredr_chan->local_amp_id = hs_hcon->hdev->id;
394 bredr_chan->hs_hcon = hs_hcon;
395 bredr_chan->conn->mtu = hs_hcon->hdev->block_mtu;
396
397 __l2cap_physical_cfm(bredr_chan, 0);
398
399 l2cap_chan_unlock(bredr_chan);
400
401 hci_dev_put(bredr_hdev);
402}
403
404void amp_create_logical_link(struct l2cap_chan *chan)
405{
406 struct hci_cp_create_accept_logical_link cp;
407 struct hci_conn *hcon;
408 struct hci_dev *hdev;
409
410 BT_DBG("chan %p", chan);
411
412 if (!chan->hs_hcon)
413 return;
414
415 hdev = hci_dev_hold(chan->hs_hcon->hdev);
416 if (!hdev)
417 return;
418
419 BT_DBG("chan %p dst %pMR", chan, chan->conn->dst);
420
421 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, chan->conn->dst);
422 if (!hcon)
423 goto done;
424
425 cp.phy_handle = hcon->handle;
426
427 cp.tx_flow_spec.id = chan->local_id;
428 cp.tx_flow_spec.stype = chan->local_stype;
429 cp.tx_flow_spec.msdu = cpu_to_le16(chan->local_msdu);
430 cp.tx_flow_spec.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
431 cp.tx_flow_spec.acc_lat = cpu_to_le32(chan->local_acc_lat);
432 cp.tx_flow_spec.flush_to = cpu_to_le32(chan->local_flush_to);
433
434 cp.rx_flow_spec.id = chan->remote_id;
435 cp.rx_flow_spec.stype = chan->remote_stype;
436 cp.rx_flow_spec.msdu = cpu_to_le16(chan->remote_msdu);
437 cp.rx_flow_spec.sdu_itime = cpu_to_le32(chan->remote_sdu_itime);
438 cp.rx_flow_spec.acc_lat = cpu_to_le32(chan->remote_acc_lat);
439 cp.rx_flow_spec.flush_to = cpu_to_le32(chan->remote_flush_to);
440
441 if (hcon->out)
442 hci_send_cmd(hdev, HCI_OP_CREATE_LOGICAL_LINK, sizeof(cp),
443 &cp);
444 else
445 hci_send_cmd(hdev, HCI_OP_ACCEPT_LOGICAL_LINK, sizeof(cp),
446 &cp);
447
448done:
449 hci_dev_put(hdev);
450}
451
452void amp_disconnect_logical_link(struct hci_chan *hchan)
453{
454 struct hci_conn *hcon = hchan->conn;
455 struct hci_cp_disconn_logical_link cp;
456
457 if (hcon->state != BT_CONNECTED) {
458 BT_DBG("hchan %p not connected", hchan);
459 return;
460 }
461
462 cp.log_handle = cpu_to_le16(hchan->handle);
463 hci_send_cmd(hcon->hdev, HCI_OP_DISCONN_LOGICAL_LINK, sizeof(cp), &cp);
464}
465
466void amp_destroy_logical_link(struct hci_chan *hchan, u8 reason)
467{
468 BT_DBG("hchan %p", hchan);
469
470 hci_chan_del(hchan);
471}
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 4a6620bc1570..a5b639702637 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -182,8 +182,7 @@ static int bnep_ctrl_set_mcfilter(struct bnep_session *s, u8 *data, int len)
182 a2 = data; 182 a2 = data;
183 data += ETH_ALEN; 183 data += ETH_ALEN;
184 184
185 BT_DBG("mc filter %s -> %s", 185 BT_DBG("mc filter %pMR -> %pMR", a1, a2);
186 batostr((void *) a1), batostr((void *) a2));
187 186
188 /* Iterate from a1 to a2 */ 187 /* Iterate from a1 to a2 */
189 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter); 188 set_bit(bnep_mc_hash(a1), (ulong *) &s->mc_filter);
diff --git a/net/bluetooth/bnep/netdev.c b/net/bluetooth/bnep/netdev.c
index 98f86f91d47c..e58c8b32589c 100644
--- a/net/bluetooth/bnep/netdev.c
+++ b/net/bluetooth/bnep/netdev.c
@@ -25,7 +25,6 @@
25 SOFTWARE IS DISCLAIMED. 25 SOFTWARE IS DISCLAIMED.
26*/ 26*/
27 27
28#include <linux/export.h>
29#include <linux/etherdevice.h> 28#include <linux/etherdevice.h>
30 29
31#include <net/bluetooth/bluetooth.h> 30#include <net/bluetooth/bluetooth.h>
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c
index 50f0d135eb8f..a4a9d4b6816c 100644
--- a/net/bluetooth/cmtp/capi.c
+++ b/net/bluetooth/cmtp/capi.c
@@ -20,7 +20,7 @@
20 SOFTWARE IS DISCLAIMED. 20 SOFTWARE IS DISCLAIMED.
21*/ 21*/
22 22
23#include <linux/module.h> 23#include <linux/export.h>
24#include <linux/proc_fs.h> 24#include <linux/proc_fs.h>
25#include <linux/seq_file.h> 25#include <linux/seq_file.h>
26#include <linux/types.h> 26#include <linux/types.h>
diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c
index 6c9c1fd601ca..e0a6ebf2baa6 100644
--- a/net/bluetooth/cmtp/core.c
+++ b/net/bluetooth/cmtp/core.c
@@ -353,7 +353,7 @@ int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
353 353
354 BT_DBG("mtu %d", session->mtu); 354 BT_DBG("mtu %d", session->mtu);
355 355
356 sprintf(session->name, "%s", batostr(&bt_sk(sock->sk)->dst)); 356 sprintf(session->name, "%pMR", &bt_sk(sock->sk)->dst);
357 357
358 session->sock = sock; 358 session->sock = sock;
359 session->state = BT_CONFIG; 359 session->state = BT_CONFIG;
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index aacb802d1ee4..1c57482112b6 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -20,7 +20,7 @@
20 SOFTWARE IS DISCLAIMED. 20 SOFTWARE IS DISCLAIMED.
21*/ 21*/
22 22
23#include <linux/module.h> 23#include <linux/export.h>
24 24
25#include <linux/types.h> 25#include <linux/types.h>
26#include <linux/capability.h> 26#include <linux/capability.h>
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b9196a44f759..25bfce0666eb 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -130,6 +130,20 @@ void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp); 130 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
131} 131}
132 132
133static void hci_amp_disconn(struct hci_conn *conn, __u8 reason)
134{
135 struct hci_cp_disconn_phy_link cp;
136
137 BT_DBG("hcon %p", conn);
138
139 conn->state = BT_DISCONN;
140
141 cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
142 cp.reason = reason;
143 hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
144 sizeof(cp), &cp);
145}
146
133static void hci_add_sco(struct hci_conn *conn, __u16 handle) 147static void hci_add_sco(struct hci_conn *conn, __u16 handle)
134{ 148{
135 struct hci_dev *hdev = conn->hdev; 149 struct hci_dev *hdev = conn->hdev;
@@ -230,11 +244,24 @@ void hci_sco_setup(struct hci_conn *conn, __u8 status)
230 } 244 }
231} 245}
232 246
247static void hci_conn_disconnect(struct hci_conn *conn)
248{
249 __u8 reason = hci_proto_disconn_ind(conn);
250
251 switch (conn->type) {
252 case ACL_LINK:
253 hci_acl_disconn(conn, reason);
254 break;
255 case AMP_LINK:
256 hci_amp_disconn(conn, reason);
257 break;
258 }
259}
260
233static void hci_conn_timeout(struct work_struct *work) 261static void hci_conn_timeout(struct work_struct *work)
234{ 262{
235 struct hci_conn *conn = container_of(work, struct hci_conn, 263 struct hci_conn *conn = container_of(work, struct hci_conn,
236 disc_work.work); 264 disc_work.work);
237 __u8 reason;
238 265
239 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state)); 266 BT_DBG("hcon %p state %s", conn, state_to_string(conn->state));
240 267
@@ -253,8 +280,7 @@ static void hci_conn_timeout(struct work_struct *work)
253 break; 280 break;
254 case BT_CONFIG: 281 case BT_CONFIG:
255 case BT_CONNECTED: 282 case BT_CONNECTED:
256 reason = hci_proto_disconn_ind(conn); 283 hci_conn_disconnect(conn);
257 hci_acl_disconn(conn, reason);
258 break; 284 break;
259 default: 285 default:
260 conn->state = BT_CLOSED; 286 conn->state = BT_CLOSED;
@@ -320,7 +346,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
320{ 346{
321 struct hci_conn *conn; 347 struct hci_conn *conn;
322 348
323 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 349 BT_DBG("%s dst %pMR", hdev->name, dst);
324 350
325 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL); 351 conn = kzalloc(sizeof(struct hci_conn), GFP_KERNEL);
326 if (!conn) 352 if (!conn)
@@ -437,7 +463,7 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
437 int use_src = bacmp(src, BDADDR_ANY); 463 int use_src = bacmp(src, BDADDR_ANY);
438 struct hci_dev *hdev = NULL, *d; 464 struct hci_dev *hdev = NULL, *d;
439 465
440 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 466 BT_DBG("%pMR -> %pMR", src, dst);
441 467
442 read_lock(&hci_dev_list_lock); 468 read_lock(&hci_dev_list_lock);
443 469
@@ -476,6 +502,9 @@ static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
476{ 502{
477 struct hci_conn *le; 503 struct hci_conn *le;
478 504
505 if (test_bit(HCI_LE_PERIPHERAL, &hdev->flags))
506 return ERR_PTR(-ENOTSUPP);
507
479 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); 508 le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst);
480 if (!le) { 509 if (!le) {
481 le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); 510 le = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
@@ -567,7 +596,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
567struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, 596struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
568 __u8 dst_type, __u8 sec_level, __u8 auth_type) 597 __u8 dst_type, __u8 sec_level, __u8 auth_type)
569{ 598{
570 BT_DBG("%s dst %s type 0x%x", hdev->name, batostr(dst), type); 599 BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
571 600
572 switch (type) { 601 switch (type) {
573 case LE_LINK: 602 case LE_LINK:
@@ -933,6 +962,7 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
933 962
934 chan->conn = conn; 963 chan->conn = conn;
935 skb_queue_head_init(&chan->data_q); 964 skb_queue_head_init(&chan->data_q);
965 chan->state = BT_CONNECTED;
936 966
937 list_add_rcu(&chan->list, &conn->chan_list); 967 list_add_rcu(&chan->list, &conn->chan_list);
938 968
@@ -950,6 +980,8 @@ void hci_chan_del(struct hci_chan *chan)
950 980
951 synchronize_rcu(); 981 synchronize_rcu();
952 982
983 hci_conn_put(conn);
984
953 skb_queue_purge(&chan->data_q); 985 skb_queue_purge(&chan->data_q);
954 kfree(chan); 986 kfree(chan);
955} 987}
@@ -963,3 +995,35 @@ void hci_chan_list_flush(struct hci_conn *conn)
963 list_for_each_entry_safe(chan, n, &conn->chan_list, list) 995 list_for_each_entry_safe(chan, n, &conn->chan_list, list)
964 hci_chan_del(chan); 996 hci_chan_del(chan);
965} 997}
998
999static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon,
1000 __u16 handle)
1001{
1002 struct hci_chan *hchan;
1003
1004 list_for_each_entry(hchan, &hcon->chan_list, list) {
1005 if (hchan->handle == handle)
1006 return hchan;
1007 }
1008
1009 return NULL;
1010}
1011
1012struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle)
1013{
1014 struct hci_conn_hash *h = &hdev->conn_hash;
1015 struct hci_conn *hcon;
1016 struct hci_chan *hchan = NULL;
1017
1018 rcu_read_lock();
1019
1020 list_for_each_entry_rcu(hcon, &h->list, list) {
1021 hchan = __hci_chan_lookup_handle(hcon, handle);
1022 if (hchan)
1023 break;
1024 }
1025
1026 rcu_read_unlock();
1027
1028 return hchan;
1029}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 8de421d28cb5..6a2d0387475c 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -178,48 +178,13 @@ static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
178 178
179static void bredr_init(struct hci_dev *hdev) 179static void bredr_init(struct hci_dev *hdev)
180{ 180{
181 struct hci_cp_delete_stored_link_key cp;
182 __le16 param;
183 __u8 flt_type;
184
185 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED; 181 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
186 182
187 /* Mandatory initialization */
188
189 /* Read Local Supported Features */ 183 /* Read Local Supported Features */
190 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL); 184 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
191 185
192 /* Read Local Version */ 186 /* Read Local Version */
193 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL); 187 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
194
195 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
196 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
197
198 /* Read BD Address */
199 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
200
201 /* Read Class of Device */
202 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
203
204 /* Read Local Name */
205 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
206
207 /* Read Voice Setting */
208 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
209
210 /* Optional initialization */
211
212 /* Clear Event Filters */
213 flt_type = HCI_FLT_CLEAR_ALL;
214 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
215
216 /* Connection accept timeout ~20 secs */
217 param = __constant_cpu_to_le16(0x7d00);
218 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
219
220 bacpy(&cp.bdaddr, BDADDR_ANY);
221 cp.delete_all = 1;
222 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
223} 188}
224 189
225static void amp_init(struct hci_dev *hdev) 190static void amp_init(struct hci_dev *hdev)
@@ -273,14 +238,6 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
273 } 238 }
274} 239}
275 240
276static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
277{
278 BT_DBG("%s", hdev->name);
279
280 /* Read LE buffer size */
281 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
282}
283
284static void hci_scan_req(struct hci_dev *hdev, unsigned long opt) 241static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
285{ 242{
286 __u8 scan = opt; 243 __u8 scan = opt;
@@ -405,7 +362,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
405 struct discovery_state *cache = &hdev->discovery; 362 struct discovery_state *cache = &hdev->discovery;
406 struct inquiry_entry *e; 363 struct inquiry_entry *e;
407 364
408 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 365 BT_DBG("cache %p, %pMR", cache, bdaddr);
409 366
410 list_for_each_entry(e, &cache->all, all) { 367 list_for_each_entry(e, &cache->all, all) {
411 if (!bacmp(&e->data.bdaddr, bdaddr)) 368 if (!bacmp(&e->data.bdaddr, bdaddr))
@@ -421,7 +378,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
421 struct discovery_state *cache = &hdev->discovery; 378 struct discovery_state *cache = &hdev->discovery;
422 struct inquiry_entry *e; 379 struct inquiry_entry *e;
423 380
424 BT_DBG("cache %p, %s", cache, batostr(bdaddr)); 381 BT_DBG("cache %p, %pMR", cache, bdaddr);
425 382
426 list_for_each_entry(e, &cache->unknown, list) { 383 list_for_each_entry(e, &cache->unknown, list) {
427 if (!bacmp(&e->data.bdaddr, bdaddr)) 384 if (!bacmp(&e->data.bdaddr, bdaddr))
@@ -438,7 +395,7 @@ struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
438 struct discovery_state *cache = &hdev->discovery; 395 struct discovery_state *cache = &hdev->discovery;
439 struct inquiry_entry *e; 396 struct inquiry_entry *e;
440 397
441 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state); 398 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
442 399
443 list_for_each_entry(e, &cache->resolve, list) { 400 list_for_each_entry(e, &cache->resolve, list) {
444 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state) 401 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
@@ -475,7 +432,9 @@ bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
475 struct discovery_state *cache = &hdev->discovery; 432 struct discovery_state *cache = &hdev->discovery;
476 struct inquiry_entry *ie; 433 struct inquiry_entry *ie;
477 434
478 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 435 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
436
437 hci_remove_remote_oob_data(hdev, &data->bdaddr);
479 438
480 if (ssp) 439 if (ssp)
481 *ssp = data->ssp_mode; 440 *ssp = data->ssp_mode;
@@ -637,6 +596,99 @@ done:
637 return err; 596 return err;
638} 597}
639 598
599static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
600{
601 u8 ad_len = 0, flags = 0;
602 size_t name_len;
603
604 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
605 flags |= LE_AD_GENERAL;
606
607 if (!lmp_bredr_capable(hdev))
608 flags |= LE_AD_NO_BREDR;
609
610 if (lmp_le_br_capable(hdev))
611 flags |= LE_AD_SIM_LE_BREDR_CTRL;
612
613 if (lmp_host_le_br_capable(hdev))
614 flags |= LE_AD_SIM_LE_BREDR_HOST;
615
616 if (flags) {
617 BT_DBG("adv flags 0x%02x", flags);
618
619 ptr[0] = 2;
620 ptr[1] = EIR_FLAGS;
621 ptr[2] = flags;
622
623 ad_len += 3;
624 ptr += 3;
625 }
626
627 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
628 ptr[0] = 2;
629 ptr[1] = EIR_TX_POWER;
630 ptr[2] = (u8) hdev->adv_tx_power;
631
632 ad_len += 3;
633 ptr += 3;
634 }
635
636 name_len = strlen(hdev->dev_name);
637 if (name_len > 0) {
638 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
639
640 if (name_len > max_len) {
641 name_len = max_len;
642 ptr[1] = EIR_NAME_SHORT;
643 } else
644 ptr[1] = EIR_NAME_COMPLETE;
645
646 ptr[0] = name_len + 1;
647
648 memcpy(ptr + 2, hdev->dev_name, name_len);
649
650 ad_len += (name_len + 2);
651 ptr += (name_len + 2);
652 }
653
654 return ad_len;
655}
656
657int hci_update_ad(struct hci_dev *hdev)
658{
659 struct hci_cp_le_set_adv_data cp;
660 u8 len;
661 int err;
662
663 hci_dev_lock(hdev);
664
665 if (!lmp_le_capable(hdev)) {
666 err = -EINVAL;
667 goto unlock;
668 }
669
670 memset(&cp, 0, sizeof(cp));
671
672 len = create_ad(hdev, cp.data);
673
674 if (hdev->adv_data_len == len &&
675 memcmp(cp.data, hdev->adv_data, len) == 0) {
676 err = 0;
677 goto unlock;
678 }
679
680 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
681 hdev->adv_data_len = len;
682
683 cp.length = len;
684 err = hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
685
686unlock:
687 hci_dev_unlock(hdev);
688
689 return err;
690}
691
640/* ---- HCI ioctl helpers ---- */ 692/* ---- HCI ioctl helpers ---- */
641 693
642int hci_dev_open(__u16 dev) 694int hci_dev_open(__u16 dev)
@@ -687,10 +739,6 @@ int hci_dev_open(__u16 dev)
687 739
688 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT); 740 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
689 741
690 if (lmp_host_le_capable(hdev))
691 ret = __hci_request(hdev, hci_le_init_req, 0,
692 HCI_INIT_TIMEOUT);
693
694 clear_bit(HCI_INIT, &hdev->flags); 742 clear_bit(HCI_INIT, &hdev->flags);
695 } 743 }
696 744
@@ -698,6 +746,7 @@ int hci_dev_open(__u16 dev)
698 hci_dev_hold(hdev); 746 hci_dev_hold(hdev);
699 set_bit(HCI_UP, &hdev->flags); 747 set_bit(HCI_UP, &hdev->flags);
700 hci_notify(hdev, HCI_DEV_UP); 748 hci_notify(hdev, HCI_DEV_UP);
749 hci_update_ad(hdev);
701 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 750 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
702 mgmt_valid_hdev(hdev)) { 751 mgmt_valid_hdev(hdev)) {
703 hci_dev_lock(hdev); 752 hci_dev_lock(hdev);
@@ -812,6 +861,9 @@ static int hci_dev_do_close(struct hci_dev *hdev)
812 /* Clear flags */ 861 /* Clear flags */
813 hdev->flags = 0; 862 hdev->flags = 0;
814 863
864 /* Controller radio is available but is currently powered down */
865 hdev->amp_status = 0;
866
815 memset(hdev->eir, 0, sizeof(hdev->eir)); 867 memset(hdev->eir, 0, sizeof(hdev->eir));
816 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 868 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
817 869
@@ -1039,10 +1091,17 @@ int hci_get_dev_info(void __user *arg)
1039 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4); 1091 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1040 di.flags = hdev->flags; 1092 di.flags = hdev->flags;
1041 di.pkt_type = hdev->pkt_type; 1093 di.pkt_type = hdev->pkt_type;
1042 di.acl_mtu = hdev->acl_mtu; 1094 if (lmp_bredr_capable(hdev)) {
1043 di.acl_pkts = hdev->acl_pkts; 1095 di.acl_mtu = hdev->acl_mtu;
1044 di.sco_mtu = hdev->sco_mtu; 1096 di.acl_pkts = hdev->acl_pkts;
1045 di.sco_pkts = hdev->sco_pkts; 1097 di.sco_mtu = hdev->sco_mtu;
1098 di.sco_pkts = hdev->sco_pkts;
1099 } else {
1100 di.acl_mtu = hdev->le_mtu;
1101 di.acl_pkts = hdev->le_pkts;
1102 di.sco_mtu = 0;
1103 di.sco_pkts = 0;
1104 }
1046 di.link_policy = hdev->link_policy; 1105 di.link_policy = hdev->link_policy;
1047 di.link_mode = hdev->link_mode; 1106 di.link_mode = hdev->link_mode;
1048 1107
@@ -1259,7 +1318,7 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1259 list_add(&key->list, &hdev->link_keys); 1318 list_add(&key->list, &hdev->link_keys);
1260 } 1319 }
1261 1320
1262 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type); 1321 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
1263 1322
1264 /* Some buggy controller combinations generate a changed 1323 /* Some buggy controller combinations generate a changed
1265 * combination key for legacy pairing even when there's no 1324 * combination key for legacy pairing even when there's no
@@ -1338,7 +1397,7 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1338 if (!key) 1397 if (!key)
1339 return -ENOENT; 1398 return -ENOENT;
1340 1399
1341 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1400 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1342 1401
1343 list_del(&key->list); 1402 list_del(&key->list);
1344 kfree(key); 1403 kfree(key);
@@ -1354,7 +1413,7 @@ int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1354 if (bacmp(bdaddr, &k->bdaddr)) 1413 if (bacmp(bdaddr, &k->bdaddr))
1355 continue; 1414 continue;
1356 1415
1357 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1416 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1358 1417
1359 list_del(&k->list); 1418 list_del(&k->list);
1360 kfree(k); 1419 kfree(k);
@@ -1401,7 +1460,7 @@ int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1401 if (!data) 1460 if (!data)
1402 return -ENOENT; 1461 return -ENOENT;
1403 1462
1404 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr)); 1463 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1405 1464
1406 list_del(&data->list); 1465 list_del(&data->list);
1407 kfree(data); 1466 kfree(data);
@@ -1440,7 +1499,7 @@ int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1440 memcpy(data->hash, hash, sizeof(data->hash)); 1499 memcpy(data->hash, hash, sizeof(data->hash));
1441 memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); 1500 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1442 1501
1443 BT_DBG("%s for %s", hdev->name, batostr(bdaddr)); 1502 BT_DBG("%s for %pMR", hdev->name, bdaddr);
1444 1503
1445 return 0; 1504 return 0;
1446} 1505}
@@ -1617,6 +1676,9 @@ int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1617 1676
1618 BT_DBG("%s", hdev->name); 1677 BT_DBG("%s", hdev->name);
1619 1678
1679 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
1680 return -ENOTSUPP;
1681
1620 if (work_busy(&hdev->le_scan)) 1682 if (work_busy(&hdev->le_scan))
1621 return -EINPROGRESS; 1683 return -EINPROGRESS;
1622 1684
@@ -1643,6 +1705,8 @@ struct hci_dev *hci_alloc_dev(void)
1643 hdev->esco_type = (ESCO_HV1); 1705 hdev->esco_type = (ESCO_HV1);
1644 hdev->link_mode = (HCI_LM_ACCEPT); 1706 hdev->link_mode = (HCI_LM_ACCEPT);
1645 hdev->io_capability = 0x03; /* No Input No Output */ 1707 hdev->io_capability = 0x03; /* No Input No Output */
1708 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
1709 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
1646 1710
1647 hdev->sniff_max_interval = 800; 1711 hdev->sniff_max_interval = 800;
1648 hdev->sniff_min_interval = 80; 1712 hdev->sniff_min_interval = 80;
@@ -1754,11 +1818,11 @@ int hci_register_dev(struct hci_dev *hdev)
1754 if (hdev->dev_type != HCI_AMP) 1818 if (hdev->dev_type != HCI_AMP)
1755 set_bit(HCI_AUTO_OFF, &hdev->dev_flags); 1819 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1756 1820
1757 schedule_work(&hdev->power_on);
1758
1759 hci_notify(hdev, HCI_DEV_REG); 1821 hci_notify(hdev, HCI_DEV_REG);
1760 hci_dev_hold(hdev); 1822 hci_dev_hold(hdev);
1761 1823
1824 schedule_work(&hdev->power_on);
1825
1762 return id; 1826 return id;
1763 1827
1764err_wqueue: 1828err_wqueue:
@@ -1793,6 +1857,8 @@ void hci_unregister_dev(struct hci_dev *hdev)
1793 for (i = 0; i < NUM_REASSEMBLY; i++) 1857 for (i = 0; i < NUM_REASSEMBLY; i++)
1794 kfree_skb(hdev->reassembly[i]); 1858 kfree_skb(hdev->reassembly[i]);
1795 1859
1860 cancel_work_sync(&hdev->power_on);
1861
1796 if (!test_bit(HCI_INIT, &hdev->flags) && 1862 if (!test_bit(HCI_INIT, &hdev->flags) &&
1797 !test_bit(HCI_SETUP, &hdev->dev_flags)) { 1863 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1798 hci_dev_lock(hdev); 1864 hci_dev_lock(hdev);
@@ -2153,9 +2219,10 @@ static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2153 hdr->dlen = cpu_to_le16(len); 2219 hdr->dlen = cpu_to_le16(len);
2154} 2220}
2155 2221
2156static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue, 2222static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2157 struct sk_buff *skb, __u16 flags) 2223 struct sk_buff *skb, __u16 flags)
2158{ 2224{
2225 struct hci_conn *conn = chan->conn;
2159 struct hci_dev *hdev = conn->hdev; 2226 struct hci_dev *hdev = conn->hdev;
2160 struct sk_buff *list; 2227 struct sk_buff *list;
2161 2228
@@ -2163,7 +2230,18 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2163 skb->data_len = 0; 2230 skb->data_len = 0;
2164 2231
2165 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 2232 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2166 hci_add_acl_hdr(skb, conn->handle, flags); 2233
2234 switch (hdev->dev_type) {
2235 case HCI_BREDR:
2236 hci_add_acl_hdr(skb, conn->handle, flags);
2237 break;
2238 case HCI_AMP:
2239 hci_add_acl_hdr(skb, chan->handle, flags);
2240 break;
2241 default:
2242 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2243 return;
2244 }
2167 2245
2168 list = skb_shinfo(skb)->frag_list; 2246 list = skb_shinfo(skb)->frag_list;
2169 if (!list) { 2247 if (!list) {
@@ -2202,14 +2280,13 @@ static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2202 2280
2203void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags) 2281void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2204{ 2282{
2205 struct hci_conn *conn = chan->conn; 2283 struct hci_dev *hdev = chan->conn->hdev;
2206 struct hci_dev *hdev = conn->hdev;
2207 2284
2208 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags); 2285 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2209 2286
2210 skb->dev = (void *) hdev; 2287 skb->dev = (void *) hdev;
2211 2288
2212 hci_queue_acl(conn, &chan->data_q, skb, flags); 2289 hci_queue_acl(chan, &chan->data_q, skb, flags);
2213 2290
2214 queue_work(hdev->workqueue, &hdev->tx_work); 2291 queue_work(hdev->workqueue, &hdev->tx_work);
2215} 2292}
@@ -2311,8 +2388,8 @@ static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2311 /* Kill stalled connections */ 2388 /* Kill stalled connections */
2312 list_for_each_entry_rcu(c, &h->list, list) { 2389 list_for_each_entry_rcu(c, &h->list, list) {
2313 if (c->type == type && c->sent) { 2390 if (c->type == type && c->sent) {
2314 BT_ERR("%s killing stalled connection %s", 2391 BT_ERR("%s killing stalled connection %pMR",
2315 hdev->name, batostr(&c->dst)); 2392 hdev->name, &c->dst);
2316 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM); 2393 hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM);
2317 } 2394 }
2318 } 2395 }
@@ -2381,6 +2458,9 @@ static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2381 case ACL_LINK: 2458 case ACL_LINK:
2382 cnt = hdev->acl_cnt; 2459 cnt = hdev->acl_cnt;
2383 break; 2460 break;
2461 case AMP_LINK:
2462 cnt = hdev->block_cnt;
2463 break;
2384 case SCO_LINK: 2464 case SCO_LINK:
2385 case ESCO_LINK: 2465 case ESCO_LINK:
2386 cnt = hdev->sco_cnt; 2466 cnt = hdev->sco_cnt;
@@ -2510,11 +2590,19 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
2510 struct hci_chan *chan; 2590 struct hci_chan *chan;
2511 struct sk_buff *skb; 2591 struct sk_buff *skb;
2512 int quote; 2592 int quote;
2593 u8 type;
2513 2594
2514 __check_timeout(hdev, cnt); 2595 __check_timeout(hdev, cnt);
2515 2596
2597 BT_DBG("%s", hdev->name);
2598
2599 if (hdev->dev_type == HCI_AMP)
2600 type = AMP_LINK;
2601 else
2602 type = ACL_LINK;
2603
2516 while (hdev->block_cnt > 0 && 2604 while (hdev->block_cnt > 0 &&
2517 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) { 2605 (chan = hci_chan_sent(hdev, type, &quote))) {
2518 u32 priority = (skb_peek(&chan->data_q))->priority; 2606 u32 priority = (skb_peek(&chan->data_q))->priority;
2519 while (quote > 0 && (skb = skb_peek(&chan->data_q))) { 2607 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2520 int blocks; 2608 int blocks;
@@ -2547,14 +2635,19 @@ static void hci_sched_acl_blk(struct hci_dev *hdev)
2547 } 2635 }
2548 2636
2549 if (cnt != hdev->block_cnt) 2637 if (cnt != hdev->block_cnt)
2550 hci_prio_recalculate(hdev, ACL_LINK); 2638 hci_prio_recalculate(hdev, type);
2551} 2639}
2552 2640
2553static void hci_sched_acl(struct hci_dev *hdev) 2641static void hci_sched_acl(struct hci_dev *hdev)
2554{ 2642{
2555 BT_DBG("%s", hdev->name); 2643 BT_DBG("%s", hdev->name);
2556 2644
2557 if (!hci_conn_num(hdev, ACL_LINK)) 2645 /* No ACL link over BR/EDR controller */
2646 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
2647 return;
2648
2649 /* No AMP link over AMP controller */
2650 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
2558 return; 2651 return;
2559 2652
2560 switch (hdev->flow_ctl_mode) { 2653 switch (hdev->flow_ctl_mode) {
@@ -2717,14 +2810,6 @@ static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2717 if (conn) { 2810 if (conn) {
2718 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF); 2811 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2719 2812
2720 hci_dev_lock(hdev);
2721 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2722 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2723 mgmt_device_connected(hdev, &conn->dst, conn->type,
2724 conn->dst_type, 0, NULL, 0,
2725 conn->dev_class);
2726 hci_dev_unlock(hdev);
2727
2728 /* Send to upper protocol */ 2813 /* Send to upper protocol */
2729 l2cap_recv_acldata(conn, skb, flags); 2814 l2cap_recv_acldata(conn, skb, flags);
2730 return; 2815 return;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 2022b43c7353..81b44481d0d9 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -24,12 +24,13 @@
24 24
25/* Bluetooth HCI event handling. */ 25/* Bluetooth HCI event handling. */
26 26
27#include <linux/export.h>
28#include <asm/unaligned.h> 27#include <asm/unaligned.h>
29 28
30#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h> 31#include <net/bluetooth/mgmt.h>
32#include <net/bluetooth/a2mp.h>
33#include <net/bluetooth/amp.h>
33 34
34/* Handle HCI Event packets */ 35/* Handle HCI Event packets */
35 36
@@ -201,6 +202,11 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
201 BIT(HCI_PERIODIC_INQ)); 202 BIT(HCI_PERIODIC_INQ));
202 203
203 hdev->discovery.state = DISCOVERY_STOPPED; 204 hdev->discovery.state = DISCOVERY_STOPPED;
205 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
206 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
207
208 memset(hdev->adv_data, 0, sizeof(hdev->adv_data));
209 hdev->adv_data_len = 0;
204} 210}
205 211
206static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb) 212static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -223,6 +229,9 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
223 229
224 hci_dev_unlock(hdev); 230 hci_dev_unlock(hdev);
225 231
232 if (!status && !test_bit(HCI_INIT, &hdev->flags))
233 hci_update_ad(hdev);
234
226 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status); 235 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
227} 236}
228 237
@@ -438,7 +447,7 @@ static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
438static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) 447static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
439{ 448{
440 __u8 status = *((__u8 *) skb->data); 449 __u8 status = *((__u8 *) skb->data);
441 void *sent; 450 struct hci_cp_write_ssp_mode *sent;
442 451
443 BT_DBG("%s status 0x%2.2x", hdev->name, status); 452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
444 453
@@ -446,10 +455,17 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
446 if (!sent) 455 if (!sent)
447 return; 456 return;
448 457
458 if (!status) {
459 if (sent->mode)
460 hdev->host_features[0] |= LMP_HOST_SSP;
461 else
462 hdev->host_features[0] &= ~LMP_HOST_SSP;
463 }
464
449 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 465 if (test_bit(HCI_MGMT, &hdev->dev_flags))
450 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status); 466 mgmt_ssp_enable_complete(hdev, sent->mode, status);
451 else if (!status) { 467 else if (!status) {
452 if (*((u8 *) sent)) 468 if (sent->mode)
453 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 469 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
454 else 470 else
455 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 471 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
@@ -458,10 +474,10 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
458 474
459static u8 hci_get_inquiry_mode(struct hci_dev *hdev) 475static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
460{ 476{
461 if (hdev->features[6] & LMP_EXT_INQ) 477 if (lmp_ext_inq_capable(hdev))
462 return 2; 478 return 2;
463 479
464 if (hdev->features[3] & LMP_RSSI_INQ) 480 if (lmp_inq_rssi_capable(hdev))
465 return 1; 481 return 1;
466 482
467 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 && 483 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
@@ -505,28 +521,30 @@ static void hci_setup_event_mask(struct hci_dev *hdev)
505 if (hdev->hci_ver < BLUETOOTH_VER_1_2) 521 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
506 return; 522 return;
507 523
508 events[4] |= 0x01; /* Flow Specification Complete */ 524 if (lmp_bredr_capable(hdev)) {
509 events[4] |= 0x02; /* Inquiry Result with RSSI */ 525 events[4] |= 0x01; /* Flow Specification Complete */
510 events[4] |= 0x04; /* Read Remote Extended Features Complete */ 526 events[4] |= 0x02; /* Inquiry Result with RSSI */
511 events[5] |= 0x08; /* Synchronous Connection Complete */ 527 events[4] |= 0x04; /* Read Remote Extended Features Complete */
512 events[5] |= 0x10; /* Synchronous Connection Changed */ 528 events[5] |= 0x08; /* Synchronous Connection Complete */
529 events[5] |= 0x10; /* Synchronous Connection Changed */
530 }
513 531
514 if (hdev->features[3] & LMP_RSSI_INQ) 532 if (lmp_inq_rssi_capable(hdev))
515 events[4] |= 0x02; /* Inquiry Result with RSSI */ 533 events[4] |= 0x02; /* Inquiry Result with RSSI */
516 534
517 if (lmp_sniffsubr_capable(hdev)) 535 if (lmp_sniffsubr_capable(hdev))
518 events[5] |= 0x20; /* Sniff Subrating */ 536 events[5] |= 0x20; /* Sniff Subrating */
519 537
520 if (hdev->features[5] & LMP_PAUSE_ENC) 538 if (lmp_pause_enc_capable(hdev))
521 events[5] |= 0x80; /* Encryption Key Refresh Complete */ 539 events[5] |= 0x80; /* Encryption Key Refresh Complete */
522 540
523 if (hdev->features[6] & LMP_EXT_INQ) 541 if (lmp_ext_inq_capable(hdev))
524 events[5] |= 0x40; /* Extended Inquiry Result */ 542 events[5] |= 0x40; /* Extended Inquiry Result */
525 543
526 if (lmp_no_flush_capable(hdev)) 544 if (lmp_no_flush_capable(hdev))
527 events[7] |= 0x01; /* Enhanced Flush Complete */ 545 events[7] |= 0x01; /* Enhanced Flush Complete */
528 546
529 if (hdev->features[7] & LMP_LSTO) 547 if (lmp_lsto_capable(hdev))
530 events[6] |= 0x80; /* Link Supervision Timeout Changed */ 548 events[6] |= 0x80; /* Link Supervision Timeout Changed */
531 549
532 if (lmp_ssp_capable(hdev)) { 550 if (lmp_ssp_capable(hdev)) {
@@ -546,6 +564,53 @@ static void hci_setup_event_mask(struct hci_dev *hdev)
546 events[7] |= 0x20; /* LE Meta-Event */ 564 events[7] |= 0x20; /* LE Meta-Event */
547 565
548 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events); 566 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
567
568 if (lmp_le_capable(hdev)) {
569 memset(events, 0, sizeof(events));
570 events[0] = 0x1f;
571 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
572 sizeof(events), events);
573 }
574}
575
576static void bredr_setup(struct hci_dev *hdev)
577{
578 struct hci_cp_delete_stored_link_key cp;
579 __le16 param;
580 __u8 flt_type;
581
582 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
583 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
584
585 /* Read Class of Device */
586 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
587
588 /* Read Local Name */
589 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
590
591 /* Read Voice Setting */
592 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
593
594 /* Clear Event Filters */
595 flt_type = HCI_FLT_CLEAR_ALL;
596 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
597
598 /* Connection accept timeout ~20 secs */
599 param = __constant_cpu_to_le16(0x7d00);
600 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
601
602 bacpy(&cp.bdaddr, BDADDR_ANY);
603 cp.delete_all = 1;
604 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
605}
606
607static void le_setup(struct hci_dev *hdev)
608{
609 /* Read LE Buffer Size */
610 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
611
612 /* Read LE Advertising Channel TX Power */
613 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
549} 614}
550 615
551static void hci_setup(struct hci_dev *hdev) 616static void hci_setup(struct hci_dev *hdev)
@@ -553,6 +618,15 @@ static void hci_setup(struct hci_dev *hdev)
553 if (hdev->dev_type != HCI_BREDR) 618 if (hdev->dev_type != HCI_BREDR)
554 return; 619 return;
555 620
621 /* Read BD Address */
622 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
623
624 if (lmp_bredr_capable(hdev))
625 bredr_setup(hdev);
626
627 if (lmp_le_capable(hdev))
628 le_setup(hdev);
629
556 hci_setup_event_mask(hdev); 630 hci_setup_event_mask(hdev);
557 631
558 if (hdev->hci_ver > BLUETOOTH_VER_1_1) 632 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
@@ -573,13 +647,13 @@ static void hci_setup(struct hci_dev *hdev)
573 } 647 }
574 } 648 }
575 649
576 if (hdev->features[3] & LMP_RSSI_INQ) 650 if (lmp_inq_rssi_capable(hdev))
577 hci_setup_inquiry_mode(hdev); 651 hci_setup_inquiry_mode(hdev);
578 652
579 if (hdev->features[7] & LMP_INQ_TX_PWR) 653 if (lmp_inq_tx_pwr_capable(hdev))
580 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL); 654 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
581 655
582 if (hdev->features[7] & LMP_EXTFEATURES) { 656 if (lmp_ext_feat_capable(hdev)) {
583 struct hci_cp_read_local_ext_features cp; 657 struct hci_cp_read_local_ext_features cp;
584 658
585 cp.page = 0x01; 659 cp.page = 0x01;
@@ -626,11 +700,11 @@ static void hci_setup_link_policy(struct hci_dev *hdev)
626 700
627 if (lmp_rswitch_capable(hdev)) 701 if (lmp_rswitch_capable(hdev))
628 link_policy |= HCI_LP_RSWITCH; 702 link_policy |= HCI_LP_RSWITCH;
629 if (hdev->features[0] & LMP_HOLD) 703 if (lmp_hold_capable(hdev))
630 link_policy |= HCI_LP_HOLD; 704 link_policy |= HCI_LP_HOLD;
631 if (lmp_sniff_capable(hdev)) 705 if (lmp_sniff_capable(hdev))
632 link_policy |= HCI_LP_SNIFF; 706 link_policy |= HCI_LP_SNIFF;
633 if (hdev->features[1] & LMP_PARK) 707 if (lmp_park_capable(hdev))
634 link_policy |= HCI_LP_PARK; 708 link_policy |= HCI_LP_PARK;
635 709
636 cp.policy = cpu_to_le16(link_policy); 710 cp.policy = cpu_to_le16(link_policy);
@@ -720,10 +794,10 @@ static void hci_set_le_support(struct hci_dev *hdev)
720 794
721 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 795 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
722 cp.le = 1; 796 cp.le = 1;
723 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); 797 cp.simul = lmp_le_br_capable(hdev);
724 } 798 }
725 799
726 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE)) 800 if (cp.le != lmp_host_le_capable(hdev))
727 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), 801 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
728 &cp); 802 &cp);
729} 803}
@@ -846,7 +920,7 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
846 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 920 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
847 921
848 if (rp->status) 922 if (rp->status)
849 return; 923 goto a2mp_rsp;
850 924
851 hdev->amp_status = rp->amp_status; 925 hdev->amp_status = rp->amp_status;
852 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw); 926 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
@@ -860,6 +934,46 @@ static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
860 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to); 934 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
861 935
862 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status); 936 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
937
938a2mp_rsp:
939 a2mp_send_getinfo_rsp(hdev);
940}
941
942static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
943 struct sk_buff *skb)
944{
945 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
946 struct amp_assoc *assoc = &hdev->loc_assoc;
947 size_t rem_len, frag_len;
948
949 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
950
951 if (rp->status)
952 goto a2mp_rsp;
953
954 frag_len = skb->len - sizeof(*rp);
955 rem_len = __le16_to_cpu(rp->rem_len);
956
957 if (rem_len > frag_len) {
958 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
959
960 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
961 assoc->offset += frag_len;
962
963 /* Read other fragments */
964 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
965
966 return;
967 }
968
969 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
970 assoc->len = assoc->offset + rem_len;
971 assoc->offset = 0;
972
973a2mp_rsp:
974 /* Send A2MP Rsp when all fragments are received */
975 a2mp_send_getampassoc_rsp(hdev, rp->status);
976 a2mp_send_create_phy_link_req(hdev, rp->status);
863} 977}
864 978
865static void hci_cc_delete_stored_link_key(struct hci_dev *hdev, 979static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
@@ -976,6 +1090,31 @@ static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
976 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status); 1090 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
977} 1091}
978 1092
1093static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1094 struct sk_buff *skb)
1095{
1096 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1097
1098 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1099
1100 if (!rp->status) {
1101 hdev->adv_tx_power = rp->tx_power;
1102 if (!test_bit(HCI_INIT, &hdev->flags))
1103 hci_update_ad(hdev);
1104 }
1105
1106 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1107}
1108
1109static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1110{
1111 __u8 status = *((__u8 *) skb->data);
1112
1113 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1114
1115 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1116}
1117
979static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb) 1118static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
980{ 1119{
981 struct hci_rp_user_confirm_reply *rp = (void *) skb->data; 1120 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
@@ -1051,6 +1190,33 @@ static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1051 hci_dev_unlock(hdev); 1190 hci_dev_unlock(hdev);
1052} 1191}
1053 1192
1193static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1194{
1195 __u8 *sent, status = *((__u8 *) skb->data);
1196
1197 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1198
1199 sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_ENABLE);
1200 if (!sent)
1201 return;
1202
1203 hci_dev_lock(hdev);
1204
1205 if (!status) {
1206 if (*sent)
1207 set_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1208 else
1209 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1210 }
1211
1212 hci_dev_unlock(hdev);
1213
1214 if (!test_bit(HCI_INIT, &hdev->flags))
1215 hci_update_ad(hdev);
1216
1217 hci_req_complete(hdev, HCI_OP_LE_SET_ADV_ENABLE, status);
1218}
1219
1054static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb) 1220static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1055{ 1221{
1056 __u8 status = *((__u8 *) skb->data); 1222 __u8 status = *((__u8 *) skb->data);
@@ -1165,6 +1331,11 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1165 hdev->host_features[0] |= LMP_HOST_LE; 1331 hdev->host_features[0] |= LMP_HOST_LE;
1166 else 1332 else
1167 hdev->host_features[0] &= ~LMP_HOST_LE; 1333 hdev->host_features[0] &= ~LMP_HOST_LE;
1334
1335 if (sent->simul)
1336 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1337 else
1338 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1168 } 1339 }
1169 1340
1170 if (test_bit(HCI_MGMT, &hdev->dev_flags) && 1341 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
@@ -1174,6 +1345,20 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1174 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status); 1345 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1175} 1346}
1176 1347
1348static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1349 struct sk_buff *skb)
1350{
1351 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1352
1353 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1354 hdev->name, rp->status, rp->phy_handle);
1355
1356 if (rp->status)
1357 return;
1358
1359 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1360}
1361
1177static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) 1362static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1178{ 1363{
1179 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1364 BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -1210,7 +1395,7 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1210 1395
1211 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1396 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1212 1397
1213 BT_DBG("%s bdaddr %s hcon %p", hdev->name, batostr(&cp->bdaddr), conn); 1398 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1214 1399
1215 if (status) { 1400 if (status) {
1216 if (conn && conn->state == BT_CONNECT) { 1401 if (conn && conn->state == BT_CONNECT) {
@@ -1639,8 +1824,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1639 return; 1824 return;
1640 } 1825 }
1641 1826
1642 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&conn->dst), 1827 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1643 conn);
1644 1828
1645 conn->state = BT_CLOSED; 1829 conn->state = BT_CLOSED;
1646 mgmt_connect_failed(hdev, &conn->dst, conn->type, 1830 mgmt_connect_failed(hdev, &conn->dst, conn->type,
@@ -1657,6 +1841,52 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1657 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1841 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1658} 1842}
1659 1843
1844static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1845{
1846 struct hci_cp_create_phy_link *cp;
1847
1848 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1849
1850 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1851 if (!cp)
1852 return;
1853
1854 hci_dev_lock(hdev);
1855
1856 if (status) {
1857 struct hci_conn *hcon;
1858
1859 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1860 if (hcon)
1861 hci_conn_del(hcon);
1862 } else {
1863 amp_write_remote_assoc(hdev, cp->phy_handle);
1864 }
1865
1866 hci_dev_unlock(hdev);
1867}
1868
1869static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1870{
1871 struct hci_cp_accept_phy_link *cp;
1872
1873 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1874
1875 if (status)
1876 return;
1877
1878 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1879 if (!cp)
1880 return;
1881
1882 amp_write_remote_assoc(hdev, cp->phy_handle);
1883}
1884
1885static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1886{
1887 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1888}
1889
1660static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1890static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1661{ 1891{
1662 __u8 status = *((__u8 *) skb->data); 1892 __u8 status = *((__u8 *) skb->data);
@@ -1817,15 +2047,53 @@ unlock:
1817 hci_conn_check_pending(hdev); 2047 hci_conn_check_pending(hdev);
1818} 2048}
1819 2049
2050void hci_conn_accept(struct hci_conn *conn, int mask)
2051{
2052 struct hci_dev *hdev = conn->hdev;
2053
2054 BT_DBG("conn %p", conn);
2055
2056 conn->state = BT_CONFIG;
2057
2058 if (!lmp_esco_capable(hdev)) {
2059 struct hci_cp_accept_conn_req cp;
2060
2061 bacpy(&cp.bdaddr, &conn->dst);
2062
2063 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2064 cp.role = 0x00; /* Become master */
2065 else
2066 cp.role = 0x01; /* Remain slave */
2067
2068 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
2069 } else /* lmp_esco_capable(hdev)) */ {
2070 struct hci_cp_accept_sync_conn_req cp;
2071
2072 bacpy(&cp.bdaddr, &conn->dst);
2073 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2074
2075 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2076 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2077 cp.max_latency = __constant_cpu_to_le16(0xffff);
2078 cp.content_format = cpu_to_le16(hdev->voice_setting);
2079 cp.retrans_effort = 0xff;
2080
2081 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2082 sizeof(cp), &cp);
2083 }
2084}
2085
1820static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2086static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1821{ 2087{
1822 struct hci_ev_conn_request *ev = (void *) skb->data; 2088 struct hci_ev_conn_request *ev = (void *) skb->data;
1823 int mask = hdev->link_mode; 2089 int mask = hdev->link_mode;
2090 __u8 flags = 0;
1824 2091
1825 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr), 2092 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
1826 ev->link_type); 2093 ev->link_type);
1827 2094
1828 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 2095 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type,
2096 &flags);
1829 2097
1830 if ((mask & HCI_LM_ACCEPT) && 2098 if ((mask & HCI_LM_ACCEPT) &&
1831 !hci_blacklist_lookup(hdev, &ev->bdaddr)) { 2099 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
@@ -1851,12 +2119,13 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1851 } 2119 }
1852 2120
1853 memcpy(conn->dev_class, ev->dev_class, 3); 2121 memcpy(conn->dev_class, ev->dev_class, 3);
1854 conn->state = BT_CONNECT;
1855 2122
1856 hci_dev_unlock(hdev); 2123 hci_dev_unlock(hdev);
1857 2124
1858 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 2125 if (ev->link_type == ACL_LINK ||
2126 (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) {
1859 struct hci_cp_accept_conn_req cp; 2127 struct hci_cp_accept_conn_req cp;
2128 conn->state = BT_CONNECT;
1860 2129
1861 bacpy(&cp.bdaddr, &ev->bdaddr); 2130 bacpy(&cp.bdaddr, &ev->bdaddr);
1862 2131
@@ -1867,8 +2136,9 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1867 2136
1868 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), 2137 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1869 &cp); 2138 &cp);
1870 } else { 2139 } else if (!(flags & HCI_PROTO_DEFER)) {
1871 struct hci_cp_accept_sync_conn_req cp; 2140 struct hci_cp_accept_sync_conn_req cp;
2141 conn->state = BT_CONNECT;
1872 2142
1873 bacpy(&cp.bdaddr, &ev->bdaddr); 2143 bacpy(&cp.bdaddr, &ev->bdaddr);
1874 cp.pkt_type = cpu_to_le16(conn->pkt_type); 2144 cp.pkt_type = cpu_to_le16(conn->pkt_type);
@@ -1881,6 +2151,10 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1881 2151
1882 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 2152 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1883 sizeof(cp), &cp); 2153 sizeof(cp), &cp);
2154 } else {
2155 conn->state = BT_CONNECT2;
2156 hci_proto_connect_cfm(conn, 0);
2157 hci_conn_put(conn);
1884 } 2158 }
1885 } else { 2159 } else {
1886 /* Connection rejected */ 2160 /* Connection rejected */
@@ -2314,6 +2588,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2314 hci_cc_read_local_amp_info(hdev, skb); 2588 hci_cc_read_local_amp_info(hdev, skb);
2315 break; 2589 break;
2316 2590
2591 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2592 hci_cc_read_local_amp_assoc(hdev, skb);
2593 break;
2594
2317 case HCI_OP_DELETE_STORED_LINK_KEY: 2595 case HCI_OP_DELETE_STORED_LINK_KEY:
2318 hci_cc_delete_stored_link_key(hdev, skb); 2596 hci_cc_delete_stored_link_key(hdev, skb);
2319 break; 2597 break;
@@ -2350,6 +2628,14 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2350 hci_cc_le_read_buffer_size(hdev, skb); 2628 hci_cc_le_read_buffer_size(hdev, skb);
2351 break; 2629 break;
2352 2630
2631 case HCI_OP_LE_READ_ADV_TX_POWER:
2632 hci_cc_le_read_adv_tx_power(hdev, skb);
2633 break;
2634
2635 case HCI_OP_LE_SET_EVENT_MASK:
2636 hci_cc_le_set_event_mask(hdev, skb);
2637 break;
2638
2353 case HCI_OP_USER_CONFIRM_REPLY: 2639 case HCI_OP_USER_CONFIRM_REPLY:
2354 hci_cc_user_confirm_reply(hdev, skb); 2640 hci_cc_user_confirm_reply(hdev, skb);
2355 break; 2641 break;
@@ -2370,6 +2656,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2370 hci_cc_le_set_scan_param(hdev, skb); 2656 hci_cc_le_set_scan_param(hdev, skb);
2371 break; 2657 break;
2372 2658
2659 case HCI_OP_LE_SET_ADV_ENABLE:
2660 hci_cc_le_set_adv_enable(hdev, skb);
2661 break;
2662
2373 case HCI_OP_LE_SET_SCAN_ENABLE: 2663 case HCI_OP_LE_SET_SCAN_ENABLE:
2374 hci_cc_le_set_scan_enable(hdev, skb); 2664 hci_cc_le_set_scan_enable(hdev, skb);
2375 break; 2665 break;
@@ -2386,6 +2676,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2386 hci_cc_write_le_host_supported(hdev, skb); 2676 hci_cc_write_le_host_supported(hdev, skb);
2387 break; 2677 break;
2388 2678
2679 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2680 hci_cc_write_remote_amp_assoc(hdev, skb);
2681 break;
2682
2389 default: 2683 default:
2390 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2684 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2391 break; 2685 break;
@@ -2394,7 +2688,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2394 if (ev->opcode != HCI_OP_NOP) 2688 if (ev->opcode != HCI_OP_NOP)
2395 del_timer(&hdev->cmd_timer); 2689 del_timer(&hdev->cmd_timer);
2396 2690
2397 if (ev->ncmd) { 2691 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2398 atomic_set(&hdev->cmd_cnt, 1); 2692 atomic_set(&hdev->cmd_cnt, 1);
2399 if (!skb_queue_empty(&hdev->cmd_q)) 2693 if (!skb_queue_empty(&hdev->cmd_q))
2400 queue_work(hdev->workqueue, &hdev->cmd_work); 2694 queue_work(hdev->workqueue, &hdev->cmd_work);
@@ -2467,6 +2761,18 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2467 hci_cs_le_start_enc(hdev, ev->status); 2761 hci_cs_le_start_enc(hdev, ev->status);
2468 break; 2762 break;
2469 2763
2764 case HCI_OP_CREATE_PHY_LINK:
2765 hci_cs_create_phylink(hdev, ev->status);
2766 break;
2767
2768 case HCI_OP_ACCEPT_PHY_LINK:
2769 hci_cs_accept_phylink(hdev, ev->status);
2770 break;
2771
2772 case HCI_OP_CREATE_LOGICAL_LINK:
2773 hci_cs_create_logical_link(hdev, ev->status);
2774 break;
2775
2470 default: 2776 default:
2471 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); 2777 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2472 break; 2778 break;
@@ -2574,6 +2880,27 @@ static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2574 queue_work(hdev->workqueue, &hdev->tx_work); 2880 queue_work(hdev->workqueue, &hdev->tx_work);
2575} 2881}
2576 2882
2883static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2884 __u16 handle)
2885{
2886 struct hci_chan *chan;
2887
2888 switch (hdev->dev_type) {
2889 case HCI_BREDR:
2890 return hci_conn_hash_lookup_handle(hdev, handle);
2891 case HCI_AMP:
2892 chan = hci_chan_lookup_handle(hdev, handle);
2893 if (chan)
2894 return chan->conn;
2895 break;
2896 default:
2897 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2898 break;
2899 }
2900
2901 return NULL;
2902}
2903
2577static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb) 2904static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2578{ 2905{
2579 struct hci_ev_num_comp_blocks *ev = (void *) skb->data; 2906 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
@@ -2595,13 +2922,13 @@ static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 2922
2596 for (i = 0; i < ev->num_hndl; i++) { 2923 for (i = 0; i < ev->num_hndl; i++) {
2597 struct hci_comp_blocks_info *info = &ev->handles[i]; 2924 struct hci_comp_blocks_info *info = &ev->handles[i];
2598 struct hci_conn *conn; 2925 struct hci_conn *conn = NULL;
2599 __u16 handle, block_count; 2926 __u16 handle, block_count;
2600 2927
2601 handle = __le16_to_cpu(info->handle); 2928 handle = __le16_to_cpu(info->handle);
2602 block_count = __le16_to_cpu(info->blocks); 2929 block_count = __le16_to_cpu(info->blocks);
2603 2930
2604 conn = hci_conn_hash_lookup_handle(hdev, handle); 2931 conn = __hci_conn_lookup_handle(hdev, handle);
2605 if (!conn) 2932 if (!conn)
2606 continue; 2933 continue;
2607 2934
@@ -2609,6 +2936,7 @@ static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2609 2936
2610 switch (conn->type) { 2937 switch (conn->type) {
2611 case ACL_LINK: 2938 case ACL_LINK:
2939 case AMP_LINK:
2612 hdev->block_cnt += block_count; 2940 hdev->block_cnt += block_count;
2613 if (hdev->block_cnt > hdev->num_blocks) 2941 if (hdev->block_cnt > hdev->num_blocks)
2614 hdev->block_cnt = hdev->num_blocks; 2942 hdev->block_cnt = hdev->num_blocks;
@@ -2705,13 +3033,13 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2705 3033
2706 key = hci_find_link_key(hdev, &ev->bdaddr); 3034 key = hci_find_link_key(hdev, &ev->bdaddr);
2707 if (!key) { 3035 if (!key) {
2708 BT_DBG("%s link key not found for %s", hdev->name, 3036 BT_DBG("%s link key not found for %pMR", hdev->name,
2709 batostr(&ev->bdaddr)); 3037 &ev->bdaddr);
2710 goto not_found; 3038 goto not_found;
2711 } 3039 }
2712 3040
2713 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 3041 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2714 batostr(&ev->bdaddr)); 3042 &ev->bdaddr);
2715 3043
2716 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) && 3044 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2717 key->type == HCI_LK_DEBUG_COMBINATION) { 3045 key->type == HCI_LK_DEBUG_COMBINATION) {
@@ -3419,6 +3747,130 @@ unlock:
3419 hci_dev_unlock(hdev); 3747 hci_dev_unlock(hdev);
3420} 3748}
3421 3749
3750static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3751 struct sk_buff *skb)
3752{
3753 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3754 struct hci_conn *hcon, *bredr_hcon;
3755
3756 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3757 ev->status);
3758
3759 hci_dev_lock(hdev);
3760
3761 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3762 if (!hcon) {
3763 hci_dev_unlock(hdev);
3764 return;
3765 }
3766
3767 if (ev->status) {
3768 hci_conn_del(hcon);
3769 hci_dev_unlock(hdev);
3770 return;
3771 }
3772
3773 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3774
3775 hcon->state = BT_CONNECTED;
3776 bacpy(&hcon->dst, &bredr_hcon->dst);
3777
3778 hci_conn_hold(hcon);
3779 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3780 hci_conn_put(hcon);
3781
3782 hci_conn_hold_device(hcon);
3783 hci_conn_add_sysfs(hcon);
3784
3785 amp_physical_cfm(bredr_hcon, hcon);
3786
3787 hci_dev_unlock(hdev);
3788}
3789
3790static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3791{
3792 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3793 struct hci_conn *hcon;
3794 struct hci_chan *hchan;
3795 struct amp_mgr *mgr;
3796
3797 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3798 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3799 ev->status);
3800
3801 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3802 if (!hcon)
3803 return;
3804
3805 /* Create AMP hchan */
3806 hchan = hci_chan_create(hcon);
3807 if (!hchan)
3808 return;
3809
3810 hchan->handle = le16_to_cpu(ev->handle);
3811
3812 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3813
3814 mgr = hcon->amp_mgr;
3815 if (mgr && mgr->bredr_chan) {
3816 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3817
3818 l2cap_chan_lock(bredr_chan);
3819
3820 bredr_chan->conn->mtu = hdev->block_mtu;
3821 l2cap_logical_cfm(bredr_chan, hchan, 0);
3822 hci_conn_hold(hcon);
3823
3824 l2cap_chan_unlock(bredr_chan);
3825 }
3826}
3827
3828static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3829 struct sk_buff *skb)
3830{
3831 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3832 struct hci_chan *hchan;
3833
3834 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3835 le16_to_cpu(ev->handle), ev->status);
3836
3837 if (ev->status)
3838 return;
3839
3840 hci_dev_lock(hdev);
3841
3842 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3843 if (!hchan)
3844 goto unlock;
3845
3846 amp_destroy_logical_link(hchan, ev->reason);
3847
3848unlock:
3849 hci_dev_unlock(hdev);
3850}
3851
3852static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3853 struct sk_buff *skb)
3854{
3855 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3856 struct hci_conn *hcon;
3857
3858 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3859
3860 if (ev->status)
3861 return;
3862
3863 hci_dev_lock(hdev);
3864
3865 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3866 if (hcon) {
3867 hcon->state = BT_CLOSED;
3868 hci_conn_del(hcon);
3869 }
3870
3871 hci_dev_unlock(hdev);
3872}
3873
3422static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 3874static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3423{ 3875{
3424 struct hci_ev_le_conn_complete *ev = (void *) skb->data; 3876 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
@@ -3558,6 +4010,22 @@ static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3558 } 4010 }
3559} 4011}
3560 4012
4013static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
4014{
4015 struct hci_ev_channel_selected *ev = (void *) skb->data;
4016 struct hci_conn *hcon;
4017
4018 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
4019
4020 skb_pull(skb, sizeof(*ev));
4021
4022 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
4023 if (!hcon)
4024 return;
4025
4026 amp_read_loc_assoc_final_data(hdev, hcon);
4027}
4028
3561void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) 4029void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3562{ 4030{
3563 struct hci_event_hdr *hdr = (void *) skb->data; 4031 struct hci_event_hdr *hdr = (void *) skb->data;
@@ -3722,10 +4190,30 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3722 hci_le_meta_evt(hdev, skb); 4190 hci_le_meta_evt(hdev, skb);
3723 break; 4191 break;
3724 4192
4193 case HCI_EV_CHANNEL_SELECTED:
4194 hci_chan_selected_evt(hdev, skb);
4195 break;
4196
3725 case HCI_EV_REMOTE_OOB_DATA_REQUEST: 4197 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3726 hci_remote_oob_data_request_evt(hdev, skb); 4198 hci_remote_oob_data_request_evt(hdev, skb);
3727 break; 4199 break;
3728 4200
4201 case HCI_EV_PHY_LINK_COMPLETE:
4202 hci_phy_link_complete_evt(hdev, skb);
4203 break;
4204
4205 case HCI_EV_LOGICAL_LINK_COMPLETE:
4206 hci_loglink_complete_evt(hdev, skb);
4207 break;
4208
4209 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4210 hci_disconn_loglink_complete_evt(hdev, skb);
4211 break;
4212
4213 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4214 hci_disconn_phylink_complete_evt(hdev, skb);
4215 break;
4216
3729 case HCI_EV_NUM_COMP_BLOCKS: 4217 case HCI_EV_NUM_COMP_BLOCKS:
3730 hci_num_comp_blocks_evt(hdev, skb); 4218 hci_num_comp_blocks_evt(hdev, skb);
3731 break; 4219 break;
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index a20e61c3653d..55cceee02a84 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -38,7 +38,7 @@ static ssize_t show_link_address(struct device *dev,
38 struct device_attribute *attr, char *buf) 38 struct device_attribute *attr, char *buf)
39{ 39{
40 struct hci_conn *conn = to_hci_conn(dev); 40 struct hci_conn *conn = to_hci_conn(dev);
41 return sprintf(buf, "%s\n", batostr(&conn->dst)); 41 return sprintf(buf, "%pMR\n", &conn->dst);
42} 42}
43 43
44static ssize_t show_link_features(struct device *dev, 44static ssize_t show_link_features(struct device *dev,
@@ -224,7 +224,7 @@ static ssize_t show_address(struct device *dev,
224 struct device_attribute *attr, char *buf) 224 struct device_attribute *attr, char *buf)
225{ 225{
226 struct hci_dev *hdev = to_hci_dev(dev); 226 struct hci_dev *hdev = to_hci_dev(dev);
227 return sprintf(buf, "%s\n", batostr(&hdev->bdaddr)); 227 return sprintf(buf, "%pMR\n", &hdev->bdaddr);
228} 228}
229 229
230static ssize_t show_features(struct device *dev, 230static ssize_t show_features(struct device *dev,
@@ -406,8 +406,8 @@ static int inquiry_cache_show(struct seq_file *f, void *p)
406 406
407 list_for_each_entry(e, &cache->all, all) { 407 list_for_each_entry(e, &cache->all, all) {
408 struct inquiry_data *data = &e->data; 408 struct inquiry_data *data = &e->data;
409 seq_printf(f, "%s %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n", 409 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
410 batostr(&data->bdaddr), 410 &data->bdaddr,
411 data->pscan_rep_mode, data->pscan_period_mode, 411 data->pscan_rep_mode, data->pscan_period_mode,
412 data->pscan_mode, data->dev_class[2], 412 data->pscan_mode, data->dev_class[2],
413 data->dev_class[1], data->dev_class[0], 413 data->dev_class[1], data->dev_class[0],
@@ -440,7 +440,7 @@ static int blacklist_show(struct seq_file *f, void *p)
440 hci_dev_lock(hdev); 440 hci_dev_lock(hdev);
441 441
442 list_for_each_entry(b, &hdev->blacklist, list) 442 list_for_each_entry(b, &hdev->blacklist, list)
443 seq_printf(f, "%s\n", batostr(&b->bdaddr)); 443 seq_printf(f, "%pMR\n", &b->bdaddr);
444 444
445 hci_dev_unlock(hdev); 445 hci_dev_unlock(hdev);
446 446
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index ccd985da6518..a7352ff3fd1e 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -931,9 +931,13 @@ static int hidp_setup_hid(struct hidp_session *session,
931 hid->version = req->version; 931 hid->version = req->version;
932 hid->country = req->country; 932 hid->country = req->country;
933 933
934 strncpy(hid->name, req->name, 128); 934 strncpy(hid->name, req->name, sizeof(req->name) - 1);
935 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 935
936 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 936 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
937 &bt_sk(session->ctrl_sock->sk)->src);
938
939 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
940 &bt_sk(session->ctrl_sock->sk)->dst);
937 941
938 hid->dev.parent = &session->conn->dev; 942 hid->dev.parent = &session->conn->dev;
939 hid->ll_driver = &hidp_hid_driver; 943 hid->ll_driver = &hidp_hid_driver;
@@ -941,6 +945,13 @@ static int hidp_setup_hid(struct hidp_session *session,
941 hid->hid_get_raw_report = hidp_get_raw_report; 945 hid->hid_get_raw_report = hidp_get_raw_report;
942 hid->hid_output_raw_report = hidp_output_raw_report; 946 hid->hid_output_raw_report = hidp_output_raw_report;
943 947
948 /* True if device is blacklisted in drivers/hid/hid-core.c */
949 if (hid_ignore(hid)) {
950 hid_destroy_device(session->hid);
951 session->hid = NULL;
952 return -ENODEV;
953 }
954
944 return 0; 955 return 0;
945 956
946fault: 957fault:
@@ -1013,7 +1024,7 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
1013 1024
1014 if (req->rd_size > 0) { 1025 if (req->rd_size > 0) {
1015 err = hidp_setup_hid(session, req); 1026 err = hidp_setup_hid(session, req);
1016 if (err) 1027 if (err && err != -ENODEV)
1017 goto purge; 1028 goto purge;
1018 } 1029 }
1019 1030
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index a91239dcda41..22e658322845 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -38,6 +38,7 @@
38#include <net/bluetooth/l2cap.h> 38#include <net/bluetooth/l2cap.h>
39#include <net/bluetooth/smp.h> 39#include <net/bluetooth/smp.h>
40#include <net/bluetooth/a2mp.h> 40#include <net/bluetooth/a2mp.h>
41#include <net/bluetooth/amp.h>
41 42
42bool disable_ertm; 43bool disable_ertm;
43 44
@@ -48,19 +49,19 @@ static LIST_HEAD(chan_list);
48static DEFINE_RWLOCK(chan_list_lock); 49static DEFINE_RWLOCK(chan_list_lock);
49 50
50static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 51static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
51 u8 code, u8 ident, u16 dlen, void *data); 52 u8 code, u8 ident, u16 dlen, void *data);
52static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, 53static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
53 void *data); 54 void *data);
54static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data); 55static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
55static void l2cap_send_disconn_req(struct l2cap_conn *conn, 56static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
56 struct l2cap_chan *chan, int err);
57 57
58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control, 58static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
59 struct sk_buff_head *skbs, u8 event); 59 struct sk_buff_head *skbs, u8 event);
60 60
61/* ---- L2CAP channels ---- */ 61/* ---- L2CAP channels ---- */
62 62
63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) 63static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
64 u16 cid)
64{ 65{
65 struct l2cap_chan *c; 66 struct l2cap_chan *c;
66 67
@@ -71,7 +72,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16
71 return NULL; 72 return NULL;
72} 73}
73 74
74static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 75static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn,
76 u16 cid)
75{ 77{
76 struct l2cap_chan *c; 78 struct l2cap_chan *c;
77 79
@@ -84,7 +86,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16
84 86
85/* Find channel with given SCID. 87/* Find channel with given SCID.
86 * Returns locked channel. */ 88 * Returns locked channel. */
87static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) 89static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn,
90 u16 cid)
88{ 91{
89 struct l2cap_chan *c; 92 struct l2cap_chan *c;
90 93
@@ -97,7 +100,25 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 ci
97 return c; 100 return c;
98} 101}
99 102
100static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident) 103/* Find channel with given DCID.
104 * Returns locked channel.
105 */
106static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
107 u16 cid)
108{
109 struct l2cap_chan *c;
110
111 mutex_lock(&conn->chan_lock);
112 c = __l2cap_get_chan_by_dcid(conn, cid);
113 if (c)
114 l2cap_chan_lock(c);
115 mutex_unlock(&conn->chan_lock);
116
117 return c;
118}
119
120static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn,
121 u8 ident)
101{ 122{
102 struct l2cap_chan *c; 123 struct l2cap_chan *c;
103 124
@@ -108,6 +129,20 @@ static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8
108 return NULL; 129 return NULL;
109} 130}
110 131
132static struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn,
133 u8 ident)
134{
135 struct l2cap_chan *c;
136
137 mutex_lock(&conn->chan_lock);
138 c = __l2cap_get_chan_by_ident(conn, ident);
139 if (c)
140 l2cap_chan_lock(c);
141 mutex_unlock(&conn->chan_lock);
142
143 return c;
144}
145
111static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src) 146static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
112{ 147{
113 struct l2cap_chan *c; 148 struct l2cap_chan *c;
@@ -178,7 +213,7 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
178static void __l2cap_state_change(struct l2cap_chan *chan, int state) 213static void __l2cap_state_change(struct l2cap_chan *chan, int state)
179{ 214{
180 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state), 215 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
181 state_to_string(state)); 216 state_to_string(state));
182 217
183 chan->state = state; 218 chan->state = state;
184 chan->ops->state_change(chan, state); 219 chan->ops->state_change(chan, state);
@@ -361,7 +396,7 @@ static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
361static void l2cap_chan_timeout(struct work_struct *work) 396static void l2cap_chan_timeout(struct work_struct *work)
362{ 397{
363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan, 398 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work); 399 chan_timer.work);
365 struct l2cap_conn *conn = chan->conn; 400 struct l2cap_conn *conn = chan->conn;
366 int reason; 401 int reason;
367 402
@@ -373,7 +408,7 @@ static void l2cap_chan_timeout(struct work_struct *work)
373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) 408 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
374 reason = ECONNREFUSED; 409 reason = ECONNREFUSED;
375 else if (chan->state == BT_CONNECT && 410 else if (chan->state == BT_CONNECT &&
376 chan->sec_level != BT_SECURITY_SDP) 411 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED; 412 reason = ECONNREFUSED;
378 else 413 else
379 reason = ETIMEDOUT; 414 reason = ETIMEDOUT;
@@ -455,7 +490,7 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
455 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 490 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
456} 491}
457 492
458static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 493void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
459{ 494{
460 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 495 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
461 __le16_to_cpu(chan->psm), chan->dcid); 496 __le16_to_cpu(chan->psm), chan->dcid);
@@ -504,7 +539,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
504 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE; 539 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
505 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME; 540 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
506 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT; 541 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
507 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO; 542 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO;
508 543
509 l2cap_chan_hold(chan); 544 l2cap_chan_hold(chan);
510 545
@@ -527,6 +562,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
527 BT_DBG("chan %p, conn %p, err %d", chan, conn, err); 562 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
528 563
529 if (conn) { 564 if (conn) {
565 struct amp_mgr *mgr = conn->hcon->amp_mgr;
530 /* Delete from channel list */ 566 /* Delete from channel list */
531 list_del(&chan->list); 567 list_del(&chan->list);
532 568
@@ -536,10 +572,19 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
536 572
537 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) 573 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP)
538 hci_conn_put(conn->hcon); 574 hci_conn_put(conn->hcon);
575
576 if (mgr && mgr->bredr_chan == chan)
577 mgr->bredr_chan = NULL;
539 } 578 }
540 579
541 if (chan->ops->teardown) 580 if (chan->hs_hchan) {
542 chan->ops->teardown(chan, err); 581 struct hci_chan *hs_hchan = chan->hs_hchan;
582
583 BT_DBG("chan %p disconnect hs_hchan %p", chan, hs_hchan);
584 amp_disconnect_logical_link(hs_hchan);
585 }
586
587 chan->ops->teardown(chan, err);
543 588
544 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state)) 589 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
545 return; 590 return;
@@ -573,28 +618,27 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
573 struct l2cap_conn *conn = chan->conn; 618 struct l2cap_conn *conn = chan->conn;
574 struct sock *sk = chan->sk; 619 struct sock *sk = chan->sk;
575 620
576 BT_DBG("chan %p state %s sk %p", chan, 621 BT_DBG("chan %p state %s sk %p", chan, state_to_string(chan->state),
577 state_to_string(chan->state), sk); 622 sk);
578 623
579 switch (chan->state) { 624 switch (chan->state) {
580 case BT_LISTEN: 625 case BT_LISTEN:
581 if (chan->ops->teardown) 626 chan->ops->teardown(chan, 0);
582 chan->ops->teardown(chan, 0);
583 break; 627 break;
584 628
585 case BT_CONNECTED: 629 case BT_CONNECTED:
586 case BT_CONFIG: 630 case BT_CONFIG:
587 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 631 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
588 conn->hcon->type == ACL_LINK) { 632 conn->hcon->type == ACL_LINK) {
589 __set_chan_timer(chan, sk->sk_sndtimeo); 633 __set_chan_timer(chan, sk->sk_sndtimeo);
590 l2cap_send_disconn_req(conn, chan, reason); 634 l2cap_send_disconn_req(chan, reason);
591 } else 635 } else
592 l2cap_chan_del(chan, reason); 636 l2cap_chan_del(chan, reason);
593 break; 637 break;
594 638
595 case BT_CONNECT2: 639 case BT_CONNECT2:
596 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 640 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
597 conn->hcon->type == ACL_LINK) { 641 conn->hcon->type == ACL_LINK) {
598 struct l2cap_conn_rsp rsp; 642 struct l2cap_conn_rsp rsp;
599 __u16 result; 643 __u16 result;
600 644
@@ -609,7 +653,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
609 rsp.result = cpu_to_le16(result); 653 rsp.result = cpu_to_le16(result);
610 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 654 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
611 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 655 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
612 sizeof(rsp), &rsp); 656 sizeof(rsp), &rsp);
613 } 657 }
614 658
615 l2cap_chan_del(chan, reason); 659 l2cap_chan_del(chan, reason);
@@ -621,8 +665,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
621 break; 665 break;
622 666
623 default: 667 default:
624 if (chan->ops->teardown) 668 chan->ops->teardown(chan, 0);
625 chan->ops->teardown(chan, 0);
626 break; 669 break;
627 } 670 }
628} 671}
@@ -691,7 +734,8 @@ static u8 l2cap_get_ident(struct l2cap_conn *conn)
691 return id; 734 return id;
692} 735}
693 736
694static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) 737static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
738 void *data)
695{ 739{
696 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); 740 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
697 u8 flags; 741 u8 flags;
@@ -712,16 +756,31 @@ static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
712 hci_send_acl(conn->hchan, skb, flags); 756 hci_send_acl(conn->hchan, skb, flags);
713} 757}
714 758
759static bool __chan_is_moving(struct l2cap_chan *chan)
760{
761 return chan->move_state != L2CAP_MOVE_STABLE &&
762 chan->move_state != L2CAP_MOVE_WAIT_PREPARE;
763}
764
715static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb) 765static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
716{ 766{
717 struct hci_conn *hcon = chan->conn->hcon; 767 struct hci_conn *hcon = chan->conn->hcon;
718 u16 flags; 768 u16 flags;
719 769
720 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len, 770 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
721 skb->priority); 771 skb->priority);
772
773 if (chan->hs_hcon && !__chan_is_moving(chan)) {
774 if (chan->hs_hchan)
775 hci_send_acl(chan->hs_hchan, skb, ACL_COMPLETE);
776 else
777 kfree_skb(skb);
778
779 return;
780 }
722 781
723 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) && 782 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
724 lmp_no_flush_capable(hcon->hdev)) 783 lmp_no_flush_capable(hcon->hdev))
725 flags = ACL_START_NO_FLUSH; 784 flags = ACL_START_NO_FLUSH;
726 else 785 else
727 flags = ACL_START; 786 flags = ACL_START;
@@ -895,6 +954,9 @@ static void l2cap_send_sframe(struct l2cap_chan *chan,
895 if (!control->sframe) 954 if (!control->sframe)
896 return; 955 return;
897 956
957 if (__chan_is_moving(chan))
958 return;
959
898 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) && 960 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) &&
899 !control->poll) 961 !control->poll)
900 control->final = 1; 962 control->final = 1;
@@ -946,7 +1008,26 @@ static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
946 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); 1008 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
947} 1009}
948 1010
949static void l2cap_send_conn_req(struct l2cap_chan *chan) 1011static bool __amp_capable(struct l2cap_chan *chan)
1012{
1013 struct l2cap_conn *conn = chan->conn;
1014
1015 if (enable_hs &&
1016 hci_amp_capable() &&
1017 chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED &&
1018 conn->fixed_chan_mask & L2CAP_FC_A2MP)
1019 return true;
1020 else
1021 return false;
1022}
1023
1024static bool l2cap_check_efs(struct l2cap_chan *chan)
1025{
1026 /* Check EFS parameters */
1027 return true;
1028}
1029
1030void l2cap_send_conn_req(struct l2cap_chan *chan)
950{ 1031{
951 struct l2cap_conn *conn = chan->conn; 1032 struct l2cap_conn *conn = chan->conn;
952 struct l2cap_conn_req req; 1033 struct l2cap_conn_req req;
@@ -961,6 +1042,76 @@ static void l2cap_send_conn_req(struct l2cap_chan *chan)
961 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req); 1042 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
962} 1043}
963 1044
1045static void l2cap_send_create_chan_req(struct l2cap_chan *chan, u8 amp_id)
1046{
1047 struct l2cap_create_chan_req req;
1048 req.scid = cpu_to_le16(chan->scid);
1049 req.psm = chan->psm;
1050 req.amp_id = amp_id;
1051
1052 chan->ident = l2cap_get_ident(chan->conn);
1053
1054 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_REQ,
1055 sizeof(req), &req);
1056}
1057
1058static void l2cap_move_setup(struct l2cap_chan *chan)
1059{
1060 struct sk_buff *skb;
1061
1062 BT_DBG("chan %p", chan);
1063
1064 if (chan->mode != L2CAP_MODE_ERTM)
1065 return;
1066
1067 __clear_retrans_timer(chan);
1068 __clear_monitor_timer(chan);
1069 __clear_ack_timer(chan);
1070
1071 chan->retry_count = 0;
1072 skb_queue_walk(&chan->tx_q, skb) {
1073 if (bt_cb(skb)->control.retries)
1074 bt_cb(skb)->control.retries = 1;
1075 else
1076 break;
1077 }
1078
1079 chan->expected_tx_seq = chan->buffer_seq;
1080
1081 clear_bit(CONN_REJ_ACT, &chan->conn_state);
1082 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
1083 l2cap_seq_list_clear(&chan->retrans_list);
1084 l2cap_seq_list_clear(&chan->srej_list);
1085 skb_queue_purge(&chan->srej_q);
1086
1087 chan->tx_state = L2CAP_TX_STATE_XMIT;
1088 chan->rx_state = L2CAP_RX_STATE_MOVE;
1089
1090 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
1091}
1092
1093static void l2cap_move_done(struct l2cap_chan *chan)
1094{
1095 u8 move_role = chan->move_role;
1096 BT_DBG("chan %p", chan);
1097
1098 chan->move_state = L2CAP_MOVE_STABLE;
1099 chan->move_role = L2CAP_MOVE_ROLE_NONE;
1100
1101 if (chan->mode != L2CAP_MODE_ERTM)
1102 return;
1103
1104 switch (move_role) {
1105 case L2CAP_MOVE_ROLE_INITIATOR:
1106 l2cap_tx(chan, NULL, NULL, L2CAP_EV_EXPLICIT_POLL);
1107 chan->rx_state = L2CAP_RX_STATE_WAIT_F;
1108 break;
1109 case L2CAP_MOVE_ROLE_RESPONDER:
1110 chan->rx_state = L2CAP_RX_STATE_WAIT_P;
1111 break;
1112 }
1113}
1114
964static void l2cap_chan_ready(struct l2cap_chan *chan) 1115static void l2cap_chan_ready(struct l2cap_chan *chan)
965{ 1116{
966 /* This clears all conf flags, including CONF_NOT_COMPLETE */ 1117 /* This clears all conf flags, including CONF_NOT_COMPLETE */
@@ -972,6 +1123,16 @@ static void l2cap_chan_ready(struct l2cap_chan *chan)
972 chan->ops->ready(chan); 1123 chan->ops->ready(chan);
973} 1124}
974 1125
1126static void l2cap_start_connection(struct l2cap_chan *chan)
1127{
1128 if (__amp_capable(chan)) {
1129 BT_DBG("chan %p AMP capable: discover AMPs", chan);
1130 a2mp_discover_amp(chan);
1131 } else {
1132 l2cap_send_conn_req(chan);
1133 }
1134}
1135
975static void l2cap_do_start(struct l2cap_chan *chan) 1136static void l2cap_do_start(struct l2cap_chan *chan)
976{ 1137{
977 struct l2cap_conn *conn = chan->conn; 1138 struct l2cap_conn *conn = chan->conn;
@@ -986,8 +1147,9 @@ static void l2cap_do_start(struct l2cap_chan *chan)
986 return; 1147 return;
987 1148
988 if (l2cap_chan_check_security(chan) && 1149 if (l2cap_chan_check_security(chan) &&
989 __l2cap_no_conn_pending(chan)) 1150 __l2cap_no_conn_pending(chan)) {
990 l2cap_send_conn_req(chan); 1151 l2cap_start_connection(chan);
1152 }
991 } else { 1153 } else {
992 struct l2cap_info_req req; 1154 struct l2cap_info_req req;
993 req.type = __constant_cpu_to_le16(L2CAP_IT_FEAT_MASK); 1155 req.type = __constant_cpu_to_le16(L2CAP_IT_FEAT_MASK);
@@ -997,8 +1159,8 @@ static void l2cap_do_start(struct l2cap_chan *chan)
997 1159
998 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); 1160 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
999 1161
1000 l2cap_send_cmd(conn, conn->info_ident, 1162 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
1001 L2CAP_INFO_REQ, sizeof(req), &req); 1163 sizeof(req), &req);
1002 } 1164 }
1003} 1165}
1004 1166
@@ -1018,9 +1180,10 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
1018 } 1180 }
1019} 1181}
1020 1182
1021static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err) 1183static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err)
1022{ 1184{
1023 struct sock *sk = chan->sk; 1185 struct sock *sk = chan->sk;
1186 struct l2cap_conn *conn = chan->conn;
1024 struct l2cap_disconn_req req; 1187 struct l2cap_disconn_req req;
1025 1188
1026 if (!conn) 1189 if (!conn)
@@ -1033,14 +1196,14 @@ static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *c
1033 } 1196 }
1034 1197
1035 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) { 1198 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) {
1036 __l2cap_state_change(chan, BT_DISCONN); 1199 l2cap_state_change(chan, BT_DISCONN);
1037 return; 1200 return;
1038 } 1201 }
1039 1202
1040 req.dcid = cpu_to_le16(chan->dcid); 1203 req.dcid = cpu_to_le16(chan->dcid);
1041 req.scid = cpu_to_le16(chan->scid); 1204 req.scid = cpu_to_le16(chan->scid);
1042 l2cap_send_cmd(conn, l2cap_get_ident(conn), 1205 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_DISCONN_REQ,
1043 L2CAP_DISCONN_REQ, sizeof(req), &req); 1206 sizeof(req), &req);
1044 1207
1045 lock_sock(sk); 1208 lock_sock(sk);
1046 __l2cap_state_change(chan, BT_DISCONN); 1209 __l2cap_state_change(chan, BT_DISCONN);
@@ -1069,20 +1232,20 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1069 1232
1070 if (chan->state == BT_CONNECT) { 1233 if (chan->state == BT_CONNECT) {
1071 if (!l2cap_chan_check_security(chan) || 1234 if (!l2cap_chan_check_security(chan) ||
1072 !__l2cap_no_conn_pending(chan)) { 1235 !__l2cap_no_conn_pending(chan)) {
1073 l2cap_chan_unlock(chan); 1236 l2cap_chan_unlock(chan);
1074 continue; 1237 continue;
1075 } 1238 }
1076 1239
1077 if (!l2cap_mode_supported(chan->mode, conn->feat_mask) 1240 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1078 && test_bit(CONF_STATE2_DEVICE, 1241 && test_bit(CONF_STATE2_DEVICE,
1079 &chan->conf_state)) { 1242 &chan->conf_state)) {
1080 l2cap_chan_close(chan, ECONNRESET); 1243 l2cap_chan_close(chan, ECONNRESET);
1081 l2cap_chan_unlock(chan); 1244 l2cap_chan_unlock(chan);
1082 continue; 1245 continue;
1083 } 1246 }
1084 1247
1085 l2cap_send_conn_req(chan); 1248 l2cap_start_connection(chan);
1086 1249
1087 } else if (chan->state == BT_CONNECT2) { 1250 } else if (chan->state == BT_CONNECT2) {
1088 struct l2cap_conn_rsp rsp; 1251 struct l2cap_conn_rsp rsp;
@@ -1094,11 +1257,9 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1094 lock_sock(sk); 1257 lock_sock(sk);
1095 if (test_bit(BT_SK_DEFER_SETUP, 1258 if (test_bit(BT_SK_DEFER_SETUP,
1096 &bt_sk(sk)->flags)) { 1259 &bt_sk(sk)->flags)) {
1097 struct sock *parent = bt_sk(sk)->parent;
1098 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND); 1260 rsp.result = __constant_cpu_to_le16(L2CAP_CR_PEND);
1099 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND); 1261 rsp.status = __constant_cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
1100 if (parent) 1262 chan->ops->defer(chan);
1101 parent->sk_data_ready(parent, 0);
1102 1263
1103 } else { 1264 } else {
1104 __l2cap_state_change(chan, BT_CONFIG); 1265 __l2cap_state_change(chan, BT_CONFIG);
@@ -1112,17 +1273,17 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
1112 } 1273 }
1113 1274
1114 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 1275 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1115 sizeof(rsp), &rsp); 1276 sizeof(rsp), &rsp);
1116 1277
1117 if (test_bit(CONF_REQ_SENT, &chan->conf_state) || 1278 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
1118 rsp.result != L2CAP_CR_SUCCESS) { 1279 rsp.result != L2CAP_CR_SUCCESS) {
1119 l2cap_chan_unlock(chan); 1280 l2cap_chan_unlock(chan);
1120 continue; 1281 continue;
1121 } 1282 }
1122 1283
1123 set_bit(CONF_REQ_SENT, &chan->conf_state); 1284 set_bit(CONF_REQ_SENT, &chan->conf_state);
1124 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 1285 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1125 l2cap_build_conf_req(chan, buf), buf); 1286 l2cap_build_conf_req(chan, buf), buf);
1126 chan->num_conf_req++; 1287 chan->num_conf_req++;
1127 } 1288 }
1128 1289
@@ -1204,8 +1365,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1204 bacpy(&bt_sk(sk)->src, conn->src); 1365 bacpy(&bt_sk(sk)->src, conn->src);
1205 bacpy(&bt_sk(sk)->dst, conn->dst); 1366 bacpy(&bt_sk(sk)->dst, conn->dst);
1206 1367
1207 bt_accept_enqueue(parent, sk);
1208
1209 l2cap_chan_add(conn, chan); 1368 l2cap_chan_add(conn, chan);
1210 1369
1211 l2cap_chan_ready(chan); 1370 l2cap_chan_ready(chan);
@@ -1270,7 +1429,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1270 1429
1271 list_for_each_entry(chan, &conn->chan_l, list) { 1430 list_for_each_entry(chan, &conn->chan_l, list) {
1272 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) 1431 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
1273 __l2cap_chan_set_err(chan, err); 1432 l2cap_chan_set_err(chan, err);
1274 } 1433 }
1275 1434
1276 mutex_unlock(&conn->chan_lock); 1435 mutex_unlock(&conn->chan_lock);
@@ -1279,7 +1438,7 @@ static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1279static void l2cap_info_timeout(struct work_struct *work) 1438static void l2cap_info_timeout(struct work_struct *work)
1280{ 1439{
1281 struct l2cap_conn *conn = container_of(work, struct l2cap_conn, 1440 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1282 info_timer.work); 1441 info_timer.work);
1283 1442
1284 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 1443 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
1285 conn->info_ident = 0; 1444 conn->info_ident = 0;
@@ -1333,7 +1492,7 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1333static void security_timeout(struct work_struct *work) 1492static void security_timeout(struct work_struct *work)
1334{ 1493{
1335 struct l2cap_conn *conn = container_of(work, struct l2cap_conn, 1494 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1336 security_timer.work); 1495 security_timer.work);
1337 1496
1338 BT_DBG("conn %p", conn); 1497 BT_DBG("conn %p", conn);
1339 1498
@@ -1355,7 +1514,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1355 if (!hchan) 1514 if (!hchan)
1356 return NULL; 1515 return NULL;
1357 1516
1358 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC); 1517 conn = kzalloc(sizeof(struct l2cap_conn), GFP_KERNEL);
1359 if (!conn) { 1518 if (!conn) {
1360 hci_chan_del(hchan); 1519 hci_chan_del(hchan);
1361 return NULL; 1520 return NULL;
@@ -1367,10 +1526,22 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1367 1526
1368 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); 1527 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
1369 1528
1370 if (hcon->hdev->le_mtu && hcon->type == LE_LINK) 1529 switch (hcon->type) {
1371 conn->mtu = hcon->hdev->le_mtu; 1530 case AMP_LINK:
1372 else 1531 conn->mtu = hcon->hdev->block_mtu;
1532 break;
1533
1534 case LE_LINK:
1535 if (hcon->hdev->le_mtu) {
1536 conn->mtu = hcon->hdev->le_mtu;
1537 break;
1538 }
1539 /* fall through */
1540
1541 default:
1373 conn->mtu = hcon->hdev->acl_mtu; 1542 conn->mtu = hcon->hdev->acl_mtu;
1543 break;
1544 }
1374 1545
1375 conn->src = &hcon->hdev->bdaddr; 1546 conn->src = &hcon->hdev->bdaddr;
1376 conn->dst = &hcon->dst; 1547 conn->dst = &hcon->dst;
@@ -1448,7 +1619,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1448 __u8 auth_type; 1619 __u8 auth_type;
1449 int err; 1620 int err;
1450 1621
1451 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst), 1622 BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", src, dst,
1452 dst_type, __le16_to_cpu(psm)); 1623 dst_type, __le16_to_cpu(psm));
1453 1624
1454 hdev = hci_get_route(dst, src); 1625 hdev = hci_get_route(dst, src);
@@ -1461,7 +1632,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1461 1632
1462 /* PSM must be odd and lsb of upper byte must be 0 */ 1633 /* PSM must be odd and lsb of upper byte must be 0 */
1463 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid && 1634 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1464 chan->chan_type != L2CAP_CHAN_RAW) { 1635 chan->chan_type != L2CAP_CHAN_RAW) {
1465 err = -EINVAL; 1636 err = -EINVAL;
1466 goto done; 1637 goto done;
1467 } 1638 }
@@ -1657,6 +1828,9 @@ static void l2cap_streaming_send(struct l2cap_chan *chan,
1657 1828
1658 BT_DBG("chan %p, skbs %p", chan, skbs); 1829 BT_DBG("chan %p, skbs %p", chan, skbs);
1659 1830
1831 if (__chan_is_moving(chan))
1832 return;
1833
1660 skb_queue_splice_tail_init(skbs, &chan->tx_q); 1834 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1661 1835
1662 while (!skb_queue_empty(&chan->tx_q)) { 1836 while (!skb_queue_empty(&chan->tx_q)) {
@@ -1699,6 +1873,9 @@ static int l2cap_ertm_send(struct l2cap_chan *chan)
1699 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) 1873 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1700 return 0; 1874 return 0;
1701 1875
1876 if (__chan_is_moving(chan))
1877 return 0;
1878
1702 while (chan->tx_send_head && 1879 while (chan->tx_send_head &&
1703 chan->unacked_frames < chan->remote_tx_win && 1880 chan->unacked_frames < chan->remote_tx_win &&
1704 chan->tx_state == L2CAP_TX_STATE_XMIT) { 1881 chan->tx_state == L2CAP_TX_STATE_XMIT) {
@@ -1764,13 +1941,16 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1764 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) 1941 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1765 return; 1942 return;
1766 1943
1944 if (__chan_is_moving(chan))
1945 return;
1946
1767 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) { 1947 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) {
1768 seq = l2cap_seq_list_pop(&chan->retrans_list); 1948 seq = l2cap_seq_list_pop(&chan->retrans_list);
1769 1949
1770 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq); 1950 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
1771 if (!skb) { 1951 if (!skb) {
1772 BT_DBG("Error: Can't retransmit seq %d, frame missing", 1952 BT_DBG("Error: Can't retransmit seq %d, frame missing",
1773 seq); 1953 seq);
1774 continue; 1954 continue;
1775 } 1955 }
1776 1956
@@ -1780,7 +1960,7 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1780 if (chan->max_tx != 0 && 1960 if (chan->max_tx != 0 &&
1781 bt_cb(skb)->control.retries > chan->max_tx) { 1961 bt_cb(skb)->control.retries > chan->max_tx) {
1782 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); 1962 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
1783 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 1963 l2cap_send_disconn_req(chan, ECONNRESET);
1784 l2cap_seq_list_clear(&chan->retrans_list); 1964 l2cap_seq_list_clear(&chan->retrans_list);
1785 break; 1965 break;
1786 } 1966 }
@@ -1795,9 +1975,9 @@ static void l2cap_ertm_resend(struct l2cap_chan *chan)
1795 /* Cloned sk_buffs are read-only, so we need a 1975 /* Cloned sk_buffs are read-only, so we need a
1796 * writeable copy 1976 * writeable copy
1797 */ 1977 */
1798 tx_skb = skb_copy(skb, GFP_ATOMIC); 1978 tx_skb = skb_copy(skb, GFP_KERNEL);
1799 } else { 1979 } else {
1800 tx_skb = skb_clone(skb, GFP_ATOMIC); 1980 tx_skb = skb_clone(skb, GFP_KERNEL);
1801 } 1981 }
1802 1982
1803 if (!tx_skb) { 1983 if (!tx_skb) {
@@ -1855,7 +2035,7 @@ static void l2cap_retransmit_all(struct l2cap_chan *chan,
1855 if (chan->unacked_frames) { 2035 if (chan->unacked_frames) {
1856 skb_queue_walk(&chan->tx_q, skb) { 2036 skb_queue_walk(&chan->tx_q, skb) {
1857 if (bt_cb(skb)->control.txseq == control->reqseq || 2037 if (bt_cb(skb)->control.txseq == control->reqseq ||
1858 skb == chan->tx_send_head) 2038 skb == chan->tx_send_head)
1859 break; 2039 break;
1860 } 2040 }
1861 2041
@@ -2106,7 +2286,9 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2106 /* PDU size is derived from the HCI MTU */ 2286 /* PDU size is derived from the HCI MTU */
2107 pdu_len = chan->conn->mtu; 2287 pdu_len = chan->conn->mtu;
2108 2288
2109 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD); 2289 /* Constrain PDU size for BR/EDR connections */
2290 if (!chan->hs_hcon)
2291 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD);
2110 2292
2111 /* Adjust for largest possible L2CAP overhead. */ 2293 /* Adjust for largest possible L2CAP overhead. */
2112 if (chan->fcs) 2294 if (chan->fcs)
@@ -2156,7 +2338,7 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2156} 2338}
2157 2339
2158int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, 2340int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2159 u32 priority) 2341 u32 priority)
2160{ 2342{
2161 struct sk_buff *skb; 2343 struct sk_buff *skb;
2162 int err; 2344 int err;
@@ -2484,7 +2666,7 @@ static void l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2484 __set_monitor_timer(chan); 2666 __set_monitor_timer(chan);
2485 chan->retry_count++; 2667 chan->retry_count++;
2486 } else { 2668 } else {
2487 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED); 2669 l2cap_send_disconn_req(chan, ECONNABORTED);
2488 } 2670 }
2489 break; 2671 break;
2490 default: 2672 default:
@@ -2543,7 +2725,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2543 /* Don't send frame to the socket it came from */ 2725 /* Don't send frame to the socket it came from */
2544 if (skb->sk == sk) 2726 if (skb->sk == sk)
2545 continue; 2727 continue;
2546 nskb = skb_clone(skb, GFP_ATOMIC); 2728 nskb = skb_clone(skb, GFP_KERNEL);
2547 if (!nskb) 2729 if (!nskb)
2548 continue; 2730 continue;
2549 2731
@@ -2569,7 +2751,7 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2569 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; 2751 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2570 count = min_t(unsigned int, conn->mtu, len); 2752 count = min_t(unsigned int, conn->mtu, len);
2571 2753
2572 skb = bt_skb_alloc(count, GFP_ATOMIC); 2754 skb = bt_skb_alloc(count, GFP_KERNEL);
2573 if (!skb) 2755 if (!skb)
2574 return NULL; 2756 return NULL;
2575 2757
@@ -2599,7 +2781,7 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code,
2599 while (len) { 2781 while (len) {
2600 count = min_t(unsigned int, conn->mtu, len); 2782 count = min_t(unsigned int, conn->mtu, len);
2601 2783
2602 *frag = bt_skb_alloc(count, GFP_ATOMIC); 2784 *frag = bt_skb_alloc(count, GFP_KERNEL);
2603 if (!*frag) 2785 if (!*frag)
2604 goto fail; 2786 goto fail;
2605 2787
@@ -2618,7 +2800,8 @@ fail:
2618 return NULL; 2800 return NULL;
2619} 2801}
2620 2802
2621static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val) 2803static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen,
2804 unsigned long *val)
2622{ 2805{
2623 struct l2cap_conf_opt *opt = *ptr; 2806 struct l2cap_conf_opt *opt = *ptr;
2624 int len; 2807 int len;
@@ -2692,7 +2875,7 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2692 efs.msdu = cpu_to_le16(chan->local_msdu); 2875 efs.msdu = cpu_to_le16(chan->local_msdu);
2693 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); 2876 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2694 efs.acc_lat = __constant_cpu_to_le32(L2CAP_DEFAULT_ACC_LAT); 2877 efs.acc_lat = __constant_cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2695 efs.flush_to = __constant_cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO); 2878 efs.flush_to = __constant_cpu_to_le32(L2CAP_EFS_DEFAULT_FLUSH_TO);
2696 break; 2879 break;
2697 2880
2698 case L2CAP_MODE_STREAMING: 2881 case L2CAP_MODE_STREAMING:
@@ -2709,7 +2892,7 @@ static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2709 } 2892 }
2710 2893
2711 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs), 2894 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2712 (unsigned long) &efs); 2895 (unsigned long) &efs);
2713} 2896}
2714 2897
2715static void l2cap_ack_timeout(struct work_struct *work) 2898static void l2cap_ack_timeout(struct work_struct *work)
@@ -2749,6 +2932,11 @@ int l2cap_ertm_init(struct l2cap_chan *chan)
2749 2932
2750 skb_queue_head_init(&chan->tx_q); 2933 skb_queue_head_init(&chan->tx_q);
2751 2934
2935 chan->local_amp_id = 0;
2936 chan->move_id = 0;
2937 chan->move_state = L2CAP_MOVE_STABLE;
2938 chan->move_role = L2CAP_MOVE_ROLE_NONE;
2939
2752 if (chan->mode != L2CAP_MODE_ERTM) 2940 if (chan->mode != L2CAP_MODE_ERTM)
2753 return 0; 2941 return 0;
2754 2942
@@ -2795,16 +2983,54 @@ static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2795 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW; 2983 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2796} 2984}
2797 2985
2986static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
2987 struct l2cap_conf_rfc *rfc)
2988{
2989 if (chan->local_amp_id && chan->hs_hcon) {
2990 u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to;
2991
2992 /* Class 1 devices have must have ERTM timeouts
2993 * exceeding the Link Supervision Timeout. The
2994 * default Link Supervision Timeout for AMP
2995 * controllers is 10 seconds.
2996 *
2997 * Class 1 devices use 0xffffffff for their
2998 * best-effort flush timeout, so the clamping logic
2999 * will result in a timeout that meets the above
3000 * requirement. ERTM timeouts are 16-bit values, so
3001 * the maximum timeout is 65.535 seconds.
3002 */
3003
3004 /* Convert timeout to milliseconds and round */
3005 ertm_to = DIV_ROUND_UP_ULL(ertm_to, 1000);
3006
3007 /* This is the recommended formula for class 2 devices
3008 * that start ERTM timers when packets are sent to the
3009 * controller.
3010 */
3011 ertm_to = 3 * ertm_to + 500;
3012
3013 if (ertm_to > 0xffff)
3014 ertm_to = 0xffff;
3015
3016 rfc->retrans_timeout = cpu_to_le16((u16) ertm_to);
3017 rfc->monitor_timeout = rfc->retrans_timeout;
3018 } else {
3019 rfc->retrans_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3020 rfc->monitor_timeout = __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3021 }
3022}
3023
2798static inline void l2cap_txwin_setup(struct l2cap_chan *chan) 3024static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2799{ 3025{
2800 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW && 3026 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
2801 __l2cap_ews_supported(chan)) { 3027 __l2cap_ews_supported(chan)) {
2802 /* use extended control field */ 3028 /* use extended control field */
2803 set_bit(FLAG_EXT_CTRL, &chan->flags); 3029 set_bit(FLAG_EXT_CTRL, &chan->flags);
2804 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; 3030 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2805 } else { 3031 } else {
2806 chan->tx_win = min_t(u16, chan->tx_win, 3032 chan->tx_win = min_t(u16, chan->tx_win,
2807 L2CAP_DEFAULT_TX_WINDOW); 3033 L2CAP_DEFAULT_TX_WINDOW);
2808 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; 3034 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2809 } 3035 }
2810 chan->ack_win = chan->tx_win; 3036 chan->ack_win = chan->tx_win;
@@ -2844,7 +3070,7 @@ done:
2844 switch (chan->mode) { 3070 switch (chan->mode) {
2845 case L2CAP_MODE_BASIC: 3071 case L2CAP_MODE_BASIC:
2846 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) && 3072 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2847 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING)) 3073 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
2848 break; 3074 break;
2849 3075
2850 rfc.mode = L2CAP_MODE_BASIC; 3076 rfc.mode = L2CAP_MODE_BASIC;
@@ -2855,44 +3081,42 @@ done:
2855 rfc.max_pdu_size = 0; 3081 rfc.max_pdu_size = 0;
2856 3082
2857 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 3083 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2858 (unsigned long) &rfc); 3084 (unsigned long) &rfc);
2859 break; 3085 break;
2860 3086
2861 case L2CAP_MODE_ERTM: 3087 case L2CAP_MODE_ERTM:
2862 rfc.mode = L2CAP_MODE_ERTM; 3088 rfc.mode = L2CAP_MODE_ERTM;
2863 rfc.max_transmit = chan->max_tx; 3089 rfc.max_transmit = chan->max_tx;
2864 rfc.retrans_timeout = 0; 3090
2865 rfc.monitor_timeout = 0; 3091 __l2cap_set_ertm_timeouts(chan, &rfc);
2866 3092
2867 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - 3093 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2868 L2CAP_EXT_HDR_SIZE - 3094 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
2869 L2CAP_SDULEN_SIZE - 3095 L2CAP_FCS_SIZE);
2870 L2CAP_FCS_SIZE);
2871 rfc.max_pdu_size = cpu_to_le16(size); 3096 rfc.max_pdu_size = cpu_to_le16(size);
2872 3097
2873 l2cap_txwin_setup(chan); 3098 l2cap_txwin_setup(chan);
2874 3099
2875 rfc.txwin_size = min_t(u16, chan->tx_win, 3100 rfc.txwin_size = min_t(u16, chan->tx_win,
2876 L2CAP_DEFAULT_TX_WINDOW); 3101 L2CAP_DEFAULT_TX_WINDOW);
2877 3102
2878 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 3103 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2879 (unsigned long) &rfc); 3104 (unsigned long) &rfc);
2880 3105
2881 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 3106 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2882 l2cap_add_opt_efs(&ptr, chan); 3107 l2cap_add_opt_efs(&ptr, chan);
2883 3108
2884 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
2885 break;
2886
2887 if (chan->fcs == L2CAP_FCS_NONE ||
2888 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
2889 chan->fcs = L2CAP_FCS_NONE;
2890 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
2891 }
2892
2893 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) 3109 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2894 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2, 3110 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2895 chan->tx_win); 3111 chan->tx_win);
3112
3113 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3114 if (chan->fcs == L2CAP_FCS_NONE ||
3115 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
3116 chan->fcs = L2CAP_FCS_NONE;
3117 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,
3118 chan->fcs);
3119 }
2896 break; 3120 break;
2897 3121
2898 case L2CAP_MODE_STREAMING: 3122 case L2CAP_MODE_STREAMING:
@@ -2904,25 +3128,23 @@ done:
2904 rfc.monitor_timeout = 0; 3128 rfc.monitor_timeout = 0;
2905 3129
2906 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - 3130 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2907 L2CAP_EXT_HDR_SIZE - 3131 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE -
2908 L2CAP_SDULEN_SIZE - 3132 L2CAP_FCS_SIZE);
2909 L2CAP_FCS_SIZE);
2910 rfc.max_pdu_size = cpu_to_le16(size); 3133 rfc.max_pdu_size = cpu_to_le16(size);
2911 3134
2912 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), 3135 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2913 (unsigned long) &rfc); 3136 (unsigned long) &rfc);
2914 3137
2915 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 3138 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2916 l2cap_add_opt_efs(&ptr, chan); 3139 l2cap_add_opt_efs(&ptr, chan);
2917 3140
2918 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS)) 3141 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
2919 break; 3142 if (chan->fcs == L2CAP_FCS_NONE ||
2920 3143 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
2921 if (chan->fcs == L2CAP_FCS_NONE || 3144 chan->fcs = L2CAP_FCS_NONE;
2922 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 3145 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,
2923 chan->fcs = L2CAP_FCS_NONE; 3146 chan->fcs);
2924 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 3147 }
2925 }
2926 break; 3148 break;
2927 } 3149 }
2928 3150
@@ -2974,7 +3196,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
2974 3196
2975 case L2CAP_CONF_FCS: 3197 case L2CAP_CONF_FCS:
2976 if (val == L2CAP_FCS_NONE) 3198 if (val == L2CAP_FCS_NONE)
2977 set_bit(CONF_NO_FCS_RECV, &chan->conf_state); 3199 set_bit(CONF_RECV_NO_FCS, &chan->conf_state);
2978 break; 3200 break;
2979 3201
2980 case L2CAP_CONF_EFS: 3202 case L2CAP_CONF_EFS:
@@ -3011,7 +3233,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
3011 case L2CAP_MODE_ERTM: 3233 case L2CAP_MODE_ERTM:
3012 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { 3234 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
3013 chan->mode = l2cap_select_mode(rfc.mode, 3235 chan->mode = l2cap_select_mode(rfc.mode,
3014 chan->conn->feat_mask); 3236 chan->conn->feat_mask);
3015 break; 3237 break;
3016 } 3238 }
3017 3239
@@ -3036,8 +3258,8 @@ done:
3036 if (chan->num_conf_rsp == 1) 3258 if (chan->num_conf_rsp == 1)
3037 return -ECONNREFUSED; 3259 return -ECONNREFUSED;
3038 3260
3039 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3261 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3040 sizeof(rfc), (unsigned long) &rfc); 3262 (unsigned long) &rfc);
3041 } 3263 }
3042 3264
3043 if (result == L2CAP_CONF_SUCCESS) { 3265 if (result == L2CAP_CONF_SUCCESS) {
@@ -3054,8 +3276,8 @@ done:
3054 3276
3055 if (remote_efs) { 3277 if (remote_efs) {
3056 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && 3278 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3057 efs.stype != L2CAP_SERV_NOTRAFIC && 3279 efs.stype != L2CAP_SERV_NOTRAFIC &&
3058 efs.stype != chan->local_stype) { 3280 efs.stype != chan->local_stype) {
3059 3281
3060 result = L2CAP_CONF_UNACCEPT; 3282 result = L2CAP_CONF_UNACCEPT;
3061 3283
@@ -3063,8 +3285,8 @@ done:
3063 return -ECONNREFUSED; 3285 return -ECONNREFUSED;
3064 3286
3065 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3287 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3066 sizeof(efs), 3288 sizeof(efs),
3067 (unsigned long) &efs); 3289 (unsigned long) &efs);
3068 } else { 3290 } else {
3069 /* Send PENDING Conf Rsp */ 3291 /* Send PENDING Conf Rsp */
3070 result = L2CAP_CONF_PENDING; 3292 result = L2CAP_CONF_PENDING;
@@ -3087,51 +3309,45 @@ done:
3087 chan->remote_max_tx = rfc.max_transmit; 3309 chan->remote_max_tx = rfc.max_transmit;
3088 3310
3089 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), 3311 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3090 chan->conn->mtu - 3312 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3091 L2CAP_EXT_HDR_SIZE - 3313 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
3092 L2CAP_SDULEN_SIZE -
3093 L2CAP_FCS_SIZE);
3094 rfc.max_pdu_size = cpu_to_le16(size); 3314 rfc.max_pdu_size = cpu_to_le16(size);
3095 chan->remote_mps = size; 3315 chan->remote_mps = size;
3096 3316
3097 rfc.retrans_timeout = 3317 __l2cap_set_ertm_timeouts(chan, &rfc);
3098 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3099 rfc.monitor_timeout =
3100 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3101 3318
3102 set_bit(CONF_MODE_DONE, &chan->conf_state); 3319 set_bit(CONF_MODE_DONE, &chan->conf_state);
3103 3320
3104 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3321 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3105 sizeof(rfc), (unsigned long) &rfc); 3322 sizeof(rfc), (unsigned long) &rfc);
3106 3323
3107 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3324 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3108 chan->remote_id = efs.id; 3325 chan->remote_id = efs.id;
3109 chan->remote_stype = efs.stype; 3326 chan->remote_stype = efs.stype;
3110 chan->remote_msdu = le16_to_cpu(efs.msdu); 3327 chan->remote_msdu = le16_to_cpu(efs.msdu);
3111 chan->remote_flush_to = 3328 chan->remote_flush_to =
3112 le32_to_cpu(efs.flush_to); 3329 le32_to_cpu(efs.flush_to);
3113 chan->remote_acc_lat = 3330 chan->remote_acc_lat =
3114 le32_to_cpu(efs.acc_lat); 3331 le32_to_cpu(efs.acc_lat);
3115 chan->remote_sdu_itime = 3332 chan->remote_sdu_itime =
3116 le32_to_cpu(efs.sdu_itime); 3333 le32_to_cpu(efs.sdu_itime);
3117 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3334 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3118 sizeof(efs), (unsigned long) &efs); 3335 sizeof(efs),
3336 (unsigned long) &efs);
3119 } 3337 }
3120 break; 3338 break;
3121 3339
3122 case L2CAP_MODE_STREAMING: 3340 case L2CAP_MODE_STREAMING:
3123 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), 3341 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
3124 chan->conn->mtu - 3342 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3125 L2CAP_EXT_HDR_SIZE - 3343 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE);
3126 L2CAP_SDULEN_SIZE -
3127 L2CAP_FCS_SIZE);
3128 rfc.max_pdu_size = cpu_to_le16(size); 3344 rfc.max_pdu_size = cpu_to_le16(size);
3129 chan->remote_mps = size; 3345 chan->remote_mps = size;
3130 3346
3131 set_bit(CONF_MODE_DONE, &chan->conf_state); 3347 set_bit(CONF_MODE_DONE, &chan->conf_state);
3132 3348
3133 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3349 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
3134 sizeof(rfc), (unsigned long) &rfc); 3350 (unsigned long) &rfc);
3135 3351
3136 break; 3352 break;
3137 3353
@@ -3152,7 +3368,8 @@ done:
3152 return ptr - data; 3368 return ptr - data;
3153} 3369}
3154 3370
3155static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result) 3371static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3372 void *data, u16 *result)
3156{ 3373{
3157 struct l2cap_conf_req *req = data; 3374 struct l2cap_conf_req *req = data;
3158 void *ptr = req->data; 3375 void *ptr = req->data;
@@ -3179,7 +3396,7 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3179 case L2CAP_CONF_FLUSH_TO: 3396 case L2CAP_CONF_FLUSH_TO:
3180 chan->flush_to = val; 3397 chan->flush_to = val;
3181 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 3398 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
3182 2, chan->flush_to); 3399 2, chan->flush_to);
3183 break; 3400 break;
3184 3401
3185 case L2CAP_CONF_RFC: 3402 case L2CAP_CONF_RFC:
@@ -3187,13 +3404,13 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3187 memcpy(&rfc, (void *)val, olen); 3404 memcpy(&rfc, (void *)val, olen);
3188 3405
3189 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && 3406 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3190 rfc.mode != chan->mode) 3407 rfc.mode != chan->mode)
3191 return -ECONNREFUSED; 3408 return -ECONNREFUSED;
3192 3409
3193 chan->fcs = 0; 3410 chan->fcs = 0;
3194 3411
3195 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, 3412 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3196 sizeof(rfc), (unsigned long) &rfc); 3413 sizeof(rfc), (unsigned long) &rfc);
3197 break; 3414 break;
3198 3415
3199 case L2CAP_CONF_EWS: 3416 case L2CAP_CONF_EWS:
@@ -3207,12 +3424,19 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3207 memcpy(&efs, (void *)val, olen); 3424 memcpy(&efs, (void *)val, olen);
3208 3425
3209 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && 3426 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3210 efs.stype != L2CAP_SERV_NOTRAFIC && 3427 efs.stype != L2CAP_SERV_NOTRAFIC &&
3211 efs.stype != chan->local_stype) 3428 efs.stype != chan->local_stype)
3212 return -ECONNREFUSED; 3429 return -ECONNREFUSED;
3213 3430
3214 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, 3431 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
3215 sizeof(efs), (unsigned long) &efs); 3432 (unsigned long) &efs);
3433 break;
3434
3435 case L2CAP_CONF_FCS:
3436 if (*result == L2CAP_CONF_PENDING)
3437 if (val == L2CAP_FCS_NONE)
3438 set_bit(CONF_RECV_NO_FCS,
3439 &chan->conf_state);
3216 break; 3440 break;
3217 } 3441 }
3218 } 3442 }
@@ -3235,10 +3459,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3235 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { 3459 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3236 chan->local_msdu = le16_to_cpu(efs.msdu); 3460 chan->local_msdu = le16_to_cpu(efs.msdu);
3237 chan->local_sdu_itime = 3461 chan->local_sdu_itime =
3238 le32_to_cpu(efs.sdu_itime); 3462 le32_to_cpu(efs.sdu_itime);
3239 chan->local_acc_lat = le32_to_cpu(efs.acc_lat); 3463 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3240 chan->local_flush_to = 3464 chan->local_flush_to =
3241 le32_to_cpu(efs.flush_to); 3465 le32_to_cpu(efs.flush_to);
3242 } 3466 }
3243 break; 3467 break;
3244 3468
@@ -3253,7 +3477,8 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
3253 return ptr - data; 3477 return ptr - data;
3254} 3478}
3255 3479
3256static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags) 3480static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3481 u16 result, u16 flags)
3257{ 3482{
3258 struct l2cap_conf_rsp *rsp = data; 3483 struct l2cap_conf_rsp *rsp = data;
3259 void *ptr = rsp->data; 3484 void *ptr = rsp->data;
@@ -3272,19 +3497,27 @@ void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
3272 struct l2cap_conn_rsp rsp; 3497 struct l2cap_conn_rsp rsp;
3273 struct l2cap_conn *conn = chan->conn; 3498 struct l2cap_conn *conn = chan->conn;
3274 u8 buf[128]; 3499 u8 buf[128];
3500 u8 rsp_code;
3275 3501
3276 rsp.scid = cpu_to_le16(chan->dcid); 3502 rsp.scid = cpu_to_le16(chan->dcid);
3277 rsp.dcid = cpu_to_le16(chan->scid); 3503 rsp.dcid = cpu_to_le16(chan->scid);
3278 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS); 3504 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS);
3279 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 3505 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
3280 l2cap_send_cmd(conn, chan->ident, 3506
3281 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3507 if (chan->hs_hcon)
3508 rsp_code = L2CAP_CREATE_CHAN_RSP;
3509 else
3510 rsp_code = L2CAP_CONN_RSP;
3511
3512 BT_DBG("chan %p rsp_code %u", chan, rsp_code);
3513
3514 l2cap_send_cmd(conn, chan->ident, rsp_code, sizeof(rsp), &rsp);
3282 3515
3283 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) 3516 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
3284 return; 3517 return;
3285 3518
3286 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3519 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3287 l2cap_build_conf_req(chan, buf), buf); 3520 l2cap_build_conf_req(chan, buf), buf);
3288 chan->num_conf_req++; 3521 chan->num_conf_req++;
3289} 3522}
3290 3523
@@ -3339,7 +3572,8 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3339 } 3572 }
3340} 3573}
3341 3574
3342static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3575static inline int l2cap_command_rej(struct l2cap_conn *conn,
3576 struct l2cap_cmd_hdr *cmd, u8 *data)
3343{ 3577{
3344 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data; 3578 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
3345 3579
@@ -3347,7 +3581,7 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
3347 return 0; 3581 return 0;
3348 3582
3349 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && 3583 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3350 cmd->ident == conn->info_ident) { 3584 cmd->ident == conn->info_ident) {
3351 cancel_delayed_work(&conn->info_timer); 3585 cancel_delayed_work(&conn->info_timer);
3352 3586
3353 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 3587 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
@@ -3359,7 +3593,9 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hd
3359 return 0; 3593 return 0;
3360} 3594}
3361 3595
3362static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3596static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3597 struct l2cap_cmd_hdr *cmd,
3598 u8 *data, u8 rsp_code, u8 amp_id)
3363{ 3599{
3364 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 3600 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3365 struct l2cap_conn_rsp rsp; 3601 struct l2cap_conn_rsp rsp;
@@ -3386,7 +3622,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3386 3622
3387 /* Check if the ACL is secure enough (if not SDP) */ 3623 /* Check if the ACL is secure enough (if not SDP) */
3388 if (psm != __constant_cpu_to_le16(L2CAP_PSM_SDP) && 3624 if (psm != __constant_cpu_to_le16(L2CAP_PSM_SDP) &&
3389 !hci_conn_check_link_mode(conn->hcon)) { 3625 !hci_conn_check_link_mode(conn->hcon)) {
3390 conn->disc_reason = HCI_ERROR_AUTH_FAILURE; 3626 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
3391 result = L2CAP_CR_SEC_BLOCK; 3627 result = L2CAP_CR_SEC_BLOCK;
3392 goto response; 3628 goto response;
@@ -3410,8 +3646,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3410 bacpy(&bt_sk(sk)->dst, conn->dst); 3646 bacpy(&bt_sk(sk)->dst, conn->dst);
3411 chan->psm = psm; 3647 chan->psm = psm;
3412 chan->dcid = scid; 3648 chan->dcid = scid;
3413 3649 chan->local_amp_id = amp_id;
3414 bt_accept_enqueue(parent, sk);
3415 3650
3416 __l2cap_chan_add(conn, chan); 3651 __l2cap_chan_add(conn, chan);
3417 3652
@@ -3427,10 +3662,19 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
3427 __l2cap_state_change(chan, BT_CONNECT2); 3662 __l2cap_state_change(chan, BT_CONNECT2);
3428 result = L2CAP_CR_PEND; 3663 result = L2CAP_CR_PEND;
3429 status = L2CAP_CS_AUTHOR_PEND; 3664 status = L2CAP_CS_AUTHOR_PEND;
3430 parent->sk_data_ready(parent, 0); 3665 chan->ops->defer(chan);
3431 } else { 3666 } else {
3432 __l2cap_state_change(chan, BT_CONFIG); 3667 /* Force pending result for AMP controllers.
3433 result = L2CAP_CR_SUCCESS; 3668 * The connection will succeed after the
3669 * physical link is up.
3670 */
3671 if (amp_id) {
3672 __l2cap_state_change(chan, BT_CONNECT2);
3673 result = L2CAP_CR_PEND;
3674 } else {
3675 __l2cap_state_change(chan, BT_CONFIG);
3676 result = L2CAP_CR_SUCCESS;
3677 }
3434 status = L2CAP_CS_NO_INFO; 3678 status = L2CAP_CS_NO_INFO;
3435 } 3679 }
3436 } else { 3680 } else {
@@ -3453,7 +3697,7 @@ sendresp:
3453 rsp.dcid = cpu_to_le16(dcid); 3697 rsp.dcid = cpu_to_le16(dcid);
3454 rsp.result = cpu_to_le16(result); 3698 rsp.result = cpu_to_le16(result);
3455 rsp.status = cpu_to_le16(status); 3699 rsp.status = cpu_to_le16(status);
3456 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); 3700 l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp);
3457 3701
3458 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { 3702 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3459 struct l2cap_info_req info; 3703 struct l2cap_info_req info;
@@ -3464,23 +3708,42 @@ sendresp:
3464 3708
3465 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); 3709 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
3466 3710
3467 l2cap_send_cmd(conn, conn->info_ident, 3711 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ,
3468 L2CAP_INFO_REQ, sizeof(info), &info); 3712 sizeof(info), &info);
3469 } 3713 }
3470 3714
3471 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) && 3715 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
3472 result == L2CAP_CR_SUCCESS) { 3716 result == L2CAP_CR_SUCCESS) {
3473 u8 buf[128]; 3717 u8 buf[128];
3474 set_bit(CONF_REQ_SENT, &chan->conf_state); 3718 set_bit(CONF_REQ_SENT, &chan->conf_state);
3475 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3719 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3476 l2cap_build_conf_req(chan, buf), buf); 3720 l2cap_build_conf_req(chan, buf), buf);
3477 chan->num_conf_req++; 3721 chan->num_conf_req++;
3478 } 3722 }
3479 3723
3724 return chan;
3725}
3726
3727static int l2cap_connect_req(struct l2cap_conn *conn,
3728 struct l2cap_cmd_hdr *cmd, u8 *data)
3729{
3730 struct hci_dev *hdev = conn->hcon->hdev;
3731 struct hci_conn *hcon = conn->hcon;
3732
3733 hci_dev_lock(hdev);
3734 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
3735 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags))
3736 mgmt_device_connected(hdev, &hcon->dst, hcon->type,
3737 hcon->dst_type, 0, NULL, 0,
3738 hcon->dev_class);
3739 hci_dev_unlock(hdev);
3740
3741 l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0);
3480 return 0; 3742 return 0;
3481} 3743}
3482 3744
3483static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3745static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
3746 struct l2cap_cmd_hdr *cmd, u8 *data)
3484{ 3747{
3485 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; 3748 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3486 u16 scid, dcid, result, status; 3749 u16 scid, dcid, result, status;
@@ -3494,7 +3757,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
3494 status = __le16_to_cpu(rsp->status); 3757 status = __le16_to_cpu(rsp->status);
3495 3758
3496 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", 3759 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3497 dcid, scid, result, status); 3760 dcid, scid, result, status);
3498 3761
3499 mutex_lock(&conn->chan_lock); 3762 mutex_lock(&conn->chan_lock);
3500 3763
@@ -3527,7 +3790,7 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
3527 break; 3790 break;
3528 3791
3529 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3792 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3530 l2cap_build_conf_req(chan, req), req); 3793 l2cap_build_conf_req(chan, req), req);
3531 chan->num_conf_req++; 3794 chan->num_conf_req++;
3532 break; 3795 break;
3533 3796
@@ -3555,11 +3818,29 @@ static inline void set_default_fcs(struct l2cap_chan *chan)
3555 */ 3818 */
3556 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING) 3819 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
3557 chan->fcs = L2CAP_FCS_NONE; 3820 chan->fcs = L2CAP_FCS_NONE;
3558 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) 3821 else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state))
3559 chan->fcs = L2CAP_FCS_CRC16; 3822 chan->fcs = L2CAP_FCS_CRC16;
3560} 3823}
3561 3824
3562static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 3825static void l2cap_send_efs_conf_rsp(struct l2cap_chan *chan, void *data,
3826 u8 ident, u16 flags)
3827{
3828 struct l2cap_conn *conn = chan->conn;
3829
3830 BT_DBG("conn %p chan %p ident %d flags 0x%4.4x", conn, chan, ident,
3831 flags);
3832
3833 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3834 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3835
3836 l2cap_send_cmd(conn, ident, L2CAP_CONF_RSP,
3837 l2cap_build_conf_rsp(chan, data,
3838 L2CAP_CONF_SUCCESS, flags), data);
3839}
3840
3841static inline int l2cap_config_req(struct l2cap_conn *conn,
3842 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3843 u8 *data)
3563{ 3844{
3564 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; 3845 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3565 u16 dcid, flags; 3846 u16 dcid, flags;
@@ -3584,7 +3865,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3584 rej.dcid = cpu_to_le16(chan->dcid); 3865 rej.dcid = cpu_to_le16(chan->dcid);
3585 3866
3586 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, 3867 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3587 sizeof(rej), &rej); 3868 sizeof(rej), &rej);
3588 goto unlock; 3869 goto unlock;
3589 } 3870 }
3590 3871
@@ -3592,8 +3873,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3592 len = cmd_len - sizeof(*req); 3873 len = cmd_len - sizeof(*req);
3593 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) { 3874 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
3594 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3875 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3595 l2cap_build_conf_rsp(chan, rsp, 3876 l2cap_build_conf_rsp(chan, rsp,
3596 L2CAP_CONF_REJECT, flags), rsp); 3877 L2CAP_CONF_REJECT, flags), rsp);
3597 goto unlock; 3878 goto unlock;
3598 } 3879 }
3599 3880
@@ -3604,18 +3885,19 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3604 if (flags & L2CAP_CONF_FLAG_CONTINUATION) { 3885 if (flags & L2CAP_CONF_FLAG_CONTINUATION) {
3605 /* Incomplete config. Send empty response. */ 3886 /* Incomplete config. Send empty response. */
3606 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3887 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3607 l2cap_build_conf_rsp(chan, rsp, 3888 l2cap_build_conf_rsp(chan, rsp,
3608 L2CAP_CONF_SUCCESS, flags), rsp); 3889 L2CAP_CONF_SUCCESS, flags), rsp);
3609 goto unlock; 3890 goto unlock;
3610 } 3891 }
3611 3892
3612 /* Complete config. */ 3893 /* Complete config. */
3613 len = l2cap_parse_conf_req(chan, rsp); 3894 len = l2cap_parse_conf_req(chan, rsp);
3614 if (len < 0) { 3895 if (len < 0) {
3615 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3896 l2cap_send_disconn_req(chan, ECONNRESET);
3616 goto unlock; 3897 goto unlock;
3617 } 3898 }
3618 3899
3900 chan->ident = cmd->ident;
3619 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); 3901 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
3620 chan->num_conf_rsp++; 3902 chan->num_conf_rsp++;
3621 3903
@@ -3633,7 +3915,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3633 err = l2cap_ertm_init(chan); 3915 err = l2cap_ertm_init(chan);
3634 3916
3635 if (err < 0) 3917 if (err < 0)
3636 l2cap_send_disconn_req(chan->conn, chan, -err); 3918 l2cap_send_disconn_req(chan, -err);
3637 else 3919 else
3638 l2cap_chan_ready(chan); 3920 l2cap_chan_ready(chan);
3639 3921
@@ -3643,23 +3925,22 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3643 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) { 3925 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
3644 u8 buf[64]; 3926 u8 buf[64];
3645 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, 3927 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3646 l2cap_build_conf_req(chan, buf), buf); 3928 l2cap_build_conf_req(chan, buf), buf);
3647 chan->num_conf_req++; 3929 chan->num_conf_req++;
3648 } 3930 }
3649 3931
3650 /* Got Conf Rsp PENDING from remote side and asume we sent 3932 /* Got Conf Rsp PENDING from remote side and asume we sent
3651 Conf Rsp PENDING in the code above */ 3933 Conf Rsp PENDING in the code above */
3652 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) && 3934 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3653 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { 3935 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3654 3936
3655 /* check compatibility */ 3937 /* check compatibility */
3656 3938
3657 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); 3939 /* Send rsp for BR/EDR channel */
3658 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); 3940 if (!chan->hs_hcon)
3659 3941 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags);
3660 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3942 else
3661 l2cap_build_conf_rsp(chan, rsp, 3943 chan->ident = cmd->ident;
3662 L2CAP_CONF_SUCCESS, flags), rsp);
3663 } 3944 }
3664 3945
3665unlock: 3946unlock:
@@ -3667,7 +3948,8 @@ unlock:
3667 return err; 3948 return err;
3668} 3949}
3669 3950
3670static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 3951static inline int l2cap_config_rsp(struct l2cap_conn *conn,
3952 struct l2cap_cmd_hdr *cmd, u8 *data)
3671{ 3953{
3672 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; 3954 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3673 u16 scid, flags, result; 3955 u16 scid, flags, result;
@@ -3699,20 +3981,21 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3699 char buf[64]; 3981 char buf[64];
3700 3982
3701 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 3983 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3702 buf, &result); 3984 buf, &result);
3703 if (len < 0) { 3985 if (len < 0) {
3704 l2cap_send_disconn_req(conn, chan, ECONNRESET); 3986 l2cap_send_disconn_req(chan, ECONNRESET);
3705 goto done; 3987 goto done;
3706 } 3988 }
3707 3989
3708 /* check compatibility */ 3990 if (!chan->hs_hcon) {
3709 3991 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident,
3710 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); 3992 0);
3711 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); 3993 } else {
3712 3994 if (l2cap_check_efs(chan)) {
3713 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, 3995 amp_create_logical_link(chan);
3714 l2cap_build_conf_rsp(chan, buf, 3996 chan->ident = cmd->ident;
3715 L2CAP_CONF_SUCCESS, 0x0000), buf); 3997 }
3998 }
3716 } 3999 }
3717 goto done; 4000 goto done;
3718 4001
@@ -3721,21 +4004,21 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3721 char req[64]; 4004 char req[64];
3722 4005
3723 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 4006 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3724 l2cap_send_disconn_req(conn, chan, ECONNRESET); 4007 l2cap_send_disconn_req(chan, ECONNRESET);
3725 goto done; 4008 goto done;
3726 } 4009 }
3727 4010
3728 /* throw out any old stored conf requests */ 4011 /* throw out any old stored conf requests */
3729 result = L2CAP_CONF_SUCCESS; 4012 result = L2CAP_CONF_SUCCESS;
3730 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 4013 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3731 req, &result); 4014 req, &result);
3732 if (len < 0) { 4015 if (len < 0) {
3733 l2cap_send_disconn_req(conn, chan, ECONNRESET); 4016 l2cap_send_disconn_req(chan, ECONNRESET);
3734 goto done; 4017 goto done;
3735 } 4018 }
3736 4019
3737 l2cap_send_cmd(conn, l2cap_get_ident(conn), 4020 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3738 L2CAP_CONF_REQ, len, req); 4021 L2CAP_CONF_REQ, len, req);
3739 chan->num_conf_req++; 4022 chan->num_conf_req++;
3740 if (result != L2CAP_CONF_SUCCESS) 4023 if (result != L2CAP_CONF_SUCCESS)
3741 goto done; 4024 goto done;
@@ -3746,7 +4029,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3746 l2cap_chan_set_err(chan, ECONNRESET); 4029 l2cap_chan_set_err(chan, ECONNRESET);
3747 4030
3748 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT); 4031 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
3749 l2cap_send_disconn_req(conn, chan, ECONNRESET); 4032 l2cap_send_disconn_req(chan, ECONNRESET);
3750 goto done; 4033 goto done;
3751 } 4034 }
3752 4035
@@ -3763,7 +4046,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr
3763 err = l2cap_ertm_init(chan); 4046 err = l2cap_ertm_init(chan);
3764 4047
3765 if (err < 0) 4048 if (err < 0)
3766 l2cap_send_disconn_req(chan->conn, chan, -err); 4049 l2cap_send_disconn_req(chan, -err);
3767 else 4050 else
3768 l2cap_chan_ready(chan); 4051 l2cap_chan_ready(chan);
3769 } 4052 }
@@ -3773,7 +4056,8 @@ done:
3773 return err; 4056 return err;
3774} 4057}
3775 4058
3776static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 4059static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
4060 struct l2cap_cmd_hdr *cmd, u8 *data)
3777{ 4061{
3778 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; 4062 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3779 struct l2cap_disconn_rsp rsp; 4063 struct l2cap_disconn_rsp rsp;
@@ -3819,7 +4103,8 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
3819 return 0; 4103 return 0;
3820} 4104}
3821 4105
3822static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 4106static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
4107 struct l2cap_cmd_hdr *cmd, u8 *data)
3823{ 4108{
3824 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; 4109 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3825 u16 dcid, scid; 4110 u16 dcid, scid;
@@ -3853,7 +4138,8 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
3853 return 0; 4138 return 0;
3854} 4139}
3855 4140
3856static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 4141static inline int l2cap_information_req(struct l2cap_conn *conn,
4142 struct l2cap_cmd_hdr *cmd, u8 *data)
3857{ 4143{
3858 struct l2cap_info_req *req = (struct l2cap_info_req *) data; 4144 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3859 u16 type; 4145 u16 type;
@@ -3870,14 +4156,14 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3870 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS); 4156 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS);
3871 if (!disable_ertm) 4157 if (!disable_ertm)
3872 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 4158 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3873 | L2CAP_FEAT_FCS; 4159 | L2CAP_FEAT_FCS;
3874 if (enable_hs) 4160 if (enable_hs)
3875 feat_mask |= L2CAP_FEAT_EXT_FLOW 4161 feat_mask |= L2CAP_FEAT_EXT_FLOW
3876 | L2CAP_FEAT_EXT_WINDOW; 4162 | L2CAP_FEAT_EXT_WINDOW;
3877 4163
3878 put_unaligned_le32(feat_mask, rsp->data); 4164 put_unaligned_le32(feat_mask, rsp->data);
3879 l2cap_send_cmd(conn, cmd->ident, 4165 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
3880 L2CAP_INFO_RSP, sizeof(buf), buf); 4166 buf);
3881 } else if (type == L2CAP_IT_FIXED_CHAN) { 4167 } else if (type == L2CAP_IT_FIXED_CHAN) {
3882 u8 buf[12]; 4168 u8 buf[12];
3883 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 4169 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
@@ -3890,20 +4176,21 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cm
3890 rsp->type = __constant_cpu_to_le16(L2CAP_IT_FIXED_CHAN); 4176 rsp->type = __constant_cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3891 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS); 4177 rsp->result = __constant_cpu_to_le16(L2CAP_IR_SUCCESS);
3892 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan)); 4178 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
3893 l2cap_send_cmd(conn, cmd->ident, 4179 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
3894 L2CAP_INFO_RSP, sizeof(buf), buf); 4180 buf);
3895 } else { 4181 } else {
3896 struct l2cap_info_rsp rsp; 4182 struct l2cap_info_rsp rsp;
3897 rsp.type = cpu_to_le16(type); 4183 rsp.type = cpu_to_le16(type);
3898 rsp.result = __constant_cpu_to_le16(L2CAP_IR_NOTSUPP); 4184 rsp.result = __constant_cpu_to_le16(L2CAP_IR_NOTSUPP);
3899 l2cap_send_cmd(conn, cmd->ident, 4185 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp),
3900 L2CAP_INFO_RSP, sizeof(rsp), &rsp); 4186 &rsp);
3901 } 4187 }
3902 4188
3903 return 0; 4189 return 0;
3904} 4190}
3905 4191
3906static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) 4192static inline int l2cap_information_rsp(struct l2cap_conn *conn,
4193 struct l2cap_cmd_hdr *cmd, u8 *data)
3907{ 4194{
3908 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data; 4195 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3909 u16 type, result; 4196 u16 type, result;
@@ -3915,7 +4202,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3915 4202
3916 /* L2CAP Info req/rsp are unbound to channels, add extra checks */ 4203 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3917 if (cmd->ident != conn->info_ident || 4204 if (cmd->ident != conn->info_ident ||
3918 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) 4205 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3919 return 0; 4206 return 0;
3920 4207
3921 cancel_delayed_work(&conn->info_timer); 4208 cancel_delayed_work(&conn->info_timer);
@@ -3940,7 +4227,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3940 conn->info_ident = l2cap_get_ident(conn); 4227 conn->info_ident = l2cap_get_ident(conn);
3941 4228
3942 l2cap_send_cmd(conn, conn->info_ident, 4229 l2cap_send_cmd(conn, conn->info_ident,
3943 L2CAP_INFO_REQ, sizeof(req), &req); 4230 L2CAP_INFO_REQ, sizeof(req), &req);
3944 } else { 4231 } else {
3945 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; 4232 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3946 conn->info_ident = 0; 4233 conn->info_ident = 0;
@@ -3961,12 +4248,14 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cm
3961 return 0; 4248 return 0;
3962} 4249}
3963 4250
3964static inline int l2cap_create_channel_req(struct l2cap_conn *conn, 4251static int l2cap_create_channel_req(struct l2cap_conn *conn,
3965 struct l2cap_cmd_hdr *cmd, u16 cmd_len, 4252 struct l2cap_cmd_hdr *cmd,
3966 void *data) 4253 u16 cmd_len, void *data)
3967{ 4254{
3968 struct l2cap_create_chan_req *req = data; 4255 struct l2cap_create_chan_req *req = data;
3969 struct l2cap_create_chan_rsp rsp; 4256 struct l2cap_create_chan_rsp rsp;
4257 struct l2cap_chan *chan;
4258 struct hci_dev *hdev;
3970 u16 psm, scid; 4259 u16 psm, scid;
3971 4260
3972 if (cmd_len != sizeof(*req)) 4261 if (cmd_len != sizeof(*req))
@@ -3980,56 +4269,119 @@ static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3980 4269
3981 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id); 4270 BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id);
3982 4271
3983 /* Placeholder: Always reject */ 4272 /* For controller id 0 make BR/EDR connection */
4273 if (req->amp_id == HCI_BREDR_ID) {
4274 l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP,
4275 req->amp_id);
4276 return 0;
4277 }
4278
4279 /* Validate AMP controller id */
4280 hdev = hci_dev_get(req->amp_id);
4281 if (!hdev)
4282 goto error;
4283
4284 if (hdev->dev_type != HCI_AMP || !test_bit(HCI_UP, &hdev->flags)) {
4285 hci_dev_put(hdev);
4286 goto error;
4287 }
4288
4289 chan = l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP,
4290 req->amp_id);
4291 if (chan) {
4292 struct amp_mgr *mgr = conn->hcon->amp_mgr;
4293 struct hci_conn *hs_hcon;
4294
4295 hs_hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, conn->dst);
4296 if (!hs_hcon) {
4297 hci_dev_put(hdev);
4298 return -EFAULT;
4299 }
4300
4301 BT_DBG("mgr %p bredr_chan %p hs_hcon %p", mgr, chan, hs_hcon);
4302
4303 mgr->bredr_chan = chan;
4304 chan->hs_hcon = hs_hcon;
4305 chan->fcs = L2CAP_FCS_NONE;
4306 conn->mtu = hdev->block_mtu;
4307 }
4308
4309 hci_dev_put(hdev);
4310
4311 return 0;
4312
4313error:
3984 rsp.dcid = 0; 4314 rsp.dcid = 0;
3985 rsp.scid = cpu_to_le16(scid); 4315 rsp.scid = cpu_to_le16(scid);
3986 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM); 4316 rsp.result = __constant_cpu_to_le16(L2CAP_CR_BAD_AMP);
3987 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO); 4317 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
3988 4318
3989 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP, 4319 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3990 sizeof(rsp), &rsp); 4320 sizeof(rsp), &rsp);
3991 4321
3992 return 0; 4322 return -EFAULT;
3993} 4323}
3994 4324
3995static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn, 4325static void l2cap_send_move_chan_req(struct l2cap_chan *chan, u8 dest_amp_id)
3996 struct l2cap_cmd_hdr *cmd, void *data)
3997{ 4326{
3998 BT_DBG("conn %p", conn); 4327 struct l2cap_move_chan_req req;
4328 u8 ident;
3999 4329
4000 return l2cap_connect_rsp(conn, cmd, data); 4330 BT_DBG("chan %p, dest_amp_id %d", chan, dest_amp_id);
4331
4332 ident = l2cap_get_ident(chan->conn);
4333 chan->ident = ident;
4334
4335 req.icid = cpu_to_le16(chan->scid);
4336 req.dest_amp_id = dest_amp_id;
4337
4338 l2cap_send_cmd(chan->conn, ident, L2CAP_MOVE_CHAN_REQ, sizeof(req),
4339 &req);
4340
4341 __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT);
4001} 4342}
4002 4343
4003static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident, 4344static void l2cap_send_move_chan_rsp(struct l2cap_chan *chan, u16 result)
4004 u16 icid, u16 result)
4005{ 4345{
4006 struct l2cap_move_chan_rsp rsp; 4346 struct l2cap_move_chan_rsp rsp;
4007 4347
4008 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result); 4348 BT_DBG("chan %p, result 0x%4.4x", chan, result);
4009 4349
4010 rsp.icid = cpu_to_le16(icid); 4350 rsp.icid = cpu_to_le16(chan->dcid);
4011 rsp.result = cpu_to_le16(result); 4351 rsp.result = cpu_to_le16(result);
4012 4352
4013 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp); 4353 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_RSP,
4354 sizeof(rsp), &rsp);
4014} 4355}
4015 4356
4016static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn, 4357static void l2cap_send_move_chan_cfm(struct l2cap_chan *chan, u16 result)
4017 struct l2cap_chan *chan,
4018 u16 icid, u16 result)
4019{ 4358{
4020 struct l2cap_move_chan_cfm cfm; 4359 struct l2cap_move_chan_cfm cfm;
4021 u8 ident;
4022 4360
4023 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result); 4361 BT_DBG("chan %p, result 0x%4.4x", chan, result);
4024 4362
4025 ident = l2cap_get_ident(conn); 4363 chan->ident = l2cap_get_ident(chan->conn);
4026 if (chan)
4027 chan->ident = ident;
4028 4364
4029 cfm.icid = cpu_to_le16(icid); 4365 cfm.icid = cpu_to_le16(chan->scid);
4030 cfm.result = cpu_to_le16(result); 4366 cfm.result = cpu_to_le16(result);
4031 4367
4032 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm); 4368 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_CFM,
4369 sizeof(cfm), &cfm);
4370
4371 __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT);
4372}
4373
4374static void l2cap_send_move_chan_cfm_icid(struct l2cap_conn *conn, u16 icid)
4375{
4376 struct l2cap_move_chan_cfm cfm;
4377
4378 BT_DBG("conn %p, icid 0x%4.4x", conn, icid);
4379
4380 cfm.icid = cpu_to_le16(icid);
4381 cfm.result = __constant_cpu_to_le16(L2CAP_MC_UNCONFIRMED);
4382
4383 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_MOVE_CHAN_CFM,
4384 sizeof(cfm), &cfm);
4033} 4385}
4034 4386
4035static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident, 4387static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
@@ -4043,11 +4395,289 @@ static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
4043 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp); 4395 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
4044} 4396}
4045 4397
4398static void __release_logical_link(struct l2cap_chan *chan)
4399{
4400 chan->hs_hchan = NULL;
4401 chan->hs_hcon = NULL;
4402
4403 /* Placeholder - release the logical link */
4404}
4405
4406static void l2cap_logical_fail(struct l2cap_chan *chan)
4407{
4408 /* Logical link setup failed */
4409 if (chan->state != BT_CONNECTED) {
4410 /* Create channel failure, disconnect */
4411 l2cap_send_disconn_req(chan, ECONNRESET);
4412 return;
4413 }
4414
4415 switch (chan->move_role) {
4416 case L2CAP_MOVE_ROLE_RESPONDER:
4417 l2cap_move_done(chan);
4418 l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_SUPP);
4419 break;
4420 case L2CAP_MOVE_ROLE_INITIATOR:
4421 if (chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_COMP ||
4422 chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_CFM) {
4423 /* Remote has only sent pending or
4424 * success responses, clean up
4425 */
4426 l2cap_move_done(chan);
4427 }
4428
4429 /* Other amp move states imply that the move
4430 * has already aborted
4431 */
4432 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
4433 break;
4434 }
4435}
4436
4437static void l2cap_logical_finish_create(struct l2cap_chan *chan,
4438 struct hci_chan *hchan)
4439{
4440 struct l2cap_conf_rsp rsp;
4441
4442 chan->hs_hchan = hchan;
4443 chan->hs_hcon->l2cap_data = chan->conn;
4444
4445 l2cap_send_efs_conf_rsp(chan, &rsp, chan->ident, 0);
4446
4447 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
4448 int err;
4449
4450 set_default_fcs(chan);
4451
4452 err = l2cap_ertm_init(chan);
4453 if (err < 0)
4454 l2cap_send_disconn_req(chan, -err);
4455 else
4456 l2cap_chan_ready(chan);
4457 }
4458}
4459
4460static void l2cap_logical_finish_move(struct l2cap_chan *chan,
4461 struct hci_chan *hchan)
4462{
4463 chan->hs_hcon = hchan->conn;
4464 chan->hs_hcon->l2cap_data = chan->conn;
4465
4466 BT_DBG("move_state %d", chan->move_state);
4467
4468 switch (chan->move_state) {
4469 case L2CAP_MOVE_WAIT_LOGICAL_COMP:
4470 /* Move confirm will be sent after a success
4471 * response is received
4472 */
4473 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4474 break;
4475 case L2CAP_MOVE_WAIT_LOGICAL_CFM:
4476 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4477 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4478 } else if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) {
4479 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP;
4480 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
4481 } else if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) {
4482 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4483 l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS);
4484 }
4485 break;
4486 default:
4487 /* Move was not in expected state, free the channel */
4488 __release_logical_link(chan);
4489
4490 chan->move_state = L2CAP_MOVE_STABLE;
4491 }
4492}
4493
4494/* Call with chan locked */
4495void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan,
4496 u8 status)
4497{
4498 BT_DBG("chan %p, hchan %p, status %d", chan, hchan, status);
4499
4500 if (status) {
4501 l2cap_logical_fail(chan);
4502 __release_logical_link(chan);
4503 return;
4504 }
4505
4506 if (chan->state != BT_CONNECTED) {
4507 /* Ignore logical link if channel is on BR/EDR */
4508 if (chan->local_amp_id)
4509 l2cap_logical_finish_create(chan, hchan);
4510 } else {
4511 l2cap_logical_finish_move(chan, hchan);
4512 }
4513}
4514
4515void l2cap_move_start(struct l2cap_chan *chan)
4516{
4517 BT_DBG("chan %p", chan);
4518
4519 if (chan->local_amp_id == HCI_BREDR_ID) {
4520 if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED)
4521 return;
4522 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
4523 chan->move_state = L2CAP_MOVE_WAIT_PREPARE;
4524 /* Placeholder - start physical link setup */
4525 } else {
4526 chan->move_role = L2CAP_MOVE_ROLE_INITIATOR;
4527 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4528 chan->move_id = 0;
4529 l2cap_move_setup(chan);
4530 l2cap_send_move_chan_req(chan, 0);
4531 }
4532}
4533
4534static void l2cap_do_create(struct l2cap_chan *chan, int result,
4535 u8 local_amp_id, u8 remote_amp_id)
4536{
4537 BT_DBG("chan %p state %s %u -> %u", chan, state_to_string(chan->state),
4538 local_amp_id, remote_amp_id);
4539
4540 chan->fcs = L2CAP_FCS_NONE;
4541
4542 /* Outgoing channel on AMP */
4543 if (chan->state == BT_CONNECT) {
4544 if (result == L2CAP_CR_SUCCESS) {
4545 chan->local_amp_id = local_amp_id;
4546 l2cap_send_create_chan_req(chan, remote_amp_id);
4547 } else {
4548 /* Revert to BR/EDR connect */
4549 l2cap_send_conn_req(chan);
4550 }
4551
4552 return;
4553 }
4554
4555 /* Incoming channel on AMP */
4556 if (__l2cap_no_conn_pending(chan)) {
4557 struct l2cap_conn_rsp rsp;
4558 char buf[128];
4559 rsp.scid = cpu_to_le16(chan->dcid);
4560 rsp.dcid = cpu_to_le16(chan->scid);
4561
4562 if (result == L2CAP_CR_SUCCESS) {
4563 /* Send successful response */
4564 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS);
4565 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
4566 } else {
4567 /* Send negative response */
4568 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
4569 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
4570 }
4571
4572 l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_RSP,
4573 sizeof(rsp), &rsp);
4574
4575 if (result == L2CAP_CR_SUCCESS) {
4576 __l2cap_state_change(chan, BT_CONFIG);
4577 set_bit(CONF_REQ_SENT, &chan->conf_state);
4578 l2cap_send_cmd(chan->conn, l2cap_get_ident(chan->conn),
4579 L2CAP_CONF_REQ,
4580 l2cap_build_conf_req(chan, buf), buf);
4581 chan->num_conf_req++;
4582 }
4583 }
4584}
4585
4586static void l2cap_do_move_initiate(struct l2cap_chan *chan, u8 local_amp_id,
4587 u8 remote_amp_id)
4588{
4589 l2cap_move_setup(chan);
4590 chan->move_id = local_amp_id;
4591 chan->move_state = L2CAP_MOVE_WAIT_RSP;
4592
4593 l2cap_send_move_chan_req(chan, remote_amp_id);
4594}
4595
4596static void l2cap_do_move_respond(struct l2cap_chan *chan, int result)
4597{
4598 struct hci_chan *hchan = NULL;
4599
4600 /* Placeholder - get hci_chan for logical link */
4601
4602 if (hchan) {
4603 if (hchan->state == BT_CONNECTED) {
4604 /* Logical link is ready to go */
4605 chan->hs_hcon = hchan->conn;
4606 chan->hs_hcon->l2cap_data = chan->conn;
4607 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4608 l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS);
4609
4610 l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS);
4611 } else {
4612 /* Wait for logical link to be ready */
4613 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4614 }
4615 } else {
4616 /* Logical link not available */
4617 l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_ALLOWED);
4618 }
4619}
4620
4621static void l2cap_do_move_cancel(struct l2cap_chan *chan, int result)
4622{
4623 if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) {
4624 u8 rsp_result;
4625 if (result == -EINVAL)
4626 rsp_result = L2CAP_MR_BAD_ID;
4627 else
4628 rsp_result = L2CAP_MR_NOT_ALLOWED;
4629
4630 l2cap_send_move_chan_rsp(chan, rsp_result);
4631 }
4632
4633 chan->move_role = L2CAP_MOVE_ROLE_NONE;
4634 chan->move_state = L2CAP_MOVE_STABLE;
4635
4636 /* Restart data transmission */
4637 l2cap_ertm_send(chan);
4638}
4639
4640/* Invoke with locked chan */
4641void __l2cap_physical_cfm(struct l2cap_chan *chan, int result)
4642{
4643 u8 local_amp_id = chan->local_amp_id;
4644 u8 remote_amp_id = chan->remote_amp_id;
4645
4646 BT_DBG("chan %p, result %d, local_amp_id %d, remote_amp_id %d",
4647 chan, result, local_amp_id, remote_amp_id);
4648
4649 if (chan->state == BT_DISCONN || chan->state == BT_CLOSED) {
4650 l2cap_chan_unlock(chan);
4651 return;
4652 }
4653
4654 if (chan->state != BT_CONNECTED) {
4655 l2cap_do_create(chan, result, local_amp_id, remote_amp_id);
4656 } else if (result != L2CAP_MR_SUCCESS) {
4657 l2cap_do_move_cancel(chan, result);
4658 } else {
4659 switch (chan->move_role) {
4660 case L2CAP_MOVE_ROLE_INITIATOR:
4661 l2cap_do_move_initiate(chan, local_amp_id,
4662 remote_amp_id);
4663 break;
4664 case L2CAP_MOVE_ROLE_RESPONDER:
4665 l2cap_do_move_respond(chan, result);
4666 break;
4667 default:
4668 l2cap_do_move_cancel(chan, result);
4669 break;
4670 }
4671 }
4672}
4673
4046static inline int l2cap_move_channel_req(struct l2cap_conn *conn, 4674static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4047 struct l2cap_cmd_hdr *cmd, 4675 struct l2cap_cmd_hdr *cmd,
4048 u16 cmd_len, void *data) 4676 u16 cmd_len, void *data)
4049{ 4677{
4050 struct l2cap_move_chan_req *req = data; 4678 struct l2cap_move_chan_req *req = data;
4679 struct l2cap_move_chan_rsp rsp;
4680 struct l2cap_chan *chan;
4051 u16 icid = 0; 4681 u16 icid = 0;
4052 u16 result = L2CAP_MR_NOT_ALLOWED; 4682 u16 result = L2CAP_MR_NOT_ALLOWED;
4053 4683
@@ -4061,15 +4691,206 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
4061 if (!enable_hs) 4691 if (!enable_hs)
4062 return -EINVAL; 4692 return -EINVAL;
4063 4693
4064 /* Placeholder: Always refuse */ 4694 chan = l2cap_get_chan_by_dcid(conn, icid);
4065 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result); 4695 if (!chan) {
4696 rsp.icid = cpu_to_le16(icid);
4697 rsp.result = __constant_cpu_to_le16(L2CAP_MR_NOT_ALLOWED);
4698 l2cap_send_cmd(conn, cmd->ident, L2CAP_MOVE_CHAN_RSP,
4699 sizeof(rsp), &rsp);
4700 return 0;
4701 }
4702
4703 chan->ident = cmd->ident;
4704
4705 if (chan->scid < L2CAP_CID_DYN_START ||
4706 chan->chan_policy == BT_CHANNEL_POLICY_BREDR_ONLY ||
4707 (chan->mode != L2CAP_MODE_ERTM &&
4708 chan->mode != L2CAP_MODE_STREAMING)) {
4709 result = L2CAP_MR_NOT_ALLOWED;
4710 goto send_move_response;
4711 }
4712
4713 if (chan->local_amp_id == req->dest_amp_id) {
4714 result = L2CAP_MR_SAME_ID;
4715 goto send_move_response;
4716 }
4717
4718 if (req->dest_amp_id) {
4719 struct hci_dev *hdev;
4720 hdev = hci_dev_get(req->dest_amp_id);
4721 if (!hdev || hdev->dev_type != HCI_AMP ||
4722 !test_bit(HCI_UP, &hdev->flags)) {
4723 if (hdev)
4724 hci_dev_put(hdev);
4725
4726 result = L2CAP_MR_BAD_ID;
4727 goto send_move_response;
4728 }
4729 hci_dev_put(hdev);
4730 }
4731
4732 /* Detect a move collision. Only send a collision response
4733 * if this side has "lost", otherwise proceed with the move.
4734 * The winner has the larger bd_addr.
4735 */
4736 if ((__chan_is_moving(chan) ||
4737 chan->move_role != L2CAP_MOVE_ROLE_NONE) &&
4738 bacmp(conn->src, conn->dst) > 0) {
4739 result = L2CAP_MR_COLLISION;
4740 goto send_move_response;
4741 }
4742
4743 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER;
4744 l2cap_move_setup(chan);
4745 chan->move_id = req->dest_amp_id;
4746 icid = chan->dcid;
4747
4748 if (!req->dest_amp_id) {
4749 /* Moving to BR/EDR */
4750 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4751 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4752 result = L2CAP_MR_PEND;
4753 } else {
4754 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM;
4755 result = L2CAP_MR_SUCCESS;
4756 }
4757 } else {
4758 chan->move_state = L2CAP_MOVE_WAIT_PREPARE;
4759 /* Placeholder - uncomment when amp functions are available */
4760 /*amp_accept_physical(chan, req->dest_amp_id);*/
4761 result = L2CAP_MR_PEND;
4762 }
4763
4764send_move_response:
4765 l2cap_send_move_chan_rsp(chan, result);
4766
4767 l2cap_chan_unlock(chan);
4066 4768
4067 return 0; 4769 return 0;
4068} 4770}
4069 4771
4070static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn, 4772static void l2cap_move_continue(struct l2cap_conn *conn, u16 icid, u16 result)
4071 struct l2cap_cmd_hdr *cmd, 4773{
4072 u16 cmd_len, void *data) 4774 struct l2cap_chan *chan;
4775 struct hci_chan *hchan = NULL;
4776
4777 chan = l2cap_get_chan_by_scid(conn, icid);
4778 if (!chan) {
4779 l2cap_send_move_chan_cfm_icid(conn, icid);
4780 return;
4781 }
4782
4783 __clear_chan_timer(chan);
4784 if (result == L2CAP_MR_PEND)
4785 __set_chan_timer(chan, L2CAP_MOVE_ERTX_TIMEOUT);
4786
4787 switch (chan->move_state) {
4788 case L2CAP_MOVE_WAIT_LOGICAL_COMP:
4789 /* Move confirm will be sent when logical link
4790 * is complete.
4791 */
4792 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4793 break;
4794 case L2CAP_MOVE_WAIT_RSP_SUCCESS:
4795 if (result == L2CAP_MR_PEND) {
4796 break;
4797 } else if (test_bit(CONN_LOCAL_BUSY,
4798 &chan->conn_state)) {
4799 chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY;
4800 } else {
4801 /* Logical link is up or moving to BR/EDR,
4802 * proceed with move
4803 */
4804 chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP;
4805 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
4806 }
4807 break;
4808 case L2CAP_MOVE_WAIT_RSP:
4809 /* Moving to AMP */
4810 if (result == L2CAP_MR_SUCCESS) {
4811 /* Remote is ready, send confirm immediately
4812 * after logical link is ready
4813 */
4814 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM;
4815 } else {
4816 /* Both logical link and move success
4817 * are required to confirm
4818 */
4819 chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_COMP;
4820 }
4821
4822 /* Placeholder - get hci_chan for logical link */
4823 if (!hchan) {
4824 /* Logical link not available */
4825 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
4826 break;
4827 }
4828
4829 /* If the logical link is not yet connected, do not
4830 * send confirmation.
4831 */
4832 if (hchan->state != BT_CONNECTED)
4833 break;
4834
4835 /* Logical link is already ready to go */
4836
4837 chan->hs_hcon = hchan->conn;
4838 chan->hs_hcon->l2cap_data = chan->conn;
4839
4840 if (result == L2CAP_MR_SUCCESS) {
4841 /* Can confirm now */
4842 l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED);
4843 } else {
4844 /* Now only need move success
4845 * to confirm
4846 */
4847 chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS;
4848 }
4849
4850 l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS);
4851 break;
4852 default:
4853 /* Any other amp move state means the move failed. */
4854 chan->move_id = chan->local_amp_id;
4855 l2cap_move_done(chan);
4856 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
4857 }
4858
4859 l2cap_chan_unlock(chan);
4860}
4861
4862static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid,
4863 u16 result)
4864{
4865 struct l2cap_chan *chan;
4866
4867 chan = l2cap_get_chan_by_ident(conn, ident);
4868 if (!chan) {
4869 /* Could not locate channel, icid is best guess */
4870 l2cap_send_move_chan_cfm_icid(conn, icid);
4871 return;
4872 }
4873
4874 __clear_chan_timer(chan);
4875
4876 if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) {
4877 if (result == L2CAP_MR_COLLISION) {
4878 chan->move_role = L2CAP_MOVE_ROLE_RESPONDER;
4879 } else {
4880 /* Cleanup - cancel move */
4881 chan->move_id = chan->local_amp_id;
4882 l2cap_move_done(chan);
4883 }
4884 }
4885
4886 l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
4887
4888 l2cap_chan_unlock(chan);
4889}
4890
4891static int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4892 struct l2cap_cmd_hdr *cmd,
4893 u16 cmd_len, void *data)
4073{ 4894{
4074 struct l2cap_move_chan_rsp *rsp = data; 4895 struct l2cap_move_chan_rsp *rsp = data;
4075 u16 icid, result; 4896 u16 icid, result;
@@ -4082,17 +4903,20 @@ static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
4082 4903
4083 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result); 4904 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
4084 4905
4085 /* Placeholder: Always unconfirmed */ 4906 if (result == L2CAP_MR_SUCCESS || result == L2CAP_MR_PEND)
4086 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED); 4907 l2cap_move_continue(conn, icid, result);
4908 else
4909 l2cap_move_fail(conn, cmd->ident, icid, result);
4087 4910
4088 return 0; 4911 return 0;
4089} 4912}
4090 4913
4091static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn, 4914static int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4092 struct l2cap_cmd_hdr *cmd, 4915 struct l2cap_cmd_hdr *cmd,
4093 u16 cmd_len, void *data) 4916 u16 cmd_len, void *data)
4094{ 4917{
4095 struct l2cap_move_chan_cfm *cfm = data; 4918 struct l2cap_move_chan_cfm *cfm = data;
4919 struct l2cap_chan *chan;
4096 u16 icid, result; 4920 u16 icid, result;
4097 4921
4098 if (cmd_len != sizeof(*cfm)) 4922 if (cmd_len != sizeof(*cfm))
@@ -4103,8 +4927,29 @@ static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
4103 4927
4104 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result); 4928 BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result);
4105 4929
4930 chan = l2cap_get_chan_by_dcid(conn, icid);
4931 if (!chan) {
4932 /* Spec requires a response even if the icid was not found */
4933 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
4934 return 0;
4935 }
4936
4937 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) {
4938 if (result == L2CAP_MC_CONFIRMED) {
4939 chan->local_amp_id = chan->move_id;
4940 if (!chan->local_amp_id)
4941 __release_logical_link(chan);
4942 } else {
4943 chan->move_id = chan->local_amp_id;
4944 }
4945
4946 l2cap_move_done(chan);
4947 }
4948
4106 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); 4949 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
4107 4950
4951 l2cap_chan_unlock(chan);
4952
4108 return 0; 4953 return 0;
4109} 4954}
4110 4955
@@ -4113,6 +4958,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4113 u16 cmd_len, void *data) 4958 u16 cmd_len, void *data)
4114{ 4959{
4115 struct l2cap_move_chan_cfm_rsp *rsp = data; 4960 struct l2cap_move_chan_cfm_rsp *rsp = data;
4961 struct l2cap_chan *chan;
4116 u16 icid; 4962 u16 icid;
4117 4963
4118 if (cmd_len != sizeof(*rsp)) 4964 if (cmd_len != sizeof(*rsp))
@@ -4122,11 +4968,28 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
4122 4968
4123 BT_DBG("icid 0x%4.4x", icid); 4969 BT_DBG("icid 0x%4.4x", icid);
4124 4970
4971 chan = l2cap_get_chan_by_scid(conn, icid);
4972 if (!chan)
4973 return 0;
4974
4975 __clear_chan_timer(chan);
4976
4977 if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) {
4978 chan->local_amp_id = chan->move_id;
4979
4980 if (!chan->local_amp_id && chan->hs_hchan)
4981 __release_logical_link(chan);
4982
4983 l2cap_move_done(chan);
4984 }
4985
4986 l2cap_chan_unlock(chan);
4987
4125 return 0; 4988 return 0;
4126} 4989}
4127 4990
4128static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency, 4991static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
4129 u16 to_multiplier) 4992 u16 to_multiplier)
4130{ 4993{
4131 u16 max_latency; 4994 u16 max_latency;
4132 4995
@@ -4147,7 +5010,8 @@ static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
4147} 5010}
4148 5011
4149static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, 5012static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4150 struct l2cap_cmd_hdr *cmd, u8 *data) 5013 struct l2cap_cmd_hdr *cmd,
5014 u8 *data)
4151{ 5015{
4152 struct hci_conn *hcon = conn->hcon; 5016 struct hci_conn *hcon = conn->hcon;
4153 struct l2cap_conn_param_update_req *req; 5017 struct l2cap_conn_param_update_req *req;
@@ -4169,7 +5033,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4169 to_multiplier = __le16_to_cpu(req->to_multiplier); 5033 to_multiplier = __le16_to_cpu(req->to_multiplier);
4170 5034
4171 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x", 5035 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4172 min, max, latency, to_multiplier); 5036 min, max, latency, to_multiplier);
4173 5037
4174 memset(&rsp, 0, sizeof(rsp)); 5038 memset(&rsp, 0, sizeof(rsp));
4175 5039
@@ -4180,7 +5044,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4180 rsp.result = __constant_cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED); 5044 rsp.result = __constant_cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4181 5045
4182 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP, 5046 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4183 sizeof(rsp), &rsp); 5047 sizeof(rsp), &rsp);
4184 5048
4185 if (!err) 5049 if (!err)
4186 hci_le_conn_update(hcon, min, max, latency, to_multiplier); 5050 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
@@ -4189,7 +5053,8 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4189} 5053}
4190 5054
4191static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, 5055static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4192 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) 5056 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5057 u8 *data)
4193{ 5058{
4194 int err = 0; 5059 int err = 0;
4195 5060
@@ -4203,7 +5068,8 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4203 break; 5068 break;
4204 5069
4205 case L2CAP_CONN_RSP: 5070 case L2CAP_CONN_RSP:
4206 err = l2cap_connect_rsp(conn, cmd, data); 5071 case L2CAP_CREATE_CHAN_RSP:
5072 err = l2cap_connect_create_rsp(conn, cmd, data);
4207 break; 5073 break;
4208 5074
4209 case L2CAP_CONF_REQ: 5075 case L2CAP_CONF_REQ:
@@ -4241,10 +5107,6 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4241 err = l2cap_create_channel_req(conn, cmd, cmd_len, data); 5107 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4242 break; 5108 break;
4243 5109
4244 case L2CAP_CREATE_CHAN_RSP:
4245 err = l2cap_create_channel_rsp(conn, cmd, data);
4246 break;
4247
4248 case L2CAP_MOVE_CHAN_REQ: 5110 case L2CAP_MOVE_CHAN_REQ:
4249 err = l2cap_move_channel_req(conn, cmd, cmd_len, data); 5111 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4250 break; 5112 break;
@@ -4271,7 +5133,7 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4271} 5133}
4272 5134
4273static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn, 5135static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4274 struct l2cap_cmd_hdr *cmd, u8 *data) 5136 struct l2cap_cmd_hdr *cmd, u8 *data)
4275{ 5137{
4276 switch (cmd->code) { 5138 switch (cmd->code) {
4277 case L2CAP_COMMAND_REJ: 5139 case L2CAP_COMMAND_REJ:
@@ -4290,7 +5152,7 @@ static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4290} 5152}
4291 5153
4292static inline void l2cap_sig_channel(struct l2cap_conn *conn, 5154static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4293 struct sk_buff *skb) 5155 struct sk_buff *skb)
4294{ 5156{
4295 u8 *data = skb->data; 5157 u8 *data = skb->data;
4296 int len = skb->len; 5158 int len = skb->len;
@@ -4307,7 +5169,8 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4307 5169
4308 cmd_len = le16_to_cpu(cmd.len); 5170 cmd_len = le16_to_cpu(cmd.len);
4309 5171
4310 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident); 5172 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len,
5173 cmd.ident);
4311 5174
4312 if (cmd_len > len || !cmd.ident) { 5175 if (cmd_len > len || !cmd.ident) {
4313 BT_DBG("corrupted command"); 5176 BT_DBG("corrupted command");
@@ -4326,7 +5189,8 @@ static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4326 5189
4327 /* FIXME: Map err to a valid reason */ 5190 /* FIXME: Map err to a valid reason */
4328 rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); 5191 rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
4329 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej); 5192 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ,
5193 sizeof(rej), &rej);
4330 } 5194 }
4331 5195
4332 data += cmd_len; 5196 data += cmd_len;
@@ -4391,8 +5255,8 @@ static void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
4391 } 5255 }
4392} 5256}
4393 5257
4394static void append_skb_frag(struct sk_buff *skb, 5258static void append_skb_frag(struct sk_buff *skb, struct sk_buff *new_frag,
4395 struct sk_buff *new_frag, struct sk_buff **last_frag) 5259 struct sk_buff **last_frag)
4396{ 5260{
4397 /* skb->len reflects data in skb as well as all fragments 5261 /* skb->len reflects data in skb as well as all fragments
4398 * skb->data_len reflects only data in fragments 5262 * skb->data_len reflects only data in fragments
@@ -4492,6 +5356,12 @@ static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb,
4492 return err; 5356 return err;
4493} 5357}
4494 5358
5359static int l2cap_resegment(struct l2cap_chan *chan)
5360{
5361 /* Placeholder */
5362 return 0;
5363}
5364
4495void l2cap_chan_busy(struct l2cap_chan *chan, int busy) 5365void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
4496{ 5366{
4497 u8 event; 5367 u8 event;
@@ -4546,7 +5416,7 @@ static void l2cap_handle_srej(struct l2cap_chan *chan,
4546 5416
4547 if (control->reqseq == chan->next_tx_seq) { 5417 if (control->reqseq == chan->next_tx_seq) {
4548 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); 5418 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);
4549 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5419 l2cap_send_disconn_req(chan, ECONNRESET);
4550 return; 5420 return;
4551 } 5421 }
4552 5422
@@ -4560,7 +5430,7 @@ static void l2cap_handle_srej(struct l2cap_chan *chan,
4560 5430
4561 if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) { 5431 if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) {
4562 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); 5432 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
4563 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5433 l2cap_send_disconn_req(chan, ECONNRESET);
4564 return; 5434 return;
4565 } 5435 }
4566 5436
@@ -4604,7 +5474,7 @@ static void l2cap_handle_rej(struct l2cap_chan *chan,
4604 5474
4605 if (control->reqseq == chan->next_tx_seq) { 5475 if (control->reqseq == chan->next_tx_seq) {
4606 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); 5476 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq);
4607 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5477 l2cap_send_disconn_req(chan, ECONNRESET);
4608 return; 5478 return;
4609 } 5479 }
4610 5480
@@ -4613,7 +5483,7 @@ static void l2cap_handle_rej(struct l2cap_chan *chan,
4613 if (chan->max_tx && skb && 5483 if (chan->max_tx && skb &&
4614 bt_cb(skb)->control.retries >= chan->max_tx) { 5484 bt_cb(skb)->control.retries >= chan->max_tx) {
4615 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); 5485 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
4616 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5486 l2cap_send_disconn_req(chan, ECONNRESET);
4617 return; 5487 return;
4618 } 5488 }
4619 5489
@@ -4641,7 +5511,7 @@ static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4641 5511
4642 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { 5512 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
4643 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= 5513 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
4644 chan->tx_win) { 5514 chan->tx_win) {
4645 /* See notes below regarding "double poll" and 5515 /* See notes below regarding "double poll" and
4646 * invalid packets. 5516 * invalid packets.
4647 */ 5517 */
@@ -4682,8 +5552,7 @@ static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
4682 } 5552 }
4683 5553
4684 if (__seq_offset(chan, txseq, chan->last_acked_seq) < 5554 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
4685 __seq_offset(chan, chan->expected_tx_seq, 5555 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) {
4686 chan->last_acked_seq)){
4687 BT_DBG("Duplicate - expected_tx_seq later than txseq"); 5556 BT_DBG("Duplicate - expected_tx_seq later than txseq");
4688 return L2CAP_TXSEQ_DUPLICATE; 5557 return L2CAP_TXSEQ_DUPLICATE;
4689 } 5558 }
@@ -4798,8 +5667,7 @@ static int l2cap_rx_state_recv(struct l2cap_chan *chan,
4798 break; 5667 break;
4799 case L2CAP_TXSEQ_INVALID: 5668 case L2CAP_TXSEQ_INVALID:
4800 default: 5669 default:
4801 l2cap_send_disconn_req(chan->conn, chan, 5670 l2cap_send_disconn_req(chan, ECONNRESET);
4802 ECONNRESET);
4803 break; 5671 break;
4804 } 5672 }
4805 break; 5673 break;
@@ -4808,8 +5676,8 @@ static int l2cap_rx_state_recv(struct l2cap_chan *chan,
4808 if (control->final) { 5676 if (control->final) {
4809 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); 5677 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4810 5678
4811 if (!test_and_clear_bit(CONN_REJ_ACT, 5679 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state) &&
4812 &chan->conn_state)) { 5680 !__chan_is_moving(chan)) {
4813 control->final = 0; 5681 control->final = 0;
4814 l2cap_retransmit_all(chan, control); 5682 l2cap_retransmit_all(chan, control);
4815 } 5683 }
@@ -4932,8 +5800,7 @@ static int l2cap_rx_state_srej_sent(struct l2cap_chan *chan,
4932 break; 5800 break;
4933 case L2CAP_TXSEQ_INVALID: 5801 case L2CAP_TXSEQ_INVALID:
4934 default: 5802 default:
4935 l2cap_send_disconn_req(chan->conn, chan, 5803 l2cap_send_disconn_req(chan, ECONNRESET);
4936 ECONNRESET);
4937 break; 5804 break;
4938 } 5805 }
4939 break; 5806 break;
@@ -4998,6 +5865,96 @@ static int l2cap_rx_state_srej_sent(struct l2cap_chan *chan,
4998 return err; 5865 return err;
4999} 5866}
5000 5867
5868static int l2cap_finish_move(struct l2cap_chan *chan)
5869{
5870 BT_DBG("chan %p", chan);
5871
5872 chan->rx_state = L2CAP_RX_STATE_RECV;
5873
5874 if (chan->hs_hcon)
5875 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu;
5876 else
5877 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
5878
5879 return l2cap_resegment(chan);
5880}
5881
5882static int l2cap_rx_state_wait_p(struct l2cap_chan *chan,
5883 struct l2cap_ctrl *control,
5884 struct sk_buff *skb, u8 event)
5885{
5886 int err;
5887
5888 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
5889 event);
5890
5891 if (!control->poll)
5892 return -EPROTO;
5893
5894 l2cap_process_reqseq(chan, control->reqseq);
5895
5896 if (!skb_queue_empty(&chan->tx_q))
5897 chan->tx_send_head = skb_peek(&chan->tx_q);
5898 else
5899 chan->tx_send_head = NULL;
5900
5901 /* Rewind next_tx_seq to the point expected
5902 * by the receiver.
5903 */
5904 chan->next_tx_seq = control->reqseq;
5905 chan->unacked_frames = 0;
5906
5907 err = l2cap_finish_move(chan);
5908 if (err)
5909 return err;
5910
5911 set_bit(CONN_SEND_FBIT, &chan->conn_state);
5912 l2cap_send_i_or_rr_or_rnr(chan);
5913
5914 if (event == L2CAP_EV_RECV_IFRAME)
5915 return -EPROTO;
5916
5917 return l2cap_rx_state_recv(chan, control, NULL, event);
5918}
5919
5920static int l2cap_rx_state_wait_f(struct l2cap_chan *chan,
5921 struct l2cap_ctrl *control,
5922 struct sk_buff *skb, u8 event)
5923{
5924 int err;
5925
5926 if (!control->final)
5927 return -EPROTO;
5928
5929 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
5930
5931 chan->rx_state = L2CAP_RX_STATE_RECV;
5932 l2cap_process_reqseq(chan, control->reqseq);
5933
5934 if (!skb_queue_empty(&chan->tx_q))
5935 chan->tx_send_head = skb_peek(&chan->tx_q);
5936 else
5937 chan->tx_send_head = NULL;
5938
5939 /* Rewind next_tx_seq to the point expected
5940 * by the receiver.
5941 */
5942 chan->next_tx_seq = control->reqseq;
5943 chan->unacked_frames = 0;
5944
5945 if (chan->hs_hcon)
5946 chan->conn->mtu = chan->hs_hcon->hdev->block_mtu;
5947 else
5948 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
5949
5950 err = l2cap_resegment(chan);
5951
5952 if (!err)
5953 err = l2cap_rx_state_recv(chan, control, skb, event);
5954
5955 return err;
5956}
5957
5001static bool __valid_reqseq(struct l2cap_chan *chan, u16 reqseq) 5958static bool __valid_reqseq(struct l2cap_chan *chan, u16 reqseq)
5002{ 5959{
5003 /* Make sure reqseq is for a packet that has been sent but not acked */ 5960 /* Make sure reqseq is for a packet that has been sent but not acked */
@@ -5024,6 +5981,12 @@ static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
5024 err = l2cap_rx_state_srej_sent(chan, control, skb, 5981 err = l2cap_rx_state_srej_sent(chan, control, skb,
5025 event); 5982 event);
5026 break; 5983 break;
5984 case L2CAP_RX_STATE_WAIT_P:
5985 err = l2cap_rx_state_wait_p(chan, control, skb, event);
5986 break;
5987 case L2CAP_RX_STATE_WAIT_F:
5988 err = l2cap_rx_state_wait_f(chan, control, skb, event);
5989 break;
5027 default: 5990 default:
5028 /* shut it down */ 5991 /* shut it down */
5029 break; 5992 break;
@@ -5032,7 +5995,7 @@ static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
5032 BT_DBG("Invalid reqseq %d (next_tx_seq %d, expected_ack_seq %d", 5995 BT_DBG("Invalid reqseq %d (next_tx_seq %d, expected_ack_seq %d",
5033 control->reqseq, chan->next_tx_seq, 5996 control->reqseq, chan->next_tx_seq,
5034 chan->expected_ack_seq); 5997 chan->expected_ack_seq);
5035 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5998 l2cap_send_disconn_req(chan, ECONNRESET);
5036 } 5999 }
5037 6000
5038 return err; 6001 return err;
@@ -5101,7 +6064,7 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
5101 len -= L2CAP_FCS_SIZE; 6064 len -= L2CAP_FCS_SIZE;
5102 6065
5103 if (len > chan->mps) { 6066 if (len > chan->mps) {
5104 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 6067 l2cap_send_disconn_req(chan, ECONNRESET);
5105 goto drop; 6068 goto drop;
5106 } 6069 }
5107 6070
@@ -5126,8 +6089,7 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
5126 } 6089 }
5127 6090
5128 if (err) 6091 if (err)
5129 l2cap_send_disconn_req(chan->conn, chan, 6092 l2cap_send_disconn_req(chan, ECONNRESET);
5130 ECONNRESET);
5131 } else { 6093 } else {
5132 const u8 rx_func_to_event[4] = { 6094 const u8 rx_func_to_event[4] = {
5133 L2CAP_EV_RECV_RR, L2CAP_EV_RECV_REJ, 6095 L2CAP_EV_RECV_RR, L2CAP_EV_RECV_REJ,
@@ -5143,8 +6105,8 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
5143 control->super); 6105 control->super);
5144 6106
5145 if (len != 0) { 6107 if (len != 0) {
5146 BT_ERR("%d", len); 6108 BT_ERR("Trailing bytes: %d in sframe", len);
5147 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 6109 l2cap_send_disconn_req(chan, ECONNRESET);
5148 goto drop; 6110 goto drop;
5149 } 6111 }
5150 6112
@@ -5155,7 +6117,7 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
5155 6117
5156 event = rx_func_to_event[control->super]; 6118 event = rx_func_to_event[control->super];
5157 if (l2cap_rx(chan, control, skb, event)) 6119 if (l2cap_rx(chan, control, skb, event))
5158 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 6120 l2cap_send_disconn_req(chan, ECONNRESET);
5159 } 6121 }
5160 6122
5161 return 0; 6123 return 0;
@@ -5323,7 +6285,7 @@ int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
5323 int exact = 0, lm1 = 0, lm2 = 0; 6285 int exact = 0, lm1 = 0, lm2 = 0;
5324 struct l2cap_chan *c; 6286 struct l2cap_chan *c;
5325 6287
5326 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 6288 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
5327 6289
5328 /* Find listening sockets and check their link_mode */ 6290 /* Find listening sockets and check their link_mode */
5329 read_lock(&chan_list_lock); 6291 read_lock(&chan_list_lock);
@@ -5353,15 +6315,15 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
5353{ 6315{
5354 struct l2cap_conn *conn; 6316 struct l2cap_conn *conn;
5355 6317
5356 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 6318 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
5357 6319
5358 if (!status) { 6320 if (!status) {
5359 conn = l2cap_conn_add(hcon, status); 6321 conn = l2cap_conn_add(hcon, status);
5360 if (conn) 6322 if (conn)
5361 l2cap_conn_ready(conn); 6323 l2cap_conn_ready(conn);
5362 } else 6324 } else {
5363 l2cap_conn_del(hcon, bt_to_errno(status)); 6325 l2cap_conn_del(hcon, bt_to_errno(status));
5364 6326 }
5365} 6327}
5366 6328
5367int l2cap_disconn_ind(struct hci_conn *hcon) 6329int l2cap_disconn_ind(struct hci_conn *hcon)
@@ -5437,13 +6399,13 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5437 continue; 6399 continue;
5438 } 6400 }
5439 6401
5440 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) { 6402 if (!__l2cap_no_conn_pending(chan)) {
5441 l2cap_chan_unlock(chan); 6403 l2cap_chan_unlock(chan);
5442 continue; 6404 continue;
5443 } 6405 }
5444 6406
5445 if (!status && (chan->state == BT_CONNECTED || 6407 if (!status && (chan->state == BT_CONNECTED ||
5446 chan->state == BT_CONFIG)) { 6408 chan->state == BT_CONFIG)) {
5447 struct sock *sk = chan->sk; 6409 struct sock *sk = chan->sk;
5448 6410
5449 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 6411 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
@@ -5456,7 +6418,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5456 6418
5457 if (chan->state == BT_CONNECT) { 6419 if (chan->state == BT_CONNECT) {
5458 if (!status) { 6420 if (!status) {
5459 l2cap_send_conn_req(chan); 6421 l2cap_start_connection(chan);
5460 } else { 6422 } else {
5461 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT); 6423 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
5462 } 6424 }
@@ -5470,11 +6432,9 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5470 if (!status) { 6432 if (!status) {
5471 if (test_bit(BT_SK_DEFER_SETUP, 6433 if (test_bit(BT_SK_DEFER_SETUP,
5472 &bt_sk(sk)->flags)) { 6434 &bt_sk(sk)->flags)) {
5473 struct sock *parent = bt_sk(sk)->parent;
5474 res = L2CAP_CR_PEND; 6435 res = L2CAP_CR_PEND;
5475 stat = L2CAP_CS_AUTHOR_PEND; 6436 stat = L2CAP_CS_AUTHOR_PEND;
5476 if (parent) 6437 chan->ops->defer(chan);
5477 parent->sk_data_ready(parent, 0);
5478 } else { 6438 } else {
5479 __l2cap_state_change(chan, BT_CONFIG); 6439 __l2cap_state_change(chan, BT_CONFIG);
5480 res = L2CAP_CR_SUCCESS; 6440 res = L2CAP_CR_SUCCESS;
@@ -5494,7 +6454,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5494 rsp.result = cpu_to_le16(res); 6454 rsp.result = cpu_to_le16(res);
5495 rsp.status = cpu_to_le16(stat); 6455 rsp.status = cpu_to_le16(stat);
5496 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, 6456 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5497 sizeof(rsp), &rsp); 6457 sizeof(rsp), &rsp);
5498 6458
5499 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) && 6459 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) &&
5500 res == L2CAP_CR_SUCCESS) { 6460 res == L2CAP_CR_SUCCESS) {
@@ -5519,6 +6479,12 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
5519int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) 6479int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5520{ 6480{
5521 struct l2cap_conn *conn = hcon->l2cap_data; 6481 struct l2cap_conn *conn = hcon->l2cap_data;
6482 struct l2cap_hdr *hdr;
6483 int len;
6484
6485 /* For AMP controller do not create l2cap conn */
6486 if (!conn && hcon->hdev->dev_type != HCI_BREDR)
6487 goto drop;
5522 6488
5523 if (!conn) 6489 if (!conn)
5524 conn = l2cap_conn_add(hcon, 0); 6490 conn = l2cap_conn_add(hcon, 0);
@@ -5528,10 +6494,10 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5528 6494
5529 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags); 6495 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5530 6496
5531 if (!(flags & ACL_CONT)) { 6497 switch (flags) {
5532 struct l2cap_hdr *hdr; 6498 case ACL_START:
5533 int len; 6499 case ACL_START_NO_FLUSH:
5534 6500 case ACL_COMPLETE:
5535 if (conn->rx_len) { 6501 if (conn->rx_len) {
5536 BT_ERR("Unexpected start frame (len %d)", skb->len); 6502 BT_ERR("Unexpected start frame (len %d)", skb->len);
5537 kfree_skb(conn->rx_skb); 6503 kfree_skb(conn->rx_skb);
@@ -5560,20 +6526,22 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5560 6526
5561 if (skb->len > len) { 6527 if (skb->len > len) {
5562 BT_ERR("Frame is too long (len %d, expected len %d)", 6528 BT_ERR("Frame is too long (len %d, expected len %d)",
5563 skb->len, len); 6529 skb->len, len);
5564 l2cap_conn_unreliable(conn, ECOMM); 6530 l2cap_conn_unreliable(conn, ECOMM);
5565 goto drop; 6531 goto drop;
5566 } 6532 }
5567 6533
5568 /* Allocate skb for the complete frame (with header) */ 6534 /* Allocate skb for the complete frame (with header) */
5569 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC); 6535 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL);
5570 if (!conn->rx_skb) 6536 if (!conn->rx_skb)
5571 goto drop; 6537 goto drop;
5572 6538
5573 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 6539 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
5574 skb->len); 6540 skb->len);
5575 conn->rx_len = len - skb->len; 6541 conn->rx_len = len - skb->len;
5576 } else { 6542 break;
6543
6544 case ACL_CONT:
5577 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len); 6545 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5578 6546
5579 if (!conn->rx_len) { 6547 if (!conn->rx_len) {
@@ -5584,7 +6552,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5584 6552
5585 if (skb->len > conn->rx_len) { 6553 if (skb->len > conn->rx_len) {
5586 BT_ERR("Fragment is too long (len %d, expected %d)", 6554 BT_ERR("Fragment is too long (len %d, expected %d)",
5587 skb->len, conn->rx_len); 6555 skb->len, conn->rx_len);
5588 kfree_skb(conn->rx_skb); 6556 kfree_skb(conn->rx_skb);
5589 conn->rx_skb = NULL; 6557 conn->rx_skb = NULL;
5590 conn->rx_len = 0; 6558 conn->rx_len = 0;
@@ -5593,7 +6561,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5593 } 6561 }
5594 6562
5595 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len), 6563 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
5596 skb->len); 6564 skb->len);
5597 conn->rx_len -= skb->len; 6565 conn->rx_len -= skb->len;
5598 6566
5599 if (!conn->rx_len) { 6567 if (!conn->rx_len) {
@@ -5601,6 +6569,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
5601 l2cap_recv_frame(conn, conn->rx_skb); 6569 l2cap_recv_frame(conn, conn->rx_skb);
5602 conn->rx_skb = NULL; 6570 conn->rx_skb = NULL;
5603 } 6571 }
6572 break;
5604 } 6573 }
5605 6574
5606drop: 6575drop:
@@ -5617,12 +6586,11 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p)
5617 list_for_each_entry(c, &chan_list, global_l) { 6586 list_for_each_entry(c, &chan_list, global_l) {
5618 struct sock *sk = c->sk; 6587 struct sock *sk = c->sk;
5619 6588
5620 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", 6589 seq_printf(f, "%pMR %pMR %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
5621 batostr(&bt_sk(sk)->src), 6590 &bt_sk(sk)->src, &bt_sk(sk)->dst,
5622 batostr(&bt_sk(sk)->dst), 6591 c->state, __le16_to_cpu(c->psm),
5623 c->state, __le16_to_cpu(c->psm), 6592 c->scid, c->dcid, c->imtu, c->omtu,
5624 c->scid, c->dcid, c->imtu, c->omtu, 6593 c->sec_level, c->mode);
5625 c->sec_level, c->mode);
5626 } 6594 }
5627 6595
5628 read_unlock(&chan_list_lock); 6596 read_unlock(&chan_list_lock);
@@ -5653,8 +6621,8 @@ int __init l2cap_init(void)
5653 return err; 6621 return err;
5654 6622
5655 if (bt_debugfs) { 6623 if (bt_debugfs) {
5656 l2cap_debugfs = debugfs_create_file("l2cap", 0444, 6624 l2cap_debugfs = debugfs_create_file("l2cap", 0444, bt_debugfs,
5657 bt_debugfs, NULL, &l2cap_debugfs_fops); 6625 NULL, &l2cap_debugfs_fops);
5658 if (!l2cap_debugfs) 6626 if (!l2cap_debugfs)
5659 BT_ERR("Failed to create L2CAP debug file"); 6627 BT_ERR("Failed to create L2CAP debug file");
5660 } 6628 }
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 083f2bf065d4..1bcfb8422fdc 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -40,7 +40,8 @@ static struct bt_sock_list l2cap_sk_list = {
40 40
41static const struct proto_ops l2cap_sock_ops; 41static const struct proto_ops l2cap_sock_ops;
42static void l2cap_sock_init(struct sock *sk, struct sock *parent); 42static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio);
44 45
45static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
46{ 47{
@@ -106,7 +107,8 @@ done:
106 return err; 107 return err;
107} 108}
108 109
109static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) 110static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
111 int alen, int flags)
110{ 112{
111 struct sock *sk = sock->sk; 113 struct sock *sk = sock->sk;
112 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 114 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -134,7 +136,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al
134 lock_sock(sk); 136 lock_sock(sk);
135 137
136 err = bt_sock_wait_state(sk, BT_CONNECTED, 138 err = bt_sock_wait_state(sk, BT_CONNECTED,
137 sock_sndtimeo(sk, flags & O_NONBLOCK)); 139 sock_sndtimeo(sk, flags & O_NONBLOCK));
138 140
139 release_sock(sk); 141 release_sock(sk);
140 142
@@ -185,7 +187,8 @@ done:
185 return err; 187 return err;
186} 188}
187 189
188static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags) 190static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
191 int flags)
189{ 192{
190 DECLARE_WAITQUEUE(wait, current); 193 DECLARE_WAITQUEUE(wait, current);
191 struct sock *sk = sock->sk, *nsk; 194 struct sock *sk = sock->sk, *nsk;
@@ -241,7 +244,8 @@ done:
241 return err; 244 return err;
242} 245}
243 246
244static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer) 247static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr,
248 int *len, int peer)
245{ 249{
246 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr; 250 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
247 struct sock *sk = sock->sk; 251 struct sock *sk = sock->sk;
@@ -266,7 +270,8 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *l
266 return 0; 270 return 0;
267} 271}
268 272
269static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) 273static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
274 char __user *optval, int __user *optlen)
270{ 275{
271 struct sock *sk = sock->sk; 276 struct sock *sk = sock->sk;
272 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 277 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -309,7 +314,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
309 break; 314 break;
310 case BT_SECURITY_HIGH: 315 case BT_SECURITY_HIGH:
311 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | 316 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
312 L2CAP_LM_SECURE; 317 L2CAP_LM_SECURE;
313 break; 318 break;
314 default: 319 default:
315 opt = 0; 320 opt = 0;
@@ -353,7 +358,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __us
353 return err; 358 return err;
354} 359}
355 360
356static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) 361static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
362 char __user *optval, int __user *optlen)
357{ 363{
358 struct sock *sk = sock->sk; 364 struct sock *sk = sock->sk;
359 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 365 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -377,19 +383,20 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
377 switch (optname) { 383 switch (optname) {
378 case BT_SECURITY: 384 case BT_SECURITY:
379 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 385 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
380 chan->chan_type != L2CAP_CHAN_RAW) { 386 chan->chan_type != L2CAP_CHAN_RAW) {
381 err = -EINVAL; 387 err = -EINVAL;
382 break; 388 break;
383 } 389 }
384 390
385 memset(&sec, 0, sizeof(sec)); 391 memset(&sec, 0, sizeof(sec));
386 if (chan->conn) 392 if (chan->conn) {
387 sec.level = chan->conn->hcon->sec_level; 393 sec.level = chan->conn->hcon->sec_level;
388 else
389 sec.level = chan->sec_level;
390 394
391 if (sk->sk_state == BT_CONNECTED) 395 if (sk->sk_state == BT_CONNECTED)
392 sec.key_size = chan->conn->hcon->enc_key_size; 396 sec.key_size = chan->conn->hcon->enc_key_size;
397 } else {
398 sec.level = chan->sec_level;
399 }
393 400
394 len = min_t(unsigned int, len, sizeof(sec)); 401 len = min_t(unsigned int, len, sizeof(sec));
395 if (copy_to_user(optval, (char *) &sec, len)) 402 if (copy_to_user(optval, (char *) &sec, len))
@@ -411,14 +418,14 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch
411 418
412 case BT_FLUSHABLE: 419 case BT_FLUSHABLE:
413 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags), 420 if (put_user(test_bit(FLAG_FLUSHABLE, &chan->flags),
414 (u32 __user *) optval)) 421 (u32 __user *) optval))
415 err = -EFAULT; 422 err = -EFAULT;
416 423
417 break; 424 break;
418 425
419 case BT_POWER: 426 case BT_POWER:
420 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM 427 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
421 && sk->sk_type != SOCK_RAW) { 428 && sk->sk_type != SOCK_RAW) {
422 err = -EINVAL; 429 err = -EINVAL;
423 break; 430 break;
424 } 431 }
@@ -466,7 +473,8 @@ static bool l2cap_valid_mtu(struct l2cap_chan *chan, u16 mtu)
466 return true; 473 return true;
467} 474}
468 475
469static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen) 476static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
477 char __user *optval, unsigned int optlen)
470{ 478{
471 struct sock *sk = sock->sk; 479 struct sock *sk = sock->sk;
472 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 480 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -529,6 +537,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
529 chan->fcs = opts.fcs; 537 chan->fcs = opts.fcs;
530 chan->max_tx = opts.max_tx; 538 chan->max_tx = opts.max_tx;
531 chan->tx_win = opts.txwin_size; 539 chan->tx_win = opts.txwin_size;
540 chan->flush_to = opts.flush_to;
532 break; 541 break;
533 542
534 case L2CAP_LM: 543 case L2CAP_LM:
@@ -564,7 +573,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
564 return err; 573 return err;
565} 574}
566 575
567static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 576static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
577 char __user *optval, unsigned int optlen)
568{ 578{
569 struct sock *sk = sock->sk; 579 struct sock *sk = sock->sk;
570 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 580 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -587,7 +597,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
587 switch (optname) { 597 switch (optname) {
588 case BT_SECURITY: 598 case BT_SECURITY:
589 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 599 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
590 chan->chan_type != L2CAP_CHAN_RAW) { 600 chan->chan_type != L2CAP_CHAN_RAW) {
591 err = -EINVAL; 601 err = -EINVAL;
592 break; 602 break;
593 } 603 }
@@ -601,7 +611,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
601 } 611 }
602 612
603 if (sec.level < BT_SECURITY_LOW || 613 if (sec.level < BT_SECURITY_LOW ||
604 sec.level > BT_SECURITY_HIGH) { 614 sec.level > BT_SECURITY_HIGH) {
605 err = -EINVAL; 615 err = -EINVAL;
606 break; 616 break;
607 } 617 }
@@ -627,7 +637,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
627 637
628 /* or for ACL link */ 638 /* or for ACL link */
629 } else if ((sk->sk_state == BT_CONNECT2 && 639 } else if ((sk->sk_state == BT_CONNECT2 &&
630 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) || 640 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) ||
631 sk->sk_state == BT_CONNECTED) { 641 sk->sk_state == BT_CONNECTED) {
632 if (!l2cap_chan_check_security(chan)) 642 if (!l2cap_chan_check_security(chan))
633 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags); 643 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
@@ -684,7 +694,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
684 694
685 case BT_POWER: 695 case BT_POWER:
686 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && 696 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED &&
687 chan->chan_type != L2CAP_CHAN_RAW) { 697 chan->chan_type != L2CAP_CHAN_RAW) {
688 err = -EINVAL; 698 err = -EINVAL;
689 break; 699 break;
690 } 700 }
@@ -720,12 +730,17 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
720 } 730 }
721 731
722 if (chan->mode != L2CAP_MODE_ERTM && 732 if (chan->mode != L2CAP_MODE_ERTM &&
723 chan->mode != L2CAP_MODE_STREAMING) { 733 chan->mode != L2CAP_MODE_STREAMING) {
724 err = -EOPNOTSUPP; 734 err = -EOPNOTSUPP;
725 break; 735 break;
726 } 736 }
727 737
728 chan->chan_policy = (u8) opt; 738 chan->chan_policy = (u8) opt;
739
740 if (sk->sk_state == BT_CONNECTED &&
741 chan->move_role == L2CAP_MOVE_ROLE_NONE)
742 l2cap_move_start(chan);
743
729 break; 744 break;
730 745
731 default: 746 default:
@@ -737,7 +752,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
737 return err; 752 return err;
738} 753}
739 754
740static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) 755static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
756 struct msghdr *msg, size_t len)
741{ 757{
742 struct sock *sk = sock->sk; 758 struct sock *sk = sock->sk;
743 struct l2cap_chan *chan = l2cap_pi(sk)->chan; 759 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
@@ -762,7 +778,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms
762 return err; 778 return err;
763} 779}
764 780
765static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) 781static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
782 struct msghdr *msg, size_t len, int flags)
766{ 783{
767 struct sock *sk = sock->sk; 784 struct sock *sk = sock->sk;
768 struct l2cap_pinfo *pi = l2cap_pi(sk); 785 struct l2cap_pinfo *pi = l2cap_pi(sk);
@@ -866,7 +883,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
866 883
867 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) 884 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
868 err = bt_sock_wait_state(sk, BT_CLOSED, 885 err = bt_sock_wait_state(sk, BT_CLOSED,
869 sk->sk_lingertime); 886 sk->sk_lingertime);
870 } 887 }
871 888
872 if (!err && sk->sk_err) 889 if (!err && sk->sk_err)
@@ -930,7 +947,7 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
930 } 947 }
931 948
932 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, 949 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP,
933 GFP_ATOMIC); 950 GFP_ATOMIC);
934 if (!sk) 951 if (!sk)
935 return NULL; 952 return NULL;
936 953
@@ -938,6 +955,8 @@ static struct l2cap_chan *l2cap_sock_new_connection_cb(struct l2cap_chan *chan)
938 955
939 l2cap_sock_init(sk, parent); 956 l2cap_sock_init(sk, parent);
940 957
958 bt_accept_enqueue(parent, sk);
959
941 return l2cap_pi(sk)->chan; 960 return l2cap_pi(sk)->chan;
942} 961}
943 962
@@ -1068,6 +1087,15 @@ static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
1068 release_sock(sk); 1087 release_sock(sk);
1069} 1088}
1070 1089
1090static void l2cap_sock_defer_cb(struct l2cap_chan *chan)
1091{
1092 struct sock *sk = chan->data;
1093 struct sock *parent = bt_sk(sk)->parent;
1094
1095 if (parent)
1096 parent->sk_data_ready(parent, 0);
1097}
1098
1071static struct l2cap_ops l2cap_chan_ops = { 1099static struct l2cap_ops l2cap_chan_ops = {
1072 .name = "L2CAP Socket Interface", 1100 .name = "L2CAP Socket Interface",
1073 .new_connection = l2cap_sock_new_connection_cb, 1101 .new_connection = l2cap_sock_new_connection_cb,
@@ -1076,6 +1104,7 @@ static struct l2cap_ops l2cap_chan_ops = {
1076 .teardown = l2cap_sock_teardown_cb, 1104 .teardown = l2cap_sock_teardown_cb,
1077 .state_change = l2cap_sock_state_change_cb, 1105 .state_change = l2cap_sock_state_change_cb,
1078 .ready = l2cap_sock_ready_cb, 1106 .ready = l2cap_sock_ready_cb,
1107 .defer = l2cap_sock_defer_cb,
1079 .alloc_skb = l2cap_sock_alloc_skb_cb, 1108 .alloc_skb = l2cap_sock_alloc_skb_cb,
1080}; 1109};
1081 1110
@@ -1083,7 +1112,8 @@ static void l2cap_sock_destruct(struct sock *sk)
1083{ 1112{
1084 BT_DBG("sk %p", sk); 1113 BT_DBG("sk %p", sk);
1085 1114
1086 l2cap_chan_put(l2cap_pi(sk)->chan); 1115 if (l2cap_pi(sk)->chan)
1116 l2cap_chan_put(l2cap_pi(sk)->chan);
1087 if (l2cap_pi(sk)->rx_busy_skb) { 1117 if (l2cap_pi(sk)->rx_busy_skb) {
1088 kfree_skb(l2cap_pi(sk)->rx_busy_skb); 1118 kfree_skb(l2cap_pi(sk)->rx_busy_skb);
1089 l2cap_pi(sk)->rx_busy_skb = NULL; 1119 l2cap_pi(sk)->rx_busy_skb = NULL;
@@ -1159,7 +1189,8 @@ static struct proto l2cap_proto = {
1159 .obj_size = sizeof(struct l2cap_pinfo) 1189 .obj_size = sizeof(struct l2cap_pinfo)
1160}; 1190};
1161 1191
1162static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 1192static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
1193 int proto, gfp_t prio)
1163{ 1194{
1164 struct sock *sk; 1195 struct sock *sk;
1165 struct l2cap_chan *chan; 1196 struct l2cap_chan *chan;
@@ -1204,7 +1235,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
1204 sock->state = SS_UNCONNECTED; 1235 sock->state = SS_UNCONNECTED;
1205 1236
1206 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM && 1237 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
1207 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) 1238 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
1208 return -ESOCKTNOSUPPORT; 1239 return -ESOCKTNOSUPPORT;
1209 1240
1210 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) 1241 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
@@ -1261,7 +1292,8 @@ int __init l2cap_init_sockets(void)
1261 goto error; 1292 goto error;
1262 } 1293 }
1263 1294
1264 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list, NULL); 1295 err = bt_procfs_init(THIS_MODULE, &init_net, "l2cap", &l2cap_sk_list,
1296 NULL);
1265 if (err < 0) { 1297 if (err < 0) {
1266 BT_ERR("Failed to create L2CAP proc file"); 1298 BT_ERR("Failed to create L2CAP proc file");
1267 bt_sock_unregister(BTPROTO_L2CAP); 1299 bt_sock_unregister(BTPROTO_L2CAP);
diff --git a/net/bluetooth/lib.c b/net/bluetooth/lib.c
index e1c97527e16c..b3fbc73516c4 100644
--- a/net/bluetooth/lib.c
+++ b/net/bluetooth/lib.c
@@ -41,20 +41,6 @@ void baswap(bdaddr_t *dst, bdaddr_t *src)
41} 41}
42EXPORT_SYMBOL(baswap); 42EXPORT_SYMBOL(baswap);
43 43
44char *batostr(bdaddr_t *ba)
45{
46 static char str[2][18];
47 static int i = 1;
48
49 i ^= 1;
50 sprintf(str[i], "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
51 ba->b[5], ba->b[4], ba->b[3],
52 ba->b[2], ba->b[1], ba->b[0]);
53
54 return str[i];
55}
56EXPORT_SYMBOL(batostr);
57
58/* Bluetooth error codes to Unix errno mapping */ 44/* Bluetooth error codes to Unix errno mapping */
59int bt_to_errno(__u16 code) 45int bt_to_errno(__u16 code)
60{ 46{
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index aa2ea0a8142c..f559b966279c 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -222,7 +222,7 @@ static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
222 222
223 hdr = (void *) skb_put(skb, sizeof(*hdr)); 223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224 224
225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index); 226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev)); 227 hdr->len = cpu_to_le16(sizeof(*ev));
228 228
@@ -253,7 +253,7 @@ static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
253 253
254 hdr = (void *) skb_put(skb, sizeof(*hdr)); 254 hdr = (void *) skb_put(skb, sizeof(*hdr));
255 255
256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index); 257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
259 259
@@ -326,7 +326,7 @@ static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
326 struct hci_dev *d; 326 struct hci_dev *d;
327 size_t rp_len; 327 size_t rp_len;
328 u16 count; 328 u16 count;
329 int i, err; 329 int err;
330 330
331 BT_DBG("sock %p", sk); 331 BT_DBG("sock %p", sk);
332 332
@@ -347,9 +347,7 @@ static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 return -ENOMEM; 347 return -ENOMEM;
348 } 348 }
349 349
350 rp->num_controllers = cpu_to_le16(count); 350 count = 0;
351
352 i = 0;
353 list_for_each_entry(d, &hci_dev_list, list) { 351 list_for_each_entry(d, &hci_dev_list, list) {
354 if (test_bit(HCI_SETUP, &d->dev_flags)) 352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 continue; 353 continue;
@@ -357,10 +355,13 @@ static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
357 if (!mgmt_valid_hdev(d)) 355 if (!mgmt_valid_hdev(d))
358 continue; 356 continue;
359 357
360 rp->index[i++] = cpu_to_le16(d->id); 358 rp->index[count++] = cpu_to_le16(d->id);
361 BT_DBG("Added hci%u", d->id); 359 BT_DBG("Added hci%u", d->id);
362 } 360 }
363 361
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
364 read_unlock(&hci_dev_list_lock); 365 read_unlock(&hci_dev_list_lock);
365 366
366 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp, 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
@@ -376,15 +377,15 @@ static u32 get_supported_settings(struct hci_dev *hdev)
376 u32 settings = 0; 377 u32 settings = 0;
377 378
378 settings |= MGMT_SETTING_POWERED; 379 settings |= MGMT_SETTING_POWERED;
379 settings |= MGMT_SETTING_CONNECTABLE;
380 settings |= MGMT_SETTING_FAST_CONNECTABLE;
381 settings |= MGMT_SETTING_DISCOVERABLE;
382 settings |= MGMT_SETTING_PAIRABLE; 380 settings |= MGMT_SETTING_PAIRABLE;
383 381
384 if (lmp_ssp_capable(hdev)) 382 if (lmp_ssp_capable(hdev))
385 settings |= MGMT_SETTING_SSP; 383 settings |= MGMT_SETTING_SSP;
386 384
387 if (lmp_bredr_capable(hdev)) { 385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
388 settings |= MGMT_SETTING_BREDR; 389 settings |= MGMT_SETTING_BREDR;
389 settings |= MGMT_SETTING_LINK_SECURITY; 390 settings |= MGMT_SETTING_LINK_SECURITY;
390 } 391 }
@@ -484,7 +485,7 @@ static void create_eir(struct hci_dev *hdev, u8 *data)
484 ptr += (name_len + 2); 485 ptr += (name_len + 2);
485 } 486 }
486 487
487 if (hdev->inq_tx_power) { 488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
488 ptr[0] = 2; 489 ptr[0] = 2;
489 ptr[1] = EIR_TX_POWER; 490 ptr[1] = EIR_TX_POWER;
490 ptr[2] = (u8) hdev->inq_tx_power; 491 ptr[2] = (u8) hdev->inq_tx_power;
@@ -565,7 +566,7 @@ static int update_eir(struct hci_dev *hdev)
565 if (!hdev_is_powered(hdev)) 566 if (!hdev_is_powered(hdev))
566 return 0; 567 return 0;
567 568
568 if (!(hdev->features[6] & LMP_EXT_INQ)) 569 if (!lmp_ext_inq_capable(hdev))
569 return 0; 570 return 0;
570 571
571 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) 572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
@@ -832,7 +833,7 @@ static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
832 if (hdev) 833 if (hdev)
833 hdr->index = cpu_to_le16(hdev->id); 834 hdr->index = cpu_to_le16(hdev->id);
834 else 835 else
835 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 836 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
836 hdr->len = cpu_to_le16(data_len); 837 hdr->len = cpu_to_le16(data_len);
837 838
838 if (data) 839 if (data)
@@ -867,6 +868,10 @@ static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
867 868
868 BT_DBG("request for %s", hdev->name); 869 BT_DBG("request for %s", hdev->name);
869 870
871 if (!lmp_bredr_capable(hdev))
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
873 MGMT_STATUS_NOT_SUPPORTED);
874
870 timeout = __le16_to_cpu(cp->timeout); 875 timeout = __le16_to_cpu(cp->timeout);
871 if (!cp->val && timeout > 0) 876 if (!cp->val && timeout > 0)
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
@@ -962,6 +967,10 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
962 967
963 BT_DBG("request for %s", hdev->name); 968 BT_DBG("request for %s", hdev->name);
964 969
970 if (!lmp_bredr_capable(hdev))
971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
972 MGMT_STATUS_NOT_SUPPORTED);
973
965 hci_dev_lock(hdev); 974 hci_dev_lock(hdev);
966 975
967 if (!hdev_is_powered(hdev)) { 976 if (!hdev_is_powered(hdev)) {
@@ -1060,6 +1069,10 @@ static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1060 1069
1061 BT_DBG("request for %s", hdev->name); 1070 BT_DBG("request for %s", hdev->name);
1062 1071
1072 if (!lmp_bredr_capable(hdev))
1073 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1074 MGMT_STATUS_NOT_SUPPORTED);
1075
1063 hci_dev_lock(hdev); 1076 hci_dev_lock(hdev);
1064 1077
1065 if (!hdev_is_powered(hdev)) { 1078 if (!hdev_is_powered(hdev)) {
@@ -1213,7 +1226,7 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1213 } 1226 }
1214 1227
1215 val = !!cp->val; 1228 val = !!cp->val;
1216 enabled = !!(hdev->host_features[0] & LMP_HOST_LE); 1229 enabled = lmp_host_le_capable(hdev);
1217 1230
1218 if (!hdev_is_powered(hdev) || val == enabled) { 1231 if (!hdev_is_powered(hdev) || val == enabled) {
1219 bool changed = false; 1232 bool changed = false;
@@ -1249,7 +1262,7 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1249 1262
1250 if (val) { 1263 if (val) {
1251 hci_cp.le = val; 1264 hci_cp.le = val;
1252 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); 1265 hci_cp.simul = lmp_le_br_capable(hdev);
1253 } 1266 }
1254 1267
1255 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1268 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
@@ -1366,6 +1379,7 @@ static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1366 continue; 1379 continue;
1367 1380
1368 list_del(&match->list); 1381 list_del(&match->list);
1382 kfree(match);
1369 found++; 1383 found++;
1370 } 1384 }
1371 1385
@@ -2594,6 +2608,10 @@ static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2594 2608
2595 BT_DBG("%s", hdev->name); 2609 BT_DBG("%s", hdev->name);
2596 2610
2611 if (!lmp_bredr_capable(hdev))
2612 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2613 MGMT_STATUS_NOT_SUPPORTED);
2614
2597 if (!hdev_is_powered(hdev)) 2615 if (!hdev_is_powered(hdev))
2598 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 2616 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2599 MGMT_STATUS_NOT_POWERED); 2617 MGMT_STATUS_NOT_POWERED);
@@ -2871,6 +2889,21 @@ static void settings_rsp(struct pending_cmd *cmd, void *data)
2871 mgmt_pending_free(cmd); 2889 mgmt_pending_free(cmd);
2872} 2890}
2873 2891
2892static int set_bredr_scan(struct hci_dev *hdev)
2893{
2894 u8 scan = 0;
2895
2896 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2897 scan |= SCAN_PAGE;
2898 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2899 scan |= SCAN_INQUIRY;
2900
2901 if (!scan)
2902 return 0;
2903
2904 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2905}
2906
2874int mgmt_powered(struct hci_dev *hdev, u8 powered) 2907int mgmt_powered(struct hci_dev *hdev, u8 powered)
2875{ 2908{
2876 struct cmd_lookup match = { NULL, hdev }; 2909 struct cmd_lookup match = { NULL, hdev };
@@ -2882,17 +2915,8 @@ int mgmt_powered(struct hci_dev *hdev, u8 powered)
2882 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2915 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2883 2916
2884 if (powered) { 2917 if (powered) {
2885 u8 scan = 0; 2918 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2886 2919 !lmp_host_ssp_capable(hdev)) {
2887 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2888 scan |= SCAN_PAGE;
2889 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2890 scan |= SCAN_INQUIRY;
2891
2892 if (scan)
2893 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2894
2895 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2896 u8 ssp = 1; 2920 u8 ssp = 1;
2897 2921
2898 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp); 2922 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
@@ -2902,15 +2926,24 @@ int mgmt_powered(struct hci_dev *hdev, u8 powered)
2902 struct hci_cp_write_le_host_supported cp; 2926 struct hci_cp_write_le_host_supported cp;
2903 2927
2904 cp.le = 1; 2928 cp.le = 1;
2905 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR); 2929 cp.simul = lmp_le_br_capable(hdev);
2906 2930
2907 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, 2931 /* Check first if we already have the right
2908 sizeof(cp), &cp); 2932 * host state (host features set)
2933 */
2934 if (cp.le != lmp_host_le_capable(hdev) ||
2935 cp.simul != lmp_host_le_br_capable(hdev))
2936 hci_send_cmd(hdev,
2937 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2938 sizeof(cp), &cp);
2909 } 2939 }
2910 2940
2911 update_class(hdev); 2941 if (lmp_bredr_capable(hdev)) {
2912 update_name(hdev, hdev->dev_name); 2942 set_bredr_scan(hdev);
2913 update_eir(hdev); 2943 update_class(hdev);
2944 update_name(hdev, hdev->dev_name);
2945 update_eir(hdev);
2946 }
2914 } else { 2947 } else {
2915 u8 status = MGMT_STATUS_NOT_POWERED; 2948 u8 status = MGMT_STATUS_NOT_POWERED;
2916 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2949 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
@@ -3125,6 +3158,9 @@ int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3125 struct pending_cmd *cmd; 3158 struct pending_cmd *cmd;
3126 int err; 3159 int err;
3127 3160
3161 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3162 hdev);
3163
3128 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 3164 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3129 if (!cmd) 3165 if (!cmd)
3130 return -ENOENT; 3166 return -ENOENT;
@@ -3137,8 +3173,6 @@ int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3137 3173
3138 mgmt_pending_remove(cmd); 3174 mgmt_pending_remove(cmd);
3139 3175
3140 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3141 hdev);
3142 return err; 3176 return err;
3143} 3177}
3144 3178
@@ -3358,7 +3392,7 @@ static int clear_eir(struct hci_dev *hdev)
3358{ 3392{
3359 struct hci_cp_write_eir cp; 3393 struct hci_cp_write_eir cp;
3360 3394
3361 if (!(hdev->features[6] & LMP_EXT_INQ)) 3395 if (!lmp_ext_inq_capable(hdev))
3362 return 0; 3396 return 0;
3363 3397
3364 memset(hdev->eir, 0, sizeof(hdev->eir)); 3398 memset(hdev->eir, 0, sizeof(hdev->eir));
@@ -3490,7 +3524,12 @@ send_event:
3490 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, 3524 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3491 sizeof(ev), cmd ? cmd->sk : NULL); 3525 sizeof(ev), cmd ? cmd->sk : NULL);
3492 3526
3493 update_eir(hdev); 3527 /* EIR is taken care of separately when powering on the
3528 * adapter so only update them here if this is a name change
3529 * unrelated to power on.
3530 */
3531 if (!test_bit(HCI_INIT, &hdev->flags))
3532 update_eir(hdev);
3494 3533
3495failed: 3534failed:
3496 if (cmd) 3535 if (cmd)
@@ -3585,9 +3624,9 @@ int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3585 ev->addr.type = link_to_bdaddr(link_type, addr_type); 3624 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3586 ev->rssi = rssi; 3625 ev->rssi = rssi;
3587 if (cfm_name) 3626 if (cfm_name)
3588 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME); 3627 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3589 if (!ssp) 3628 if (!ssp)
3590 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING); 3629 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3591 3630
3592 if (eir_len > 0) 3631 if (eir_len > 0)
3593 memcpy(ev->eir, eir, eir_len); 3632 memcpy(ev->eir, eir, eir_len);
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index c75107ef8920..201fdf737209 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -377,8 +377,8 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
377 int err = 0; 377 int err = 0;
378 u8 dlci; 378 u8 dlci;
379 379
380 BT_DBG("dlc %p state %ld %s %s channel %d", 380 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
381 d, d->state, batostr(src), batostr(dst), channel); 381 d, d->state, src, dst, channel);
382 382
383 if (channel < 1 || channel > 30) 383 if (channel < 1 || channel > 30)
384 return -EINVAL; 384 return -EINVAL;
@@ -676,7 +676,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
676 struct socket *sock; 676 struct socket *sock;
677 struct sock *sk; 677 struct sock *sk;
678 678
679 BT_DBG("%s %s", batostr(src), batostr(dst)); 679 BT_DBG("%pMR -> %pMR", src, dst);
680 680
681 *err = rfcomm_l2sock_create(&sock); 681 *err = rfcomm_l2sock_create(&sock);
682 if (*err < 0) 682 if (*err < 0)
@@ -709,7 +709,7 @@ static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
709 709
710 bacpy(&addr.l2_bdaddr, dst); 710 bacpy(&addr.l2_bdaddr, dst);
711 addr.l2_family = AF_BLUETOOTH; 711 addr.l2_family = AF_BLUETOOTH;
712 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 712 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
713 addr.l2_cid = 0; 713 addr.l2_cid = 0;
714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
715 if (*err == 0 || *err == -EINPROGRESS) 715 if (*err == 0 || *err == -EINPROGRESS)
@@ -1987,7 +1987,7 @@ static int rfcomm_add_listener(bdaddr_t *ba)
1987 /* Bind socket */ 1987 /* Bind socket */
1988 bacpy(&addr.l2_bdaddr, ba); 1988 bacpy(&addr.l2_bdaddr, ba);
1989 addr.l2_family = AF_BLUETOOTH; 1989 addr.l2_family = AF_BLUETOOTH;
1990 addr.l2_psm = cpu_to_le16(RFCOMM_PSM); 1990 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1991 addr.l2_cid = 0; 1991 addr.l2_cid = 0;
1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1993 if (err < 0) { 1993 if (err < 0) {
@@ -2125,11 +2125,10 @@ static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2125 list_for_each_entry(d, &s->dlcs, list) { 2125 list_for_each_entry(d, &s->dlcs, list) {
2126 struct sock *sk = s->sock->sk; 2126 struct sock *sk = s->sock->sk;
2127 2127
2128 seq_printf(f, "%s %s %ld %d %d %d %d\n", 2128 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2129 batostr(&bt_sk(sk)->src), 2129 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2130 batostr(&bt_sk(sk)->dst), 2130 d->state, d->dlci, d->mtu,
2131 d->state, d->dlci, d->mtu, 2131 d->rx_credits, d->tx_credits);
2132 d->rx_credits, d->tx_credits);
2133 } 2132 }
2134 } 2133 }
2135 2134
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index b3226f3658cf..ce3f6658f4b2 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -334,7 +334,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
334 struct sock *sk = sock->sk; 334 struct sock *sk = sock->sk;
335 int err = 0; 335 int err = 0;
336 336
337 BT_DBG("sk %p %s", sk, batostr(&sa->rc_bdaddr)); 337 BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr);
338 338
339 if (!addr || addr->sa_family != AF_BLUETOOTH) 339 if (!addr || addr->sa_family != AF_BLUETOOTH)
340 return -EINVAL; 340 return -EINVAL;
@@ -467,7 +467,7 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f
467 long timeo; 467 long timeo;
468 int err = 0; 468 int err = 0;
469 469
470 lock_sock(sk); 470 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
471 471
472 if (sk->sk_type != SOCK_STREAM) { 472 if (sk->sk_type != SOCK_STREAM) {
473 err = -EINVAL; 473 err = -EINVAL;
@@ -504,7 +504,7 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f
504 504
505 release_sock(sk); 505 release_sock(sk);
506 timeo = schedule_timeout(timeo); 506 timeo = schedule_timeout(timeo);
507 lock_sock(sk); 507 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
508 } 508 }
509 __set_current_state(TASK_RUNNING); 509 __set_current_state(TASK_RUNNING);
510 remove_wait_queue(sk_sleep(sk), &wait); 510 remove_wait_queue(sk_sleep(sk), &wait);
@@ -975,10 +975,9 @@ static int rfcomm_sock_debugfs_show(struct seq_file *f, void *p)
975 read_lock(&rfcomm_sk_list.lock); 975 read_lock(&rfcomm_sk_list.lock);
976 976
977 sk_for_each(sk, node, &rfcomm_sk_list.head) { 977 sk_for_each(sk, node, &rfcomm_sk_list.head) {
978 seq_printf(f, "%s %s %d %d\n", 978 seq_printf(f, "%pMR %pMR %d %d\n",
979 batostr(&bt_sk(sk)->src), 979 &bt_sk(sk)->src, &bt_sk(sk)->dst,
980 batostr(&bt_sk(sk)->dst), 980 sk->sk_state, rfcomm_pi(sk)->channel);
981 sk->sk_state, rfcomm_pi(sk)->channel);
982 } 981 }
983 982
984 read_unlock(&rfcomm_sk_list.lock); 983 read_unlock(&rfcomm_sk_list.lock);
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index ccc248791d50..bd6fd0f43d2b 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -166,7 +166,7 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
166static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) 166static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
167{ 167{
168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); 168 struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
169 return sprintf(buf, "%s\n", batostr(&dev->dst)); 169 return sprintf(buf, "%pMR\n", &dev->dst);
170} 170}
171 171
172static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf) 172static ssize_t show_channel(struct device *tty_dev, struct device_attribute *attr, char *buf)
@@ -663,8 +663,8 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
663 if (!dev) 663 if (!dev)
664 return -ENODEV; 664 return -ENODEV;
665 665
666 BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), 666 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
667 dev->channel, dev->port.count); 667 dev->channel, dev->port.count);
668 668
669 spin_lock_irqsave(&dev->port.lock, flags); 669 spin_lock_irqsave(&dev->port.lock, flags);
670 if (++dev->port.count > 1) { 670 if (++dev->port.count > 1) {
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index dc42b917aaaf..57f250c20e39 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -131,15 +131,6 @@ static int sco_conn_del(struct hci_conn *hcon, int err)
131 sco_sock_clear_timer(sk); 131 sco_sock_clear_timer(sk);
132 sco_chan_del(sk, err); 132 sco_chan_del(sk, err);
133 bh_unlock_sock(sk); 133 bh_unlock_sock(sk);
134
135 sco_conn_lock(conn);
136 conn->sk = NULL;
137 sco_pi(sk)->conn = NULL;
138 sco_conn_unlock(conn);
139
140 if (conn->hcon)
141 hci_conn_put(conn->hcon);
142
143 sco_sock_kill(sk); 134 sco_sock_kill(sk);
144 } 135 }
145 136
@@ -172,7 +163,7 @@ static int sco_connect(struct sock *sk)
172 struct hci_dev *hdev; 163 struct hci_dev *hdev;
173 int err, type; 164 int err, type;
174 165
175 BT_DBG("%s -> %s", batostr(src), batostr(dst)); 166 BT_DBG("%pMR -> %pMR", src, dst);
176 167
177 hdev = hci_get_route(dst, src); 168 hdev = hci_get_route(dst, src);
178 if (!hdev) 169 if (!hdev)
@@ -361,7 +352,7 @@ static void __sco_sock_close(struct sock *sk)
361 352
362 case BT_CONNECTED: 353 case BT_CONNECTED:
363 case BT_CONFIG: 354 case BT_CONFIG:
364 if (sco_pi(sk)->conn) { 355 if (sco_pi(sk)->conn->hcon) {
365 sk->sk_state = BT_DISCONN; 356 sk->sk_state = BT_DISCONN;
366 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 357 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
367 hci_conn_put(sco_pi(sk)->conn->hcon); 358 hci_conn_put(sco_pi(sk)->conn->hcon);
@@ -397,6 +388,7 @@ static void sco_sock_init(struct sock *sk, struct sock *parent)
397 388
398 if (parent) { 389 if (parent) {
399 sk->sk_type = parent->sk_type; 390 sk->sk_type = parent->sk_type;
391 bt_sk(sk)->flags = bt_sk(parent)->flags;
400 security_sk_clone(parent, sk); 392 security_sk_clone(parent, sk);
401 } 393 }
402} 394}
@@ -460,7 +452,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
460 struct sock *sk = sock->sk; 452 struct sock *sk = sock->sk;
461 int err = 0; 453 int err = 0;
462 454
463 BT_DBG("sk %p %s", sk, batostr(&sa->sco_bdaddr)); 455 BT_DBG("sk %p %pMR", sk, &sa->sco_bdaddr);
464 456
465 if (!addr || addr->sa_family != AF_BLUETOOTH) 457 if (!addr || addr->sa_family != AF_BLUETOOTH)
466 return -EINVAL; 458 return -EINVAL;
@@ -662,16 +654,57 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
662 return err; 654 return err;
663} 655}
664 656
657static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
658 struct msghdr *msg, size_t len, int flags)
659{
660 struct sock *sk = sock->sk;
661 struct sco_pinfo *pi = sco_pi(sk);
662
663 lock_sock(sk);
664
665 if (sk->sk_state == BT_CONNECT2 &&
666 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
667 hci_conn_accept(pi->conn->hcon, 0);
668 sk->sk_state = BT_CONFIG;
669
670 release_sock(sk);
671 return 0;
672 }
673
674 release_sock(sk);
675
676 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
677}
678
665static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 679static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
666{ 680{
667 struct sock *sk = sock->sk; 681 struct sock *sk = sock->sk;
668 int err = 0; 682 int err = 0;
683 u32 opt;
669 684
670 BT_DBG("sk %p", sk); 685 BT_DBG("sk %p", sk);
671 686
672 lock_sock(sk); 687 lock_sock(sk);
673 688
674 switch (optname) { 689 switch (optname) {
690
691 case BT_DEFER_SETUP:
692 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
693 err = -EINVAL;
694 break;
695 }
696
697 if (get_user(opt, (u32 __user *) optval)) {
698 err = -EFAULT;
699 break;
700 }
701
702 if (opt)
703 set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
704 else
705 clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
706 break;
707
675 default: 708 default:
676 err = -ENOPROTOOPT; 709 err = -ENOPROTOOPT;
677 break; 710 break;
@@ -753,6 +786,19 @@ static int sco_sock_getsockopt(struct socket *sock, int level, int optname, char
753 lock_sock(sk); 786 lock_sock(sk);
754 787
755 switch (optname) { 788 switch (optname) {
789
790 case BT_DEFER_SETUP:
791 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
792 err = -EINVAL;
793 break;
794 }
795
796 if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags),
797 (u32 __user *) optval))
798 err = -EFAULT;
799
800 break;
801
756 default: 802 default:
757 err = -ENOPROTOOPT; 803 err = -ENOPROTOOPT;
758 break; 804 break;
@@ -830,6 +876,16 @@ static void sco_chan_del(struct sock *sk, int err)
830 876
831 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 877 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
832 878
879 if (conn) {
880 sco_conn_lock(conn);
881 conn->sk = NULL;
882 sco_pi(sk)->conn = NULL;
883 sco_conn_unlock(conn);
884
885 if (conn->hcon)
886 hci_conn_put(conn->hcon);
887 }
888
833 sk->sk_state = BT_CLOSED; 889 sk->sk_state = BT_CLOSED;
834 sk->sk_err = err; 890 sk->sk_err = err;
835 sk->sk_state_change(sk); 891 sk->sk_state_change(sk);
@@ -874,7 +930,10 @@ static void sco_conn_ready(struct sco_conn *conn)
874 hci_conn_hold(conn->hcon); 930 hci_conn_hold(conn->hcon);
875 __sco_chan_add(conn, sk, parent); 931 __sco_chan_add(conn, sk, parent);
876 932
877 sk->sk_state = BT_CONNECTED; 933 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
934 sk->sk_state = BT_CONNECT2;
935 else
936 sk->sk_state = BT_CONNECTED;
878 937
879 /* Wake up parent */ 938 /* Wake up parent */
880 parent->sk_data_ready(parent, 1); 939 parent->sk_data_ready(parent, 1);
@@ -887,13 +946,13 @@ done:
887} 946}
888 947
889/* ----- SCO interface with lower layer (HCI) ----- */ 948/* ----- SCO interface with lower layer (HCI) ----- */
890int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr) 949int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags)
891{ 950{
892 struct sock *sk; 951 struct sock *sk;
893 struct hlist_node *node; 952 struct hlist_node *node;
894 int lm = 0; 953 int lm = 0;
895 954
896 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr)); 955 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr);
897 956
898 /* Find listening sockets */ 957 /* Find listening sockets */
899 read_lock(&sco_sk_list.lock); 958 read_lock(&sco_sk_list.lock);
@@ -904,6 +963,9 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
904 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || 963 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) ||
905 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 964 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
906 lm |= HCI_LM_ACCEPT; 965 lm |= HCI_LM_ACCEPT;
966
967 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
968 *flags |= HCI_PROTO_DEFER;
907 break; 969 break;
908 } 970 }
909 } 971 }
@@ -914,7 +976,7 @@ int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
914 976
915void sco_connect_cfm(struct hci_conn *hcon, __u8 status) 977void sco_connect_cfm(struct hci_conn *hcon, __u8 status)
916{ 978{
917 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 979 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
918 if (!status) { 980 if (!status) {
919 struct sco_conn *conn; 981 struct sco_conn *conn;
920 982
@@ -959,8 +1021,8 @@ static int sco_debugfs_show(struct seq_file *f, void *p)
959 read_lock(&sco_sk_list.lock); 1021 read_lock(&sco_sk_list.lock);
960 1022
961 sk_for_each(sk, node, &sco_sk_list.head) { 1023 sk_for_each(sk, node, &sco_sk_list.head) {
962 seq_printf(f, "%s %s %d\n", batostr(&bt_sk(sk)->src), 1024 seq_printf(f, "%pMR %pMR %d\n", &bt_sk(sk)->src,
963 batostr(&bt_sk(sk)->dst), sk->sk_state); 1025 &bt_sk(sk)->dst, sk->sk_state);
964 } 1026 }
965 1027
966 read_unlock(&sco_sk_list.lock); 1028 read_unlock(&sco_sk_list.lock);
@@ -992,7 +1054,7 @@ static const struct proto_ops sco_sock_ops = {
992 .accept = sco_sock_accept, 1054 .accept = sco_sock_accept,
993 .getname = sco_sock_getname, 1055 .getname = sco_sock_getname,
994 .sendmsg = sco_sock_sendmsg, 1056 .sendmsg = sco_sock_sendmsg,
995 .recvmsg = bt_sock_recvmsg, 1057 .recvmsg = sco_sock_recvmsg,
996 .poll = bt_sock_poll, 1058 .poll = bt_sock_poll,
997 .ioctl = bt_sock_ioctl, 1059 .ioctl = bt_sock_ioctl,
998 .mmap = sock_no_mmap, 1060 .mmap = sock_no_mmap,
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 2ac8d50861e0..68a9587c9694 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -167,7 +167,7 @@ static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
167 167
168 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); 168 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
169 lh->len = cpu_to_le16(sizeof(code) + dlen); 169 lh->len = cpu_to_le16(sizeof(code) + dlen);
170 lh->cid = cpu_to_le16(L2CAP_CID_SMP); 170 lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
171 171
172 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code)); 172 memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
173 173
@@ -267,7 +267,7 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
267 267
268 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags); 268 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->hcon->flags);
269 mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type, 269 mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
270 hcon->dst_type, reason); 270 hcon->dst_type, HCI_ERROR_AUTH_FAILURE);
271 271
272 cancel_delayed_work_sync(&conn->security_timer); 272 cancel_delayed_work_sync(&conn->security_timer);
273 273
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-23 09:25:59 -0500