diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/hci_conn.c | 38 | ||||
-rw-r--r-- | net/bluetooth/hci_core.c | 239 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 184 | ||||
-rw-r--r-- | net/bluetooth/hci_sysfs.c | 17 | ||||
-rw-r--r-- | net/bluetooth/hidp/core.c | 992 | ||||
-rw-r--r-- | net/bluetooth/hidp/hidp.h | 67 | ||||
-rw-r--r-- | net/bluetooth/hidp/sock.c | 22 | ||||
-rw-r--r-- | net/bluetooth/l2cap_core.c | 127 | ||||
-rw-r--r-- | net/bluetooth/l2cap_sock.c | 6 | ||||
-rw-r--r-- | net/bluetooth/mgmt.c | 17 | ||||
-rw-r--r-- | net/bluetooth/sco.c | 49 | ||||
-rw-r--r-- | net/bluetooth/smp.c | 2 | ||||
-rw-r--r-- | net/nfc/core.c | 43 | ||||
-rw-r--r-- | net/nfc/llcp/commands.c | 30 | ||||
-rw-r--r-- | net/nfc/llcp/llcp.c | 127 | ||||
-rw-r--r-- | net/nfc/llcp/llcp.h | 5 | ||||
-rw-r--r-- | net/nfc/llcp/sock.c | 43 | ||||
-rw-r--r-- | net/rfkill/core.c | 4 |
18 files changed, 1280 insertions, 732 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b9f90169940b..6c7f36379722 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -117,6 +117,16 @@ static void hci_acl_create_connection_cancel(struct hci_conn *conn) | |||
117 | hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); | 117 | hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); |
118 | } | 118 | } |
119 | 119 | ||
120 | static void hci_reject_sco(struct hci_conn *conn) | ||
121 | { | ||
122 | struct hci_cp_reject_sync_conn_req cp; | ||
123 | |||
124 | cp.reason = HCI_ERROR_REMOTE_USER_TERM; | ||
125 | bacpy(&cp.bdaddr, &conn->dst); | ||
126 | |||
127 | hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp); | ||
128 | } | ||
129 | |||
120 | void hci_disconnect(struct hci_conn *conn, __u8 reason) | 130 | void hci_disconnect(struct hci_conn *conn, __u8 reason) |
121 | { | 131 | { |
122 | struct hci_cp_disconnect cp; | 132 | struct hci_cp_disconnect cp; |
@@ -276,6 +286,8 @@ static void hci_conn_timeout(struct work_struct *work) | |||
276 | hci_acl_create_connection_cancel(conn); | 286 | hci_acl_create_connection_cancel(conn); |
277 | else if (conn->type == LE_LINK) | 287 | else if (conn->type == LE_LINK) |
278 | hci_le_create_connection_cancel(conn); | 288 | hci_le_create_connection_cancel(conn); |
289 | } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) { | ||
290 | hci_reject_sco(conn); | ||
279 | } | 291 | } |
280 | break; | 292 | break; |
281 | case BT_CONFIG: | 293 | case BT_CONFIG: |
@@ -398,8 +410,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) | |||
398 | if (hdev->notify) | 410 | if (hdev->notify) |
399 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); | 411 | hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); |
400 | 412 | ||
401 | atomic_set(&conn->devref, 0); | ||
402 | |||
403 | hci_conn_init_sysfs(conn); | 413 | hci_conn_init_sysfs(conn); |
404 | 414 | ||
405 | return conn; | 415 | return conn; |
@@ -433,7 +443,7 @@ int hci_conn_del(struct hci_conn *conn) | |||
433 | struct hci_conn *acl = conn->link; | 443 | struct hci_conn *acl = conn->link; |
434 | if (acl) { | 444 | if (acl) { |
435 | acl->link = NULL; | 445 | acl->link = NULL; |
436 | hci_conn_put(acl); | 446 | hci_conn_drop(acl); |
437 | } | 447 | } |
438 | } | 448 | } |
439 | 449 | ||
@@ -448,12 +458,11 @@ int hci_conn_del(struct hci_conn *conn) | |||
448 | 458 | ||
449 | skb_queue_purge(&conn->data_q); | 459 | skb_queue_purge(&conn->data_q); |
450 | 460 | ||
451 | hci_conn_put_device(conn); | 461 | hci_conn_del_sysfs(conn); |
452 | 462 | ||
453 | hci_dev_put(hdev); | 463 | hci_dev_put(hdev); |
454 | 464 | ||
455 | if (conn->handle == 0) | 465 | hci_conn_put(conn); |
456 | kfree(conn); | ||
457 | 466 | ||
458 | return 0; | 467 | return 0; |
459 | } | 468 | } |
@@ -565,7 +574,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, | |||
565 | if (!sco) { | 574 | if (!sco) { |
566 | sco = hci_conn_add(hdev, type, dst); | 575 | sco = hci_conn_add(hdev, type, dst); |
567 | if (!sco) { | 576 | if (!sco) { |
568 | hci_conn_put(acl); | 577 | hci_conn_drop(acl); |
569 | return ERR_PTR(-ENOMEM); | 578 | return ERR_PTR(-ENOMEM); |
570 | } | 579 | } |
571 | } | 580 | } |
@@ -835,19 +844,6 @@ void hci_conn_check_pending(struct hci_dev *hdev) | |||
835 | hci_dev_unlock(hdev); | 844 | hci_dev_unlock(hdev); |
836 | } | 845 | } |
837 | 846 | ||
838 | void hci_conn_hold_device(struct hci_conn *conn) | ||
839 | { | ||
840 | atomic_inc(&conn->devref); | ||
841 | } | ||
842 | EXPORT_SYMBOL(hci_conn_hold_device); | ||
843 | |||
844 | void hci_conn_put_device(struct hci_conn *conn) | ||
845 | { | ||
846 | if (atomic_dec_and_test(&conn->devref)) | ||
847 | hci_conn_del_sysfs(conn); | ||
848 | } | ||
849 | EXPORT_SYMBOL(hci_conn_put_device); | ||
850 | |||
851 | int hci_get_conn_list(void __user *arg) | 847 | int hci_get_conn_list(void __user *arg) |
852 | { | 848 | { |
853 | struct hci_conn *c; | 849 | struct hci_conn *c; |
@@ -980,7 +976,7 @@ void hci_chan_del(struct hci_chan *chan) | |||
980 | 976 | ||
981 | synchronize_rcu(); | 977 | synchronize_rcu(); |
982 | 978 | ||
983 | hci_conn_put(conn); | 979 | hci_conn_drop(conn); |
984 | 980 | ||
985 | skb_queue_purge(&chan->data_q); | 981 | skb_queue_purge(&chan->data_q); |
986 | kfree(chan); | 982 | kfree(chan); |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index cfcad5423f1c..ce82265f5619 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -79,6 +79,121 @@ static void hci_req_cancel(struct hci_dev *hdev, int err) | |||
79 | } | 79 | } |
80 | } | 80 | } |
81 | 81 | ||
82 | struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 event) | ||
83 | { | ||
84 | struct hci_ev_cmd_complete *ev; | ||
85 | struct hci_event_hdr *hdr; | ||
86 | struct sk_buff *skb; | ||
87 | |||
88 | hci_dev_lock(hdev); | ||
89 | |||
90 | skb = hdev->recv_evt; | ||
91 | hdev->recv_evt = NULL; | ||
92 | |||
93 | hci_dev_unlock(hdev); | ||
94 | |||
95 | if (!skb) | ||
96 | return ERR_PTR(-ENODATA); | ||
97 | |||
98 | if (skb->len < sizeof(*hdr)) { | ||
99 | BT_ERR("Too short HCI event"); | ||
100 | goto failed; | ||
101 | } | ||
102 | |||
103 | hdr = (void *) skb->data; | ||
104 | skb_pull(skb, HCI_EVENT_HDR_SIZE); | ||
105 | |||
106 | if (event) { | ||
107 | if (hdr->evt != event) | ||
108 | goto failed; | ||
109 | return skb; | ||
110 | } | ||
111 | |||
112 | if (hdr->evt != HCI_EV_CMD_COMPLETE) { | ||
113 | BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt); | ||
114 | goto failed; | ||
115 | } | ||
116 | |||
117 | if (skb->len < sizeof(*ev)) { | ||
118 | BT_ERR("Too short cmd_complete event"); | ||
119 | goto failed; | ||
120 | } | ||
121 | |||
122 | ev = (void *) skb->data; | ||
123 | skb_pull(skb, sizeof(*ev)); | ||
124 | |||
125 | if (opcode == __le16_to_cpu(ev->opcode)) | ||
126 | return skb; | ||
127 | |||
128 | BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode, | ||
129 | __le16_to_cpu(ev->opcode)); | ||
130 | |||
131 | failed: | ||
132 | kfree_skb(skb); | ||
133 | return ERR_PTR(-ENODATA); | ||
134 | } | ||
135 | |||
136 | struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen, | ||
137 | void *param, u8 event, u32 timeout) | ||
138 | { | ||
139 | DECLARE_WAITQUEUE(wait, current); | ||
140 | struct hci_request req; | ||
141 | int err = 0; | ||
142 | |||
143 | BT_DBG("%s", hdev->name); | ||
144 | |||
145 | hci_req_init(&req, hdev); | ||
146 | |||
147 | hci_req_add_ev(&req, opcode, plen, param, event); | ||
148 | |||
149 | hdev->req_status = HCI_REQ_PEND; | ||
150 | |||
151 | err = hci_req_run(&req, hci_req_sync_complete); | ||
152 | if (err < 0) | ||
153 | return ERR_PTR(err); | ||
154 | |||
155 | add_wait_queue(&hdev->req_wait_q, &wait); | ||
156 | set_current_state(TASK_INTERRUPTIBLE); | ||
157 | |||
158 | schedule_timeout(timeout); | ||
159 | |||
160 | remove_wait_queue(&hdev->req_wait_q, &wait); | ||
161 | |||
162 | if (signal_pending(current)) | ||
163 | return ERR_PTR(-EINTR); | ||
164 | |||
165 | switch (hdev->req_status) { | ||
166 | case HCI_REQ_DONE: | ||
167 | err = -bt_to_errno(hdev->req_result); | ||
168 | break; | ||
169 | |||
170 | case HCI_REQ_CANCELED: | ||
171 | err = -hdev->req_result; | ||
172 | break; | ||
173 | |||
174 | default: | ||
175 | err = -ETIMEDOUT; | ||
176 | break; | ||
177 | } | ||
178 | |||
179 | hdev->req_status = hdev->req_result = 0; | ||
180 | |||
181 | BT_DBG("%s end: err %d", hdev->name, err); | ||
182 | |||
183 | if (err < 0) | ||
184 | return ERR_PTR(err); | ||
185 | |||
186 | return hci_get_cmd_complete(hdev, opcode, event); | ||
187 | } | ||
188 | EXPORT_SYMBOL(__hci_cmd_sync_ev); | ||
189 | |||
190 | struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen, | ||
191 | void *param, u32 timeout) | ||
192 | { | ||
193 | return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout); | ||
194 | } | ||
195 | EXPORT_SYMBOL(__hci_cmd_sync); | ||
196 | |||
82 | /* Execute request and wait for completion. */ | 197 | /* Execute request and wait for completion. */ |
83 | static int __hci_req_sync(struct hci_dev *hdev, | 198 | static int __hci_req_sync(struct hci_dev *hdev, |
84 | void (*func)(struct hci_request *req, | 199 | void (*func)(struct hci_request *req, |
@@ -201,29 +316,9 @@ static void amp_init(struct hci_request *req) | |||
201 | static void hci_init1_req(struct hci_request *req, unsigned long opt) | 316 | static void hci_init1_req(struct hci_request *req, unsigned long opt) |
202 | { | 317 | { |
203 | struct hci_dev *hdev = req->hdev; | 318 | struct hci_dev *hdev = req->hdev; |
204 | struct hci_request init_req; | ||
205 | struct sk_buff *skb; | ||
206 | 319 | ||
207 | BT_DBG("%s %ld", hdev->name, opt); | 320 | BT_DBG("%s %ld", hdev->name, opt); |
208 | 321 | ||
209 | /* Driver initialization */ | ||
210 | |||
211 | hci_req_init(&init_req, hdev); | ||
212 | |||
213 | /* Special commands */ | ||
214 | while ((skb = skb_dequeue(&hdev->driver_init))) { | ||
215 | bt_cb(skb)->pkt_type = HCI_COMMAND_PKT; | ||
216 | skb->dev = (void *) hdev; | ||
217 | |||
218 | if (skb_queue_empty(&init_req.cmd_q)) | ||
219 | bt_cb(skb)->req.start = true; | ||
220 | |||
221 | skb_queue_tail(&init_req.cmd_q, skb); | ||
222 | } | ||
223 | skb_queue_purge(&hdev->driver_init); | ||
224 | |||
225 | hci_req_run(&init_req, NULL); | ||
226 | |||
227 | /* Reset */ | 322 | /* Reset */ |
228 | if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) | 323 | if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) |
229 | hci_reset_req(req, 0); | 324 | hci_reset_req(req, 0); |
@@ -494,6 +589,7 @@ static void hci_set_le_support(struct hci_request *req) | |||
494 | static void hci_init3_req(struct hci_request *req, unsigned long opt) | 589 | static void hci_init3_req(struct hci_request *req, unsigned long opt) |
495 | { | 590 | { |
496 | struct hci_dev *hdev = req->hdev; | 591 | struct hci_dev *hdev = req->hdev; |
592 | u8 p; | ||
497 | 593 | ||
498 | if (hdev->commands[5] & 0x10) | 594 | if (hdev->commands[5] & 0x10) |
499 | hci_setup_link_policy(req); | 595 | hci_setup_link_policy(req); |
@@ -502,6 +598,15 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt) | |||
502 | hci_set_le_support(req); | 598 | hci_set_le_support(req); |
503 | hci_update_ad(req); | 599 | hci_update_ad(req); |
504 | } | 600 | } |
601 | |||
602 | /* Read features beyond page 1 if available */ | ||
603 | for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { | ||
604 | struct hci_cp_read_local_ext_features cp; | ||
605 | |||
606 | cp.page = p; | ||
607 | hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES, | ||
608 | sizeof(cp), &cp); | ||
609 | } | ||
505 | } | 610 | } |
506 | 611 | ||
507 | static int __hci_init(struct hci_dev *hdev) | 612 | static int __hci_init(struct hci_dev *hdev) |
@@ -818,6 +923,12 @@ static void hci_inq_req(struct hci_request *req, unsigned long opt) | |||
818 | hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); | 923 | hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); |
819 | } | 924 | } |
820 | 925 | ||
926 | static int wait_inquiry(void *word) | ||
927 | { | ||
928 | schedule(); | ||
929 | return signal_pending(current); | ||
930 | } | ||
931 | |||
821 | int hci_inquiry(void __user *arg) | 932 | int hci_inquiry(void __user *arg) |
822 | { | 933 | { |
823 | __u8 __user *ptr = arg; | 934 | __u8 __user *ptr = arg; |
@@ -849,6 +960,13 @@ int hci_inquiry(void __user *arg) | |||
849 | timeo); | 960 | timeo); |
850 | if (err < 0) | 961 | if (err < 0) |
851 | goto done; | 962 | goto done; |
963 | |||
964 | /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is | ||
965 | * cleared). If it is interrupted by a signal, return -EINTR. | ||
966 | */ | ||
967 | if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry, | ||
968 | TASK_INTERRUPTIBLE)) | ||
969 | return -EINTR; | ||
852 | } | 970 | } |
853 | 971 | ||
854 | /* for unlimited number of responses we will use buffer with | 972 | /* for unlimited number of responses we will use buffer with |
@@ -999,26 +1117,33 @@ int hci_dev_open(__u16 dev) | |||
999 | goto done; | 1117 | goto done; |
1000 | } | 1118 | } |
1001 | 1119 | ||
1002 | if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) | ||
1003 | set_bit(HCI_RAW, &hdev->flags); | ||
1004 | |||
1005 | /* Treat all non BR/EDR controllers as raw devices if | ||
1006 | enable_hs is not set */ | ||
1007 | if (hdev->dev_type != HCI_BREDR && !enable_hs) | ||
1008 | set_bit(HCI_RAW, &hdev->flags); | ||
1009 | |||
1010 | if (hdev->open(hdev)) { | 1120 | if (hdev->open(hdev)) { |
1011 | ret = -EIO; | 1121 | ret = -EIO; |
1012 | goto done; | 1122 | goto done; |
1013 | } | 1123 | } |
1014 | 1124 | ||
1015 | if (!test_bit(HCI_RAW, &hdev->flags)) { | 1125 | atomic_set(&hdev->cmd_cnt, 1); |
1016 | atomic_set(&hdev->cmd_cnt, 1); | 1126 | set_bit(HCI_INIT, &hdev->flags); |
1017 | set_bit(HCI_INIT, &hdev->flags); | 1127 | |
1018 | ret = __hci_init(hdev); | 1128 | if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags)) |
1019 | clear_bit(HCI_INIT, &hdev->flags); | 1129 | ret = hdev->setup(hdev); |
1130 | |||
1131 | if (!ret) { | ||
1132 | /* Treat all non BR/EDR controllers as raw devices if | ||
1133 | * enable_hs is not set. | ||
1134 | */ | ||
1135 | if (hdev->dev_type != HCI_BREDR && !enable_hs) | ||
1136 | set_bit(HCI_RAW, &hdev->flags); | ||
1137 | |||
1138 | if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) | ||
1139 | set_bit(HCI_RAW, &hdev->flags); | ||
1140 | |||
1141 | if (!test_bit(HCI_RAW, &hdev->flags)) | ||
1142 | ret = __hci_init(hdev); | ||
1020 | } | 1143 | } |
1021 | 1144 | ||
1145 | clear_bit(HCI_INIT, &hdev->flags); | ||
1146 | |||
1022 | if (!ret) { | 1147 | if (!ret) { |
1023 | hci_dev_hold(hdev); | 1148 | hci_dev_hold(hdev); |
1024 | set_bit(HCI_UP, &hdev->flags); | 1149 | set_bit(HCI_UP, &hdev->flags); |
@@ -1123,6 +1248,9 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
1123 | hdev->sent_cmd = NULL; | 1248 | hdev->sent_cmd = NULL; |
1124 | } | 1249 | } |
1125 | 1250 | ||
1251 | kfree_skb(hdev->recv_evt); | ||
1252 | hdev->recv_evt = NULL; | ||
1253 | |||
1126 | /* After this point our queues are empty | 1254 | /* After this point our queues are empty |
1127 | * and no tasks are scheduled. */ | 1255 | * and no tasks are scheduled. */ |
1128 | hdev->close(hdev); | 1256 | hdev->close(hdev); |
@@ -1861,8 +1989,8 @@ static void le_scan_enable_req(struct hci_request *req, unsigned long opt) | |||
1861 | struct hci_cp_le_set_scan_enable cp; | 1989 | struct hci_cp_le_set_scan_enable cp; |
1862 | 1990 | ||
1863 | memset(&cp, 0, sizeof(cp)); | 1991 | memset(&cp, 0, sizeof(cp)); |
1864 | cp.enable = 1; | 1992 | cp.enable = LE_SCAN_ENABLE; |
1865 | cp.filter_dup = 1; | 1993 | cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; |
1866 | 1994 | ||
1867 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); | 1995 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); |
1868 | } | 1996 | } |
@@ -1896,7 +2024,7 @@ static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval, | |||
1896 | return err; | 2024 | return err; |
1897 | 2025 | ||
1898 | queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, | 2026 | queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, |
1899 | msecs_to_jiffies(timeout)); | 2027 | timeout); |
1900 | 2028 | ||
1901 | return 0; | 2029 | return 0; |
1902 | } | 2030 | } |
@@ -2006,7 +2134,6 @@ struct hci_dev *hci_alloc_dev(void) | |||
2006 | INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); | 2134 | INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); |
2007 | INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); | 2135 | INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); |
2008 | 2136 | ||
2009 | skb_queue_head_init(&hdev->driver_init); | ||
2010 | skb_queue_head_init(&hdev->rx_q); | 2137 | skb_queue_head_init(&hdev->rx_q); |
2011 | skb_queue_head_init(&hdev->cmd_q); | 2138 | skb_queue_head_init(&hdev->cmd_q); |
2012 | skb_queue_head_init(&hdev->raw_q); | 2139 | skb_queue_head_init(&hdev->raw_q); |
@@ -2025,8 +2152,6 @@ EXPORT_SYMBOL(hci_alloc_dev); | |||
2025 | /* Free HCI device */ | 2152 | /* Free HCI device */ |
2026 | void hci_free_dev(struct hci_dev *hdev) | 2153 | void hci_free_dev(struct hci_dev *hdev) |
2027 | { | 2154 | { |
2028 | skb_queue_purge(&hdev->driver_init); | ||
2029 | |||
2030 | /* will free via device release */ | 2155 | /* will free via device release */ |
2031 | put_device(&hdev->dev); | 2156 | put_device(&hdev->dev); |
2032 | } | 2157 | } |
@@ -2527,7 +2652,8 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param) | |||
2527 | } | 2652 | } |
2528 | 2653 | ||
2529 | /* Queue a command to an asynchronous HCI request */ | 2654 | /* Queue a command to an asynchronous HCI request */ |
2530 | void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) | 2655 | void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, void *param, |
2656 | u8 event) | ||
2531 | { | 2657 | { |
2532 | struct hci_dev *hdev = req->hdev; | 2658 | struct hci_dev *hdev = req->hdev; |
2533 | struct sk_buff *skb; | 2659 | struct sk_buff *skb; |
@@ -2551,9 +2677,16 @@ void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) | |||
2551 | if (skb_queue_empty(&req->cmd_q)) | 2677 | if (skb_queue_empty(&req->cmd_q)) |
2552 | bt_cb(skb)->req.start = true; | 2678 | bt_cb(skb)->req.start = true; |
2553 | 2679 | ||
2680 | bt_cb(skb)->req.event = event; | ||
2681 | |||
2554 | skb_queue_tail(&req->cmd_q, skb); | 2682 | skb_queue_tail(&req->cmd_q, skb); |
2555 | } | 2683 | } |
2556 | 2684 | ||
2685 | void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) | ||
2686 | { | ||
2687 | hci_req_add_ev(req, opcode, plen, param, 0); | ||
2688 | } | ||
2689 | |||
2557 | /* Get data from the previously sent command */ | 2690 | /* Get data from the previously sent command */ |
2558 | void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) | 2691 | void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) |
2559 | { | 2692 | { |
@@ -3309,32 +3442,6 @@ call_complete: | |||
3309 | req_complete(hdev, status); | 3442 | req_complete(hdev, status); |
3310 | } | 3443 | } |
3311 | 3444 | ||
3312 | void hci_req_cmd_status(struct hci_dev *hdev, u16 opcode, u8 status) | ||
3313 | { | ||
3314 | hci_req_complete_t req_complete = NULL; | ||
3315 | |||
3316 | BT_DBG("opcode 0x%04x status 0x%02x", opcode, status); | ||
3317 | |||
3318 | if (status) { | ||
3319 | hci_req_cmd_complete(hdev, opcode, status); | ||
3320 | return; | ||
3321 | } | ||
3322 | |||
3323 | /* No need to handle success status if there are more commands */ | ||
3324 | if (!hci_req_is_complete(hdev)) | ||
3325 | return; | ||
3326 | |||
3327 | if (hdev->sent_cmd) | ||
3328 | req_complete = bt_cb(hdev->sent_cmd)->req.complete; | ||
3329 | |||
3330 | /* If the request doesn't have a complete callback or there | ||
3331 | * are other commands/requests in the hdev queue we consider | ||
3332 | * this request as completed. | ||
3333 | */ | ||
3334 | if (!req_complete || !skb_queue_empty(&hdev->cmd_q)) | ||
3335 | hci_req_cmd_complete(hdev, opcode, status); | ||
3336 | } | ||
3337 | |||
3338 | static void hci_rx_work(struct work_struct *work) | 3445 | static void hci_rx_work(struct work_struct *work) |
3339 | { | 3446 | { |
3340 | struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); | 3447 | struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 138580745c2c..b93cd2eb5d58 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -48,13 +48,13 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) | |||
48 | } | 48 | } |
49 | 49 | ||
50 | clear_bit(HCI_INQUIRY, &hdev->flags); | 50 | clear_bit(HCI_INQUIRY, &hdev->flags); |
51 | smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ | ||
52 | wake_up_bit(&hdev->flags, HCI_INQUIRY); | ||
51 | 53 | ||
52 | hci_dev_lock(hdev); | 54 | hci_dev_lock(hdev); |
53 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); | 55 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); |
54 | hci_dev_unlock(hdev); | 56 | hci_dev_unlock(hdev); |
55 | 57 | ||
56 | hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status); | ||
57 | |||
58 | hci_conn_check_pending(hdev); | 58 | hci_conn_check_pending(hdev); |
59 | } | 59 | } |
60 | 60 | ||
@@ -433,9 +433,9 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) | |||
433 | 433 | ||
434 | if (!status) { | 434 | if (!status) { |
435 | if (sent->mode) | 435 | if (sent->mode) |
436 | hdev->host_features[0] |= LMP_HOST_SSP; | 436 | hdev->features[1][0] |= LMP_HOST_SSP; |
437 | else | 437 | else |
438 | hdev->host_features[0] &= ~LMP_HOST_SSP; | 438 | hdev->features[1][0] &= ~LMP_HOST_SSP; |
439 | } | 439 | } |
440 | 440 | ||
441 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) | 441 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) |
@@ -493,18 +493,18 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, | |||
493 | /* Adjust default settings according to features | 493 | /* Adjust default settings according to features |
494 | * supported by device. */ | 494 | * supported by device. */ |
495 | 495 | ||
496 | if (hdev->features[0] & LMP_3SLOT) | 496 | if (hdev->features[0][0] & LMP_3SLOT) |
497 | hdev->pkt_type |= (HCI_DM3 | HCI_DH3); | 497 | hdev->pkt_type |= (HCI_DM3 | HCI_DH3); |
498 | 498 | ||
499 | if (hdev->features[0] & LMP_5SLOT) | 499 | if (hdev->features[0][0] & LMP_5SLOT) |
500 | hdev->pkt_type |= (HCI_DM5 | HCI_DH5); | 500 | hdev->pkt_type |= (HCI_DM5 | HCI_DH5); |
501 | 501 | ||
502 | if (hdev->features[1] & LMP_HV2) { | 502 | if (hdev->features[0][1] & LMP_HV2) { |
503 | hdev->pkt_type |= (HCI_HV2); | 503 | hdev->pkt_type |= (HCI_HV2); |
504 | hdev->esco_type |= (ESCO_HV2); | 504 | hdev->esco_type |= (ESCO_HV2); |
505 | } | 505 | } |
506 | 506 | ||
507 | if (hdev->features[1] & LMP_HV3) { | 507 | if (hdev->features[0][1] & LMP_HV3) { |
508 | hdev->pkt_type |= (HCI_HV3); | 508 | hdev->pkt_type |= (HCI_HV3); |
509 | hdev->esco_type |= (ESCO_HV3); | 509 | hdev->esco_type |= (ESCO_HV3); |
510 | } | 510 | } |
@@ -512,26 +512,26 @@ static void hci_cc_read_local_features(struct hci_dev *hdev, | |||
512 | if (lmp_esco_capable(hdev)) | 512 | if (lmp_esco_capable(hdev)) |
513 | hdev->esco_type |= (ESCO_EV3); | 513 | hdev->esco_type |= (ESCO_EV3); |
514 | 514 | ||
515 | if (hdev->features[4] & LMP_EV4) | 515 | if (hdev->features[0][4] & LMP_EV4) |
516 | hdev->esco_type |= (ESCO_EV4); | 516 | hdev->esco_type |= (ESCO_EV4); |
517 | 517 | ||
518 | if (hdev->features[4] & LMP_EV5) | 518 | if (hdev->features[0][4] & LMP_EV5) |
519 | hdev->esco_type |= (ESCO_EV5); | 519 | hdev->esco_type |= (ESCO_EV5); |
520 | 520 | ||
521 | if (hdev->features[5] & LMP_EDR_ESCO_2M) | 521 | if (hdev->features[0][5] & LMP_EDR_ESCO_2M) |
522 | hdev->esco_type |= (ESCO_2EV3); | 522 | hdev->esco_type |= (ESCO_2EV3); |
523 | 523 | ||
524 | if (hdev->features[5] & LMP_EDR_ESCO_3M) | 524 | if (hdev->features[0][5] & LMP_EDR_ESCO_3M) |
525 | hdev->esco_type |= (ESCO_3EV3); | 525 | hdev->esco_type |= (ESCO_3EV3); |
526 | 526 | ||
527 | if (hdev->features[5] & LMP_EDR_3S_ESCO) | 527 | if (hdev->features[0][5] & LMP_EDR_3S_ESCO) |
528 | hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); | 528 | hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); |
529 | 529 | ||
530 | BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, | 530 | BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, |
531 | hdev->features[0], hdev->features[1], | 531 | hdev->features[0][0], hdev->features[0][1], |
532 | hdev->features[2], hdev->features[3], | 532 | hdev->features[0][2], hdev->features[0][3], |
533 | hdev->features[4], hdev->features[5], | 533 | hdev->features[0][4], hdev->features[0][5], |
534 | hdev->features[6], hdev->features[7]); | 534 | hdev->features[0][6], hdev->features[0][7]); |
535 | } | 535 | } |
536 | 536 | ||
537 | static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | 537 | static void hci_cc_read_local_ext_features(struct hci_dev *hdev, |
@@ -544,14 +544,10 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev, | |||
544 | if (rp->status) | 544 | if (rp->status) |
545 | return; | 545 | return; |
546 | 546 | ||
547 | switch (rp->page) { | 547 | hdev->max_page = rp->max_page; |
548 | case 0: | 548 | |
549 | memcpy(hdev->features, rp->features, 8); | 549 | if (rp->page < HCI_MAX_PAGES) |
550 | break; | 550 | memcpy(hdev->features[rp->page], rp->features, 8); |
551 | case 1: | ||
552 | memcpy(hdev->host_features, rp->features, 8); | ||
553 | break; | ||
554 | } | ||
555 | } | 551 | } |
556 | 552 | ||
557 | static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, | 553 | static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, |
@@ -968,7 +964,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
968 | return; | 964 | return; |
969 | 965 | ||
970 | switch (cp->enable) { | 966 | switch (cp->enable) { |
971 | case LE_SCANNING_ENABLED: | 967 | case LE_SCAN_ENABLE: |
972 | if (status) { | 968 | if (status) { |
973 | hci_dev_lock(hdev); | 969 | hci_dev_lock(hdev); |
974 | mgmt_start_discovery_failed(hdev, status); | 970 | mgmt_start_discovery_failed(hdev, status); |
@@ -983,7 +979,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
983 | hci_dev_unlock(hdev); | 979 | hci_dev_unlock(hdev); |
984 | break; | 980 | break; |
985 | 981 | ||
986 | case LE_SCANNING_DISABLED: | 982 | case LE_SCAN_DISABLE: |
987 | if (status) { | 983 | if (status) { |
988 | hci_dev_lock(hdev); | 984 | hci_dev_lock(hdev); |
989 | mgmt_stop_discovery_failed(hdev, status); | 985 | mgmt_stop_discovery_failed(hdev, status); |
@@ -1046,14 +1042,14 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev, | |||
1046 | 1042 | ||
1047 | if (!status) { | 1043 | if (!status) { |
1048 | if (sent->le) | 1044 | if (sent->le) |
1049 | hdev->host_features[0] |= LMP_HOST_LE; | 1045 | hdev->features[1][0] |= LMP_HOST_LE; |
1050 | else | 1046 | else |
1051 | hdev->host_features[0] &= ~LMP_HOST_LE; | 1047 | hdev->features[1][0] &= ~LMP_HOST_LE; |
1052 | 1048 | ||
1053 | if (sent->simul) | 1049 | if (sent->simul) |
1054 | hdev->host_features[0] |= LMP_HOST_LE_BREDR; | 1050 | hdev->features[1][0] |= LMP_HOST_LE_BREDR; |
1055 | else | 1051 | else |
1056 | hdev->host_features[0] &= ~LMP_HOST_LE_BREDR; | 1052 | hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; |
1057 | } | 1053 | } |
1058 | 1054 | ||
1059 | if (test_bit(HCI_MGMT, &hdev->dev_flags) && | 1055 | if (test_bit(HCI_MGMT, &hdev->dev_flags) && |
@@ -1190,7 +1186,7 @@ static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status) | |||
1190 | if (conn) { | 1186 | if (conn) { |
1191 | if (conn->state == BT_CONFIG) { | 1187 | if (conn->state == BT_CONFIG) { |
1192 | hci_proto_connect_cfm(conn, status); | 1188 | hci_proto_connect_cfm(conn, status); |
1193 | hci_conn_put(conn); | 1189 | hci_conn_drop(conn); |
1194 | } | 1190 | } |
1195 | } | 1191 | } |
1196 | 1192 | ||
@@ -1217,7 +1213,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status) | |||
1217 | if (conn) { | 1213 | if (conn) { |
1218 | if (conn->state == BT_CONFIG) { | 1214 | if (conn->state == BT_CONFIG) { |
1219 | hci_proto_connect_cfm(conn, status); | 1215 | hci_proto_connect_cfm(conn, status); |
1220 | hci_conn_put(conn); | 1216 | hci_conn_drop(conn); |
1221 | } | 1217 | } |
1222 | } | 1218 | } |
1223 | 1219 | ||
@@ -1379,7 +1375,7 @@ static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status) | |||
1379 | if (conn) { | 1375 | if (conn) { |
1380 | if (conn->state == BT_CONFIG) { | 1376 | if (conn->state == BT_CONFIG) { |
1381 | hci_proto_connect_cfm(conn, status); | 1377 | hci_proto_connect_cfm(conn, status); |
1382 | hci_conn_put(conn); | 1378 | hci_conn_drop(conn); |
1383 | } | 1379 | } |
1384 | } | 1380 | } |
1385 | 1381 | ||
@@ -1406,7 +1402,7 @@ static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status) | |||
1406 | if (conn) { | 1402 | if (conn) { |
1407 | if (conn->state == BT_CONFIG) { | 1403 | if (conn->state == BT_CONFIG) { |
1408 | hci_proto_connect_cfm(conn, status); | 1404 | hci_proto_connect_cfm(conn, status); |
1409 | hci_conn_put(conn); | 1405 | hci_conn_drop(conn); |
1410 | } | 1406 | } |
1411 | } | 1407 | } |
1412 | 1408 | ||
@@ -1600,13 +1596,14 @@ static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1600 | 1596 | ||
1601 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | 1597 | BT_DBG("%s status 0x%2.2x", hdev->name, status); |
1602 | 1598 | ||
1603 | hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status); | ||
1604 | |||
1605 | hci_conn_check_pending(hdev); | 1599 | hci_conn_check_pending(hdev); |
1606 | 1600 | ||
1607 | if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) | 1601 | if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) |
1608 | return; | 1602 | return; |
1609 | 1603 | ||
1604 | smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */ | ||
1605 | wake_up_bit(&hdev->flags, HCI_INQUIRY); | ||
1606 | |||
1610 | if (!test_bit(HCI_MGMT, &hdev->dev_flags)) | 1607 | if (!test_bit(HCI_MGMT, &hdev->dev_flags)) |
1611 | return; | 1608 | return; |
1612 | 1609 | ||
@@ -1705,7 +1702,6 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1705 | } else | 1702 | } else |
1706 | conn->state = BT_CONNECTED; | 1703 | conn->state = BT_CONNECTED; |
1707 | 1704 | ||
1708 | hci_conn_hold_device(conn); | ||
1709 | hci_conn_add_sysfs(conn); | 1705 | hci_conn_add_sysfs(conn); |
1710 | 1706 | ||
1711 | if (test_bit(HCI_AUTH, &hdev->flags)) | 1707 | if (test_bit(HCI_AUTH, &hdev->flags)) |
@@ -1752,42 +1748,6 @@ unlock: | |||
1752 | hci_conn_check_pending(hdev); | 1748 | hci_conn_check_pending(hdev); |
1753 | } | 1749 | } |
1754 | 1750 | ||
1755 | void hci_conn_accept(struct hci_conn *conn, int mask) | ||
1756 | { | ||
1757 | struct hci_dev *hdev = conn->hdev; | ||
1758 | |||
1759 | BT_DBG("conn %p", conn); | ||
1760 | |||
1761 | conn->state = BT_CONFIG; | ||
1762 | |||
1763 | if (!lmp_esco_capable(hdev)) { | ||
1764 | struct hci_cp_accept_conn_req cp; | ||
1765 | |||
1766 | bacpy(&cp.bdaddr, &conn->dst); | ||
1767 | |||
1768 | if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) | ||
1769 | cp.role = 0x00; /* Become master */ | ||
1770 | else | ||
1771 | cp.role = 0x01; /* Remain slave */ | ||
1772 | |||
1773 | hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); | ||
1774 | } else /* lmp_esco_capable(hdev)) */ { | ||
1775 | struct hci_cp_accept_sync_conn_req cp; | ||
1776 | |||
1777 | bacpy(&cp.bdaddr, &conn->dst); | ||
1778 | cp.pkt_type = cpu_to_le16(conn->pkt_type); | ||
1779 | |||
1780 | cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
1781 | cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
1782 | cp.max_latency = __constant_cpu_to_le16(0xffff); | ||
1783 | cp.content_format = cpu_to_le16(hdev->voice_setting); | ||
1784 | cp.retrans_effort = 0xff; | ||
1785 | |||
1786 | hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, | ||
1787 | sizeof(cp), &cp); | ||
1788 | } | ||
1789 | } | ||
1790 | |||
1791 | static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | 1751 | static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) |
1792 | { | 1752 | { |
1793 | struct hci_ev_conn_request *ev = (void *) skb->data; | 1753 | struct hci_ev_conn_request *ev = (void *) skb->data; |
@@ -1859,7 +1819,6 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1859 | } else { | 1819 | } else { |
1860 | conn->state = BT_CONNECT2; | 1820 | conn->state = BT_CONNECT2; |
1861 | hci_proto_connect_cfm(conn, 0); | 1821 | hci_proto_connect_cfm(conn, 0); |
1862 | hci_conn_put(conn); | ||
1863 | } | 1822 | } |
1864 | } else { | 1823 | } else { |
1865 | /* Connection rejected */ | 1824 | /* Connection rejected */ |
@@ -1966,14 +1925,14 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1966 | } else { | 1925 | } else { |
1967 | conn->state = BT_CONNECTED; | 1926 | conn->state = BT_CONNECTED; |
1968 | hci_proto_connect_cfm(conn, ev->status); | 1927 | hci_proto_connect_cfm(conn, ev->status); |
1969 | hci_conn_put(conn); | 1928 | hci_conn_drop(conn); |
1970 | } | 1929 | } |
1971 | } else { | 1930 | } else { |
1972 | hci_auth_cfm(conn, ev->status); | 1931 | hci_auth_cfm(conn, ev->status); |
1973 | 1932 | ||
1974 | hci_conn_hold(conn); | 1933 | hci_conn_hold(conn); |
1975 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; | 1934 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
1976 | hci_conn_put(conn); | 1935 | hci_conn_drop(conn); |
1977 | } | 1936 | } |
1978 | 1937 | ||
1979 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { | 1938 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { |
@@ -2057,7 +2016,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2057 | 2016 | ||
2058 | if (ev->status && conn->state == BT_CONNECTED) { | 2017 | if (ev->status && conn->state == BT_CONNECTED) { |
2059 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); | 2018 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); |
2060 | hci_conn_put(conn); | 2019 | hci_conn_drop(conn); |
2061 | goto unlock; | 2020 | goto unlock; |
2062 | } | 2021 | } |
2063 | 2022 | ||
@@ -2066,7 +2025,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2066 | conn->state = BT_CONNECTED; | 2025 | conn->state = BT_CONNECTED; |
2067 | 2026 | ||
2068 | hci_proto_connect_cfm(conn, ev->status); | 2027 | hci_proto_connect_cfm(conn, ev->status); |
2069 | hci_conn_put(conn); | 2028 | hci_conn_drop(conn); |
2070 | } else | 2029 | } else |
2071 | hci_encrypt_cfm(conn, ev->status, ev->encrypt); | 2030 | hci_encrypt_cfm(conn, ev->status, ev->encrypt); |
2072 | } | 2031 | } |
@@ -2113,7 +2072,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev, | |||
2113 | goto unlock; | 2072 | goto unlock; |
2114 | 2073 | ||
2115 | if (!ev->status) | 2074 | if (!ev->status) |
2116 | memcpy(conn->features, ev->features, 8); | 2075 | memcpy(conn->features[0], ev->features, 8); |
2117 | 2076 | ||
2118 | if (conn->state != BT_CONFIG) | 2077 | if (conn->state != BT_CONFIG) |
2119 | goto unlock; | 2078 | goto unlock; |
@@ -2141,7 +2100,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev, | |||
2141 | if (!hci_outgoing_auth_needed(hdev, conn)) { | 2100 | if (!hci_outgoing_auth_needed(hdev, conn)) { |
2142 | conn->state = BT_CONNECTED; | 2101 | conn->state = BT_CONNECTED; |
2143 | hci_proto_connect_cfm(conn, ev->status); | 2102 | hci_proto_connect_cfm(conn, ev->status); |
2144 | hci_conn_put(conn); | 2103 | hci_conn_drop(conn); |
2145 | } | 2104 | } |
2146 | 2105 | ||
2147 | unlock: | 2106 | unlock: |
@@ -2462,7 +2421,9 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2462 | if (opcode != HCI_OP_NOP) | 2421 | if (opcode != HCI_OP_NOP) |
2463 | del_timer(&hdev->cmd_timer); | 2422 | del_timer(&hdev->cmd_timer); |
2464 | 2423 | ||
2465 | hci_req_cmd_status(hdev, opcode, ev->status); | 2424 | if (ev->status || |
2425 | (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event)) | ||
2426 | hci_req_cmd_complete(hdev, opcode, ev->status); | ||
2466 | 2427 | ||
2467 | if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { | 2428 | if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { |
2468 | atomic_set(&hdev->cmd_cnt, 1); | 2429 | atomic_set(&hdev->cmd_cnt, 1); |
@@ -2679,7 +2640,7 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2679 | if (conn->state == BT_CONNECTED) { | 2640 | if (conn->state == BT_CONNECTED) { |
2680 | hci_conn_hold(conn); | 2641 | hci_conn_hold(conn); |
2681 | conn->disc_timeout = HCI_PAIRING_TIMEOUT; | 2642 | conn->disc_timeout = HCI_PAIRING_TIMEOUT; |
2682 | hci_conn_put(conn); | 2643 | hci_conn_drop(conn); |
2683 | } | 2644 | } |
2684 | 2645 | ||
2685 | if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) | 2646 | if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) |
@@ -2782,7 +2743,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2782 | if (ev->key_type != HCI_LK_CHANGED_COMBINATION) | 2743 | if (ev->key_type != HCI_LK_CHANGED_COMBINATION) |
2783 | conn->key_type = ev->key_type; | 2744 | conn->key_type = ev->key_type; |
2784 | 2745 | ||
2785 | hci_conn_put(conn); | 2746 | hci_conn_drop(conn); |
2786 | } | 2747 | } |
2787 | 2748 | ||
2788 | if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) | 2749 | if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) |
@@ -2923,6 +2884,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2923 | if (!conn) | 2884 | if (!conn) |
2924 | goto unlock; | 2885 | goto unlock; |
2925 | 2886 | ||
2887 | if (ev->page < HCI_MAX_PAGES) | ||
2888 | memcpy(conn->features[ev->page], ev->features, 8); | ||
2889 | |||
2926 | if (!ev->status && ev->page == 0x01) { | 2890 | if (!ev->status && ev->page == 0x01) { |
2927 | struct inquiry_entry *ie; | 2891 | struct inquiry_entry *ie; |
2928 | 2892 | ||
@@ -2930,8 +2894,19 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2930 | if (ie) | 2894 | if (ie) |
2931 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); | 2895 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); |
2932 | 2896 | ||
2933 | if (ev->features[0] & LMP_HOST_SSP) | 2897 | if (ev->features[0] & LMP_HOST_SSP) { |
2934 | set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); | 2898 | set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); |
2899 | } else { | ||
2900 | /* It is mandatory by the Bluetooth specification that | ||
2901 | * Extended Inquiry Results are only used when Secure | ||
2902 | * Simple Pairing is enabled, but some devices violate | ||
2903 | * this. | ||
2904 | * | ||
2905 | * To make these devices work, the internal SSP | ||
2906 | * enabled flag needs to be cleared if the remote host | ||
2907 | * features do not indicate SSP support */ | ||
2908 | clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); | ||
2909 | } | ||
2935 | } | 2910 | } |
2936 | 2911 | ||
2937 | if (conn->state != BT_CONFIG) | 2912 | if (conn->state != BT_CONFIG) |
@@ -2951,7 +2926,7 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2951 | if (!hci_outgoing_auth_needed(hdev, conn)) { | 2926 | if (!hci_outgoing_auth_needed(hdev, conn)) { |
2952 | conn->state = BT_CONNECTED; | 2927 | conn->state = BT_CONNECTED; |
2953 | hci_proto_connect_cfm(conn, ev->status); | 2928 | hci_proto_connect_cfm(conn, ev->status); |
2954 | hci_conn_put(conn); | 2929 | hci_conn_drop(conn); |
2955 | } | 2930 | } |
2956 | 2931 | ||
2957 | unlock: | 2932 | unlock: |
@@ -2985,7 +2960,6 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev, | |||
2985 | conn->handle = __le16_to_cpu(ev->handle); | 2960 | conn->handle = __le16_to_cpu(ev->handle); |
2986 | conn->state = BT_CONNECTED; | 2961 | conn->state = BT_CONNECTED; |
2987 | 2962 | ||
2988 | hci_conn_hold_device(conn); | ||
2989 | hci_conn_add_sysfs(conn); | 2963 | hci_conn_add_sysfs(conn); |
2990 | break; | 2964 | break; |
2991 | 2965 | ||
@@ -3084,7 +3058,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, | |||
3084 | 3058 | ||
3085 | if (ev->status && conn->state == BT_CONNECTED) { | 3059 | if (ev->status && conn->state == BT_CONNECTED) { |
3086 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); | 3060 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); |
3087 | hci_conn_put(conn); | 3061 | hci_conn_drop(conn); |
3088 | goto unlock; | 3062 | goto unlock; |
3089 | } | 3063 | } |
3090 | 3064 | ||
@@ -3093,13 +3067,13 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, | |||
3093 | conn->state = BT_CONNECTED; | 3067 | conn->state = BT_CONNECTED; |
3094 | 3068 | ||
3095 | hci_proto_connect_cfm(conn, ev->status); | 3069 | hci_proto_connect_cfm(conn, ev->status); |
3096 | hci_conn_put(conn); | 3070 | hci_conn_drop(conn); |
3097 | } else { | 3071 | } else { |
3098 | hci_auth_cfm(conn, ev->status); | 3072 | hci_auth_cfm(conn, ev->status); |
3099 | 3073 | ||
3100 | hci_conn_hold(conn); | 3074 | hci_conn_hold(conn); |
3101 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; | 3075 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
3102 | hci_conn_put(conn); | 3076 | hci_conn_drop(conn); |
3103 | } | 3077 | } |
3104 | 3078 | ||
3105 | unlock: | 3079 | unlock: |
@@ -3360,7 +3334,7 @@ static void hci_simple_pair_complete_evt(struct hci_dev *hdev, | |||
3360 | mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, | 3334 | mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, |
3361 | ev->status); | 3335 | ev->status); |
3362 | 3336 | ||
3363 | hci_conn_put(conn); | 3337 | hci_conn_drop(conn); |
3364 | 3338 | ||
3365 | unlock: | 3339 | unlock: |
3366 | hci_dev_unlock(hdev); | 3340 | hci_dev_unlock(hdev); |
@@ -3371,11 +3345,16 @@ static void hci_remote_host_features_evt(struct hci_dev *hdev, | |||
3371 | { | 3345 | { |
3372 | struct hci_ev_remote_host_features *ev = (void *) skb->data; | 3346 | struct hci_ev_remote_host_features *ev = (void *) skb->data; |
3373 | struct inquiry_entry *ie; | 3347 | struct inquiry_entry *ie; |
3348 | struct hci_conn *conn; | ||
3374 | 3349 | ||
3375 | BT_DBG("%s", hdev->name); | 3350 | BT_DBG("%s", hdev->name); |
3376 | 3351 | ||
3377 | hci_dev_lock(hdev); | 3352 | hci_dev_lock(hdev); |
3378 | 3353 | ||
3354 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); | ||
3355 | if (conn) | ||
3356 | memcpy(conn->features[1], ev->features, 8); | ||
3357 | |||
3379 | ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); | 3358 | ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); |
3380 | if (ie) | 3359 | if (ie) |
3381 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); | 3360 | ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); |
@@ -3448,9 +3427,8 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev, | |||
3448 | 3427 | ||
3449 | hci_conn_hold(hcon); | 3428 | hci_conn_hold(hcon); |
3450 | hcon->disc_timeout = HCI_DISCONN_TIMEOUT; | 3429 | hcon->disc_timeout = HCI_DISCONN_TIMEOUT; |
3451 | hci_conn_put(hcon); | 3430 | hci_conn_drop(hcon); |
3452 | 3431 | ||
3453 | hci_conn_hold_device(hcon); | ||
3454 | hci_conn_add_sysfs(hcon); | 3432 | hci_conn_add_sysfs(hcon); |
3455 | 3433 | ||
3456 | amp_physical_cfm(bredr_hcon, hcon); | 3434 | amp_physical_cfm(bredr_hcon, hcon); |
@@ -3584,7 +3562,6 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3584 | conn->handle = __le16_to_cpu(ev->handle); | 3562 | conn->handle = __le16_to_cpu(ev->handle); |
3585 | conn->state = BT_CONNECTED; | 3563 | conn->state = BT_CONNECTED; |
3586 | 3564 | ||
3587 | hci_conn_hold_device(conn); | ||
3588 | hci_conn_add_sysfs(conn); | 3565 | hci_conn_add_sysfs(conn); |
3589 | 3566 | ||
3590 | hci_proto_connect_cfm(conn, ev->status); | 3567 | hci_proto_connect_cfm(conn, ev->status); |
@@ -3698,8 +3675,27 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) | |||
3698 | struct hci_event_hdr *hdr = (void *) skb->data; | 3675 | struct hci_event_hdr *hdr = (void *) skb->data; |
3699 | __u8 event = hdr->evt; | 3676 | __u8 event = hdr->evt; |
3700 | 3677 | ||
3678 | hci_dev_lock(hdev); | ||
3679 | |||
3680 | /* Received events are (currently) only needed when a request is | ||
3681 | * ongoing so avoid unnecessary memory allocation. | ||
3682 | */ | ||
3683 | if (hdev->req_status == HCI_REQ_PEND) { | ||
3684 | kfree_skb(hdev->recv_evt); | ||
3685 | hdev->recv_evt = skb_clone(skb, GFP_KERNEL); | ||
3686 | } | ||
3687 | |||
3688 | hci_dev_unlock(hdev); | ||
3689 | |||
3701 | skb_pull(skb, HCI_EVENT_HDR_SIZE); | 3690 | skb_pull(skb, HCI_EVENT_HDR_SIZE); |
3702 | 3691 | ||
3692 | if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) { | ||
3693 | struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data; | ||
3694 | u16 opcode = __le16_to_cpu(hdr->opcode); | ||
3695 | |||
3696 | hci_req_cmd_complete(hdev, opcode, 0); | ||
3697 | } | ||
3698 | |||
3703 | switch (event) { | 3699 | switch (event) { |
3704 | case HCI_EV_INQUIRY_COMPLETE: | 3700 | case HCI_EV_INQUIRY_COMPLETE: |
3705 | hci_inquiry_complete_evt(hdev, skb); | 3701 | hci_inquiry_complete_evt(hdev, skb); |
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c index ff38561385de..7ad6ecf36f20 100644 --- a/net/bluetooth/hci_sysfs.c +++ b/net/bluetooth/hci_sysfs.c | |||
@@ -48,10 +48,10 @@ static ssize_t show_link_features(struct device *dev, | |||
48 | struct hci_conn *conn = to_hci_conn(dev); | 48 | struct hci_conn *conn = to_hci_conn(dev); |
49 | 49 | ||
50 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", | 50 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", |
51 | conn->features[0], conn->features[1], | 51 | conn->features[0][0], conn->features[0][1], |
52 | conn->features[2], conn->features[3], | 52 | conn->features[0][2], conn->features[0][3], |
53 | conn->features[4], conn->features[5], | 53 | conn->features[0][4], conn->features[0][5], |
54 | conn->features[6], conn->features[7]); | 54 | conn->features[0][6], conn->features[0][7]); |
55 | } | 55 | } |
56 | 56 | ||
57 | #define LINK_ATTR(_name, _mode, _show, _store) \ | 57 | #define LINK_ATTR(_name, _mode, _show, _store) \ |
@@ -146,7 +146,6 @@ void hci_conn_del_sysfs(struct hci_conn *conn) | |||
146 | } | 146 | } |
147 | 147 | ||
148 | device_del(&conn->dev); | 148 | device_del(&conn->dev); |
149 | put_device(&conn->dev); | ||
150 | 149 | ||
151 | hci_dev_put(hdev); | 150 | hci_dev_put(hdev); |
152 | } | 151 | } |
@@ -234,10 +233,10 @@ static ssize_t show_features(struct device *dev, | |||
234 | struct hci_dev *hdev = to_hci_dev(dev); | 233 | struct hci_dev *hdev = to_hci_dev(dev); |
235 | 234 | ||
236 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", | 235 | return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", |
237 | hdev->features[0], hdev->features[1], | 236 | hdev->features[0][0], hdev->features[0][1], |
238 | hdev->features[2], hdev->features[3], | 237 | hdev->features[0][2], hdev->features[0][3], |
239 | hdev->features[4], hdev->features[5], | 238 | hdev->features[0][4], hdev->features[0][5], |
240 | hdev->features[6], hdev->features[7]); | 239 | hdev->features[0][6], hdev->features[0][7]); |
241 | } | 240 | } |
242 | 241 | ||
243 | static ssize_t show_manufacturer(struct device *dev, | 242 | static ssize_t show_manufacturer(struct device *dev, |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 2342327f3335..940f5acb6694 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c | |||
@@ -1,6 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | HIDP implementation for Linux Bluetooth stack (BlueZ). | 2 | HIDP implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> | 3 | Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> |
4 | Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com> | ||
4 | 5 | ||
5 | This program is free software; you can redistribute it and/or modify | 6 | This program is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License version 2 as | 7 | it under the terms of the GNU General Public License version 2 as |
@@ -20,6 +21,7 @@ | |||
20 | SOFTWARE IS DISCLAIMED. | 21 | SOFTWARE IS DISCLAIMED. |
21 | */ | 22 | */ |
22 | 23 | ||
24 | #include <linux/kref.h> | ||
23 | #include <linux/module.h> | 25 | #include <linux/module.h> |
24 | #include <linux/file.h> | 26 | #include <linux/file.h> |
25 | #include <linux/kthread.h> | 27 | #include <linux/kthread.h> |
@@ -59,39 +61,20 @@ static unsigned char hidp_keycode[256] = { | |||
59 | 61 | ||
60 | static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; | 62 | static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; |
61 | 63 | ||
62 | static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) | 64 | static int hidp_session_probe(struct l2cap_conn *conn, |
63 | { | 65 | struct l2cap_user *user); |
64 | struct hidp_session *session; | 66 | static void hidp_session_remove(struct l2cap_conn *conn, |
65 | 67 | struct l2cap_user *user); | |
66 | BT_DBG(""); | 68 | static int hidp_session_thread(void *arg); |
69 | static void hidp_session_terminate(struct hidp_session *s); | ||
67 | 70 | ||
68 | list_for_each_entry(session, &hidp_session_list, list) { | 71 | static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) |
69 | if (!bacmp(bdaddr, &session->bdaddr)) | ||
70 | return session; | ||
71 | } | ||
72 | |||
73 | return NULL; | ||
74 | } | ||
75 | |||
76 | static void __hidp_link_session(struct hidp_session *session) | ||
77 | { | ||
78 | list_add(&session->list, &hidp_session_list); | ||
79 | } | ||
80 | |||
81 | static void __hidp_unlink_session(struct hidp_session *session) | ||
82 | { | ||
83 | hci_conn_put_device(session->conn); | ||
84 | |||
85 | list_del(&session->list); | ||
86 | } | ||
87 | |||
88 | static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) | ||
89 | { | 72 | { |
90 | memset(ci, 0, sizeof(*ci)); | 73 | memset(ci, 0, sizeof(*ci)); |
91 | bacpy(&ci->bdaddr, &session->bdaddr); | 74 | bacpy(&ci->bdaddr, &session->bdaddr); |
92 | 75 | ||
93 | ci->flags = session->flags; | 76 | ci->flags = session->flags; |
94 | ci->state = session->state; | 77 | ci->state = BT_CONNECTED; |
95 | 78 | ||
96 | ci->vendor = 0x0000; | 79 | ci->vendor = 0x0000; |
97 | ci->product = 0x0000; | 80 | ci->product = 0x0000; |
@@ -115,58 +98,80 @@ static void __hidp_copy_session(struct hidp_session *session, struct hidp_connin | |||
115 | } | 98 | } |
116 | } | 99 | } |
117 | 100 | ||
118 | static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, | 101 | /* assemble skb, queue message on @transmit and wake up the session thread */ |
119 | unsigned int type, unsigned int code, int value) | 102 | static int hidp_send_message(struct hidp_session *session, struct socket *sock, |
103 | struct sk_buff_head *transmit, unsigned char hdr, | ||
104 | const unsigned char *data, int size) | ||
120 | { | 105 | { |
121 | unsigned char newleds; | ||
122 | struct sk_buff *skb; | 106 | struct sk_buff *skb; |
107 | struct sock *sk = sock->sk; | ||
123 | 108 | ||
124 | BT_DBG("session %p type %d code %d value %d", session, type, code, value); | 109 | BT_DBG("session %p data %p size %d", session, data, size); |
125 | |||
126 | if (type != EV_LED) | ||
127 | return -1; | ||
128 | |||
129 | newleds = (!!test_bit(LED_KANA, dev->led) << 3) | | ||
130 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | | ||
131 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | | ||
132 | (!!test_bit(LED_CAPSL, dev->led) << 1) | | ||
133 | (!!test_bit(LED_NUML, dev->led)); | ||
134 | |||
135 | if (session->leds == newleds) | ||
136 | return 0; | ||
137 | 110 | ||
138 | session->leds = newleds; | 111 | if (atomic_read(&session->terminate)) |
112 | return -EIO; | ||
139 | 113 | ||
140 | skb = alloc_skb(3, GFP_ATOMIC); | 114 | skb = alloc_skb(size + 1, GFP_ATOMIC); |
141 | if (!skb) { | 115 | if (!skb) { |
142 | BT_ERR("Can't allocate memory for new frame"); | 116 | BT_ERR("Can't allocate memory for new frame"); |
143 | return -ENOMEM; | 117 | return -ENOMEM; |
144 | } | 118 | } |
145 | 119 | ||
146 | *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; | 120 | *skb_put(skb, 1) = hdr; |
147 | *skb_put(skb, 1) = 0x01; | 121 | if (data && size > 0) |
148 | *skb_put(skb, 1) = newleds; | 122 | memcpy(skb_put(skb, size), data, size); |
149 | |||
150 | skb_queue_tail(&session->intr_transmit, skb); | ||
151 | 123 | ||
152 | hidp_schedule(session); | 124 | skb_queue_tail(transmit, skb); |
125 | wake_up_interruptible(sk_sleep(sk)); | ||
153 | 126 | ||
154 | return 0; | 127 | return 0; |
155 | } | 128 | } |
156 | 129 | ||
157 | static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) | 130 | static int hidp_send_ctrl_message(struct hidp_session *session, |
131 | unsigned char hdr, const unsigned char *data, | ||
132 | int size) | ||
158 | { | 133 | { |
159 | struct hid_device *hid = input_get_drvdata(dev); | 134 | return hidp_send_message(session, session->ctrl_sock, |
160 | struct hidp_session *session = hid->driver_data; | 135 | &session->ctrl_transmit, hdr, data, size); |
136 | } | ||
161 | 137 | ||
162 | return hidp_queue_event(session, dev, type, code, value); | 138 | static int hidp_send_intr_message(struct hidp_session *session, |
139 | unsigned char hdr, const unsigned char *data, | ||
140 | int size) | ||
141 | { | ||
142 | return hidp_send_message(session, session->intr_sock, | ||
143 | &session->intr_transmit, hdr, data, size); | ||
163 | } | 144 | } |
164 | 145 | ||
165 | static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) | 146 | static int hidp_input_event(struct input_dev *dev, unsigned int type, |
147 | unsigned int code, int value) | ||
166 | { | 148 | { |
167 | struct hidp_session *session = input_get_drvdata(dev); | 149 | struct hidp_session *session = input_get_drvdata(dev); |
150 | unsigned char newleds; | ||
151 | unsigned char hdr, data[2]; | ||
152 | |||
153 | BT_DBG("session %p type %d code %d value %d", | ||
154 | session, type, code, value); | ||
155 | |||
156 | if (type != EV_LED) | ||
157 | return -1; | ||
158 | |||
159 | newleds = (!!test_bit(LED_KANA, dev->led) << 3) | | ||
160 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | | ||
161 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | | ||
162 | (!!test_bit(LED_CAPSL, dev->led) << 1) | | ||
163 | (!!test_bit(LED_NUML, dev->led)); | ||
168 | 164 | ||
169 | return hidp_queue_event(session, dev, type, code, value); | 165 | if (session->leds == newleds) |
166 | return 0; | ||
167 | |||
168 | session->leds = newleds; | ||
169 | |||
170 | hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; | ||
171 | data[0] = 0x01; | ||
172 | data[1] = newleds; | ||
173 | |||
174 | return hidp_send_intr_message(session, hdr, data, 2); | ||
170 | } | 175 | } |
171 | 176 | ||
172 | static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) | 177 | static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) |
@@ -224,71 +229,9 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) | |||
224 | input_sync(dev); | 229 | input_sync(dev); |
225 | } | 230 | } |
226 | 231 | ||
227 | static int __hidp_send_ctrl_message(struct hidp_session *session, | ||
228 | unsigned char hdr, unsigned char *data, | ||
229 | int size) | ||
230 | { | ||
231 | struct sk_buff *skb; | ||
232 | |||
233 | BT_DBG("session %p data %p size %d", session, data, size); | ||
234 | |||
235 | if (atomic_read(&session->terminate)) | ||
236 | return -EIO; | ||
237 | |||
238 | skb = alloc_skb(size + 1, GFP_ATOMIC); | ||
239 | if (!skb) { | ||
240 | BT_ERR("Can't allocate memory for new frame"); | ||
241 | return -ENOMEM; | ||
242 | } | ||
243 | |||
244 | *skb_put(skb, 1) = hdr; | ||
245 | if (data && size > 0) | ||
246 | memcpy(skb_put(skb, size), data, size); | ||
247 | |||
248 | skb_queue_tail(&session->ctrl_transmit, skb); | ||
249 | |||
250 | return 0; | ||
251 | } | ||
252 | |||
253 | static int hidp_send_ctrl_message(struct hidp_session *session, | ||
254 | unsigned char hdr, unsigned char *data, int size) | ||
255 | { | ||
256 | int err; | ||
257 | |||
258 | err = __hidp_send_ctrl_message(session, hdr, data, size); | ||
259 | |||
260 | hidp_schedule(session); | ||
261 | |||
262 | return err; | ||
263 | } | ||
264 | |||
265 | static int hidp_queue_report(struct hidp_session *session, | ||
266 | unsigned char *data, int size) | ||
267 | { | ||
268 | struct sk_buff *skb; | ||
269 | |||
270 | BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); | ||
271 | |||
272 | skb = alloc_skb(size + 1, GFP_ATOMIC); | ||
273 | if (!skb) { | ||
274 | BT_ERR("Can't allocate memory for new frame"); | ||
275 | return -ENOMEM; | ||
276 | } | ||
277 | |||
278 | *skb_put(skb, 1) = 0xa2; | ||
279 | if (size > 0) | ||
280 | memcpy(skb_put(skb, size), data, size); | ||
281 | |||
282 | skb_queue_tail(&session->intr_transmit, skb); | ||
283 | |||
284 | hidp_schedule(session); | ||
285 | |||
286 | return 0; | ||
287 | } | ||
288 | |||
289 | static int hidp_send_report(struct hidp_session *session, struct hid_report *report) | 232 | static int hidp_send_report(struct hidp_session *session, struct hid_report *report) |
290 | { | 233 | { |
291 | unsigned char buf[32]; | 234 | unsigned char buf[32], hdr; |
292 | int rsize; | 235 | int rsize; |
293 | 236 | ||
294 | rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); | 237 | rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); |
@@ -296,8 +239,9 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep | |||
296 | return -EIO; | 239 | return -EIO; |
297 | 240 | ||
298 | hid_output_report(report, buf); | 241 | hid_output_report(report, buf); |
242 | hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; | ||
299 | 243 | ||
300 | return hidp_queue_report(session, buf, rsize); | 244 | return hidp_send_intr_message(session, hdr, buf, rsize); |
301 | } | 245 | } |
302 | 246 | ||
303 | static int hidp_get_raw_report(struct hid_device *hid, | 247 | static int hidp_get_raw_report(struct hid_device *hid, |
@@ -336,17 +280,19 @@ static int hidp_get_raw_report(struct hid_device *hid, | |||
336 | session->waiting_report_number = numbered_reports ? report_number : -1; | 280 | session->waiting_report_number = numbered_reports ? report_number : -1; |
337 | set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | 281 | set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); |
338 | data[0] = report_number; | 282 | data[0] = report_number; |
339 | ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1); | 283 | ret = hidp_send_ctrl_message(session, report_type, data, 1); |
340 | if (ret) | 284 | if (ret) |
341 | goto err; | 285 | goto err; |
342 | 286 | ||
343 | /* Wait for the return of the report. The returned report | 287 | /* Wait for the return of the report. The returned report |
344 | gets put in session->report_return. */ | 288 | gets put in session->report_return. */ |
345 | while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { | 289 | while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && |
290 | !atomic_read(&session->terminate)) { | ||
346 | int res; | 291 | int res; |
347 | 292 | ||
348 | res = wait_event_interruptible_timeout(session->report_queue, | 293 | res = wait_event_interruptible_timeout(session->report_queue, |
349 | !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), | 294 | !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) |
295 | || atomic_read(&session->terminate), | ||
350 | 5*HZ); | 296 | 5*HZ); |
351 | if (res == 0) { | 297 | if (res == 0) { |
352 | /* timeout */ | 298 | /* timeout */ |
@@ -389,14 +335,11 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s | |||
389 | struct hidp_session *session = hid->driver_data; | 335 | struct hidp_session *session = hid->driver_data; |
390 | int ret; | 336 | int ret; |
391 | 337 | ||
392 | switch (report_type) { | 338 | if (report_type == HID_OUTPUT_REPORT) { |
393 | case HID_FEATURE_REPORT: | 339 | report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; |
394 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; | 340 | return hidp_send_intr_message(session, report_type, |
395 | break; | 341 | data, count); |
396 | case HID_OUTPUT_REPORT: | 342 | } else if (report_type != HID_FEATURE_REPORT) { |
397 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; | ||
398 | break; | ||
399 | default: | ||
400 | return -EINVAL; | 343 | return -EINVAL; |
401 | } | 344 | } |
402 | 345 | ||
@@ -405,17 +348,19 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s | |||
405 | 348 | ||
406 | /* Set up our wait, and send the report request to the device. */ | 349 | /* Set up our wait, and send the report request to the device. */ |
407 | set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); | 350 | set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); |
408 | ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, | 351 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; |
409 | count); | 352 | ret = hidp_send_ctrl_message(session, report_type, data, count); |
410 | if (ret) | 353 | if (ret) |
411 | goto err; | 354 | goto err; |
412 | 355 | ||
413 | /* Wait for the ACK from the device. */ | 356 | /* Wait for the ACK from the device. */ |
414 | while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { | 357 | while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) && |
358 | !atomic_read(&session->terminate)) { | ||
415 | int res; | 359 | int res; |
416 | 360 | ||
417 | res = wait_event_interruptible_timeout(session->report_queue, | 361 | res = wait_event_interruptible_timeout(session->report_queue, |
418 | !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), | 362 | !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) |
363 | || atomic_read(&session->terminate), | ||
419 | 10*HZ); | 364 | 10*HZ); |
420 | if (res == 0) { | 365 | if (res == 0) { |
421 | /* timeout */ | 366 | /* timeout */ |
@@ -446,8 +391,7 @@ static void hidp_idle_timeout(unsigned long arg) | |||
446 | { | 391 | { |
447 | struct hidp_session *session = (struct hidp_session *) arg; | 392 | struct hidp_session *session = (struct hidp_session *) arg; |
448 | 393 | ||
449 | atomic_inc(&session->terminate); | 394 | hidp_session_terminate(session); |
450 | wake_up_process(session->task); | ||
451 | } | 395 | } |
452 | 396 | ||
453 | static void hidp_set_timer(struct hidp_session *session) | 397 | static void hidp_set_timer(struct hidp_session *session) |
@@ -490,12 +434,12 @@ static void hidp_process_handshake(struct hidp_session *session, | |||
490 | case HIDP_HSHK_ERR_FATAL: | 434 | case HIDP_HSHK_ERR_FATAL: |
491 | /* Device requests a reboot, as this is the only way this error | 435 | /* Device requests a reboot, as this is the only way this error |
492 | * can be recovered. */ | 436 | * can be recovered. */ |
493 | __hidp_send_ctrl_message(session, | 437 | hidp_send_ctrl_message(session, |
494 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); | 438 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); |
495 | break; | 439 | break; |
496 | 440 | ||
497 | default: | 441 | default: |
498 | __hidp_send_ctrl_message(session, | 442 | hidp_send_ctrl_message(session, |
499 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); | 443 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); |
500 | break; | 444 | break; |
501 | } | 445 | } |
@@ -515,8 +459,7 @@ static void hidp_process_hid_control(struct hidp_session *session, | |||
515 | skb_queue_purge(&session->ctrl_transmit); | 459 | skb_queue_purge(&session->ctrl_transmit); |
516 | skb_queue_purge(&session->intr_transmit); | 460 | skb_queue_purge(&session->intr_transmit); |
517 | 461 | ||
518 | atomic_inc(&session->terminate); | 462 | hidp_session_terminate(session); |
519 | wake_up_process(current); | ||
520 | } | 463 | } |
521 | } | 464 | } |
522 | 465 | ||
@@ -544,7 +487,7 @@ static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, | |||
544 | break; | 487 | break; |
545 | 488 | ||
546 | default: | 489 | default: |
547 | __hidp_send_ctrl_message(session, | 490 | hidp_send_ctrl_message(session, |
548 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); | 491 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); |
549 | } | 492 | } |
550 | 493 | ||
@@ -591,7 +534,7 @@ static void hidp_recv_ctrl_frame(struct hidp_session *session, | |||
591 | break; | 534 | break; |
592 | 535 | ||
593 | default: | 536 | default: |
594 | __hidp_send_ctrl_message(session, | 537 | hidp_send_ctrl_message(session, |
595 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); | 538 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); |
596 | break; | 539 | break; |
597 | } | 540 | } |
@@ -642,32 +585,24 @@ static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) | |||
642 | return kernel_sendmsg(sock, &msg, &iv, 1, len); | 585 | return kernel_sendmsg(sock, &msg, &iv, 1, len); |
643 | } | 586 | } |
644 | 587 | ||
645 | static void hidp_process_intr_transmit(struct hidp_session *session) | 588 | /* dequeue message from @transmit and send via @sock */ |
589 | static void hidp_process_transmit(struct hidp_session *session, | ||
590 | struct sk_buff_head *transmit, | ||
591 | struct socket *sock) | ||
646 | { | 592 | { |
647 | struct sk_buff *skb; | 593 | struct sk_buff *skb; |
594 | int ret; | ||
648 | 595 | ||
649 | BT_DBG("session %p", session); | 596 | BT_DBG("session %p", session); |
650 | 597 | ||
651 | while ((skb = skb_dequeue(&session->intr_transmit))) { | 598 | while ((skb = skb_dequeue(transmit))) { |
652 | if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { | 599 | ret = hidp_send_frame(sock, skb->data, skb->len); |
653 | skb_queue_head(&session->intr_transmit, skb); | 600 | if (ret == -EAGAIN) { |
601 | skb_queue_head(transmit, skb); | ||
654 | break; | 602 | break; |
655 | } | 603 | } else if (ret < 0) { |
656 | 604 | hidp_session_terminate(session); | |
657 | hidp_set_timer(session); | 605 | kfree_skb(skb); |
658 | kfree_skb(skb); | ||
659 | } | ||
660 | } | ||
661 | |||
662 | static void hidp_process_ctrl_transmit(struct hidp_session *session) | ||
663 | { | ||
664 | struct sk_buff *skb; | ||
665 | |||
666 | BT_DBG("session %p", session); | ||
667 | |||
668 | while ((skb = skb_dequeue(&session->ctrl_transmit))) { | ||
669 | if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { | ||
670 | skb_queue_head(&session->ctrl_transmit, skb); | ||
671 | break; | 606 | break; |
672 | } | 607 | } |
673 | 608 | ||
@@ -676,122 +611,6 @@ static void hidp_process_ctrl_transmit(struct hidp_session *session) | |||
676 | } | 611 | } |
677 | } | 612 | } |
678 | 613 | ||
679 | static int hidp_session(void *arg) | ||
680 | { | ||
681 | struct hidp_session *session = arg; | ||
682 | struct sock *ctrl_sk = session->ctrl_sock->sk; | ||
683 | struct sock *intr_sk = session->intr_sock->sk; | ||
684 | struct sk_buff *skb; | ||
685 | wait_queue_t ctrl_wait, intr_wait; | ||
686 | |||
687 | BT_DBG("session %p", session); | ||
688 | |||
689 | __module_get(THIS_MODULE); | ||
690 | set_user_nice(current, -15); | ||
691 | |||
692 | init_waitqueue_entry(&ctrl_wait, current); | ||
693 | init_waitqueue_entry(&intr_wait, current); | ||
694 | add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); | ||
695 | add_wait_queue(sk_sleep(intr_sk), &intr_wait); | ||
696 | session->waiting_for_startup = 0; | ||
697 | wake_up_interruptible(&session->startup_queue); | ||
698 | set_current_state(TASK_INTERRUPTIBLE); | ||
699 | while (!atomic_read(&session->terminate)) { | ||
700 | if (ctrl_sk->sk_state != BT_CONNECTED || | ||
701 | intr_sk->sk_state != BT_CONNECTED) | ||
702 | break; | ||
703 | |||
704 | while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { | ||
705 | skb_orphan(skb); | ||
706 | if (!skb_linearize(skb)) | ||
707 | hidp_recv_intr_frame(session, skb); | ||
708 | else | ||
709 | kfree_skb(skb); | ||
710 | } | ||
711 | |||
712 | hidp_process_intr_transmit(session); | ||
713 | |||
714 | while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { | ||
715 | skb_orphan(skb); | ||
716 | if (!skb_linearize(skb)) | ||
717 | hidp_recv_ctrl_frame(session, skb); | ||
718 | else | ||
719 | kfree_skb(skb); | ||
720 | } | ||
721 | |||
722 | hidp_process_ctrl_transmit(session); | ||
723 | |||
724 | schedule(); | ||
725 | set_current_state(TASK_INTERRUPTIBLE); | ||
726 | } | ||
727 | set_current_state(TASK_RUNNING); | ||
728 | atomic_inc(&session->terminate); | ||
729 | remove_wait_queue(sk_sleep(intr_sk), &intr_wait); | ||
730 | remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); | ||
731 | |||
732 | clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); | ||
733 | clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | ||
734 | wake_up_interruptible(&session->report_queue); | ||
735 | |||
736 | down_write(&hidp_session_sem); | ||
737 | |||
738 | hidp_del_timer(session); | ||
739 | |||
740 | if (session->input) { | ||
741 | input_unregister_device(session->input); | ||
742 | session->input = NULL; | ||
743 | } | ||
744 | |||
745 | if (session->hid) { | ||
746 | hid_destroy_device(session->hid); | ||
747 | session->hid = NULL; | ||
748 | } | ||
749 | |||
750 | /* Wakeup user-space polling for socket errors */ | ||
751 | session->intr_sock->sk->sk_err = EUNATCH; | ||
752 | session->ctrl_sock->sk->sk_err = EUNATCH; | ||
753 | |||
754 | hidp_schedule(session); | ||
755 | |||
756 | fput(session->intr_sock->file); | ||
757 | |||
758 | wait_event_timeout(*(sk_sleep(ctrl_sk)), | ||
759 | (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); | ||
760 | |||
761 | fput(session->ctrl_sock->file); | ||
762 | |||
763 | __hidp_unlink_session(session); | ||
764 | |||
765 | up_write(&hidp_session_sem); | ||
766 | |||
767 | kfree(session->rd_data); | ||
768 | kfree(session); | ||
769 | module_put_and_exit(0); | ||
770 | return 0; | ||
771 | } | ||
772 | |||
773 | static struct hci_conn *hidp_get_connection(struct hidp_session *session) | ||
774 | { | ||
775 | bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; | ||
776 | bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; | ||
777 | struct hci_conn *conn; | ||
778 | struct hci_dev *hdev; | ||
779 | |||
780 | hdev = hci_get_route(dst, src); | ||
781 | if (!hdev) | ||
782 | return NULL; | ||
783 | |||
784 | hci_dev_lock(hdev); | ||
785 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); | ||
786 | if (conn) | ||
787 | hci_conn_hold_device(conn); | ||
788 | hci_dev_unlock(hdev); | ||
789 | |||
790 | hci_dev_put(hdev); | ||
791 | |||
792 | return conn; | ||
793 | } | ||
794 | |||
795 | static int hidp_setup_input(struct hidp_session *session, | 614 | static int hidp_setup_input(struct hidp_session *session, |
796 | struct hidp_connadd_req *req) | 615 | struct hidp_connadd_req *req) |
797 | { | 616 | { |
@@ -839,7 +658,7 @@ static int hidp_setup_input(struct hidp_session *session, | |||
839 | input->relbit[0] |= BIT_MASK(REL_WHEEL); | 658 | input->relbit[0] |= BIT_MASK(REL_WHEEL); |
840 | } | 659 | } |
841 | 660 | ||
842 | input->dev.parent = &session->conn->dev; | 661 | input->dev.parent = &session->conn->hcon->dev; |
843 | 662 | ||
844 | input->event = hidp_input_event; | 663 | input->event = hidp_input_event; |
845 | 664 | ||
@@ -898,7 +717,6 @@ static struct hid_ll_driver hidp_hid_driver = { | |||
898 | .stop = hidp_stop, | 717 | .stop = hidp_stop, |
899 | .open = hidp_open, | 718 | .open = hidp_open, |
900 | .close = hidp_close, | 719 | .close = hidp_close, |
901 | .hidinput_input_event = hidp_hidinput_event, | ||
902 | }; | 720 | }; |
903 | 721 | ||
904 | /* This function sets up the hid device. It does not add it | 722 | /* This function sets up the hid device. It does not add it |
@@ -943,7 +761,7 @@ static int hidp_setup_hid(struct hidp_session *session, | |||
943 | snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", | 761 | snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", |
944 | &bt_sk(session->ctrl_sock->sk)->dst); | 762 | &bt_sk(session->ctrl_sock->sk)->dst); |
945 | 763 | ||
946 | hid->dev.parent = &session->conn->dev; | 764 | hid->dev.parent = &session->conn->hcon->dev; |
947 | hid->ll_driver = &hidp_hid_driver; | 765 | hid->ll_driver = &hidp_hid_driver; |
948 | 766 | ||
949 | hid->hid_get_raw_report = hidp_get_raw_report; | 767 | hid->hid_get_raw_report = hidp_get_raw_report; |
@@ -965,80 +783,217 @@ fault: | |||
965 | return err; | 783 | return err; |
966 | } | 784 | } |
967 | 785 | ||
968 | int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) | 786 | /* initialize session devices */ |
787 | static int hidp_session_dev_init(struct hidp_session *session, | ||
788 | struct hidp_connadd_req *req) | ||
969 | { | 789 | { |
970 | struct hidp_session *session, *s; | 790 | int ret; |
971 | int vendor, product; | ||
972 | int err; | ||
973 | 791 | ||
974 | BT_DBG(""); | 792 | if (req->rd_size > 0) { |
793 | ret = hidp_setup_hid(session, req); | ||
794 | if (ret && ret != -ENODEV) | ||
795 | return ret; | ||
796 | } | ||
975 | 797 | ||
976 | if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || | 798 | if (!session->hid) { |
977 | bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) | 799 | ret = hidp_setup_input(session, req); |
978 | return -ENOTUNIQ; | 800 | if (ret < 0) |
801 | return ret; | ||
802 | } | ||
979 | 803 | ||
980 | BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); | 804 | return 0; |
805 | } | ||
981 | 806 | ||
982 | down_write(&hidp_session_sem); | 807 | /* destroy session devices */ |
808 | static void hidp_session_dev_destroy(struct hidp_session *session) | ||
809 | { | ||
810 | if (session->hid) | ||
811 | put_device(&session->hid->dev); | ||
812 | else if (session->input) | ||
813 | input_put_device(session->input); | ||
983 | 814 | ||
984 | s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); | 815 | kfree(session->rd_data); |
985 | if (s && s->state == BT_CONNECTED) { | 816 | session->rd_data = NULL; |
986 | up_write(&hidp_session_sem); | 817 | } |
987 | return -EEXIST; | ||
988 | } | ||
989 | 818 | ||
990 | session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); | 819 | /* add HID/input devices to their underlying bus systems */ |
991 | if (!session) { | 820 | static int hidp_session_dev_add(struct hidp_session *session) |
992 | up_write(&hidp_session_sem); | 821 | { |
993 | return -ENOMEM; | 822 | int ret; |
994 | } | ||
995 | 823 | ||
996 | bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); | 824 | /* Both HID and input systems drop a ref-count when unregistering the |
825 | * device but they don't take a ref-count when registering them. Work | ||
826 | * around this by explicitly taking a refcount during registration | ||
827 | * which is dropped automatically by unregistering the devices. */ | ||
997 | 828 | ||
998 | session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, | 829 | if (session->hid) { |
999 | l2cap_pi(ctrl_sock->sk)->chan->imtu); | 830 | ret = hid_add_device(session->hid); |
1000 | session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, | 831 | if (ret) |
1001 | l2cap_pi(intr_sock->sk)->chan->imtu); | 832 | return ret; |
833 | get_device(&session->hid->dev); | ||
834 | } else if (session->input) { | ||
835 | ret = input_register_device(session->input); | ||
836 | if (ret) | ||
837 | return ret; | ||
838 | input_get_device(session->input); | ||
839 | } | ||
1002 | 840 | ||
1003 | BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); | 841 | return 0; |
842 | } | ||
1004 | 843 | ||
1005 | session->ctrl_sock = ctrl_sock; | 844 | /* remove HID/input devices from their bus systems */ |
1006 | session->intr_sock = intr_sock; | 845 | static void hidp_session_dev_del(struct hidp_session *session) |
1007 | session->state = BT_CONNECTED; | 846 | { |
847 | if (session->hid) | ||
848 | hid_destroy_device(session->hid); | ||
849 | else if (session->input) | ||
850 | input_unregister_device(session->input); | ||
851 | } | ||
1008 | 852 | ||
1009 | session->conn = hidp_get_connection(session); | 853 | /* |
1010 | if (!session->conn) { | 854 | * Create new session object |
1011 | err = -ENOTCONN; | 855 | * Allocate session object, initialize static fields, copy input data into the |
1012 | goto failed; | 856 | * object and take a reference to all sub-objects. |
1013 | } | 857 | * This returns 0 on success and puts a pointer to the new session object in |
858 | * \out. Otherwise, an error code is returned. | ||
859 | * The new session object has an initial ref-count of 1. | ||
860 | */ | ||
861 | static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr, | ||
862 | struct socket *ctrl_sock, | ||
863 | struct socket *intr_sock, | ||
864 | struct hidp_connadd_req *req, | ||
865 | struct l2cap_conn *conn) | ||
866 | { | ||
867 | struct hidp_session *session; | ||
868 | int ret; | ||
869 | struct bt_sock *ctrl, *intr; | ||
870 | |||
871 | ctrl = bt_sk(ctrl_sock->sk); | ||
872 | intr = bt_sk(intr_sock->sk); | ||
1014 | 873 | ||
1015 | setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); | 874 | session = kzalloc(sizeof(*session), GFP_KERNEL); |
875 | if (!session) | ||
876 | return -ENOMEM; | ||
1016 | 877 | ||
878 | /* object and runtime management */ | ||
879 | kref_init(&session->ref); | ||
880 | atomic_set(&session->state, HIDP_SESSION_IDLING); | ||
881 | init_waitqueue_head(&session->state_queue); | ||
882 | session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); | ||
883 | |||
884 | /* connection management */ | ||
885 | bacpy(&session->bdaddr, bdaddr); | ||
886 | session->conn = conn; | ||
887 | session->user.probe = hidp_session_probe; | ||
888 | session->user.remove = hidp_session_remove; | ||
889 | session->ctrl_sock = ctrl_sock; | ||
890 | session->intr_sock = intr_sock; | ||
1017 | skb_queue_head_init(&session->ctrl_transmit); | 891 | skb_queue_head_init(&session->ctrl_transmit); |
1018 | skb_queue_head_init(&session->intr_transmit); | 892 | skb_queue_head_init(&session->intr_transmit); |
893 | session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu, | ||
894 | l2cap_pi(ctrl)->chan->imtu); | ||
895 | session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu, | ||
896 | l2cap_pi(intr)->chan->imtu); | ||
897 | session->idle_to = req->idle_to; | ||
898 | |||
899 | /* device management */ | ||
900 | setup_timer(&session->timer, hidp_idle_timeout, | ||
901 | (unsigned long)session); | ||
1019 | 902 | ||
903 | /* session data */ | ||
1020 | mutex_init(&session->report_mutex); | 904 | mutex_init(&session->report_mutex); |
1021 | init_waitqueue_head(&session->report_queue); | 905 | init_waitqueue_head(&session->report_queue); |
1022 | init_waitqueue_head(&session->startup_queue); | ||
1023 | session->waiting_for_startup = 1; | ||
1024 | session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); | ||
1025 | session->idle_to = req->idle_to; | ||
1026 | 906 | ||
1027 | __hidp_link_session(session); | 907 | ret = hidp_session_dev_init(session, req); |
908 | if (ret) | ||
909 | goto err_free; | ||
1028 | 910 | ||
1029 | if (req->rd_size > 0) { | 911 | l2cap_conn_get(session->conn); |
1030 | err = hidp_setup_hid(session, req); | 912 | get_file(session->intr_sock->file); |
1031 | if (err && err != -ENODEV) | 913 | get_file(session->ctrl_sock->file); |
1032 | goto purge; | 914 | *out = session; |
1033 | } | 915 | return 0; |
1034 | 916 | ||
1035 | if (!session->hid) { | 917 | err_free: |
1036 | err = hidp_setup_input(session, req); | 918 | kfree(session); |
1037 | if (err < 0) | 919 | return ret; |
1038 | goto purge; | 920 | } |
921 | |||
922 | /* increase ref-count of the given session by one */ | ||
923 | static void hidp_session_get(struct hidp_session *session) | ||
924 | { | ||
925 | kref_get(&session->ref); | ||
926 | } | ||
927 | |||
928 | /* release callback */ | ||
929 | static void session_free(struct kref *ref) | ||
930 | { | ||
931 | struct hidp_session *session = container_of(ref, struct hidp_session, | ||
932 | ref); | ||
933 | |||
934 | hidp_session_dev_destroy(session); | ||
935 | skb_queue_purge(&session->ctrl_transmit); | ||
936 | skb_queue_purge(&session->intr_transmit); | ||
937 | fput(session->intr_sock->file); | ||
938 | fput(session->ctrl_sock->file); | ||
939 | l2cap_conn_put(session->conn); | ||
940 | kfree(session); | ||
941 | } | ||
942 | |||
943 | /* decrease ref-count of the given session by one */ | ||
944 | static void hidp_session_put(struct hidp_session *session) | ||
945 | { | ||
946 | kref_put(&session->ref, session_free); | ||
947 | } | ||
948 | |||
949 | /* | ||
950 | * Search the list of active sessions for a session with target address | ||
951 | * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as | ||
952 | * you do not release this lock, the session objects cannot vanish and you can | ||
953 | * safely take a reference to the session yourself. | ||
954 | */ | ||
955 | static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr) | ||
956 | { | ||
957 | struct hidp_session *session; | ||
958 | |||
959 | list_for_each_entry(session, &hidp_session_list, list) { | ||
960 | if (!bacmp(bdaddr, &session->bdaddr)) | ||
961 | return session; | ||
1039 | } | 962 | } |
1040 | 963 | ||
1041 | hidp_set_timer(session); | 964 | return NULL; |
965 | } | ||
966 | |||
967 | /* | ||
968 | * Same as __hidp_session_find() but no locks must be held. This also takes a | ||
969 | * reference of the returned session (if non-NULL) so you must drop this | ||
970 | * reference if you no longer use the object. | ||
971 | */ | ||
972 | static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr) | ||
973 | { | ||
974 | struct hidp_session *session; | ||
975 | |||
976 | down_read(&hidp_session_sem); | ||
977 | |||
978 | session = __hidp_session_find(bdaddr); | ||
979 | if (session) | ||
980 | hidp_session_get(session); | ||
981 | |||
982 | up_read(&hidp_session_sem); | ||
983 | |||
984 | return session; | ||
985 | } | ||
986 | |||
987 | /* | ||
988 | * Start session synchronously | ||
989 | * This starts a session thread and waits until initialization | ||
990 | * is done or returns an error if it couldn't be started. | ||
991 | * If this returns 0 the session thread is up and running. You must call | ||
992 | * hipd_session_stop_sync() before deleting any runtime resources. | ||
993 | */ | ||
994 | static int hidp_session_start_sync(struct hidp_session *session) | ||
995 | { | ||
996 | unsigned int vendor, product; | ||
1042 | 997 | ||
1043 | if (session->hid) { | 998 | if (session->hid) { |
1044 | vendor = session->hid->vendor; | 999 | vendor = session->hid->vendor; |
@@ -1051,98 +1006,320 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, | |||
1051 | product = 0x0000; | 1006 | product = 0x0000; |
1052 | } | 1007 | } |
1053 | 1008 | ||
1054 | session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", | 1009 | session->task = kthread_run(hidp_session_thread, session, |
1055 | vendor, product); | 1010 | "khidpd_%04x%04x", vendor, product); |
1056 | if (IS_ERR(session->task)) { | 1011 | if (IS_ERR(session->task)) |
1057 | err = PTR_ERR(session->task); | 1012 | return PTR_ERR(session->task); |
1058 | goto unlink; | ||
1059 | } | ||
1060 | 1013 | ||
1061 | while (session->waiting_for_startup) { | 1014 | while (atomic_read(&session->state) <= HIDP_SESSION_IDLING) |
1062 | wait_event_interruptible(session->startup_queue, | 1015 | wait_event(session->state_queue, |
1063 | !session->waiting_for_startup); | 1016 | atomic_read(&session->state) > HIDP_SESSION_IDLING); |
1064 | } | ||
1065 | 1017 | ||
1066 | if (session->hid) | 1018 | return 0; |
1067 | err = hid_add_device(session->hid); | 1019 | } |
1068 | else | ||
1069 | err = input_register_device(session->input); | ||
1070 | 1020 | ||
1071 | if (err < 0) { | 1021 | /* |
1072 | atomic_inc(&session->terminate); | 1022 | * Terminate session thread |
1073 | wake_up_process(session->task); | 1023 | * Wake up session thread and notify it to stop. This is asynchronous and |
1074 | up_write(&hidp_session_sem); | 1024 | * returns immediately. Call this whenever a runtime error occurs and you want |
1075 | return err; | 1025 | * the session to stop. |
1076 | } | 1026 | * Note: wake_up_process() performs any necessary memory-barriers for us. |
1027 | */ | ||
1028 | static void hidp_session_terminate(struct hidp_session *session) | ||
1029 | { | ||
1030 | atomic_inc(&session->terminate); | ||
1031 | wake_up_process(session->task); | ||
1032 | } | ||
1077 | 1033 | ||
1078 | if (session->input) { | 1034 | /* |
1079 | hidp_send_ctrl_message(session, | 1035 | * Probe HIDP session |
1080 | HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); | 1036 | * This is called from the l2cap_conn core when our l2cap_user object is bound |
1081 | session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); | 1037 | * to the hci-connection. We get the session via the \user object and can now |
1038 | * start the session thread, register the HID/input devices and link it into | ||
1039 | * the global session list. | ||
1040 | * The global session-list owns its own reference to the session object so you | ||
1041 | * can drop your own reference after registering the l2cap_user object. | ||
1042 | */ | ||
1043 | static int hidp_session_probe(struct l2cap_conn *conn, | ||
1044 | struct l2cap_user *user) | ||
1045 | { | ||
1046 | struct hidp_session *session = container_of(user, | ||
1047 | struct hidp_session, | ||
1048 | user); | ||
1049 | struct hidp_session *s; | ||
1050 | int ret; | ||
1051 | |||
1052 | down_write(&hidp_session_sem); | ||
1082 | 1053 | ||
1083 | session->leds = 0xff; | 1054 | /* check that no other session for this device exists */ |
1084 | hidp_input_event(session->input, EV_LED, 0, 0); | 1055 | s = __hidp_session_find(&session->bdaddr); |
1056 | if (s) { | ||
1057 | ret = -EEXIST; | ||
1058 | goto out_unlock; | ||
1085 | } | 1059 | } |
1086 | 1060 | ||
1061 | ret = hidp_session_start_sync(session); | ||
1062 | if (ret) | ||
1063 | goto out_unlock; | ||
1064 | |||
1065 | ret = hidp_session_dev_add(session); | ||
1066 | if (ret) | ||
1067 | goto out_stop; | ||
1068 | |||
1069 | hidp_session_get(session); | ||
1070 | list_add(&session->list, &hidp_session_list); | ||
1071 | ret = 0; | ||
1072 | goto out_unlock; | ||
1073 | |||
1074 | out_stop: | ||
1075 | hidp_session_terminate(session); | ||
1076 | out_unlock: | ||
1087 | up_write(&hidp_session_sem); | 1077 | up_write(&hidp_session_sem); |
1088 | return 0; | 1078 | return ret; |
1079 | } | ||
1080 | |||
1081 | /* | ||
1082 | * Remove HIDP session | ||
1083 | * Called from the l2cap_conn core when either we explicitly unregistered | ||
1084 | * the l2cap_user object or if the underlying connection is shut down. | ||
1085 | * We signal the hidp-session thread to shut down, unregister the HID/input | ||
1086 | * devices and unlink the session from the global list. | ||
1087 | * This drops the reference to the session that is owned by the global | ||
1088 | * session-list. | ||
1089 | * Note: We _must_ not synchronosly wait for the session-thread to shut down. | ||
1090 | * This is, because the session-thread might be waiting for an HCI lock that is | ||
1091 | * held while we are called. Therefore, we only unregister the devices and | ||
1092 | * notify the session-thread to terminate. The thread itself owns a reference | ||
1093 | * to the session object so it can safely shut down. | ||
1094 | */ | ||
1095 | static void hidp_session_remove(struct l2cap_conn *conn, | ||
1096 | struct l2cap_user *user) | ||
1097 | { | ||
1098 | struct hidp_session *session = container_of(user, | ||
1099 | struct hidp_session, | ||
1100 | user); | ||
1101 | |||
1102 | down_write(&hidp_session_sem); | ||
1103 | |||
1104 | hidp_session_terminate(session); | ||
1105 | hidp_session_dev_del(session); | ||
1106 | list_del(&session->list); | ||
1107 | |||
1108 | up_write(&hidp_session_sem); | ||
1109 | |||
1110 | hidp_session_put(session); | ||
1111 | } | ||
1112 | |||
1113 | /* | ||
1114 | * Session Worker | ||
1115 | * This performs the actual main-loop of the HIDP worker. We first check | ||
1116 | * whether the underlying connection is still alive, then parse all pending | ||
1117 | * messages and finally send all outstanding messages. | ||
1118 | */ | ||
1119 | static void hidp_session_run(struct hidp_session *session) | ||
1120 | { | ||
1121 | struct sock *ctrl_sk = session->ctrl_sock->sk; | ||
1122 | struct sock *intr_sk = session->intr_sock->sk; | ||
1123 | struct sk_buff *skb; | ||
1124 | |||
1125 | for (;;) { | ||
1126 | /* | ||
1127 | * This thread can be woken up two ways: | ||
1128 | * - You call hidp_session_terminate() which sets the | ||
1129 | * session->terminate flag and wakes this thread up. | ||
1130 | * - Via modifying the socket state of ctrl/intr_sock. This | ||
1131 | * thread is woken up by ->sk_state_changed(). | ||
1132 | * | ||
1133 | * Note: set_current_state() performs any necessary | ||
1134 | * memory-barriers for us. | ||
1135 | */ | ||
1136 | set_current_state(TASK_INTERRUPTIBLE); | ||
1137 | |||
1138 | if (atomic_read(&session->terminate)) | ||
1139 | break; | ||
1140 | |||
1141 | if (ctrl_sk->sk_state != BT_CONNECTED || | ||
1142 | intr_sk->sk_state != BT_CONNECTED) | ||
1143 | break; | ||
1144 | |||
1145 | /* parse incoming intr-skbs */ | ||
1146 | while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { | ||
1147 | skb_orphan(skb); | ||
1148 | if (!skb_linearize(skb)) | ||
1149 | hidp_recv_intr_frame(session, skb); | ||
1150 | else | ||
1151 | kfree_skb(skb); | ||
1152 | } | ||
1153 | |||
1154 | /* send pending intr-skbs */ | ||
1155 | hidp_process_transmit(session, &session->intr_transmit, | ||
1156 | session->intr_sock); | ||
1089 | 1157 | ||
1090 | unlink: | 1158 | /* parse incoming ctrl-skbs */ |
1159 | while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { | ||
1160 | skb_orphan(skb); | ||
1161 | if (!skb_linearize(skb)) | ||
1162 | hidp_recv_ctrl_frame(session, skb); | ||
1163 | else | ||
1164 | kfree_skb(skb); | ||
1165 | } | ||
1166 | |||
1167 | /* send pending ctrl-skbs */ | ||
1168 | hidp_process_transmit(session, &session->ctrl_transmit, | ||
1169 | session->ctrl_sock); | ||
1170 | |||
1171 | schedule(); | ||
1172 | } | ||
1173 | |||
1174 | atomic_inc(&session->terminate); | ||
1175 | set_current_state(TASK_RUNNING); | ||
1176 | } | ||
1177 | |||
1178 | /* | ||
1179 | * HIDP session thread | ||
1180 | * This thread runs the I/O for a single HIDP session. Startup is synchronous | ||
1181 | * which allows us to take references to ourself here instead of doing that in | ||
1182 | * the caller. | ||
1183 | * When we are ready to run we notify the caller and call hidp_session_run(). | ||
1184 | */ | ||
1185 | static int hidp_session_thread(void *arg) | ||
1186 | { | ||
1187 | struct hidp_session *session = arg; | ||
1188 | wait_queue_t ctrl_wait, intr_wait; | ||
1189 | |||
1190 | BT_DBG("session %p", session); | ||
1191 | |||
1192 | /* initialize runtime environment */ | ||
1193 | hidp_session_get(session); | ||
1194 | __module_get(THIS_MODULE); | ||
1195 | set_user_nice(current, -15); | ||
1196 | hidp_set_timer(session); | ||
1197 | |||
1198 | init_waitqueue_entry(&ctrl_wait, current); | ||
1199 | init_waitqueue_entry(&intr_wait, current); | ||
1200 | add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait); | ||
1201 | add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); | ||
1202 | /* This memory barrier is paired with wq_has_sleeper(). See | ||
1203 | * sock_poll_wait() for more information why this is needed. */ | ||
1204 | smp_mb(); | ||
1205 | |||
1206 | /* notify synchronous startup that we're ready */ | ||
1207 | atomic_inc(&session->state); | ||
1208 | wake_up(&session->state_queue); | ||
1209 | |||
1210 | /* run session */ | ||
1211 | hidp_session_run(session); | ||
1212 | |||
1213 | /* cleanup runtime environment */ | ||
1214 | remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); | ||
1215 | remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait); | ||
1216 | wake_up_interruptible(&session->report_queue); | ||
1091 | hidp_del_timer(session); | 1217 | hidp_del_timer(session); |
1092 | 1218 | ||
1093 | if (session->input) { | 1219 | /* |
1094 | input_unregister_device(session->input); | 1220 | * If we stopped ourself due to any internal signal, we should try to |
1095 | session->input = NULL; | 1221 | * unregister our own session here to avoid having it linger until the |
1222 | * parent l2cap_conn dies or user-space cleans it up. | ||
1223 | * This does not deadlock as we don't do any synchronous shutdown. | ||
1224 | * Instead, this call has the same semantics as if user-space tried to | ||
1225 | * delete the session. | ||
1226 | */ | ||
1227 | l2cap_unregister_user(session->conn, &session->user); | ||
1228 | hidp_session_put(session); | ||
1229 | |||
1230 | module_put_and_exit(0); | ||
1231 | return 0; | ||
1232 | } | ||
1233 | |||
1234 | static int hidp_verify_sockets(struct socket *ctrl_sock, | ||
1235 | struct socket *intr_sock) | ||
1236 | { | ||
1237 | struct bt_sock *ctrl, *intr; | ||
1238 | struct hidp_session *session; | ||
1239 | |||
1240 | if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) | ||
1241 | return -EINVAL; | ||
1242 | |||
1243 | ctrl = bt_sk(ctrl_sock->sk); | ||
1244 | intr = bt_sk(intr_sock->sk); | ||
1245 | |||
1246 | if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst)) | ||
1247 | return -ENOTUNIQ; | ||
1248 | if (ctrl->sk.sk_state != BT_CONNECTED || | ||
1249 | intr->sk.sk_state != BT_CONNECTED) | ||
1250 | return -EBADFD; | ||
1251 | |||
1252 | /* early session check, we check again during session registration */ | ||
1253 | session = hidp_session_find(&ctrl->dst); | ||
1254 | if (session) { | ||
1255 | hidp_session_put(session); | ||
1256 | return -EEXIST; | ||
1096 | } | 1257 | } |
1097 | 1258 | ||
1098 | if (session->hid) { | 1259 | return 0; |
1099 | hid_destroy_device(session->hid); | 1260 | } |
1100 | session->hid = NULL; | 1261 | |
1262 | int hidp_connection_add(struct hidp_connadd_req *req, | ||
1263 | struct socket *ctrl_sock, | ||
1264 | struct socket *intr_sock) | ||
1265 | { | ||
1266 | struct hidp_session *session; | ||
1267 | struct l2cap_conn *conn; | ||
1268 | struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan; | ||
1269 | int ret; | ||
1270 | |||
1271 | ret = hidp_verify_sockets(ctrl_sock, intr_sock); | ||
1272 | if (ret) | ||
1273 | return ret; | ||
1274 | |||
1275 | conn = NULL; | ||
1276 | l2cap_chan_lock(chan); | ||
1277 | if (chan->conn) { | ||
1278 | l2cap_conn_get(chan->conn); | ||
1279 | conn = chan->conn; | ||
1101 | } | 1280 | } |
1281 | l2cap_chan_unlock(chan); | ||
1102 | 1282 | ||
1103 | kfree(session->rd_data); | 1283 | if (!conn) |
1104 | session->rd_data = NULL; | 1284 | return -EBADFD; |
1105 | 1285 | ||
1106 | purge: | 1286 | ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock, |
1107 | __hidp_unlink_session(session); | 1287 | intr_sock, req, conn); |
1288 | if (ret) | ||
1289 | goto out_conn; | ||
1108 | 1290 | ||
1109 | skb_queue_purge(&session->ctrl_transmit); | 1291 | ret = l2cap_register_user(conn, &session->user); |
1110 | skb_queue_purge(&session->intr_transmit); | 1292 | if (ret) |
1293 | goto out_session; | ||
1111 | 1294 | ||
1112 | failed: | 1295 | ret = 0; |
1113 | up_write(&hidp_session_sem); | ||
1114 | 1296 | ||
1115 | kfree(session); | 1297 | out_session: |
1116 | return err; | 1298 | hidp_session_put(session); |
1299 | out_conn: | ||
1300 | l2cap_conn_put(conn); | ||
1301 | return ret; | ||
1117 | } | 1302 | } |
1118 | 1303 | ||
1119 | int hidp_del_connection(struct hidp_conndel_req *req) | 1304 | int hidp_connection_del(struct hidp_conndel_req *req) |
1120 | { | 1305 | { |
1121 | struct hidp_session *session; | 1306 | struct hidp_session *session; |
1122 | int err = 0; | ||
1123 | 1307 | ||
1124 | BT_DBG(""); | 1308 | session = hidp_session_find(&req->bdaddr); |
1309 | if (!session) | ||
1310 | return -ENOENT; | ||
1125 | 1311 | ||
1126 | down_read(&hidp_session_sem); | 1312 | if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) |
1313 | hidp_send_ctrl_message(session, | ||
1314 | HIDP_TRANS_HID_CONTROL | | ||
1315 | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, | ||
1316 | NULL, 0); | ||
1317 | else | ||
1318 | l2cap_unregister_user(session->conn, &session->user); | ||
1127 | 1319 | ||
1128 | session = __hidp_get_session(&req->bdaddr); | 1320 | hidp_session_put(session); |
1129 | if (session) { | ||
1130 | if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { | ||
1131 | hidp_send_ctrl_message(session, | ||
1132 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); | ||
1133 | } else { | ||
1134 | /* Flush the transmit queues */ | ||
1135 | skb_queue_purge(&session->ctrl_transmit); | ||
1136 | skb_queue_purge(&session->intr_transmit); | ||
1137 | |||
1138 | atomic_inc(&session->terminate); | ||
1139 | wake_up_process(session->task); | ||
1140 | } | ||
1141 | } else | ||
1142 | err = -ENOENT; | ||
1143 | 1321 | ||
1144 | up_read(&hidp_session_sem); | 1322 | return 0; |
1145 | return err; | ||
1146 | } | 1323 | } |
1147 | 1324 | ||
1148 | int hidp_get_connlist(struct hidp_connlist_req *req) | 1325 | int hidp_get_connlist(struct hidp_connlist_req *req) |
@@ -1157,7 +1334,7 @@ int hidp_get_connlist(struct hidp_connlist_req *req) | |||
1157 | list_for_each_entry(session, &hidp_session_list, list) { | 1334 | list_for_each_entry(session, &hidp_session_list, list) { |
1158 | struct hidp_conninfo ci; | 1335 | struct hidp_conninfo ci; |
1159 | 1336 | ||
1160 | __hidp_copy_session(session, &ci); | 1337 | hidp_copy_session(session, &ci); |
1161 | 1338 | ||
1162 | if (copy_to_user(req->ci, &ci, sizeof(ci))) { | 1339 | if (copy_to_user(req->ci, &ci, sizeof(ci))) { |
1163 | err = -EFAULT; | 1340 | err = -EFAULT; |
@@ -1178,18 +1355,14 @@ int hidp_get_connlist(struct hidp_connlist_req *req) | |||
1178 | int hidp_get_conninfo(struct hidp_conninfo *ci) | 1355 | int hidp_get_conninfo(struct hidp_conninfo *ci) |
1179 | { | 1356 | { |
1180 | struct hidp_session *session; | 1357 | struct hidp_session *session; |
1181 | int err = 0; | ||
1182 | |||
1183 | down_read(&hidp_session_sem); | ||
1184 | 1358 | ||
1185 | session = __hidp_get_session(&ci->bdaddr); | 1359 | session = hidp_session_find(&ci->bdaddr); |
1186 | if (session) | 1360 | if (session) { |
1187 | __hidp_copy_session(session, ci); | 1361 | hidp_copy_session(session, ci); |
1188 | else | 1362 | hidp_session_put(session); |
1189 | err = -ENOENT; | 1363 | } |
1190 | 1364 | ||
1191 | up_read(&hidp_session_sem); | 1365 | return session ? 0 : -ENOENT; |
1192 | return err; | ||
1193 | } | 1366 | } |
1194 | 1367 | ||
1195 | static int __init hidp_init(void) | 1368 | static int __init hidp_init(void) |
@@ -1208,6 +1381,7 @@ module_init(hidp_init); | |||
1208 | module_exit(hidp_exit); | 1381 | module_exit(hidp_exit); |
1209 | 1382 | ||
1210 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); | 1383 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); |
1384 | MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>"); | ||
1211 | MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); | 1385 | MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); |
1212 | MODULE_VERSION(VERSION); | 1386 | MODULE_VERSION(VERSION); |
1213 | MODULE_LICENSE("GPL"); | 1387 | MODULE_LICENSE("GPL"); |
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h index af1bcc823f26..6162ce8606ac 100644 --- a/net/bluetooth/hidp/hidp.h +++ b/net/bluetooth/hidp/hidp.h | |||
@@ -24,7 +24,9 @@ | |||
24 | #define __HIDP_H | 24 | #define __HIDP_H |
25 | 25 | ||
26 | #include <linux/types.h> | 26 | #include <linux/types.h> |
27 | #include <linux/kref.h> | ||
27 | #include <net/bluetooth/bluetooth.h> | 28 | #include <net/bluetooth/bluetooth.h> |
29 | #include <net/bluetooth/l2cap.h> | ||
28 | 30 | ||
29 | /* HIDP header masks */ | 31 | /* HIDP header masks */ |
30 | #define HIDP_HEADER_TRANS_MASK 0xf0 | 32 | #define HIDP_HEADER_TRANS_MASK 0xf0 |
@@ -119,43 +121,52 @@ struct hidp_connlist_req { | |||
119 | struct hidp_conninfo __user *ci; | 121 | struct hidp_conninfo __user *ci; |
120 | }; | 122 | }; |
121 | 123 | ||
122 | int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock); | 124 | int hidp_connection_add(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock); |
123 | int hidp_del_connection(struct hidp_conndel_req *req); | 125 | int hidp_connection_del(struct hidp_conndel_req *req); |
124 | int hidp_get_connlist(struct hidp_connlist_req *req); | 126 | int hidp_get_connlist(struct hidp_connlist_req *req); |
125 | int hidp_get_conninfo(struct hidp_conninfo *ci); | 127 | int hidp_get_conninfo(struct hidp_conninfo *ci); |
126 | 128 | ||
129 | enum hidp_session_state { | ||
130 | HIDP_SESSION_IDLING, | ||
131 | HIDP_SESSION_RUNNING, | ||
132 | }; | ||
133 | |||
127 | /* HIDP session defines */ | 134 | /* HIDP session defines */ |
128 | struct hidp_session { | 135 | struct hidp_session { |
129 | struct list_head list; | 136 | struct list_head list; |
137 | struct kref ref; | ||
130 | 138 | ||
131 | struct hci_conn *conn; | 139 | /* runtime management */ |
140 | atomic_t state; | ||
141 | wait_queue_head_t state_queue; | ||
142 | atomic_t terminate; | ||
143 | struct task_struct *task; | ||
144 | unsigned long flags; | ||
132 | 145 | ||
146 | /* connection management */ | ||
147 | bdaddr_t bdaddr; | ||
148 | struct l2cap_conn *conn; | ||
149 | struct l2cap_user user; | ||
133 | struct socket *ctrl_sock; | 150 | struct socket *ctrl_sock; |
134 | struct socket *intr_sock; | 151 | struct socket *intr_sock; |
135 | 152 | struct sk_buff_head ctrl_transmit; | |
136 | bdaddr_t bdaddr; | 153 | struct sk_buff_head intr_transmit; |
137 | |||
138 | unsigned long state; | ||
139 | unsigned long flags; | ||
140 | unsigned long idle_to; | ||
141 | |||
142 | uint ctrl_mtu; | 154 | uint ctrl_mtu; |
143 | uint intr_mtu; | 155 | uint intr_mtu; |
156 | unsigned long idle_to; | ||
144 | 157 | ||
145 | atomic_t terminate; | 158 | /* device management */ |
146 | struct task_struct *task; | ||
147 | |||
148 | unsigned char keys[8]; | ||
149 | unsigned char leds; | ||
150 | |||
151 | struct input_dev *input; | 159 | struct input_dev *input; |
152 | |||
153 | struct hid_device *hid; | 160 | struct hid_device *hid; |
154 | |||
155 | struct timer_list timer; | 161 | struct timer_list timer; |
156 | 162 | ||
157 | struct sk_buff_head ctrl_transmit; | 163 | /* Report descriptor */ |
158 | struct sk_buff_head intr_transmit; | 164 | __u8 *rd_data; |
165 | uint rd_size; | ||
166 | |||
167 | /* session data */ | ||
168 | unsigned char keys[8]; | ||
169 | unsigned char leds; | ||
159 | 170 | ||
160 | /* Used in hidp_get_raw_report() */ | 171 | /* Used in hidp_get_raw_report() */ |
161 | int waiting_report_type; /* HIDP_DATA_RTYPE_* */ | 172 | int waiting_report_type; /* HIDP_DATA_RTYPE_* */ |
@@ -166,24 +177,8 @@ struct hidp_session { | |||
166 | 177 | ||
167 | /* Used in hidp_output_raw_report() */ | 178 | /* Used in hidp_output_raw_report() */ |
168 | int output_report_success; /* boolean */ | 179 | int output_report_success; /* boolean */ |
169 | |||
170 | /* Report descriptor */ | ||
171 | __u8 *rd_data; | ||
172 | uint rd_size; | ||
173 | |||
174 | wait_queue_head_t startup_queue; | ||
175 | int waiting_for_startup; | ||
176 | }; | 180 | }; |
177 | 181 | ||
178 | static inline void hidp_schedule(struct hidp_session *session) | ||
179 | { | ||
180 | struct sock *ctrl_sk = session->ctrl_sock->sk; | ||
181 | struct sock *intr_sk = session->intr_sock->sk; | ||
182 | |||
183 | wake_up_interruptible(sk_sleep(ctrl_sk)); | ||
184 | wake_up_interruptible(sk_sleep(intr_sk)); | ||
185 | } | ||
186 | |||
187 | /* HIDP init defines */ | 182 | /* HIDP init defines */ |
188 | extern int __init hidp_init_sockets(void); | 183 | extern int __init hidp_init_sockets(void); |
189 | extern void __exit hidp_cleanup_sockets(void); | 184 | extern void __exit hidp_cleanup_sockets(void); |
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c index 5d0f1ca0a314..2f4cbb0865ca 100644 --- a/net/bluetooth/hidp/sock.c +++ b/net/bluetooth/hidp/sock.c | |||
@@ -77,21 +77,12 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long | |||
77 | return err; | 77 | return err; |
78 | } | 78 | } |
79 | 79 | ||
80 | if (csock->sk->sk_state != BT_CONNECTED || | 80 | err = hidp_connection_add(&ca, csock, isock); |
81 | isock->sk->sk_state != BT_CONNECTED) { | 81 | if (!err && copy_to_user(argp, &ca, sizeof(ca))) |
82 | sockfd_put(csock); | 82 | err = -EFAULT; |
83 | sockfd_put(isock); | ||
84 | return -EBADFD; | ||
85 | } | ||
86 | 83 | ||
87 | err = hidp_add_connection(&ca, csock, isock); | 84 | sockfd_put(csock); |
88 | if (!err) { | 85 | sockfd_put(isock); |
89 | if (copy_to_user(argp, &ca, sizeof(ca))) | ||
90 | err = -EFAULT; | ||
91 | } else { | ||
92 | sockfd_put(csock); | ||
93 | sockfd_put(isock); | ||
94 | } | ||
95 | 86 | ||
96 | return err; | 87 | return err; |
97 | 88 | ||
@@ -102,7 +93,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long | |||
102 | if (copy_from_user(&cd, argp, sizeof(cd))) | 93 | if (copy_from_user(&cd, argp, sizeof(cd))) |
103 | return -EFAULT; | 94 | return -EFAULT; |
104 | 95 | ||
105 | return hidp_del_connection(&cd); | 96 | return hidp_connection_del(&cd); |
106 | 97 | ||
107 | case HIDPGETCONNLIST: | 98 | case HIDPGETCONNLIST: |
108 | if (copy_from_user(&cl, argp, sizeof(cl))) | 99 | if (copy_from_user(&cl, argp, sizeof(cl))) |
@@ -296,7 +287,6 @@ int __init hidp_init_sockets(void) | |||
296 | return 0; | 287 | return 0; |
297 | 288 | ||
298 | error: | 289 | error: |
299 | BT_ERR("Can't register HIDP socket"); | ||
300 | proto_unregister(&hidp_proto); | 290 | proto_unregister(&hidp_proto); |
301 | return err; | 291 | return err; |
302 | } | 292 | } |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 7c7e9321f1ea..eae1d9f90b68 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
@@ -571,7 +571,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
571 | chan->conn = NULL; | 571 | chan->conn = NULL; |
572 | 572 | ||
573 | if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) | 573 | if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) |
574 | hci_conn_put(conn->hcon); | 574 | hci_conn_drop(conn->hcon); |
575 | 575 | ||
576 | if (mgr && mgr->bredr_chan == chan) | 576 | if (mgr && mgr->bredr_chan == chan) |
577 | mgr->bredr_chan = NULL; | 577 | mgr->bredr_chan = NULL; |
@@ -1446,6 +1446,89 @@ static void l2cap_info_timeout(struct work_struct *work) | |||
1446 | l2cap_conn_start(conn); | 1446 | l2cap_conn_start(conn); |
1447 | } | 1447 | } |
1448 | 1448 | ||
1449 | /* | ||
1450 | * l2cap_user | ||
1451 | * External modules can register l2cap_user objects on l2cap_conn. The ->probe | ||
1452 | * callback is called during registration. The ->remove callback is called | ||
1453 | * during unregistration. | ||
1454 | * An l2cap_user object can either be explicitly unregistered or when the | ||
1455 | * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon, | ||
1456 | * l2cap->hchan, .. are valid as long as the remove callback hasn't been called. | ||
1457 | * External modules must own a reference to the l2cap_conn object if they intend | ||
1458 | * to call l2cap_unregister_user(). The l2cap_conn object might get destroyed at | ||
1459 | * any time if they don't. | ||
1460 | */ | ||
1461 | |||
1462 | int l2cap_register_user(struct l2cap_conn *conn, struct l2cap_user *user) | ||
1463 | { | ||
1464 | struct hci_dev *hdev = conn->hcon->hdev; | ||
1465 | int ret; | ||
1466 | |||
1467 | /* We need to check whether l2cap_conn is registered. If it is not, we | ||
1468 | * must not register the l2cap_user. l2cap_conn_del() is unregisters | ||
1469 | * l2cap_conn objects, but doesn't provide its own locking. Instead, it | ||
1470 | * relies on the parent hci_conn object to be locked. This itself relies | ||
1471 | * on the hci_dev object to be locked. So we must lock the hci device | ||
1472 | * here, too. */ | ||
1473 | |||
1474 | hci_dev_lock(hdev); | ||
1475 | |||
1476 | if (user->list.next || user->list.prev) { | ||
1477 | ret = -EINVAL; | ||
1478 | goto out_unlock; | ||
1479 | } | ||
1480 | |||
1481 | /* conn->hchan is NULL after l2cap_conn_del() was called */ | ||
1482 | if (!conn->hchan) { | ||
1483 | ret = -ENODEV; | ||
1484 | goto out_unlock; | ||
1485 | } | ||
1486 | |||
1487 | ret = user->probe(conn, user); | ||
1488 | if (ret) | ||
1489 | goto out_unlock; | ||
1490 | |||
1491 | list_add(&user->list, &conn->users); | ||
1492 | ret = 0; | ||
1493 | |||
1494 | out_unlock: | ||
1495 | hci_dev_unlock(hdev); | ||
1496 | return ret; | ||
1497 | } | ||
1498 | EXPORT_SYMBOL(l2cap_register_user); | ||
1499 | |||
1500 | void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user) | ||
1501 | { | ||
1502 | struct hci_dev *hdev = conn->hcon->hdev; | ||
1503 | |||
1504 | hci_dev_lock(hdev); | ||
1505 | |||
1506 | if (!user->list.next || !user->list.prev) | ||
1507 | goto out_unlock; | ||
1508 | |||
1509 | list_del(&user->list); | ||
1510 | user->list.next = NULL; | ||
1511 | user->list.prev = NULL; | ||
1512 | user->remove(conn, user); | ||
1513 | |||
1514 | out_unlock: | ||
1515 | hci_dev_unlock(hdev); | ||
1516 | } | ||
1517 | EXPORT_SYMBOL(l2cap_unregister_user); | ||
1518 | |||
1519 | static void l2cap_unregister_all_users(struct l2cap_conn *conn) | ||
1520 | { | ||
1521 | struct l2cap_user *user; | ||
1522 | |||
1523 | while (!list_empty(&conn->users)) { | ||
1524 | user = list_first_entry(&conn->users, struct l2cap_user, list); | ||
1525 | list_del(&user->list); | ||
1526 | user->list.next = NULL; | ||
1527 | user->list.prev = NULL; | ||
1528 | user->remove(conn, user); | ||
1529 | } | ||
1530 | } | ||
1531 | |||
1449 | static void l2cap_conn_del(struct hci_conn *hcon, int err) | 1532 | static void l2cap_conn_del(struct hci_conn *hcon, int err) |
1450 | { | 1533 | { |
1451 | struct l2cap_conn *conn = hcon->l2cap_data; | 1534 | struct l2cap_conn *conn = hcon->l2cap_data; |
@@ -1458,6 +1541,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) | |||
1458 | 1541 | ||
1459 | kfree_skb(conn->rx_skb); | 1542 | kfree_skb(conn->rx_skb); |
1460 | 1543 | ||
1544 | l2cap_unregister_all_users(conn); | ||
1545 | |||
1461 | mutex_lock(&conn->chan_lock); | 1546 | mutex_lock(&conn->chan_lock); |
1462 | 1547 | ||
1463 | /* Kill channels */ | 1548 | /* Kill channels */ |
@@ -1486,7 +1571,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) | |||
1486 | } | 1571 | } |
1487 | 1572 | ||
1488 | hcon->l2cap_data = NULL; | 1573 | hcon->l2cap_data = NULL; |
1489 | kfree(conn); | 1574 | conn->hchan = NULL; |
1575 | l2cap_conn_put(conn); | ||
1490 | } | 1576 | } |
1491 | 1577 | ||
1492 | static void security_timeout(struct work_struct *work) | 1578 | static void security_timeout(struct work_struct *work) |
@@ -1502,12 +1588,12 @@ static void security_timeout(struct work_struct *work) | |||
1502 | } | 1588 | } |
1503 | } | 1589 | } |
1504 | 1590 | ||
1505 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | 1591 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) |
1506 | { | 1592 | { |
1507 | struct l2cap_conn *conn = hcon->l2cap_data; | 1593 | struct l2cap_conn *conn = hcon->l2cap_data; |
1508 | struct hci_chan *hchan; | 1594 | struct hci_chan *hchan; |
1509 | 1595 | ||
1510 | if (conn || status) | 1596 | if (conn) |
1511 | return conn; | 1597 | return conn; |
1512 | 1598 | ||
1513 | hchan = hci_chan_create(hcon); | 1599 | hchan = hci_chan_create(hcon); |
@@ -1520,8 +1606,10 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
1520 | return NULL; | 1606 | return NULL; |
1521 | } | 1607 | } |
1522 | 1608 | ||
1609 | kref_init(&conn->ref); | ||
1523 | hcon->l2cap_data = conn; | 1610 | hcon->l2cap_data = conn; |
1524 | conn->hcon = hcon; | 1611 | conn->hcon = hcon; |
1612 | hci_conn_get(conn->hcon); | ||
1525 | conn->hchan = hchan; | 1613 | conn->hchan = hchan; |
1526 | 1614 | ||
1527 | BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); | 1615 | BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); |
@@ -1547,6 +1635,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
1547 | mutex_init(&conn->chan_lock); | 1635 | mutex_init(&conn->chan_lock); |
1548 | 1636 | ||
1549 | INIT_LIST_HEAD(&conn->chan_l); | 1637 | INIT_LIST_HEAD(&conn->chan_l); |
1638 | INIT_LIST_HEAD(&conn->users); | ||
1550 | 1639 | ||
1551 | if (hcon->type == LE_LINK) | 1640 | if (hcon->type == LE_LINK) |
1552 | INIT_DELAYED_WORK(&conn->security_timer, security_timeout); | 1641 | INIT_DELAYED_WORK(&conn->security_timer, security_timeout); |
@@ -1558,6 +1647,26 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
1558 | return conn; | 1647 | return conn; |
1559 | } | 1648 | } |
1560 | 1649 | ||
1650 | static void l2cap_conn_free(struct kref *ref) | ||
1651 | { | ||
1652 | struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref); | ||
1653 | |||
1654 | hci_conn_put(conn->hcon); | ||
1655 | kfree(conn); | ||
1656 | } | ||
1657 | |||
1658 | void l2cap_conn_get(struct l2cap_conn *conn) | ||
1659 | { | ||
1660 | kref_get(&conn->ref); | ||
1661 | } | ||
1662 | EXPORT_SYMBOL(l2cap_conn_get); | ||
1663 | |||
1664 | void l2cap_conn_put(struct l2cap_conn *conn) | ||
1665 | { | ||
1666 | kref_put(&conn->ref, l2cap_conn_free); | ||
1667 | } | ||
1668 | EXPORT_SYMBOL(l2cap_conn_put); | ||
1669 | |||
1561 | /* ---- Socket interface ---- */ | 1670 | /* ---- Socket interface ---- */ |
1562 | 1671 | ||
1563 | /* Find socket with psm and source / destination bdaddr. | 1672 | /* Find socket with psm and source / destination bdaddr. |
@@ -1695,9 +1804,9 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | |||
1695 | goto done; | 1804 | goto done; |
1696 | } | 1805 | } |
1697 | 1806 | ||
1698 | conn = l2cap_conn_add(hcon, 0); | 1807 | conn = l2cap_conn_add(hcon); |
1699 | if (!conn) { | 1808 | if (!conn) { |
1700 | hci_conn_put(hcon); | 1809 | hci_conn_drop(hcon); |
1701 | err = -ENOMEM; | 1810 | err = -ENOMEM; |
1702 | goto done; | 1811 | goto done; |
1703 | } | 1812 | } |
@@ -1707,7 +1816,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | |||
1707 | 1816 | ||
1708 | if (!list_empty(&conn->chan_l)) { | 1817 | if (!list_empty(&conn->chan_l)) { |
1709 | err = -EBUSY; | 1818 | err = -EBUSY; |
1710 | hci_conn_put(hcon); | 1819 | hci_conn_drop(hcon); |
1711 | } | 1820 | } |
1712 | 1821 | ||
1713 | if (err) | 1822 | if (err) |
@@ -6313,7 +6422,7 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status) | |||
6313 | BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); | 6422 | BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); |
6314 | 6423 | ||
6315 | if (!status) { | 6424 | if (!status) { |
6316 | conn = l2cap_conn_add(hcon, status); | 6425 | conn = l2cap_conn_add(hcon); |
6317 | if (conn) | 6426 | if (conn) |
6318 | l2cap_conn_ready(conn); | 6427 | l2cap_conn_ready(conn); |
6319 | } else { | 6428 | } else { |
@@ -6482,7 +6591,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) | |||
6482 | goto drop; | 6591 | goto drop; |
6483 | 6592 | ||
6484 | if (!conn) | 6593 | if (!conn) |
6485 | conn = l2cap_conn_add(hcon, 0); | 6594 | conn = l2cap_conn_add(hcon); |
6486 | 6595 | ||
6487 | if (!conn) | 6596 | if (!conn) |
6488 | goto drop; | 6597 | goto drop; |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 7f9704993b74..141e7b058b7e 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
@@ -43,6 +43,12 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent); | |||
43 | static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, | 43 | static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, |
44 | int proto, gfp_t prio); | 44 | int proto, gfp_t prio); |
45 | 45 | ||
46 | bool l2cap_is_socket(struct socket *sock) | ||
47 | { | ||
48 | return sock && sock->ops == &l2cap_sock_ops; | ||
49 | } | ||
50 | EXPORT_SYMBOL(l2cap_is_socket); | ||
51 | |||
46 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | 52 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) |
47 | { | 53 | { |
48 | struct sock *sk = sock->sk; | 54 | struct sock *sk = sock->sk; |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 03e7e732215f..4c830c62ef74 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -106,11 +106,10 @@ static const u16 mgmt_events[] = { | |||
106 | * These LE scan and inquiry parameters were chosen according to LE General | 106 | * These LE scan and inquiry parameters were chosen according to LE General |
107 | * Discovery Procedure specification. | 107 | * Discovery Procedure specification. |
108 | */ | 108 | */ |
109 | #define LE_SCAN_TYPE 0x01 | ||
110 | #define LE_SCAN_WIN 0x12 | 109 | #define LE_SCAN_WIN 0x12 |
111 | #define LE_SCAN_INT 0x12 | 110 | #define LE_SCAN_INT 0x12 |
112 | #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ | 111 | #define LE_SCAN_TIMEOUT_LE_ONLY msecs_to_jiffies(10240) |
113 | #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ | 112 | #define LE_SCAN_TIMEOUT_BREDR_LE msecs_to_jiffies(5120) |
114 | 113 | ||
115 | #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ | 114 | #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ |
116 | #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ | 115 | #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ |
@@ -2131,7 +2130,7 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status) | |||
2131 | conn->security_cfm_cb = NULL; | 2130 | conn->security_cfm_cb = NULL; |
2132 | conn->disconn_cfm_cb = NULL; | 2131 | conn->disconn_cfm_cb = NULL; |
2133 | 2132 | ||
2134 | hci_conn_put(conn); | 2133 | hci_conn_drop(conn); |
2135 | 2134 | ||
2136 | mgmt_pending_remove(cmd); | 2135 | mgmt_pending_remove(cmd); |
2137 | } | 2136 | } |
@@ -2222,7 +2221,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2222 | } | 2221 | } |
2223 | 2222 | ||
2224 | if (conn->connect_cfm_cb) { | 2223 | if (conn->connect_cfm_cb) { |
2225 | hci_conn_put(conn); | 2224 | hci_conn_drop(conn); |
2226 | err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, | 2225 | err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, |
2227 | MGMT_STATUS_BUSY, &rp, sizeof(rp)); | 2226 | MGMT_STATUS_BUSY, &rp, sizeof(rp)); |
2228 | goto unlock; | 2227 | goto unlock; |
@@ -2231,7 +2230,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2231 | cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); | 2230 | cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); |
2232 | if (!cmd) { | 2231 | if (!cmd) { |
2233 | err = -ENOMEM; | 2232 | err = -ENOMEM; |
2234 | hci_conn_put(conn); | 2233 | hci_conn_drop(conn); |
2235 | goto unlock; | 2234 | goto unlock; |
2236 | } | 2235 | } |
2237 | 2236 | ||
@@ -2703,7 +2702,7 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, | |||
2703 | goto failed; | 2702 | goto failed; |
2704 | } | 2703 | } |
2705 | 2704 | ||
2706 | err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, | 2705 | err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT, |
2707 | LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); | 2706 | LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); |
2708 | break; | 2707 | break; |
2709 | 2708 | ||
@@ -2715,8 +2714,8 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, | |||
2715 | goto failed; | 2714 | goto failed; |
2716 | } | 2715 | } |
2717 | 2716 | ||
2718 | err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN, | 2717 | err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT, |
2719 | LE_SCAN_TIMEOUT_BREDR_LE); | 2718 | LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE); |
2720 | break; | 2719 | break; |
2721 | 2720 | ||
2722 | default: | 2721 | default: |
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index d919d1161ab4..9e62102443dc 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c | |||
@@ -83,7 +83,7 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) | |||
83 | if (conn) | 83 | if (conn) |
84 | return conn; | 84 | return conn; |
85 | 85 | ||
86 | conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); | 86 | conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); |
87 | if (!conn) | 87 | if (!conn) |
88 | return NULL; | 88 | return NULL; |
89 | 89 | ||
@@ -185,7 +185,7 @@ static int sco_connect(struct sock *sk) | |||
185 | 185 | ||
186 | conn = sco_conn_add(hcon); | 186 | conn = sco_conn_add(hcon); |
187 | if (!conn) { | 187 | if (!conn) { |
188 | hci_conn_put(hcon); | 188 | hci_conn_drop(hcon); |
189 | err = -ENOMEM; | 189 | err = -ENOMEM; |
190 | goto done; | 190 | goto done; |
191 | } | 191 | } |
@@ -353,7 +353,7 @@ static void __sco_sock_close(struct sock *sk) | |||
353 | if (sco_pi(sk)->conn->hcon) { | 353 | if (sco_pi(sk)->conn->hcon) { |
354 | sk->sk_state = BT_DISCONN; | 354 | sk->sk_state = BT_DISCONN; |
355 | sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); | 355 | sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); |
356 | hci_conn_put(sco_pi(sk)->conn->hcon); | 356 | hci_conn_drop(sco_pi(sk)->conn->hcon); |
357 | sco_pi(sk)->conn->hcon = NULL; | 357 | sco_pi(sk)->conn->hcon = NULL; |
358 | } else | 358 | } else |
359 | sco_chan_del(sk, ECONNRESET); | 359 | sco_chan_del(sk, ECONNRESET); |
@@ -481,8 +481,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen | |||
481 | { | 481 | { |
482 | struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; | 482 | struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; |
483 | struct sock *sk = sock->sk; | 483 | struct sock *sk = sock->sk; |
484 | int err = 0; | 484 | int err; |
485 | |||
486 | 485 | ||
487 | BT_DBG("sk %p", sk); | 486 | BT_DBG("sk %p", sk); |
488 | 487 | ||
@@ -653,6 +652,42 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
653 | return err; | 652 | return err; |
654 | } | 653 | } |
655 | 654 | ||
655 | static void sco_conn_defer_accept(struct hci_conn *conn, int mask) | ||
656 | { | ||
657 | struct hci_dev *hdev = conn->hdev; | ||
658 | |||
659 | BT_DBG("conn %p", conn); | ||
660 | |||
661 | conn->state = BT_CONFIG; | ||
662 | |||
663 | if (!lmp_esco_capable(hdev)) { | ||
664 | struct hci_cp_accept_conn_req cp; | ||
665 | |||
666 | bacpy(&cp.bdaddr, &conn->dst); | ||
667 | |||
668 | if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) | ||
669 | cp.role = 0x00; /* Become master */ | ||
670 | else | ||
671 | cp.role = 0x01; /* Remain slave */ | ||
672 | |||
673 | hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); | ||
674 | } else { | ||
675 | struct hci_cp_accept_sync_conn_req cp; | ||
676 | |||
677 | bacpy(&cp.bdaddr, &conn->dst); | ||
678 | cp.pkt_type = cpu_to_le16(conn->pkt_type); | ||
679 | |||
680 | cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
681 | cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); | ||
682 | cp.max_latency = __constant_cpu_to_le16(0xffff); | ||
683 | cp.content_format = cpu_to_le16(hdev->voice_setting); | ||
684 | cp.retrans_effort = 0xff; | ||
685 | |||
686 | hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, | ||
687 | sizeof(cp), &cp); | ||
688 | } | ||
689 | } | ||
690 | |||
656 | static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | 691 | static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, |
657 | struct msghdr *msg, size_t len, int flags) | 692 | struct msghdr *msg, size_t len, int flags) |
658 | { | 693 | { |
@@ -663,7 +698,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
663 | 698 | ||
664 | if (sk->sk_state == BT_CONNECT2 && | 699 | if (sk->sk_state == BT_CONNECT2 && |
665 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { | 700 | test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { |
666 | hci_conn_accept(pi->conn->hcon, 0); | 701 | sco_conn_defer_accept(pi->conn->hcon, 0); |
667 | sk->sk_state = BT_CONFIG; | 702 | sk->sk_state = BT_CONFIG; |
668 | 703 | ||
669 | release_sock(sk); | 704 | release_sock(sk); |
@@ -882,7 +917,7 @@ static void sco_chan_del(struct sock *sk, int err) | |||
882 | sco_conn_unlock(conn); | 917 | sco_conn_unlock(conn); |
883 | 918 | ||
884 | if (conn->hcon) | 919 | if (conn->hcon) |
885 | hci_conn_put(conn->hcon); | 920 | hci_conn_drop(conn->hcon); |
886 | } | 921 | } |
887 | 922 | ||
888 | sk->sk_state = BT_CLOSED; | 923 | sk->sk_state = BT_CLOSED; |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 5abefb12891d..b2296d3857a0 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
@@ -522,7 +522,7 @@ void smp_chan_destroy(struct l2cap_conn *conn) | |||
522 | kfree(smp); | 522 | kfree(smp); |
523 | conn->smp_chan = NULL; | 523 | conn->smp_chan = NULL; |
524 | conn->hcon->smp_conn = NULL; | 524 | conn->hcon->smp_conn = NULL; |
525 | hci_conn_put(conn->hcon); | 525 | hci_conn_drop(conn->hcon); |
526 | } | 526 | } |
527 | 527 | ||
528 | int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) | 528 | int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) |
diff --git a/net/nfc/core.c b/net/nfc/core.c index 6ceee8e181ca..40d2527693da 100644 --- a/net/nfc/core.c +++ b/net/nfc/core.c | |||
@@ -27,6 +27,7 @@ | |||
27 | #include <linux/kernel.h> | 27 | #include <linux/kernel.h> |
28 | #include <linux/module.h> | 28 | #include <linux/module.h> |
29 | #include <linux/slab.h> | 29 | #include <linux/slab.h> |
30 | #include <linux/rfkill.h> | ||
30 | #include <linux/nfc.h> | 31 | #include <linux/nfc.h> |
31 | 32 | ||
32 | #include <net/genetlink.h> | 33 | #include <net/genetlink.h> |
@@ -58,6 +59,11 @@ int nfc_dev_up(struct nfc_dev *dev) | |||
58 | 59 | ||
59 | device_lock(&dev->dev); | 60 | device_lock(&dev->dev); |
60 | 61 | ||
62 | if (dev->rfkill && rfkill_blocked(dev->rfkill)) { | ||
63 | rc = -ERFKILL; | ||
64 | goto error; | ||
65 | } | ||
66 | |||
61 | if (!device_is_registered(&dev->dev)) { | 67 | if (!device_is_registered(&dev->dev)) { |
62 | rc = -ENODEV; | 68 | rc = -ENODEV; |
63 | goto error; | 69 | goto error; |
@@ -117,6 +123,24 @@ error: | |||
117 | return rc; | 123 | return rc; |
118 | } | 124 | } |
119 | 125 | ||
126 | static int nfc_rfkill_set_block(void *data, bool blocked) | ||
127 | { | ||
128 | struct nfc_dev *dev = data; | ||
129 | |||
130 | pr_debug("%s blocked %d", dev_name(&dev->dev), blocked); | ||
131 | |||
132 | if (!blocked) | ||
133 | return 0; | ||
134 | |||
135 | nfc_dev_down(dev); | ||
136 | |||
137 | return 0; | ||
138 | } | ||
139 | |||
140 | static const struct rfkill_ops nfc_rfkill_ops = { | ||
141 | .set_block = nfc_rfkill_set_block, | ||
142 | }; | ||
143 | |||
120 | /** | 144 | /** |
121 | * nfc_start_poll - start polling for nfc targets | 145 | * nfc_start_poll - start polling for nfc targets |
122 | * | 146 | * |
@@ -143,6 +167,11 @@ int nfc_start_poll(struct nfc_dev *dev, u32 im_protocols, u32 tm_protocols) | |||
143 | goto error; | 167 | goto error; |
144 | } | 168 | } |
145 | 169 | ||
170 | if (!dev->dev_up) { | ||
171 | rc = -ENODEV; | ||
172 | goto error; | ||
173 | } | ||
174 | |||
146 | if (dev->polling) { | 175 | if (dev->polling) { |
147 | rc = -EBUSY; | 176 | rc = -EBUSY; |
148 | goto error; | 177 | goto error; |
@@ -835,6 +864,15 @@ int nfc_register_device(struct nfc_dev *dev) | |||
835 | pr_debug("The userspace won't be notified that the device %s was added\n", | 864 | pr_debug("The userspace won't be notified that the device %s was added\n", |
836 | dev_name(&dev->dev)); | 865 | dev_name(&dev->dev)); |
837 | 866 | ||
867 | dev->rfkill = rfkill_alloc(dev_name(&dev->dev), &dev->dev, | ||
868 | RFKILL_TYPE_NFC, &nfc_rfkill_ops, dev); | ||
869 | if (dev->rfkill) { | ||
870 | if (rfkill_register(dev->rfkill) < 0) { | ||
871 | rfkill_destroy(dev->rfkill); | ||
872 | dev->rfkill = NULL; | ||
873 | } | ||
874 | } | ||
875 | |||
838 | return 0; | 876 | return 0; |
839 | } | 877 | } |
840 | EXPORT_SYMBOL(nfc_register_device); | 878 | EXPORT_SYMBOL(nfc_register_device); |
@@ -852,6 +890,11 @@ void nfc_unregister_device(struct nfc_dev *dev) | |||
852 | 890 | ||
853 | id = dev->idx; | 891 | id = dev->idx; |
854 | 892 | ||
893 | if (dev->rfkill) { | ||
894 | rfkill_unregister(dev->rfkill); | ||
895 | rfkill_destroy(dev->rfkill); | ||
896 | } | ||
897 | |||
855 | if (dev->ops->check_presence) { | 898 | if (dev->ops->check_presence) { |
856 | device_lock(&dev->dev); | 899 | device_lock(&dev->dev); |
857 | dev->shutting_down = true; | 900 | dev->shutting_down = true; |
diff --git a/net/nfc/llcp/commands.c b/net/nfc/llcp/commands.c index b75a9b3f9e89..094f7e27e910 100644 --- a/net/nfc/llcp/commands.c +++ b/net/nfc/llcp/commands.c | |||
@@ -420,7 +420,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock) | |||
420 | } | 420 | } |
421 | 421 | ||
422 | /* If the socket parameters are not set, use the local ones */ | 422 | /* If the socket parameters are not set, use the local ones */ |
423 | miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; | 423 | miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ? |
424 | local->miux : sock->miux; | ||
424 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; | 425 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; |
425 | 426 | ||
426 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, | 427 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, |
@@ -475,7 +476,8 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock) | |||
475 | return -ENODEV; | 476 | return -ENODEV; |
476 | 477 | ||
477 | /* If the socket parameters are not set, use the local ones */ | 478 | /* If the socket parameters are not set, use the local ones */ |
478 | miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; | 479 | miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ? |
480 | local->miux : sock->miux; | ||
479 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; | 481 | rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; |
480 | 482 | ||
481 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, | 483 | miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, |
@@ -656,6 +658,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
656 | struct nfc_llcp_local *local; | 658 | struct nfc_llcp_local *local; |
657 | size_t frag_len = 0, remaining_len; | 659 | size_t frag_len = 0, remaining_len; |
658 | u8 *msg_data, *msg_ptr; | 660 | u8 *msg_data, *msg_ptr; |
661 | u16 remote_miu; | ||
659 | 662 | ||
660 | pr_debug("Send I frame len %zd\n", len); | 663 | pr_debug("Send I frame len %zd\n", len); |
661 | 664 | ||
@@ -692,9 +695,11 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
692 | remaining_len = len; | 695 | remaining_len = len; |
693 | msg_ptr = msg_data; | 696 | msg_ptr = msg_data; |
694 | 697 | ||
695 | while (remaining_len > 0) { | 698 | do { |
699 | remote_miu = sock->remote_miu > LLCP_MAX_MIU ? | ||
700 | local->remote_miu : sock->remote_miu; | ||
696 | 701 | ||
697 | frag_len = min_t(size_t, sock->remote_miu, remaining_len); | 702 | frag_len = min_t(size_t, remote_miu, remaining_len); |
698 | 703 | ||
699 | pr_debug("Fragment %zd bytes remaining %zd", | 704 | pr_debug("Fragment %zd bytes remaining %zd", |
700 | frag_len, remaining_len); | 705 | frag_len, remaining_len); |
@@ -706,7 +711,8 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
706 | 711 | ||
707 | skb_put(pdu, LLCP_SEQUENCE_SIZE); | 712 | skb_put(pdu, LLCP_SEQUENCE_SIZE); |
708 | 713 | ||
709 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | 714 | if (likely(frag_len > 0)) |
715 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | ||
710 | 716 | ||
711 | skb_queue_tail(&sock->tx_queue, pdu); | 717 | skb_queue_tail(&sock->tx_queue, pdu); |
712 | 718 | ||
@@ -718,7 +724,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, | |||
718 | 724 | ||
719 | remaining_len -= frag_len; | 725 | remaining_len -= frag_len; |
720 | msg_ptr += frag_len; | 726 | msg_ptr += frag_len; |
721 | } | 727 | } while (remaining_len > 0); |
722 | 728 | ||
723 | kfree(msg_data); | 729 | kfree(msg_data); |
724 | 730 | ||
@@ -732,6 +738,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |||
732 | struct nfc_llcp_local *local; | 738 | struct nfc_llcp_local *local; |
733 | size_t frag_len = 0, remaining_len; | 739 | size_t frag_len = 0, remaining_len; |
734 | u8 *msg_ptr, *msg_data; | 740 | u8 *msg_ptr, *msg_data; |
741 | u16 remote_miu; | ||
735 | int err; | 742 | int err; |
736 | 743 | ||
737 | pr_debug("Send UI frame len %zd\n", len); | 744 | pr_debug("Send UI frame len %zd\n", len); |
@@ -752,9 +759,11 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |||
752 | remaining_len = len; | 759 | remaining_len = len; |
753 | msg_ptr = msg_data; | 760 | msg_ptr = msg_data; |
754 | 761 | ||
755 | while (remaining_len > 0) { | 762 | do { |
763 | remote_miu = sock->remote_miu > LLCP_MAX_MIU ? | ||
764 | local->remote_miu : sock->remote_miu; | ||
756 | 765 | ||
757 | frag_len = min_t(size_t, sock->remote_miu, remaining_len); | 766 | frag_len = min_t(size_t, remote_miu, remaining_len); |
758 | 767 | ||
759 | pr_debug("Fragment %zd bytes remaining %zd", | 768 | pr_debug("Fragment %zd bytes remaining %zd", |
760 | frag_len, remaining_len); | 769 | frag_len, remaining_len); |
@@ -768,14 +777,15 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |||
768 | 777 | ||
769 | pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); | 778 | pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); |
770 | 779 | ||
771 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | 780 | if (likely(frag_len > 0)) |
781 | memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); | ||
772 | 782 | ||
773 | /* No need to check for the peer RW for UI frames */ | 783 | /* No need to check for the peer RW for UI frames */ |
774 | skb_queue_tail(&local->tx_queue, pdu); | 784 | skb_queue_tail(&local->tx_queue, pdu); |
775 | 785 | ||
776 | remaining_len -= frag_len; | 786 | remaining_len -= frag_len; |
777 | msg_ptr += frag_len; | 787 | msg_ptr += frag_len; |
778 | } | 788 | } while (remaining_len > 0); |
779 | 789 | ||
780 | kfree(msg_data); | 790 | kfree(msg_data); |
781 | 791 | ||
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c index 7de0368aff0c..9e483c8e52f8 100644 --- a/net/nfc/llcp/llcp.c +++ b/net/nfc/llcp/llcp.c | |||
@@ -31,6 +31,8 @@ static u8 llcp_magic[3] = {0x46, 0x66, 0x6d}; | |||
31 | 31 | ||
32 | static struct list_head llcp_devices; | 32 | static struct list_head llcp_devices; |
33 | 33 | ||
34 | static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb); | ||
35 | |||
34 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) | 36 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) |
35 | { | 37 | { |
36 | write_lock(&l->lock); | 38 | write_lock(&l->lock); |
@@ -45,6 +47,12 @@ void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk) | |||
45 | write_unlock(&l->lock); | 47 | write_unlock(&l->lock); |
46 | } | 48 | } |
47 | 49 | ||
50 | void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock) | ||
51 | { | ||
52 | sock->remote_rw = LLCP_DEFAULT_RW; | ||
53 | sock->remote_miu = LLCP_MAX_MIU + 1; | ||
54 | } | ||
55 | |||
48 | static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) | 56 | static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) |
49 | { | 57 | { |
50 | struct nfc_llcp_local *local = sock->local; | 58 | struct nfc_llcp_local *local = sock->local; |
@@ -68,7 +76,7 @@ static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) | |||
68 | } | 76 | } |
69 | } | 77 | } |
70 | 78 | ||
71 | static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | 79 | static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, |
72 | int err) | 80 | int err) |
73 | { | 81 | { |
74 | struct sock *sk; | 82 | struct sock *sk; |
@@ -108,21 +116,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
108 | 116 | ||
109 | bh_unlock_sock(accept_sk); | 117 | bh_unlock_sock(accept_sk); |
110 | } | 118 | } |
111 | |||
112 | if (listen == true) { | ||
113 | bh_unlock_sock(sk); | ||
114 | continue; | ||
115 | } | ||
116 | } | ||
117 | |||
118 | /* | ||
119 | * If we have a connection less socket bound, we keep it alive | ||
120 | * if the device is still present. | ||
121 | */ | ||
122 | if (sk->sk_state == LLCP_BOUND && sk->sk_type == SOCK_DGRAM && | ||
123 | listen == true) { | ||
124 | bh_unlock_sock(sk); | ||
125 | continue; | ||
126 | } | 119 | } |
127 | 120 | ||
128 | if (err) | 121 | if (err) |
@@ -137,11 +130,8 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, | |||
137 | 130 | ||
138 | write_unlock(&local->sockets.lock); | 131 | write_unlock(&local->sockets.lock); |
139 | 132 | ||
140 | /* | 133 | /* If we still have a device, we keep the RAW sockets alive */ |
141 | * If we want to keep the listening sockets alive, | 134 | if (device == true) |
142 | * we don't touch the RAW ones. | ||
143 | */ | ||
144 | if (listen == true) | ||
145 | return; | 135 | return; |
146 | 136 | ||
147 | write_lock(&local->raw_sockets.lock); | 137 | write_lock(&local->raw_sockets.lock); |
@@ -173,9 +163,9 @@ struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local) | |||
173 | return local; | 163 | return local; |
174 | } | 164 | } |
175 | 165 | ||
176 | static void local_cleanup(struct nfc_llcp_local *local, bool listen) | 166 | static void local_cleanup(struct nfc_llcp_local *local) |
177 | { | 167 | { |
178 | nfc_llcp_socket_release(local, listen, ENXIO); | 168 | nfc_llcp_socket_release(local, false, ENXIO); |
179 | del_timer_sync(&local->link_timer); | 169 | del_timer_sync(&local->link_timer); |
180 | skb_queue_purge(&local->tx_queue); | 170 | skb_queue_purge(&local->tx_queue); |
181 | cancel_work_sync(&local->tx_work); | 171 | cancel_work_sync(&local->tx_work); |
@@ -194,7 +184,7 @@ static void local_release(struct kref *ref) | |||
194 | local = container_of(ref, struct nfc_llcp_local, ref); | 184 | local = container_of(ref, struct nfc_llcp_local, ref); |
195 | 185 | ||
196 | list_del(&local->list); | 186 | list_del(&local->list); |
197 | local_cleanup(local, false); | 187 | local_cleanup(local); |
198 | kfree(local); | 188 | kfree(local); |
199 | } | 189 | } |
200 | 190 | ||
@@ -1116,6 +1106,12 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local *local, | |||
1116 | dsap = nfc_llcp_dsap(skb); | 1106 | dsap = nfc_llcp_dsap(skb); |
1117 | ssap = nfc_llcp_ssap(skb); | 1107 | ssap = nfc_llcp_ssap(skb); |
1118 | 1108 | ||
1109 | if ((dsap == 0) && (ssap == 0)) { | ||
1110 | pr_debug("Connection termination"); | ||
1111 | nfc_dep_link_down(local->dev); | ||
1112 | return; | ||
1113 | } | ||
1114 | |||
1119 | llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); | 1115 | llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); |
1120 | if (llcp_sock == NULL) { | 1116 | if (llcp_sock == NULL) { |
1121 | nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); | 1117 | nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); |
@@ -1349,19 +1345,54 @@ exit: | |||
1349 | nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); | 1345 | nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); |
1350 | } | 1346 | } |
1351 | 1347 | ||
1352 | static void nfc_llcp_rx_work(struct work_struct *work) | 1348 | static void nfc_llcp_recv_agf(struct nfc_llcp_local *local, struct sk_buff *skb) |
1353 | { | 1349 | { |
1354 | struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, | 1350 | u8 ptype; |
1355 | rx_work); | 1351 | u16 pdu_len; |
1356 | u8 dsap, ssap, ptype; | 1352 | struct sk_buff *new_skb; |
1357 | struct sk_buff *skb; | ||
1358 | 1353 | ||
1359 | skb = local->rx_pending; | 1354 | if (skb->len <= LLCP_HEADER_SIZE) { |
1360 | if (skb == NULL) { | 1355 | pr_err("Malformed AGF PDU\n"); |
1361 | pr_debug("No pending SKB\n"); | ||
1362 | return; | 1356 | return; |
1363 | } | 1357 | } |
1364 | 1358 | ||
1359 | skb_pull(skb, LLCP_HEADER_SIZE); | ||
1360 | |||
1361 | while (skb->len > LLCP_AGF_PDU_HEADER_SIZE) { | ||
1362 | pdu_len = skb->data[0] << 8 | skb->data[1]; | ||
1363 | |||
1364 | skb_pull(skb, LLCP_AGF_PDU_HEADER_SIZE); | ||
1365 | |||
1366 | if (pdu_len < LLCP_HEADER_SIZE || pdu_len > skb->len) { | ||
1367 | pr_err("Malformed AGF PDU\n"); | ||
1368 | return; | ||
1369 | } | ||
1370 | |||
1371 | ptype = nfc_llcp_ptype(skb); | ||
1372 | |||
1373 | if (ptype == LLCP_PDU_SYMM || ptype == LLCP_PDU_AGF) | ||
1374 | goto next; | ||
1375 | |||
1376 | new_skb = nfc_alloc_recv_skb(pdu_len, GFP_KERNEL); | ||
1377 | if (new_skb == NULL) { | ||
1378 | pr_err("Could not allocate PDU\n"); | ||
1379 | return; | ||
1380 | } | ||
1381 | |||
1382 | memcpy(skb_put(new_skb, pdu_len), skb->data, pdu_len); | ||
1383 | |||
1384 | nfc_llcp_rx_skb(local, new_skb); | ||
1385 | |||
1386 | kfree_skb(new_skb); | ||
1387 | next: | ||
1388 | skb_pull(skb, pdu_len); | ||
1389 | } | ||
1390 | } | ||
1391 | |||
1392 | static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb) | ||
1393 | { | ||
1394 | u8 dsap, ssap, ptype; | ||
1395 | |||
1365 | ptype = nfc_llcp_ptype(skb); | 1396 | ptype = nfc_llcp_ptype(skb); |
1366 | dsap = nfc_llcp_dsap(skb); | 1397 | dsap = nfc_llcp_dsap(skb); |
1367 | ssap = nfc_llcp_ssap(skb); | 1398 | ssap = nfc_llcp_ssap(skb); |
@@ -1372,10 +1403,6 @@ static void nfc_llcp_rx_work(struct work_struct *work) | |||
1372 | print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET, | 1403 | print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET, |
1373 | 16, 1, skb->data, skb->len, true); | 1404 | 16, 1, skb->data, skb->len, true); |
1374 | 1405 | ||
1375 | __net_timestamp(skb); | ||
1376 | |||
1377 | nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX); | ||
1378 | |||
1379 | switch (ptype) { | 1406 | switch (ptype) { |
1380 | case LLCP_PDU_SYMM: | 1407 | case LLCP_PDU_SYMM: |
1381 | pr_debug("SYMM\n"); | 1408 | pr_debug("SYMM\n"); |
@@ -1418,7 +1445,30 @@ static void nfc_llcp_rx_work(struct work_struct *work) | |||
1418 | nfc_llcp_recv_hdlc(local, skb); | 1445 | nfc_llcp_recv_hdlc(local, skb); |
1419 | break; | 1446 | break; |
1420 | 1447 | ||
1448 | case LLCP_PDU_AGF: | ||
1449 | pr_debug("AGF frame\n"); | ||
1450 | nfc_llcp_recv_agf(local, skb); | ||
1451 | break; | ||
1421 | } | 1452 | } |
1453 | } | ||
1454 | |||
1455 | static void nfc_llcp_rx_work(struct work_struct *work) | ||
1456 | { | ||
1457 | struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, | ||
1458 | rx_work); | ||
1459 | struct sk_buff *skb; | ||
1460 | |||
1461 | skb = local->rx_pending; | ||
1462 | if (skb == NULL) { | ||
1463 | pr_debug("No pending SKB\n"); | ||
1464 | return; | ||
1465 | } | ||
1466 | |||
1467 | __net_timestamp(skb); | ||
1468 | |||
1469 | nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX); | ||
1470 | |||
1471 | nfc_llcp_rx_skb(local, skb); | ||
1422 | 1472 | ||
1423 | schedule_work(&local->tx_work); | 1473 | schedule_work(&local->tx_work); |
1424 | kfree_skb(local->rx_pending); | 1474 | kfree_skb(local->rx_pending); |
@@ -1466,6 +1516,9 @@ void nfc_llcp_mac_is_down(struct nfc_dev *dev) | |||
1466 | if (local == NULL) | 1516 | if (local == NULL) |
1467 | return; | 1517 | return; |
1468 | 1518 | ||
1519 | local->remote_miu = LLCP_DEFAULT_MIU; | ||
1520 | local->remote_lto = LLCP_DEFAULT_LTO; | ||
1521 | |||
1469 | /* Close and purge all existing sockets */ | 1522 | /* Close and purge all existing sockets */ |
1470 | nfc_llcp_socket_release(local, true, 0); | 1523 | nfc_llcp_socket_release(local, true, 0); |
1471 | } | 1524 | } |
@@ -1553,7 +1606,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev) | |||
1553 | return; | 1606 | return; |
1554 | } | 1607 | } |
1555 | 1608 | ||
1556 | local_cleanup(local, false); | 1609 | local_cleanup(local); |
1557 | 1610 | ||
1558 | nfc_llcp_local_put(local); | 1611 | nfc_llcp_local_put(local); |
1559 | } | 1612 | } |
diff --git a/net/nfc/llcp/llcp.h b/net/nfc/llcp/llcp.h index 7e87a66b02ec..ff8c434f7df8 100644 --- a/net/nfc/llcp/llcp.h +++ b/net/nfc/llcp/llcp.h | |||
@@ -31,6 +31,7 @@ enum llcp_state { | |||
31 | #define LLCP_MAX_LTO 0xff | 31 | #define LLCP_MAX_LTO 0xff |
32 | #define LLCP_MAX_RW 15 | 32 | #define LLCP_MAX_RW 15 |
33 | #define LLCP_MAX_MIUX 0x7ff | 33 | #define LLCP_MAX_MIUX 0x7ff |
34 | #define LLCP_MAX_MIU (LLCP_MAX_MIUX + 128) | ||
34 | 35 | ||
35 | #define LLCP_WKS_NUM_SAP 16 | 36 | #define LLCP_WKS_NUM_SAP 16 |
36 | #define LLCP_SDP_NUM_SAP 16 | 37 | #define LLCP_SDP_NUM_SAP 16 |
@@ -124,7 +125,7 @@ struct nfc_llcp_sock { | |||
124 | char *service_name; | 125 | char *service_name; |
125 | size_t service_name_len; | 126 | size_t service_name_len; |
126 | u8 rw; | 127 | u8 rw; |
127 | u16 miux; | 128 | __be16 miux; |
128 | 129 | ||
129 | 130 | ||
130 | /* Remote link parameters */ | 131 | /* Remote link parameters */ |
@@ -162,6 +163,7 @@ struct nfc_llcp_ui_cb { | |||
162 | 163 | ||
163 | #define LLCP_HEADER_SIZE 2 | 164 | #define LLCP_HEADER_SIZE 2 |
164 | #define LLCP_SEQUENCE_SIZE 1 | 165 | #define LLCP_SEQUENCE_SIZE 1 |
166 | #define LLCP_AGF_PDU_HEADER_SIZE 2 | ||
165 | 167 | ||
166 | /* LLCP versions: 1.1 is 1.0 plus SDP */ | 168 | /* LLCP versions: 1.1 is 1.0 plus SDP */ |
167 | #define LLCP_VERSION_10 0x10 | 169 | #define LLCP_VERSION_10 0x10 |
@@ -210,6 +212,7 @@ struct nfc_llcp_ui_cb { | |||
210 | 212 | ||
211 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s); | 213 | void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s); |
212 | void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s); | 214 | void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s); |
215 | void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock); | ||
213 | struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev); | 216 | struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev); |
214 | struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local); | 217 | struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local); |
215 | int nfc_llcp_local_put(struct nfc_llcp_local *local); | 218 | int nfc_llcp_local_put(struct nfc_llcp_local *local); |
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 6fa76704cb13..fd01ac6e0bf4 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c | |||
@@ -279,7 +279,7 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname, | |||
279 | break; | 279 | break; |
280 | } | 280 | } |
281 | 281 | ||
282 | llcp_sock->miux = (u16) opt; | 282 | llcp_sock->miux = cpu_to_be16((u16) opt); |
283 | 283 | ||
284 | break; | 284 | break; |
285 | 285 | ||
@@ -299,9 +299,12 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname, | |||
299 | static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, | 299 | static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, |
300 | char __user *optval, int __user *optlen) | 300 | char __user *optval, int __user *optlen) |
301 | { | 301 | { |
302 | struct nfc_llcp_local *local; | ||
302 | struct sock *sk = sock->sk; | 303 | struct sock *sk = sock->sk; |
303 | struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); | 304 | struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); |
304 | int len, err = 0; | 305 | int len, err = 0; |
306 | u16 miux, remote_miu; | ||
307 | u8 rw; | ||
305 | 308 | ||
306 | pr_debug("%p optname %d\n", sk, optname); | 309 | pr_debug("%p optname %d\n", sk, optname); |
307 | 310 | ||
@@ -311,19 +314,48 @@ static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, | |||
311 | if (get_user(len, optlen)) | 314 | if (get_user(len, optlen)) |
312 | return -EFAULT; | 315 | return -EFAULT; |
313 | 316 | ||
317 | local = llcp_sock->local; | ||
318 | if (!local) | ||
319 | return -ENODEV; | ||
320 | |||
314 | len = min_t(u32, len, sizeof(u32)); | 321 | len = min_t(u32, len, sizeof(u32)); |
315 | 322 | ||
316 | lock_sock(sk); | 323 | lock_sock(sk); |
317 | 324 | ||
318 | switch (optname) { | 325 | switch (optname) { |
319 | case NFC_LLCP_RW: | 326 | case NFC_LLCP_RW: |
320 | if (put_user(llcp_sock->rw, (u32 __user *) optval)) | 327 | rw = llcp_sock->rw > LLCP_MAX_RW ? local->rw : llcp_sock->rw; |
328 | if (put_user(rw, (u32 __user *) optval)) | ||
321 | err = -EFAULT; | 329 | err = -EFAULT; |
322 | 330 | ||
323 | break; | 331 | break; |
324 | 332 | ||
325 | case NFC_LLCP_MIUX: | 333 | case NFC_LLCP_MIUX: |
326 | if (put_user(llcp_sock->miux, (u32 __user *) optval)) | 334 | miux = be16_to_cpu(llcp_sock->miux) > LLCP_MAX_MIUX ? |
335 | be16_to_cpu(local->miux) : be16_to_cpu(llcp_sock->miux); | ||
336 | |||
337 | if (put_user(miux, (u32 __user *) optval)) | ||
338 | err = -EFAULT; | ||
339 | |||
340 | break; | ||
341 | |||
342 | case NFC_LLCP_REMOTE_MIU: | ||
343 | remote_miu = llcp_sock->remote_miu > LLCP_MAX_MIU ? | ||
344 | local->remote_miu : llcp_sock->remote_miu; | ||
345 | |||
346 | if (put_user(remote_miu, (u32 __user *) optval)) | ||
347 | err = -EFAULT; | ||
348 | |||
349 | break; | ||
350 | |||
351 | case NFC_LLCP_REMOTE_LTO: | ||
352 | if (put_user(local->remote_lto / 10, (u32 __user *) optval)) | ||
353 | err = -EFAULT; | ||
354 | |||
355 | break; | ||
356 | |||
357 | case NFC_LLCP_REMOTE_RW: | ||
358 | if (put_user(llcp_sock->remote_rw, (u32 __user *) optval)) | ||
327 | err = -EFAULT; | 359 | err = -EFAULT; |
328 | 360 | ||
329 | break; | 361 | break; |
@@ -921,13 +953,12 @@ struct sock *nfc_llcp_sock_alloc(struct socket *sock, int type, gfp_t gfp) | |||
921 | llcp_sock->ssap = 0; | 953 | llcp_sock->ssap = 0; |
922 | llcp_sock->dsap = LLCP_SAP_SDP; | 954 | llcp_sock->dsap = LLCP_SAP_SDP; |
923 | llcp_sock->rw = LLCP_MAX_RW + 1; | 955 | llcp_sock->rw = LLCP_MAX_RW + 1; |
924 | llcp_sock->miux = LLCP_MAX_MIUX + 1; | 956 | llcp_sock->miux = cpu_to_be16(LLCP_MAX_MIUX + 1); |
925 | llcp_sock->remote_rw = LLCP_DEFAULT_RW; | ||
926 | llcp_sock->remote_miu = LLCP_DEFAULT_MIU; | ||
927 | llcp_sock->send_n = llcp_sock->send_ack_n = 0; | 957 | llcp_sock->send_n = llcp_sock->send_ack_n = 0; |
928 | llcp_sock->recv_n = llcp_sock->recv_ack_n = 0; | 958 | llcp_sock->recv_n = llcp_sock->recv_ack_n = 0; |
929 | llcp_sock->remote_ready = 1; | 959 | llcp_sock->remote_ready = 1; |
930 | llcp_sock->reserved_ssap = LLCP_SAP_MAX; | 960 | llcp_sock->reserved_ssap = LLCP_SAP_MAX; |
961 | nfc_llcp_socket_remote_param_init(llcp_sock); | ||
931 | skb_queue_head_init(&llcp_sock->tx_queue); | 962 | skb_queue_head_init(&llcp_sock->tx_queue); |
932 | skb_queue_head_init(&llcp_sock->tx_pending_queue); | 963 | skb_queue_head_init(&llcp_sock->tx_pending_queue); |
933 | INIT_LIST_HEAD(&llcp_sock->accept_queue); | 964 | INIT_LIST_HEAD(&llcp_sock->accept_queue); |
diff --git a/net/rfkill/core.c b/net/rfkill/core.c index 9b9be5279f5d..1cec5e4f3a5e 100644 --- a/net/rfkill/core.c +++ b/net/rfkill/core.c | |||
@@ -587,7 +587,7 @@ static ssize_t rfkill_name_show(struct device *dev, | |||
587 | 587 | ||
588 | static const char *rfkill_get_type_str(enum rfkill_type type) | 588 | static const char *rfkill_get_type_str(enum rfkill_type type) |
589 | { | 589 | { |
590 | BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_FM + 1); | 590 | BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_NFC + 1); |
591 | 591 | ||
592 | switch (type) { | 592 | switch (type) { |
593 | case RFKILL_TYPE_WLAN: | 593 | case RFKILL_TYPE_WLAN: |
@@ -604,6 +604,8 @@ static const char *rfkill_get_type_str(enum rfkill_type type) | |||
604 | return "gps"; | 604 | return "gps"; |
605 | case RFKILL_TYPE_FM: | 605 | case RFKILL_TYPE_FM: |
606 | return "fm"; | 606 | return "fm"; |
607 | case RFKILL_TYPE_NFC: | ||
608 | return "nfc"; | ||
607 | default: | 609 | default: |
608 | BUG(); | 610 | BUG(); |
609 | } | 611 | } |