aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/af_bluetooth.c2
-rw-r--r--net/bluetooth/bnep/bnep.h3
-rw-r--r--net/bluetooth/hci_core.c26
-rw-r--r--net/bluetooth/hci_event.c72
-rw-r--r--net/bluetooth/l2cap_core.c744
-rw-r--r--net/bluetooth/l2cap_sock.c181
-rw-r--r--net/bluetooth/mgmt.c17
-rw-r--r--net/bluetooth/smp.c56
-rw-r--r--net/bluetooth/smp.h1
9 files changed, 948 insertions, 154 deletions
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 56ca494621c6..0c5866bb49b6 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -31,7 +31,7 @@
31#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/bluetooth.h>
32#include <linux/proc_fs.h> 32#include <linux/proc_fs.h>
33 33
34#define VERSION "2.17" 34#define VERSION "2.18"
35 35
36/* Bluetooth sockets */ 36/* Bluetooth sockets */
37#define BT_MAX_PROTO 8 37#define BT_MAX_PROTO 8
diff --git a/net/bluetooth/bnep/bnep.h b/net/bluetooth/bnep/bnep.h
index e7ee5314f39a..5a5b16f365e9 100644
--- a/net/bluetooth/bnep/bnep.h
+++ b/net/bluetooth/bnep/bnep.h
@@ -12,8 +12,7 @@
12 GNU General Public License for more details. 12 GNU General Public License for more details.
13 13
14 You should have received a copy of the GNU General Public License 14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software 15 along with this program; if not, see <http://www.gnu.org/licenses/>.
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17*/ 16*/
18 17
19#ifndef _BNEP_H 18#ifndef _BNEP_H
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 6ccc4eb9e55e..8b8b5f80dd89 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -1228,7 +1228,7 @@ static void hci_set_event_mask_page_2(struct hci_request *req)
1228 /* If Connectionless Slave Broadcast master role is supported 1228 /* If Connectionless Slave Broadcast master role is supported
1229 * enable all necessary events for it. 1229 * enable all necessary events for it.
1230 */ 1230 */
1231 if (hdev->features[2][0] & 0x01) { 1231 if (lmp_csb_master_capable(hdev)) {
1232 events[1] |= 0x40; /* Triggered Clock Capture */ 1232 events[1] |= 0x40; /* Triggered Clock Capture */
1233 events[1] |= 0x80; /* Synchronization Train Complete */ 1233 events[1] |= 0x80; /* Synchronization Train Complete */
1234 events[2] |= 0x10; /* Slave Page Response Timeout */ 1234 events[2] |= 0x10; /* Slave Page Response Timeout */
@@ -1238,7 +1238,7 @@ static void hci_set_event_mask_page_2(struct hci_request *req)
1238 /* If Connectionless Slave Broadcast slave role is supported 1238 /* If Connectionless Slave Broadcast slave role is supported
1239 * enable all necessary events for it. 1239 * enable all necessary events for it.
1240 */ 1240 */
1241 if (hdev->features[2][0] & 0x02) { 1241 if (lmp_csb_slave_capable(hdev)) {
1242 events[2] |= 0x01; /* Synchronization Train Received */ 1242 events[2] |= 0x01; /* Synchronization Train Received */
1243 events[2] |= 0x02; /* CSB Receive */ 1243 events[2] |= 0x02; /* CSB Receive */
1244 events[2] |= 0x04; /* CSB Timeout */ 1244 events[2] |= 0x04; /* CSB Timeout */
@@ -1275,15 +1275,17 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
1275 hci_setup_link_policy(req); 1275 hci_setup_link_policy(req);
1276 1276
1277 if (lmp_le_capable(hdev)) { 1277 if (lmp_le_capable(hdev)) {
1278 /* If the controller has a public BD_ADDR, then by 1278 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1279 * default use that one. If this is a LE only 1279 /* If the controller has a public BD_ADDR, then
1280 * controller without one, default to the random 1280 * by default use that one. If this is a LE only
1281 * address. 1281 * controller without a public address, default
1282 */ 1282 * to the random address.
1283 if (bacmp(&hdev->bdaddr, BDADDR_ANY)) 1283 */
1284 hdev->own_addr_type = ADDR_LE_DEV_PUBLIC; 1284 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1285 else 1285 hdev->own_addr_type = ADDR_LE_DEV_PUBLIC;
1286 hdev->own_addr_type = ADDR_LE_DEV_RANDOM; 1286 else
1287 hdev->own_addr_type = ADDR_LE_DEV_RANDOM;
1288 }
1287 1289
1288 hci_set_le_support(req); 1290 hci_set_le_support(req);
1289 } 1291 }
@@ -1307,7 +1309,7 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt)
1307 hci_set_event_mask_page_2(req); 1309 hci_set_event_mask_page_2(req);
1308 1310
1309 /* Check for Synchronization Train support */ 1311 /* Check for Synchronization Train support */
1310 if (hdev->features[2][0] & 0x04) 1312 if (lmp_sync_train_capable(hdev))
1311 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); 1313 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1312} 1314}
1313 1315
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 5935f748c0f9..5fb3df66c2cd 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -486,7 +486,10 @@ static void hci_cc_read_local_commands(struct hci_dev *hdev,
486 486
487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 487 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
488 488
489 if (!rp->status) 489 if (rp->status)
490 return;
491
492 if (test_bit(HCI_SETUP, &hdev->dev_flags))
490 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands)); 493 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
491} 494}
492 495
@@ -538,12 +541,6 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
538 541
539 if (hdev->features[0][5] & LMP_EDR_3S_ESCO) 542 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
540 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 543 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
541
542 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
543 hdev->features[0][0], hdev->features[0][1],
544 hdev->features[0][2], hdev->features[0][3],
545 hdev->features[0][4], hdev->features[0][5],
546 hdev->features[0][6], hdev->features[0][7]);
547} 544}
548 545
549static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 546static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
@@ -1782,7 +1779,9 @@ static u8 hci_to_mgmt_reason(u8 err)
1782static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 1779static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1783{ 1780{
1784 struct hci_ev_disconn_complete *ev = (void *) skb->data; 1781 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1782 u8 reason = hci_to_mgmt_reason(ev->reason);
1785 struct hci_conn *conn; 1783 struct hci_conn *conn;
1784 u8 type;
1786 1785
1787 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); 1786 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
1788 1787
@@ -1792,43 +1791,38 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1792 if (!conn) 1791 if (!conn)
1793 goto unlock; 1792 goto unlock;
1794 1793
1795 if (ev->status == 0) 1794 if (ev->status) {
1796 conn->state = BT_CLOSED; 1795 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1796 conn->dst_type, ev->status);
1797 goto unlock;
1798 }
1797 1799
1798 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) && 1800 conn->state = BT_CLOSED;
1799 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1800 if (ev->status) {
1801 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1802 conn->dst_type, ev->status);
1803 } else {
1804 u8 reason = hci_to_mgmt_reason(ev->reason);
1805 1801
1806 mgmt_device_disconnected(hdev, &conn->dst, conn->type, 1802 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1807 conn->dst_type, reason); 1803 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1808 } 1804 conn->dst_type, reason);
1809 }
1810 1805
1811 if (ev->status == 0) { 1806 if (conn->type == ACL_LINK && conn->flush_key)
1812 u8 type = conn->type; 1807 hci_remove_link_key(hdev, &conn->dst);
1813 1808
1814 if (type == ACL_LINK && conn->flush_key) 1809 type = conn->type;
1815 hci_remove_link_key(hdev, &conn->dst);
1816 hci_proto_disconn_cfm(conn, ev->reason);
1817 hci_conn_del(conn);
1818 1810
1819 /* Re-enable advertising if necessary, since it might 1811 hci_proto_disconn_cfm(conn, ev->reason);
1820 * have been disabled by the connection. From the 1812 hci_conn_del(conn);
1821 * HCI_LE_Set_Advertise_Enable command description in 1813
1822 * the core specification (v4.0): 1814 /* Re-enable advertising if necessary, since it might
1823 * "The Controller shall continue advertising until the Host 1815 * have been disabled by the connection. From the
1824 * issues an LE_Set_Advertise_Enable command with 1816 * HCI_LE_Set_Advertise_Enable command description in
1825 * Advertising_Enable set to 0x00 (Advertising is disabled) 1817 * the core specification (v4.0):
1826 * or until a connection is created or until the Advertising 1818 * "The Controller shall continue advertising until the Host
1827 * is timed out due to Directed Advertising." 1819 * issues an LE_Set_Advertise_Enable command with
1828 */ 1820 * Advertising_Enable set to 0x00 (Advertising is disabled)
1829 if (type == LE_LINK) 1821 * or until a connection is created or until the Advertising
1830 mgmt_reenable_advertising(hdev); 1822 * is timed out due to Directed Advertising."
1831 } 1823 */
1824 if (type == LE_LINK)
1825 mgmt_reenable_advertising(hdev);
1832 1826
1833unlock: 1827unlock:
1834 hci_dev_unlock(hdev); 1828 hci_dev_unlock(hdev);
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 4af3821df880..b6bca64b320d 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -49,6 +49,9 @@ static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP | L2CAP_FC_CONNLESS, };
49static LIST_HEAD(chan_list); 49static LIST_HEAD(chan_list);
50static DEFINE_RWLOCK(chan_list_lock); 50static DEFINE_RWLOCK(chan_list_lock);
51 51
52static u16 le_max_credits = L2CAP_LE_MAX_CREDITS;
53static u16 le_default_mps = L2CAP_LE_DEFAULT_MPS;
54
52static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, 55static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
53 u8 code, u8 ident, u16 dlen, void *data); 56 u8 code, u8 ident, u16 dlen, void *data);
54static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, 57static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
@@ -213,9 +216,14 @@ int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
213 216
214static u16 l2cap_alloc_cid(struct l2cap_conn *conn) 217static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
215{ 218{
216 u16 cid = L2CAP_CID_DYN_START; 219 u16 cid, dyn_end;
220
221 if (conn->hcon->type == LE_LINK)
222 dyn_end = L2CAP_CID_LE_DYN_END;
223 else
224 dyn_end = L2CAP_CID_DYN_END;
217 225
218 for (; cid < L2CAP_CID_DYN_END; cid++) { 226 for (cid = L2CAP_CID_DYN_START; cid < dyn_end; cid++) {
219 if (!__l2cap_get_chan_by_scid(conn, cid)) 227 if (!__l2cap_get_chan_by_scid(conn, cid))
220 return cid; 228 return cid;
221 } 229 }
@@ -490,6 +498,18 @@ void l2cap_chan_set_defaults(struct l2cap_chan *chan)
490 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); 498 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
491} 499}
492 500
501static void l2cap_le_flowctl_init(struct l2cap_chan *chan)
502{
503 chan->sdu = NULL;
504 chan->sdu_last_frag = NULL;
505 chan->sdu_len = 0;
506 chan->tx_credits = 0;
507 chan->rx_credits = le_max_credits;
508 chan->mps = min_t(u16, chan->imtu, L2CAP_LE_DEFAULT_MPS);
509
510 skb_queue_head_init(&chan->tx_q);
511}
512
493void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) 513void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
494{ 514{
495 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, 515 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
@@ -502,12 +522,12 @@ void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
502 switch (chan->chan_type) { 522 switch (chan->chan_type) {
503 case L2CAP_CHAN_CONN_ORIENTED: 523 case L2CAP_CHAN_CONN_ORIENTED:
504 if (conn->hcon->type == LE_LINK) { 524 if (conn->hcon->type == LE_LINK) {
505 /* LE connection */ 525 if (chan->dcid == L2CAP_CID_ATT) {
506 chan->omtu = L2CAP_DEFAULT_MTU; 526 chan->omtu = L2CAP_DEFAULT_MTU;
507 if (chan->dcid == L2CAP_CID_ATT)
508 chan->scid = L2CAP_CID_ATT; 527 chan->scid = L2CAP_CID_ATT;
509 else 528 } else {
510 chan->scid = l2cap_alloc_cid(conn); 529 chan->scid = l2cap_alloc_cid(conn);
530 }
511 } else { 531 } else {
512 /* Alloc CID for connection-oriented socket */ 532 /* Alloc CID for connection-oriented socket */
513 chan->scid = l2cap_alloc_cid(conn); 533 chan->scid = l2cap_alloc_cid(conn);
@@ -597,6 +617,10 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
597 case L2CAP_MODE_BASIC: 617 case L2CAP_MODE_BASIC:
598 break; 618 break;
599 619
620 case L2CAP_MODE_LE_FLOWCTL:
621 skb_queue_purge(&chan->tx_q);
622 break;
623
600 case L2CAP_MODE_ERTM: 624 case L2CAP_MODE_ERTM:
601 __clear_retrans_timer(chan); 625 __clear_retrans_timer(chan);
602 __clear_monitor_timer(chan); 626 __clear_monitor_timer(chan);
@@ -617,6 +641,50 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
617 return; 641 return;
618} 642}
619 643
644static void l2cap_chan_le_connect_reject(struct l2cap_chan *chan)
645{
646 struct l2cap_conn *conn = chan->conn;
647 struct l2cap_le_conn_rsp rsp;
648 u16 result;
649
650 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
651 result = L2CAP_CR_AUTHORIZATION;
652 else
653 result = L2CAP_CR_BAD_PSM;
654
655 l2cap_state_change(chan, BT_DISCONN);
656
657 rsp.dcid = cpu_to_le16(chan->scid);
658 rsp.mtu = cpu_to_le16(chan->imtu);
659 rsp.mps = cpu_to_le16(chan->mps);
660 rsp.credits = cpu_to_le16(chan->rx_credits);
661 rsp.result = cpu_to_le16(result);
662
663 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
664 &rsp);
665}
666
667static void l2cap_chan_connect_reject(struct l2cap_chan *chan)
668{
669 struct l2cap_conn *conn = chan->conn;
670 struct l2cap_conn_rsp rsp;
671 u16 result;
672
673 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
674 result = L2CAP_CR_SEC_BLOCK;
675 else
676 result = L2CAP_CR_BAD_PSM;
677
678 l2cap_state_change(chan, BT_DISCONN);
679
680 rsp.scid = cpu_to_le16(chan->dcid);
681 rsp.dcid = cpu_to_le16(chan->scid);
682 rsp.result = cpu_to_le16(result);
683 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
684
685 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
686}
687
620void l2cap_chan_close(struct l2cap_chan *chan, int reason) 688void l2cap_chan_close(struct l2cap_chan *chan, int reason)
621{ 689{
622 struct l2cap_conn *conn = chan->conn; 690 struct l2cap_conn *conn = chan->conn;
@@ -630,8 +698,10 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
630 698
631 case BT_CONNECTED: 699 case BT_CONNECTED:
632 case BT_CONFIG: 700 case BT_CONFIG:
633 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 701 /* ATT uses L2CAP_CHAN_CONN_ORIENTED so we must also
634 conn->hcon->type == ACL_LINK) { 702 * check for chan->psm.
703 */
704 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && chan->psm) {
635 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); 705 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
636 l2cap_send_disconn_req(chan, reason); 706 l2cap_send_disconn_req(chan, reason);
637 } else 707 } else
@@ -639,24 +709,11 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
639 break; 709 break;
640 710
641 case BT_CONNECT2: 711 case BT_CONNECT2:
642 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 712 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
643 conn->hcon->type == ACL_LINK) { 713 if (conn->hcon->type == ACL_LINK)
644 struct l2cap_conn_rsp rsp; 714 l2cap_chan_connect_reject(chan);
645 __u16 result; 715 else if (conn->hcon->type == LE_LINK)
646 716 l2cap_chan_le_connect_reject(chan);
647 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
648 result = L2CAP_CR_SEC_BLOCK;
649 else
650 result = L2CAP_CR_BAD_PSM;
651
652 l2cap_state_change(chan, BT_DISCONN);
653
654 rsp.scid = cpu_to_le16(chan->dcid);
655 rsp.dcid = cpu_to_le16(chan->scid);
656 rsp.result = cpu_to_le16(result);
657 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
658 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
659 sizeof(rsp), &rsp);
660 } 717 }
661 718
662 l2cap_chan_del(chan, reason); 719 l2cap_chan_del(chan, reason);
@@ -726,6 +783,9 @@ int l2cap_chan_check_security(struct l2cap_chan *chan)
726 struct l2cap_conn *conn = chan->conn; 783 struct l2cap_conn *conn = chan->conn;
727 __u8 auth_type; 784 __u8 auth_type;
728 785
786 if (conn->hcon->type == LE_LINK)
787 return smp_conn_security(conn->hcon, chan->sec_level);
788
729 auth_type = l2cap_get_auth_type(chan); 789 auth_type = l2cap_get_auth_type(chan);
730 790
731 return hci_conn_security(conn->hcon, chan->sec_level, auth_type); 791 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
@@ -1152,16 +1212,57 @@ static void l2cap_chan_ready(struct l2cap_chan *chan)
1152 chan->conf_state = 0; 1212 chan->conf_state = 0;
1153 __clear_chan_timer(chan); 1213 __clear_chan_timer(chan);
1154 1214
1215 if (chan->mode == L2CAP_MODE_LE_FLOWCTL && !chan->tx_credits)
1216 chan->ops->suspend(chan);
1217
1155 chan->state = BT_CONNECTED; 1218 chan->state = BT_CONNECTED;
1156 1219
1157 chan->ops->ready(chan); 1220 chan->ops->ready(chan);
1158} 1221}
1159 1222
1223static void l2cap_le_connect(struct l2cap_chan *chan)
1224{
1225 struct l2cap_conn *conn = chan->conn;
1226 struct l2cap_le_conn_req req;
1227
1228 if (test_and_set_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags))
1229 return;
1230
1231 req.psm = chan->psm;
1232 req.scid = cpu_to_le16(chan->scid);
1233 req.mtu = cpu_to_le16(chan->imtu);
1234 req.mps = cpu_to_le16(chan->mps);
1235 req.credits = cpu_to_le16(chan->rx_credits);
1236
1237 chan->ident = l2cap_get_ident(conn);
1238
1239 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_REQ,
1240 sizeof(req), &req);
1241}
1242
1243static void l2cap_le_start(struct l2cap_chan *chan)
1244{
1245 struct l2cap_conn *conn = chan->conn;
1246
1247 if (!smp_conn_security(conn->hcon, chan->sec_level))
1248 return;
1249
1250 if (!chan->psm) {
1251 l2cap_chan_ready(chan);
1252 return;
1253 }
1254
1255 if (chan->state == BT_CONNECT)
1256 l2cap_le_connect(chan);
1257}
1258
1160static void l2cap_start_connection(struct l2cap_chan *chan) 1259static void l2cap_start_connection(struct l2cap_chan *chan)
1161{ 1260{
1162 if (__amp_capable(chan)) { 1261 if (__amp_capable(chan)) {
1163 BT_DBG("chan %p AMP capable: discover AMPs", chan); 1262 BT_DBG("chan %p AMP capable: discover AMPs", chan);
1164 a2mp_discover_amp(chan); 1263 a2mp_discover_amp(chan);
1264 } else if (chan->conn->hcon->type == LE_LINK) {
1265 l2cap_le_start(chan);
1165 } else { 1266 } else {
1166 l2cap_send_conn_req(chan); 1267 l2cap_send_conn_req(chan);
1167 } 1268 }
@@ -1172,7 +1273,7 @@ static void l2cap_do_start(struct l2cap_chan *chan)
1172 struct l2cap_conn *conn = chan->conn; 1273 struct l2cap_conn *conn = chan->conn;
1173 1274
1174 if (conn->hcon->type == LE_LINK) { 1275 if (conn->hcon->type == LE_LINK) {
1175 l2cap_chan_ready(chan); 1276 l2cap_le_start(chan);
1176 return; 1277 return;
1177 } 1278 }
1178 1279
@@ -1430,9 +1531,7 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
1430 } 1531 }
1431 1532
1432 if (hcon->type == LE_LINK) { 1533 if (hcon->type == LE_LINK) {
1433 if (smp_conn_security(hcon, chan->sec_level)) 1534 l2cap_le_start(chan);
1434 l2cap_chan_ready(chan);
1435
1436 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { 1535 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1437 l2cap_chan_ready(chan); 1536 l2cap_chan_ready(chan);
1438 1537
@@ -1703,7 +1802,8 @@ EXPORT_SYMBOL(l2cap_conn_put);
1703 */ 1802 */
1704static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, 1803static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1705 bdaddr_t *src, 1804 bdaddr_t *src,
1706 bdaddr_t *dst) 1805 bdaddr_t *dst,
1806 u8 link_type)
1707{ 1807{
1708 struct l2cap_chan *c, *c1 = NULL; 1808 struct l2cap_chan *c, *c1 = NULL;
1709 1809
@@ -1713,6 +1813,12 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1713 if (state && c->state != state) 1813 if (state && c->state != state)
1714 continue; 1814 continue;
1715 1815
1816 if (link_type == ACL_LINK && c->src_type != BDADDR_BREDR)
1817 continue;
1818
1819 if (link_type == LE_LINK && c->src_type == BDADDR_BREDR)
1820 continue;
1821
1716 if (c->psm == psm) { 1822 if (c->psm == psm) {
1717 int src_match, dst_match; 1823 int src_match, dst_match;
1718 int src_any, dst_any; 1824 int src_any, dst_any;
@@ -1739,6 +1845,18 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1739 return c1; 1845 return c1;
1740} 1846}
1741 1847
1848static bool is_valid_psm(u16 psm, u8 dst_type)
1849{
1850 if (!psm)
1851 return false;
1852
1853 if (bdaddr_type_is_le(dst_type))
1854 return (psm <= 0x00ff);
1855
1856 /* PSM must be odd and lsb of upper byte must be 0 */
1857 return ((psm & 0x0101) == 0x0001);
1858}
1859
1742int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, 1860int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1743 bdaddr_t *dst, u8 dst_type) 1861 bdaddr_t *dst, u8 dst_type)
1744{ 1862{
@@ -1759,8 +1877,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1759 1877
1760 l2cap_chan_lock(chan); 1878 l2cap_chan_lock(chan);
1761 1879
1762 /* PSM must be odd and lsb of upper byte must be 0 */ 1880 if (!is_valid_psm(__le16_to_cpu(psm), dst_type) && !cid &&
1763 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1764 chan->chan_type != L2CAP_CHAN_RAW) { 1881 chan->chan_type != L2CAP_CHAN_RAW) {
1765 err = -EINVAL; 1882 err = -EINVAL;
1766 goto done; 1883 goto done;
@@ -1774,6 +1891,9 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1774 switch (chan->mode) { 1891 switch (chan->mode) {
1775 case L2CAP_MODE_BASIC: 1892 case L2CAP_MODE_BASIC:
1776 break; 1893 break;
1894 case L2CAP_MODE_LE_FLOWCTL:
1895 l2cap_le_flowctl_init(chan);
1896 break;
1777 case L2CAP_MODE_ERTM: 1897 case L2CAP_MODE_ERTM:
1778 case L2CAP_MODE_STREAMING: 1898 case L2CAP_MODE_STREAMING:
1779 if (!disable_ertm) 1899 if (!disable_ertm)
@@ -2432,6 +2552,89 @@ static int l2cap_segment_sdu(struct l2cap_chan *chan,
2432 return 0; 2552 return 0;
2433} 2553}
2434 2554
2555static struct sk_buff *l2cap_create_le_flowctl_pdu(struct l2cap_chan *chan,
2556 struct msghdr *msg,
2557 size_t len, u16 sdulen)
2558{
2559 struct l2cap_conn *conn = chan->conn;
2560 struct sk_buff *skb;
2561 int err, count, hlen;
2562 struct l2cap_hdr *lh;
2563
2564 BT_DBG("chan %p len %zu", chan, len);
2565
2566 if (!conn)
2567 return ERR_PTR(-ENOTCONN);
2568
2569 hlen = L2CAP_HDR_SIZE;
2570
2571 if (sdulen)
2572 hlen += L2CAP_SDULEN_SIZE;
2573
2574 count = min_t(unsigned int, (conn->mtu - hlen), len);
2575
2576 skb = chan->ops->alloc_skb(chan, count + hlen,
2577 msg->msg_flags & MSG_DONTWAIT);
2578 if (IS_ERR(skb))
2579 return skb;
2580
2581 /* Create L2CAP header */
2582 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2583 lh->cid = cpu_to_le16(chan->dcid);
2584 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
2585
2586 if (sdulen)
2587 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
2588
2589 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2590 if (unlikely(err < 0)) {
2591 kfree_skb(skb);
2592 return ERR_PTR(err);
2593 }
2594
2595 return skb;
2596}
2597
2598static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
2599 struct sk_buff_head *seg_queue,
2600 struct msghdr *msg, size_t len)
2601{
2602 struct sk_buff *skb;
2603 size_t pdu_len;
2604 u16 sdu_len;
2605
2606 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2607
2608 pdu_len = chan->conn->mtu - L2CAP_HDR_SIZE;
2609
2610 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2611
2612 sdu_len = len;
2613 pdu_len -= L2CAP_SDULEN_SIZE;
2614
2615 while (len > 0) {
2616 if (len <= pdu_len)
2617 pdu_len = len;
2618
2619 skb = l2cap_create_le_flowctl_pdu(chan, msg, pdu_len, sdu_len);
2620 if (IS_ERR(skb)) {
2621 __skb_queue_purge(seg_queue);
2622 return PTR_ERR(skb);
2623 }
2624
2625 __skb_queue_tail(seg_queue, skb);
2626
2627 len -= pdu_len;
2628
2629 if (sdu_len) {
2630 sdu_len = 0;
2631 pdu_len += L2CAP_SDULEN_SIZE;
2632 }
2633 }
2634
2635 return 0;
2636}
2637
2435int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, 2638int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2436 u32 priority) 2639 u32 priority)
2437{ 2640{
@@ -2453,6 +2656,40 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2453 } 2656 }
2454 2657
2455 switch (chan->mode) { 2658 switch (chan->mode) {
2659 case L2CAP_MODE_LE_FLOWCTL:
2660 /* Check outgoing MTU */
2661 if (len > chan->omtu)
2662 return -EMSGSIZE;
2663
2664 if (!chan->tx_credits)
2665 return -EAGAIN;
2666
2667 __skb_queue_head_init(&seg_queue);
2668
2669 err = l2cap_segment_le_sdu(chan, &seg_queue, msg, len);
2670
2671 if (chan->state != BT_CONNECTED) {
2672 __skb_queue_purge(&seg_queue);
2673 err = -ENOTCONN;
2674 }
2675
2676 if (err)
2677 return err;
2678
2679 skb_queue_splice_tail_init(&seg_queue, &chan->tx_q);
2680
2681 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
2682 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
2683 chan->tx_credits--;
2684 }
2685
2686 if (!chan->tx_credits)
2687 chan->ops->suspend(chan);
2688
2689 err = len;
2690
2691 break;
2692
2456 case L2CAP_MODE_BASIC: 2693 case L2CAP_MODE_BASIC:
2457 /* Check outgoing MTU */ 2694 /* Check outgoing MTU */
2458 if (len > chan->omtu) 2695 if (len > chan->omtu)
@@ -3592,6 +3829,23 @@ static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3592 return ptr - data; 3829 return ptr - data;
3593} 3830}
3594 3831
3832void __l2cap_le_connect_rsp_defer(struct l2cap_chan *chan)
3833{
3834 struct l2cap_le_conn_rsp rsp;
3835 struct l2cap_conn *conn = chan->conn;
3836
3837 BT_DBG("chan %p", chan);
3838
3839 rsp.dcid = cpu_to_le16(chan->scid);
3840 rsp.mtu = cpu_to_le16(chan->imtu);
3841 rsp.mps = cpu_to_le16(chan->mps);
3842 rsp.credits = cpu_to_le16(chan->rx_credits);
3843 rsp.result = __constant_cpu_to_le16(L2CAP_CR_SUCCESS);
3844
3845 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
3846 &rsp);
3847}
3848
3595void __l2cap_connect_rsp_defer(struct l2cap_chan *chan) 3849void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
3596{ 3850{
3597 struct l2cap_conn_rsp rsp; 3851 struct l2cap_conn_rsp rsp;
@@ -3713,7 +3967,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
3713 3967
3714 /* Check if we have socket listening on psm */ 3968 /* Check if we have socket listening on psm */
3715 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, 3969 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src,
3716 &conn->hcon->dst); 3970 &conn->hcon->dst, ACL_LINK);
3717 if (!pchan) { 3971 if (!pchan) {
3718 result = L2CAP_CR_BAD_PSM; 3972 result = L2CAP_CR_BAD_PSM;
3719 goto sendresp; 3973 goto sendresp;
@@ -5155,18 +5409,17 @@ static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
5155 5409
5156static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, 5410static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
5157 struct l2cap_cmd_hdr *cmd, 5411 struct l2cap_cmd_hdr *cmd,
5158 u8 *data) 5412 u16 cmd_len, u8 *data)
5159{ 5413{
5160 struct hci_conn *hcon = conn->hcon; 5414 struct hci_conn *hcon = conn->hcon;
5161 struct l2cap_conn_param_update_req *req; 5415 struct l2cap_conn_param_update_req *req;
5162 struct l2cap_conn_param_update_rsp rsp; 5416 struct l2cap_conn_param_update_rsp rsp;
5163 u16 min, max, latency, to_multiplier, cmd_len; 5417 u16 min, max, latency, to_multiplier;
5164 int err; 5418 int err;
5165 5419
5166 if (!(hcon->link_mode & HCI_LM_MASTER)) 5420 if (!(hcon->link_mode & HCI_LM_MASTER))
5167 return -EINVAL; 5421 return -EINVAL;
5168 5422
5169 cmd_len = __le16_to_cpu(cmd->len);
5170 if (cmd_len != sizeof(struct l2cap_conn_param_update_req)) 5423 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
5171 return -EPROTO; 5424 return -EPROTO;
5172 5425
@@ -5196,6 +5449,65 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
5196 return 0; 5449 return 0;
5197} 5450}
5198 5451
5452static int l2cap_le_connect_rsp(struct l2cap_conn *conn,
5453 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5454 u8 *data)
5455{
5456 struct l2cap_le_conn_rsp *rsp = (struct l2cap_le_conn_rsp *) data;
5457 u16 dcid, mtu, mps, credits, result;
5458 struct l2cap_chan *chan;
5459 int err;
5460
5461 if (cmd_len < sizeof(*rsp))
5462 return -EPROTO;
5463
5464 dcid = __le16_to_cpu(rsp->dcid);
5465 mtu = __le16_to_cpu(rsp->mtu);
5466 mps = __le16_to_cpu(rsp->mps);
5467 credits = __le16_to_cpu(rsp->credits);
5468 result = __le16_to_cpu(rsp->result);
5469
5470 if (result == L2CAP_CR_SUCCESS && (mtu < 23 || mps < 23))
5471 return -EPROTO;
5472
5473 BT_DBG("dcid 0x%4.4x mtu %u mps %u credits %u result 0x%2.2x",
5474 dcid, mtu, mps, credits, result);
5475
5476 mutex_lock(&conn->chan_lock);
5477
5478 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5479 if (!chan) {
5480 err = -EBADSLT;
5481 goto unlock;
5482 }
5483
5484 err = 0;
5485
5486 l2cap_chan_lock(chan);
5487
5488 switch (result) {
5489 case L2CAP_CR_SUCCESS:
5490 chan->ident = 0;
5491 chan->dcid = dcid;
5492 chan->omtu = mtu;
5493 chan->remote_mps = mps;
5494 chan->tx_credits = credits;
5495 l2cap_chan_ready(chan);
5496 break;
5497
5498 default:
5499 l2cap_chan_del(chan, ECONNREFUSED);
5500 break;
5501 }
5502
5503 l2cap_chan_unlock(chan);
5504
5505unlock:
5506 mutex_unlock(&conn->chan_lock);
5507
5508 return err;
5509}
5510
5199static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, 5511static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
5200 struct l2cap_cmd_hdr *cmd, u16 cmd_len, 5512 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5201 u8 *data) 5513 u8 *data)
@@ -5276,23 +5588,235 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
5276 return err; 5588 return err;
5277} 5589}
5278 5590
5591static int l2cap_le_connect_req(struct l2cap_conn *conn,
5592 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5593 u8 *data)
5594{
5595 struct l2cap_le_conn_req *req = (struct l2cap_le_conn_req *) data;
5596 struct l2cap_le_conn_rsp rsp;
5597 struct l2cap_chan *chan, *pchan;
5598 u16 dcid, scid, credits, mtu, mps;
5599 __le16 psm;
5600 u8 result;
5601
5602 if (cmd_len != sizeof(*req))
5603 return -EPROTO;
5604
5605 scid = __le16_to_cpu(req->scid);
5606 mtu = __le16_to_cpu(req->mtu);
5607 mps = __le16_to_cpu(req->mps);
5608 psm = req->psm;
5609 dcid = 0;
5610 credits = 0;
5611
5612 if (mtu < 23 || mps < 23)
5613 return -EPROTO;
5614
5615 BT_DBG("psm 0x%2.2x scid 0x%4.4x mtu %u mps %u", __le16_to_cpu(psm),
5616 scid, mtu, mps);
5617
5618 /* Check if we have socket listening on psm */
5619 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src,
5620 &conn->hcon->dst, LE_LINK);
5621 if (!pchan) {
5622 result = L2CAP_CR_BAD_PSM;
5623 chan = NULL;
5624 goto response;
5625 }
5626
5627 mutex_lock(&conn->chan_lock);
5628 l2cap_chan_lock(pchan);
5629
5630 if (!smp_sufficient_security(conn->hcon, pchan->sec_level)) {
5631 result = L2CAP_CR_AUTHENTICATION;
5632 chan = NULL;
5633 goto response_unlock;
5634 }
5635
5636 /* Check if we already have channel with that dcid */
5637 if (__l2cap_get_chan_by_dcid(conn, scid)) {
5638 result = L2CAP_CR_NO_MEM;
5639 chan = NULL;
5640 goto response_unlock;
5641 }
5642
5643 chan = pchan->ops->new_connection(pchan);
5644 if (!chan) {
5645 result = L2CAP_CR_NO_MEM;
5646 goto response_unlock;
5647 }
5648
5649 l2cap_le_flowctl_init(chan);
5650
5651 bacpy(&chan->src, &conn->hcon->src);
5652 bacpy(&chan->dst, &conn->hcon->dst);
5653 chan->src_type = bdaddr_type(conn->hcon, conn->hcon->src_type);
5654 chan->dst_type = bdaddr_type(conn->hcon, conn->hcon->dst_type);
5655 chan->psm = psm;
5656 chan->dcid = scid;
5657 chan->omtu = mtu;
5658 chan->remote_mps = mps;
5659 chan->tx_credits = __le16_to_cpu(req->credits);
5660
5661 __l2cap_chan_add(conn, chan);
5662 dcid = chan->scid;
5663 credits = chan->rx_credits;
5664
5665 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
5666
5667 chan->ident = cmd->ident;
5668
5669 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
5670 l2cap_state_change(chan, BT_CONNECT2);
5671 result = L2CAP_CR_PEND;
5672 chan->ops->defer(chan);
5673 } else {
5674 l2cap_chan_ready(chan);
5675 result = L2CAP_CR_SUCCESS;
5676 }
5677
5678response_unlock:
5679 l2cap_chan_unlock(pchan);
5680 mutex_unlock(&conn->chan_lock);
5681
5682 if (result == L2CAP_CR_PEND)
5683 return 0;
5684
5685response:
5686 if (chan) {
5687 rsp.mtu = cpu_to_le16(chan->imtu);
5688 rsp.mps = cpu_to_le16(chan->mps);
5689 } else {
5690 rsp.mtu = 0;
5691 rsp.mps = 0;
5692 }
5693
5694 rsp.dcid = cpu_to_le16(dcid);
5695 rsp.credits = cpu_to_le16(credits);
5696 rsp.result = cpu_to_le16(result);
5697
5698 l2cap_send_cmd(conn, cmd->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), &rsp);
5699
5700 return 0;
5701}
5702
5703static inline int l2cap_le_credits(struct l2cap_conn *conn,
5704 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5705 u8 *data)
5706{
5707 struct l2cap_le_credits *pkt;
5708 struct l2cap_chan *chan;
5709 u16 cid, credits;
5710
5711 if (cmd_len != sizeof(*pkt))
5712 return -EPROTO;
5713
5714 pkt = (struct l2cap_le_credits *) data;
5715 cid = __le16_to_cpu(pkt->cid);
5716 credits = __le16_to_cpu(pkt->credits);
5717
5718 BT_DBG("cid 0x%4.4x credits 0x%4.4x", cid, credits);
5719
5720 chan = l2cap_get_chan_by_dcid(conn, cid);
5721 if (!chan)
5722 return -EBADSLT;
5723
5724 chan->tx_credits += credits;
5725
5726 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
5727 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
5728 chan->tx_credits--;
5729 }
5730
5731 if (chan->tx_credits)
5732 chan->ops->resume(chan);
5733
5734 l2cap_chan_unlock(chan);
5735
5736 return 0;
5737}
5738
5739static inline int l2cap_le_command_rej(struct l2cap_conn *conn,
5740 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5741 u8 *data)
5742{
5743 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
5744 struct l2cap_chan *chan;
5745
5746 if (cmd_len < sizeof(*rej))
5747 return -EPROTO;
5748
5749 mutex_lock(&conn->chan_lock);
5750
5751 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5752 if (!chan)
5753 goto done;
5754
5755 l2cap_chan_lock(chan);
5756 l2cap_chan_del(chan, ECONNREFUSED);
5757 l2cap_chan_unlock(chan);
5758
5759done:
5760 mutex_unlock(&conn->chan_lock);
5761 return 0;
5762}
5763
5279static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn, 5764static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
5280 struct l2cap_cmd_hdr *cmd, u8 *data) 5765 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
5766 u8 *data)
5281{ 5767{
5768 int err = 0;
5769
5770 if (!enable_lecoc) {
5771 switch (cmd->code) {
5772 case L2CAP_LE_CONN_REQ:
5773 case L2CAP_LE_CONN_RSP:
5774 case L2CAP_LE_CREDITS:
5775 case L2CAP_DISCONN_REQ:
5776 case L2CAP_DISCONN_RSP:
5777 return -EINVAL;
5778 }
5779 }
5780
5282 switch (cmd->code) { 5781 switch (cmd->code) {
5283 case L2CAP_COMMAND_REJ: 5782 case L2CAP_COMMAND_REJ:
5284 return 0; 5783 l2cap_le_command_rej(conn, cmd, cmd_len, data);
5784 break;
5285 5785
5286 case L2CAP_CONN_PARAM_UPDATE_REQ: 5786 case L2CAP_CONN_PARAM_UPDATE_REQ:
5287 return l2cap_conn_param_update_req(conn, cmd, data); 5787 err = l2cap_conn_param_update_req(conn, cmd, cmd_len, data);
5788 break;
5288 5789
5289 case L2CAP_CONN_PARAM_UPDATE_RSP: 5790 case L2CAP_CONN_PARAM_UPDATE_RSP:
5290 return 0; 5791 break;
5792
5793 case L2CAP_LE_CONN_RSP:
5794 l2cap_le_connect_rsp(conn, cmd, cmd_len, data);
5795 break;
5796
5797 case L2CAP_LE_CONN_REQ:
5798 err = l2cap_le_connect_req(conn, cmd, cmd_len, data);
5799 break;
5800
5801 case L2CAP_LE_CREDITS:
5802 err = l2cap_le_credits(conn, cmd, cmd_len, data);
5803 break;
5804
5805 case L2CAP_DISCONN_REQ:
5806 err = l2cap_disconnect_req(conn, cmd, cmd_len, data);
5807 break;
5808
5809 case L2CAP_DISCONN_RSP:
5810 l2cap_disconnect_rsp(conn, cmd, cmd_len, data);
5811 break;
5291 5812
5292 default: 5813 default:
5293 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code); 5814 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
5294 return -EINVAL; 5815 err = -EINVAL;
5816 break;
5295 } 5817 }
5818
5819 return err;
5296} 5820}
5297 5821
5298static inline void l2cap_le_sig_channel(struct l2cap_conn *conn, 5822static inline void l2cap_le_sig_channel(struct l2cap_conn *conn,
@@ -5321,7 +5845,7 @@ static inline void l2cap_le_sig_channel(struct l2cap_conn *conn,
5321 goto drop; 5845 goto drop;
5322 } 5846 }
5323 5847
5324 err = l2cap_le_sig_cmd(conn, cmd, skb->data); 5848 err = l2cap_le_sig_cmd(conn, cmd, len, skb->data);
5325 if (err) { 5849 if (err) {
5326 struct l2cap_cmd_rej_unk rej; 5850 struct l2cap_cmd_rej_unk rej;
5327 5851
@@ -6312,6 +6836,121 @@ drop:
6312 return 0; 6836 return 0;
6313} 6837}
6314 6838
6839static void l2cap_chan_le_send_credits(struct l2cap_chan *chan)
6840{
6841 struct l2cap_conn *conn = chan->conn;
6842 struct l2cap_le_credits pkt;
6843 u16 return_credits;
6844
6845 /* We return more credits to the sender only after the amount of
6846 * credits falls below half of the initial amount.
6847 */
6848 if (chan->rx_credits >= (le_max_credits + 1) / 2)
6849 return;
6850
6851 return_credits = le_max_credits - chan->rx_credits;
6852
6853 BT_DBG("chan %p returning %u credits to sender", chan, return_credits);
6854
6855 chan->rx_credits += return_credits;
6856
6857 pkt.cid = cpu_to_le16(chan->scid);
6858 pkt.credits = cpu_to_le16(return_credits);
6859
6860 chan->ident = l2cap_get_ident(conn);
6861
6862 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt);
6863}
6864
6865static int l2cap_le_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6866{
6867 int err;
6868
6869 if (!chan->rx_credits) {
6870 BT_ERR("No credits to receive LE L2CAP data");
6871 return -ENOBUFS;
6872 }
6873
6874 if (chan->imtu < skb->len) {
6875 BT_ERR("Too big LE L2CAP PDU");
6876 return -ENOBUFS;
6877 }
6878
6879 chan->rx_credits--;
6880 BT_DBG("rx_credits %u -> %u", chan->rx_credits + 1, chan->rx_credits);
6881
6882 l2cap_chan_le_send_credits(chan);
6883
6884 err = 0;
6885
6886 if (!chan->sdu) {
6887 u16 sdu_len;
6888
6889 sdu_len = get_unaligned_le16(skb->data);
6890 skb_pull(skb, L2CAP_SDULEN_SIZE);
6891
6892 BT_DBG("Start of new SDU. sdu_len %u skb->len %u imtu %u",
6893 sdu_len, skb->len, chan->imtu);
6894
6895 if (sdu_len > chan->imtu) {
6896 BT_ERR("Too big LE L2CAP SDU length received");
6897 err = -EMSGSIZE;
6898 goto failed;
6899 }
6900
6901 if (skb->len > sdu_len) {
6902 BT_ERR("Too much LE L2CAP data received");
6903 err = -EINVAL;
6904 goto failed;
6905 }
6906
6907 if (skb->len == sdu_len)
6908 return chan->ops->recv(chan, skb);
6909
6910 chan->sdu = skb;
6911 chan->sdu_len = sdu_len;
6912 chan->sdu_last_frag = skb;
6913
6914 return 0;
6915 }
6916
6917 BT_DBG("SDU fragment. chan->sdu->len %u skb->len %u chan->sdu_len %u",
6918 chan->sdu->len, skb->len, chan->sdu_len);
6919
6920 if (chan->sdu->len + skb->len > chan->sdu_len) {
6921 BT_ERR("Too much LE L2CAP data received");
6922 err = -EINVAL;
6923 goto failed;
6924 }
6925
6926 append_skb_frag(chan->sdu, skb, &chan->sdu_last_frag);
6927 skb = NULL;
6928
6929 if (chan->sdu->len == chan->sdu_len) {
6930 err = chan->ops->recv(chan, chan->sdu);
6931 if (!err) {
6932 chan->sdu = NULL;
6933 chan->sdu_last_frag = NULL;
6934 chan->sdu_len = 0;
6935 }
6936 }
6937
6938failed:
6939 if (err) {
6940 kfree_skb(skb);
6941 kfree_skb(chan->sdu);
6942 chan->sdu = NULL;
6943 chan->sdu_last_frag = NULL;
6944 chan->sdu_len = 0;
6945 }
6946
6947 /* We can't return an error here since we took care of the skb
6948 * freeing internally. An error return would cause the caller to
6949 * do a double-free of the skb.
6950 */
6951 return 0;
6952}
6953
6315static void l2cap_data_channel(struct l2cap_conn *conn, u16 cid, 6954static void l2cap_data_channel(struct l2cap_conn *conn, u16 cid,
6316 struct sk_buff *skb) 6955 struct sk_buff *skb)
6317{ 6956{
@@ -6341,6 +6980,12 @@ static void l2cap_data_channel(struct l2cap_conn *conn, u16 cid,
6341 goto drop; 6980 goto drop;
6342 6981
6343 switch (chan->mode) { 6982 switch (chan->mode) {
6983 case L2CAP_MODE_LE_FLOWCTL:
6984 if (l2cap_le_data_rcv(chan, skb) < 0)
6985 goto drop;
6986
6987 goto done;
6988
6344 case L2CAP_MODE_BASIC: 6989 case L2CAP_MODE_BASIC:
6345 /* If socket recv buffers overflows we drop data here 6990 /* If socket recv buffers overflows we drop data here
6346 * which is *bad* because L2CAP has to be reliable. 6991 * which is *bad* because L2CAP has to be reliable.
@@ -6380,7 +7025,8 @@ static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm,
6380 if (hcon->type != ACL_LINK) 7025 if (hcon->type != ACL_LINK)
6381 goto drop; 7026 goto drop;
6382 7027
6383 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst); 7028 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst,
7029 ACL_LINK);
6384 if (!chan) 7030 if (!chan)
6385 goto drop; 7031 goto drop;
6386 7032
@@ -6612,11 +7258,10 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
6612 } 7258 }
6613 7259
6614 if (chan->state == BT_CONNECT) { 7260 if (chan->state == BT_CONNECT) {
6615 if (!status) { 7261 if (!status)
6616 l2cap_start_connection(chan); 7262 l2cap_start_connection(chan);
6617 } else { 7263 else
6618 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT); 7264 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
6619 }
6620 } else if (chan->state == BT_CONNECT2) { 7265 } else if (chan->state == BT_CONNECT2) {
6621 struct l2cap_conn_rsp rsp; 7266 struct l2cap_conn_rsp rsp;
6622 __u16 res, stat; 7267 __u16 res, stat;
@@ -6817,6 +7462,11 @@ int __init l2cap_init(void)
6817 l2cap_debugfs = debugfs_create_file("l2cap", 0444, bt_debugfs, 7462 l2cap_debugfs = debugfs_create_file("l2cap", 0444, bt_debugfs,
6818 NULL, &l2cap_debugfs_fops); 7463 NULL, &l2cap_debugfs_fops);
6819 7464
7465 debugfs_create_u16("l2cap_le_max_credits", 0466, bt_debugfs,
7466 &le_max_credits);
7467 debugfs_create_u16("l2cap_le_default_mps", 0466, bt_debugfs,
7468 &le_default_mps);
7469
6820 return 0; 7470 return 0;
6821} 7471}
6822 7472
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 7cc24d263caa..e7806e6d282c 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -27,6 +27,7 @@
27 27
28/* Bluetooth L2CAP sockets. */ 28/* Bluetooth L2CAP sockets. */
29 29
30#include <linux/module.h>
30#include <linux/export.h> 31#include <linux/export.h>
31 32
32#include <net/bluetooth/bluetooth.h> 33#include <net/bluetooth/bluetooth.h>
@@ -35,6 +36,8 @@
35 36
36#include "smp.h" 37#include "smp.h"
37 38
39bool enable_lecoc;
40
38static struct bt_sock_list l2cap_sk_list = { 41static struct bt_sock_list l2cap_sk_list = {
39 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) 42 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
40}; 43};
@@ -50,6 +53,32 @@ bool l2cap_is_socket(struct socket *sock)
50} 53}
51EXPORT_SYMBOL(l2cap_is_socket); 54EXPORT_SYMBOL(l2cap_is_socket);
52 55
56static int l2cap_validate_bredr_psm(u16 psm)
57{
58 /* PSM must be odd and lsb of upper byte must be 0 */
59 if ((psm & 0x0101) != 0x0001)
60 return -EINVAL;
61
62 /* Restrict usage of well-known PSMs */
63 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE))
64 return -EACCES;
65
66 return 0;
67}
68
69static int l2cap_validate_le_psm(u16 psm)
70{
71 /* Valid LE_PSM ranges are defined only until 0x00ff */
72 if (psm > 0x00ff)
73 return -EINVAL;
74
75 /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */
76 if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE))
77 return -EACCES;
78
79 return 0;
80}
81
53static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 82static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
54{ 83{
55 struct sock *sk = sock->sk; 84 struct sock *sk = sock->sk;
@@ -73,11 +102,11 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
73 return -EINVAL; 102 return -EINVAL;
74 103
75 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 104 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
76 /* Connection oriented channels are not supported on LE */ 105 if (!enable_lecoc && la.l2_psm)
77 if (la.l2_psm)
78 return -EINVAL; 106 return -EINVAL;
79 /* We only allow ATT user space socket */ 107 /* We only allow ATT user space socket */
80 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 108 if (la.l2_cid &&
109 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
81 return -EINVAL; 110 return -EINVAL;
82 } 111 }
83 112
@@ -91,17 +120,13 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
91 if (la.l2_psm) { 120 if (la.l2_psm) {
92 __u16 psm = __le16_to_cpu(la.l2_psm); 121 __u16 psm = __le16_to_cpu(la.l2_psm);
93 122
94 /* PSM must be odd and lsb of upper byte must be 0 */ 123 if (la.l2_bdaddr_type == BDADDR_BREDR)
95 if ((psm & 0x0101) != 0x0001) { 124 err = l2cap_validate_bredr_psm(psm);
96 err = -EINVAL; 125 else
97 goto done; 126 err = l2cap_validate_le_psm(psm);
98 }
99 127
100 /* Restrict usage of well-known PSMs */ 128 if (err)
101 if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) {
102 err = -EACCES;
103 goto done; 129 goto done;
104 }
105 } 130 }
106 131
107 if (la.l2_cid) 132 if (la.l2_cid)
@@ -127,6 +152,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
127 bacpy(&chan->src, &la.l2_bdaddr); 152 bacpy(&chan->src, &la.l2_bdaddr);
128 chan->src_type = la.l2_bdaddr_type; 153 chan->src_type = la.l2_bdaddr_type;
129 154
155 if (chan->psm && bdaddr_type_is_le(chan->src_type))
156 chan->mode = L2CAP_MODE_LE_FLOWCTL;
157
130 chan->state = BT_BOUND; 158 chan->state = BT_BOUND;
131 sk->sk_state = BT_BOUND; 159 sk->sk_state = BT_BOUND;
132 160
@@ -189,14 +217,17 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
189 return -EINVAL; 217 return -EINVAL;
190 218
191 if (bdaddr_type_is_le(la.l2_bdaddr_type)) { 219 if (bdaddr_type_is_le(la.l2_bdaddr_type)) {
192 /* Connection oriented channels are not supported on LE */ 220 if (!enable_lecoc && la.l2_psm)
193 if (la.l2_psm)
194 return -EINVAL; 221 return -EINVAL;
195 /* We only allow ATT user space socket */ 222 /* We only allow ATT user space socket */
196 if (la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) 223 if (la.l2_cid &&
224 la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT))
197 return -EINVAL; 225 return -EINVAL;
198 } 226 }
199 227
228 if (chan->psm && bdaddr_type_is_le(chan->src_type))
229 chan->mode = L2CAP_MODE_LE_FLOWCTL;
230
200 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid), 231 err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
201 &la.l2_bdaddr, la.l2_bdaddr_type); 232 &la.l2_bdaddr, la.l2_bdaddr_type);
202 if (err) 233 if (err)
@@ -234,6 +265,7 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
234 265
235 switch (chan->mode) { 266 switch (chan->mode) {
236 case L2CAP_MODE_BASIC: 267 case L2CAP_MODE_BASIC:
268 case L2CAP_MODE_LE_FLOWCTL:
237 break; 269 break;
238 case L2CAP_MODE_ERTM: 270 case L2CAP_MODE_ERTM:
239 case L2CAP_MODE_STREAMING: 271 case L2CAP_MODE_STREAMING:
@@ -360,6 +392,16 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
360 392
361 switch (optname) { 393 switch (optname) {
362 case L2CAP_OPTIONS: 394 case L2CAP_OPTIONS:
395 /* LE sockets should use BT_SNDMTU/BT_RCVMTU, but since
396 * legacy ATT code depends on getsockopt for
397 * L2CAP_OPTIONS we need to let this pass.
398 */
399 if (bdaddr_type_is_le(chan->src_type) &&
400 chan->scid != L2CAP_CID_ATT) {
401 err = -EINVAL;
402 break;
403 }
404
363 memset(&opts, 0, sizeof(opts)); 405 memset(&opts, 0, sizeof(opts));
364 opts.imtu = chan->imtu; 406 opts.imtu = chan->imtu;
365 opts.omtu = chan->omtu; 407 opts.omtu = chan->omtu;
@@ -514,6 +556,41 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname,
514 err = -EFAULT; 556 err = -EFAULT;
515 break; 557 break;
516 558
559 case BT_SNDMTU:
560 if (!enable_lecoc) {
561 err = -EPROTONOSUPPORT;
562 break;
563 }
564
565 if (!bdaddr_type_is_le(chan->src_type)) {
566 err = -EINVAL;
567 break;
568 }
569
570 if (sk->sk_state != BT_CONNECTED) {
571 err = -ENOTCONN;
572 break;
573 }
574
575 if (put_user(chan->omtu, (u16 __user *) optval))
576 err = -EFAULT;
577 break;
578
579 case BT_RCVMTU:
580 if (!enable_lecoc) {
581 err = -EPROTONOSUPPORT;
582 break;
583 }
584
585 if (!bdaddr_type_is_le(chan->src_type)) {
586 err = -EINVAL;
587 break;
588 }
589
590 if (put_user(chan->imtu, (u16 __user *) optval))
591 err = -EFAULT;
592 break;
593
517 default: 594 default:
518 err = -ENOPROTOOPT; 595 err = -ENOPROTOOPT;
519 break; 596 break;
@@ -554,6 +631,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
554 631
555 switch (optname) { 632 switch (optname) {
556 case L2CAP_OPTIONS: 633 case L2CAP_OPTIONS:
634 if (bdaddr_type_is_le(chan->src_type)) {
635 err = -EINVAL;
636 break;
637 }
638
557 if (sk->sk_state == BT_CONNECTED) { 639 if (sk->sk_state == BT_CONNECTED) {
558 err = -EINVAL; 640 err = -EINVAL;
559 break; 641 break;
@@ -585,6 +667,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
585 667
586 chan->mode = opts.mode; 668 chan->mode = opts.mode;
587 switch (chan->mode) { 669 switch (chan->mode) {
670 case L2CAP_MODE_LE_FLOWCTL:
671 break;
588 case L2CAP_MODE_BASIC: 672 case L2CAP_MODE_BASIC:
589 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); 673 clear_bit(CONF_STATE2_DEVICE, &chan->conf_state);
590 break; 674 break;
@@ -807,6 +891,47 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
807 891
808 break; 892 break;
809 893
894 case BT_SNDMTU:
895 if (!enable_lecoc) {
896 err = -EPROTONOSUPPORT;
897 break;
898 }
899
900 if (!bdaddr_type_is_le(chan->src_type)) {
901 err = -EINVAL;
902 break;
903 }
904
905 /* Setting is not supported as it's the remote side that
906 * decides this.
907 */
908 err = -EPERM;
909 break;
910
911 case BT_RCVMTU:
912 if (!enable_lecoc) {
913 err = -EPROTONOSUPPORT;
914 break;
915 }
916
917 if (!bdaddr_type_is_le(chan->src_type)) {
918 err = -EINVAL;
919 break;
920 }
921
922 if (sk->sk_state == BT_CONNECTED) {
923 err = -EISCONN;
924 break;
925 }
926
927 if (get_user(opt, (u32 __user *) optval)) {
928 err = -EFAULT;
929 break;
930 }
931
932 chan->imtu = opt;
933 break;
934
810 default: 935 default:
811 err = -ENOPROTOOPT; 936 err = -ENOPROTOOPT;
812 break; 937 break;
@@ -859,10 +984,16 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
859 984
860 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, 985 if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP,
861 &bt_sk(sk)->flags)) { 986 &bt_sk(sk)->flags)) {
862 sk->sk_state = BT_CONFIG; 987 if (bdaddr_type_is_le(pi->chan->src_type)) {
863 pi->chan->state = BT_CONFIG; 988 sk->sk_state = BT_CONNECTED;
989 pi->chan->state = BT_CONNECTED;
990 __l2cap_le_connect_rsp_defer(pi->chan);
991 } else {
992 sk->sk_state = BT_CONFIG;
993 pi->chan->state = BT_CONFIG;
994 __l2cap_connect_rsp_defer(pi->chan);
995 }
864 996
865 __l2cap_connect_rsp_defer(pi->chan);
866 err = 0; 997 err = 0;
867 goto done; 998 goto done;
868 } 999 }
@@ -1236,6 +1367,14 @@ static long l2cap_sock_get_sndtimeo_cb(struct l2cap_chan *chan)
1236 return sk->sk_sndtimeo; 1367 return sk->sk_sndtimeo;
1237} 1368}
1238 1369
1370static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
1371{
1372 struct sock *sk = chan->data;
1373
1374 set_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
1375 sk->sk_state_change(sk);
1376}
1377
1239static struct l2cap_ops l2cap_chan_ops = { 1378static struct l2cap_ops l2cap_chan_ops = {
1240 .name = "L2CAP Socket Interface", 1379 .name = "L2CAP Socket Interface",
1241 .new_connection = l2cap_sock_new_connection_cb, 1380 .new_connection = l2cap_sock_new_connection_cb,
@@ -1246,6 +1385,7 @@ static struct l2cap_ops l2cap_chan_ops = {
1246 .ready = l2cap_sock_ready_cb, 1385 .ready = l2cap_sock_ready_cb,
1247 .defer = l2cap_sock_defer_cb, 1386 .defer = l2cap_sock_defer_cb,
1248 .resume = l2cap_sock_resume_cb, 1387 .resume = l2cap_sock_resume_cb,
1388 .suspend = l2cap_sock_suspend_cb,
1249 .set_shutdown = l2cap_sock_set_shutdown_cb, 1389 .set_shutdown = l2cap_sock_set_shutdown_cb,
1250 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb, 1390 .get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1251 .alloc_skb = l2cap_sock_alloc_skb_cb, 1391 .alloc_skb = l2cap_sock_alloc_skb_cb,
@@ -1303,6 +1443,8 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent)
1303 chan->tx_win_max = pchan->tx_win_max; 1443 chan->tx_win_max = pchan->tx_win_max;
1304 chan->sec_level = pchan->sec_level; 1444 chan->sec_level = pchan->sec_level;
1305 chan->flags = pchan->flags; 1445 chan->flags = pchan->flags;
1446 chan->tx_credits = pchan->tx_credits;
1447 chan->rx_credits = pchan->rx_credits;
1306 1448
1307 security_sk_clone(parent, sk); 1449 security_sk_clone(parent, sk);
1308 } else { 1450 } else {
@@ -1469,3 +1611,6 @@ void l2cap_cleanup_sockets(void)
1469 bt_sock_unregister(BTPROTO_L2CAP); 1611 bt_sock_unregister(BTPROTO_L2CAP);
1470 proto_unregister(&l2cap_proto); 1612 proto_unregister(&l2cap_proto);
1471} 1613}
1614
1615module_param(enable_lecoc, bool, 0644);
1616MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC");
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 074d83690a41..a03ca3ca91bf 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1264,7 +1264,7 @@ static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1264 1264
1265 if (cp->val == 0x02) { 1265 if (cp->val == 0x02) {
1266 /* Limited discoverable mode */ 1266 /* Limited discoverable mode */
1267 hci_cp.num_iac = 2; 1267 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1268 hci_cp.iac_lap[0] = 0x00; /* LIAC */ 1268 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1269 hci_cp.iac_lap[1] = 0x8b; 1269 hci_cp.iac_lap[1] = 0x8b;
1270 hci_cp.iac_lap[2] = 0x9e; 1270 hci_cp.iac_lap[2] = 0x9e;
@@ -4595,6 +4595,9 @@ void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4595 struct mgmt_ev_device_disconnected ev; 4595 struct mgmt_ev_device_disconnected ev;
4596 struct sock *sk = NULL; 4596 struct sock *sk = NULL;
4597 4597
4598 if (link_type != ACL_LINK && link_type != LE_LINK)
4599 return;
4600
4598 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 4601 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4599 4602
4600 bacpy(&ev.addr.bdaddr, bdaddr); 4603 bacpy(&ev.addr.bdaddr, bdaddr);
@@ -4613,6 +4616,8 @@ void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4613void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, 4616void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4614 u8 link_type, u8 addr_type, u8 status) 4617 u8 link_type, u8 addr_type, u8 status)
4615{ 4618{
4619 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4620 struct mgmt_cp_disconnect *cp;
4616 struct mgmt_rp_disconnect rp; 4621 struct mgmt_rp_disconnect rp;
4617 struct pending_cmd *cmd; 4622 struct pending_cmd *cmd;
4618 4623
@@ -4623,8 +4628,16 @@ void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4623 if (!cmd) 4628 if (!cmd)
4624 return; 4629 return;
4625 4630
4631 cp = cmd->param;
4632
4633 if (bacmp(bdaddr, &cp->addr.bdaddr))
4634 return;
4635
4636 if (cp->addr.type != bdaddr_type)
4637 return;
4638
4626 bacpy(&rp.addr.bdaddr, bdaddr); 4639 bacpy(&rp.addr.bdaddr, bdaddr);
4627 rp.addr.type = link_to_bdaddr(link_type, addr_type); 4640 rp.addr.type = bdaddr_type;
4628 4641
4629 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 4642 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4630 mgmt_status(status), &rp, sizeof(rp)); 4643 mgmt_status(status), &rp, sizeof(rp));
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 4b07acb8293c..45007362683b 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -53,8 +53,7 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
53{ 53{
54 struct blkcipher_desc desc; 54 struct blkcipher_desc desc;
55 struct scatterlist sg; 55 struct scatterlist sg;
56 int err, iv_len; 56 int err;
57 unsigned char iv[128];
58 57
59 if (tfm == NULL) { 58 if (tfm == NULL) {
60 BT_ERR("tfm %p", tfm); 59 BT_ERR("tfm %p", tfm);
@@ -72,12 +71,6 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r)
72 71
73 sg_init_one(&sg, r, 16); 72 sg_init_one(&sg, r, 16);
74 73
75 iv_len = crypto_blkcipher_ivsize(tfm);
76 if (iv_len) {
77 memset(&iv, 0xff, iv_len);
78 crypto_blkcipher_set_iv(tfm, iv, iv_len);
79 }
80
81 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); 74 err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16);
82 if (err) 75 if (err)
83 BT_ERR("Encrypt data error %d", err); 76 BT_ERR("Encrypt data error %d", err);
@@ -143,13 +136,6 @@ static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], u8 r1[16],
143 return err; 136 return err;
144} 137}
145 138
146static int smp_rand(u8 *buf)
147{
148 get_random_bytes(buf, 16);
149
150 return 0;
151}
152
153static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code, 139static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
154 u16 dlen, void *data) 140 u16 dlen, void *data)
155{ 141{
@@ -257,11 +243,11 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
257 return 0; 243 return 0;
258} 244}
259 245
260static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send) 246static void smp_failure(struct l2cap_conn *conn, u8 reason)
261{ 247{
262 struct hci_conn *hcon = conn->hcon; 248 struct hci_conn *hcon = conn->hcon;
263 249
264 if (send) 250 if (reason)
265 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), 251 smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason),
266 &reason); 252 &reason);
267 253
@@ -406,7 +392,7 @@ static void confirm_work(struct work_struct *work)
406 return; 392 return;
407 393
408error: 394error:
409 smp_failure(conn, reason, 1); 395 smp_failure(conn, reason);
410} 396}
411 397
412static void random_work(struct work_struct *work) 398static void random_work(struct work_struct *work)
@@ -490,7 +476,7 @@ static void random_work(struct work_struct *work)
490 return; 476 return;
491 477
492error: 478error:
493 smp_failure(conn, reason, 1); 479 smp_failure(conn, reason);
494} 480}
495 481
496static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) 482static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
@@ -555,10 +541,10 @@ int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
555 break; 541 break;
556 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 542 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
557 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 543 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
558 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1); 544 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
559 return 0; 545 return 0;
560 default: 546 default:
561 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED, 1); 547 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
562 return -EOPNOTSUPP; 548 return -EOPNOTSUPP;
563 } 549 }
564 550
@@ -606,9 +592,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
606 if (check_enc_key_size(conn, key_size)) 592 if (check_enc_key_size(conn, key_size))
607 return SMP_ENC_KEY_SIZE; 593 return SMP_ENC_KEY_SIZE;
608 594
609 ret = smp_rand(smp->prnd); 595 get_random_bytes(smp->prnd, sizeof(smp->prnd));
610 if (ret)
611 return SMP_UNSPECIFIED;
612 596
613 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 597 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
614 memcpy(&smp->prsp[1], &rsp, sizeof(rsp)); 598 memcpy(&smp->prsp[1], &rsp, sizeof(rsp));
@@ -644,9 +628,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
644 if (check_enc_key_size(conn, key_size)) 628 if (check_enc_key_size(conn, key_size))
645 return SMP_ENC_KEY_SIZE; 629 return SMP_ENC_KEY_SIZE;
646 630
647 ret = smp_rand(smp->prnd); 631 get_random_bytes(smp->prnd, sizeof(smp->prnd));
648 if (ret)
649 return SMP_UNSPECIFIED;
650 632
651 smp->prsp[0] = SMP_CMD_PAIRING_RSP; 633 smp->prsp[0] = SMP_CMD_PAIRING_RSP;
652 memcpy(&smp->prsp[1], rsp, sizeof(*rsp)); 634 memcpy(&smp->prsp[1], rsp, sizeof(*rsp));
@@ -768,6 +750,17 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
768 return 0; 750 return 0;
769} 751}
770 752
753bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
754{
755 if (sec_level == BT_SECURITY_LOW)
756 return true;
757
758 if (hcon->sec_level >= sec_level)
759 return true;
760
761 return false;
762}
763
771int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) 764int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
772{ 765{
773 struct l2cap_conn *conn = hcon->l2cap_data; 766 struct l2cap_conn *conn = hcon->l2cap_data;
@@ -779,10 +772,7 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
779 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) 772 if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
780 return 1; 773 return 1;
781 774
782 if (sec_level == BT_SECURITY_LOW) 775 if (smp_sufficient_security(hcon, sec_level))
783 return 1;
784
785 if (hcon->sec_level >= sec_level)
786 return 1; 776 return 1;
787 777
788 if (hcon->link_mode & HCI_LM_MASTER) 778 if (hcon->link_mode & HCI_LM_MASTER)
@@ -895,7 +885,7 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
895 break; 885 break;
896 886
897 case SMP_CMD_PAIRING_FAIL: 887 case SMP_CMD_PAIRING_FAIL:
898 smp_failure(conn, skb->data[0], 0); 888 smp_failure(conn, 0);
899 reason = 0; 889 reason = 0;
900 err = -EPERM; 890 err = -EPERM;
901 break; 891 break;
@@ -941,7 +931,7 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
941 931
942done: 932done:
943 if (reason) 933 if (reason)
944 smp_failure(conn, reason, 1); 934 smp_failure(conn, reason);
945 935
946 kfree_skb(skb); 936 kfree_skb(skb);
947 return err; 937 return err;
diff --git a/net/bluetooth/smp.h b/net/bluetooth/smp.h
index f8ba07f3e5fa..a700bcb490d7 100644
--- a/net/bluetooth/smp.h
+++ b/net/bluetooth/smp.h
@@ -136,6 +136,7 @@ struct smp_chan {
136}; 136};
137 137
138/* SMP Commands */ 138/* SMP Commands */
139bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);
139int smp_conn_security(struct hci_conn *hcon, __u8 sec_level); 140int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
140int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb); 141int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb);
141int smp_distribute_keys(struct l2cap_conn *conn, __u8 force); 142int smp_distribute_keys(struct l2cap_conn *conn, __u8 force);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-13 08:08:34 -0500