diff options
Diffstat (limited to 'net')
57 files changed, 4312 insertions, 970 deletions
diff --git a/net/Kconfig b/net/Kconfig index 878151c772c9..a07314844238 100644 --- a/net/Kconfig +++ b/net/Kconfig | |||
@@ -322,6 +322,7 @@ source "net/rfkill/Kconfig" | |||
322 | source "net/9p/Kconfig" | 322 | source "net/9p/Kconfig" |
323 | source "net/caif/Kconfig" | 323 | source "net/caif/Kconfig" |
324 | source "net/ceph/Kconfig" | 324 | source "net/ceph/Kconfig" |
325 | source "net/nfc/Kconfig" | ||
325 | 326 | ||
326 | 327 | ||
327 | endif # if NET | 328 | endif # if NET |
diff --git a/net/Makefile b/net/Makefile index a51d9465e628..acdde4950de4 100644 --- a/net/Makefile +++ b/net/Makefile | |||
@@ -68,3 +68,4 @@ obj-$(CONFIG_WIMAX) += wimax/ | |||
68 | obj-$(CONFIG_DNS_RESOLVER) += dns_resolver/ | 68 | obj-$(CONFIG_DNS_RESOLVER) += dns_resolver/ |
69 | obj-$(CONFIG_CEPH_LIB) += ceph/ | 69 | obj-$(CONFIG_CEPH_LIB) += ceph/ |
70 | obj-$(CONFIG_BATMAN_ADV) += batman-adv/ | 70 | obj-$(CONFIG_BATMAN_ADV) += batman-adv/ |
71 | obj-$(CONFIG_NFC) += nfc/ | ||
diff --git a/net/bluetooth/Kconfig b/net/bluetooth/Kconfig index 6ae5ec508587..bfb3dc03c9de 100644 --- a/net/bluetooth/Kconfig +++ b/net/bluetooth/Kconfig | |||
@@ -6,6 +6,7 @@ menuconfig BT | |||
6 | tristate "Bluetooth subsystem support" | 6 | tristate "Bluetooth subsystem support" |
7 | depends on NET && !S390 | 7 | depends on NET && !S390 |
8 | depends on RFKILL || !RFKILL | 8 | depends on RFKILL || !RFKILL |
9 | select CRYPTO | ||
9 | help | 10 | help |
10 | Bluetooth is low-cost, low-power, short-range wireless technology. | 11 | Bluetooth is low-cost, low-power, short-range wireless technology. |
11 | It was designed as a replacement for cables and other short-range | 12 | It was designed as a replacement for cables and other short-range |
@@ -22,6 +23,7 @@ menuconfig BT | |||
22 | BNEP Module (Bluetooth Network Encapsulation Protocol) | 23 | BNEP Module (Bluetooth Network Encapsulation Protocol) |
23 | CMTP Module (CAPI Message Transport Protocol) | 24 | CMTP Module (CAPI Message Transport Protocol) |
24 | HIDP Module (Human Interface Device Protocol) | 25 | HIDP Module (Human Interface Device Protocol) |
26 | SMP Module (Security Manager Protocol) | ||
25 | 27 | ||
26 | Say Y here to compile Bluetooth support into the kernel or say M to | 28 | Say Y here to compile Bluetooth support into the kernel or say M to |
27 | compile it as module (bluetooth). | 29 | compile it as module (bluetooth). |
@@ -36,11 +38,18 @@ if BT != n | |||
36 | config BT_L2CAP | 38 | config BT_L2CAP |
37 | bool "L2CAP protocol support" | 39 | bool "L2CAP protocol support" |
38 | select CRC16 | 40 | select CRC16 |
41 | select CRYPTO | ||
42 | select CRYPTO_BLKCIPHER | ||
43 | select CRYPTO_AES | ||
44 | select CRYPTO_ECB | ||
39 | help | 45 | help |
40 | L2CAP (Logical Link Control and Adaptation Protocol) provides | 46 | L2CAP (Logical Link Control and Adaptation Protocol) provides |
41 | connection oriented and connection-less data transport. L2CAP | 47 | connection oriented and connection-less data transport. L2CAP |
42 | support is required for most Bluetooth applications. | 48 | support is required for most Bluetooth applications. |
43 | 49 | ||
50 | Also included is support for SMP (Security Manager Protocol) which | ||
51 | is the security layer on top of LE (Low Energy) links. | ||
52 | |||
44 | config BT_SCO | 53 | config BT_SCO |
45 | bool "SCO links support" | 54 | bool "SCO links support" |
46 | help | 55 | help |
diff --git a/net/bluetooth/Makefile b/net/bluetooth/Makefile index f04fe9a9d634..9b67f3d08fa4 100644 --- a/net/bluetooth/Makefile +++ b/net/bluetooth/Makefile | |||
@@ -9,5 +9,5 @@ obj-$(CONFIG_BT_CMTP) += cmtp/ | |||
9 | obj-$(CONFIG_BT_HIDP) += hidp/ | 9 | obj-$(CONFIG_BT_HIDP) += hidp/ |
10 | 10 | ||
11 | bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o hci_sock.o hci_sysfs.o lib.o | 11 | bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o hci_sock.o hci_sysfs.o lib.o |
12 | bluetooth-$(CONFIG_BT_L2CAP) += l2cap_core.o l2cap_sock.o | 12 | bluetooth-$(CONFIG_BT_L2CAP) += l2cap_core.o l2cap_sock.o smp.o |
13 | bluetooth-$(CONFIG_BT_SCO) += sco.o | 13 | bluetooth-$(CONFIG_BT_SCO) += sco.o |
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c index 744233cba244..040f67b12978 100644 --- a/net/bluetooth/cmtp/capi.c +++ b/net/bluetooth/cmtp/capi.c | |||
@@ -326,7 +326,7 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb) | |||
326 | { | 326 | { |
327 | struct capi_ctr *ctrl = &session->ctrl; | 327 | struct capi_ctr *ctrl = &session->ctrl; |
328 | struct cmtp_application *application; | 328 | struct cmtp_application *application; |
329 | __u16 cmd, appl; | 329 | __u16 appl; |
330 | __u32 contr; | 330 | __u32 contr; |
331 | 331 | ||
332 | BT_DBG("session %p skb %p len %d", session, skb, skb->len); | 332 | BT_DBG("session %p skb %p len %d", session, skb, skb->len); |
@@ -344,7 +344,6 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb) | |||
344 | return; | 344 | return; |
345 | } | 345 | } |
346 | 346 | ||
347 | cmd = CAPICMD(CAPIMSG_COMMAND(skb->data), CAPIMSG_SUBCOMMAND(skb->data)); | ||
348 | appl = CAPIMSG_APPID(skb->data); | 347 | appl = CAPIMSG_APPID(skb->data); |
349 | contr = CAPIMSG_CONTROL(skb->data); | 348 | contr = CAPIMSG_CONTROL(skb->data); |
350 | 349 | ||
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index bcd158f40bb9..ea7f031f3b04 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -53,11 +53,13 @@ static void hci_le_connect(struct hci_conn *conn) | |||
53 | conn->state = BT_CONNECT; | 53 | conn->state = BT_CONNECT; |
54 | conn->out = 1; | 54 | conn->out = 1; |
55 | conn->link_mode |= HCI_LM_MASTER; | 55 | conn->link_mode |= HCI_LM_MASTER; |
56 | conn->sec_level = BT_SECURITY_LOW; | ||
56 | 57 | ||
57 | memset(&cp, 0, sizeof(cp)); | 58 | memset(&cp, 0, sizeof(cp)); |
58 | cp.scan_interval = cpu_to_le16(0x0004); | 59 | cp.scan_interval = cpu_to_le16(0x0004); |
59 | cp.scan_window = cpu_to_le16(0x0004); | 60 | cp.scan_window = cpu_to_le16(0x0004); |
60 | bacpy(&cp.peer_addr, &conn->dst); | 61 | bacpy(&cp.peer_addr, &conn->dst); |
62 | cp.peer_addr_type = conn->dst_type; | ||
61 | cp.conn_interval_min = cpu_to_le16(0x0008); | 63 | cp.conn_interval_min = cpu_to_le16(0x0008); |
62 | cp.conn_interval_max = cpu_to_le16(0x0100); | 64 | cp.conn_interval_max = cpu_to_le16(0x0100); |
63 | cp.supervision_timeout = cpu_to_le16(0x0064); | 65 | cp.supervision_timeout = cpu_to_le16(0x0064); |
@@ -203,6 +205,55 @@ void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, | |||
203 | } | 205 | } |
204 | EXPORT_SYMBOL(hci_le_conn_update); | 206 | EXPORT_SYMBOL(hci_le_conn_update); |
205 | 207 | ||
208 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8], | ||
209 | __u8 ltk[16]) | ||
210 | { | ||
211 | struct hci_dev *hdev = conn->hdev; | ||
212 | struct hci_cp_le_start_enc cp; | ||
213 | |||
214 | BT_DBG("%p", conn); | ||
215 | |||
216 | memset(&cp, 0, sizeof(cp)); | ||
217 | |||
218 | cp.handle = cpu_to_le16(conn->handle); | ||
219 | memcpy(cp.ltk, ltk, sizeof(cp.ltk)); | ||
220 | cp.ediv = ediv; | ||
221 | memcpy(cp.rand, rand, sizeof(rand)); | ||
222 | |||
223 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); | ||
224 | } | ||
225 | EXPORT_SYMBOL(hci_le_start_enc); | ||
226 | |||
227 | void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) | ||
228 | { | ||
229 | struct hci_dev *hdev = conn->hdev; | ||
230 | struct hci_cp_le_ltk_reply cp; | ||
231 | |||
232 | BT_DBG("%p", conn); | ||
233 | |||
234 | memset(&cp, 0, sizeof(cp)); | ||
235 | |||
236 | cp.handle = cpu_to_le16(conn->handle); | ||
237 | memcpy(cp.ltk, ltk, sizeof(ltk)); | ||
238 | |||
239 | hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); | ||
240 | } | ||
241 | EXPORT_SYMBOL(hci_le_ltk_reply); | ||
242 | |||
243 | void hci_le_ltk_neg_reply(struct hci_conn *conn) | ||
244 | { | ||
245 | struct hci_dev *hdev = conn->hdev; | ||
246 | struct hci_cp_le_ltk_neg_reply cp; | ||
247 | |||
248 | BT_DBG("%p", conn); | ||
249 | |||
250 | memset(&cp, 0, sizeof(cp)); | ||
251 | |||
252 | cp.handle = cpu_to_le16(conn->handle); | ||
253 | |||
254 | hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(cp), &cp); | ||
255 | } | ||
256 | |||
206 | /* Device _must_ be locked */ | 257 | /* Device _must_ be locked */ |
207 | void hci_sco_setup(struct hci_conn *conn, __u8 status) | 258 | void hci_sco_setup(struct hci_conn *conn, __u8 status) |
208 | { | 259 | { |
@@ -450,14 +501,23 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
450 | BT_DBG("%s dst %s", hdev->name, batostr(dst)); | 501 | BT_DBG("%s dst %s", hdev->name, batostr(dst)); |
451 | 502 | ||
452 | if (type == LE_LINK) { | 503 | if (type == LE_LINK) { |
504 | struct adv_entry *entry; | ||
505 | |||
453 | le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); | 506 | le = hci_conn_hash_lookup_ba(hdev, LE_LINK, dst); |
454 | if (le) | 507 | if (le) |
455 | return ERR_PTR(-EBUSY); | 508 | return ERR_PTR(-EBUSY); |
509 | |||
510 | entry = hci_find_adv_entry(hdev, dst); | ||
511 | if (!entry) | ||
512 | return ERR_PTR(-EHOSTUNREACH); | ||
513 | |||
456 | le = hci_conn_add(hdev, LE_LINK, dst); | 514 | le = hci_conn_add(hdev, LE_LINK, dst); |
457 | if (!le) | 515 | if (!le) |
458 | return ERR_PTR(-ENOMEM); | 516 | return ERR_PTR(-ENOMEM); |
459 | if (le->state == BT_OPEN) | 517 | |
460 | hci_le_connect(le); | 518 | le->dst_type = entry->bdaddr_type; |
519 | |||
520 | hci_le_connect(le); | ||
461 | 521 | ||
462 | hci_conn_hold(le); | 522 | hci_conn_hold(le); |
463 | 523 | ||
@@ -500,7 +560,7 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
500 | if (acl->state == BT_CONNECTED && | 560 | if (acl->state == BT_CONNECTED && |
501 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { | 561 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
502 | acl->power_save = 1; | 562 | acl->power_save = 1; |
503 | hci_conn_enter_active_mode(acl); | 563 | hci_conn_enter_active_mode(acl, BT_POWER_FORCE_ACTIVE_ON); |
504 | 564 | ||
505 | if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { | 565 | if (test_bit(HCI_CONN_MODE_CHANGE_PEND, &acl->pend)) { |
506 | /* defer SCO setup until mode change completed */ | 566 | /* defer SCO setup until mode change completed */ |
@@ -551,6 +611,8 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) | |||
551 | cp.handle = cpu_to_le16(conn->handle); | 611 | cp.handle = cpu_to_le16(conn->handle); |
552 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, | 612 | hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, |
553 | sizeof(cp), &cp); | 613 | sizeof(cp), &cp); |
614 | if (conn->key_type != 0xff) | ||
615 | set_bit(HCI_CONN_REAUTH_PEND, &conn->pend); | ||
554 | } | 616 | } |
555 | 617 | ||
556 | return 0; | 618 | return 0; |
@@ -634,9 +696,7 @@ int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) | |||
634 | if (sec_level != BT_SECURITY_HIGH) | 696 | if (sec_level != BT_SECURITY_HIGH) |
635 | return 1; /* Accept if non-secure is required */ | 697 | return 1; /* Accept if non-secure is required */ |
636 | 698 | ||
637 | if (conn->key_type == HCI_LK_AUTH_COMBINATION || | 699 | if (conn->sec_level == BT_SECURITY_HIGH) |
638 | (conn->key_type == HCI_LK_COMBINATION && | ||
639 | conn->pin_length == 16)) | ||
640 | return 1; | 700 | return 1; |
641 | 701 | ||
642 | return 0; /* Reject not secure link */ | 702 | return 0; /* Reject not secure link */ |
@@ -679,7 +739,7 @@ int hci_conn_switch_role(struct hci_conn *conn, __u8 role) | |||
679 | EXPORT_SYMBOL(hci_conn_switch_role); | 739 | EXPORT_SYMBOL(hci_conn_switch_role); |
680 | 740 | ||
681 | /* Enter active mode */ | 741 | /* Enter active mode */ |
682 | void hci_conn_enter_active_mode(struct hci_conn *conn) | 742 | void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active) |
683 | { | 743 | { |
684 | struct hci_dev *hdev = conn->hdev; | 744 | struct hci_dev *hdev = conn->hdev; |
685 | 745 | ||
@@ -688,7 +748,10 @@ void hci_conn_enter_active_mode(struct hci_conn *conn) | |||
688 | if (test_bit(HCI_RAW, &hdev->flags)) | 748 | if (test_bit(HCI_RAW, &hdev->flags)) |
689 | return; | 749 | return; |
690 | 750 | ||
691 | if (conn->mode != HCI_CM_SNIFF || !conn->power_save) | 751 | if (conn->mode != HCI_CM_SNIFF) |
752 | goto timer; | ||
753 | |||
754 | if (!conn->power_save && !force_active) | ||
692 | goto timer; | 755 | goto timer; |
693 | 756 | ||
694 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { | 757 | if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 815269b07f20..0029e178e52e 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -42,6 +42,7 @@ | |||
42 | #include <linux/notifier.h> | 42 | #include <linux/notifier.h> |
43 | #include <linux/rfkill.h> | 43 | #include <linux/rfkill.h> |
44 | #include <linux/timer.h> | 44 | #include <linux/timer.h> |
45 | #include <linux/crypto.h> | ||
45 | #include <net/sock.h> | 46 | #include <net/sock.h> |
46 | 47 | ||
47 | #include <asm/system.h> | 48 | #include <asm/system.h> |
@@ -59,6 +60,8 @@ static void hci_tx_task(unsigned long arg); | |||
59 | 60 | ||
60 | static DEFINE_RWLOCK(hci_task_lock); | 61 | static DEFINE_RWLOCK(hci_task_lock); |
61 | 62 | ||
63 | static int enable_smp; | ||
64 | |||
62 | /* HCI device list */ | 65 | /* HCI device list */ |
63 | LIST_HEAD(hci_dev_list); | 66 | LIST_HEAD(hci_dev_list); |
64 | DEFINE_RWLOCK(hci_dev_list_lock); | 67 | DEFINE_RWLOCK(hci_dev_list_lock); |
@@ -1202,6 +1205,177 @@ int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, | |||
1202 | return 0; | 1205 | return 0; |
1203 | } | 1206 | } |
1204 | 1207 | ||
1208 | struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, | ||
1209 | bdaddr_t *bdaddr) | ||
1210 | { | ||
1211 | struct list_head *p; | ||
1212 | |||
1213 | list_for_each(p, &hdev->blacklist) { | ||
1214 | struct bdaddr_list *b; | ||
1215 | |||
1216 | b = list_entry(p, struct bdaddr_list, list); | ||
1217 | |||
1218 | if (bacmp(bdaddr, &b->bdaddr) == 0) | ||
1219 | return b; | ||
1220 | } | ||
1221 | |||
1222 | return NULL; | ||
1223 | } | ||
1224 | |||
1225 | int hci_blacklist_clear(struct hci_dev *hdev) | ||
1226 | { | ||
1227 | struct list_head *p, *n; | ||
1228 | |||
1229 | list_for_each_safe(p, n, &hdev->blacklist) { | ||
1230 | struct bdaddr_list *b; | ||
1231 | |||
1232 | b = list_entry(p, struct bdaddr_list, list); | ||
1233 | |||
1234 | list_del(p); | ||
1235 | kfree(b); | ||
1236 | } | ||
1237 | |||
1238 | return 0; | ||
1239 | } | ||
1240 | |||
1241 | int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr) | ||
1242 | { | ||
1243 | struct bdaddr_list *entry; | ||
1244 | int err; | ||
1245 | |||
1246 | if (bacmp(bdaddr, BDADDR_ANY) == 0) | ||
1247 | return -EBADF; | ||
1248 | |||
1249 | hci_dev_lock(hdev); | ||
1250 | |||
1251 | if (hci_blacklist_lookup(hdev, bdaddr)) { | ||
1252 | err = -EEXIST; | ||
1253 | goto err; | ||
1254 | } | ||
1255 | |||
1256 | entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); | ||
1257 | if (!entry) { | ||
1258 | return -ENOMEM; | ||
1259 | goto err; | ||
1260 | } | ||
1261 | |||
1262 | bacpy(&entry->bdaddr, bdaddr); | ||
1263 | |||
1264 | list_add(&entry->list, &hdev->blacklist); | ||
1265 | |||
1266 | err = 0; | ||
1267 | |||
1268 | err: | ||
1269 | hci_dev_unlock(hdev); | ||
1270 | return err; | ||
1271 | } | ||
1272 | |||
1273 | int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr) | ||
1274 | { | ||
1275 | struct bdaddr_list *entry; | ||
1276 | int err = 0; | ||
1277 | |||
1278 | hci_dev_lock(hdev); | ||
1279 | |||
1280 | if (bacmp(bdaddr, BDADDR_ANY) == 0) { | ||
1281 | hci_blacklist_clear(hdev); | ||
1282 | goto done; | ||
1283 | } | ||
1284 | |||
1285 | entry = hci_blacklist_lookup(hdev, bdaddr); | ||
1286 | if (!entry) { | ||
1287 | err = -ENOENT; | ||
1288 | goto done; | ||
1289 | } | ||
1290 | |||
1291 | list_del(&entry->list); | ||
1292 | kfree(entry); | ||
1293 | |||
1294 | done: | ||
1295 | hci_dev_unlock(hdev); | ||
1296 | return err; | ||
1297 | } | ||
1298 | |||
1299 | static void hci_clear_adv_cache(unsigned long arg) | ||
1300 | { | ||
1301 | struct hci_dev *hdev = (void *) arg; | ||
1302 | |||
1303 | hci_dev_lock(hdev); | ||
1304 | |||
1305 | hci_adv_entries_clear(hdev); | ||
1306 | |||
1307 | hci_dev_unlock(hdev); | ||
1308 | } | ||
1309 | |||
1310 | int hci_adv_entries_clear(struct hci_dev *hdev) | ||
1311 | { | ||
1312 | struct adv_entry *entry, *tmp; | ||
1313 | |||
1314 | list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) { | ||
1315 | list_del(&entry->list); | ||
1316 | kfree(entry); | ||
1317 | } | ||
1318 | |||
1319 | BT_DBG("%s adv cache cleared", hdev->name); | ||
1320 | |||
1321 | return 0; | ||
1322 | } | ||
1323 | |||
1324 | struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr) | ||
1325 | { | ||
1326 | struct adv_entry *entry; | ||
1327 | |||
1328 | list_for_each_entry(entry, &hdev->adv_entries, list) | ||
1329 | if (bacmp(bdaddr, &entry->bdaddr) == 0) | ||
1330 | return entry; | ||
1331 | |||
1332 | return NULL; | ||
1333 | } | ||
1334 | |||
1335 | static inline int is_connectable_adv(u8 evt_type) | ||
1336 | { | ||
1337 | if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND) | ||
1338 | return 1; | ||
1339 | |||
1340 | return 0; | ||
1341 | } | ||
1342 | |||
1343 | int hci_add_adv_entry(struct hci_dev *hdev, | ||
1344 | struct hci_ev_le_advertising_info *ev) | ||
1345 | { | ||
1346 | struct adv_entry *entry; | ||
1347 | |||
1348 | if (!is_connectable_adv(ev->evt_type)) | ||
1349 | return -EINVAL; | ||
1350 | |||
1351 | /* Only new entries should be added to adv_entries. So, if | ||
1352 | * bdaddr was found, don't add it. */ | ||
1353 | if (hci_find_adv_entry(hdev, &ev->bdaddr)) | ||
1354 | return 0; | ||
1355 | |||
1356 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); | ||
1357 | if (!entry) | ||
1358 | return -ENOMEM; | ||
1359 | |||
1360 | bacpy(&entry->bdaddr, &ev->bdaddr); | ||
1361 | entry->bdaddr_type = ev->bdaddr_type; | ||
1362 | |||
1363 | list_add(&entry->list, &hdev->adv_entries); | ||
1364 | |||
1365 | BT_DBG("%s adv entry added: address %s type %u", hdev->name, | ||
1366 | batostr(&entry->bdaddr), entry->bdaddr_type); | ||
1367 | |||
1368 | return 0; | ||
1369 | } | ||
1370 | |||
1371 | static struct crypto_blkcipher *alloc_cypher(void) | ||
1372 | { | ||
1373 | if (enable_smp) | ||
1374 | return crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); | ||
1375 | |||
1376 | return ERR_PTR(-ENOTSUPP); | ||
1377 | } | ||
1378 | |||
1205 | /* Register HCI device */ | 1379 | /* Register HCI device */ |
1206 | int hci_register_dev(struct hci_dev *hdev) | 1380 | int hci_register_dev(struct hci_dev *hdev) |
1207 | { | 1381 | { |
@@ -1268,6 +1442,10 @@ int hci_register_dev(struct hci_dev *hdev) | |||
1268 | 1442 | ||
1269 | INIT_LIST_HEAD(&hdev->remote_oob_data); | 1443 | INIT_LIST_HEAD(&hdev->remote_oob_data); |
1270 | 1444 | ||
1445 | INIT_LIST_HEAD(&hdev->adv_entries); | ||
1446 | setup_timer(&hdev->adv_timer, hci_clear_adv_cache, | ||
1447 | (unsigned long) hdev); | ||
1448 | |||
1271 | INIT_WORK(&hdev->power_on, hci_power_on); | 1449 | INIT_WORK(&hdev->power_on, hci_power_on); |
1272 | INIT_WORK(&hdev->power_off, hci_power_off); | 1450 | INIT_WORK(&hdev->power_off, hci_power_off); |
1273 | setup_timer(&hdev->off_timer, hci_auto_off, (unsigned long) hdev); | 1451 | setup_timer(&hdev->off_timer, hci_auto_off, (unsigned long) hdev); |
@@ -1282,6 +1460,11 @@ int hci_register_dev(struct hci_dev *hdev) | |||
1282 | if (!hdev->workqueue) | 1460 | if (!hdev->workqueue) |
1283 | goto nomem; | 1461 | goto nomem; |
1284 | 1462 | ||
1463 | hdev->tfm = alloc_cypher(); | ||
1464 | if (IS_ERR(hdev->tfm)) | ||
1465 | BT_INFO("Failed to load transform for ecb(aes): %ld", | ||
1466 | PTR_ERR(hdev->tfm)); | ||
1467 | |||
1285 | hci_register_sysfs(hdev); | 1468 | hci_register_sysfs(hdev); |
1286 | 1469 | ||
1287 | hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, | 1470 | hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, |
@@ -1330,6 +1513,9 @@ int hci_unregister_dev(struct hci_dev *hdev) | |||
1330 | !test_bit(HCI_SETUP, &hdev->flags)) | 1513 | !test_bit(HCI_SETUP, &hdev->flags)) |
1331 | mgmt_index_removed(hdev->id); | 1514 | mgmt_index_removed(hdev->id); |
1332 | 1515 | ||
1516 | if (!IS_ERR(hdev->tfm)) | ||
1517 | crypto_free_blkcipher(hdev->tfm); | ||
1518 | |||
1333 | hci_notify(hdev, HCI_DEV_UNREG); | 1519 | hci_notify(hdev, HCI_DEV_UNREG); |
1334 | 1520 | ||
1335 | if (hdev->rfkill) { | 1521 | if (hdev->rfkill) { |
@@ -1340,6 +1526,7 @@ int hci_unregister_dev(struct hci_dev *hdev) | |||
1340 | hci_unregister_sysfs(hdev); | 1526 | hci_unregister_sysfs(hdev); |
1341 | 1527 | ||
1342 | hci_del_off_timer(hdev); | 1528 | hci_del_off_timer(hdev); |
1529 | del_timer(&hdev->adv_timer); | ||
1343 | 1530 | ||
1344 | destroy_workqueue(hdev->workqueue); | 1531 | destroy_workqueue(hdev->workqueue); |
1345 | 1532 | ||
@@ -1348,6 +1535,7 @@ int hci_unregister_dev(struct hci_dev *hdev) | |||
1348 | hci_uuids_clear(hdev); | 1535 | hci_uuids_clear(hdev); |
1349 | hci_link_keys_clear(hdev); | 1536 | hci_link_keys_clear(hdev); |
1350 | hci_remote_oob_data_clear(hdev); | 1537 | hci_remote_oob_data_clear(hdev); |
1538 | hci_adv_entries_clear(hdev); | ||
1351 | hci_dev_unlock_bh(hdev); | 1539 | hci_dev_unlock_bh(hdev); |
1352 | 1540 | ||
1353 | __hci_dev_put(hdev); | 1541 | __hci_dev_put(hdev); |
@@ -1891,7 +2079,7 @@ static inline void hci_sched_acl(struct hci_dev *hdev) | |||
1891 | while (quote-- && (skb = skb_dequeue(&conn->data_q))) { | 2079 | while (quote-- && (skb = skb_dequeue(&conn->data_q))) { |
1892 | BT_DBG("skb %p len %d", skb, skb->len); | 2080 | BT_DBG("skb %p len %d", skb, skb->len); |
1893 | 2081 | ||
1894 | hci_conn_enter_active_mode(conn); | 2082 | hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active); |
1895 | 2083 | ||
1896 | hci_send_frame(skb); | 2084 | hci_send_frame(skb); |
1897 | hdev->acl_last_tx = jiffies; | 2085 | hdev->acl_last_tx = jiffies; |
@@ -2030,7 +2218,7 @@ static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) | |||
2030 | if (conn) { | 2218 | if (conn) { |
2031 | register struct hci_proto *hp; | 2219 | register struct hci_proto *hp; |
2032 | 2220 | ||
2033 | hci_conn_enter_active_mode(conn); | 2221 | hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active); |
2034 | 2222 | ||
2035 | /* Send to upper protocol */ | 2223 | /* Send to upper protocol */ |
2036 | hp = hci_proto[HCI_PROTO_L2CAP]; | 2224 | hp = hci_proto[HCI_PROTO_L2CAP]; |
@@ -2164,3 +2352,6 @@ static void hci_cmd_task(unsigned long arg) | |||
2164 | } | 2352 | } |
2165 | } | 2353 | } |
2166 | } | 2354 | } |
2355 | |||
2356 | module_param(enable_smp, bool, 0644); | ||
2357 | MODULE_PARM_DESC(enable_smp, "Enable SMP support (LE only)"); | ||
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 77930aa522e3..ac2c5e89617c 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -841,6 +841,57 @@ static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev, | |||
841 | rp->randomizer, rp->status); | 841 | rp->randomizer, rp->status); |
842 | } | 842 | } |
843 | 843 | ||
844 | static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | ||
845 | struct sk_buff *skb) | ||
846 | { | ||
847 | struct hci_cp_le_set_scan_enable *cp; | ||
848 | __u8 status = *((__u8 *) skb->data); | ||
849 | |||
850 | BT_DBG("%s status 0x%x", hdev->name, status); | ||
851 | |||
852 | if (status) | ||
853 | return; | ||
854 | |||
855 | cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE); | ||
856 | if (!cp) | ||
857 | return; | ||
858 | |||
859 | hci_dev_lock(hdev); | ||
860 | |||
861 | if (cp->enable == 0x01) { | ||
862 | del_timer(&hdev->adv_timer); | ||
863 | hci_adv_entries_clear(hdev); | ||
864 | } else if (cp->enable == 0x00) { | ||
865 | mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT); | ||
866 | } | ||
867 | |||
868 | hci_dev_unlock(hdev); | ||
869 | } | ||
870 | |||
871 | static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb) | ||
872 | { | ||
873 | struct hci_rp_le_ltk_reply *rp = (void *) skb->data; | ||
874 | |||
875 | BT_DBG("%s status 0x%x", hdev->name, rp->status); | ||
876 | |||
877 | if (rp->status) | ||
878 | return; | ||
879 | |||
880 | hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status); | ||
881 | } | ||
882 | |||
883 | static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb) | ||
884 | { | ||
885 | struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data; | ||
886 | |||
887 | BT_DBG("%s status 0x%x", hdev->name, rp->status); | ||
888 | |||
889 | if (rp->status) | ||
890 | return; | ||
891 | |||
892 | hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status); | ||
893 | } | ||
894 | |||
844 | static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) | 895 | static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) |
845 | { | 896 | { |
846 | BT_DBG("%s status 0x%x", hdev->name, status); | 897 | BT_DBG("%s status 0x%x", hdev->name, status); |
@@ -1209,16 +1260,23 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status) | |||
1209 | } else { | 1260 | } else { |
1210 | if (!conn) { | 1261 | if (!conn) { |
1211 | conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr); | 1262 | conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr); |
1212 | if (conn) | 1263 | if (conn) { |
1264 | conn->dst_type = cp->peer_addr_type; | ||
1213 | conn->out = 1; | 1265 | conn->out = 1; |
1214 | else | 1266 | } else { |
1215 | BT_ERR("No memory for new connection"); | 1267 | BT_ERR("No memory for new connection"); |
1268 | } | ||
1216 | } | 1269 | } |
1217 | } | 1270 | } |
1218 | 1271 | ||
1219 | hci_dev_unlock(hdev); | 1272 | hci_dev_unlock(hdev); |
1220 | } | 1273 | } |
1221 | 1274 | ||
1275 | static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) | ||
1276 | { | ||
1277 | BT_DBG("%s status 0x%x", hdev->name, status); | ||
1278 | } | ||
1279 | |||
1222 | static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | 1280 | static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) |
1223 | { | 1281 | { |
1224 | __u8 status = *((__u8 *) skb->data); | 1282 | __u8 status = *((__u8 *) skb->data); |
@@ -1462,51 +1520,58 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s | |||
1462 | hci_dev_lock(hdev); | 1520 | hci_dev_lock(hdev); |
1463 | 1521 | ||
1464 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); | 1522 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); |
1465 | if (conn) { | 1523 | if (!conn) |
1466 | if (!ev->status) { | 1524 | goto unlock; |
1525 | |||
1526 | if (!ev->status) { | ||
1527 | if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) && | ||
1528 | test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) { | ||
1529 | BT_INFO("re-auth of legacy device is not possible."); | ||
1530 | } else { | ||
1467 | conn->link_mode |= HCI_LM_AUTH; | 1531 | conn->link_mode |= HCI_LM_AUTH; |
1468 | conn->sec_level = conn->pending_sec_level; | 1532 | conn->sec_level = conn->pending_sec_level; |
1469 | } else { | ||
1470 | mgmt_auth_failed(hdev->id, &conn->dst, ev->status); | ||
1471 | } | 1533 | } |
1534 | } else { | ||
1535 | mgmt_auth_failed(hdev->id, &conn->dst, ev->status); | ||
1536 | } | ||
1472 | 1537 | ||
1473 | clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); | 1538 | clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); |
1539 | clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend); | ||
1474 | 1540 | ||
1475 | if (conn->state == BT_CONFIG) { | 1541 | if (conn->state == BT_CONFIG) { |
1476 | if (!ev->status && hdev->ssp_mode > 0 && | 1542 | if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) { |
1477 | conn->ssp_mode > 0) { | 1543 | struct hci_cp_set_conn_encrypt cp; |
1478 | struct hci_cp_set_conn_encrypt cp; | 1544 | cp.handle = ev->handle; |
1479 | cp.handle = ev->handle; | 1545 | cp.encrypt = 0x01; |
1480 | cp.encrypt = 0x01; | 1546 | hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), |
1481 | hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, | 1547 | &cp); |
1482 | sizeof(cp), &cp); | ||
1483 | } else { | ||
1484 | conn->state = BT_CONNECTED; | ||
1485 | hci_proto_connect_cfm(conn, ev->status); | ||
1486 | hci_conn_put(conn); | ||
1487 | } | ||
1488 | } else { | 1548 | } else { |
1489 | hci_auth_cfm(conn, ev->status); | 1549 | conn->state = BT_CONNECTED; |
1490 | 1550 | hci_proto_connect_cfm(conn, ev->status); | |
1491 | hci_conn_hold(conn); | ||
1492 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; | ||
1493 | hci_conn_put(conn); | 1551 | hci_conn_put(conn); |
1494 | } | 1552 | } |
1553 | } else { | ||
1554 | hci_auth_cfm(conn, ev->status); | ||
1495 | 1555 | ||
1496 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { | 1556 | hci_conn_hold(conn); |
1497 | if (!ev->status) { | 1557 | conn->disc_timeout = HCI_DISCONN_TIMEOUT; |
1498 | struct hci_cp_set_conn_encrypt cp; | 1558 | hci_conn_put(conn); |
1499 | cp.handle = ev->handle; | 1559 | } |
1500 | cp.encrypt = 0x01; | 1560 | |
1501 | hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, | 1561 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) { |
1502 | sizeof(cp), &cp); | 1562 | if (!ev->status) { |
1503 | } else { | 1563 | struct hci_cp_set_conn_encrypt cp; |
1504 | clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); | 1564 | cp.handle = ev->handle; |
1505 | hci_encrypt_cfm(conn, ev->status, 0x00); | 1565 | cp.encrypt = 0x01; |
1506 | } | 1566 | hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), |
1567 | &cp); | ||
1568 | } else { | ||
1569 | clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); | ||
1570 | hci_encrypt_cfm(conn, ev->status, 0x00); | ||
1507 | } | 1571 | } |
1508 | } | 1572 | } |
1509 | 1573 | ||
1574 | unlock: | ||
1510 | hci_dev_unlock(hdev); | 1575 | hci_dev_unlock(hdev); |
1511 | } | 1576 | } |
1512 | 1577 | ||
@@ -1557,6 +1622,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff * | |||
1557 | /* Encryption implies authentication */ | 1622 | /* Encryption implies authentication */ |
1558 | conn->link_mode |= HCI_LM_AUTH; | 1623 | conn->link_mode |= HCI_LM_AUTH; |
1559 | conn->link_mode |= HCI_LM_ENCRYPT; | 1624 | conn->link_mode |= HCI_LM_ENCRYPT; |
1625 | conn->sec_level = conn->pending_sec_level; | ||
1560 | } else | 1626 | } else |
1561 | conn->link_mode &= ~HCI_LM_ENCRYPT; | 1627 | conn->link_mode &= ~HCI_LM_ENCRYPT; |
1562 | } | 1628 | } |
@@ -1816,6 +1882,18 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk | |||
1816 | hci_cc_user_confirm_neg_reply(hdev, skb); | 1882 | hci_cc_user_confirm_neg_reply(hdev, skb); |
1817 | break; | 1883 | break; |
1818 | 1884 | ||
1885 | case HCI_OP_LE_SET_SCAN_ENABLE: | ||
1886 | hci_cc_le_set_scan_enable(hdev, skb); | ||
1887 | break; | ||
1888 | |||
1889 | case HCI_OP_LE_LTK_REPLY: | ||
1890 | hci_cc_le_ltk_reply(hdev, skb); | ||
1891 | break; | ||
1892 | |||
1893 | case HCI_OP_LE_LTK_NEG_REPLY: | ||
1894 | hci_cc_le_ltk_neg_reply(hdev, skb); | ||
1895 | break; | ||
1896 | |||
1819 | default: | 1897 | default: |
1820 | BT_DBG("%s opcode 0x%x", hdev->name, opcode); | 1898 | BT_DBG("%s opcode 0x%x", hdev->name, opcode); |
1821 | break; | 1899 | break; |
@@ -1894,6 +1972,10 @@ static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1894 | hci_cs_le_create_conn(hdev, ev->status); | 1972 | hci_cs_le_create_conn(hdev, ev->status); |
1895 | break; | 1973 | break; |
1896 | 1974 | ||
1975 | case HCI_OP_LE_START_ENC: | ||
1976 | hci_cs_le_start_enc(hdev, ev->status); | ||
1977 | break; | ||
1978 | |||
1897 | default: | 1979 | default: |
1898 | BT_DBG("%s opcode 0x%x", hdev->name, opcode); | 1980 | BT_DBG("%s opcode 0x%x", hdev->name, opcode); |
1899 | break; | 1981 | break; |
@@ -2658,6 +2740,8 @@ static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff | |||
2658 | hci_dev_unlock(hdev); | 2740 | hci_dev_unlock(hdev); |
2659 | return; | 2741 | return; |
2660 | } | 2742 | } |
2743 | |||
2744 | conn->dst_type = ev->bdaddr_type; | ||
2661 | } | 2745 | } |
2662 | 2746 | ||
2663 | if (ev->status) { | 2747 | if (ev->status) { |
@@ -2670,6 +2754,7 @@ static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff | |||
2670 | 2754 | ||
2671 | mgmt_connected(hdev->id, &ev->bdaddr); | 2755 | mgmt_connected(hdev->id, &ev->bdaddr); |
2672 | 2756 | ||
2757 | conn->sec_level = BT_SECURITY_LOW; | ||
2673 | conn->handle = __le16_to_cpu(ev->handle); | 2758 | conn->handle = __le16_to_cpu(ev->handle); |
2674 | conn->state = BT_CONNECTED; | 2759 | conn->state = BT_CONNECTED; |
2675 | 2760 | ||
@@ -2682,6 +2767,49 @@ unlock: | |||
2682 | hci_dev_unlock(hdev); | 2767 | hci_dev_unlock(hdev); |
2683 | } | 2768 | } |
2684 | 2769 | ||
2770 | static inline void hci_le_adv_report_evt(struct hci_dev *hdev, | ||
2771 | struct sk_buff *skb) | ||
2772 | { | ||
2773 | struct hci_ev_le_advertising_info *ev; | ||
2774 | u8 num_reports; | ||
2775 | |||
2776 | num_reports = skb->data[0]; | ||
2777 | ev = (void *) &skb->data[1]; | ||
2778 | |||
2779 | hci_dev_lock(hdev); | ||
2780 | |||
2781 | hci_add_adv_entry(hdev, ev); | ||
2782 | |||
2783 | while (--num_reports) { | ||
2784 | ev = (void *) (ev->data + ev->length + 1); | ||
2785 | hci_add_adv_entry(hdev, ev); | ||
2786 | } | ||
2787 | |||
2788 | hci_dev_unlock(hdev); | ||
2789 | } | ||
2790 | |||
2791 | static inline void hci_le_ltk_request_evt(struct hci_dev *hdev, | ||
2792 | struct sk_buff *skb) | ||
2793 | { | ||
2794 | struct hci_ev_le_ltk_req *ev = (void *) skb->data; | ||
2795 | struct hci_cp_le_ltk_reply cp; | ||
2796 | struct hci_conn *conn; | ||
2797 | |||
2798 | BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle)); | ||
2799 | |||
2800 | hci_dev_lock(hdev); | ||
2801 | |||
2802 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); | ||
2803 | |||
2804 | memset(&cp, 0, sizeof(cp)); | ||
2805 | cp.handle = cpu_to_le16(conn->handle); | ||
2806 | memcpy(cp.ltk, conn->ltk, sizeof(conn->ltk)); | ||
2807 | |||
2808 | hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); | ||
2809 | |||
2810 | hci_dev_unlock(hdev); | ||
2811 | } | ||
2812 | |||
2685 | static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) | 2813 | static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) |
2686 | { | 2814 | { |
2687 | struct hci_ev_le_meta *le_ev = (void *) skb->data; | 2815 | struct hci_ev_le_meta *le_ev = (void *) skb->data; |
@@ -2693,6 +2821,14 @@ static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2693 | hci_le_conn_complete_evt(hdev, skb); | 2821 | hci_le_conn_complete_evt(hdev, skb); |
2694 | break; | 2822 | break; |
2695 | 2823 | ||
2824 | case HCI_EV_LE_ADVERTISING_REPORT: | ||
2825 | hci_le_adv_report_evt(hdev, skb); | ||
2826 | break; | ||
2827 | |||
2828 | case HCI_EV_LE_LTK_REQ: | ||
2829 | hci_le_ltk_request_evt(hdev, skb); | ||
2830 | break; | ||
2831 | |||
2696 | default: | 2832 | default: |
2697 | break; | 2833 | break; |
2698 | } | 2834 | } |
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 295e4a88fff8..ff02cf5e77cc 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c | |||
@@ -180,82 +180,24 @@ static int hci_sock_release(struct socket *sock) | |||
180 | return 0; | 180 | return 0; |
181 | } | 181 | } |
182 | 182 | ||
183 | struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr) | 183 | static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg) |
184 | { | ||
185 | struct list_head *p; | ||
186 | |||
187 | list_for_each(p, &hdev->blacklist) { | ||
188 | struct bdaddr_list *b; | ||
189 | |||
190 | b = list_entry(p, struct bdaddr_list, list); | ||
191 | |||
192 | if (bacmp(bdaddr, &b->bdaddr) == 0) | ||
193 | return b; | ||
194 | } | ||
195 | |||
196 | return NULL; | ||
197 | } | ||
198 | |||
199 | static int hci_blacklist_add(struct hci_dev *hdev, void __user *arg) | ||
200 | { | 184 | { |
201 | bdaddr_t bdaddr; | 185 | bdaddr_t bdaddr; |
202 | struct bdaddr_list *entry; | ||
203 | 186 | ||
204 | if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) | 187 | if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) |
205 | return -EFAULT; | 188 | return -EFAULT; |
206 | 189 | ||
207 | if (bacmp(&bdaddr, BDADDR_ANY) == 0) | 190 | return hci_blacklist_add(hdev, &bdaddr); |
208 | return -EBADF; | ||
209 | |||
210 | if (hci_blacklist_lookup(hdev, &bdaddr)) | ||
211 | return -EEXIST; | ||
212 | |||
213 | entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); | ||
214 | if (!entry) | ||
215 | return -ENOMEM; | ||
216 | |||
217 | bacpy(&entry->bdaddr, &bdaddr); | ||
218 | |||
219 | list_add(&entry->list, &hdev->blacklist); | ||
220 | |||
221 | return 0; | ||
222 | } | ||
223 | |||
224 | int hci_blacklist_clear(struct hci_dev *hdev) | ||
225 | { | ||
226 | struct list_head *p, *n; | ||
227 | |||
228 | list_for_each_safe(p, n, &hdev->blacklist) { | ||
229 | struct bdaddr_list *b; | ||
230 | |||
231 | b = list_entry(p, struct bdaddr_list, list); | ||
232 | |||
233 | list_del(p); | ||
234 | kfree(b); | ||
235 | } | ||
236 | |||
237 | return 0; | ||
238 | } | 191 | } |
239 | 192 | ||
240 | static int hci_blacklist_del(struct hci_dev *hdev, void __user *arg) | 193 | static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg) |
241 | { | 194 | { |
242 | bdaddr_t bdaddr; | 195 | bdaddr_t bdaddr; |
243 | struct bdaddr_list *entry; | ||
244 | 196 | ||
245 | if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) | 197 | if (copy_from_user(&bdaddr, arg, sizeof(bdaddr))) |
246 | return -EFAULT; | 198 | return -EFAULT; |
247 | 199 | ||
248 | if (bacmp(&bdaddr, BDADDR_ANY) == 0) | 200 | return hci_blacklist_del(hdev, &bdaddr); |
249 | return hci_blacklist_clear(hdev); | ||
250 | |||
251 | entry = hci_blacklist_lookup(hdev, &bdaddr); | ||
252 | if (!entry) | ||
253 | return -ENOENT; | ||
254 | |||
255 | list_del(&entry->list); | ||
256 | kfree(entry); | ||
257 | |||
258 | return 0; | ||
259 | } | 201 | } |
260 | 202 | ||
261 | /* Ioctls that require bound socket */ | 203 | /* Ioctls that require bound socket */ |
@@ -290,12 +232,12 @@ static inline int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd, unsign | |||
290 | case HCIBLOCKADDR: | 232 | case HCIBLOCKADDR: |
291 | if (!capable(CAP_NET_ADMIN)) | 233 | if (!capable(CAP_NET_ADMIN)) |
292 | return -EACCES; | 234 | return -EACCES; |
293 | return hci_blacklist_add(hdev, (void __user *) arg); | 235 | return hci_sock_blacklist_add(hdev, (void __user *) arg); |
294 | 236 | ||
295 | case HCIUNBLOCKADDR: | 237 | case HCIUNBLOCKADDR: |
296 | if (!capable(CAP_NET_ADMIN)) | 238 | if (!capable(CAP_NET_ADMIN)) |
297 | return -EACCES; | 239 | return -EACCES; |
298 | return hci_blacklist_del(hdev, (void __user *) arg); | 240 | return hci_sock_blacklist_del(hdev, (void __user *) arg); |
299 | 241 | ||
300 | default: | 242 | default: |
301 | if (hdev->ioctl) | 243 | if (hdev->ioctl) |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index ebff14c69078..fc219ec28711 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
@@ -54,6 +54,7 @@ | |||
54 | #include <net/bluetooth/bluetooth.h> | 54 | #include <net/bluetooth/bluetooth.h> |
55 | #include <net/bluetooth/hci_core.h> | 55 | #include <net/bluetooth/hci_core.h> |
56 | #include <net/bluetooth/l2cap.h> | 56 | #include <net/bluetooth/l2cap.h> |
57 | #include <net/bluetooth/smp.h> | ||
57 | 58 | ||
58 | int disable_ertm; | 59 | int disable_ertm; |
59 | 60 | ||
@@ -62,18 +63,34 @@ static u8 l2cap_fixed_chan[8] = { 0x02, }; | |||
62 | 63 | ||
63 | static struct workqueue_struct *_busy_wq; | 64 | static struct workqueue_struct *_busy_wq; |
64 | 65 | ||
65 | LIST_HEAD(chan_list); | 66 | static LIST_HEAD(chan_list); |
66 | DEFINE_RWLOCK(chan_list_lock); | 67 | static DEFINE_RWLOCK(chan_list_lock); |
67 | 68 | ||
68 | static void l2cap_busy_work(struct work_struct *work); | 69 | static void l2cap_busy_work(struct work_struct *work); |
69 | 70 | ||
70 | static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, | 71 | static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, |
71 | u8 code, u8 ident, u16 dlen, void *data); | 72 | u8 code, u8 ident, u16 dlen, void *data); |
73 | static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, | ||
74 | void *data); | ||
72 | static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data); | 75 | static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data); |
76 | static void l2cap_send_disconn_req(struct l2cap_conn *conn, | ||
77 | struct l2cap_chan *chan, int err); | ||
73 | 78 | ||
74 | static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb); | 79 | static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb); |
75 | 80 | ||
76 | /* ---- L2CAP channels ---- */ | 81 | /* ---- L2CAP channels ---- */ |
82 | |||
83 | static inline void chan_hold(struct l2cap_chan *c) | ||
84 | { | ||
85 | atomic_inc(&c->refcnt); | ||
86 | } | ||
87 | |||
88 | static inline void chan_put(struct l2cap_chan *c) | ||
89 | { | ||
90 | if (atomic_dec_and_test(&c->refcnt)) | ||
91 | kfree(c); | ||
92 | } | ||
93 | |||
77 | static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) | 94 | static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) |
78 | { | 95 | { |
79 | struct l2cap_chan *c; | 96 | struct l2cap_chan *c; |
@@ -204,6 +221,62 @@ static u16 l2cap_alloc_cid(struct l2cap_conn *conn) | |||
204 | return 0; | 221 | return 0; |
205 | } | 222 | } |
206 | 223 | ||
224 | static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout) | ||
225 | { | ||
226 | BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout); | ||
227 | |||
228 | if (!mod_timer(timer, jiffies + timeout)) | ||
229 | chan_hold(chan); | ||
230 | } | ||
231 | |||
232 | static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer) | ||
233 | { | ||
234 | BT_DBG("chan %p state %d", chan, chan->state); | ||
235 | |||
236 | if (timer_pending(timer) && del_timer(timer)) | ||
237 | chan_put(chan); | ||
238 | } | ||
239 | |||
240 | static void l2cap_state_change(struct l2cap_chan *chan, int state) | ||
241 | { | ||
242 | chan->state = state; | ||
243 | chan->ops->state_change(chan->data, state); | ||
244 | } | ||
245 | |||
246 | static void l2cap_chan_timeout(unsigned long arg) | ||
247 | { | ||
248 | struct l2cap_chan *chan = (struct l2cap_chan *) arg; | ||
249 | struct sock *sk = chan->sk; | ||
250 | int reason; | ||
251 | |||
252 | BT_DBG("chan %p state %d", chan, chan->state); | ||
253 | |||
254 | bh_lock_sock(sk); | ||
255 | |||
256 | if (sock_owned_by_user(sk)) { | ||
257 | /* sk is owned by user. Try again later */ | ||
258 | __set_chan_timer(chan, HZ / 5); | ||
259 | bh_unlock_sock(sk); | ||
260 | chan_put(chan); | ||
261 | return; | ||
262 | } | ||
263 | |||
264 | if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) | ||
265 | reason = ECONNREFUSED; | ||
266 | else if (chan->state == BT_CONNECT && | ||
267 | chan->sec_level != BT_SECURITY_SDP) | ||
268 | reason = ECONNREFUSED; | ||
269 | else | ||
270 | reason = ETIMEDOUT; | ||
271 | |||
272 | l2cap_chan_close(chan, reason); | ||
273 | |||
274 | bh_unlock_sock(sk); | ||
275 | |||
276 | chan->ops->close(chan->data); | ||
277 | chan_put(chan); | ||
278 | } | ||
279 | |||
207 | struct l2cap_chan *l2cap_chan_create(struct sock *sk) | 280 | struct l2cap_chan *l2cap_chan_create(struct sock *sk) |
208 | { | 281 | { |
209 | struct l2cap_chan *chan; | 282 | struct l2cap_chan *chan; |
@@ -218,6 +291,12 @@ struct l2cap_chan *l2cap_chan_create(struct sock *sk) | |||
218 | list_add(&chan->global_l, &chan_list); | 291 | list_add(&chan->global_l, &chan_list); |
219 | write_unlock_bh(&chan_list_lock); | 292 | write_unlock_bh(&chan_list_lock); |
220 | 293 | ||
294 | setup_timer(&chan->chan_timer, l2cap_chan_timeout, (unsigned long) chan); | ||
295 | |||
296 | chan->state = BT_OPEN; | ||
297 | |||
298 | atomic_set(&chan->refcnt, 1); | ||
299 | |||
221 | return chan; | 300 | return chan; |
222 | } | 301 | } |
223 | 302 | ||
@@ -227,13 +306,11 @@ void l2cap_chan_destroy(struct l2cap_chan *chan) | |||
227 | list_del(&chan->global_l); | 306 | list_del(&chan->global_l); |
228 | write_unlock_bh(&chan_list_lock); | 307 | write_unlock_bh(&chan_list_lock); |
229 | 308 | ||
230 | kfree(chan); | 309 | chan_put(chan); |
231 | } | 310 | } |
232 | 311 | ||
233 | static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | 312 | static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) |
234 | { | 313 | { |
235 | struct sock *sk = chan->sk; | ||
236 | |||
237 | BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, | 314 | BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, |
238 | chan->psm, chan->dcid); | 315 | chan->psm, chan->dcid); |
239 | 316 | ||
@@ -241,7 +318,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | |||
241 | 318 | ||
242 | chan->conn = conn; | 319 | chan->conn = conn; |
243 | 320 | ||
244 | if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) { | 321 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { |
245 | if (conn->hcon->type == LE_LINK) { | 322 | if (conn->hcon->type == LE_LINK) { |
246 | /* LE connection */ | 323 | /* LE connection */ |
247 | chan->omtu = L2CAP_LE_DEFAULT_MTU; | 324 | chan->omtu = L2CAP_LE_DEFAULT_MTU; |
@@ -252,7 +329,7 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | |||
252 | chan->scid = l2cap_alloc_cid(conn); | 329 | chan->scid = l2cap_alloc_cid(conn); |
253 | chan->omtu = L2CAP_DEFAULT_MTU; | 330 | chan->omtu = L2CAP_DEFAULT_MTU; |
254 | } | 331 | } |
255 | } else if (sk->sk_type == SOCK_DGRAM) { | 332 | } else if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { |
256 | /* Connectionless socket */ | 333 | /* Connectionless socket */ |
257 | chan->scid = L2CAP_CID_CONN_LESS; | 334 | chan->scid = L2CAP_CID_CONN_LESS; |
258 | chan->dcid = L2CAP_CID_CONN_LESS; | 335 | chan->dcid = L2CAP_CID_CONN_LESS; |
@@ -264,20 +341,20 @@ static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | |||
264 | chan->omtu = L2CAP_DEFAULT_MTU; | 341 | chan->omtu = L2CAP_DEFAULT_MTU; |
265 | } | 342 | } |
266 | 343 | ||
267 | sock_hold(sk); | 344 | chan_hold(chan); |
268 | 345 | ||
269 | list_add(&chan->list, &conn->chan_l); | 346 | list_add(&chan->list, &conn->chan_l); |
270 | } | 347 | } |
271 | 348 | ||
272 | /* Delete channel. | 349 | /* Delete channel. |
273 | * Must be called on the locked socket. */ | 350 | * Must be called on the locked socket. */ |
274 | void l2cap_chan_del(struct l2cap_chan *chan, int err) | 351 | static void l2cap_chan_del(struct l2cap_chan *chan, int err) |
275 | { | 352 | { |
276 | struct sock *sk = chan->sk; | 353 | struct sock *sk = chan->sk; |
277 | struct l2cap_conn *conn = chan->conn; | 354 | struct l2cap_conn *conn = chan->conn; |
278 | struct sock *parent = bt_sk(sk)->parent; | 355 | struct sock *parent = bt_sk(sk)->parent; |
279 | 356 | ||
280 | l2cap_sock_clear_timer(sk); | 357 | __clear_chan_timer(chan); |
281 | 358 | ||
282 | BT_DBG("chan %p, conn %p, err %d", chan, conn, err); | 359 | BT_DBG("chan %p, conn %p, err %d", chan, conn, err); |
283 | 360 | ||
@@ -286,13 +363,13 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
286 | write_lock_bh(&conn->chan_lock); | 363 | write_lock_bh(&conn->chan_lock); |
287 | list_del(&chan->list); | 364 | list_del(&chan->list); |
288 | write_unlock_bh(&conn->chan_lock); | 365 | write_unlock_bh(&conn->chan_lock); |
289 | __sock_put(sk); | 366 | chan_put(chan); |
290 | 367 | ||
291 | chan->conn = NULL; | 368 | chan->conn = NULL; |
292 | hci_conn_put(conn->hcon); | 369 | hci_conn_put(conn->hcon); |
293 | } | 370 | } |
294 | 371 | ||
295 | sk->sk_state = BT_CLOSED; | 372 | l2cap_state_change(chan, BT_CLOSED); |
296 | sock_set_flag(sk, SOCK_ZAPPED); | 373 | sock_set_flag(sk, SOCK_ZAPPED); |
297 | 374 | ||
298 | if (err) | 375 | if (err) |
@@ -304,8 +381,8 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
304 | } else | 381 | } else |
305 | sk->sk_state_change(sk); | 382 | sk->sk_state_change(sk); |
306 | 383 | ||
307 | if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE && | 384 | if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) && |
308 | chan->conf_state & L2CAP_CONF_INPUT_DONE)) | 385 | test_bit(CONF_INPUT_DONE, &chan->conf_state))) |
309 | return; | 386 | return; |
310 | 387 | ||
311 | skb_queue_purge(&chan->tx_q); | 388 | skb_queue_purge(&chan->tx_q); |
@@ -313,9 +390,9 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
313 | if (chan->mode == L2CAP_MODE_ERTM) { | 390 | if (chan->mode == L2CAP_MODE_ERTM) { |
314 | struct srej_list *l, *tmp; | 391 | struct srej_list *l, *tmp; |
315 | 392 | ||
316 | del_timer(&chan->retrans_timer); | 393 | __clear_retrans_timer(chan); |
317 | del_timer(&chan->monitor_timer); | 394 | __clear_monitor_timer(chan); |
318 | del_timer(&chan->ack_timer); | 395 | __clear_ack_timer(chan); |
319 | 396 | ||
320 | skb_queue_purge(&chan->srej_q); | 397 | skb_queue_purge(&chan->srej_q); |
321 | skb_queue_purge(&chan->busy_q); | 398 | skb_queue_purge(&chan->busy_q); |
@@ -327,11 +404,86 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
327 | } | 404 | } |
328 | } | 405 | } |
329 | 406 | ||
330 | static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) | 407 | static void l2cap_chan_cleanup_listen(struct sock *parent) |
331 | { | 408 | { |
409 | struct sock *sk; | ||
410 | |||
411 | BT_DBG("parent %p", parent); | ||
412 | |||
413 | /* Close not yet accepted channels */ | ||
414 | while ((sk = bt_accept_dequeue(parent, NULL))) { | ||
415 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | ||
416 | __clear_chan_timer(chan); | ||
417 | lock_sock(sk); | ||
418 | l2cap_chan_close(chan, ECONNRESET); | ||
419 | release_sock(sk); | ||
420 | chan->ops->close(chan->data); | ||
421 | } | ||
422 | } | ||
423 | |||
424 | void l2cap_chan_close(struct l2cap_chan *chan, int reason) | ||
425 | { | ||
426 | struct l2cap_conn *conn = chan->conn; | ||
332 | struct sock *sk = chan->sk; | 427 | struct sock *sk = chan->sk; |
333 | 428 | ||
334 | if (sk->sk_type == SOCK_RAW) { | 429 | BT_DBG("chan %p state %d socket %p", chan, chan->state, sk->sk_socket); |
430 | |||
431 | switch (chan->state) { | ||
432 | case BT_LISTEN: | ||
433 | l2cap_chan_cleanup_listen(sk); | ||
434 | |||
435 | l2cap_state_change(chan, BT_CLOSED); | ||
436 | sock_set_flag(sk, SOCK_ZAPPED); | ||
437 | break; | ||
438 | |||
439 | case BT_CONNECTED: | ||
440 | case BT_CONFIG: | ||
441 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && | ||
442 | conn->hcon->type == ACL_LINK) { | ||
443 | __clear_chan_timer(chan); | ||
444 | __set_chan_timer(chan, sk->sk_sndtimeo); | ||
445 | l2cap_send_disconn_req(conn, chan, reason); | ||
446 | } else | ||
447 | l2cap_chan_del(chan, reason); | ||
448 | break; | ||
449 | |||
450 | case BT_CONNECT2: | ||
451 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && | ||
452 | conn->hcon->type == ACL_LINK) { | ||
453 | struct l2cap_conn_rsp rsp; | ||
454 | __u16 result; | ||
455 | |||
456 | if (bt_sk(sk)->defer_setup) | ||
457 | result = L2CAP_CR_SEC_BLOCK; | ||
458 | else | ||
459 | result = L2CAP_CR_BAD_PSM; | ||
460 | l2cap_state_change(chan, BT_DISCONN); | ||
461 | |||
462 | rsp.scid = cpu_to_le16(chan->dcid); | ||
463 | rsp.dcid = cpu_to_le16(chan->scid); | ||
464 | rsp.result = cpu_to_le16(result); | ||
465 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | ||
466 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, | ||
467 | sizeof(rsp), &rsp); | ||
468 | } | ||
469 | |||
470 | l2cap_chan_del(chan, reason); | ||
471 | break; | ||
472 | |||
473 | case BT_CONNECT: | ||
474 | case BT_DISCONN: | ||
475 | l2cap_chan_del(chan, reason); | ||
476 | break; | ||
477 | |||
478 | default: | ||
479 | sock_set_flag(sk, SOCK_ZAPPED); | ||
480 | break; | ||
481 | } | ||
482 | } | ||
483 | |||
484 | static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) | ||
485 | { | ||
486 | if (chan->chan_type == L2CAP_CHAN_RAW) { | ||
335 | switch (chan->sec_level) { | 487 | switch (chan->sec_level) { |
336 | case BT_SECURITY_HIGH: | 488 | case BT_SECURITY_HIGH: |
337 | return HCI_AT_DEDICATED_BONDING_MITM; | 489 | return HCI_AT_DEDICATED_BONDING_MITM; |
@@ -371,7 +523,7 @@ static inline int l2cap_check_security(struct l2cap_chan *chan) | |||
371 | return hci_conn_security(conn->hcon, chan->sec_level, auth_type); | 523 | return hci_conn_security(conn->hcon, chan->sec_level, auth_type); |
372 | } | 524 | } |
373 | 525 | ||
374 | u8 l2cap_get_ident(struct l2cap_conn *conn) | 526 | static u8 l2cap_get_ident(struct l2cap_conn *conn) |
375 | { | 527 | { |
376 | u8 id; | 528 | u8 id; |
377 | 529 | ||
@@ -393,7 +545,7 @@ u8 l2cap_get_ident(struct l2cap_conn *conn) | |||
393 | return id; | 545 | return id; |
394 | } | 546 | } |
395 | 547 | ||
396 | void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) | 548 | static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data) |
397 | { | 549 | { |
398 | struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); | 550 | struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data); |
399 | u8 flags; | 551 | u8 flags; |
@@ -408,6 +560,8 @@ void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *d | |||
408 | else | 560 | else |
409 | flags = ACL_START; | 561 | flags = ACL_START; |
410 | 562 | ||
563 | bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON; | ||
564 | |||
411 | hci_send_acl(conn->hcon, skb, flags); | 565 | hci_send_acl(conn->hcon, skb, flags); |
412 | } | 566 | } |
413 | 567 | ||
@@ -415,13 +569,11 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control) | |||
415 | { | 569 | { |
416 | struct sk_buff *skb; | 570 | struct sk_buff *skb; |
417 | struct l2cap_hdr *lh; | 571 | struct l2cap_hdr *lh; |
418 | struct l2cap_pinfo *pi = l2cap_pi(chan->sk); | ||
419 | struct l2cap_conn *conn = chan->conn; | 572 | struct l2cap_conn *conn = chan->conn; |
420 | struct sock *sk = (struct sock *)pi; | ||
421 | int count, hlen = L2CAP_HDR_SIZE + 2; | 573 | int count, hlen = L2CAP_HDR_SIZE + 2; |
422 | u8 flags; | 574 | u8 flags; |
423 | 575 | ||
424 | if (sk->sk_state != BT_CONNECTED) | 576 | if (chan->state != BT_CONNECTED) |
425 | return; | 577 | return; |
426 | 578 | ||
427 | if (chan->fcs == L2CAP_FCS_CRC16) | 579 | if (chan->fcs == L2CAP_FCS_CRC16) |
@@ -432,15 +584,11 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control) | |||
432 | count = min_t(unsigned int, conn->mtu, hlen); | 584 | count = min_t(unsigned int, conn->mtu, hlen); |
433 | control |= L2CAP_CTRL_FRAME_TYPE; | 585 | control |= L2CAP_CTRL_FRAME_TYPE; |
434 | 586 | ||
435 | if (chan->conn_state & L2CAP_CONN_SEND_FBIT) { | 587 | if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) |
436 | control |= L2CAP_CTRL_FINAL; | 588 | control |= L2CAP_CTRL_FINAL; |
437 | chan->conn_state &= ~L2CAP_CONN_SEND_FBIT; | ||
438 | } | ||
439 | 589 | ||
440 | if (chan->conn_state & L2CAP_CONN_SEND_PBIT) { | 590 | if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state)) |
441 | control |= L2CAP_CTRL_POLL; | 591 | control |= L2CAP_CTRL_POLL; |
442 | chan->conn_state &= ~L2CAP_CONN_SEND_PBIT; | ||
443 | } | ||
444 | 592 | ||
445 | skb = bt_skb_alloc(count, GFP_ATOMIC); | 593 | skb = bt_skb_alloc(count, GFP_ATOMIC); |
446 | if (!skb) | 594 | if (!skb) |
@@ -461,14 +609,16 @@ static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control) | |||
461 | else | 609 | else |
462 | flags = ACL_START; | 610 | flags = ACL_START; |
463 | 611 | ||
612 | bt_cb(skb)->force_active = chan->force_active; | ||
613 | |||
464 | hci_send_acl(chan->conn->hcon, skb, flags); | 614 | hci_send_acl(chan->conn->hcon, skb, flags); |
465 | } | 615 | } |
466 | 616 | ||
467 | static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control) | 617 | static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control) |
468 | { | 618 | { |
469 | if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) { | 619 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { |
470 | control |= L2CAP_SUPER_RCV_NOT_READY; | 620 | control |= L2CAP_SUPER_RCV_NOT_READY; |
471 | chan->conn_state |= L2CAP_CONN_RNR_SENT; | 621 | set_bit(CONN_RNR_SENT, &chan->conn_state); |
472 | } else | 622 | } else |
473 | control |= L2CAP_SUPER_RCV_READY; | 623 | control |= L2CAP_SUPER_RCV_READY; |
474 | 624 | ||
@@ -479,7 +629,7 @@ static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control) | |||
479 | 629 | ||
480 | static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan) | 630 | static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan) |
481 | { | 631 | { |
482 | return !(chan->conf_state & L2CAP_CONF_CONNECT_PEND); | 632 | return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); |
483 | } | 633 | } |
484 | 634 | ||
485 | static void l2cap_do_start(struct l2cap_chan *chan) | 635 | static void l2cap_do_start(struct l2cap_chan *chan) |
@@ -497,7 +647,7 @@ static void l2cap_do_start(struct l2cap_chan *chan) | |||
497 | req.psm = chan->psm; | 647 | req.psm = chan->psm; |
498 | 648 | ||
499 | chan->ident = l2cap_get_ident(conn); | 649 | chan->ident = l2cap_get_ident(conn); |
500 | chan->conf_state |= L2CAP_CONF_CONNECT_PEND; | 650 | set_bit(CONF_CONNECT_PEND, &chan->conf_state); |
501 | 651 | ||
502 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, | 652 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, |
503 | sizeof(req), &req); | 653 | sizeof(req), &req); |
@@ -533,7 +683,7 @@ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask) | |||
533 | } | 683 | } |
534 | } | 684 | } |
535 | 685 | ||
536 | void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err) | 686 | static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err) |
537 | { | 687 | { |
538 | struct sock *sk; | 688 | struct sock *sk; |
539 | struct l2cap_disconn_req req; | 689 | struct l2cap_disconn_req req; |
@@ -544,9 +694,9 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, in | |||
544 | sk = chan->sk; | 694 | sk = chan->sk; |
545 | 695 | ||
546 | if (chan->mode == L2CAP_MODE_ERTM) { | 696 | if (chan->mode == L2CAP_MODE_ERTM) { |
547 | del_timer(&chan->retrans_timer); | 697 | __clear_retrans_timer(chan); |
548 | del_timer(&chan->monitor_timer); | 698 | __clear_monitor_timer(chan); |
549 | del_timer(&chan->ack_timer); | 699 | __clear_ack_timer(chan); |
550 | } | 700 | } |
551 | 701 | ||
552 | req.dcid = cpu_to_le16(chan->dcid); | 702 | req.dcid = cpu_to_le16(chan->dcid); |
@@ -554,7 +704,7 @@ void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, in | |||
554 | l2cap_send_cmd(conn, l2cap_get_ident(conn), | 704 | l2cap_send_cmd(conn, l2cap_get_ident(conn), |
555 | L2CAP_DISCONN_REQ, sizeof(req), &req); | 705 | L2CAP_DISCONN_REQ, sizeof(req), &req); |
556 | 706 | ||
557 | sk->sk_state = BT_DISCONN; | 707 | l2cap_state_change(chan, BT_DISCONN); |
558 | sk->sk_err = err; | 708 | sk->sk_err = err; |
559 | } | 709 | } |
560 | 710 | ||
@@ -572,13 +722,12 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
572 | 722 | ||
573 | bh_lock_sock(sk); | 723 | bh_lock_sock(sk); |
574 | 724 | ||
575 | if (sk->sk_type != SOCK_SEQPACKET && | 725 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { |
576 | sk->sk_type != SOCK_STREAM) { | ||
577 | bh_unlock_sock(sk); | 726 | bh_unlock_sock(sk); |
578 | continue; | 727 | continue; |
579 | } | 728 | } |
580 | 729 | ||
581 | if (sk->sk_state == BT_CONNECT) { | 730 | if (chan->state == BT_CONNECT) { |
582 | struct l2cap_conn_req req; | 731 | struct l2cap_conn_req req; |
583 | 732 | ||
584 | if (!l2cap_check_security(chan) || | 733 | if (!l2cap_check_security(chan) || |
@@ -587,14 +736,13 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
587 | continue; | 736 | continue; |
588 | } | 737 | } |
589 | 738 | ||
590 | if (!l2cap_mode_supported(chan->mode, | 739 | if (!l2cap_mode_supported(chan->mode, conn->feat_mask) |
591 | conn->feat_mask) | 740 | && test_bit(CONF_STATE2_DEVICE, |
592 | && chan->conf_state & | 741 | &chan->conf_state)) { |
593 | L2CAP_CONF_STATE2_DEVICE) { | 742 | /* l2cap_chan_close() calls list_del(chan) |
594 | /* __l2cap_sock_close() calls list_del(chan) | ||
595 | * so release the lock */ | 743 | * so release the lock */ |
596 | read_unlock_bh(&conn->chan_lock); | 744 | read_unlock_bh(&conn->chan_lock); |
597 | __l2cap_sock_close(sk, ECONNRESET); | 745 | l2cap_chan_close(chan, ECONNRESET); |
598 | read_lock_bh(&conn->chan_lock); | 746 | read_lock_bh(&conn->chan_lock); |
599 | bh_unlock_sock(sk); | 747 | bh_unlock_sock(sk); |
600 | continue; | 748 | continue; |
@@ -604,12 +752,12 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
604 | req.psm = chan->psm; | 752 | req.psm = chan->psm; |
605 | 753 | ||
606 | chan->ident = l2cap_get_ident(conn); | 754 | chan->ident = l2cap_get_ident(conn); |
607 | chan->conf_state |= L2CAP_CONF_CONNECT_PEND; | 755 | set_bit(CONF_CONNECT_PEND, &chan->conf_state); |
608 | 756 | ||
609 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, | 757 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, |
610 | sizeof(req), &req); | 758 | sizeof(req), &req); |
611 | 759 | ||
612 | } else if (sk->sk_state == BT_CONNECT2) { | 760 | } else if (chan->state == BT_CONNECT2) { |
613 | struct l2cap_conn_rsp rsp; | 761 | struct l2cap_conn_rsp rsp; |
614 | char buf[128]; | 762 | char buf[128]; |
615 | rsp.scid = cpu_to_le16(chan->dcid); | 763 | rsp.scid = cpu_to_le16(chan->dcid); |
@@ -623,7 +771,7 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
623 | parent->sk_data_ready(parent, 0); | 771 | parent->sk_data_ready(parent, 0); |
624 | 772 | ||
625 | } else { | 773 | } else { |
626 | sk->sk_state = BT_CONFIG; | 774 | l2cap_state_change(chan, BT_CONFIG); |
627 | rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); | 775 | rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); |
628 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | 776 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); |
629 | } | 777 | } |
@@ -635,13 +783,13 @@ static void l2cap_conn_start(struct l2cap_conn *conn) | |||
635 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, | 783 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, |
636 | sizeof(rsp), &rsp); | 784 | sizeof(rsp), &rsp); |
637 | 785 | ||
638 | if (chan->conf_state & L2CAP_CONF_REQ_SENT || | 786 | if (test_bit(CONF_REQ_SENT, &chan->conf_state) || |
639 | rsp.result != L2CAP_CR_SUCCESS) { | 787 | rsp.result != L2CAP_CR_SUCCESS) { |
640 | bh_unlock_sock(sk); | 788 | bh_unlock_sock(sk); |
641 | continue; | 789 | continue; |
642 | } | 790 | } |
643 | 791 | ||
644 | chan->conf_state |= L2CAP_CONF_REQ_SENT; | 792 | set_bit(CONF_REQ_SENT, &chan->conf_state); |
645 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 793 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
646 | l2cap_build_conf_req(chan, buf), buf); | 794 | l2cap_build_conf_req(chan, buf), buf); |
647 | chan->num_conf_req++; | 795 | chan->num_conf_req++; |
@@ -665,7 +813,7 @@ static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdadd | |||
665 | list_for_each_entry(c, &chan_list, global_l) { | 813 | list_for_each_entry(c, &chan_list, global_l) { |
666 | struct sock *sk = c->sk; | 814 | struct sock *sk = c->sk; |
667 | 815 | ||
668 | if (state && sk->sk_state != state) | 816 | if (state && c->state != state) |
669 | continue; | 817 | continue; |
670 | 818 | ||
671 | if (c->scid == cid) { | 819 | if (c->scid == cid) { |
@@ -709,24 +857,16 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn) | |||
709 | goto clean; | 857 | goto clean; |
710 | } | 858 | } |
711 | 859 | ||
712 | sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC); | 860 | chan = pchan->ops->new_connection(pchan->data); |
713 | if (!sk) | 861 | if (!chan) |
714 | goto clean; | ||
715 | |||
716 | chan = l2cap_chan_create(sk); | ||
717 | if (!chan) { | ||
718 | l2cap_sock_kill(sk); | ||
719 | goto clean; | 862 | goto clean; |
720 | } | ||
721 | 863 | ||
722 | l2cap_pi(sk)->chan = chan; | 864 | sk = chan->sk; |
723 | 865 | ||
724 | write_lock_bh(&conn->chan_lock); | 866 | write_lock_bh(&conn->chan_lock); |
725 | 867 | ||
726 | hci_conn_hold(conn->hcon); | 868 | hci_conn_hold(conn->hcon); |
727 | 869 | ||
728 | l2cap_sock_init(sk, parent); | ||
729 | |||
730 | bacpy(&bt_sk(sk)->src, conn->src); | 870 | bacpy(&bt_sk(sk)->src, conn->src); |
731 | bacpy(&bt_sk(sk)->dst, conn->dst); | 871 | bacpy(&bt_sk(sk)->dst, conn->dst); |
732 | 872 | ||
@@ -734,9 +874,9 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn) | |||
734 | 874 | ||
735 | __l2cap_chan_add(conn, chan); | 875 | __l2cap_chan_add(conn, chan); |
736 | 876 | ||
737 | l2cap_sock_set_timer(sk, sk->sk_sndtimeo); | 877 | __set_chan_timer(chan, sk->sk_sndtimeo); |
738 | 878 | ||
739 | sk->sk_state = BT_CONNECTED; | 879 | l2cap_state_change(chan, BT_CONNECTED); |
740 | parent->sk_data_ready(parent, 0); | 880 | parent->sk_data_ready(parent, 0); |
741 | 881 | ||
742 | write_unlock_bh(&conn->chan_lock); | 882 | write_unlock_bh(&conn->chan_lock); |
@@ -745,6 +885,23 @@ clean: | |||
745 | bh_unlock_sock(parent); | 885 | bh_unlock_sock(parent); |
746 | } | 886 | } |
747 | 887 | ||
888 | static void l2cap_chan_ready(struct sock *sk) | ||
889 | { | ||
890 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | ||
891 | struct sock *parent = bt_sk(sk)->parent; | ||
892 | |||
893 | BT_DBG("sk %p, parent %p", sk, parent); | ||
894 | |||
895 | chan->conf_state = 0; | ||
896 | __clear_chan_timer(chan); | ||
897 | |||
898 | l2cap_state_change(chan, BT_CONNECTED); | ||
899 | sk->sk_state_change(sk); | ||
900 | |||
901 | if (parent) | ||
902 | parent->sk_data_ready(parent, 0); | ||
903 | } | ||
904 | |||
748 | static void l2cap_conn_ready(struct l2cap_conn *conn) | 905 | static void l2cap_conn_ready(struct l2cap_conn *conn) |
749 | { | 906 | { |
750 | struct l2cap_chan *chan; | 907 | struct l2cap_chan *chan; |
@@ -762,17 +919,15 @@ static void l2cap_conn_ready(struct l2cap_conn *conn) | |||
762 | bh_lock_sock(sk); | 919 | bh_lock_sock(sk); |
763 | 920 | ||
764 | if (conn->hcon->type == LE_LINK) { | 921 | if (conn->hcon->type == LE_LINK) { |
765 | l2cap_sock_clear_timer(sk); | 922 | if (smp_conn_security(conn, chan->sec_level)) |
766 | sk->sk_state = BT_CONNECTED; | 923 | l2cap_chan_ready(sk); |
767 | sk->sk_state_change(sk); | ||
768 | } | ||
769 | 924 | ||
770 | if (sk->sk_type != SOCK_SEQPACKET && | 925 | } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { |
771 | sk->sk_type != SOCK_STREAM) { | 926 | __clear_chan_timer(chan); |
772 | l2cap_sock_clear_timer(sk); | 927 | l2cap_state_change(chan, BT_CONNECTED); |
773 | sk->sk_state = BT_CONNECTED; | ||
774 | sk->sk_state_change(sk); | 928 | sk->sk_state_change(sk); |
775 | } else if (sk->sk_state == BT_CONNECT) | 929 | |
930 | } else if (chan->state == BT_CONNECT) | ||
776 | l2cap_do_start(chan); | 931 | l2cap_do_start(chan); |
777 | 932 | ||
778 | bh_unlock_sock(sk); | 933 | bh_unlock_sock(sk); |
@@ -810,6 +965,45 @@ static void l2cap_info_timeout(unsigned long arg) | |||
810 | l2cap_conn_start(conn); | 965 | l2cap_conn_start(conn); |
811 | } | 966 | } |
812 | 967 | ||
968 | static void l2cap_conn_del(struct hci_conn *hcon, int err) | ||
969 | { | ||
970 | struct l2cap_conn *conn = hcon->l2cap_data; | ||
971 | struct l2cap_chan *chan, *l; | ||
972 | struct sock *sk; | ||
973 | |||
974 | if (!conn) | ||
975 | return; | ||
976 | |||
977 | BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); | ||
978 | |||
979 | kfree_skb(conn->rx_skb); | ||
980 | |||
981 | /* Kill channels */ | ||
982 | list_for_each_entry_safe(chan, l, &conn->chan_l, list) { | ||
983 | sk = chan->sk; | ||
984 | bh_lock_sock(sk); | ||
985 | l2cap_chan_del(chan, err); | ||
986 | bh_unlock_sock(sk); | ||
987 | chan->ops->close(chan->data); | ||
988 | } | ||
989 | |||
990 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) | ||
991 | del_timer_sync(&conn->info_timer); | ||
992 | |||
993 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) | ||
994 | del_timer(&conn->security_timer); | ||
995 | |||
996 | hcon->l2cap_data = NULL; | ||
997 | kfree(conn); | ||
998 | } | ||
999 | |||
1000 | static void security_timeout(unsigned long arg) | ||
1001 | { | ||
1002 | struct l2cap_conn *conn = (void *) arg; | ||
1003 | |||
1004 | l2cap_conn_del(conn->hcon, ETIMEDOUT); | ||
1005 | } | ||
1006 | |||
813 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | 1007 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) |
814 | { | 1008 | { |
815 | struct l2cap_conn *conn = hcon->l2cap_data; | 1009 | struct l2cap_conn *conn = hcon->l2cap_data; |
@@ -841,7 +1035,10 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
841 | 1035 | ||
842 | INIT_LIST_HEAD(&conn->chan_l); | 1036 | INIT_LIST_HEAD(&conn->chan_l); |
843 | 1037 | ||
844 | if (hcon->type != LE_LINK) | 1038 | if (hcon->type == LE_LINK) |
1039 | setup_timer(&conn->security_timer, security_timeout, | ||
1040 | (unsigned long) conn); | ||
1041 | else | ||
845 | setup_timer(&conn->info_timer, l2cap_info_timeout, | 1042 | setup_timer(&conn->info_timer, l2cap_info_timeout, |
846 | (unsigned long) conn); | 1043 | (unsigned long) conn); |
847 | 1044 | ||
@@ -850,35 +1047,6 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) | |||
850 | return conn; | 1047 | return conn; |
851 | } | 1048 | } |
852 | 1049 | ||
853 | static void l2cap_conn_del(struct hci_conn *hcon, int err) | ||
854 | { | ||
855 | struct l2cap_conn *conn = hcon->l2cap_data; | ||
856 | struct l2cap_chan *chan, *l; | ||
857 | struct sock *sk; | ||
858 | |||
859 | if (!conn) | ||
860 | return; | ||
861 | |||
862 | BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); | ||
863 | |||
864 | kfree_skb(conn->rx_skb); | ||
865 | |||
866 | /* Kill channels */ | ||
867 | list_for_each_entry_safe(chan, l, &conn->chan_l, list) { | ||
868 | sk = chan->sk; | ||
869 | bh_lock_sock(sk); | ||
870 | l2cap_chan_del(chan, err); | ||
871 | bh_unlock_sock(sk); | ||
872 | l2cap_sock_kill(sk); | ||
873 | } | ||
874 | |||
875 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) | ||
876 | del_timer_sync(&conn->info_timer); | ||
877 | |||
878 | hcon->l2cap_data = NULL; | ||
879 | kfree(conn); | ||
880 | } | ||
881 | |||
882 | static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | 1050 | static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) |
883 | { | 1051 | { |
884 | write_lock_bh(&conn->chan_lock); | 1052 | write_lock_bh(&conn->chan_lock); |
@@ -900,7 +1068,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr | |||
900 | list_for_each_entry(c, &chan_list, global_l) { | 1068 | list_for_each_entry(c, &chan_list, global_l) { |
901 | struct sock *sk = c->sk; | 1069 | struct sock *sk = c->sk; |
902 | 1070 | ||
903 | if (state && sk->sk_state != state) | 1071 | if (state && c->state != state) |
904 | continue; | 1072 | continue; |
905 | 1073 | ||
906 | if (c->psm == psm) { | 1074 | if (c->psm == psm) { |
@@ -967,15 +1135,14 @@ int l2cap_chan_connect(struct l2cap_chan *chan) | |||
967 | 1135 | ||
968 | l2cap_chan_add(conn, chan); | 1136 | l2cap_chan_add(conn, chan); |
969 | 1137 | ||
970 | sk->sk_state = BT_CONNECT; | 1138 | l2cap_state_change(chan, BT_CONNECT); |
971 | l2cap_sock_set_timer(sk, sk->sk_sndtimeo); | 1139 | __set_chan_timer(chan, sk->sk_sndtimeo); |
972 | 1140 | ||
973 | if (hcon->state == BT_CONNECTED) { | 1141 | if (hcon->state == BT_CONNECTED) { |
974 | if (sk->sk_type != SOCK_SEQPACKET && | 1142 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { |
975 | sk->sk_type != SOCK_STREAM) { | 1143 | __clear_chan_timer(chan); |
976 | l2cap_sock_clear_timer(sk); | ||
977 | if (l2cap_check_security(chan)) | 1144 | if (l2cap_check_security(chan)) |
978 | sk->sk_state = BT_CONNECTED; | 1145 | l2cap_state_change(chan, BT_CONNECTED); |
979 | } else | 1146 | } else |
980 | l2cap_do_start(chan); | 1147 | l2cap_do_start(chan); |
981 | } | 1148 | } |
@@ -1035,7 +1202,7 @@ static void l2cap_monitor_timeout(unsigned long arg) | |||
1035 | } | 1202 | } |
1036 | 1203 | ||
1037 | chan->retry_count++; | 1204 | chan->retry_count++; |
1038 | __mod_monitor_timer(); | 1205 | __set_monitor_timer(chan); |
1039 | 1206 | ||
1040 | l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); | 1207 | l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); |
1041 | bh_unlock_sock(sk); | 1208 | bh_unlock_sock(sk); |
@@ -1050,9 +1217,9 @@ static void l2cap_retrans_timeout(unsigned long arg) | |||
1050 | 1217 | ||
1051 | bh_lock_sock(sk); | 1218 | bh_lock_sock(sk); |
1052 | chan->retry_count = 1; | 1219 | chan->retry_count = 1; |
1053 | __mod_monitor_timer(); | 1220 | __set_monitor_timer(chan); |
1054 | 1221 | ||
1055 | chan->conn_state |= L2CAP_CONN_WAIT_F; | 1222 | set_bit(CONN_WAIT_F, &chan->conn_state); |
1056 | 1223 | ||
1057 | l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); | 1224 | l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL); |
1058 | bh_unlock_sock(sk); | 1225 | bh_unlock_sock(sk); |
@@ -1074,7 +1241,7 @@ static void l2cap_drop_acked_frames(struct l2cap_chan *chan) | |||
1074 | } | 1241 | } |
1075 | 1242 | ||
1076 | if (!chan->unacked_frames) | 1243 | if (!chan->unacked_frames) |
1077 | del_timer(&chan->retrans_timer); | 1244 | __clear_retrans_timer(chan); |
1078 | } | 1245 | } |
1079 | 1246 | ||
1080 | void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb) | 1247 | void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb) |
@@ -1089,6 +1256,7 @@ void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb) | |||
1089 | else | 1256 | else |
1090 | flags = ACL_START; | 1257 | flags = ACL_START; |
1091 | 1258 | ||
1259 | bt_cb(skb)->force_active = chan->force_active; | ||
1092 | hci_send_acl(hcon, skb, flags); | 1260 | hci_send_acl(hcon, skb, flags); |
1093 | } | 1261 | } |
1094 | 1262 | ||
@@ -1142,10 +1310,8 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq) | |||
1142 | control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); | 1310 | control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); |
1143 | control &= L2CAP_CTRL_SAR; | 1311 | control &= L2CAP_CTRL_SAR; |
1144 | 1312 | ||
1145 | if (chan->conn_state & L2CAP_CONN_SEND_FBIT) { | 1313 | if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) |
1146 | control |= L2CAP_CTRL_FINAL; | 1314 | control |= L2CAP_CTRL_FINAL; |
1147 | chan->conn_state &= ~L2CAP_CONN_SEND_FBIT; | ||
1148 | } | ||
1149 | 1315 | ||
1150 | control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) | 1316 | control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) |
1151 | | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); | 1317 | | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); |
@@ -1163,11 +1329,10 @@ static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq) | |||
1163 | int l2cap_ertm_send(struct l2cap_chan *chan) | 1329 | int l2cap_ertm_send(struct l2cap_chan *chan) |
1164 | { | 1330 | { |
1165 | struct sk_buff *skb, *tx_skb; | 1331 | struct sk_buff *skb, *tx_skb; |
1166 | struct sock *sk = chan->sk; | ||
1167 | u16 control, fcs; | 1332 | u16 control, fcs; |
1168 | int nsent = 0; | 1333 | int nsent = 0; |
1169 | 1334 | ||
1170 | if (sk->sk_state != BT_CONNECTED) | 1335 | if (chan->state != BT_CONNECTED) |
1171 | return -ENOTCONN; | 1336 | return -ENOTCONN; |
1172 | 1337 | ||
1173 | while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) { | 1338 | while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) { |
@@ -1185,10 +1350,9 @@ int l2cap_ertm_send(struct l2cap_chan *chan) | |||
1185 | control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); | 1350 | control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); |
1186 | control &= L2CAP_CTRL_SAR; | 1351 | control &= L2CAP_CTRL_SAR; |
1187 | 1352 | ||
1188 | if (chan->conn_state & L2CAP_CONN_SEND_FBIT) { | 1353 | if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) |
1189 | control |= L2CAP_CTRL_FINAL; | 1354 | control |= L2CAP_CTRL_FINAL; |
1190 | chan->conn_state &= ~L2CAP_CONN_SEND_FBIT; | 1355 | |
1191 | } | ||
1192 | control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) | 1356 | control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT) |
1193 | | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); | 1357 | | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT); |
1194 | put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); | 1358 | put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE); |
@@ -1201,7 +1365,7 @@ int l2cap_ertm_send(struct l2cap_chan *chan) | |||
1201 | 1365 | ||
1202 | l2cap_do_send(chan, tx_skb); | 1366 | l2cap_do_send(chan, tx_skb); |
1203 | 1367 | ||
1204 | __mod_retrans_timer(); | 1368 | __set_retrans_timer(chan); |
1205 | 1369 | ||
1206 | bt_cb(skb)->tx_seq = chan->next_tx_seq; | 1370 | bt_cb(skb)->tx_seq = chan->next_tx_seq; |
1207 | chan->next_tx_seq = (chan->next_tx_seq + 1) % 64; | 1371 | chan->next_tx_seq = (chan->next_tx_seq + 1) % 64; |
@@ -1240,9 +1404,9 @@ static void l2cap_send_ack(struct l2cap_chan *chan) | |||
1240 | 1404 | ||
1241 | control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; | 1405 | control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; |
1242 | 1406 | ||
1243 | if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) { | 1407 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { |
1244 | control |= L2CAP_SUPER_RCV_NOT_READY; | 1408 | control |= L2CAP_SUPER_RCV_NOT_READY; |
1245 | chan->conn_state |= L2CAP_CONN_RNR_SENT; | 1409 | set_bit(CONN_RNR_SENT, &chan->conn_state); |
1246 | l2cap_send_sframe(chan, control); | 1410 | l2cap_send_sframe(chan, control); |
1247 | return; | 1411 | return; |
1248 | } | 1412 | } |
@@ -1450,28 +1614,83 @@ int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t le | |||
1450 | return size; | 1614 | return size; |
1451 | } | 1615 | } |
1452 | 1616 | ||
1453 | static void l2cap_chan_ready(struct sock *sk) | 1617 | int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len) |
1454 | { | 1618 | { |
1455 | struct sock *parent = bt_sk(sk)->parent; | 1619 | struct sk_buff *skb; |
1456 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | 1620 | u16 control; |
1621 | int err; | ||
1457 | 1622 | ||
1458 | BT_DBG("sk %p, parent %p", sk, parent); | 1623 | /* Connectionless channel */ |
1624 | if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { | ||
1625 | skb = l2cap_create_connless_pdu(chan, msg, len); | ||
1626 | if (IS_ERR(skb)) | ||
1627 | return PTR_ERR(skb); | ||
1459 | 1628 | ||
1460 | chan->conf_state = 0; | 1629 | l2cap_do_send(chan, skb); |
1461 | l2cap_sock_clear_timer(sk); | 1630 | return len; |
1631 | } | ||
1462 | 1632 | ||
1463 | if (!parent) { | 1633 | switch (chan->mode) { |
1464 | /* Outgoing channel. | 1634 | case L2CAP_MODE_BASIC: |
1465 | * Wake up socket sleeping on connect. | 1635 | /* Check outgoing MTU */ |
1466 | */ | 1636 | if (len > chan->omtu) |
1467 | sk->sk_state = BT_CONNECTED; | 1637 | return -EMSGSIZE; |
1468 | sk->sk_state_change(sk); | 1638 | |
1469 | } else { | 1639 | /* Create a basic PDU */ |
1470 | /* Incoming channel. | 1640 | skb = l2cap_create_basic_pdu(chan, msg, len); |
1471 | * Wake up socket sleeping on accept. | 1641 | if (IS_ERR(skb)) |
1472 | */ | 1642 | return PTR_ERR(skb); |
1473 | parent->sk_data_ready(parent, 0); | 1643 | |
1644 | l2cap_do_send(chan, skb); | ||
1645 | err = len; | ||
1646 | break; | ||
1647 | |||
1648 | case L2CAP_MODE_ERTM: | ||
1649 | case L2CAP_MODE_STREAMING: | ||
1650 | /* Entire SDU fits into one PDU */ | ||
1651 | if (len <= chan->remote_mps) { | ||
1652 | control = L2CAP_SDU_UNSEGMENTED; | ||
1653 | skb = l2cap_create_iframe_pdu(chan, msg, len, control, | ||
1654 | 0); | ||
1655 | if (IS_ERR(skb)) | ||
1656 | return PTR_ERR(skb); | ||
1657 | |||
1658 | __skb_queue_tail(&chan->tx_q, skb); | ||
1659 | |||
1660 | if (chan->tx_send_head == NULL) | ||
1661 | chan->tx_send_head = skb; | ||
1662 | |||
1663 | } else { | ||
1664 | /* Segment SDU into multiples PDUs */ | ||
1665 | err = l2cap_sar_segment_sdu(chan, msg, len); | ||
1666 | if (err < 0) | ||
1667 | return err; | ||
1668 | } | ||
1669 | |||
1670 | if (chan->mode == L2CAP_MODE_STREAMING) { | ||
1671 | l2cap_streaming_send(chan); | ||
1672 | err = len; | ||
1673 | break; | ||
1674 | } | ||
1675 | |||
1676 | if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) && | ||
1677 | test_bit(CONN_WAIT_F, &chan->conn_state)) { | ||
1678 | err = len; | ||
1679 | break; | ||
1680 | } | ||
1681 | |||
1682 | err = l2cap_ertm_send(chan); | ||
1683 | if (err >= 0) | ||
1684 | err = len; | ||
1685 | |||
1686 | break; | ||
1687 | |||
1688 | default: | ||
1689 | BT_DBG("bad state %1.1x", chan->mode); | ||
1690 | err = -EBADFD; | ||
1474 | } | 1691 | } |
1692 | |||
1693 | return err; | ||
1475 | } | 1694 | } |
1476 | 1695 | ||
1477 | /* Copy frame to all raw sockets on that connection */ | 1696 | /* Copy frame to all raw sockets on that connection */ |
@@ -1485,7 +1704,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb) | |||
1485 | read_lock(&conn->chan_lock); | 1704 | read_lock(&conn->chan_lock); |
1486 | list_for_each_entry(chan, &conn->chan_l, list) { | 1705 | list_for_each_entry(chan, &conn->chan_l, list) { |
1487 | struct sock *sk = chan->sk; | 1706 | struct sock *sk = chan->sk; |
1488 | if (sk->sk_type != SOCK_RAW) | 1707 | if (chan->chan_type != L2CAP_CHAN_RAW) |
1489 | continue; | 1708 | continue; |
1490 | 1709 | ||
1491 | /* Don't send frame to the socket it came from */ | 1710 | /* Don't send frame to the socket it came from */ |
@@ -1495,7 +1714,7 @@ static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb) | |||
1495 | if (!nskb) | 1714 | if (!nskb) |
1496 | continue; | 1715 | continue; |
1497 | 1716 | ||
1498 | if (sock_queue_rcv_skb(sk, nskb)) | 1717 | if (chan->ops->recv(chan->data, nskb)) |
1499 | kfree_skb(nskb); | 1718 | kfree_skb(nskb); |
1500 | } | 1719 | } |
1501 | read_unlock(&conn->chan_lock); | 1720 | read_unlock(&conn->chan_lock); |
@@ -1690,7 +1909,7 @@ static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data) | |||
1690 | switch (chan->mode) { | 1909 | switch (chan->mode) { |
1691 | case L2CAP_MODE_STREAMING: | 1910 | case L2CAP_MODE_STREAMING: |
1692 | case L2CAP_MODE_ERTM: | 1911 | case L2CAP_MODE_ERTM: |
1693 | if (chan->conf_state & L2CAP_CONF_STATE2_DEVICE) | 1912 | if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) |
1694 | break; | 1913 | break; |
1695 | 1914 | ||
1696 | /* fall through */ | 1915 | /* fall through */ |
@@ -1737,7 +1956,7 @@ done: | |||
1737 | break; | 1956 | break; |
1738 | 1957 | ||
1739 | if (chan->fcs == L2CAP_FCS_NONE || | 1958 | if (chan->fcs == L2CAP_FCS_NONE || |
1740 | chan->conf_state & L2CAP_CONF_NO_FCS_RECV) { | 1959 | test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { |
1741 | chan->fcs = L2CAP_FCS_NONE; | 1960 | chan->fcs = L2CAP_FCS_NONE; |
1742 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); | 1961 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); |
1743 | } | 1962 | } |
@@ -1760,7 +1979,7 @@ done: | |||
1760 | break; | 1979 | break; |
1761 | 1980 | ||
1762 | if (chan->fcs == L2CAP_FCS_NONE || | 1981 | if (chan->fcs == L2CAP_FCS_NONE || |
1763 | chan->conf_state & L2CAP_CONF_NO_FCS_RECV) { | 1982 | test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { |
1764 | chan->fcs = L2CAP_FCS_NONE; | 1983 | chan->fcs = L2CAP_FCS_NONE; |
1765 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); | 1984 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); |
1766 | } | 1985 | } |
@@ -1812,7 +2031,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data) | |||
1812 | 2031 | ||
1813 | case L2CAP_CONF_FCS: | 2032 | case L2CAP_CONF_FCS: |
1814 | if (val == L2CAP_FCS_NONE) | 2033 | if (val == L2CAP_FCS_NONE) |
1815 | chan->conf_state |= L2CAP_CONF_NO_FCS_RECV; | 2034 | set_bit(CONF_NO_FCS_RECV, &chan->conf_state); |
1816 | 2035 | ||
1817 | break; | 2036 | break; |
1818 | 2037 | ||
@@ -1832,7 +2051,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data) | |||
1832 | switch (chan->mode) { | 2051 | switch (chan->mode) { |
1833 | case L2CAP_MODE_STREAMING: | 2052 | case L2CAP_MODE_STREAMING: |
1834 | case L2CAP_MODE_ERTM: | 2053 | case L2CAP_MODE_ERTM: |
1835 | if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) { | 2054 | if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { |
1836 | chan->mode = l2cap_select_mode(rfc.mode, | 2055 | chan->mode = l2cap_select_mode(rfc.mode, |
1837 | chan->conn->feat_mask); | 2056 | chan->conn->feat_mask); |
1838 | break; | 2057 | break; |
@@ -1865,14 +2084,14 @@ done: | |||
1865 | result = L2CAP_CONF_UNACCEPT; | 2084 | result = L2CAP_CONF_UNACCEPT; |
1866 | else { | 2085 | else { |
1867 | chan->omtu = mtu; | 2086 | chan->omtu = mtu; |
1868 | chan->conf_state |= L2CAP_CONF_MTU_DONE; | 2087 | set_bit(CONF_MTU_DONE, &chan->conf_state); |
1869 | } | 2088 | } |
1870 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu); | 2089 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu); |
1871 | 2090 | ||
1872 | switch (rfc.mode) { | 2091 | switch (rfc.mode) { |
1873 | case L2CAP_MODE_BASIC: | 2092 | case L2CAP_MODE_BASIC: |
1874 | chan->fcs = L2CAP_FCS_NONE; | 2093 | chan->fcs = L2CAP_FCS_NONE; |
1875 | chan->conf_state |= L2CAP_CONF_MODE_DONE; | 2094 | set_bit(CONF_MODE_DONE, &chan->conf_state); |
1876 | break; | 2095 | break; |
1877 | 2096 | ||
1878 | case L2CAP_MODE_ERTM: | 2097 | case L2CAP_MODE_ERTM: |
@@ -1889,7 +2108,7 @@ done: | |||
1889 | rfc.monitor_timeout = | 2108 | rfc.monitor_timeout = |
1890 | le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO); | 2109 | le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO); |
1891 | 2110 | ||
1892 | chan->conf_state |= L2CAP_CONF_MODE_DONE; | 2111 | set_bit(CONF_MODE_DONE, &chan->conf_state); |
1893 | 2112 | ||
1894 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, | 2113 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, |
1895 | sizeof(rfc), (unsigned long) &rfc); | 2114 | sizeof(rfc), (unsigned long) &rfc); |
@@ -1902,7 +2121,7 @@ done: | |||
1902 | 2121 | ||
1903 | chan->remote_mps = le16_to_cpu(rfc.max_pdu_size); | 2122 | chan->remote_mps = le16_to_cpu(rfc.max_pdu_size); |
1904 | 2123 | ||
1905 | chan->conf_state |= L2CAP_CONF_MODE_DONE; | 2124 | set_bit(CONF_MODE_DONE, &chan->conf_state); |
1906 | 2125 | ||
1907 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, | 2126 | l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, |
1908 | sizeof(rfc), (unsigned long) &rfc); | 2127 | sizeof(rfc), (unsigned long) &rfc); |
@@ -1917,7 +2136,7 @@ done: | |||
1917 | } | 2136 | } |
1918 | 2137 | ||
1919 | if (result == L2CAP_CONF_SUCCESS) | 2138 | if (result == L2CAP_CONF_SUCCESS) |
1920 | chan->conf_state |= L2CAP_CONF_OUTPUT_DONE; | 2139 | set_bit(CONF_OUTPUT_DONE, &chan->conf_state); |
1921 | } | 2140 | } |
1922 | rsp->scid = cpu_to_le16(chan->dcid); | 2141 | rsp->scid = cpu_to_le16(chan->dcid); |
1923 | rsp->result = cpu_to_le16(result); | 2142 | rsp->result = cpu_to_le16(result); |
@@ -1959,7 +2178,7 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi | |||
1959 | if (olen == sizeof(rfc)) | 2178 | if (olen == sizeof(rfc)) |
1960 | memcpy(&rfc, (void *)val, olen); | 2179 | memcpy(&rfc, (void *)val, olen); |
1961 | 2180 | ||
1962 | if ((chan->conf_state & L2CAP_CONF_STATE2_DEVICE) && | 2181 | if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && |
1963 | rfc.mode != chan->mode) | 2182 | rfc.mode != chan->mode) |
1964 | return -ECONNREFUSED; | 2183 | return -ECONNREFUSED; |
1965 | 2184 | ||
@@ -2021,10 +2240,9 @@ void __l2cap_connect_rsp_defer(struct l2cap_chan *chan) | |||
2021 | l2cap_send_cmd(conn, chan->ident, | 2240 | l2cap_send_cmd(conn, chan->ident, |
2022 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); | 2241 | L2CAP_CONN_RSP, sizeof(rsp), &rsp); |
2023 | 2242 | ||
2024 | if (chan->conf_state & L2CAP_CONF_REQ_SENT) | 2243 | if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) |
2025 | return; | 2244 | return; |
2026 | 2245 | ||
2027 | chan->conf_state |= L2CAP_CONF_REQ_SENT; | ||
2028 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 2246 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
2029 | l2cap_build_conf_req(chan, buf), buf); | 2247 | l2cap_build_conf_req(chan, buf), buf); |
2030 | chan->num_conf_req++; | 2248 | chan->num_conf_req++; |
@@ -2124,17 +2342,11 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
2124 | goto response; | 2342 | goto response; |
2125 | } | 2343 | } |
2126 | 2344 | ||
2127 | sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC); | 2345 | chan = pchan->ops->new_connection(pchan->data); |
2128 | if (!sk) | 2346 | if (!chan) |
2129 | goto response; | ||
2130 | |||
2131 | chan = l2cap_chan_create(sk); | ||
2132 | if (!chan) { | ||
2133 | l2cap_sock_kill(sk); | ||
2134 | goto response; | 2347 | goto response; |
2135 | } | ||
2136 | 2348 | ||
2137 | l2cap_pi(sk)->chan = chan; | 2349 | sk = chan->sk; |
2138 | 2350 | ||
2139 | write_lock_bh(&conn->chan_lock); | 2351 | write_lock_bh(&conn->chan_lock); |
2140 | 2352 | ||
@@ -2142,13 +2354,12 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
2142 | if (__l2cap_get_chan_by_dcid(conn, scid)) { | 2354 | if (__l2cap_get_chan_by_dcid(conn, scid)) { |
2143 | write_unlock_bh(&conn->chan_lock); | 2355 | write_unlock_bh(&conn->chan_lock); |
2144 | sock_set_flag(sk, SOCK_ZAPPED); | 2356 | sock_set_flag(sk, SOCK_ZAPPED); |
2145 | l2cap_sock_kill(sk); | 2357 | chan->ops->close(chan->data); |
2146 | goto response; | 2358 | goto response; |
2147 | } | 2359 | } |
2148 | 2360 | ||
2149 | hci_conn_hold(conn->hcon); | 2361 | hci_conn_hold(conn->hcon); |
2150 | 2362 | ||
2151 | l2cap_sock_init(sk, parent); | ||
2152 | bacpy(&bt_sk(sk)->src, conn->src); | 2363 | bacpy(&bt_sk(sk)->src, conn->src); |
2153 | bacpy(&bt_sk(sk)->dst, conn->dst); | 2364 | bacpy(&bt_sk(sk)->dst, conn->dst); |
2154 | chan->psm = psm; | 2365 | chan->psm = psm; |
@@ -2160,29 +2371,29 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
2160 | 2371 | ||
2161 | dcid = chan->scid; | 2372 | dcid = chan->scid; |
2162 | 2373 | ||
2163 | l2cap_sock_set_timer(sk, sk->sk_sndtimeo); | 2374 | __set_chan_timer(chan, sk->sk_sndtimeo); |
2164 | 2375 | ||
2165 | chan->ident = cmd->ident; | 2376 | chan->ident = cmd->ident; |
2166 | 2377 | ||
2167 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { | 2378 | if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { |
2168 | if (l2cap_check_security(chan)) { | 2379 | if (l2cap_check_security(chan)) { |
2169 | if (bt_sk(sk)->defer_setup) { | 2380 | if (bt_sk(sk)->defer_setup) { |
2170 | sk->sk_state = BT_CONNECT2; | 2381 | l2cap_state_change(chan, BT_CONNECT2); |
2171 | result = L2CAP_CR_PEND; | 2382 | result = L2CAP_CR_PEND; |
2172 | status = L2CAP_CS_AUTHOR_PEND; | 2383 | status = L2CAP_CS_AUTHOR_PEND; |
2173 | parent->sk_data_ready(parent, 0); | 2384 | parent->sk_data_ready(parent, 0); |
2174 | } else { | 2385 | } else { |
2175 | sk->sk_state = BT_CONFIG; | 2386 | l2cap_state_change(chan, BT_CONFIG); |
2176 | result = L2CAP_CR_SUCCESS; | 2387 | result = L2CAP_CR_SUCCESS; |
2177 | status = L2CAP_CS_NO_INFO; | 2388 | status = L2CAP_CS_NO_INFO; |
2178 | } | 2389 | } |
2179 | } else { | 2390 | } else { |
2180 | sk->sk_state = BT_CONNECT2; | 2391 | l2cap_state_change(chan, BT_CONNECT2); |
2181 | result = L2CAP_CR_PEND; | 2392 | result = L2CAP_CR_PEND; |
2182 | status = L2CAP_CS_AUTHEN_PEND; | 2393 | status = L2CAP_CS_AUTHEN_PEND; |
2183 | } | 2394 | } |
2184 | } else { | 2395 | } else { |
2185 | sk->sk_state = BT_CONNECT2; | 2396 | l2cap_state_change(chan, BT_CONNECT2); |
2186 | result = L2CAP_CR_PEND; | 2397 | result = L2CAP_CR_PEND; |
2187 | status = L2CAP_CS_NO_INFO; | 2398 | status = L2CAP_CS_NO_INFO; |
2188 | } | 2399 | } |
@@ -2213,10 +2424,10 @@ sendresp: | |||
2213 | L2CAP_INFO_REQ, sizeof(info), &info); | 2424 | L2CAP_INFO_REQ, sizeof(info), &info); |
2214 | } | 2425 | } |
2215 | 2426 | ||
2216 | if (chan && !(chan->conf_state & L2CAP_CONF_REQ_SENT) && | 2427 | if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) && |
2217 | result == L2CAP_CR_SUCCESS) { | 2428 | result == L2CAP_CR_SUCCESS) { |
2218 | u8 buf[128]; | 2429 | u8 buf[128]; |
2219 | chan->conf_state |= L2CAP_CONF_REQ_SENT; | 2430 | set_bit(CONF_REQ_SENT, &chan->conf_state); |
2220 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 2431 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
2221 | l2cap_build_conf_req(chan, buf), buf); | 2432 | l2cap_build_conf_req(chan, buf), buf); |
2222 | chan->num_conf_req++; | 2433 | chan->num_conf_req++; |
@@ -2254,31 +2465,29 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
2254 | 2465 | ||
2255 | switch (result) { | 2466 | switch (result) { |
2256 | case L2CAP_CR_SUCCESS: | 2467 | case L2CAP_CR_SUCCESS: |
2257 | sk->sk_state = BT_CONFIG; | 2468 | l2cap_state_change(chan, BT_CONFIG); |
2258 | chan->ident = 0; | 2469 | chan->ident = 0; |
2259 | chan->dcid = dcid; | 2470 | chan->dcid = dcid; |
2260 | chan->conf_state &= ~L2CAP_CONF_CONNECT_PEND; | 2471 | clear_bit(CONF_CONNECT_PEND, &chan->conf_state); |
2261 | 2472 | ||
2262 | if (chan->conf_state & L2CAP_CONF_REQ_SENT) | 2473 | if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) |
2263 | break; | 2474 | break; |
2264 | 2475 | ||
2265 | chan->conf_state |= L2CAP_CONF_REQ_SENT; | ||
2266 | |||
2267 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 2476 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
2268 | l2cap_build_conf_req(chan, req), req); | 2477 | l2cap_build_conf_req(chan, req), req); |
2269 | chan->num_conf_req++; | 2478 | chan->num_conf_req++; |
2270 | break; | 2479 | break; |
2271 | 2480 | ||
2272 | case L2CAP_CR_PEND: | 2481 | case L2CAP_CR_PEND: |
2273 | chan->conf_state |= L2CAP_CONF_CONNECT_PEND; | 2482 | set_bit(CONF_CONNECT_PEND, &chan->conf_state); |
2274 | break; | 2483 | break; |
2275 | 2484 | ||
2276 | default: | 2485 | default: |
2277 | /* don't delete l2cap channel if sk is owned by user */ | 2486 | /* don't delete l2cap channel if sk is owned by user */ |
2278 | if (sock_owned_by_user(sk)) { | 2487 | if (sock_owned_by_user(sk)) { |
2279 | sk->sk_state = BT_DISCONN; | 2488 | l2cap_state_change(chan, BT_DISCONN); |
2280 | l2cap_sock_clear_timer(sk); | 2489 | __clear_chan_timer(chan); |
2281 | l2cap_sock_set_timer(sk, HZ / 5); | 2490 | __set_chan_timer(chan, HZ / 5); |
2282 | break; | 2491 | break; |
2283 | } | 2492 | } |
2284 | 2493 | ||
@@ -2292,14 +2501,12 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
2292 | 2501 | ||
2293 | static inline void set_default_fcs(struct l2cap_chan *chan) | 2502 | static inline void set_default_fcs(struct l2cap_chan *chan) |
2294 | { | 2503 | { |
2295 | struct l2cap_pinfo *pi = l2cap_pi(chan->sk); | ||
2296 | |||
2297 | /* FCS is enabled only in ERTM or streaming mode, if one or both | 2504 | /* FCS is enabled only in ERTM or streaming mode, if one or both |
2298 | * sides request it. | 2505 | * sides request it. |
2299 | */ | 2506 | */ |
2300 | if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING) | 2507 | if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING) |
2301 | chan->fcs = L2CAP_FCS_NONE; | 2508 | chan->fcs = L2CAP_FCS_NONE; |
2302 | else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV)) | 2509 | else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) |
2303 | chan->fcs = L2CAP_FCS_CRC16; | 2510 | chan->fcs = L2CAP_FCS_CRC16; |
2304 | } | 2511 | } |
2305 | 2512 | ||
@@ -2323,8 +2530,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr | |||
2323 | 2530 | ||
2324 | sk = chan->sk; | 2531 | sk = chan->sk; |
2325 | 2532 | ||
2326 | if ((bt_sk(sk)->defer_setup && sk->sk_state != BT_CONNECT2) || | 2533 | if ((bt_sk(sk)->defer_setup && chan->state != BT_CONNECT2) || |
2327 | (!bt_sk(sk)->defer_setup && sk->sk_state != BT_CONFIG)) { | 2534 | (!bt_sk(sk)->defer_setup && chan->state != BT_CONFIG)) { |
2328 | struct l2cap_cmd_rej rej; | 2535 | struct l2cap_cmd_rej rej; |
2329 | 2536 | ||
2330 | rej.reason = cpu_to_le16(0x0002); | 2537 | rej.reason = cpu_to_le16(0x0002); |
@@ -2367,13 +2574,13 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr | |||
2367 | /* Reset config buffer. */ | 2574 | /* Reset config buffer. */ |
2368 | chan->conf_len = 0; | 2575 | chan->conf_len = 0; |
2369 | 2576 | ||
2370 | if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE)) | 2577 | if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) |
2371 | goto unlock; | 2578 | goto unlock; |
2372 | 2579 | ||
2373 | if (chan->conf_state & L2CAP_CONF_INPUT_DONE) { | 2580 | if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) { |
2374 | set_default_fcs(chan); | 2581 | set_default_fcs(chan); |
2375 | 2582 | ||
2376 | sk->sk_state = BT_CONNECTED; | 2583 | l2cap_state_change(chan, BT_CONNECTED); |
2377 | 2584 | ||
2378 | chan->next_tx_seq = 0; | 2585 | chan->next_tx_seq = 0; |
2379 | chan->expected_tx_seq = 0; | 2586 | chan->expected_tx_seq = 0; |
@@ -2385,9 +2592,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr | |||
2385 | goto unlock; | 2592 | goto unlock; |
2386 | } | 2593 | } |
2387 | 2594 | ||
2388 | if (!(chan->conf_state & L2CAP_CONF_REQ_SENT)) { | 2595 | if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) { |
2389 | u8 buf[64]; | 2596 | u8 buf[64]; |
2390 | chan->conf_state |= L2CAP_CONF_REQ_SENT; | ||
2391 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 2597 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
2392 | l2cap_build_conf_req(chan, buf), buf); | 2598 | l2cap_build_conf_req(chan, buf), buf); |
2393 | chan->num_conf_req++; | 2599 | chan->num_conf_req++; |
@@ -2452,7 +2658,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr | |||
2452 | 2658 | ||
2453 | default: | 2659 | default: |
2454 | sk->sk_err = ECONNRESET; | 2660 | sk->sk_err = ECONNRESET; |
2455 | l2cap_sock_set_timer(sk, HZ * 5); | 2661 | __set_chan_timer(chan, HZ * 5); |
2456 | l2cap_send_disconn_req(conn, chan, ECONNRESET); | 2662 | l2cap_send_disconn_req(conn, chan, ECONNRESET); |
2457 | goto done; | 2663 | goto done; |
2458 | } | 2664 | } |
@@ -2460,12 +2666,12 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr | |||
2460 | if (flags & 0x01) | 2666 | if (flags & 0x01) |
2461 | goto done; | 2667 | goto done; |
2462 | 2668 | ||
2463 | chan->conf_state |= L2CAP_CONF_INPUT_DONE; | 2669 | set_bit(CONF_INPUT_DONE, &chan->conf_state); |
2464 | 2670 | ||
2465 | if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) { | 2671 | if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) { |
2466 | set_default_fcs(chan); | 2672 | set_default_fcs(chan); |
2467 | 2673 | ||
2468 | sk->sk_state = BT_CONNECTED; | 2674 | l2cap_state_change(chan, BT_CONNECTED); |
2469 | chan->next_tx_seq = 0; | 2675 | chan->next_tx_seq = 0; |
2470 | chan->expected_tx_seq = 0; | 2676 | chan->expected_tx_seq = 0; |
2471 | skb_queue_head_init(&chan->tx_q); | 2677 | skb_queue_head_init(&chan->tx_q); |
@@ -2507,9 +2713,9 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd | |||
2507 | 2713 | ||
2508 | /* don't delete l2cap channel if sk is owned by user */ | 2714 | /* don't delete l2cap channel if sk is owned by user */ |
2509 | if (sock_owned_by_user(sk)) { | 2715 | if (sock_owned_by_user(sk)) { |
2510 | sk->sk_state = BT_DISCONN; | 2716 | l2cap_state_change(chan, BT_DISCONN); |
2511 | l2cap_sock_clear_timer(sk); | 2717 | __clear_chan_timer(chan); |
2512 | l2cap_sock_set_timer(sk, HZ / 5); | 2718 | __set_chan_timer(chan, HZ / 5); |
2513 | bh_unlock_sock(sk); | 2719 | bh_unlock_sock(sk); |
2514 | return 0; | 2720 | return 0; |
2515 | } | 2721 | } |
@@ -2517,7 +2723,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd | |||
2517 | l2cap_chan_del(chan, ECONNRESET); | 2723 | l2cap_chan_del(chan, ECONNRESET); |
2518 | bh_unlock_sock(sk); | 2724 | bh_unlock_sock(sk); |
2519 | 2725 | ||
2520 | l2cap_sock_kill(sk); | 2726 | chan->ops->close(chan->data); |
2521 | return 0; | 2727 | return 0; |
2522 | } | 2728 | } |
2523 | 2729 | ||
@@ -2541,9 +2747,9 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd | |||
2541 | 2747 | ||
2542 | /* don't delete l2cap channel if sk is owned by user */ | 2748 | /* don't delete l2cap channel if sk is owned by user */ |
2543 | if (sock_owned_by_user(sk)) { | 2749 | if (sock_owned_by_user(sk)) { |
2544 | sk->sk_state = BT_DISCONN; | 2750 | l2cap_state_change(chan,BT_DISCONN); |
2545 | l2cap_sock_clear_timer(sk); | 2751 | __clear_chan_timer(chan); |
2546 | l2cap_sock_set_timer(sk, HZ / 5); | 2752 | __set_chan_timer(chan, HZ / 5); |
2547 | bh_unlock_sock(sk); | 2753 | bh_unlock_sock(sk); |
2548 | return 0; | 2754 | return 0; |
2549 | } | 2755 | } |
@@ -2551,7 +2757,7 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd | |||
2551 | l2cap_chan_del(chan, 0); | 2757 | l2cap_chan_del(chan, 0); |
2552 | bh_unlock_sock(sk); | 2758 | bh_unlock_sock(sk); |
2553 | 2759 | ||
2554 | l2cap_sock_kill(sk); | 2760 | chan->ops->close(chan->data); |
2555 | return 0; | 2761 | return 0; |
2556 | } | 2762 | } |
2557 | 2763 | ||
@@ -2859,18 +3065,18 @@ static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan) | |||
2859 | 3065 | ||
2860 | control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; | 3066 | control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; |
2861 | 3067 | ||
2862 | if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) { | 3068 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { |
2863 | control |= L2CAP_SUPER_RCV_NOT_READY; | 3069 | control |= L2CAP_SUPER_RCV_NOT_READY; |
2864 | l2cap_send_sframe(chan, control); | 3070 | l2cap_send_sframe(chan, control); |
2865 | chan->conn_state |= L2CAP_CONN_RNR_SENT; | 3071 | set_bit(CONN_RNR_SENT, &chan->conn_state); |
2866 | } | 3072 | } |
2867 | 3073 | ||
2868 | if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY) | 3074 | if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) |
2869 | l2cap_retransmit_frames(chan); | 3075 | l2cap_retransmit_frames(chan); |
2870 | 3076 | ||
2871 | l2cap_ertm_send(chan); | 3077 | l2cap_ertm_send(chan); |
2872 | 3078 | ||
2873 | if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) && | 3079 | if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) && |
2874 | chan->frames_sent == 0) { | 3080 | chan->frames_sent == 0) { |
2875 | control |= L2CAP_SUPER_RCV_READY; | 3081 | control |= L2CAP_SUPER_RCV_READY; |
2876 | l2cap_send_sframe(chan, control); | 3082 | l2cap_send_sframe(chan, control); |
@@ -2926,17 +3132,13 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk | |||
2926 | 3132 | ||
2927 | switch (control & L2CAP_CTRL_SAR) { | 3133 | switch (control & L2CAP_CTRL_SAR) { |
2928 | case L2CAP_SDU_UNSEGMENTED: | 3134 | case L2CAP_SDU_UNSEGMENTED: |
2929 | if (chan->conn_state & L2CAP_CONN_SAR_SDU) | 3135 | if (test_bit(CONN_SAR_SDU, &chan->conn_state)) |
2930 | goto drop; | 3136 | goto drop; |
2931 | 3137 | ||
2932 | err = sock_queue_rcv_skb(chan->sk, skb); | 3138 | return chan->ops->recv(chan->data, skb); |
2933 | if (!err) | ||
2934 | return err; | ||
2935 | |||
2936 | break; | ||
2937 | 3139 | ||
2938 | case L2CAP_SDU_START: | 3140 | case L2CAP_SDU_START: |
2939 | if (chan->conn_state & L2CAP_CONN_SAR_SDU) | 3141 | if (test_bit(CONN_SAR_SDU, &chan->conn_state)) |
2940 | goto drop; | 3142 | goto drop; |
2941 | 3143 | ||
2942 | chan->sdu_len = get_unaligned_le16(skb->data); | 3144 | chan->sdu_len = get_unaligned_le16(skb->data); |
@@ -2955,12 +3157,12 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk | |||
2955 | 3157 | ||
2956 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); | 3158 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); |
2957 | 3159 | ||
2958 | chan->conn_state |= L2CAP_CONN_SAR_SDU; | 3160 | set_bit(CONN_SAR_SDU, &chan->conn_state); |
2959 | chan->partial_sdu_len = skb->len; | 3161 | chan->partial_sdu_len = skb->len; |
2960 | break; | 3162 | break; |
2961 | 3163 | ||
2962 | case L2CAP_SDU_CONTINUE: | 3164 | case L2CAP_SDU_CONTINUE: |
2963 | if (!(chan->conn_state & L2CAP_CONN_SAR_SDU)) | 3165 | if (!test_bit(CONN_SAR_SDU, &chan->conn_state)) |
2964 | goto disconnect; | 3166 | goto disconnect; |
2965 | 3167 | ||
2966 | if (!chan->sdu) | 3168 | if (!chan->sdu) |
@@ -2975,13 +3177,13 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk | |||
2975 | break; | 3177 | break; |
2976 | 3178 | ||
2977 | case L2CAP_SDU_END: | 3179 | case L2CAP_SDU_END: |
2978 | if (!(chan->conn_state & L2CAP_CONN_SAR_SDU)) | 3180 | if (!test_bit(CONN_SAR_SDU, &chan->conn_state)) |
2979 | goto disconnect; | 3181 | goto disconnect; |
2980 | 3182 | ||
2981 | if (!chan->sdu) | 3183 | if (!chan->sdu) |
2982 | goto disconnect; | 3184 | goto disconnect; |
2983 | 3185 | ||
2984 | if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) { | 3186 | if (!test_bit(CONN_SAR_RETRY, &chan->conn_state)) { |
2985 | chan->partial_sdu_len += skb->len; | 3187 | chan->partial_sdu_len += skb->len; |
2986 | 3188 | ||
2987 | if (chan->partial_sdu_len > chan->imtu) | 3189 | if (chan->partial_sdu_len > chan->imtu) |
@@ -2995,19 +3197,19 @@ static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *sk | |||
2995 | 3197 | ||
2996 | _skb = skb_clone(chan->sdu, GFP_ATOMIC); | 3198 | _skb = skb_clone(chan->sdu, GFP_ATOMIC); |
2997 | if (!_skb) { | 3199 | if (!_skb) { |
2998 | chan->conn_state |= L2CAP_CONN_SAR_RETRY; | 3200 | set_bit(CONN_SAR_RETRY, &chan->conn_state); |
2999 | return -ENOMEM; | 3201 | return -ENOMEM; |
3000 | } | 3202 | } |
3001 | 3203 | ||
3002 | err = sock_queue_rcv_skb(chan->sk, _skb); | 3204 | err = chan->ops->recv(chan->data, _skb); |
3003 | if (err < 0) { | 3205 | if (err < 0) { |
3004 | kfree_skb(_skb); | 3206 | kfree_skb(_skb); |
3005 | chan->conn_state |= L2CAP_CONN_SAR_RETRY; | 3207 | set_bit(CONN_SAR_RETRY, &chan->conn_state); |
3006 | return err; | 3208 | return err; |
3007 | } | 3209 | } |
3008 | 3210 | ||
3009 | chan->conn_state &= ~L2CAP_CONN_SAR_RETRY; | 3211 | clear_bit(CONN_SAR_RETRY, &chan->conn_state); |
3010 | chan->conn_state &= ~L2CAP_CONN_SAR_SDU; | 3212 | clear_bit(CONN_SAR_SDU, &chan->conn_state); |
3011 | 3213 | ||
3012 | kfree_skb(chan->sdu); | 3214 | kfree_skb(chan->sdu); |
3013 | break; | 3215 | break; |
@@ -3043,7 +3245,7 @@ static int l2cap_try_push_rx_skb(struct l2cap_chan *chan) | |||
3043 | chan->buffer_seq = (chan->buffer_seq + 1) % 64; | 3245 | chan->buffer_seq = (chan->buffer_seq + 1) % 64; |
3044 | } | 3246 | } |
3045 | 3247 | ||
3046 | if (!(chan->conn_state & L2CAP_CONN_RNR_SENT)) | 3248 | if (!test_bit(CONN_RNR_SENT, &chan->conn_state)) |
3047 | goto done; | 3249 | goto done; |
3048 | 3250 | ||
3049 | control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; | 3251 | control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT; |
@@ -3051,14 +3253,14 @@ static int l2cap_try_push_rx_skb(struct l2cap_chan *chan) | |||
3051 | l2cap_send_sframe(chan, control); | 3253 | l2cap_send_sframe(chan, control); |
3052 | chan->retry_count = 1; | 3254 | chan->retry_count = 1; |
3053 | 3255 | ||
3054 | del_timer(&chan->retrans_timer); | 3256 | __clear_retrans_timer(chan); |
3055 | __mod_monitor_timer(); | 3257 | __set_monitor_timer(chan); |
3056 | 3258 | ||
3057 | chan->conn_state |= L2CAP_CONN_WAIT_F; | 3259 | set_bit(CONN_WAIT_F, &chan->conn_state); |
3058 | 3260 | ||
3059 | done: | 3261 | done: |
3060 | chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY; | 3262 | clear_bit(CONN_LOCAL_BUSY, &chan->conn_state); |
3061 | chan->conn_state &= ~L2CAP_CONN_RNR_SENT; | 3263 | clear_bit(CONN_RNR_SENT, &chan->conn_state); |
3062 | 3264 | ||
3063 | BT_DBG("chan %p, Exit local busy", chan); | 3265 | BT_DBG("chan %p, Exit local busy", chan); |
3064 | 3266 | ||
@@ -3116,7 +3318,7 @@ static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 c | |||
3116 | { | 3318 | { |
3117 | int sctrl, err; | 3319 | int sctrl, err; |
3118 | 3320 | ||
3119 | if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) { | 3321 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { |
3120 | bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; | 3322 | bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; |
3121 | __skb_queue_tail(&chan->busy_q, skb); | 3323 | __skb_queue_tail(&chan->busy_q, skb); |
3122 | return l2cap_try_push_rx_skb(chan); | 3324 | return l2cap_try_push_rx_skb(chan); |
@@ -3133,7 +3335,7 @@ static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 c | |||
3133 | /* Busy Condition */ | 3335 | /* Busy Condition */ |
3134 | BT_DBG("chan %p, Enter local busy", chan); | 3336 | BT_DBG("chan %p, Enter local busy", chan); |
3135 | 3337 | ||
3136 | chan->conn_state |= L2CAP_CONN_LOCAL_BUSY; | 3338 | set_bit(CONN_LOCAL_BUSY, &chan->conn_state); |
3137 | bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; | 3339 | bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT; |
3138 | __skb_queue_tail(&chan->busy_q, skb); | 3340 | __skb_queue_tail(&chan->busy_q, skb); |
3139 | 3341 | ||
@@ -3141,9 +3343,9 @@ static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 c | |||
3141 | sctrl |= L2CAP_SUPER_RCV_NOT_READY; | 3343 | sctrl |= L2CAP_SUPER_RCV_NOT_READY; |
3142 | l2cap_send_sframe(chan, sctrl); | 3344 | l2cap_send_sframe(chan, sctrl); |
3143 | 3345 | ||
3144 | chan->conn_state |= L2CAP_CONN_RNR_SENT; | 3346 | set_bit(CONN_RNR_SENT, &chan->conn_state); |
3145 | 3347 | ||
3146 | del_timer(&chan->ack_timer); | 3348 | __clear_ack_timer(chan); |
3147 | 3349 | ||
3148 | queue_work(_busy_wq, &chan->busy_work); | 3350 | queue_work(_busy_wq, &chan->busy_work); |
3149 | 3351 | ||
@@ -3162,19 +3364,19 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf | |||
3162 | 3364 | ||
3163 | switch (control & L2CAP_CTRL_SAR) { | 3365 | switch (control & L2CAP_CTRL_SAR) { |
3164 | case L2CAP_SDU_UNSEGMENTED: | 3366 | case L2CAP_SDU_UNSEGMENTED: |
3165 | if (chan->conn_state & L2CAP_CONN_SAR_SDU) { | 3367 | if (test_bit(CONN_SAR_SDU, &chan->conn_state)) { |
3166 | kfree_skb(chan->sdu); | 3368 | kfree_skb(chan->sdu); |
3167 | break; | 3369 | break; |
3168 | } | 3370 | } |
3169 | 3371 | ||
3170 | err = sock_queue_rcv_skb(chan->sk, skb); | 3372 | err = chan->ops->recv(chan->data, skb); |
3171 | if (!err) | 3373 | if (!err) |
3172 | return 0; | 3374 | return 0; |
3173 | 3375 | ||
3174 | break; | 3376 | break; |
3175 | 3377 | ||
3176 | case L2CAP_SDU_START: | 3378 | case L2CAP_SDU_START: |
3177 | if (chan->conn_state & L2CAP_CONN_SAR_SDU) { | 3379 | if (test_bit(CONN_SAR_SDU, &chan->conn_state)) { |
3178 | kfree_skb(chan->sdu); | 3380 | kfree_skb(chan->sdu); |
3179 | break; | 3381 | break; |
3180 | } | 3382 | } |
@@ -3195,13 +3397,13 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf | |||
3195 | 3397 | ||
3196 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); | 3398 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); |
3197 | 3399 | ||
3198 | chan->conn_state |= L2CAP_CONN_SAR_SDU; | 3400 | set_bit(CONN_SAR_SDU, &chan->conn_state); |
3199 | chan->partial_sdu_len = skb->len; | 3401 | chan->partial_sdu_len = skb->len; |
3200 | err = 0; | 3402 | err = 0; |
3201 | break; | 3403 | break; |
3202 | 3404 | ||
3203 | case L2CAP_SDU_CONTINUE: | 3405 | case L2CAP_SDU_CONTINUE: |
3204 | if (!(chan->conn_state & L2CAP_CONN_SAR_SDU)) | 3406 | if (!test_bit(CONN_SAR_SDU, &chan->conn_state)) |
3205 | break; | 3407 | break; |
3206 | 3408 | ||
3207 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); | 3409 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); |
@@ -3215,12 +3417,12 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf | |||
3215 | break; | 3417 | break; |
3216 | 3418 | ||
3217 | case L2CAP_SDU_END: | 3419 | case L2CAP_SDU_END: |
3218 | if (!(chan->conn_state & L2CAP_CONN_SAR_SDU)) | 3420 | if (!test_bit(CONN_SAR_SDU, &chan->conn_state)) |
3219 | break; | 3421 | break; |
3220 | 3422 | ||
3221 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); | 3423 | memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len); |
3222 | 3424 | ||
3223 | chan->conn_state &= ~L2CAP_CONN_SAR_SDU; | 3425 | clear_bit(CONN_SAR_SDU, &chan->conn_state); |
3224 | chan->partial_sdu_len += skb->len; | 3426 | chan->partial_sdu_len += skb->len; |
3225 | 3427 | ||
3226 | if (chan->partial_sdu_len > chan->imtu) | 3428 | if (chan->partial_sdu_len > chan->imtu) |
@@ -3228,7 +3430,7 @@ static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buf | |||
3228 | 3430 | ||
3229 | if (chan->partial_sdu_len == chan->sdu_len) { | 3431 | if (chan->partial_sdu_len == chan->sdu_len) { |
3230 | _skb = skb_clone(chan->sdu, GFP_ATOMIC); | 3432 | _skb = skb_clone(chan->sdu, GFP_ATOMIC); |
3231 | err = sock_queue_rcv_skb(chan->sk, _skb); | 3433 | err = chan->ops->recv(chan->data, _skb); |
3232 | if (err < 0) | 3434 | if (err < 0) |
3233 | kfree_skb(_skb); | 3435 | kfree_skb(_skb); |
3234 | } | 3436 | } |
@@ -3311,11 +3513,11 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
3311 | tx_seq, rx_control); | 3513 | tx_seq, rx_control); |
3312 | 3514 | ||
3313 | if (L2CAP_CTRL_FINAL & rx_control && | 3515 | if (L2CAP_CTRL_FINAL & rx_control && |
3314 | chan->conn_state & L2CAP_CONN_WAIT_F) { | 3516 | test_bit(CONN_WAIT_F, &chan->conn_state)) { |
3315 | del_timer(&chan->monitor_timer); | 3517 | __clear_monitor_timer(chan); |
3316 | if (chan->unacked_frames > 0) | 3518 | if (chan->unacked_frames > 0) |
3317 | __mod_retrans_timer(); | 3519 | __set_retrans_timer(chan); |
3318 | chan->conn_state &= ~L2CAP_CONN_WAIT_F; | 3520 | clear_bit(CONN_WAIT_F, &chan->conn_state); |
3319 | } | 3521 | } |
3320 | 3522 | ||
3321 | chan->expected_ack_seq = req_seq; | 3523 | chan->expected_ack_seq = req_seq; |
@@ -3334,10 +3536,10 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
3334 | goto drop; | 3536 | goto drop; |
3335 | } | 3537 | } |
3336 | 3538 | ||
3337 | if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY) | 3539 | if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) |
3338 | goto drop; | 3540 | goto drop; |
3339 | 3541 | ||
3340 | if (chan->conn_state & L2CAP_CONN_SREJ_SENT) { | 3542 | if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) { |
3341 | struct srej_list *first; | 3543 | struct srej_list *first; |
3342 | 3544 | ||
3343 | first = list_first_entry(&chan->srej_l, | 3545 | first = list_first_entry(&chan->srej_l, |
@@ -3351,7 +3553,7 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
3351 | 3553 | ||
3352 | if (list_empty(&chan->srej_l)) { | 3554 | if (list_empty(&chan->srej_l)) { |
3353 | chan->buffer_seq = chan->buffer_seq_srej; | 3555 | chan->buffer_seq = chan->buffer_seq_srej; |
3354 | chan->conn_state &= ~L2CAP_CONN_SREJ_SENT; | 3556 | clear_bit(CONN_SREJ_SENT, &chan->conn_state); |
3355 | l2cap_send_ack(chan); | 3557 | l2cap_send_ack(chan); |
3356 | BT_DBG("chan %p, Exit SREJ_SENT", chan); | 3558 | BT_DBG("chan %p, Exit SREJ_SENT", chan); |
3357 | } | 3559 | } |
@@ -3380,7 +3582,7 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
3380 | if (tx_seq_offset < expected_tx_seq_offset) | 3582 | if (tx_seq_offset < expected_tx_seq_offset) |
3381 | goto drop; | 3583 | goto drop; |
3382 | 3584 | ||
3383 | chan->conn_state |= L2CAP_CONN_SREJ_SENT; | 3585 | set_bit(CONN_SREJ_SENT, &chan->conn_state); |
3384 | 3586 | ||
3385 | BT_DBG("chan %p, Enter SREJ", chan); | 3587 | BT_DBG("chan %p, Enter SREJ", chan); |
3386 | 3588 | ||
@@ -3391,18 +3593,18 @@ static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_cont | |||
3391 | __skb_queue_head_init(&chan->busy_q); | 3593 | __skb_queue_head_init(&chan->busy_q); |
3392 | l2cap_add_to_srej_queue(chan, skb, tx_seq, sar); | 3594 | l2cap_add_to_srej_queue(chan, skb, tx_seq, sar); |
3393 | 3595 | ||
3394 | chan->conn_state |= L2CAP_CONN_SEND_PBIT; | 3596 | set_bit(CONN_SEND_PBIT, &chan->conn_state); |
3395 | 3597 | ||
3396 | l2cap_send_srejframe(chan, tx_seq); | 3598 | l2cap_send_srejframe(chan, tx_seq); |
3397 | 3599 | ||
3398 | del_timer(&chan->ack_timer); | 3600 | __clear_ack_timer(chan); |
3399 | } | 3601 | } |
3400 | return 0; | 3602 | return 0; |
3401 | 3603 | ||
3402 | expected: | 3604 | expected: |
3403 | chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64; | 3605 | chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64; |
3404 | 3606 | ||
3405 | if (chan->conn_state & L2CAP_CONN_SREJ_SENT) { | 3607 | if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) { |
3406 | bt_cb(skb)->tx_seq = tx_seq; | 3608 | bt_cb(skb)->tx_seq = tx_seq; |
3407 | bt_cb(skb)->sar = sar; | 3609 | bt_cb(skb)->sar = sar; |
3408 | __skb_queue_tail(&chan->srej_q, skb); | 3610 | __skb_queue_tail(&chan->srej_q, skb); |
@@ -3414,13 +3616,11 @@ expected: | |||
3414 | return 0; | 3616 | return 0; |
3415 | 3617 | ||
3416 | if (rx_control & L2CAP_CTRL_FINAL) { | 3618 | if (rx_control & L2CAP_CTRL_FINAL) { |
3417 | if (chan->conn_state & L2CAP_CONN_REJ_ACT) | 3619 | if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) |
3418 | chan->conn_state &= ~L2CAP_CONN_REJ_ACT; | ||
3419 | else | ||
3420 | l2cap_retransmit_frames(chan); | 3620 | l2cap_retransmit_frames(chan); |
3421 | } | 3621 | } |
3422 | 3622 | ||
3423 | __mod_ack_timer(); | 3623 | __set_ack_timer(chan); |
3424 | 3624 | ||
3425 | chan->num_acked = (chan->num_acked + 1) % num_to_ack; | 3625 | chan->num_acked = (chan->num_acked + 1) % num_to_ack; |
3426 | if (chan->num_acked == num_to_ack - 1) | 3626 | if (chan->num_acked == num_to_ack - 1) |
@@ -3442,33 +3642,31 @@ static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_co | |||
3442 | l2cap_drop_acked_frames(chan); | 3642 | l2cap_drop_acked_frames(chan); |
3443 | 3643 | ||
3444 | if (rx_control & L2CAP_CTRL_POLL) { | 3644 | if (rx_control & L2CAP_CTRL_POLL) { |
3445 | chan->conn_state |= L2CAP_CONN_SEND_FBIT; | 3645 | set_bit(CONN_SEND_FBIT, &chan->conn_state); |
3446 | if (chan->conn_state & L2CAP_CONN_SREJ_SENT) { | 3646 | if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) { |
3447 | if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && | 3647 | if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) && |
3448 | (chan->unacked_frames > 0)) | 3648 | (chan->unacked_frames > 0)) |
3449 | __mod_retrans_timer(); | 3649 | __set_retrans_timer(chan); |
3450 | 3650 | ||
3451 | chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; | 3651 | clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); |
3452 | l2cap_send_srejtail(chan); | 3652 | l2cap_send_srejtail(chan); |
3453 | } else { | 3653 | } else { |
3454 | l2cap_send_i_or_rr_or_rnr(chan); | 3654 | l2cap_send_i_or_rr_or_rnr(chan); |
3455 | } | 3655 | } |
3456 | 3656 | ||
3457 | } else if (rx_control & L2CAP_CTRL_FINAL) { | 3657 | } else if (rx_control & L2CAP_CTRL_FINAL) { |
3458 | chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; | 3658 | clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); |
3459 | 3659 | ||
3460 | if (chan->conn_state & L2CAP_CONN_REJ_ACT) | 3660 | if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) |
3461 | chan->conn_state &= ~L2CAP_CONN_REJ_ACT; | ||
3462 | else | ||
3463 | l2cap_retransmit_frames(chan); | 3661 | l2cap_retransmit_frames(chan); |
3464 | 3662 | ||
3465 | } else { | 3663 | } else { |
3466 | if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && | 3664 | if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) && |
3467 | (chan->unacked_frames > 0)) | 3665 | (chan->unacked_frames > 0)) |
3468 | __mod_retrans_timer(); | 3666 | __set_retrans_timer(chan); |
3469 | 3667 | ||
3470 | chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; | 3668 | clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); |
3471 | if (chan->conn_state & L2CAP_CONN_SREJ_SENT) | 3669 | if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) |
3472 | l2cap_send_ack(chan); | 3670 | l2cap_send_ack(chan); |
3473 | else | 3671 | else |
3474 | l2cap_ertm_send(chan); | 3672 | l2cap_ertm_send(chan); |
@@ -3481,21 +3679,19 @@ static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_c | |||
3481 | 3679 | ||
3482 | BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control); | 3680 | BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control); |
3483 | 3681 | ||
3484 | chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; | 3682 | clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); |
3485 | 3683 | ||
3486 | chan->expected_ack_seq = tx_seq; | 3684 | chan->expected_ack_seq = tx_seq; |
3487 | l2cap_drop_acked_frames(chan); | 3685 | l2cap_drop_acked_frames(chan); |
3488 | 3686 | ||
3489 | if (rx_control & L2CAP_CTRL_FINAL) { | 3687 | if (rx_control & L2CAP_CTRL_FINAL) { |
3490 | if (chan->conn_state & L2CAP_CONN_REJ_ACT) | 3688 | if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) |
3491 | chan->conn_state &= ~L2CAP_CONN_REJ_ACT; | ||
3492 | else | ||
3493 | l2cap_retransmit_frames(chan); | 3689 | l2cap_retransmit_frames(chan); |
3494 | } else { | 3690 | } else { |
3495 | l2cap_retransmit_frames(chan); | 3691 | l2cap_retransmit_frames(chan); |
3496 | 3692 | ||
3497 | if (chan->conn_state & L2CAP_CONN_WAIT_F) | 3693 | if (test_bit(CONN_WAIT_F, &chan->conn_state)) |
3498 | chan->conn_state |= L2CAP_CONN_REJ_ACT; | 3694 | set_bit(CONN_REJ_ACT, &chan->conn_state); |
3499 | } | 3695 | } |
3500 | } | 3696 | } |
3501 | static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control) | 3697 | static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control) |
@@ -3504,32 +3700,32 @@ static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_ | |||
3504 | 3700 | ||
3505 | BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control); | 3701 | BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control); |
3506 | 3702 | ||
3507 | chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY; | 3703 | clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); |
3508 | 3704 | ||
3509 | if (rx_control & L2CAP_CTRL_POLL) { | 3705 | if (rx_control & L2CAP_CTRL_POLL) { |
3510 | chan->expected_ack_seq = tx_seq; | 3706 | chan->expected_ack_seq = tx_seq; |
3511 | l2cap_drop_acked_frames(chan); | 3707 | l2cap_drop_acked_frames(chan); |
3512 | 3708 | ||
3513 | chan->conn_state |= L2CAP_CONN_SEND_FBIT; | 3709 | set_bit(CONN_SEND_FBIT, &chan->conn_state); |
3514 | l2cap_retransmit_one_frame(chan, tx_seq); | 3710 | l2cap_retransmit_one_frame(chan, tx_seq); |
3515 | 3711 | ||
3516 | l2cap_ertm_send(chan); | 3712 | l2cap_ertm_send(chan); |
3517 | 3713 | ||
3518 | if (chan->conn_state & L2CAP_CONN_WAIT_F) { | 3714 | if (test_bit(CONN_WAIT_F, &chan->conn_state)) { |
3519 | chan->srej_save_reqseq = tx_seq; | 3715 | chan->srej_save_reqseq = tx_seq; |
3520 | chan->conn_state |= L2CAP_CONN_SREJ_ACT; | 3716 | set_bit(CONN_SREJ_ACT, &chan->conn_state); |
3521 | } | 3717 | } |
3522 | } else if (rx_control & L2CAP_CTRL_FINAL) { | 3718 | } else if (rx_control & L2CAP_CTRL_FINAL) { |
3523 | if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) && | 3719 | if (test_bit(CONN_SREJ_ACT, &chan->conn_state) && |
3524 | chan->srej_save_reqseq == tx_seq) | 3720 | chan->srej_save_reqseq == tx_seq) |
3525 | chan->conn_state &= ~L2CAP_CONN_SREJ_ACT; | 3721 | clear_bit(CONN_SREJ_ACT, &chan->conn_state); |
3526 | else | 3722 | else |
3527 | l2cap_retransmit_one_frame(chan, tx_seq); | 3723 | l2cap_retransmit_one_frame(chan, tx_seq); |
3528 | } else { | 3724 | } else { |
3529 | l2cap_retransmit_one_frame(chan, tx_seq); | 3725 | l2cap_retransmit_one_frame(chan, tx_seq); |
3530 | if (chan->conn_state & L2CAP_CONN_WAIT_F) { | 3726 | if (test_bit(CONN_WAIT_F, &chan->conn_state)) { |
3531 | chan->srej_save_reqseq = tx_seq; | 3727 | chan->srej_save_reqseq = tx_seq; |
3532 | chan->conn_state |= L2CAP_CONN_SREJ_ACT; | 3728 | set_bit(CONN_SREJ_ACT, &chan->conn_state); |
3533 | } | 3729 | } |
3534 | } | 3730 | } |
3535 | } | 3731 | } |
@@ -3540,15 +3736,15 @@ static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_c | |||
3540 | 3736 | ||
3541 | BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control); | 3737 | BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control); |
3542 | 3738 | ||
3543 | chan->conn_state |= L2CAP_CONN_REMOTE_BUSY; | 3739 | set_bit(CONN_REMOTE_BUSY, &chan->conn_state); |
3544 | chan->expected_ack_seq = tx_seq; | 3740 | chan->expected_ack_seq = tx_seq; |
3545 | l2cap_drop_acked_frames(chan); | 3741 | l2cap_drop_acked_frames(chan); |
3546 | 3742 | ||
3547 | if (rx_control & L2CAP_CTRL_POLL) | 3743 | if (rx_control & L2CAP_CTRL_POLL) |
3548 | chan->conn_state |= L2CAP_CONN_SEND_FBIT; | 3744 | set_bit(CONN_SEND_FBIT, &chan->conn_state); |
3549 | 3745 | ||
3550 | if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) { | 3746 | if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) { |
3551 | del_timer(&chan->retrans_timer); | 3747 | __clear_retrans_timer(chan); |
3552 | if (rx_control & L2CAP_CTRL_POLL) | 3748 | if (rx_control & L2CAP_CTRL_POLL) |
3553 | l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL); | 3749 | l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL); |
3554 | return; | 3750 | return; |
@@ -3565,11 +3761,11 @@ static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_cont | |||
3565 | BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len); | 3761 | BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len); |
3566 | 3762 | ||
3567 | if (L2CAP_CTRL_FINAL & rx_control && | 3763 | if (L2CAP_CTRL_FINAL & rx_control && |
3568 | chan->conn_state & L2CAP_CONN_WAIT_F) { | 3764 | test_bit(CONN_WAIT_F, &chan->conn_state)) { |
3569 | del_timer(&chan->monitor_timer); | 3765 | __clear_monitor_timer(chan); |
3570 | if (chan->unacked_frames > 0) | 3766 | if (chan->unacked_frames > 0) |
3571 | __mod_retrans_timer(); | 3767 | __set_retrans_timer(chan); |
3572 | chan->conn_state &= ~L2CAP_CONN_WAIT_F; | 3768 | clear_bit(CONN_WAIT_F, &chan->conn_state); |
3573 | } | 3769 | } |
3574 | 3770 | ||
3575 | switch (rx_control & L2CAP_CTRL_SUPERVISE) { | 3771 | switch (rx_control & L2CAP_CTRL_SUPERVISE) { |
@@ -3668,7 +3864,6 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk | |||
3668 | { | 3864 | { |
3669 | struct l2cap_chan *chan; | 3865 | struct l2cap_chan *chan; |
3670 | struct sock *sk = NULL; | 3866 | struct sock *sk = NULL; |
3671 | struct l2cap_pinfo *pi; | ||
3672 | u16 control; | 3867 | u16 control; |
3673 | u8 tx_seq; | 3868 | u8 tx_seq; |
3674 | int len; | 3869 | int len; |
@@ -3680,11 +3875,10 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk | |||
3680 | } | 3875 | } |
3681 | 3876 | ||
3682 | sk = chan->sk; | 3877 | sk = chan->sk; |
3683 | pi = l2cap_pi(sk); | ||
3684 | 3878 | ||
3685 | BT_DBG("chan %p, len %d", chan, skb->len); | 3879 | BT_DBG("chan %p, len %d", chan, skb->len); |
3686 | 3880 | ||
3687 | if (sk->sk_state != BT_CONNECTED) | 3881 | if (chan->state != BT_CONNECTED) |
3688 | goto drop; | 3882 | goto drop; |
3689 | 3883 | ||
3690 | switch (chan->mode) { | 3884 | switch (chan->mode) { |
@@ -3697,7 +3891,7 @@ static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk | |||
3697 | if (chan->imtu < skb->len) | 3891 | if (chan->imtu < skb->len) |
3698 | goto drop; | 3892 | goto drop; |
3699 | 3893 | ||
3700 | if (!sock_queue_rcv_skb(sk, skb)) | 3894 | if (!chan->ops->recv(chan->data, skb)) |
3701 | goto done; | 3895 | goto done; |
3702 | break; | 3896 | break; |
3703 | 3897 | ||
@@ -3769,13 +3963,13 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str | |||
3769 | 3963 | ||
3770 | BT_DBG("sk %p, len %d", sk, skb->len); | 3964 | BT_DBG("sk %p, len %d", sk, skb->len); |
3771 | 3965 | ||
3772 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) | 3966 | if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) |
3773 | goto drop; | 3967 | goto drop; |
3774 | 3968 | ||
3775 | if (l2cap_pi(sk)->chan->imtu < skb->len) | 3969 | if (chan->imtu < skb->len) |
3776 | goto drop; | 3970 | goto drop; |
3777 | 3971 | ||
3778 | if (!sock_queue_rcv_skb(sk, skb)) | 3972 | if (!chan->ops->recv(chan->data, skb)) |
3779 | goto done; | 3973 | goto done; |
3780 | 3974 | ||
3781 | drop: | 3975 | drop: |
@@ -3802,13 +3996,13 @@ static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct | |||
3802 | 3996 | ||
3803 | BT_DBG("sk %p, len %d", sk, skb->len); | 3997 | BT_DBG("sk %p, len %d", sk, skb->len); |
3804 | 3998 | ||
3805 | if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED) | 3999 | if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) |
3806 | goto drop; | 4000 | goto drop; |
3807 | 4001 | ||
3808 | if (l2cap_pi(sk)->chan->imtu < skb->len) | 4002 | if (chan->imtu < skb->len) |
3809 | goto drop; | 4003 | goto drop; |
3810 | 4004 | ||
3811 | if (!sock_queue_rcv_skb(sk, skb)) | 4005 | if (!chan->ops->recv(chan->data, skb)) |
3812 | goto done; | 4006 | goto done; |
3813 | 4007 | ||
3814 | drop: | 4008 | drop: |
@@ -3853,6 +4047,11 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) | |||
3853 | l2cap_att_channel(conn, cid, skb); | 4047 | l2cap_att_channel(conn, cid, skb); |
3854 | break; | 4048 | break; |
3855 | 4049 | ||
4050 | case L2CAP_CID_SMP: | ||
4051 | if (smp_sig_channel(conn, skb)) | ||
4052 | l2cap_conn_del(conn->hcon, EACCES); | ||
4053 | break; | ||
4054 | |||
3856 | default: | 4055 | default: |
3857 | l2cap_data_channel(conn, cid, skb); | 4056 | l2cap_data_channel(conn, cid, skb); |
3858 | break; | 4057 | break; |
@@ -3876,7 +4075,7 @@ static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | |||
3876 | list_for_each_entry(c, &chan_list, global_l) { | 4075 | list_for_each_entry(c, &chan_list, global_l) { |
3877 | struct sock *sk = c->sk; | 4076 | struct sock *sk = c->sk; |
3878 | 4077 | ||
3879 | if (sk->sk_state != BT_LISTEN) | 4078 | if (c->state != BT_LISTEN) |
3880 | continue; | 4079 | continue; |
3881 | 4080 | ||
3882 | if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { | 4081 | if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) { |
@@ -3920,7 +4119,7 @@ static int l2cap_disconn_ind(struct hci_conn *hcon) | |||
3920 | 4119 | ||
3921 | BT_DBG("hcon %p", hcon); | 4120 | BT_DBG("hcon %p", hcon); |
3922 | 4121 | ||
3923 | if (hcon->type != ACL_LINK || !conn) | 4122 | if ((hcon->type != ACL_LINK && hcon->type != LE_LINK) || !conn) |
3924 | return 0x13; | 4123 | return 0x13; |
3925 | 4124 | ||
3926 | return conn->disc_reason; | 4125 | return conn->disc_reason; |
@@ -3940,20 +4139,18 @@ static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason) | |||
3940 | 4139 | ||
3941 | static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt) | 4140 | static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt) |
3942 | { | 4141 | { |
3943 | struct sock *sk = chan->sk; | 4142 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) |
3944 | |||
3945 | if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM) | ||
3946 | return; | 4143 | return; |
3947 | 4144 | ||
3948 | if (encrypt == 0x00) { | 4145 | if (encrypt == 0x00) { |
3949 | if (chan->sec_level == BT_SECURITY_MEDIUM) { | 4146 | if (chan->sec_level == BT_SECURITY_MEDIUM) { |
3950 | l2cap_sock_clear_timer(sk); | 4147 | __clear_chan_timer(chan); |
3951 | l2cap_sock_set_timer(sk, HZ * 5); | 4148 | __set_chan_timer(chan, HZ * 5); |
3952 | } else if (chan->sec_level == BT_SECURITY_HIGH) | 4149 | } else if (chan->sec_level == BT_SECURITY_HIGH) |
3953 | __l2cap_sock_close(sk, ECONNREFUSED); | 4150 | l2cap_chan_close(chan, ECONNREFUSED); |
3954 | } else { | 4151 | } else { |
3955 | if (chan->sec_level == BT_SECURITY_MEDIUM) | 4152 | if (chan->sec_level == BT_SECURITY_MEDIUM) |
3956 | l2cap_sock_clear_timer(sk); | 4153 | __clear_chan_timer(chan); |
3957 | } | 4154 | } |
3958 | } | 4155 | } |
3959 | 4156 | ||
@@ -3974,34 +4171,47 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
3974 | 4171 | ||
3975 | bh_lock_sock(sk); | 4172 | bh_lock_sock(sk); |
3976 | 4173 | ||
3977 | if (chan->conf_state & L2CAP_CONF_CONNECT_PEND) { | 4174 | BT_DBG("chan->scid %d", chan->scid); |
4175 | |||
4176 | if (chan->scid == L2CAP_CID_LE_DATA) { | ||
4177 | if (!status && encrypt) { | ||
4178 | chan->sec_level = hcon->sec_level; | ||
4179 | del_timer(&conn->security_timer); | ||
4180 | l2cap_chan_ready(sk); | ||
4181 | } | ||
4182 | |||
3978 | bh_unlock_sock(sk); | 4183 | bh_unlock_sock(sk); |
3979 | continue; | 4184 | continue; |
3980 | } | 4185 | } |
3981 | 4186 | ||
3982 | if (!status && (sk->sk_state == BT_CONNECTED || | 4187 | if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) { |
3983 | sk->sk_state == BT_CONFIG)) { | 4188 | bh_unlock_sock(sk); |
4189 | continue; | ||
4190 | } | ||
4191 | |||
4192 | if (!status && (chan->state == BT_CONNECTED || | ||
4193 | chan->state == BT_CONFIG)) { | ||
3984 | l2cap_check_encryption(chan, encrypt); | 4194 | l2cap_check_encryption(chan, encrypt); |
3985 | bh_unlock_sock(sk); | 4195 | bh_unlock_sock(sk); |
3986 | continue; | 4196 | continue; |
3987 | } | 4197 | } |
3988 | 4198 | ||
3989 | if (sk->sk_state == BT_CONNECT) { | 4199 | if (chan->state == BT_CONNECT) { |
3990 | if (!status) { | 4200 | if (!status) { |
3991 | struct l2cap_conn_req req; | 4201 | struct l2cap_conn_req req; |
3992 | req.scid = cpu_to_le16(chan->scid); | 4202 | req.scid = cpu_to_le16(chan->scid); |
3993 | req.psm = chan->psm; | 4203 | req.psm = chan->psm; |
3994 | 4204 | ||
3995 | chan->ident = l2cap_get_ident(conn); | 4205 | chan->ident = l2cap_get_ident(conn); |
3996 | chan->conf_state |= L2CAP_CONF_CONNECT_PEND; | 4206 | set_bit(CONF_CONNECT_PEND, &chan->conf_state); |
3997 | 4207 | ||
3998 | l2cap_send_cmd(conn, chan->ident, | 4208 | l2cap_send_cmd(conn, chan->ident, |
3999 | L2CAP_CONN_REQ, sizeof(req), &req); | 4209 | L2CAP_CONN_REQ, sizeof(req), &req); |
4000 | } else { | 4210 | } else { |
4001 | l2cap_sock_clear_timer(sk); | 4211 | __clear_chan_timer(chan); |
4002 | l2cap_sock_set_timer(sk, HZ / 10); | 4212 | __set_chan_timer(chan, HZ / 10); |
4003 | } | 4213 | } |
4004 | } else if (sk->sk_state == BT_CONNECT2) { | 4214 | } else if (chan->state == BT_CONNECT2) { |
4005 | struct l2cap_conn_rsp rsp; | 4215 | struct l2cap_conn_rsp rsp; |
4006 | __u16 res, stat; | 4216 | __u16 res, stat; |
4007 | 4217 | ||
@@ -4012,13 +4222,13 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
4012 | stat = L2CAP_CS_AUTHOR_PEND; | 4222 | stat = L2CAP_CS_AUTHOR_PEND; |
4013 | parent->sk_data_ready(parent, 0); | 4223 | parent->sk_data_ready(parent, 0); |
4014 | } else { | 4224 | } else { |
4015 | sk->sk_state = BT_CONFIG; | 4225 | l2cap_state_change(chan, BT_CONFIG); |
4016 | res = L2CAP_CR_SUCCESS; | 4226 | res = L2CAP_CR_SUCCESS; |
4017 | stat = L2CAP_CS_NO_INFO; | 4227 | stat = L2CAP_CS_NO_INFO; |
4018 | } | 4228 | } |
4019 | } else { | 4229 | } else { |
4020 | sk->sk_state = BT_DISCONN; | 4230 | l2cap_state_change(chan, BT_DISCONN); |
4021 | l2cap_sock_set_timer(sk, HZ / 10); | 4231 | __set_chan_timer(chan, HZ / 10); |
4022 | res = L2CAP_CR_SEC_BLOCK; | 4232 | res = L2CAP_CR_SEC_BLOCK; |
4023 | stat = L2CAP_CS_NO_INFO; | 4233 | stat = L2CAP_CS_NO_INFO; |
4024 | } | 4234 | } |
@@ -4162,10 +4372,10 @@ static int l2cap_debugfs_show(struct seq_file *f, void *p) | |||
4162 | seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", | 4372 | seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n", |
4163 | batostr(&bt_sk(sk)->src), | 4373 | batostr(&bt_sk(sk)->src), |
4164 | batostr(&bt_sk(sk)->dst), | 4374 | batostr(&bt_sk(sk)->dst), |
4165 | sk->sk_state, __le16_to_cpu(c->psm), | 4375 | c->state, __le16_to_cpu(c->psm), |
4166 | c->scid, c->dcid, c->imtu, c->omtu, | 4376 | c->scid, c->dcid, c->imtu, c->omtu, |
4167 | c->sec_level, c->mode); | 4377 | c->sec_level, c->mode); |
4168 | } | 4378 | } |
4169 | 4379 | ||
4170 | read_unlock_bh(&chan_list_lock); | 4380 | read_unlock_bh(&chan_list_lock); |
4171 | 4381 | ||
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 8248303f44e8..39082d4e77ce 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
@@ -29,54 +29,11 @@ | |||
29 | #include <net/bluetooth/bluetooth.h> | 29 | #include <net/bluetooth/bluetooth.h> |
30 | #include <net/bluetooth/hci_core.h> | 30 | #include <net/bluetooth/hci_core.h> |
31 | #include <net/bluetooth/l2cap.h> | 31 | #include <net/bluetooth/l2cap.h> |
32 | #include <net/bluetooth/smp.h> | ||
32 | 33 | ||
33 | static const struct proto_ops l2cap_sock_ops; | 34 | static const struct proto_ops l2cap_sock_ops; |
34 | 35 | static void l2cap_sock_init(struct sock *sk, struct sock *parent); | |
35 | /* ---- L2CAP timers ---- */ | 36 | static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio); |
36 | static void l2cap_sock_timeout(unsigned long arg) | ||
37 | { | ||
38 | struct sock *sk = (struct sock *) arg; | ||
39 | int reason; | ||
40 | |||
41 | BT_DBG("sock %p state %d", sk, sk->sk_state); | ||
42 | |||
43 | bh_lock_sock(sk); | ||
44 | |||
45 | if (sock_owned_by_user(sk)) { | ||
46 | /* sk is owned by user. Try again later */ | ||
47 | l2cap_sock_set_timer(sk, HZ / 5); | ||
48 | bh_unlock_sock(sk); | ||
49 | sock_put(sk); | ||
50 | return; | ||
51 | } | ||
52 | |||
53 | if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG) | ||
54 | reason = ECONNREFUSED; | ||
55 | else if (sk->sk_state == BT_CONNECT && | ||
56 | l2cap_pi(sk)->chan->sec_level != BT_SECURITY_SDP) | ||
57 | reason = ECONNREFUSED; | ||
58 | else | ||
59 | reason = ETIMEDOUT; | ||
60 | |||
61 | __l2cap_sock_close(sk, reason); | ||
62 | |||
63 | bh_unlock_sock(sk); | ||
64 | |||
65 | l2cap_sock_kill(sk); | ||
66 | sock_put(sk); | ||
67 | } | ||
68 | |||
69 | void l2cap_sock_set_timer(struct sock *sk, long timeout) | ||
70 | { | ||
71 | BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout); | ||
72 | sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); | ||
73 | } | ||
74 | |||
75 | void l2cap_sock_clear_timer(struct sock *sk) | ||
76 | { | ||
77 | BT_DBG("sock %p state %d", sk, sk->sk_state); | ||
78 | sk_stop_timer(sk, &sk->sk_timer); | ||
79 | } | ||
80 | 37 | ||
81 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | 38 | static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) |
82 | { | 39 | { |
@@ -133,6 +90,8 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | |||
133 | chan->sec_level = BT_SECURITY_SDP; | 90 | chan->sec_level = BT_SECURITY_SDP; |
134 | 91 | ||
135 | bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); | 92 | bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); |
93 | |||
94 | chan->state = BT_BOUND; | ||
136 | sk->sk_state = BT_BOUND; | 95 | sk->sk_state = BT_BOUND; |
137 | 96 | ||
138 | done: | 97 | done: |
@@ -162,7 +121,7 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al | |||
162 | 121 | ||
163 | lock_sock(sk); | 122 | lock_sock(sk); |
164 | 123 | ||
165 | if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) | 124 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED |
166 | && !(la.l2_psm || la.l2_cid)) { | 125 | && !(la.l2_psm || la.l2_cid)) { |
167 | err = -EINVAL; | 126 | err = -EINVAL; |
168 | goto done; | 127 | goto done; |
@@ -204,8 +163,8 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int al | |||
204 | } | 163 | } |
205 | 164 | ||
206 | /* PSM must be odd and lsb of upper byte must be 0 */ | 165 | /* PSM must be odd and lsb of upper byte must be 0 */ |
207 | if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && | 166 | if ((__le16_to_cpu(la.l2_psm) & 0x0101) != 0x0001 && !la.l2_cid && |
208 | sk->sk_type != SOCK_RAW && !la.l2_cid) { | 167 | chan->chan_type != L2CAP_CHAN_RAW) { |
209 | err = -EINVAL; | 168 | err = -EINVAL; |
210 | goto done; | 169 | goto done; |
211 | } | 170 | } |
@@ -258,6 +217,8 @@ static int l2cap_sock_listen(struct socket *sock, int backlog) | |||
258 | 217 | ||
259 | sk->sk_max_ack_backlog = backlog; | 218 | sk->sk_max_ack_backlog = backlog; |
260 | sk->sk_ack_backlog = 0; | 219 | sk->sk_ack_backlog = 0; |
220 | |||
221 | chan->state = BT_LISTEN; | ||
261 | sk->sk_state = BT_LISTEN; | 222 | sk->sk_state = BT_LISTEN; |
262 | 223 | ||
263 | done: | 224 | done: |
@@ -437,6 +398,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
437 | struct sock *sk = sock->sk; | 398 | struct sock *sk = sock->sk; |
438 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | 399 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; |
439 | struct bt_security sec; | 400 | struct bt_security sec; |
401 | struct bt_power pwr; | ||
440 | int len, err = 0; | 402 | int len, err = 0; |
441 | 403 | ||
442 | BT_DBG("sk %p", sk); | 404 | BT_DBG("sk %p", sk); |
@@ -454,8 +416,8 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
454 | 416 | ||
455 | switch (optname) { | 417 | switch (optname) { |
456 | case BT_SECURITY: | 418 | case BT_SECURITY: |
457 | if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM | 419 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && |
458 | && sk->sk_type != SOCK_RAW) { | 420 | chan->chan_type != L2CAP_CHAN_RAW) { |
459 | err = -EINVAL; | 421 | err = -EINVAL; |
460 | break; | 422 | break; |
461 | } | 423 | } |
@@ -485,6 +447,21 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, ch | |||
485 | 447 | ||
486 | break; | 448 | break; |
487 | 449 | ||
450 | case BT_POWER: | ||
451 | if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM | ||
452 | && sk->sk_type != SOCK_RAW) { | ||
453 | err = -EINVAL; | ||
454 | break; | ||
455 | } | ||
456 | |||
457 | pwr.force_active = chan->force_active; | ||
458 | |||
459 | len = min_t(unsigned int, len, sizeof(pwr)); | ||
460 | if (copy_to_user(optval, (char *) &pwr, len)) | ||
461 | err = -EFAULT; | ||
462 | |||
463 | break; | ||
464 | |||
488 | default: | 465 | default: |
489 | err = -ENOPROTOOPT; | 466 | err = -ENOPROTOOPT; |
490 | break; | 467 | break; |
@@ -535,7 +512,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us | |||
535 | chan->mode = opts.mode; | 512 | chan->mode = opts.mode; |
536 | switch (chan->mode) { | 513 | switch (chan->mode) { |
537 | case L2CAP_MODE_BASIC: | 514 | case L2CAP_MODE_BASIC: |
538 | chan->conf_state &= ~L2CAP_CONF_STATE2_DEVICE; | 515 | clear_bit(CONF_STATE2_DEVICE, &chan->conf_state); |
539 | break; | 516 | break; |
540 | case L2CAP_MODE_ERTM: | 517 | case L2CAP_MODE_ERTM: |
541 | case L2CAP_MODE_STREAMING: | 518 | case L2CAP_MODE_STREAMING: |
@@ -585,6 +562,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
585 | struct sock *sk = sock->sk; | 562 | struct sock *sk = sock->sk; |
586 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | 563 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; |
587 | struct bt_security sec; | 564 | struct bt_security sec; |
565 | struct bt_power pwr; | ||
566 | struct l2cap_conn *conn; | ||
588 | int len, err = 0; | 567 | int len, err = 0; |
589 | u32 opt; | 568 | u32 opt; |
590 | 569 | ||
@@ -600,8 +579,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
600 | 579 | ||
601 | switch (optname) { | 580 | switch (optname) { |
602 | case BT_SECURITY: | 581 | case BT_SECURITY: |
603 | if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM | 582 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && |
604 | && sk->sk_type != SOCK_RAW) { | 583 | chan->chan_type != L2CAP_CHAN_RAW) { |
605 | err = -EINVAL; | 584 | err = -EINVAL; |
606 | break; | 585 | break; |
607 | } | 586 | } |
@@ -621,6 +600,20 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
621 | } | 600 | } |
622 | 601 | ||
623 | chan->sec_level = sec.level; | 602 | chan->sec_level = sec.level; |
603 | |||
604 | conn = chan->conn; | ||
605 | if (conn && chan->scid == L2CAP_CID_LE_DATA) { | ||
606 | if (!conn->hcon->out) { | ||
607 | err = -EINVAL; | ||
608 | break; | ||
609 | } | ||
610 | |||
611 | if (smp_conn_security(conn, sec.level)) | ||
612 | break; | ||
613 | |||
614 | err = 0; | ||
615 | sk->sk_state = BT_CONFIG; | ||
616 | } | ||
624 | break; | 617 | break; |
625 | 618 | ||
626 | case BT_DEFER_SETUP: | 619 | case BT_DEFER_SETUP: |
@@ -661,6 +654,23 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch | |||
661 | chan->flushable = opt; | 654 | chan->flushable = opt; |
662 | break; | 655 | break; |
663 | 656 | ||
657 | case BT_POWER: | ||
658 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && | ||
659 | chan->chan_type != L2CAP_CHAN_RAW) { | ||
660 | err = -EINVAL; | ||
661 | break; | ||
662 | } | ||
663 | |||
664 | pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; | ||
665 | |||
666 | len = min_t(unsigned int, sizeof(pwr), optlen); | ||
667 | if (copy_from_user((char *) &pwr, optval, len)) { | ||
668 | err = -EFAULT; | ||
669 | break; | ||
670 | } | ||
671 | chan->force_active = pwr.force_active; | ||
672 | break; | ||
673 | |||
664 | default: | 674 | default: |
665 | err = -ENOPROTOOPT; | 675 | err = -ENOPROTOOPT; |
666 | break; | 676 | break; |
@@ -674,8 +684,6 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
674 | { | 684 | { |
675 | struct sock *sk = sock->sk; | 685 | struct sock *sk = sock->sk; |
676 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | 686 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; |
677 | struct sk_buff *skb; | ||
678 | u16 control; | ||
679 | int err; | 687 | int err; |
680 | 688 | ||
681 | BT_DBG("sock %p, sk %p", sock, sk); | 689 | BT_DBG("sock %p, sk %p", sock, sk); |
@@ -690,87 +698,12 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
690 | lock_sock(sk); | 698 | lock_sock(sk); |
691 | 699 | ||
692 | if (sk->sk_state != BT_CONNECTED) { | 700 | if (sk->sk_state != BT_CONNECTED) { |
693 | err = -ENOTCONN; | 701 | release_sock(sk); |
694 | goto done; | 702 | return -ENOTCONN; |
695 | } | ||
696 | |||
697 | /* Connectionless channel */ | ||
698 | if (sk->sk_type == SOCK_DGRAM) { | ||
699 | skb = l2cap_create_connless_pdu(chan, msg, len); | ||
700 | if (IS_ERR(skb)) { | ||
701 | err = PTR_ERR(skb); | ||
702 | } else { | ||
703 | l2cap_do_send(chan, skb); | ||
704 | err = len; | ||
705 | } | ||
706 | goto done; | ||
707 | } | 703 | } |
708 | 704 | ||
709 | switch (chan->mode) { | 705 | err = l2cap_chan_send(chan, msg, len); |
710 | case L2CAP_MODE_BASIC: | ||
711 | /* Check outgoing MTU */ | ||
712 | if (len > chan->omtu) { | ||
713 | err = -EMSGSIZE; | ||
714 | goto done; | ||
715 | } | ||
716 | |||
717 | /* Create a basic PDU */ | ||
718 | skb = l2cap_create_basic_pdu(chan, msg, len); | ||
719 | if (IS_ERR(skb)) { | ||
720 | err = PTR_ERR(skb); | ||
721 | goto done; | ||
722 | } | ||
723 | |||
724 | l2cap_do_send(chan, skb); | ||
725 | err = len; | ||
726 | break; | ||
727 | |||
728 | case L2CAP_MODE_ERTM: | ||
729 | case L2CAP_MODE_STREAMING: | ||
730 | /* Entire SDU fits into one PDU */ | ||
731 | if (len <= chan->remote_mps) { | ||
732 | control = L2CAP_SDU_UNSEGMENTED; | ||
733 | skb = l2cap_create_iframe_pdu(chan, msg, len, control, | ||
734 | 0); | ||
735 | if (IS_ERR(skb)) { | ||
736 | err = PTR_ERR(skb); | ||
737 | goto done; | ||
738 | } | ||
739 | __skb_queue_tail(&chan->tx_q, skb); | ||
740 | |||
741 | if (chan->tx_send_head == NULL) | ||
742 | chan->tx_send_head = skb; | ||
743 | |||
744 | } else { | ||
745 | /* Segment SDU into multiples PDUs */ | ||
746 | err = l2cap_sar_segment_sdu(chan, msg, len); | ||
747 | if (err < 0) | ||
748 | goto done; | ||
749 | } | ||
750 | |||
751 | if (chan->mode == L2CAP_MODE_STREAMING) { | ||
752 | l2cap_streaming_send(chan); | ||
753 | err = len; | ||
754 | break; | ||
755 | } | ||
756 | |||
757 | if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) && | ||
758 | (chan->conn_state & L2CAP_CONN_WAIT_F)) { | ||
759 | err = len; | ||
760 | break; | ||
761 | } | ||
762 | err = l2cap_ertm_send(chan); | ||
763 | |||
764 | if (err >= 0) | ||
765 | err = len; | ||
766 | break; | ||
767 | |||
768 | default: | ||
769 | BT_DBG("bad state %1.1x", chan->mode); | ||
770 | err = -EBADFD; | ||
771 | } | ||
772 | 706 | ||
773 | done: | ||
774 | release_sock(sk); | 707 | release_sock(sk); |
775 | return err; | 708 | return err; |
776 | } | 709 | } |
@@ -800,7 +733,7 @@ static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
800 | /* Kill socket (only if zapped and orphan) | 733 | /* Kill socket (only if zapped and orphan) |
801 | * Must be called on unlocked socket. | 734 | * Must be called on unlocked socket. |
802 | */ | 735 | */ |
803 | void l2cap_sock_kill(struct sock *sk) | 736 | static void l2cap_sock_kill(struct sock *sk) |
804 | { | 737 | { |
805 | if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) | 738 | if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) |
806 | return; | 739 | return; |
@@ -814,87 +747,6 @@ void l2cap_sock_kill(struct sock *sk) | |||
814 | sock_put(sk); | 747 | sock_put(sk); |
815 | } | 748 | } |
816 | 749 | ||
817 | /* Must be called on unlocked socket. */ | ||
818 | static void l2cap_sock_close(struct sock *sk) | ||
819 | { | ||
820 | l2cap_sock_clear_timer(sk); | ||
821 | lock_sock(sk); | ||
822 | __l2cap_sock_close(sk, ECONNRESET); | ||
823 | release_sock(sk); | ||
824 | l2cap_sock_kill(sk); | ||
825 | } | ||
826 | |||
827 | static void l2cap_sock_cleanup_listen(struct sock *parent) | ||
828 | { | ||
829 | struct sock *sk; | ||
830 | |||
831 | BT_DBG("parent %p", parent); | ||
832 | |||
833 | /* Close not yet accepted channels */ | ||
834 | while ((sk = bt_accept_dequeue(parent, NULL))) | ||
835 | l2cap_sock_close(sk); | ||
836 | |||
837 | parent->sk_state = BT_CLOSED; | ||
838 | sock_set_flag(parent, SOCK_ZAPPED); | ||
839 | } | ||
840 | |||
841 | void __l2cap_sock_close(struct sock *sk, int reason) | ||
842 | { | ||
843 | struct l2cap_chan *chan = l2cap_pi(sk)->chan; | ||
844 | struct l2cap_conn *conn = chan->conn; | ||
845 | |||
846 | BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket); | ||
847 | |||
848 | switch (sk->sk_state) { | ||
849 | case BT_LISTEN: | ||
850 | l2cap_sock_cleanup_listen(sk); | ||
851 | break; | ||
852 | |||
853 | case BT_CONNECTED: | ||
854 | case BT_CONFIG: | ||
855 | if ((sk->sk_type == SOCK_SEQPACKET || | ||
856 | sk->sk_type == SOCK_STREAM) && | ||
857 | conn->hcon->type == ACL_LINK) { | ||
858 | l2cap_sock_set_timer(sk, sk->sk_sndtimeo); | ||
859 | l2cap_send_disconn_req(conn, chan, reason); | ||
860 | } else | ||
861 | l2cap_chan_del(chan, reason); | ||
862 | break; | ||
863 | |||
864 | case BT_CONNECT2: | ||
865 | if ((sk->sk_type == SOCK_SEQPACKET || | ||
866 | sk->sk_type == SOCK_STREAM) && | ||
867 | conn->hcon->type == ACL_LINK) { | ||
868 | struct l2cap_conn_rsp rsp; | ||
869 | __u16 result; | ||
870 | |||
871 | if (bt_sk(sk)->defer_setup) | ||
872 | result = L2CAP_CR_SEC_BLOCK; | ||
873 | else | ||
874 | result = L2CAP_CR_BAD_PSM; | ||
875 | |||
876 | rsp.scid = cpu_to_le16(chan->dcid); | ||
877 | rsp.dcid = cpu_to_le16(chan->scid); | ||
878 | rsp.result = cpu_to_le16(result); | ||
879 | rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); | ||
880 | l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, | ||
881 | sizeof(rsp), &rsp); | ||
882 | } | ||
883 | |||
884 | l2cap_chan_del(chan, reason); | ||
885 | break; | ||
886 | |||
887 | case BT_CONNECT: | ||
888 | case BT_DISCONN: | ||
889 | l2cap_chan_del(chan, reason); | ||
890 | break; | ||
891 | |||
892 | default: | ||
893 | sock_set_flag(sk, SOCK_ZAPPED); | ||
894 | break; | ||
895 | } | ||
896 | } | ||
897 | |||
898 | static int l2cap_sock_shutdown(struct socket *sock, int how) | 750 | static int l2cap_sock_shutdown(struct socket *sock, int how) |
899 | { | 751 | { |
900 | struct sock *sk = sock->sk; | 752 | struct sock *sk = sock->sk; |
@@ -912,8 +764,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how) | |||
912 | err = __l2cap_wait_ack(sk); | 764 | err = __l2cap_wait_ack(sk); |
913 | 765 | ||
914 | sk->sk_shutdown = SHUTDOWN_MASK; | 766 | sk->sk_shutdown = SHUTDOWN_MASK; |
915 | l2cap_sock_clear_timer(sk); | 767 | l2cap_chan_close(chan, 0); |
916 | __l2cap_sock_close(sk, 0); | ||
917 | 768 | ||
918 | if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) | 769 | if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime) |
919 | err = bt_sock_wait_state(sk, BT_CLOSED, | 770 | err = bt_sock_wait_state(sk, BT_CLOSED, |
@@ -944,6 +795,49 @@ static int l2cap_sock_release(struct socket *sock) | |||
944 | return err; | 795 | return err; |
945 | } | 796 | } |
946 | 797 | ||
798 | static struct l2cap_chan *l2cap_sock_new_connection_cb(void *data) | ||
799 | { | ||
800 | struct sock *sk, *parent = data; | ||
801 | |||
802 | sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, | ||
803 | GFP_ATOMIC); | ||
804 | if (!sk) | ||
805 | return NULL; | ||
806 | |||
807 | l2cap_sock_init(sk, parent); | ||
808 | |||
809 | return l2cap_pi(sk)->chan; | ||
810 | } | ||
811 | |||
812 | static int l2cap_sock_recv_cb(void *data, struct sk_buff *skb) | ||
813 | { | ||
814 | struct sock *sk = data; | ||
815 | |||
816 | return sock_queue_rcv_skb(sk, skb); | ||
817 | } | ||
818 | |||
819 | static void l2cap_sock_close_cb(void *data) | ||
820 | { | ||
821 | struct sock *sk = data; | ||
822 | |||
823 | l2cap_sock_kill(sk); | ||
824 | } | ||
825 | |||
826 | static void l2cap_sock_state_change_cb(void *data, int state) | ||
827 | { | ||
828 | struct sock *sk = data; | ||
829 | |||
830 | sk->sk_state = state; | ||
831 | } | ||
832 | |||
833 | static struct l2cap_ops l2cap_chan_ops = { | ||
834 | .name = "L2CAP Socket Interface", | ||
835 | .new_connection = l2cap_sock_new_connection_cb, | ||
836 | .recv = l2cap_sock_recv_cb, | ||
837 | .close = l2cap_sock_close_cb, | ||
838 | .state_change = l2cap_sock_state_change_cb, | ||
839 | }; | ||
840 | |||
947 | static void l2cap_sock_destruct(struct sock *sk) | 841 | static void l2cap_sock_destruct(struct sock *sk) |
948 | { | 842 | { |
949 | BT_DBG("sk %p", sk); | 843 | BT_DBG("sk %p", sk); |
@@ -952,7 +846,7 @@ static void l2cap_sock_destruct(struct sock *sk) | |||
952 | skb_queue_purge(&sk->sk_write_queue); | 846 | skb_queue_purge(&sk->sk_write_queue); |
953 | } | 847 | } |
954 | 848 | ||
955 | void l2cap_sock_init(struct sock *sk, struct sock *parent) | 849 | static void l2cap_sock_init(struct sock *sk, struct sock *parent) |
956 | { | 850 | { |
957 | struct l2cap_pinfo *pi = l2cap_pi(sk); | 851 | struct l2cap_pinfo *pi = l2cap_pi(sk); |
958 | struct l2cap_chan *chan = pi->chan; | 852 | struct l2cap_chan *chan = pi->chan; |
@@ -965,6 +859,7 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent) | |||
965 | sk->sk_type = parent->sk_type; | 859 | sk->sk_type = parent->sk_type; |
966 | bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; | 860 | bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup; |
967 | 861 | ||
862 | chan->chan_type = pchan->chan_type; | ||
968 | chan->imtu = pchan->imtu; | 863 | chan->imtu = pchan->imtu; |
969 | chan->omtu = pchan->omtu; | 864 | chan->omtu = pchan->omtu; |
970 | chan->conf_state = pchan->conf_state; | 865 | chan->conf_state = pchan->conf_state; |
@@ -976,12 +871,27 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent) | |||
976 | chan->role_switch = pchan->role_switch; | 871 | chan->role_switch = pchan->role_switch; |
977 | chan->force_reliable = pchan->force_reliable; | 872 | chan->force_reliable = pchan->force_reliable; |
978 | chan->flushable = pchan->flushable; | 873 | chan->flushable = pchan->flushable; |
874 | chan->force_active = pchan->force_active; | ||
979 | } else { | 875 | } else { |
876 | |||
877 | switch (sk->sk_type) { | ||
878 | case SOCK_RAW: | ||
879 | chan->chan_type = L2CAP_CHAN_RAW; | ||
880 | break; | ||
881 | case SOCK_DGRAM: | ||
882 | chan->chan_type = L2CAP_CHAN_CONN_LESS; | ||
883 | break; | ||
884 | case SOCK_SEQPACKET: | ||
885 | case SOCK_STREAM: | ||
886 | chan->chan_type = L2CAP_CHAN_CONN_ORIENTED; | ||
887 | break; | ||
888 | } | ||
889 | |||
980 | chan->imtu = L2CAP_DEFAULT_MTU; | 890 | chan->imtu = L2CAP_DEFAULT_MTU; |
981 | chan->omtu = 0; | 891 | chan->omtu = 0; |
982 | if (!disable_ertm && sk->sk_type == SOCK_STREAM) { | 892 | if (!disable_ertm && sk->sk_type == SOCK_STREAM) { |
983 | chan->mode = L2CAP_MODE_ERTM; | 893 | chan->mode = L2CAP_MODE_ERTM; |
984 | chan->conf_state |= L2CAP_CONF_STATE2_DEVICE; | 894 | set_bit(CONF_STATE2_DEVICE, &chan->conf_state); |
985 | } else { | 895 | } else { |
986 | chan->mode = L2CAP_MODE_BASIC; | 896 | chan->mode = L2CAP_MODE_BASIC; |
987 | } | 897 | } |
@@ -992,10 +902,15 @@ void l2cap_sock_init(struct sock *sk, struct sock *parent) | |||
992 | chan->role_switch = 0; | 902 | chan->role_switch = 0; |
993 | chan->force_reliable = 0; | 903 | chan->force_reliable = 0; |
994 | chan->flushable = BT_FLUSHABLE_OFF; | 904 | chan->flushable = BT_FLUSHABLE_OFF; |
905 | chan->force_active = BT_POWER_FORCE_ACTIVE_ON; | ||
906 | |||
995 | } | 907 | } |
996 | 908 | ||
997 | /* Default config options */ | 909 | /* Default config options */ |
998 | chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; | 910 | chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; |
911 | |||
912 | chan->data = sk; | ||
913 | chan->ops = &l2cap_chan_ops; | ||
999 | } | 914 | } |
1000 | 915 | ||
1001 | static struct proto l2cap_proto = { | 916 | static struct proto l2cap_proto = { |
@@ -1004,9 +919,10 @@ static struct proto l2cap_proto = { | |||
1004 | .obj_size = sizeof(struct l2cap_pinfo) | 919 | .obj_size = sizeof(struct l2cap_pinfo) |
1005 | }; | 920 | }; |
1006 | 921 | ||
1007 | struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) | 922 | static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) |
1008 | { | 923 | { |
1009 | struct sock *sk; | 924 | struct sock *sk; |
925 | struct l2cap_chan *chan; | ||
1010 | 926 | ||
1011 | sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); | 927 | sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto); |
1012 | if (!sk) | 928 | if (!sk) |
@@ -1023,7 +939,13 @@ struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, g | |||
1023 | sk->sk_protocol = proto; | 939 | sk->sk_protocol = proto; |
1024 | sk->sk_state = BT_OPEN; | 940 | sk->sk_state = BT_OPEN; |
1025 | 941 | ||
1026 | setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk); | 942 | chan = l2cap_chan_create(sk); |
943 | if (!chan) { | ||
944 | l2cap_sock_kill(sk); | ||
945 | return NULL; | ||
946 | } | ||
947 | |||
948 | l2cap_pi(sk)->chan = chan; | ||
1027 | 949 | ||
1028 | return sk; | 950 | return sk; |
1029 | } | 951 | } |
@@ -1032,7 +954,6 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, | |||
1032 | int kern) | 954 | int kern) |
1033 | { | 955 | { |
1034 | struct sock *sk; | 956 | struct sock *sk; |
1035 | struct l2cap_chan *chan; | ||
1036 | 957 | ||
1037 | BT_DBG("sock %p", sock); | 958 | BT_DBG("sock %p", sock); |
1038 | 959 | ||
@@ -1051,14 +972,6 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, | |||
1051 | if (!sk) | 972 | if (!sk) |
1052 | return -ENOMEM; | 973 | return -ENOMEM; |
1053 | 974 | ||
1054 | chan = l2cap_chan_create(sk); | ||
1055 | if (!chan) { | ||
1056 | l2cap_sock_kill(sk); | ||
1057 | return -ENOMEM; | ||
1058 | } | ||
1059 | |||
1060 | l2cap_pi(sk)->chan = chan; | ||
1061 | |||
1062 | l2cap_sock_init(sk, NULL); | 975 | l2cap_sock_init(sk, NULL); |
1063 | return 0; | 976 | return 0; |
1064 | } | 977 | } |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index dae382ce7020..64c0418a6221 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -41,7 +41,7 @@ struct pending_cmd { | |||
41 | void *user_data; | 41 | void *user_data; |
42 | }; | 42 | }; |
43 | 43 | ||
44 | LIST_HEAD(cmd_list); | 44 | static LIST_HEAD(cmd_list); |
45 | 45 | ||
46 | static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) | 46 | static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) |
47 | { | 47 | { |
@@ -990,7 +990,7 @@ static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) | |||
990 | 990 | ||
991 | put_unaligned_le16(conn->handle, &dc.handle); | 991 | put_unaligned_le16(conn->handle, &dc.handle); |
992 | dc.reason = 0x13; /* Remote User Terminated Connection */ | 992 | dc.reason = 0x13; /* Remote User Terminated Connection */ |
993 | err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL); | 993 | err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); |
994 | } | 994 | } |
995 | 995 | ||
996 | unlock: | 996 | unlock: |
@@ -1092,8 +1092,6 @@ static int get_connections(struct sock *sk, u16 index) | |||
1092 | 1092 | ||
1093 | put_unaligned_le16(count, &rp->conn_count); | 1093 | put_unaligned_le16(count, &rp->conn_count); |
1094 | 1094 | ||
1095 | read_lock(&hci_dev_list_lock); | ||
1096 | |||
1097 | i = 0; | 1095 | i = 0; |
1098 | list_for_each(p, &hdev->conn_hash.list) { | 1096 | list_for_each(p, &hdev->conn_hash.list) { |
1099 | struct hci_conn *c = list_entry(p, struct hci_conn, list); | 1097 | struct hci_conn *c = list_entry(p, struct hci_conn, list); |
@@ -1101,8 +1099,6 @@ static int get_connections(struct sock *sk, u16 index) | |||
1101 | bacpy(&rp->conn[i++], &c->dst); | 1099 | bacpy(&rp->conn[i++], &c->dst); |
1102 | } | 1100 | } |
1103 | 1101 | ||
1104 | read_unlock(&hci_dev_list_lock); | ||
1105 | |||
1106 | err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); | 1102 | err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); |
1107 | 1103 | ||
1108 | unlock: | 1104 | unlock: |
@@ -1112,11 +1108,32 @@ unlock: | |||
1112 | return err; | 1108 | return err; |
1113 | } | 1109 | } |
1114 | 1110 | ||
1111 | static int send_pin_code_neg_reply(struct sock *sk, u16 index, | ||
1112 | struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) | ||
1113 | { | ||
1114 | struct pending_cmd *cmd; | ||
1115 | int err; | ||
1116 | |||
1117 | cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp, | ||
1118 | sizeof(*cp)); | ||
1119 | if (!cmd) | ||
1120 | return -ENOMEM; | ||
1121 | |||
1122 | err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), | ||
1123 | &cp->bdaddr); | ||
1124 | if (err < 0) | ||
1125 | mgmt_pending_remove(cmd); | ||
1126 | |||
1127 | return err; | ||
1128 | } | ||
1129 | |||
1115 | static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, | 1130 | static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, |
1116 | u16 len) | 1131 | u16 len) |
1117 | { | 1132 | { |
1118 | struct hci_dev *hdev; | 1133 | struct hci_dev *hdev; |
1134 | struct hci_conn *conn; | ||
1119 | struct mgmt_cp_pin_code_reply *cp; | 1135 | struct mgmt_cp_pin_code_reply *cp; |
1136 | struct mgmt_cp_pin_code_neg_reply ncp; | ||
1120 | struct hci_cp_pin_code_reply reply; | 1137 | struct hci_cp_pin_code_reply reply; |
1121 | struct pending_cmd *cmd; | 1138 | struct pending_cmd *cmd; |
1122 | int err; | 1139 | int err; |
@@ -1139,6 +1156,25 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, | |||
1139 | goto failed; | 1156 | goto failed; |
1140 | } | 1157 | } |
1141 | 1158 | ||
1159 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); | ||
1160 | if (!conn) { | ||
1161 | err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); | ||
1162 | goto failed; | ||
1163 | } | ||
1164 | |||
1165 | if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { | ||
1166 | bacpy(&ncp.bdaddr, &cp->bdaddr); | ||
1167 | |||
1168 | BT_ERR("PIN code is not 16 bytes long"); | ||
1169 | |||
1170 | err = send_pin_code_neg_reply(sk, index, hdev, &ncp); | ||
1171 | if (err >= 0) | ||
1172 | err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, | ||
1173 | EINVAL); | ||
1174 | |||
1175 | goto failed; | ||
1176 | } | ||
1177 | |||
1142 | cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); | 1178 | cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); |
1143 | if (!cmd) { | 1179 | if (!cmd) { |
1144 | err = -ENOMEM; | 1180 | err = -ENOMEM; |
@@ -1147,7 +1183,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, | |||
1147 | 1183 | ||
1148 | bacpy(&reply.bdaddr, &cp->bdaddr); | 1184 | bacpy(&reply.bdaddr, &cp->bdaddr); |
1149 | reply.pin_len = cp->pin_len; | 1185 | reply.pin_len = cp->pin_len; |
1150 | memcpy(reply.pin_code, cp->pin_code, 16); | 1186 | memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); |
1151 | 1187 | ||
1152 | err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); | 1188 | err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); |
1153 | if (err < 0) | 1189 | if (err < 0) |
@@ -1165,7 +1201,6 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, | |||
1165 | { | 1201 | { |
1166 | struct hci_dev *hdev; | 1202 | struct hci_dev *hdev; |
1167 | struct mgmt_cp_pin_code_neg_reply *cp; | 1203 | struct mgmt_cp_pin_code_neg_reply *cp; |
1168 | struct pending_cmd *cmd; | ||
1169 | int err; | 1204 | int err; |
1170 | 1205 | ||
1171 | BT_DBG(""); | 1206 | BT_DBG(""); |
@@ -1189,17 +1224,7 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, | |||
1189 | goto failed; | 1224 | goto failed; |
1190 | } | 1225 | } |
1191 | 1226 | ||
1192 | cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, | 1227 | err = send_pin_code_neg_reply(sk, index, hdev, cp); |
1193 | data, len); | ||
1194 | if (!cmd) { | ||
1195 | err = -ENOMEM; | ||
1196 | goto failed; | ||
1197 | } | ||
1198 | |||
1199 | err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), | ||
1200 | &cp->bdaddr); | ||
1201 | if (err < 0) | ||
1202 | mgmt_pending_remove(cmd); | ||
1203 | 1228 | ||
1204 | failed: | 1229 | failed: |
1205 | hci_dev_unlock(hdev); | 1230 | hci_dev_unlock(hdev); |
@@ -1641,6 +1666,70 @@ failed: | |||
1641 | return err; | 1666 | return err; |
1642 | } | 1667 | } |
1643 | 1668 | ||
1669 | static int block_device(struct sock *sk, u16 index, unsigned char *data, | ||
1670 | u16 len) | ||
1671 | { | ||
1672 | struct hci_dev *hdev; | ||
1673 | struct mgmt_cp_block_device *cp; | ||
1674 | int err; | ||
1675 | |||
1676 | BT_DBG("hci%u", index); | ||
1677 | |||
1678 | cp = (void *) data; | ||
1679 | |||
1680 | if (len != sizeof(*cp)) | ||
1681 | return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, | ||
1682 | EINVAL); | ||
1683 | |||
1684 | hdev = hci_dev_get(index); | ||
1685 | if (!hdev) | ||
1686 | return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, | ||
1687 | ENODEV); | ||
1688 | |||
1689 | err = hci_blacklist_add(hdev, &cp->bdaddr); | ||
1690 | |||
1691 | if (err < 0) | ||
1692 | err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err); | ||
1693 | else | ||
1694 | err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, | ||
1695 | NULL, 0); | ||
1696 | hci_dev_put(hdev); | ||
1697 | |||
1698 | return err; | ||
1699 | } | ||
1700 | |||
1701 | static int unblock_device(struct sock *sk, u16 index, unsigned char *data, | ||
1702 | u16 len) | ||
1703 | { | ||
1704 | struct hci_dev *hdev; | ||
1705 | struct mgmt_cp_unblock_device *cp; | ||
1706 | int err; | ||
1707 | |||
1708 | BT_DBG("hci%u", index); | ||
1709 | |||
1710 | cp = (void *) data; | ||
1711 | |||
1712 | if (len != sizeof(*cp)) | ||
1713 | return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, | ||
1714 | EINVAL); | ||
1715 | |||
1716 | hdev = hci_dev_get(index); | ||
1717 | if (!hdev) | ||
1718 | return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, | ||
1719 | ENODEV); | ||
1720 | |||
1721 | err = hci_blacklist_del(hdev, &cp->bdaddr); | ||
1722 | |||
1723 | if (err < 0) | ||
1724 | err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err); | ||
1725 | else | ||
1726 | err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, | ||
1727 | NULL, 0); | ||
1728 | hci_dev_put(hdev); | ||
1729 | |||
1730 | return err; | ||
1731 | } | ||
1732 | |||
1644 | int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) | 1733 | int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) |
1645 | { | 1734 | { |
1646 | unsigned char *buf; | 1735 | unsigned char *buf; |
@@ -1755,6 +1844,12 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) | |||
1755 | case MGMT_OP_STOP_DISCOVERY: | 1844 | case MGMT_OP_STOP_DISCOVERY: |
1756 | err = stop_discovery(sk, index); | 1845 | err = stop_discovery(sk, index); |
1757 | break; | 1846 | break; |
1847 | case MGMT_OP_BLOCK_DEVICE: | ||
1848 | err = block_device(sk, index, buf + sizeof(*hdr), len); | ||
1849 | break; | ||
1850 | case MGMT_OP_UNBLOCK_DEVICE: | ||
1851 | err = unblock_device(sk, index, buf + sizeof(*hdr), len); | ||
1852 | break; | ||
1758 | default: | 1853 | default: |
1759 | BT_DBG("Unknown op %u", opcode); | 1854 | BT_DBG("Unknown op %u", opcode); |
1760 | err = cmd_status(sk, index, opcode, 0x01); | 1855 | err = cmd_status(sk, index, opcode, 0x01); |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 1b10727ce523..8f01e6b11a70 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -679,7 +679,8 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c | |||
679 | { | 679 | { |
680 | struct sock *sk = sock->sk; | 680 | struct sock *sk = sock->sk; |
681 | struct bt_security sec; | 681 | struct bt_security sec; |
682 | int len, err = 0; | 682 | int err = 0; |
683 | size_t len; | ||
683 | u32 opt; | 684 | u32 opt; |
684 | 685 | ||
685 | BT_DBG("sk %p", sk); | 686 | BT_DBG("sk %p", sk); |
@@ -741,7 +742,6 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c | |||
741 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) | 742 | static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen) |
742 | { | 743 | { |
743 | struct sock *sk = sock->sk; | 744 | struct sock *sk = sock->sk; |
744 | struct sock *l2cap_sk; | ||
745 | struct rfcomm_conninfo cinfo; | 745 | struct rfcomm_conninfo cinfo; |
746 | struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; | 746 | struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn; |
747 | int len, err = 0; | 747 | int len, err = 0; |
@@ -786,8 +786,6 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u | |||
786 | break; | 786 | break; |
787 | } | 787 | } |
788 | 788 | ||
789 | l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk; | ||
790 | |||
791 | memset(&cinfo, 0, sizeof(cinfo)); | 789 | memset(&cinfo, 0, sizeof(cinfo)); |
792 | cinfo.hci_handle = conn->hcon->handle; | 790 | cinfo.hci_handle = conn->hcon->handle; |
793 | memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); | 791 | memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c new file mode 100644 index 000000000000..a36f8707d964 --- /dev/null +++ b/net/bluetooth/smp.c | |||
@@ -0,0 +1,534 @@ | |||
1 | /* | ||
2 | BlueZ - Bluetooth protocol stack for Linux | ||
3 | Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies). | ||
4 | |||
5 | This program is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License version 2 as | ||
7 | published by the Free Software Foundation; | ||
8 | |||
9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | ||
10 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
11 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | ||
12 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | ||
13 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES | ||
14 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
15 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
16 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
17 | |||
18 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, | ||
19 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | ||
20 | SOFTWARE IS DISCLAIMED. | ||
21 | */ | ||
22 | |||
23 | #include <net/bluetooth/bluetooth.h> | ||
24 | #include <net/bluetooth/hci_core.h> | ||
25 | #include <net/bluetooth/l2cap.h> | ||
26 | #include <net/bluetooth/smp.h> | ||
27 | #include <linux/crypto.h> | ||
28 | #include <linux/scatterlist.h> | ||
29 | #include <crypto/b128ops.h> | ||
30 | |||
31 | #define SMP_TIMEOUT 30000 /* 30 seconds */ | ||
32 | |||
33 | static inline void swap128(u8 src[16], u8 dst[16]) | ||
34 | { | ||
35 | int i; | ||
36 | for (i = 0; i < 16; i++) | ||
37 | dst[15 - i] = src[i]; | ||
38 | } | ||
39 | |||
40 | static inline void swap56(u8 src[7], u8 dst[7]) | ||
41 | { | ||
42 | int i; | ||
43 | for (i = 0; i < 7; i++) | ||
44 | dst[6 - i] = src[i]; | ||
45 | } | ||
46 | |||
47 | static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) | ||
48 | { | ||
49 | struct blkcipher_desc desc; | ||
50 | struct scatterlist sg; | ||
51 | int err, iv_len; | ||
52 | unsigned char iv[128]; | ||
53 | |||
54 | if (tfm == NULL) { | ||
55 | BT_ERR("tfm %p", tfm); | ||
56 | return -EINVAL; | ||
57 | } | ||
58 | |||
59 | desc.tfm = tfm; | ||
60 | desc.flags = 0; | ||
61 | |||
62 | err = crypto_blkcipher_setkey(tfm, k, 16); | ||
63 | if (err) { | ||
64 | BT_ERR("cipher setkey failed: %d", err); | ||
65 | return err; | ||
66 | } | ||
67 | |||
68 | sg_init_one(&sg, r, 16); | ||
69 | |||
70 | iv_len = crypto_blkcipher_ivsize(tfm); | ||
71 | if (iv_len) { | ||
72 | memset(&iv, 0xff, iv_len); | ||
73 | crypto_blkcipher_set_iv(tfm, iv, iv_len); | ||
74 | } | ||
75 | |||
76 | err = crypto_blkcipher_encrypt(&desc, &sg, &sg, 16); | ||
77 | if (err) | ||
78 | BT_ERR("Encrypt data error %d", err); | ||
79 | |||
80 | return err; | ||
81 | } | ||
82 | |||
83 | static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], | ||
84 | u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, | ||
85 | u8 _rat, bdaddr_t *ra, u8 res[16]) | ||
86 | { | ||
87 | u8 p1[16], p2[16]; | ||
88 | int err; | ||
89 | |||
90 | memset(p1, 0, 16); | ||
91 | |||
92 | /* p1 = pres || preq || _rat || _iat */ | ||
93 | swap56(pres, p1); | ||
94 | swap56(preq, p1 + 7); | ||
95 | p1[14] = _rat; | ||
96 | p1[15] = _iat; | ||
97 | |||
98 | memset(p2, 0, 16); | ||
99 | |||
100 | /* p2 = padding || ia || ra */ | ||
101 | baswap((bdaddr_t *) (p2 + 4), ia); | ||
102 | baswap((bdaddr_t *) (p2 + 10), ra); | ||
103 | |||
104 | /* res = r XOR p1 */ | ||
105 | u128_xor((u128 *) res, (u128 *) r, (u128 *) p1); | ||
106 | |||
107 | /* res = e(k, res) */ | ||
108 | err = smp_e(tfm, k, res); | ||
109 | if (err) { | ||
110 | BT_ERR("Encrypt data error"); | ||
111 | return err; | ||
112 | } | ||
113 | |||
114 | /* res = res XOR p2 */ | ||
115 | u128_xor((u128 *) res, (u128 *) res, (u128 *) p2); | ||
116 | |||
117 | /* res = e(k, res) */ | ||
118 | err = smp_e(tfm, k, res); | ||
119 | if (err) | ||
120 | BT_ERR("Encrypt data error"); | ||
121 | |||
122 | return err; | ||
123 | } | ||
124 | |||
125 | static int smp_s1(struct crypto_blkcipher *tfm, u8 k[16], | ||
126 | u8 r1[16], u8 r2[16], u8 _r[16]) | ||
127 | { | ||
128 | int err; | ||
129 | |||
130 | /* Just least significant octets from r1 and r2 are considered */ | ||
131 | memcpy(_r, r1 + 8, 8); | ||
132 | memcpy(_r + 8, r2 + 8, 8); | ||
133 | |||
134 | err = smp_e(tfm, k, _r); | ||
135 | if (err) | ||
136 | BT_ERR("Encrypt data error"); | ||
137 | |||
138 | return err; | ||
139 | } | ||
140 | |||
141 | static int smp_rand(u8 *buf) | ||
142 | { | ||
143 | get_random_bytes(buf, 16); | ||
144 | |||
145 | return 0; | ||
146 | } | ||
147 | |||
148 | static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code, | ||
149 | u16 dlen, void *data) | ||
150 | { | ||
151 | struct sk_buff *skb; | ||
152 | struct l2cap_hdr *lh; | ||
153 | int len; | ||
154 | |||
155 | len = L2CAP_HDR_SIZE + sizeof(code) + dlen; | ||
156 | |||
157 | if (len > conn->mtu) | ||
158 | return NULL; | ||
159 | |||
160 | skb = bt_skb_alloc(len, GFP_ATOMIC); | ||
161 | if (!skb) | ||
162 | return NULL; | ||
163 | |||
164 | lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE); | ||
165 | lh->len = cpu_to_le16(sizeof(code) + dlen); | ||
166 | lh->cid = cpu_to_le16(L2CAP_CID_SMP); | ||
167 | |||
168 | memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code)); | ||
169 | |||
170 | memcpy(skb_put(skb, dlen), data, dlen); | ||
171 | |||
172 | return skb; | ||
173 | } | ||
174 | |||
175 | static void smp_send_cmd(struct l2cap_conn *conn, u8 code, u16 len, void *data) | ||
176 | { | ||
177 | struct sk_buff *skb = smp_build_cmd(conn, code, len, data); | ||
178 | |||
179 | BT_DBG("code 0x%2.2x", code); | ||
180 | |||
181 | if (!skb) | ||
182 | return; | ||
183 | |||
184 | hci_send_acl(conn->hcon, skb, 0); | ||
185 | } | ||
186 | |||
187 | static __u8 seclevel_to_authreq(__u8 level) | ||
188 | { | ||
189 | switch (level) { | ||
190 | case BT_SECURITY_HIGH: | ||
191 | /* Right now we don't support bonding */ | ||
192 | return SMP_AUTH_MITM; | ||
193 | |||
194 | default: | ||
195 | return SMP_AUTH_NONE; | ||
196 | } | ||
197 | } | ||
198 | |||
199 | static void build_pairing_cmd(struct l2cap_conn *conn, | ||
200 | struct smp_cmd_pairing *cmd, __u8 authreq) | ||
201 | { | ||
202 | cmd->io_capability = conn->hcon->io_capability; | ||
203 | cmd->oob_flag = SMP_OOB_NOT_PRESENT; | ||
204 | cmd->max_key_size = SMP_MAX_ENC_KEY_SIZE; | ||
205 | cmd->init_key_dist = 0x00; | ||
206 | cmd->resp_key_dist = 0x00; | ||
207 | cmd->auth_req = authreq; | ||
208 | } | ||
209 | |||
210 | static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) | ||
211 | { | ||
212 | if ((max_key_size > SMP_MAX_ENC_KEY_SIZE) || | ||
213 | (max_key_size < SMP_MIN_ENC_KEY_SIZE)) | ||
214 | return SMP_ENC_KEY_SIZE; | ||
215 | |||
216 | conn->smp_key_size = max_key_size; | ||
217 | |||
218 | return 0; | ||
219 | } | ||
220 | |||
221 | static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | ||
222 | { | ||
223 | struct smp_cmd_pairing rsp, *req = (void *) skb->data; | ||
224 | u8 key_size; | ||
225 | |||
226 | BT_DBG("conn %p", conn); | ||
227 | |||
228 | conn->preq[0] = SMP_CMD_PAIRING_REQ; | ||
229 | memcpy(&conn->preq[1], req, sizeof(*req)); | ||
230 | skb_pull(skb, sizeof(*req)); | ||
231 | |||
232 | if (req->oob_flag) | ||
233 | return SMP_OOB_NOT_AVAIL; | ||
234 | |||
235 | /* We didn't start the pairing, so no requirements */ | ||
236 | build_pairing_cmd(conn, &rsp, SMP_AUTH_NONE); | ||
237 | |||
238 | key_size = min(req->max_key_size, rsp.max_key_size); | ||
239 | if (check_enc_key_size(conn, key_size)) | ||
240 | return SMP_ENC_KEY_SIZE; | ||
241 | |||
242 | /* Just works */ | ||
243 | memset(conn->tk, 0, sizeof(conn->tk)); | ||
244 | |||
245 | conn->prsp[0] = SMP_CMD_PAIRING_RSP; | ||
246 | memcpy(&conn->prsp[1], &rsp, sizeof(rsp)); | ||
247 | |||
248 | smp_send_cmd(conn, SMP_CMD_PAIRING_RSP, sizeof(rsp), &rsp); | ||
249 | |||
250 | mod_timer(&conn->security_timer, jiffies + | ||
251 | msecs_to_jiffies(SMP_TIMEOUT)); | ||
252 | |||
253 | return 0; | ||
254 | } | ||
255 | |||
256 | static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) | ||
257 | { | ||
258 | struct smp_cmd_pairing *req, *rsp = (void *) skb->data; | ||
259 | struct smp_cmd_pairing_confirm cp; | ||
260 | struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm; | ||
261 | int ret; | ||
262 | u8 res[16], key_size; | ||
263 | |||
264 | BT_DBG("conn %p", conn); | ||
265 | |||
266 | skb_pull(skb, sizeof(*rsp)); | ||
267 | |||
268 | req = (void *) &conn->preq[1]; | ||
269 | |||
270 | key_size = min(req->max_key_size, rsp->max_key_size); | ||
271 | if (check_enc_key_size(conn, key_size)) | ||
272 | return SMP_ENC_KEY_SIZE; | ||
273 | |||
274 | if (rsp->oob_flag) | ||
275 | return SMP_OOB_NOT_AVAIL; | ||
276 | |||
277 | /* Just works */ | ||
278 | memset(conn->tk, 0, sizeof(conn->tk)); | ||
279 | |||
280 | conn->prsp[0] = SMP_CMD_PAIRING_RSP; | ||
281 | memcpy(&conn->prsp[1], rsp, sizeof(*rsp)); | ||
282 | |||
283 | ret = smp_rand(conn->prnd); | ||
284 | if (ret) | ||
285 | return SMP_UNSPECIFIED; | ||
286 | |||
287 | ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, 0, | ||
288 | conn->src, conn->hcon->dst_type, conn->dst, res); | ||
289 | if (ret) | ||
290 | return SMP_UNSPECIFIED; | ||
291 | |||
292 | swap128(res, cp.confirm_val); | ||
293 | |||
294 | smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); | ||
295 | |||
296 | return 0; | ||
297 | } | ||
298 | |||
299 | static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) | ||
300 | { | ||
301 | struct crypto_blkcipher *tfm = conn->hcon->hdev->tfm; | ||
302 | |||
303 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); | ||
304 | |||
305 | memcpy(conn->pcnf, skb->data, sizeof(conn->pcnf)); | ||
306 | skb_pull(skb, sizeof(conn->pcnf)); | ||
307 | |||
308 | if (conn->hcon->out) { | ||
309 | u8 random[16]; | ||
310 | |||
311 | swap128(conn->prnd, random); | ||
312 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(random), | ||
313 | random); | ||
314 | } else { | ||
315 | struct smp_cmd_pairing_confirm cp; | ||
316 | int ret; | ||
317 | u8 res[16]; | ||
318 | |||
319 | ret = smp_rand(conn->prnd); | ||
320 | if (ret) | ||
321 | return SMP_UNSPECIFIED; | ||
322 | |||
323 | ret = smp_c1(tfm, conn->tk, conn->prnd, conn->preq, conn->prsp, | ||
324 | conn->hcon->dst_type, conn->dst, | ||
325 | 0, conn->src, res); | ||
326 | if (ret) | ||
327 | return SMP_CONFIRM_FAILED; | ||
328 | |||
329 | swap128(res, cp.confirm_val); | ||
330 | |||
331 | smp_send_cmd(conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp); | ||
332 | } | ||
333 | |||
334 | mod_timer(&conn->security_timer, jiffies + | ||
335 | msecs_to_jiffies(SMP_TIMEOUT)); | ||
336 | |||
337 | return 0; | ||
338 | } | ||
339 | |||
340 | static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) | ||
341 | { | ||
342 | struct hci_conn *hcon = conn->hcon; | ||
343 | struct crypto_blkcipher *tfm = hcon->hdev->tfm; | ||
344 | int ret; | ||
345 | u8 key[16], res[16], random[16], confirm[16]; | ||
346 | |||
347 | swap128(skb->data, random); | ||
348 | skb_pull(skb, sizeof(random)); | ||
349 | |||
350 | memset(hcon->ltk, 0, sizeof(hcon->ltk)); | ||
351 | |||
352 | if (conn->hcon->out) | ||
353 | ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, 0, | ||
354 | conn->src, conn->hcon->dst_type, conn->dst, | ||
355 | res); | ||
356 | else | ||
357 | ret = smp_c1(tfm, conn->tk, random, conn->preq, conn->prsp, | ||
358 | conn->hcon->dst_type, conn->dst, 0, conn->src, | ||
359 | res); | ||
360 | if (ret) | ||
361 | return SMP_UNSPECIFIED; | ||
362 | |||
363 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); | ||
364 | |||
365 | swap128(res, confirm); | ||
366 | |||
367 | if (memcmp(conn->pcnf, confirm, sizeof(conn->pcnf)) != 0) { | ||
368 | BT_ERR("Pairing failed (confirmation values mismatch)"); | ||
369 | return SMP_CONFIRM_FAILED; | ||
370 | } | ||
371 | |||
372 | if (conn->hcon->out) { | ||
373 | __le16 ediv; | ||
374 | u8 rand[8]; | ||
375 | |||
376 | smp_s1(tfm, conn->tk, random, conn->prnd, key); | ||
377 | swap128(key, hcon->ltk); | ||
378 | |||
379 | memset(hcon->ltk + conn->smp_key_size, 0, | ||
380 | SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); | ||
381 | |||
382 | memset(rand, 0, sizeof(rand)); | ||
383 | ediv = 0; | ||
384 | hci_le_start_enc(hcon, ediv, rand, hcon->ltk); | ||
385 | } else { | ||
386 | u8 r[16]; | ||
387 | |||
388 | swap128(conn->prnd, r); | ||
389 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); | ||
390 | |||
391 | smp_s1(tfm, conn->tk, conn->prnd, random, key); | ||
392 | swap128(key, hcon->ltk); | ||
393 | |||
394 | memset(hcon->ltk + conn->smp_key_size, 0, | ||
395 | SMP_MAX_ENC_KEY_SIZE - conn->smp_key_size); | ||
396 | } | ||
397 | |||
398 | return 0; | ||
399 | } | ||
400 | |||
401 | static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | ||
402 | { | ||
403 | struct smp_cmd_security_req *rp = (void *) skb->data; | ||
404 | struct smp_cmd_pairing cp; | ||
405 | struct hci_conn *hcon = conn->hcon; | ||
406 | |||
407 | BT_DBG("conn %p", conn); | ||
408 | |||
409 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) | ||
410 | return 0; | ||
411 | |||
412 | skb_pull(skb, sizeof(*rp)); | ||
413 | |||
414 | memset(&cp, 0, sizeof(cp)); | ||
415 | build_pairing_cmd(conn, &cp, rp->auth_req); | ||
416 | |||
417 | conn->preq[0] = SMP_CMD_PAIRING_REQ; | ||
418 | memcpy(&conn->preq[1], &cp, sizeof(cp)); | ||
419 | |||
420 | smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); | ||
421 | |||
422 | mod_timer(&conn->security_timer, jiffies + | ||
423 | msecs_to_jiffies(SMP_TIMEOUT)); | ||
424 | |||
425 | set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend); | ||
426 | |||
427 | return 0; | ||
428 | } | ||
429 | |||
430 | int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level) | ||
431 | { | ||
432 | struct hci_conn *hcon = conn->hcon; | ||
433 | __u8 authreq; | ||
434 | |||
435 | BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); | ||
436 | |||
437 | if (IS_ERR(hcon->hdev->tfm)) | ||
438 | return 1; | ||
439 | |||
440 | if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend)) | ||
441 | return 0; | ||
442 | |||
443 | if (sec_level == BT_SECURITY_LOW) | ||
444 | return 1; | ||
445 | |||
446 | if (hcon->sec_level >= sec_level) | ||
447 | return 1; | ||
448 | |||
449 | authreq = seclevel_to_authreq(sec_level); | ||
450 | |||
451 | if (hcon->link_mode & HCI_LM_MASTER) { | ||
452 | struct smp_cmd_pairing cp; | ||
453 | |||
454 | build_pairing_cmd(conn, &cp, authreq); | ||
455 | conn->preq[0] = SMP_CMD_PAIRING_REQ; | ||
456 | memcpy(&conn->preq[1], &cp, sizeof(cp)); | ||
457 | |||
458 | mod_timer(&conn->security_timer, jiffies + | ||
459 | msecs_to_jiffies(SMP_TIMEOUT)); | ||
460 | |||
461 | smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp); | ||
462 | } else { | ||
463 | struct smp_cmd_security_req cp; | ||
464 | cp.auth_req = authreq; | ||
465 | smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp); | ||
466 | } | ||
467 | |||
468 | hcon->pending_sec_level = sec_level; | ||
469 | set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend); | ||
470 | |||
471 | return 0; | ||
472 | } | ||
473 | |||
474 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) | ||
475 | { | ||
476 | __u8 code = skb->data[0]; | ||
477 | __u8 reason; | ||
478 | int err = 0; | ||
479 | |||
480 | if (IS_ERR(conn->hcon->hdev->tfm)) { | ||
481 | err = PTR_ERR(conn->hcon->hdev->tfm); | ||
482 | reason = SMP_PAIRING_NOTSUPP; | ||
483 | goto done; | ||
484 | } | ||
485 | |||
486 | skb_pull(skb, sizeof(code)); | ||
487 | |||
488 | switch (code) { | ||
489 | case SMP_CMD_PAIRING_REQ: | ||
490 | reason = smp_cmd_pairing_req(conn, skb); | ||
491 | break; | ||
492 | |||
493 | case SMP_CMD_PAIRING_FAIL: | ||
494 | reason = 0; | ||
495 | err = -EPERM; | ||
496 | break; | ||
497 | |||
498 | case SMP_CMD_PAIRING_RSP: | ||
499 | reason = smp_cmd_pairing_rsp(conn, skb); | ||
500 | break; | ||
501 | |||
502 | case SMP_CMD_SECURITY_REQ: | ||
503 | reason = smp_cmd_security_req(conn, skb); | ||
504 | break; | ||
505 | |||
506 | case SMP_CMD_PAIRING_CONFIRM: | ||
507 | reason = smp_cmd_pairing_confirm(conn, skb); | ||
508 | break; | ||
509 | |||
510 | case SMP_CMD_PAIRING_RANDOM: | ||
511 | reason = smp_cmd_pairing_random(conn, skb); | ||
512 | break; | ||
513 | |||
514 | case SMP_CMD_ENCRYPT_INFO: | ||
515 | case SMP_CMD_MASTER_IDENT: | ||
516 | case SMP_CMD_IDENT_INFO: | ||
517 | case SMP_CMD_IDENT_ADDR_INFO: | ||
518 | case SMP_CMD_SIGN_INFO: | ||
519 | default: | ||
520 | BT_DBG("Unknown command code 0x%2.2x", code); | ||
521 | |||
522 | reason = SMP_CMD_NOTSUPP; | ||
523 | err = -EOPNOTSUPP; | ||
524 | goto done; | ||
525 | } | ||
526 | |||
527 | done: | ||
528 | if (reason) | ||
529 | smp_send_cmd(conn, SMP_CMD_PAIRING_FAIL, sizeof(reason), | ||
530 | &reason); | ||
531 | |||
532 | kfree_skb(skb); | ||
533 | return err; | ||
534 | } | ||
diff --git a/net/core/sock.c b/net/core/sock.c index 6e819780c232..84d6de809352 100644 --- a/net/core/sock.c +++ b/net/core/sock.c | |||
@@ -158,7 +158,7 @@ static const char *const af_family_key_strings[AF_MAX+1] = { | |||
158 | "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" , | 158 | "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" , |
159 | "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" , | 159 | "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" , |
160 | "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" , | 160 | "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" , |
161 | "sk_lock-AF_MAX" | 161 | "sk_lock-AF_NFC" , "sk_lock-AF_MAX" |
162 | }; | 162 | }; |
163 | static const char *const af_family_slock_key_strings[AF_MAX+1] = { | 163 | static const char *const af_family_slock_key_strings[AF_MAX+1] = { |
164 | "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" , | 164 | "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" , |
@@ -174,7 +174,7 @@ static const char *const af_family_slock_key_strings[AF_MAX+1] = { | |||
174 | "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" , | 174 | "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" , |
175 | "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" , | 175 | "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" , |
176 | "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" , | 176 | "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" , |
177 | "slock-AF_MAX" | 177 | "slock-AF_NFC" , "slock-AF_MAX" |
178 | }; | 178 | }; |
179 | static const char *const af_family_clock_key_strings[AF_MAX+1] = { | 179 | static const char *const af_family_clock_key_strings[AF_MAX+1] = { |
180 | "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" , | 180 | "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" , |
@@ -190,7 +190,7 @@ static const char *const af_family_clock_key_strings[AF_MAX+1] = { | |||
190 | "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , | 190 | "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , |
191 | "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" , | 191 | "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" , |
192 | "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" , | 192 | "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" , |
193 | "clock-AF_MAX" | 193 | "clock-AF_NFC" , "clock-AF_MAX" |
194 | }; | 194 | }; |
195 | 195 | ||
196 | /* | 196 | /* |
diff --git a/net/mac80211/aes_ccm.c b/net/mac80211/aes_ccm.c index b9b595c08112..0785e95c9924 100644 --- a/net/mac80211/aes_ccm.c +++ b/net/mac80211/aes_ccm.c | |||
@@ -11,6 +11,7 @@ | |||
11 | #include <linux/types.h> | 11 | #include <linux/types.h> |
12 | #include <linux/crypto.h> | 12 | #include <linux/crypto.h> |
13 | #include <linux/err.h> | 13 | #include <linux/err.h> |
14 | #include <crypto/aes.h> | ||
14 | 15 | ||
15 | #include <net/mac80211.h> | 16 | #include <net/mac80211.h> |
16 | #include "key.h" | 17 | #include "key.h" |
@@ -21,21 +22,21 @@ static void aes_ccm_prepare(struct crypto_cipher *tfm, u8 *scratch, u8 *a) | |||
21 | int i; | 22 | int i; |
22 | u8 *b_0, *aad, *b, *s_0; | 23 | u8 *b_0, *aad, *b, *s_0; |
23 | 24 | ||
24 | b_0 = scratch + 3 * AES_BLOCK_LEN; | 25 | b_0 = scratch + 3 * AES_BLOCK_SIZE; |
25 | aad = scratch + 4 * AES_BLOCK_LEN; | 26 | aad = scratch + 4 * AES_BLOCK_SIZE; |
26 | b = scratch; | 27 | b = scratch; |
27 | s_0 = scratch + AES_BLOCK_LEN; | 28 | s_0 = scratch + AES_BLOCK_SIZE; |
28 | 29 | ||
29 | crypto_cipher_encrypt_one(tfm, b, b_0); | 30 | crypto_cipher_encrypt_one(tfm, b, b_0); |
30 | 31 | ||
31 | /* Extra Authenticate-only data (always two AES blocks) */ | 32 | /* Extra Authenticate-only data (always two AES blocks) */ |
32 | for (i = 0; i < AES_BLOCK_LEN; i++) | 33 | for (i = 0; i < AES_BLOCK_SIZE; i++) |
33 | aad[i] ^= b[i]; | 34 | aad[i] ^= b[i]; |
34 | crypto_cipher_encrypt_one(tfm, b, aad); | 35 | crypto_cipher_encrypt_one(tfm, b, aad); |
35 | 36 | ||
36 | aad += AES_BLOCK_LEN; | 37 | aad += AES_BLOCK_SIZE; |
37 | 38 | ||
38 | for (i = 0; i < AES_BLOCK_LEN; i++) | 39 | for (i = 0; i < AES_BLOCK_SIZE; i++) |
39 | aad[i] ^= b[i]; | 40 | aad[i] ^= b[i]; |
40 | crypto_cipher_encrypt_one(tfm, a, aad); | 41 | crypto_cipher_encrypt_one(tfm, a, aad); |
41 | 42 | ||
@@ -57,12 +58,12 @@ void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, | |||
57 | u8 *pos, *cpos, *b, *s_0, *e, *b_0; | 58 | u8 *pos, *cpos, *b, *s_0, *e, *b_0; |
58 | 59 | ||
59 | b = scratch; | 60 | b = scratch; |
60 | s_0 = scratch + AES_BLOCK_LEN; | 61 | s_0 = scratch + AES_BLOCK_SIZE; |
61 | e = scratch + 2 * AES_BLOCK_LEN; | 62 | e = scratch + 2 * AES_BLOCK_SIZE; |
62 | b_0 = scratch + 3 * AES_BLOCK_LEN; | 63 | b_0 = scratch + 3 * AES_BLOCK_SIZE; |
63 | 64 | ||
64 | num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); | 65 | num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE); |
65 | last_len = data_len % AES_BLOCK_LEN; | 66 | last_len = data_len % AES_BLOCK_SIZE; |
66 | aes_ccm_prepare(tfm, scratch, b); | 67 | aes_ccm_prepare(tfm, scratch, b); |
67 | 68 | ||
68 | /* Process payload blocks */ | 69 | /* Process payload blocks */ |
@@ -70,7 +71,7 @@ void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, | |||
70 | cpos = cdata; | 71 | cpos = cdata; |
71 | for (j = 1; j <= num_blocks; j++) { | 72 | for (j = 1; j <= num_blocks; j++) { |
72 | int blen = (j == num_blocks && last_len) ? | 73 | int blen = (j == num_blocks && last_len) ? |
73 | last_len : AES_BLOCK_LEN; | 74 | last_len : AES_BLOCK_SIZE; |
74 | 75 | ||
75 | /* Authentication followed by encryption */ | 76 | /* Authentication followed by encryption */ |
76 | for (i = 0; i < blen; i++) | 77 | for (i = 0; i < blen; i++) |
@@ -96,12 +97,12 @@ int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch, | |||
96 | u8 *pos, *cpos, *b, *s_0, *a, *b_0; | 97 | u8 *pos, *cpos, *b, *s_0, *a, *b_0; |
97 | 98 | ||
98 | b = scratch; | 99 | b = scratch; |
99 | s_0 = scratch + AES_BLOCK_LEN; | 100 | s_0 = scratch + AES_BLOCK_SIZE; |
100 | a = scratch + 2 * AES_BLOCK_LEN; | 101 | a = scratch + 2 * AES_BLOCK_SIZE; |
101 | b_0 = scratch + 3 * AES_BLOCK_LEN; | 102 | b_0 = scratch + 3 * AES_BLOCK_SIZE; |
102 | 103 | ||
103 | num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); | 104 | num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_SIZE); |
104 | last_len = data_len % AES_BLOCK_LEN; | 105 | last_len = data_len % AES_BLOCK_SIZE; |
105 | aes_ccm_prepare(tfm, scratch, a); | 106 | aes_ccm_prepare(tfm, scratch, a); |
106 | 107 | ||
107 | /* Process payload blocks */ | 108 | /* Process payload blocks */ |
@@ -109,7 +110,7 @@ int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch, | |||
109 | pos = data; | 110 | pos = data; |
110 | for (j = 1; j <= num_blocks; j++) { | 111 | for (j = 1; j <= num_blocks; j++) { |
111 | int blen = (j == num_blocks && last_len) ? | 112 | int blen = (j == num_blocks && last_len) ? |
112 | last_len : AES_BLOCK_LEN; | 113 | last_len : AES_BLOCK_SIZE; |
113 | 114 | ||
114 | /* Decryption followed by authentication */ | 115 | /* Decryption followed by authentication */ |
115 | b_0[14] = (j >> 8) & 0xff; | 116 | b_0[14] = (j >> 8) & 0xff; |
diff --git a/net/mac80211/aes_ccm.h b/net/mac80211/aes_ccm.h index 6e7820ef3448..5b7d744e2370 100644 --- a/net/mac80211/aes_ccm.h +++ b/net/mac80211/aes_ccm.h | |||
@@ -12,8 +12,6 @@ | |||
12 | 12 | ||
13 | #include <linux/crypto.h> | 13 | #include <linux/crypto.h> |
14 | 14 | ||
15 | #define AES_BLOCK_LEN 16 | ||
16 | |||
17 | struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[]); | 15 | struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[]); |
18 | void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, | 16 | void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch, |
19 | u8 *data, size_t data_len, | 17 | u8 *data, size_t data_len, |
diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c index d502b2684a66..8dfd70d8fcfb 100644 --- a/net/mac80211/aes_cmac.c +++ b/net/mac80211/aes_cmac.c | |||
@@ -11,12 +11,12 @@ | |||
11 | #include <linux/types.h> | 11 | #include <linux/types.h> |
12 | #include <linux/crypto.h> | 12 | #include <linux/crypto.h> |
13 | #include <linux/err.h> | 13 | #include <linux/err.h> |
14 | #include <crypto/aes.h> | ||
14 | 15 | ||
15 | #include <net/mac80211.h> | 16 | #include <net/mac80211.h> |
16 | #include "key.h" | 17 | #include "key.h" |
17 | #include "aes_cmac.h" | 18 | #include "aes_cmac.h" |
18 | 19 | ||
19 | #define AES_BLOCK_SIZE 16 | ||
20 | #define AES_CMAC_KEY_LEN 16 | 20 | #define AES_CMAC_KEY_LEN 16 |
21 | #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */ | 21 | #define CMAC_TLEN 8 /* CMAC TLen = 64 bits (8 octets) */ |
22 | #define AAD_LEN 20 | 22 | #define AAD_LEN 20 |
@@ -35,10 +35,10 @@ static void gf_mulx(u8 *pad) | |||
35 | } | 35 | } |
36 | 36 | ||
37 | 37 | ||
38 | static void aes_128_cmac_vector(struct crypto_cipher *tfm, u8 *scratch, | 38 | static void aes_128_cmac_vector(struct crypto_cipher *tfm, size_t num_elem, |
39 | size_t num_elem, | ||
40 | const u8 *addr[], const size_t *len, u8 *mac) | 39 | const u8 *addr[], const size_t *len, u8 *mac) |
41 | { | 40 | { |
41 | u8 scratch[2 * AES_BLOCK_SIZE]; | ||
42 | u8 *cbc, *pad; | 42 | u8 *cbc, *pad; |
43 | const u8 *pos, *end; | 43 | const u8 *pos, *end; |
44 | size_t i, e, left, total_len; | 44 | size_t i, e, left, total_len; |
@@ -95,7 +95,7 @@ static void aes_128_cmac_vector(struct crypto_cipher *tfm, u8 *scratch, | |||
95 | } | 95 | } |
96 | 96 | ||
97 | 97 | ||
98 | void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad, | 98 | void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad, |
99 | const u8 *data, size_t data_len, u8 *mic) | 99 | const u8 *data, size_t data_len, u8 *mic) |
100 | { | 100 | { |
101 | const u8 *addr[3]; | 101 | const u8 *addr[3]; |
@@ -110,7 +110,7 @@ void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad, | |||
110 | addr[2] = zero; | 110 | addr[2] = zero; |
111 | len[2] = CMAC_TLEN; | 111 | len[2] = CMAC_TLEN; |
112 | 112 | ||
113 | aes_128_cmac_vector(tfm, scratch, 3, addr, len, mic); | 113 | aes_128_cmac_vector(tfm, 3, addr, len, mic); |
114 | } | 114 | } |
115 | 115 | ||
116 | 116 | ||
diff --git a/net/mac80211/aes_cmac.h b/net/mac80211/aes_cmac.h index 0eb9a4831508..20785a647254 100644 --- a/net/mac80211/aes_cmac.h +++ b/net/mac80211/aes_cmac.h | |||
@@ -12,7 +12,7 @@ | |||
12 | #include <linux/crypto.h> | 12 | #include <linux/crypto.h> |
13 | 13 | ||
14 | struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[]); | 14 | struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[]); |
15 | void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad, | 15 | void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad, |
16 | const u8 *data, size_t data_len, u8 *mic); | 16 | const u8 *data, size_t data_len, u8 *mic); |
17 | void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm); | 17 | void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm); |
18 | 18 | ||
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c index 9c0d76cdca92..ebadb9ac9a7e 100644 --- a/net/mac80211/agg-rx.c +++ b/net/mac80211/agg-rx.c | |||
@@ -100,6 +100,21 @@ void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, | |||
100 | mutex_unlock(&sta->ampdu_mlme.mtx); | 100 | mutex_unlock(&sta->ampdu_mlme.mtx); |
101 | } | 101 | } |
102 | 102 | ||
103 | void ieee80211_stop_rx_ba_session(struct ieee80211_vif *vif, u16 ba_rx_bitmap, | ||
104 | const u8 *addr) | ||
105 | { | ||
106 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); | ||
107 | struct sta_info *sta = sta_info_get(sdata, addr); | ||
108 | int i; | ||
109 | |||
110 | for (i = 0; i < STA_TID_NUM; i++) | ||
111 | if (ba_rx_bitmap & BIT(i)) | ||
112 | set_bit(i, sta->ampdu_mlme.tid_rx_stop_requested); | ||
113 | |||
114 | ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work); | ||
115 | } | ||
116 | EXPORT_SYMBOL(ieee80211_stop_rx_ba_session); | ||
117 | |||
103 | /* | 118 | /* |
104 | * After accepting the AddBA Request we activated a timer, | 119 | * After accepting the AddBA Request we activated a timer, |
105 | * resetting it after each frame that arrives from the originator. | 120 | * resetting it after each frame that arrives from the originator. |
@@ -247,7 +262,11 @@ void ieee80211_process_addba_request(struct ieee80211_local *local, | |||
247 | "%pM on tid %u\n", | 262 | "%pM on tid %u\n", |
248 | mgmt->sa, tid); | 263 | mgmt->sa, tid); |
249 | #endif /* CONFIG_MAC80211_HT_DEBUG */ | 264 | #endif /* CONFIG_MAC80211_HT_DEBUG */ |
250 | goto end; | 265 | |
266 | /* delete existing Rx BA session on the same tid */ | ||
267 | ___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, | ||
268 | WLAN_STATUS_UNSPECIFIED_QOS, | ||
269 | false); | ||
251 | } | 270 | } |
252 | 271 | ||
253 | /* prepare A-MPDU MLME for Rx aggregation */ | 272 | /* prepare A-MPDU MLME for Rx aggregation */ |
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index be70c70d3f5b..bfc36e904764 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
@@ -209,6 +209,7 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev, | |||
209 | u8 seq[6] = {0}; | 209 | u8 seq[6] = {0}; |
210 | struct key_params params; | 210 | struct key_params params; |
211 | struct ieee80211_key *key = NULL; | 211 | struct ieee80211_key *key = NULL; |
212 | u64 pn64; | ||
212 | u32 iv32; | 213 | u32 iv32; |
213 | u16 iv16; | 214 | u16 iv16; |
214 | int err = -ENOENT; | 215 | int err = -ENOENT; |
@@ -256,22 +257,24 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev, | |||
256 | params.seq_len = 6; | 257 | params.seq_len = 6; |
257 | break; | 258 | break; |
258 | case WLAN_CIPHER_SUITE_CCMP: | 259 | case WLAN_CIPHER_SUITE_CCMP: |
259 | seq[0] = key->u.ccmp.tx_pn[5]; | 260 | pn64 = atomic64_read(&key->u.ccmp.tx_pn); |
260 | seq[1] = key->u.ccmp.tx_pn[4]; | 261 | seq[0] = pn64; |
261 | seq[2] = key->u.ccmp.tx_pn[3]; | 262 | seq[1] = pn64 >> 8; |
262 | seq[3] = key->u.ccmp.tx_pn[2]; | 263 | seq[2] = pn64 >> 16; |
263 | seq[4] = key->u.ccmp.tx_pn[1]; | 264 | seq[3] = pn64 >> 24; |
264 | seq[5] = key->u.ccmp.tx_pn[0]; | 265 | seq[4] = pn64 >> 32; |
266 | seq[5] = pn64 >> 40; | ||
265 | params.seq = seq; | 267 | params.seq = seq; |
266 | params.seq_len = 6; | 268 | params.seq_len = 6; |
267 | break; | 269 | break; |
268 | case WLAN_CIPHER_SUITE_AES_CMAC: | 270 | case WLAN_CIPHER_SUITE_AES_CMAC: |
269 | seq[0] = key->u.aes_cmac.tx_pn[5]; | 271 | pn64 = atomic64_read(&key->u.aes_cmac.tx_pn); |
270 | seq[1] = key->u.aes_cmac.tx_pn[4]; | 272 | seq[0] = pn64; |
271 | seq[2] = key->u.aes_cmac.tx_pn[3]; | 273 | seq[1] = pn64 >> 8; |
272 | seq[3] = key->u.aes_cmac.tx_pn[2]; | 274 | seq[2] = pn64 >> 16; |
273 | seq[4] = key->u.aes_cmac.tx_pn[1]; | 275 | seq[3] = pn64 >> 24; |
274 | seq[5] = key->u.aes_cmac.tx_pn[0]; | 276 | seq[4] = pn64 >> 32; |
277 | seq[5] = pn64 >> 40; | ||
275 | params.seq = seq; | 278 | params.seq = seq; |
276 | params.seq_len = 6; | 279 | params.seq_len = 6; |
277 | break; | 280 | break; |
@@ -674,8 +677,11 @@ static void sta_apply_parameters(struct ieee80211_local *local, | |||
674 | 677 | ||
675 | if (mask & BIT(NL80211_STA_FLAG_WME)) { | 678 | if (mask & BIT(NL80211_STA_FLAG_WME)) { |
676 | sta->flags &= ~WLAN_STA_WME; | 679 | sta->flags &= ~WLAN_STA_WME; |
677 | if (set & BIT(NL80211_STA_FLAG_WME)) | 680 | sta->sta.wme = false; |
681 | if (set & BIT(NL80211_STA_FLAG_WME)) { | ||
678 | sta->flags |= WLAN_STA_WME; | 682 | sta->flags |= WLAN_STA_WME; |
683 | sta->sta.wme = true; | ||
684 | } | ||
679 | } | 685 | } |
680 | 686 | ||
681 | if (mask & BIT(NL80211_STA_FLAG_MFP)) { | 687 | if (mask & BIT(NL80211_STA_FLAG_MFP)) { |
@@ -1554,6 +1560,19 @@ static int ieee80211_testmode_cmd(struct wiphy *wiphy, void *data, int len) | |||
1554 | 1560 | ||
1555 | return local->ops->testmode_cmd(&local->hw, data, len); | 1561 | return local->ops->testmode_cmd(&local->hw, data, len); |
1556 | } | 1562 | } |
1563 | |||
1564 | static int ieee80211_testmode_dump(struct wiphy *wiphy, | ||
1565 | struct sk_buff *skb, | ||
1566 | struct netlink_callback *cb, | ||
1567 | void *data, int len) | ||
1568 | { | ||
1569 | struct ieee80211_local *local = wiphy_priv(wiphy); | ||
1570 | |||
1571 | if (!local->ops->testmode_dump) | ||
1572 | return -EOPNOTSUPP; | ||
1573 | |||
1574 | return local->ops->testmode_dump(&local->hw, skb, cb, data, len); | ||
1575 | } | ||
1557 | #endif | 1576 | #endif |
1558 | 1577 | ||
1559 | int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata, | 1578 | int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata, |
@@ -2085,6 +2104,21 @@ static void ieee80211_get_ringparam(struct wiphy *wiphy, | |||
2085 | drv_get_ringparam(local, tx, tx_max, rx, rx_max); | 2104 | drv_get_ringparam(local, tx, tx_max, rx, rx_max); |
2086 | } | 2105 | } |
2087 | 2106 | ||
2107 | static int ieee80211_set_rekey_data(struct wiphy *wiphy, | ||
2108 | struct net_device *dev, | ||
2109 | struct cfg80211_gtk_rekey_data *data) | ||
2110 | { | ||
2111 | struct ieee80211_local *local = wiphy_priv(wiphy); | ||
2112 | struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); | ||
2113 | |||
2114 | if (!local->ops->set_rekey_data) | ||
2115 | return -EOPNOTSUPP; | ||
2116 | |||
2117 | drv_set_rekey_data(local, sdata, data); | ||
2118 | |||
2119 | return 0; | ||
2120 | } | ||
2121 | |||
2088 | struct cfg80211_ops mac80211_config_ops = { | 2122 | struct cfg80211_ops mac80211_config_ops = { |
2089 | .add_virtual_intf = ieee80211_add_iface, | 2123 | .add_virtual_intf = ieee80211_add_iface, |
2090 | .del_virtual_intf = ieee80211_del_iface, | 2124 | .del_virtual_intf = ieee80211_del_iface, |
@@ -2134,6 +2168,7 @@ struct cfg80211_ops mac80211_config_ops = { | |||
2134 | .set_wds_peer = ieee80211_set_wds_peer, | 2168 | .set_wds_peer = ieee80211_set_wds_peer, |
2135 | .rfkill_poll = ieee80211_rfkill_poll, | 2169 | .rfkill_poll = ieee80211_rfkill_poll, |
2136 | CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd) | 2170 | CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd) |
2171 | CFG80211_TESTMODE_DUMP(ieee80211_testmode_dump) | ||
2137 | .set_power_mgmt = ieee80211_set_power_mgmt, | 2172 | .set_power_mgmt = ieee80211_set_power_mgmt, |
2138 | .set_bitrate_mask = ieee80211_set_bitrate_mask, | 2173 | .set_bitrate_mask = ieee80211_set_bitrate_mask, |
2139 | .remain_on_channel = ieee80211_remain_on_channel, | 2174 | .remain_on_channel = ieee80211_remain_on_channel, |
@@ -2146,4 +2181,5 @@ struct cfg80211_ops mac80211_config_ops = { | |||
2146 | .get_antenna = ieee80211_get_antenna, | 2181 | .get_antenna = ieee80211_get_antenna, |
2147 | .set_ringparam = ieee80211_set_ringparam, | 2182 | .set_ringparam = ieee80211_set_ringparam, |
2148 | .get_ringparam = ieee80211_get_ringparam, | 2183 | .get_ringparam = ieee80211_get_ringparam, |
2184 | .set_rekey_data = ieee80211_set_rekey_data, | ||
2149 | }; | 2185 | }; |
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c index 33c58b85c911..38e6101190d9 100644 --- a/net/mac80211/debugfs_key.c +++ b/net/mac80211/debugfs_key.c | |||
@@ -78,7 +78,7 @@ KEY_OPS(algorithm); | |||
78 | static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf, | 78 | static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf, |
79 | size_t count, loff_t *ppos) | 79 | size_t count, loff_t *ppos) |
80 | { | 80 | { |
81 | const u8 *tpn; | 81 | u64 pn; |
82 | char buf[20]; | 82 | char buf[20]; |
83 | int len; | 83 | int len; |
84 | struct ieee80211_key *key = file->private_data; | 84 | struct ieee80211_key *key = file->private_data; |
@@ -94,15 +94,16 @@ static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf, | |||
94 | key->u.tkip.tx.iv16); | 94 | key->u.tkip.tx.iv16); |
95 | break; | 95 | break; |
96 | case WLAN_CIPHER_SUITE_CCMP: | 96 | case WLAN_CIPHER_SUITE_CCMP: |
97 | tpn = key->u.ccmp.tx_pn; | 97 | pn = atomic64_read(&key->u.ccmp.tx_pn); |
98 | len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n", | 98 | len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n", |
99 | tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], tpn[5]); | 99 | (u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24), |
100 | (u8)(pn >> 16), (u8)(pn >> 8), (u8)pn); | ||
100 | break; | 101 | break; |
101 | case WLAN_CIPHER_SUITE_AES_CMAC: | 102 | case WLAN_CIPHER_SUITE_AES_CMAC: |
102 | tpn = key->u.aes_cmac.tx_pn; | 103 | pn = atomic64_read(&key->u.aes_cmac.tx_pn); |
103 | len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n", | 104 | len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n", |
104 | tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], | 105 | (u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24), |
105 | tpn[5]); | 106 | (u8)(pn >> 16), (u8)(pn >> 8), (u8)pn); |
106 | break; | 107 | break; |
107 | default: | 108 | default: |
108 | return 0; | 109 | return 0; |
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h index eebf7a67daf7..edd2dd79c9be 100644 --- a/net/mac80211/driver-ops.h +++ b/net/mac80211/driver-ops.h | |||
@@ -218,6 +218,16 @@ static inline int drv_hw_scan(struct ieee80211_local *local, | |||
218 | return ret; | 218 | return ret; |
219 | } | 219 | } |
220 | 220 | ||
221 | static inline void drv_cancel_hw_scan(struct ieee80211_local *local, | ||
222 | struct ieee80211_sub_if_data *sdata) | ||
223 | { | ||
224 | might_sleep(); | ||
225 | |||
226 | trace_drv_cancel_hw_scan(local, sdata); | ||
227 | local->ops->cancel_hw_scan(&local->hw, &sdata->vif); | ||
228 | trace_drv_return_void(local); | ||
229 | } | ||
230 | |||
221 | static inline int | 231 | static inline int |
222 | drv_sched_scan_start(struct ieee80211_local *local, | 232 | drv_sched_scan_start(struct ieee80211_local *local, |
223 | struct ieee80211_sub_if_data *sdata, | 233 | struct ieee80211_sub_if_data *sdata, |
@@ -637,4 +647,14 @@ static inline int drv_set_bitrate_mask(struct ieee80211_local *local, | |||
637 | return ret; | 647 | return ret; |
638 | } | 648 | } |
639 | 649 | ||
650 | static inline void drv_set_rekey_data(struct ieee80211_local *local, | ||
651 | struct ieee80211_sub_if_data *sdata, | ||
652 | struct cfg80211_gtk_rekey_data *data) | ||
653 | { | ||
654 | trace_drv_set_rekey_data(local, sdata, data); | ||
655 | if (local->ops->set_rekey_data) | ||
656 | local->ops->set_rekey_data(&local->hw, &sdata->vif, data); | ||
657 | trace_drv_return_void(local); | ||
658 | } | ||
659 | |||
640 | #endif /* __MAC80211_DRIVER_OPS */ | 660 | #endif /* __MAC80211_DRIVER_OPS */ |
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h index ed9edcbd9aa5..31a9dfa81f65 100644 --- a/net/mac80211/driver-trace.h +++ b/net/mac80211/driver-trace.h | |||
@@ -460,6 +460,12 @@ DEFINE_EVENT(local_sdata_evt, drv_hw_scan, | |||
460 | TP_ARGS(local, sdata) | 460 | TP_ARGS(local, sdata) |
461 | ); | 461 | ); |
462 | 462 | ||
463 | DEFINE_EVENT(local_sdata_evt, drv_cancel_hw_scan, | ||
464 | TP_PROTO(struct ieee80211_local *local, | ||
465 | struct ieee80211_sub_if_data *sdata), | ||
466 | TP_ARGS(local, sdata) | ||
467 | ); | ||
468 | |||
463 | DEFINE_EVENT(local_sdata_evt, drv_sched_scan_start, | 469 | DEFINE_EVENT(local_sdata_evt, drv_sched_scan_start, |
464 | TP_PROTO(struct ieee80211_local *local, | 470 | TP_PROTO(struct ieee80211_local *local, |
465 | struct ieee80211_sub_if_data *sdata), | 471 | struct ieee80211_sub_if_data *sdata), |
@@ -1018,6 +1024,34 @@ TRACE_EVENT(drv_set_bitrate_mask, | |||
1018 | ) | 1024 | ) |
1019 | ); | 1025 | ); |
1020 | 1026 | ||
1027 | TRACE_EVENT(drv_set_rekey_data, | ||
1028 | TP_PROTO(struct ieee80211_local *local, | ||
1029 | struct ieee80211_sub_if_data *sdata, | ||
1030 | struct cfg80211_gtk_rekey_data *data), | ||
1031 | |||
1032 | TP_ARGS(local, sdata, data), | ||
1033 | |||
1034 | TP_STRUCT__entry( | ||
1035 | LOCAL_ENTRY | ||
1036 | VIF_ENTRY | ||
1037 | __array(u8, kek, NL80211_KEK_LEN) | ||
1038 | __array(u8, kck, NL80211_KCK_LEN) | ||
1039 | __array(u8, replay_ctr, NL80211_REPLAY_CTR_LEN) | ||
1040 | ), | ||
1041 | |||
1042 | TP_fast_assign( | ||
1043 | LOCAL_ASSIGN; | ||
1044 | VIF_ASSIGN; | ||
1045 | memcpy(__entry->kek, data->kek, NL80211_KEK_LEN); | ||
1046 | memcpy(__entry->kck, data->kck, NL80211_KCK_LEN); | ||
1047 | memcpy(__entry->replay_ctr, data->replay_ctr, | ||
1048 | NL80211_REPLAY_CTR_LEN); | ||
1049 | ), | ||
1050 | |||
1051 | TP_printk(LOCAL_PR_FMT VIF_PR_FMT, | ||
1052 | LOCAL_PR_ARG, VIF_PR_ARG) | ||
1053 | ); | ||
1054 | |||
1021 | /* | 1055 | /* |
1022 | * Tracing for API calls that drivers call. | 1056 | * Tracing for API calls that drivers call. |
1023 | */ | 1057 | */ |
@@ -1287,6 +1321,27 @@ DEFINE_EVENT(local_only_evt, api_remain_on_channel_expired, | |||
1287 | TP_ARGS(local) | 1321 | TP_ARGS(local) |
1288 | ); | 1322 | ); |
1289 | 1323 | ||
1324 | TRACE_EVENT(api_gtk_rekey_notify, | ||
1325 | TP_PROTO(struct ieee80211_sub_if_data *sdata, | ||
1326 | const u8 *bssid, const u8 *replay_ctr), | ||
1327 | |||
1328 | TP_ARGS(sdata, bssid, replay_ctr), | ||
1329 | |||
1330 | TP_STRUCT__entry( | ||
1331 | VIF_ENTRY | ||
1332 | __array(u8, bssid, ETH_ALEN) | ||
1333 | __array(u8, replay_ctr, NL80211_REPLAY_CTR_LEN) | ||
1334 | ), | ||
1335 | |||
1336 | TP_fast_assign( | ||
1337 | VIF_ASSIGN; | ||
1338 | memcpy(__entry->bssid, bssid, ETH_ALEN); | ||
1339 | memcpy(__entry->replay_ctr, replay_ctr, NL80211_REPLAY_CTR_LEN); | ||
1340 | ), | ||
1341 | |||
1342 | TP_printk(VIF_PR_FMT, VIF_PR_ARG) | ||
1343 | ); | ||
1344 | |||
1290 | /* | 1345 | /* |
1291 | * Tracing for internal functions | 1346 | * Tracing for internal functions |
1292 | * (which may also be called in response to driver calls) | 1347 | * (which may also be called in response to driver calls) |
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c index 591add22bcc0..7cfc286946c0 100644 --- a/net/mac80211/ht.c +++ b/net/mac80211/ht.c | |||
@@ -140,6 +140,12 @@ void ieee80211_ba_session_work(struct work_struct *work) | |||
140 | sta, tid, WLAN_BACK_RECIPIENT, | 140 | sta, tid, WLAN_BACK_RECIPIENT, |
141 | WLAN_REASON_QSTA_TIMEOUT, true); | 141 | WLAN_REASON_QSTA_TIMEOUT, true); |
142 | 142 | ||
143 | if (test_and_clear_bit(tid, | ||
144 | sta->ampdu_mlme.tid_rx_stop_requested)) | ||
145 | ___ieee80211_stop_rx_ba_session( | ||
146 | sta, tid, WLAN_BACK_RECIPIENT, | ||
147 | WLAN_REASON_UNSPECIFIED, true); | ||
148 | |||
143 | tid_tx = sta->ampdu_mlme.tid_start_tx[tid]; | 149 | tid_tx = sta->ampdu_mlme.tid_start_tx[tid]; |
144 | if (tid_tx) { | 150 | if (tid_tx) { |
145 | /* | 151 | /* |
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 090b0ec1e056..4c7a831e7d1e 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h | |||
@@ -202,7 +202,22 @@ struct ieee80211_rx_data { | |||
202 | struct ieee80211_key *key; | 202 | struct ieee80211_key *key; |
203 | 203 | ||
204 | unsigned int flags; | 204 | unsigned int flags; |
205 | int queue; | 205 | |
206 | /* | ||
207 | * Index into sequence numbers array, 0..16 | ||
208 | * since the last (16) is used for non-QoS, | ||
209 | * will be 16 on non-QoS frames. | ||
210 | */ | ||
211 | int seqno_idx; | ||
212 | |||
213 | /* | ||
214 | * Index into the security IV/PN arrays, 0..16 | ||
215 | * since the last (16) is used for CCMP-encrypted | ||
216 | * management frames, will be set to 16 on mgmt | ||
217 | * frames and 0 on non-QoS frames. | ||
218 | */ | ||
219 | int security_idx; | ||
220 | |||
206 | u32 tkip_iv32; | 221 | u32 tkip_iv32; |
207 | u16 tkip_iv16; | 222 | u16 tkip_iv16; |
208 | }; | 223 | }; |
@@ -544,6 +559,9 @@ struct ieee80211_sub_if_data { | |||
544 | /* keys */ | 559 | /* keys */ |
545 | struct list_head key_list; | 560 | struct list_head key_list; |
546 | 561 | ||
562 | /* count for keys needing tailroom space allocation */ | ||
563 | int crypto_tx_tailroom_needed_cnt; | ||
564 | |||
547 | struct net_device *dev; | 565 | struct net_device *dev; |
548 | struct ieee80211_local *local; | 566 | struct ieee80211_local *local; |
549 | 567 | ||
@@ -1350,10 +1368,12 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, | |||
1350 | struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, | 1368 | struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, |
1351 | u8 *dst, | 1369 | u8 *dst, |
1352 | const u8 *ssid, size_t ssid_len, | 1370 | const u8 *ssid, size_t ssid_len, |
1353 | const u8 *ie, size_t ie_len); | 1371 | const u8 *ie, size_t ie_len, |
1372 | bool directed); | ||
1354 | void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, | 1373 | void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, |
1355 | const u8 *ssid, size_t ssid_len, | 1374 | const u8 *ssid, size_t ssid_len, |
1356 | const u8 *ie, size_t ie_len); | 1375 | const u8 *ie, size_t ie_len, |
1376 | bool directed); | ||
1357 | 1377 | ||
1358 | void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, | 1378 | void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, |
1359 | const size_t supp_rates_len, | 1379 | const size_t supp_rates_len, |
diff --git a/net/mac80211/key.c b/net/mac80211/key.c index f825e2f0a57e..739bee13e813 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c | |||
@@ -61,6 +61,36 @@ static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key) | |||
61 | return NULL; | 61 | return NULL; |
62 | } | 62 | } |
63 | 63 | ||
64 | static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) | ||
65 | { | ||
66 | /* | ||
67 | * When this count is zero, SKB resizing for allocating tailroom | ||
68 | * for IV or MMIC is skipped. But, this check has created two race | ||
69 | * cases in xmit path while transiting from zero count to one: | ||
70 | * | ||
71 | * 1. SKB resize was skipped because no key was added but just before | ||
72 | * the xmit key is added and SW encryption kicks off. | ||
73 | * | ||
74 | * 2. SKB resize was skipped because all the keys were hw planted but | ||
75 | * just before xmit one of the key is deleted and SW encryption kicks | ||
76 | * off. | ||
77 | * | ||
78 | * In both the above case SW encryption will find not enough space for | ||
79 | * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c) | ||
80 | * | ||
81 | * Solution has been explained at | ||
82 | * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net | ||
83 | */ | ||
84 | |||
85 | if (!sdata->crypto_tx_tailroom_needed_cnt++) { | ||
86 | /* | ||
87 | * Flush all XMIT packets currently using HW encryption or no | ||
88 | * encryption at all if the count transition is from 0 -> 1. | ||
89 | */ | ||
90 | synchronize_net(); | ||
91 | } | ||
92 | } | ||
93 | |||
64 | static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) | 94 | static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) |
65 | { | 95 | { |
66 | struct ieee80211_sub_if_data *sdata; | 96 | struct ieee80211_sub_if_data *sdata; |
@@ -101,6 +131,11 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) | |||
101 | 131 | ||
102 | if (!ret) { | 132 | if (!ret) { |
103 | key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; | 133 | key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; |
134 | |||
135 | if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || | ||
136 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))) | ||
137 | sdata->crypto_tx_tailroom_needed_cnt--; | ||
138 | |||
104 | return 0; | 139 | return 0; |
105 | } | 140 | } |
106 | 141 | ||
@@ -142,6 +177,10 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) | |||
142 | sta = get_sta_for_key(key); | 177 | sta = get_sta_for_key(key); |
143 | sdata = key->sdata; | 178 | sdata = key->sdata; |
144 | 179 | ||
180 | if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || | ||
181 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))) | ||
182 | increment_tailroom_need_count(sdata); | ||
183 | |||
145 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) | 184 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) |
146 | sdata = container_of(sdata->bss, | 185 | sdata = container_of(sdata->bss, |
147 | struct ieee80211_sub_if_data, | 186 | struct ieee80211_sub_if_data, |
@@ -330,6 +369,7 @@ struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, | |||
330 | get_unaligned_le16(seq); | 369 | get_unaligned_le16(seq); |
331 | } | 370 | } |
332 | } | 371 | } |
372 | spin_lock_init(&key->u.tkip.txlock); | ||
333 | break; | 373 | break; |
334 | case WLAN_CIPHER_SUITE_CCMP: | 374 | case WLAN_CIPHER_SUITE_CCMP: |
335 | key->conf.iv_len = CCMP_HDR_LEN; | 375 | key->conf.iv_len = CCMP_HDR_LEN; |
@@ -394,8 +434,10 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key) | |||
394 | ieee80211_aes_key_free(key->u.ccmp.tfm); | 434 | ieee80211_aes_key_free(key->u.ccmp.tfm); |
395 | if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) | 435 | if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) |
396 | ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); | 436 | ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); |
397 | if (key->local) | 437 | if (key->local) { |
398 | ieee80211_debugfs_key_remove(key); | 438 | ieee80211_debugfs_key_remove(key); |
439 | key->sdata->crypto_tx_tailroom_needed_cnt--; | ||
440 | } | ||
399 | 441 | ||
400 | kfree(key); | 442 | kfree(key); |
401 | } | 443 | } |
@@ -452,6 +494,8 @@ int ieee80211_key_link(struct ieee80211_key *key, | |||
452 | else | 494 | else |
453 | old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); | 495 | old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
454 | 496 | ||
497 | increment_tailroom_need_count(sdata); | ||
498 | |||
455 | __ieee80211_key_replace(sdata, sta, pairwise, old_key, key); | 499 | __ieee80211_key_replace(sdata, sta, pairwise, old_key, key); |
456 | __ieee80211_key_destroy(old_key); | 500 | __ieee80211_key_destroy(old_key); |
457 | 501 | ||
@@ -498,12 +542,49 @@ void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) | |||
498 | 542 | ||
499 | mutex_lock(&sdata->local->key_mtx); | 543 | mutex_lock(&sdata->local->key_mtx); |
500 | 544 | ||
501 | list_for_each_entry(key, &sdata->key_list, list) | 545 | sdata->crypto_tx_tailroom_needed_cnt = 0; |
546 | |||
547 | list_for_each_entry(key, &sdata->key_list, list) { | ||
548 | increment_tailroom_need_count(sdata); | ||
502 | ieee80211_key_enable_hw_accel(key); | 549 | ieee80211_key_enable_hw_accel(key); |
550 | } | ||
503 | 551 | ||
504 | mutex_unlock(&sdata->local->key_mtx); | 552 | mutex_unlock(&sdata->local->key_mtx); |
505 | } | 553 | } |
506 | 554 | ||
555 | void ieee80211_iter_keys(struct ieee80211_hw *hw, | ||
556 | struct ieee80211_vif *vif, | ||
557 | void (*iter)(struct ieee80211_hw *hw, | ||
558 | struct ieee80211_vif *vif, | ||
559 | struct ieee80211_sta *sta, | ||
560 | struct ieee80211_key_conf *key, | ||
561 | void *data), | ||
562 | void *iter_data) | ||
563 | { | ||
564 | struct ieee80211_local *local = hw_to_local(hw); | ||
565 | struct ieee80211_key *key; | ||
566 | struct ieee80211_sub_if_data *sdata; | ||
567 | |||
568 | ASSERT_RTNL(); | ||
569 | |||
570 | mutex_lock(&local->key_mtx); | ||
571 | if (vif) { | ||
572 | sdata = vif_to_sdata(vif); | ||
573 | list_for_each_entry(key, &sdata->key_list, list) | ||
574 | iter(hw, &sdata->vif, | ||
575 | key->sta ? &key->sta->sta : NULL, | ||
576 | &key->conf, iter_data); | ||
577 | } else { | ||
578 | list_for_each_entry(sdata, &local->interfaces, list) | ||
579 | list_for_each_entry(key, &sdata->key_list, list) | ||
580 | iter(hw, &sdata->vif, | ||
581 | key->sta ? &key->sta->sta : NULL, | ||
582 | &key->conf, iter_data); | ||
583 | } | ||
584 | mutex_unlock(&local->key_mtx); | ||
585 | } | ||
586 | EXPORT_SYMBOL(ieee80211_iter_keys); | ||
587 | |||
507 | void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) | 588 | void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) |
508 | { | 589 | { |
509 | struct ieee80211_key *key; | 590 | struct ieee80211_key *key; |
@@ -533,3 +614,89 @@ void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) | |||
533 | 614 | ||
534 | mutex_unlock(&sdata->local->key_mtx); | 615 | mutex_unlock(&sdata->local->key_mtx); |
535 | } | 616 | } |
617 | |||
618 | |||
619 | void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid, | ||
620 | const u8 *replay_ctr, gfp_t gfp) | ||
621 | { | ||
622 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); | ||
623 | |||
624 | trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr); | ||
625 | |||
626 | cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp); | ||
627 | } | ||
628 | EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); | ||
629 | |||
630 | void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, | ||
631 | struct ieee80211_key_seq *seq) | ||
632 | { | ||
633 | struct ieee80211_key *key; | ||
634 | u64 pn64; | ||
635 | |||
636 | if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV))) | ||
637 | return; | ||
638 | |||
639 | key = container_of(keyconf, struct ieee80211_key, conf); | ||
640 | |||
641 | switch (key->conf.cipher) { | ||
642 | case WLAN_CIPHER_SUITE_TKIP: | ||
643 | seq->tkip.iv32 = key->u.tkip.tx.iv32; | ||
644 | seq->tkip.iv16 = key->u.tkip.tx.iv16; | ||
645 | break; | ||
646 | case WLAN_CIPHER_SUITE_CCMP: | ||
647 | pn64 = atomic64_read(&key->u.ccmp.tx_pn); | ||
648 | seq->ccmp.pn[5] = pn64; | ||
649 | seq->ccmp.pn[4] = pn64 >> 8; | ||
650 | seq->ccmp.pn[3] = pn64 >> 16; | ||
651 | seq->ccmp.pn[2] = pn64 >> 24; | ||
652 | seq->ccmp.pn[1] = pn64 >> 32; | ||
653 | seq->ccmp.pn[0] = pn64 >> 40; | ||
654 | break; | ||
655 | case WLAN_CIPHER_SUITE_AES_CMAC: | ||
656 | pn64 = atomic64_read(&key->u.aes_cmac.tx_pn); | ||
657 | seq->ccmp.pn[5] = pn64; | ||
658 | seq->ccmp.pn[4] = pn64 >> 8; | ||
659 | seq->ccmp.pn[3] = pn64 >> 16; | ||
660 | seq->ccmp.pn[2] = pn64 >> 24; | ||
661 | seq->ccmp.pn[1] = pn64 >> 32; | ||
662 | seq->ccmp.pn[0] = pn64 >> 40; | ||
663 | break; | ||
664 | default: | ||
665 | WARN_ON(1); | ||
666 | } | ||
667 | } | ||
668 | EXPORT_SYMBOL(ieee80211_get_key_tx_seq); | ||
669 | |||
670 | void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, | ||
671 | int tid, struct ieee80211_key_seq *seq) | ||
672 | { | ||
673 | struct ieee80211_key *key; | ||
674 | const u8 *pn; | ||
675 | |||
676 | key = container_of(keyconf, struct ieee80211_key, conf); | ||
677 | |||
678 | switch (key->conf.cipher) { | ||
679 | case WLAN_CIPHER_SUITE_TKIP: | ||
680 | if (WARN_ON(tid < 0 || tid >= NUM_RX_DATA_QUEUES)) | ||
681 | return; | ||
682 | seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; | ||
683 | seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; | ||
684 | break; | ||
685 | case WLAN_CIPHER_SUITE_CCMP: | ||
686 | if (WARN_ON(tid < -1 || tid >= NUM_RX_DATA_QUEUES)) | ||
687 | return; | ||
688 | if (tid < 0) | ||
689 | pn = key->u.ccmp.rx_pn[NUM_RX_DATA_QUEUES]; | ||
690 | else | ||
691 | pn = key->u.ccmp.rx_pn[tid]; | ||
692 | memcpy(seq->ccmp.pn, pn, CCMP_PN_LEN); | ||
693 | break; | ||
694 | case WLAN_CIPHER_SUITE_AES_CMAC: | ||
695 | if (WARN_ON(tid != 0)) | ||
696 | return; | ||
697 | pn = key->u.aes_cmac.rx_pn; | ||
698 | memcpy(seq->aes_cmac.pn, pn, CMAC_PN_LEN); | ||
699 | break; | ||
700 | } | ||
701 | } | ||
702 | EXPORT_SYMBOL(ieee80211_get_key_rx_seq); | ||
diff --git a/net/mac80211/key.h b/net/mac80211/key.h index d801d5351336..86b216b01415 100644 --- a/net/mac80211/key.h +++ b/net/mac80211/key.h | |||
@@ -28,8 +28,9 @@ | |||
28 | #define CCMP_PN_LEN 6 | 28 | #define CCMP_PN_LEN 6 |
29 | #define TKIP_IV_LEN 8 | 29 | #define TKIP_IV_LEN 8 |
30 | #define TKIP_ICV_LEN 4 | 30 | #define TKIP_ICV_LEN 4 |
31 | #define CMAC_PN_LEN 6 | ||
31 | 32 | ||
32 | #define NUM_RX_DATA_QUEUES 17 | 33 | #define NUM_RX_DATA_QUEUES 16 |
33 | 34 | ||
34 | struct ieee80211_local; | 35 | struct ieee80211_local; |
35 | struct ieee80211_sub_if_data; | 36 | struct ieee80211_sub_if_data; |
@@ -52,9 +53,10 @@ enum ieee80211_internal_tkip_state { | |||
52 | }; | 53 | }; |
53 | 54 | ||
54 | struct tkip_ctx { | 55 | struct tkip_ctx { |
55 | u32 iv32; | 56 | u32 iv32; /* current iv32 */ |
56 | u16 iv16; | 57 | u16 iv16; /* current iv16 */ |
57 | u16 p1k[5]; | 58 | u16 p1k[5]; /* p1k cache */ |
59 | u32 p1k_iv32; /* iv32 for which p1k computed */ | ||
58 | enum ieee80211_internal_tkip_state state; | 60 | enum ieee80211_internal_tkip_state state; |
59 | }; | 61 | }; |
60 | 62 | ||
@@ -71,6 +73,9 @@ struct ieee80211_key { | |||
71 | 73 | ||
72 | union { | 74 | union { |
73 | struct { | 75 | struct { |
76 | /* protects tx context */ | ||
77 | spinlock_t txlock; | ||
78 | |||
74 | /* last used TSC */ | 79 | /* last used TSC */ |
75 | struct tkip_ctx tx; | 80 | struct tkip_ctx tx; |
76 | 81 | ||
@@ -78,32 +83,23 @@ struct ieee80211_key { | |||
78 | struct tkip_ctx rx[NUM_RX_DATA_QUEUES]; | 83 | struct tkip_ctx rx[NUM_RX_DATA_QUEUES]; |
79 | } tkip; | 84 | } tkip; |
80 | struct { | 85 | struct { |
81 | u8 tx_pn[6]; | 86 | atomic64_t tx_pn; |
82 | /* | 87 | /* |
83 | * Last received packet number. The first | 88 | * Last received packet number. The first |
84 | * NUM_RX_DATA_QUEUES counters are used with Data | 89 | * NUM_RX_DATA_QUEUES counters are used with Data |
85 | * frames and the last counter is used with Robust | 90 | * frames and the last counter is used with Robust |
86 | * Management frames. | 91 | * Management frames. |
87 | */ | 92 | */ |
88 | u8 rx_pn[NUM_RX_DATA_QUEUES + 1][6]; | 93 | u8 rx_pn[NUM_RX_DATA_QUEUES + 1][CCMP_PN_LEN]; |
89 | struct crypto_cipher *tfm; | 94 | struct crypto_cipher *tfm; |
90 | u32 replays; /* dot11RSNAStatsCCMPReplays */ | 95 | u32 replays; /* dot11RSNAStatsCCMPReplays */ |
91 | /* scratch buffers for virt_to_page() (crypto API) */ | ||
92 | #ifndef AES_BLOCK_LEN | ||
93 | #define AES_BLOCK_LEN 16 | ||
94 | #endif | ||
95 | u8 tx_crypto_buf[6 * AES_BLOCK_LEN]; | ||
96 | u8 rx_crypto_buf[6 * AES_BLOCK_LEN]; | ||
97 | } ccmp; | 96 | } ccmp; |
98 | struct { | 97 | struct { |
99 | u8 tx_pn[6]; | 98 | atomic64_t tx_pn; |
100 | u8 rx_pn[6]; | 99 | u8 rx_pn[CMAC_PN_LEN]; |
101 | struct crypto_cipher *tfm; | 100 | struct crypto_cipher *tfm; |
102 | u32 replays; /* dot11RSNAStatsCMACReplays */ | 101 | u32 replays; /* dot11RSNAStatsCMACReplays */ |
103 | u32 icverrors; /* dot11RSNAStatsCMACICVErrors */ | 102 | u32 icverrors; /* dot11RSNAStatsCMACICVErrors */ |
104 | /* scratch buffers for virt_to_page() (crypto API) */ | ||
105 | u8 tx_crypto_buf[2 * AES_BLOCK_LEN]; | ||
106 | u8 rx_crypto_buf[2 * AES_BLOCK_LEN]; | ||
107 | } aes_cmac; | 103 | } aes_cmac; |
108 | } u; | 104 | } u; |
109 | 105 | ||
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c index 0d2faacc3e87..068ee6518254 100644 --- a/net/mac80211/mesh_pathtbl.c +++ b/net/mac80211/mesh_pathtbl.c | |||
@@ -647,12 +647,12 @@ int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata) | |||
647 | mpath = node->mpath; | 647 | mpath = node->mpath; |
648 | if (mpath->sdata == sdata && | 648 | if (mpath->sdata == sdata && |
649 | memcmp(addr, mpath->dst, ETH_ALEN) == 0) { | 649 | memcmp(addr, mpath->dst, ETH_ALEN) == 0) { |
650 | spin_lock_bh(&mpath->state_lock); | 650 | spin_lock(&mpath->state_lock); |
651 | mpath->flags |= MESH_PATH_RESOLVING; | 651 | mpath->flags |= MESH_PATH_RESOLVING; |
652 | hlist_del_rcu(&node->list); | 652 | hlist_del_rcu(&node->list); |
653 | call_rcu(&node->rcu, mesh_path_node_reclaim); | 653 | call_rcu(&node->rcu, mesh_path_node_reclaim); |
654 | atomic_dec(&tbl->entries); | 654 | atomic_dec(&tbl->entries); |
655 | spin_unlock_bh(&mpath->state_lock); | 655 | spin_unlock(&mpath->state_lock); |
656 | goto enddel; | 656 | goto enddel; |
657 | } | 657 | } |
658 | } | 658 | } |
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index d595265d6c22..b6d9bd5f4d3c 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c | |||
@@ -749,7 +749,7 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work) | |||
749 | container_of(work, struct ieee80211_local, | 749 | container_of(work, struct ieee80211_local, |
750 | dynamic_ps_enable_work); | 750 | dynamic_ps_enable_work); |
751 | struct ieee80211_sub_if_data *sdata = local->ps_sdata; | 751 | struct ieee80211_sub_if_data *sdata = local->ps_sdata; |
752 | struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; | 752 | struct ieee80211_if_managed *ifmgd; |
753 | unsigned long flags; | 753 | unsigned long flags; |
754 | int q; | 754 | int q; |
755 | 755 | ||
@@ -757,26 +757,39 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work) | |||
757 | if (!sdata) | 757 | if (!sdata) |
758 | return; | 758 | return; |
759 | 759 | ||
760 | ifmgd = &sdata->u.mgd; | ||
761 | |||
760 | if (local->hw.conf.flags & IEEE80211_CONF_PS) | 762 | if (local->hw.conf.flags & IEEE80211_CONF_PS) |
761 | return; | 763 | return; |
762 | 764 | ||
763 | /* | 765 | if (!local->disable_dynamic_ps && |
764 | * transmission can be stopped by others which leads to | 766 | local->hw.conf.dynamic_ps_timeout > 0) { |
765 | * dynamic_ps_timer expiry. Postpond the ps timer if it | 767 | /* don't enter PS if TX frames are pending */ |
766 | * is not the actual idle state. | 768 | if (drv_tx_frames_pending(local)) { |
767 | */ | ||
768 | spin_lock_irqsave(&local->queue_stop_reason_lock, flags); | ||
769 | for (q = 0; q < local->hw.queues; q++) { | ||
770 | if (local->queue_stop_reasons[q]) { | ||
771 | spin_unlock_irqrestore(&local->queue_stop_reason_lock, | ||
772 | flags); | ||
773 | mod_timer(&local->dynamic_ps_timer, jiffies + | 769 | mod_timer(&local->dynamic_ps_timer, jiffies + |
774 | msecs_to_jiffies( | 770 | msecs_to_jiffies( |
775 | local->hw.conf.dynamic_ps_timeout)); | 771 | local->hw.conf.dynamic_ps_timeout)); |
776 | return; | 772 | return; |
777 | } | 773 | } |
774 | |||
775 | /* | ||
776 | * transmission can be stopped by others which leads to | ||
777 | * dynamic_ps_timer expiry. Postpone the ps timer if it | ||
778 | * is not the actual idle state. | ||
779 | */ | ||
780 | spin_lock_irqsave(&local->queue_stop_reason_lock, flags); | ||
781 | for (q = 0; q < local->hw.queues; q++) { | ||
782 | if (local->queue_stop_reasons[q]) { | ||
783 | spin_unlock_irqrestore(&local->queue_stop_reason_lock, | ||
784 | flags); | ||
785 | mod_timer(&local->dynamic_ps_timer, jiffies + | ||
786 | msecs_to_jiffies( | ||
787 | local->hw.conf.dynamic_ps_timeout)); | ||
788 | return; | ||
789 | } | ||
790 | } | ||
791 | spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); | ||
778 | } | 792 | } |
779 | spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); | ||
780 | 793 | ||
781 | if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && | 794 | if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && |
782 | (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) { | 795 | (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) { |
@@ -801,7 +814,8 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work) | |||
801 | ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); | 814 | ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); |
802 | } | 815 | } |
803 | 816 | ||
804 | netif_tx_wake_all_queues(sdata->dev); | 817 | if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) |
818 | netif_tx_wake_all_queues(sdata->dev); | ||
805 | } | 819 | } |
806 | 820 | ||
807 | void ieee80211_dynamic_ps_timer(unsigned long data) | 821 | void ieee80211_dynamic_ps_timer(unsigned long data) |
@@ -1204,7 +1218,8 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) | |||
1204 | ieee80211_send_nullfunc(sdata->local, sdata, 0); | 1218 | ieee80211_send_nullfunc(sdata->local, sdata, 0); |
1205 | } else { | 1219 | } else { |
1206 | ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); | 1220 | ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); |
1207 | ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0); | 1221 | ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0, |
1222 | true); | ||
1208 | } | 1223 | } |
1209 | 1224 | ||
1210 | ifmgd->probe_send_count++; | 1225 | ifmgd->probe_send_count++; |
@@ -1289,7 +1304,7 @@ struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw, | |||
1289 | 1304 | ||
1290 | ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); | 1305 | ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); |
1291 | skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid, | 1306 | skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid, |
1292 | ssid + 2, ssid[1], NULL, 0); | 1307 | ssid + 2, ssid[1], NULL, 0, true); |
1293 | 1308 | ||
1294 | return skb; | 1309 | return skb; |
1295 | } | 1310 | } |
@@ -2200,12 +2215,16 @@ void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata) | |||
2200 | { | 2215 | { |
2201 | struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; | 2216 | struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; |
2202 | 2217 | ||
2218 | if (!ifmgd->associated) | ||
2219 | return; | ||
2220 | |||
2203 | if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) | 2221 | if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running)) |
2204 | add_timer(&ifmgd->timer); | 2222 | add_timer(&ifmgd->timer); |
2205 | if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) | 2223 | if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) |
2206 | add_timer(&ifmgd->chswitch_timer); | 2224 | add_timer(&ifmgd->chswitch_timer); |
2207 | ieee80211_sta_reset_beacon_monitor(sdata); | 2225 | ieee80211_sta_reset_beacon_monitor(sdata); |
2208 | ieee80211_restart_sta_timer(sdata); | 2226 | ieee80211_restart_sta_timer(sdata); |
2227 | ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.monitor_work); | ||
2209 | } | 2228 | } |
2210 | #endif | 2229 | #endif |
2211 | 2230 | ||
@@ -2652,3 +2671,10 @@ void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, | |||
2652 | cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); | 2671 | cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp); |
2653 | } | 2672 | } |
2654 | EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); | 2673 | EXPORT_SYMBOL(ieee80211_cqm_rssi_notify); |
2674 | |||
2675 | unsigned char ieee80211_get_operstate(struct ieee80211_vif *vif) | ||
2676 | { | ||
2677 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); | ||
2678 | return sdata->dev->operstate; | ||
2679 | } | ||
2680 | EXPORT_SYMBOL(ieee80211_get_operstate); | ||
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c index 730778a2c90c..f87e993e713b 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c | |||
@@ -6,6 +6,28 @@ | |||
6 | #include "driver-ops.h" | 6 | #include "driver-ops.h" |
7 | #include "led.h" | 7 | #include "led.h" |
8 | 8 | ||
9 | /* return value indicates whether the driver should be further notified */ | ||
10 | static bool ieee80211_quiesce(struct ieee80211_sub_if_data *sdata) | ||
11 | { | ||
12 | switch (sdata->vif.type) { | ||
13 | case NL80211_IFTYPE_STATION: | ||
14 | ieee80211_sta_quiesce(sdata); | ||
15 | return true; | ||
16 | case NL80211_IFTYPE_ADHOC: | ||
17 | ieee80211_ibss_quiesce(sdata); | ||
18 | return true; | ||
19 | case NL80211_IFTYPE_MESH_POINT: | ||
20 | ieee80211_mesh_quiesce(sdata); | ||
21 | return true; | ||
22 | case NL80211_IFTYPE_AP_VLAN: | ||
23 | case NL80211_IFTYPE_MONITOR: | ||
24 | /* don't tell driver about this */ | ||
25 | return false; | ||
26 | default: | ||
27 | return true; | ||
28 | } | ||
29 | } | ||
30 | |||
9 | int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) | 31 | int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) |
10 | { | 32 | { |
11 | struct ieee80211_local *local = hw_to_local(hw); | 33 | struct ieee80211_local *local = hw_to_local(hw); |
@@ -50,11 +72,19 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) | |||
50 | local->wowlan = wowlan && local->open_count; | 72 | local->wowlan = wowlan && local->open_count; |
51 | if (local->wowlan) { | 73 | if (local->wowlan) { |
52 | int err = drv_suspend(local, wowlan); | 74 | int err = drv_suspend(local, wowlan); |
53 | if (err) { | 75 | if (err < 0) { |
54 | local->quiescing = false; | 76 | local->quiescing = false; |
55 | return err; | 77 | return err; |
78 | } else if (err > 0) { | ||
79 | WARN_ON(err != 1); | ||
80 | local->wowlan = false; | ||
81 | } else { | ||
82 | list_for_each_entry(sdata, &local->interfaces, list) { | ||
83 | cancel_work_sync(&sdata->work); | ||
84 | ieee80211_quiesce(sdata); | ||
85 | } | ||
86 | goto suspend; | ||
56 | } | 87 | } |
57 | goto suspend; | ||
58 | } | 88 | } |
59 | 89 | ||
60 | /* disable keys */ | 90 | /* disable keys */ |
@@ -82,23 +112,8 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) | |||
82 | list_for_each_entry(sdata, &local->interfaces, list) { | 112 | list_for_each_entry(sdata, &local->interfaces, list) { |
83 | cancel_work_sync(&sdata->work); | 113 | cancel_work_sync(&sdata->work); |
84 | 114 | ||
85 | switch(sdata->vif.type) { | 115 | if (!ieee80211_quiesce(sdata)) |
86 | case NL80211_IFTYPE_STATION: | ||
87 | ieee80211_sta_quiesce(sdata); | ||
88 | break; | ||
89 | case NL80211_IFTYPE_ADHOC: | ||
90 | ieee80211_ibss_quiesce(sdata); | ||
91 | break; | ||
92 | case NL80211_IFTYPE_MESH_POINT: | ||
93 | ieee80211_mesh_quiesce(sdata); | ||
94 | break; | ||
95 | case NL80211_IFTYPE_AP_VLAN: | ||
96 | case NL80211_IFTYPE_MONITOR: | ||
97 | /* don't tell driver about this */ | ||
98 | continue; | 116 | continue; |
99 | default: | ||
100 | break; | ||
101 | } | ||
102 | 117 | ||
103 | if (!ieee80211_sdata_running(sdata)) | 118 | if (!ieee80211_sdata_running(sdata)) |
104 | continue; | 119 | continue; |
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c index 8adac67395f7..58a89554b788 100644 --- a/net/mac80211/rc80211_minstrel.c +++ b/net/mac80211/rc80211_minstrel.c | |||
@@ -532,12 +532,21 @@ minstrel_alloc(struct ieee80211_hw *hw, struct dentry *debugfsdir) | |||
532 | mp->hw = hw; | 532 | mp->hw = hw; |
533 | mp->update_interval = 100; | 533 | mp->update_interval = 100; |
534 | 534 | ||
535 | #ifdef CONFIG_MAC80211_DEBUGFS | ||
536 | mp->fixed_rate_idx = (u32) -1; | ||
537 | mp->dbg_fixed_rate = debugfs_create_u32("fixed_rate_idx", | ||
538 | S_IRUGO | S_IWUGO, debugfsdir, &mp->fixed_rate_idx); | ||
539 | #endif | ||
540 | |||
535 | return mp; | 541 | return mp; |
536 | } | 542 | } |
537 | 543 | ||
538 | static void | 544 | static void |
539 | minstrel_free(void *priv) | 545 | minstrel_free(void *priv) |
540 | { | 546 | { |
547 | #ifdef CONFIG_MAC80211_DEBUGFS | ||
548 | debugfs_remove(((struct minstrel_priv *)priv)->dbg_fixed_rate); | ||
549 | #endif | ||
541 | kfree(priv); | 550 | kfree(priv); |
542 | } | 551 | } |
543 | 552 | ||
diff --git a/net/mac80211/rc80211_minstrel.h b/net/mac80211/rc80211_minstrel.h index 0f5a83370aa6..5d278eccaef0 100644 --- a/net/mac80211/rc80211_minstrel.h +++ b/net/mac80211/rc80211_minstrel.h | |||
@@ -78,6 +78,18 @@ struct minstrel_priv { | |||
78 | unsigned int update_interval; | 78 | unsigned int update_interval; |
79 | unsigned int lookaround_rate; | 79 | unsigned int lookaround_rate; |
80 | unsigned int lookaround_rate_mrr; | 80 | unsigned int lookaround_rate_mrr; |
81 | |||
82 | #ifdef CONFIG_MAC80211_DEBUGFS | ||
83 | /* | ||
84 | * enable fixed rate processing per RC | ||
85 | * - write static index to debugfs:ieee80211/phyX/rc/fixed_rate_idx | ||
86 | * - write -1 to enable RC processing again | ||
87 | * - setting will be applied on next update | ||
88 | */ | ||
89 | u32 fixed_rate_idx; | ||
90 | struct dentry *dbg_fixed_rate; | ||
91 | #endif | ||
92 | |||
81 | }; | 93 | }; |
82 | 94 | ||
83 | struct minstrel_debugfs_info { | 95 | struct minstrel_debugfs_info { |
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c index 333b5118be6d..66a1eeb279c6 100644 --- a/net/mac80211/rc80211_minstrel_ht.c +++ b/net/mac80211/rc80211_minstrel_ht.c | |||
@@ -609,6 +609,13 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta, | |||
609 | 609 | ||
610 | info->flags |= mi->tx_flags; | 610 | info->flags |= mi->tx_flags; |
611 | sample_idx = minstrel_get_sample_rate(mp, mi); | 611 | sample_idx = minstrel_get_sample_rate(mp, mi); |
612 | |||
613 | #ifdef CONFIG_MAC80211_DEBUGFS | ||
614 | /* use fixed index if set */ | ||
615 | if (mp->fixed_rate_idx != -1) | ||
616 | sample_idx = mp->fixed_rate_idx; | ||
617 | #endif | ||
618 | |||
612 | if (sample_idx >= 0) { | 619 | if (sample_idx >= 0) { |
613 | sample = true; | 620 | sample = true; |
614 | minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx, | 621 | minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx, |
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 7fa8c6be7bf0..e6dccc70931d 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c | |||
@@ -331,15 +331,18 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | |||
331 | { | 331 | { |
332 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; | 332 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; |
333 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); | 333 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); |
334 | int tid; | 334 | int tid, seqno_idx, security_idx; |
335 | 335 | ||
336 | /* does the frame have a qos control field? */ | 336 | /* does the frame have a qos control field? */ |
337 | if (ieee80211_is_data_qos(hdr->frame_control)) { | 337 | if (ieee80211_is_data_qos(hdr->frame_control)) { |
338 | u8 *qc = ieee80211_get_qos_ctl(hdr); | 338 | u8 *qc = ieee80211_get_qos_ctl(hdr); |
339 | /* frame has qos control */ | 339 | /* frame has qos control */ |
340 | tid = *qc & IEEE80211_QOS_CTL_TID_MASK; | 340 | tid = *qc & IEEE80211_QOS_CTL_TID_MASK; |
341 | if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) | 341 | if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT) |
342 | status->rx_flags |= IEEE80211_RX_AMSDU; | 342 | status->rx_flags |= IEEE80211_RX_AMSDU; |
343 | |||
344 | seqno_idx = tid; | ||
345 | security_idx = tid; | ||
343 | } else { | 346 | } else { |
344 | /* | 347 | /* |
345 | * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): | 348 | * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): |
@@ -352,10 +355,15 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) | |||
352 | * | 355 | * |
353 | * We also use that counter for non-QoS STAs. | 356 | * We also use that counter for non-QoS STAs. |
354 | */ | 357 | */ |
355 | tid = NUM_RX_DATA_QUEUES - 1; | 358 | seqno_idx = NUM_RX_DATA_QUEUES; |
359 | security_idx = 0; | ||
360 | if (ieee80211_is_mgmt(hdr->frame_control)) | ||
361 | security_idx = NUM_RX_DATA_QUEUES; | ||
362 | tid = 0; | ||
356 | } | 363 | } |
357 | 364 | ||
358 | rx->queue = tid; | 365 | rx->seqno_idx = seqno_idx; |
366 | rx->security_idx = security_idx; | ||
359 | /* Set skb->priority to 1d tag if highest order bit of TID is not set. | 367 | /* Set skb->priority to 1d tag if highest order bit of TID is not set. |
360 | * For now, set skb->priority to 0 for other cases. */ | 368 | * For now, set skb->priority to 0 for other cases. */ |
361 | rx->skb->priority = (tid > 7) ? 0 : tid; | 369 | rx->skb->priority = (tid > 7) ? 0 : tid; |
@@ -810,7 +818,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | |||
810 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ | 818 | /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ |
811 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { | 819 | if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { |
812 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && | 820 | if (unlikely(ieee80211_has_retry(hdr->frame_control) && |
813 | rx->sta->last_seq_ctrl[rx->queue] == | 821 | rx->sta->last_seq_ctrl[rx->seqno_idx] == |
814 | hdr->seq_ctrl)) { | 822 | hdr->seq_ctrl)) { |
815 | if (status->rx_flags & IEEE80211_RX_RA_MATCH) { | 823 | if (status->rx_flags & IEEE80211_RX_RA_MATCH) { |
816 | rx->local->dot11FrameDuplicateCount++; | 824 | rx->local->dot11FrameDuplicateCount++; |
@@ -818,7 +826,7 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx) | |||
818 | } | 826 | } |
819 | return RX_DROP_UNUSABLE; | 827 | return RX_DROP_UNUSABLE; |
820 | } else | 828 | } else |
821 | rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl; | 829 | rx->sta->last_seq_ctrl[rx->seqno_idx] = hdr->seq_ctrl; |
822 | } | 830 | } |
823 | 831 | ||
824 | if (unlikely(rx->skb->len < 16)) { | 832 | if (unlikely(rx->skb->len < 16)) { |
@@ -1374,11 +1382,10 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
1374 | if (frag == 0) { | 1382 | if (frag == 0) { |
1375 | /* This is the first fragment of a new frame. */ | 1383 | /* This is the first fragment of a new frame. */ |
1376 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, | 1384 | entry = ieee80211_reassemble_add(rx->sdata, frag, seq, |
1377 | rx->queue, &(rx->skb)); | 1385 | rx->seqno_idx, &(rx->skb)); |
1378 | if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP && | 1386 | if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP && |
1379 | ieee80211_has_protected(fc)) { | 1387 | ieee80211_has_protected(fc)) { |
1380 | int queue = ieee80211_is_mgmt(fc) ? | 1388 | int queue = rx->security_idx; |
1381 | NUM_RX_DATA_QUEUES : rx->queue; | ||
1382 | /* Store CCMP PN so that we can verify that the next | 1389 | /* Store CCMP PN so that we can verify that the next |
1383 | * fragment has a sequential PN value. */ | 1390 | * fragment has a sequential PN value. */ |
1384 | entry->ccmp = 1; | 1391 | entry->ccmp = 1; |
@@ -1392,7 +1399,8 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
1392 | /* This is a fragment for a frame that should already be pending in | 1399 | /* This is a fragment for a frame that should already be pending in |
1393 | * fragment cache. Add this fragment to the end of the pending entry. | 1400 | * fragment cache. Add this fragment to the end of the pending entry. |
1394 | */ | 1401 | */ |
1395 | entry = ieee80211_reassemble_find(rx->sdata, frag, seq, rx->queue, hdr); | 1402 | entry = ieee80211_reassemble_find(rx->sdata, frag, seq, |
1403 | rx->seqno_idx, hdr); | ||
1396 | if (!entry) { | 1404 | if (!entry) { |
1397 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); | 1405 | I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag); |
1398 | return RX_DROP_MONITOR; | 1406 | return RX_DROP_MONITOR; |
@@ -1412,8 +1420,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | |||
1412 | if (pn[i]) | 1420 | if (pn[i]) |
1413 | break; | 1421 | break; |
1414 | } | 1422 | } |
1415 | queue = ieee80211_is_mgmt(fc) ? | 1423 | queue = rx->security_idx; |
1416 | NUM_RX_DATA_QUEUES : rx->queue; | ||
1417 | rpn = rx->key->u.ccmp.rx_pn[queue]; | 1424 | rpn = rx->key->u.ccmp.rx_pn[queue]; |
1418 | if (memcmp(pn, rpn, CCMP_PN_LEN)) | 1425 | if (memcmp(pn, rpn, CCMP_PN_LEN)) |
1419 | return RX_DROP_UNUSABLE; | 1426 | return RX_DROP_UNUSABLE; |
@@ -2590,7 +2597,9 @@ void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid) | |||
2590 | .sta = sta, | 2597 | .sta = sta, |
2591 | .sdata = sta->sdata, | 2598 | .sdata = sta->sdata, |
2592 | .local = sta->local, | 2599 | .local = sta->local, |
2593 | .queue = tid, | 2600 | /* This is OK -- must be QoS data frame */ |
2601 | .security_idx = tid, | ||
2602 | .seqno_idx = tid, | ||
2594 | .flags = 0, | 2603 | .flags = 0, |
2595 | }; | 2604 | }; |
2596 | struct tid_ampdu_rx *tid_agg_rx; | 2605 | struct tid_ampdu_rx *tid_agg_rx; |
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 669d2e32efb6..08a45ac3d6f8 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c | |||
@@ -228,6 +228,7 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) | |||
228 | static bool ieee80211_prep_hw_scan(struct ieee80211_local *local) | 228 | static bool ieee80211_prep_hw_scan(struct ieee80211_local *local) |
229 | { | 229 | { |
230 | struct cfg80211_scan_request *req = local->scan_req; | 230 | struct cfg80211_scan_request *req = local->scan_req; |
231 | struct ieee80211_sub_if_data *sdata = local->scan_sdata; | ||
231 | enum ieee80211_band band; | 232 | enum ieee80211_band band; |
232 | int i, ielen, n_chans; | 233 | int i, ielen, n_chans; |
233 | 234 | ||
@@ -251,8 +252,8 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local) | |||
251 | local->hw_scan_req->n_channels = n_chans; | 252 | local->hw_scan_req->n_channels = n_chans; |
252 | 253 | ||
253 | ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie, | 254 | ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie, |
254 | req->ie, req->ie_len, band, (u32) -1, | 255 | req->ie, req->ie_len, band, |
255 | 0); | 256 | sdata->rc_rateidx_mask[band], 0); |
256 | local->hw_scan_req->ie_len = ielen; | 257 | local->hw_scan_req->ie_len = ielen; |
257 | 258 | ||
258 | return true; | 259 | return true; |
@@ -658,7 +659,8 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, | |||
658 | sdata, NULL, | 659 | sdata, NULL, |
659 | local->scan_req->ssids[i].ssid, | 660 | local->scan_req->ssids[i].ssid, |
660 | local->scan_req->ssids[i].ssid_len, | 661 | local->scan_req->ssids[i].ssid_len, |
661 | local->scan_req->ie, local->scan_req->ie_len); | 662 | local->scan_req->ie, local->scan_req->ie_len, |
663 | false); | ||
662 | 664 | ||
663 | /* | 665 | /* |
664 | * After sending probe requests, wait for probe responses | 666 | * After sending probe requests, wait for probe responses |
@@ -821,10 +823,8 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, | |||
821 | */ | 823 | */ |
822 | void ieee80211_scan_cancel(struct ieee80211_local *local) | 824 | void ieee80211_scan_cancel(struct ieee80211_local *local) |
823 | { | 825 | { |
824 | bool abortscan; | ||
825 | |||
826 | /* | 826 | /* |
827 | * We are only canceling software scan, or deferred scan that was not | 827 | * We are canceling software scan, or deferred scan that was not |
828 | * yet really started (see __ieee80211_start_scan ). | 828 | * yet really started (see __ieee80211_start_scan ). |
829 | * | 829 | * |
830 | * Regarding hardware scan: | 830 | * Regarding hardware scan: |
@@ -836,23 +836,30 @@ void ieee80211_scan_cancel(struct ieee80211_local *local) | |||
836 | * - we can not cancel scan_work since driver can schedule it | 836 | * - we can not cancel scan_work since driver can schedule it |
837 | * by ieee80211_scan_completed(..., true) to finish scan | 837 | * by ieee80211_scan_completed(..., true) to finish scan |
838 | * | 838 | * |
839 | * Hence low lever driver is responsible for canceling HW scan. | 839 | * Hence we only call the cancel_hw_scan() callback, but the low-level |
840 | * driver is still responsible for calling ieee80211_scan_completed() | ||
841 | * after the scan was completed/aborted. | ||
840 | */ | 842 | */ |
841 | 843 | ||
842 | mutex_lock(&local->mtx); | 844 | mutex_lock(&local->mtx); |
843 | abortscan = local->scan_req && !test_bit(SCAN_HW_SCANNING, &local->scanning); | 845 | if (!local->scan_req) |
844 | if (abortscan) { | 846 | goto out; |
845 | /* | 847 | |
846 | * The scan is canceled, but stop work from being pending. | 848 | if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { |
847 | * | 849 | if (local->ops->cancel_hw_scan) |
848 | * If the work is currently running, it must be blocked on | 850 | drv_cancel_hw_scan(local, local->scan_sdata); |
849 | * the mutex, but we'll set scan_sdata = NULL and it'll | 851 | goto out; |
850 | * simply exit once it acquires the mutex. | ||
851 | */ | ||
852 | cancel_delayed_work(&local->scan_work); | ||
853 | /* and clean up */ | ||
854 | __ieee80211_scan_completed(&local->hw, true, false); | ||
855 | } | 852 | } |
853 | |||
854 | /* | ||
855 | * If the work is currently running, it must be blocked on | ||
856 | * the mutex, but we'll set scan_sdata = NULL and it'll | ||
857 | * simply exit once it acquires the mutex. | ||
858 | */ | ||
859 | cancel_delayed_work(&local->scan_work); | ||
860 | /* and clean up */ | ||
861 | __ieee80211_scan_completed(&local->hw, true, false); | ||
862 | out: | ||
856 | mutex_unlock(&local->mtx); | 863 | mutex_unlock(&local->mtx); |
857 | } | 864 | } |
858 | 865 | ||
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h index c6ae8718bd57..28beb78e601e 100644 --- a/net/mac80211/sta_info.h +++ b/net/mac80211/sta_info.h | |||
@@ -158,6 +158,8 @@ struct tid_ampdu_rx { | |||
158 | * @work: work struct for starting/stopping aggregation | 158 | * @work: work struct for starting/stopping aggregation |
159 | * @tid_rx_timer_expired: bitmap indicating on which TIDs the | 159 | * @tid_rx_timer_expired: bitmap indicating on which TIDs the |
160 | * RX timer expired until the work for it runs | 160 | * RX timer expired until the work for it runs |
161 | * @tid_rx_stop_requested: bitmap indicating which BA sessions per TID the | ||
162 | * driver requested to close until the work for it runs | ||
161 | * @mtx: mutex to protect all TX data (except non-NULL assignments | 163 | * @mtx: mutex to protect all TX data (except non-NULL assignments |
162 | * to tid_tx[idx], which are protected by the sta spinlock) | 164 | * to tid_tx[idx], which are protected by the sta spinlock) |
163 | */ | 165 | */ |
@@ -166,6 +168,7 @@ struct sta_ampdu_mlme { | |||
166 | /* rx */ | 168 | /* rx */ |
167 | struct tid_ampdu_rx __rcu *tid_rx[STA_TID_NUM]; | 169 | struct tid_ampdu_rx __rcu *tid_rx[STA_TID_NUM]; |
168 | unsigned long tid_rx_timer_expired[BITS_TO_LONGS(STA_TID_NUM)]; | 170 | unsigned long tid_rx_timer_expired[BITS_TO_LONGS(STA_TID_NUM)]; |
171 | unsigned long tid_rx_stop_requested[BITS_TO_LONGS(STA_TID_NUM)]; | ||
169 | /* tx */ | 172 | /* tx */ |
170 | struct work_struct work; | 173 | struct work_struct work; |
171 | struct tid_ampdu_tx __rcu *tid_tx[STA_TID_NUM]; | 174 | struct tid_ampdu_tx __rcu *tid_tx[STA_TID_NUM]; |
@@ -284,7 +287,8 @@ struct sta_info { | |||
284 | unsigned long rx_dropped; | 287 | unsigned long rx_dropped; |
285 | int last_signal; | 288 | int last_signal; |
286 | struct ewma avg_signal; | 289 | struct ewma avg_signal; |
287 | __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES]; | 290 | /* Plus 1 for non-QoS frames */ |
291 | __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES + 1]; | ||
288 | 292 | ||
289 | /* Updated from TX status path only, no locking requirements */ | 293 | /* Updated from TX status path only, no locking requirements */ |
290 | unsigned long tx_filtered_count; | 294 | unsigned long tx_filtered_count; |
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index 757e4eb2baf7..cc79e697cdb2 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c | |||
@@ -101,6 +101,7 @@ static void tkip_mixing_phase1(const u8 *tk, struct tkip_ctx *ctx, | |||
101 | p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i; | 101 | p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i; |
102 | } | 102 | } |
103 | ctx->state = TKIP_STATE_PHASE1_DONE; | 103 | ctx->state = TKIP_STATE_PHASE1_DONE; |
104 | ctx->p1k_iv32 = tsc_IV32; | ||
104 | } | 105 | } |
105 | 106 | ||
106 | static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, | 107 | static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, |
@@ -140,60 +141,69 @@ static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, | |||
140 | /* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets | 141 | /* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets |
141 | * of the IV. Returns pointer to the octet following IVs (i.e., beginning of | 142 | * of the IV. Returns pointer to the octet following IVs (i.e., beginning of |
142 | * the packet payload). */ | 143 | * the packet payload). */ |
143 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16) | 144 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key) |
144 | { | 145 | { |
145 | pos = write_tkip_iv(pos, iv16); | 146 | lockdep_assert_held(&key->u.tkip.txlock); |
147 | |||
148 | pos = write_tkip_iv(pos, key->u.tkip.tx.iv16); | ||
146 | *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */; | 149 | *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */; |
147 | put_unaligned_le32(key->u.tkip.tx.iv32, pos); | 150 | put_unaligned_le32(key->u.tkip.tx.iv32, pos); |
148 | return pos + 4; | 151 | return pos + 4; |
149 | } | 152 | } |
150 | 153 | ||
151 | void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf, | 154 | static void ieee80211_compute_tkip_p1k(struct ieee80211_key *key, u32 iv32) |
152 | struct sk_buff *skb, enum ieee80211_tkip_key_type type, | ||
153 | u8 *outkey) | ||
154 | { | 155 | { |
155 | struct ieee80211_key *key = (struct ieee80211_key *) | 156 | struct ieee80211_sub_if_data *sdata = key->sdata; |
156 | container_of(keyconf, struct ieee80211_key, conf); | 157 | struct tkip_ctx *ctx = &key->u.tkip.tx; |
157 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | 158 | const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; |
158 | u8 *data; | ||
159 | const u8 *tk; | ||
160 | struct tkip_ctx *ctx; | ||
161 | u16 iv16; | ||
162 | u32 iv32; | ||
163 | |||
164 | data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control); | ||
165 | iv16 = data[2] | (data[0] << 8); | ||
166 | iv32 = get_unaligned_le32(&data[4]); | ||
167 | |||
168 | tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
169 | ctx = &key->u.tkip.tx; | ||
170 | 159 | ||
171 | #ifdef CONFIG_MAC80211_TKIP_DEBUG | 160 | lockdep_assert_held(&key->u.tkip.txlock); |
172 | printk(KERN_DEBUG "TKIP encrypt: iv16 = 0x%04x, iv32 = 0x%08x\n", | 161 | |
173 | iv16, iv32); | 162 | /* |
174 | 163 | * Update the P1K when the IV32 is different from the value it | |
175 | if (iv32 != ctx->iv32) { | 164 | * had when we last computed it (or when not initialised yet). |
176 | printk(KERN_DEBUG "skb: iv32 = 0x%08x key: iv32 = 0x%08x\n", | 165 | * This might flip-flop back and forth if packets are processed |
177 | iv32, ctx->iv32); | 166 | * out-of-order due to the different ACs, but then we have to |
178 | printk(KERN_DEBUG "Wrap around of iv16 in the middle of a " | 167 | * just compute the P1K more often. |
179 | "fragmented packet\n"); | 168 | */ |
180 | } | 169 | if (ctx->p1k_iv32 != iv32 || ctx->state == TKIP_STATE_NOT_INIT) |
181 | #endif | 170 | tkip_mixing_phase1(tk, ctx, sdata->vif.addr, iv32); |
171 | } | ||
182 | 172 | ||
183 | /* Update the p1k only when the iv16 in the packet wraps around, this | 173 | void ieee80211_get_tkip_p1k_iv(struct ieee80211_key_conf *keyconf, |
184 | * might occur after the wrap around of iv16 in the key in case of | 174 | u32 iv32, u16 *p1k) |
185 | * fragmented packets. */ | 175 | { |
186 | if (iv16 == 0 || ctx->state == TKIP_STATE_NOT_INIT) | 176 | struct ieee80211_key *key = (struct ieee80211_key *) |
187 | tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32); | 177 | container_of(keyconf, struct ieee80211_key, conf); |
178 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
179 | unsigned long flags; | ||
188 | 180 | ||
189 | if (type == IEEE80211_TKIP_P1_KEY) { | 181 | spin_lock_irqsave(&key->u.tkip.txlock, flags); |
190 | memcpy(outkey, ctx->p1k, sizeof(u16) * 5); | 182 | ieee80211_compute_tkip_p1k(key, iv32); |
191 | return; | 183 | memcpy(p1k, ctx->p1k, sizeof(ctx->p1k)); |
192 | } | 184 | spin_unlock_irqrestore(&key->u.tkip.txlock, flags); |
185 | } | ||
186 | EXPORT_SYMBOL(ieee80211_get_tkip_p1k_iv); | ||
193 | 187 | ||
194 | tkip_mixing_phase2(tk, ctx, iv16, outkey); | 188 | void ieee80211_get_tkip_p2k(struct ieee80211_key_conf *keyconf, |
189 | struct sk_buff *skb, u8 *p2k) | ||
190 | { | ||
191 | struct ieee80211_key *key = (struct ieee80211_key *) | ||
192 | container_of(keyconf, struct ieee80211_key, conf); | ||
193 | const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
194 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
195 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | ||
196 | const u8 *data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control); | ||
197 | u32 iv32 = get_unaligned_le32(&data[4]); | ||
198 | u16 iv16 = data[2] | (data[0] << 8); | ||
199 | unsigned long flags; | ||
200 | |||
201 | spin_lock_irqsave(&key->u.tkip.txlock, flags); | ||
202 | ieee80211_compute_tkip_p1k(key, iv32); | ||
203 | tkip_mixing_phase2(tk, ctx, iv16, p2k); | ||
204 | spin_unlock_irqrestore(&key->u.tkip.txlock, flags); | ||
195 | } | 205 | } |
196 | EXPORT_SYMBOL(ieee80211_get_tkip_key); | 206 | EXPORT_SYMBOL(ieee80211_get_tkip_p2k); |
197 | 207 | ||
198 | /* | 208 | /* |
199 | * Encrypt packet payload with TKIP using @key. @pos is a pointer to the | 209 | * Encrypt packet payload with TKIP using @key. @pos is a pointer to the |
@@ -204,19 +214,15 @@ EXPORT_SYMBOL(ieee80211_get_tkip_key); | |||
204 | */ | 214 | */ |
205 | int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, | 215 | int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, |
206 | struct ieee80211_key *key, | 216 | struct ieee80211_key *key, |
207 | u8 *pos, size_t payload_len, u8 *ta) | 217 | struct sk_buff *skb, |
218 | u8 *payload, size_t payload_len) | ||
208 | { | 219 | { |
209 | u8 rc4key[16]; | 220 | u8 rc4key[16]; |
210 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
211 | const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
212 | |||
213 | /* Calculate per-packet key */ | ||
214 | if (ctx->iv16 == 0 || ctx->state == TKIP_STATE_NOT_INIT) | ||
215 | tkip_mixing_phase1(tk, ctx, ta, ctx->iv32); | ||
216 | 221 | ||
217 | tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key); | 222 | ieee80211_get_tkip_p2k(&key->conf, skb, rc4key); |
218 | 223 | ||
219 | return ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len); | 224 | return ieee80211_wep_encrypt_data(tfm, rc4key, 16, |
225 | payload, payload_len); | ||
220 | } | 226 | } |
221 | 227 | ||
222 | /* Decrypt packet payload with TKIP using @key. @pos is a pointer to the | 228 | /* Decrypt packet payload with TKIP using @key. @pos is a pointer to the |
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h index 1cab9c86978f..e3ecb659b90a 100644 --- a/net/mac80211/tkip.h +++ b/net/mac80211/tkip.h | |||
@@ -13,11 +13,13 @@ | |||
13 | #include <linux/crypto.h> | 13 | #include <linux/crypto.h> |
14 | #include "key.h" | 14 | #include "key.h" |
15 | 15 | ||
16 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16); | 16 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key); |
17 | 17 | ||
18 | int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, | 18 | int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, |
19 | struct ieee80211_key *key, | 19 | struct ieee80211_key *key, |
20 | u8 *pos, size_t payload_len, u8 *ta); | 20 | struct sk_buff *skb, |
21 | u8 *payload, size_t payload_len); | ||
22 | |||
21 | enum { | 23 | enum { |
22 | TKIP_DECRYPT_OK = 0, | 24 | TKIP_DECRYPT_OK = 0, |
23 | TKIP_DECRYPT_NO_EXT_IV = -1, | 25 | TKIP_DECRYPT_NO_EXT_IV = -1, |
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 3104c844b544..e8d0d2d22665 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c | |||
@@ -1474,18 +1474,14 @@ static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata, | |||
1474 | 1474 | ||
1475 | /* device xmit handlers */ | 1475 | /* device xmit handlers */ |
1476 | 1476 | ||
1477 | static int ieee80211_skb_resize(struct ieee80211_local *local, | 1477 | static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata, |
1478 | struct sk_buff *skb, | 1478 | struct sk_buff *skb, |
1479 | int head_need, bool may_encrypt) | 1479 | int head_need, bool may_encrypt) |
1480 | { | 1480 | { |
1481 | struct ieee80211_local *local = sdata->local; | ||
1481 | int tail_need = 0; | 1482 | int tail_need = 0; |
1482 | 1483 | ||
1483 | /* | 1484 | if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) { |
1484 | * This could be optimised, devices that do full hardware | ||
1485 | * crypto (including TKIP MMIC) need no tailroom... But we | ||
1486 | * have no drivers for such devices currently. | ||
1487 | */ | ||
1488 | if (may_encrypt) { | ||
1489 | tail_need = IEEE80211_ENCRYPT_TAILROOM; | 1485 | tail_need = IEEE80211_ENCRYPT_TAILROOM; |
1490 | tail_need -= skb_tailroom(skb); | 1486 | tail_need -= skb_tailroom(skb); |
1491 | tail_need = max_t(int, tail_need, 0); | 1487 | tail_need = max_t(int, tail_need, 0); |
@@ -1578,7 +1574,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, | |||
1578 | headroom -= skb_headroom(skb); | 1574 | headroom -= skb_headroom(skb); |
1579 | headroom = max_t(int, 0, headroom); | 1575 | headroom = max_t(int, 0, headroom); |
1580 | 1576 | ||
1581 | if (ieee80211_skb_resize(local, skb, headroom, may_encrypt)) { | 1577 | if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) { |
1582 | dev_kfree_skb(skb); | 1578 | dev_kfree_skb(skb); |
1583 | rcu_read_unlock(); | 1579 | rcu_read_unlock(); |
1584 | return; | 1580 | return; |
@@ -1945,7 +1941,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb, | |||
1945 | head_need += IEEE80211_ENCRYPT_HEADROOM; | 1941 | head_need += IEEE80211_ENCRYPT_HEADROOM; |
1946 | head_need += local->tx_headroom; | 1942 | head_need += local->tx_headroom; |
1947 | head_need = max_t(int, 0, head_need); | 1943 | head_need = max_t(int, 0, head_need); |
1948 | if (ieee80211_skb_resize(local, skb, head_need, true)) | 1944 | if (ieee80211_skb_resize(sdata, skb, head_need, true)) |
1949 | goto fail; | 1945 | goto fail; |
1950 | } | 1946 | } |
1951 | 1947 | ||
diff --git a/net/mac80211/util.c b/net/mac80211/util.c index d3fe2d237485..652e5695225a 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c | |||
@@ -1018,7 +1018,8 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, | |||
1018 | struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, | 1018 | struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, |
1019 | u8 *dst, | 1019 | u8 *dst, |
1020 | const u8 *ssid, size_t ssid_len, | 1020 | const u8 *ssid, size_t ssid_len, |
1021 | const u8 *ie, size_t ie_len) | 1021 | const u8 *ie, size_t ie_len, |
1022 | bool directed) | ||
1022 | { | 1023 | { |
1023 | struct ieee80211_local *local = sdata->local; | 1024 | struct ieee80211_local *local = sdata->local; |
1024 | struct sk_buff *skb; | 1025 | struct sk_buff *skb; |
@@ -1035,8 +1036,16 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, | |||
1035 | return NULL; | 1036 | return NULL; |
1036 | } | 1037 | } |
1037 | 1038 | ||
1038 | chan = ieee80211_frequency_to_channel( | 1039 | /* |
1039 | local->hw.conf.channel->center_freq); | 1040 | * Do not send DS Channel parameter for directed probe requests |
1041 | * in order to maximize the chance that we get a response. Some | ||
1042 | * badly-behaved APs don't respond when this parameter is included. | ||
1043 | */ | ||
1044 | if (directed) | ||
1045 | chan = 0; | ||
1046 | else | ||
1047 | chan = ieee80211_frequency_to_channel( | ||
1048 | local->hw.conf.channel->center_freq); | ||
1040 | 1049 | ||
1041 | buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len, | 1050 | buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len, |
1042 | local->hw.conf.channel->band, | 1051 | local->hw.conf.channel->band, |
@@ -1062,11 +1071,13 @@ struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata, | |||
1062 | 1071 | ||
1063 | void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, | 1072 | void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, |
1064 | const u8 *ssid, size_t ssid_len, | 1073 | const u8 *ssid, size_t ssid_len, |
1065 | const u8 *ie, size_t ie_len) | 1074 | const u8 *ie, size_t ie_len, |
1075 | bool directed) | ||
1066 | { | 1076 | { |
1067 | struct sk_buff *skb; | 1077 | struct sk_buff *skb; |
1068 | 1078 | ||
1069 | skb = ieee80211_build_probe_req(sdata, dst, ssid, ssid_len, ie, ie_len); | 1079 | skb = ieee80211_build_probe_req(sdata, dst, ssid, ssid_len, ie, ie_len, |
1080 | directed); | ||
1070 | if (skb) | 1081 | if (skb) |
1071 | ieee80211_tx_skb(sdata, skb); | 1082 | ieee80211_tx_skb(sdata, skb); |
1072 | } | 1083 | } |
@@ -1276,7 +1287,9 @@ int ieee80211_reconfig(struct ieee80211_local *local) | |||
1276 | if (ieee80211_sdata_running(sdata)) | 1287 | if (ieee80211_sdata_running(sdata)) |
1277 | ieee80211_enable_keys(sdata); | 1288 | ieee80211_enable_keys(sdata); |
1278 | 1289 | ||
1290 | #ifdef CONFIG_PM | ||
1279 | wake_up: | 1291 | wake_up: |
1292 | #endif | ||
1280 | ieee80211_wake_queues_by_reason(hw, | 1293 | ieee80211_wake_queues_by_reason(hw, |
1281 | IEEE80211_QUEUE_STOP_REASON_SUSPEND); | 1294 | IEEE80211_QUEUE_STOP_REASON_SUSPEND); |
1282 | 1295 | ||
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c index 28bc084dbfb9..7a49532f14cb 100644 --- a/net/mac80211/wme.c +++ b/net/mac80211/wme.c | |||
@@ -151,8 +151,7 @@ void ieee80211_set_qos_hdr(struct ieee80211_local *local, struct sk_buff *skb) | |||
151 | tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK; | 151 | tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK; |
152 | 152 | ||
153 | if (unlikely(local->wifi_wme_noack_test)) | 153 | if (unlikely(local->wifi_wme_noack_test)) |
154 | ack_policy |= QOS_CONTROL_ACK_POLICY_NOACK << | 154 | ack_policy |= IEEE80211_QOS_CTL_ACK_POLICY_NOACK; |
155 | QOS_CONTROL_ACK_POLICY_SHIFT; | ||
156 | /* qos header is 2 bytes, second reserved */ | 155 | /* qos header is 2 bytes, second reserved */ |
157 | *p++ = ack_policy | tid; | 156 | *p++ = ack_policy | tid; |
158 | *p = 0; | 157 | *p = 0; |
diff --git a/net/mac80211/wme.h b/net/mac80211/wme.h index 6053b1c9feee..faead6d02026 100644 --- a/net/mac80211/wme.h +++ b/net/mac80211/wme.h | |||
@@ -13,11 +13,6 @@ | |||
13 | #include <linux/netdevice.h> | 13 | #include <linux/netdevice.h> |
14 | #include "ieee80211_i.h" | 14 | #include "ieee80211_i.h" |
15 | 15 | ||
16 | #define QOS_CONTROL_ACK_POLICY_NORMAL 0 | ||
17 | #define QOS_CONTROL_ACK_POLICY_NOACK 1 | ||
18 | |||
19 | #define QOS_CONTROL_ACK_POLICY_SHIFT 5 | ||
20 | |||
21 | extern const int ieee802_1d_to_ac[8]; | 16 | extern const int ieee802_1d_to_ac[8]; |
22 | 17 | ||
23 | u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata, | 18 | u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata, |
diff --git a/net/mac80211/work.c b/net/mac80211/work.c index d2e7f0e86677..edf8583280c9 100644 --- a/net/mac80211/work.c +++ b/net/mac80211/work.c | |||
@@ -450,7 +450,7 @@ ieee80211_direct_probe(struct ieee80211_work *wk) | |||
450 | * will not answer to direct packet in unassociated state. | 450 | * will not answer to direct packet in unassociated state. |
451 | */ | 451 | */ |
452 | ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, | 452 | ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid, |
453 | wk->probe_auth.ssid_len, NULL, 0); | 453 | wk->probe_auth.ssid_len, NULL, 0, true); |
454 | 454 | ||
455 | wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; | 455 | wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT; |
456 | run_again(local, wk->timeout); | 456 | run_again(local, wk->timeout); |
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index 8f6a302d2ac3..7bc8702808fa 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/gfp.h> | 15 | #include <linux/gfp.h> |
16 | #include <asm/unaligned.h> | 16 | #include <asm/unaligned.h> |
17 | #include <net/mac80211.h> | 17 | #include <net/mac80211.h> |
18 | #include <crypto/aes.h> | ||
18 | 19 | ||
19 | #include "ieee80211_i.h" | 20 | #include "ieee80211_i.h" |
20 | #include "michael.h" | 21 | #include "michael.h" |
@@ -86,11 +87,6 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) | |||
86 | struct sk_buff *skb = rx->skb; | 87 | struct sk_buff *skb = rx->skb; |
87 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | 88 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); |
88 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | 89 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; |
89 | int queue = rx->queue; | ||
90 | |||
91 | /* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */ | ||
92 | if (rx->queue == NUM_RX_DATA_QUEUES - 1) | ||
93 | queue = 0; | ||
94 | 90 | ||
95 | /* | 91 | /* |
96 | * it makes no sense to check for MIC errors on anything other | 92 | * it makes no sense to check for MIC errors on anything other |
@@ -153,8 +149,8 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) | |||
153 | 149 | ||
154 | update_iv: | 150 | update_iv: |
155 | /* update IV in key information to be able to detect replays */ | 151 | /* update IV in key information to be able to detect replays */ |
156 | rx->key->u.tkip.rx[queue].iv32 = rx->tkip_iv32; | 152 | rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32; |
157 | rx->key->u.tkip.rx[queue].iv16 = rx->tkip_iv16; | 153 | rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16; |
158 | 154 | ||
159 | return RX_CONTINUE; | 155 | return RX_CONTINUE; |
160 | 156 | ||
@@ -176,6 +172,7 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) | |||
176 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; | 172 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; |
177 | struct ieee80211_key *key = tx->key; | 173 | struct ieee80211_key *key = tx->key; |
178 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); | 174 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); |
175 | unsigned long flags; | ||
179 | unsigned int hdrlen; | 176 | unsigned int hdrlen; |
180 | int len, tail; | 177 | int len, tail; |
181 | u8 *pos; | 178 | u8 *pos; |
@@ -203,11 +200,12 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) | |||
203 | pos += hdrlen; | 200 | pos += hdrlen; |
204 | 201 | ||
205 | /* Increase IV for the frame */ | 202 | /* Increase IV for the frame */ |
203 | spin_lock_irqsave(&key->u.tkip.txlock, flags); | ||
206 | key->u.tkip.tx.iv16++; | 204 | key->u.tkip.tx.iv16++; |
207 | if (key->u.tkip.tx.iv16 == 0) | 205 | if (key->u.tkip.tx.iv16 == 0) |
208 | key->u.tkip.tx.iv32++; | 206 | key->u.tkip.tx.iv32++; |
209 | 207 | pos = ieee80211_tkip_add_iv(pos, key); | |
210 | pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16); | 208 | spin_unlock_irqrestore(&key->u.tkip.txlock, flags); |
211 | 209 | ||
212 | /* hwaccel - with software IV */ | 210 | /* hwaccel - with software IV */ |
213 | if (info->control.hw_key) | 211 | if (info->control.hw_key) |
@@ -216,9 +214,8 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) | |||
216 | /* Add room for ICV */ | 214 | /* Add room for ICV */ |
217 | skb_put(skb, TKIP_ICV_LEN); | 215 | skb_put(skb, TKIP_ICV_LEN); |
218 | 216 | ||
219 | hdr = (struct ieee80211_hdr *) skb->data; | ||
220 | return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, | 217 | return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, |
221 | key, pos, len, hdr->addr2); | 218 | key, skb, pos, len); |
222 | } | 219 | } |
223 | 220 | ||
224 | 221 | ||
@@ -246,11 +243,6 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) | |||
246 | struct ieee80211_key *key = rx->key; | 243 | struct ieee80211_key *key = rx->key; |
247 | struct sk_buff *skb = rx->skb; | 244 | struct sk_buff *skb = rx->skb; |
248 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); | 245 | struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); |
249 | int queue = rx->queue; | ||
250 | |||
251 | /* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */ | ||
252 | if (rx->queue == NUM_RX_DATA_QUEUES - 1) | ||
253 | queue = 0; | ||
254 | 246 | ||
255 | hdrlen = ieee80211_hdrlen(hdr->frame_control); | 247 | hdrlen = ieee80211_hdrlen(hdr->frame_control); |
256 | 248 | ||
@@ -271,7 +263,7 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) | |||
271 | res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, | 263 | res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, |
272 | key, skb->data + hdrlen, | 264 | key, skb->data + hdrlen, |
273 | skb->len - hdrlen, rx->sta->sta.addr, | 265 | skb->len - hdrlen, rx->sta->sta.addr, |
274 | hdr->addr1, hwaccel, queue, | 266 | hdr->addr1, hwaccel, rx->security_idx, |
275 | &rx->tkip_iv32, | 267 | &rx->tkip_iv32, |
276 | &rx->tkip_iv16); | 268 | &rx->tkip_iv16); |
277 | if (res != TKIP_DECRYPT_OK) | 269 | if (res != TKIP_DECRYPT_OK) |
@@ -299,8 +291,10 @@ static void ccmp_special_blocks(struct sk_buff *skb, u8 *pn, u8 *scratch, | |||
299 | unsigned int hdrlen; | 291 | unsigned int hdrlen; |
300 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | 292 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; |
301 | 293 | ||
302 | b_0 = scratch + 3 * AES_BLOCK_LEN; | 294 | memset(scratch, 0, 6 * AES_BLOCK_SIZE); |
303 | aad = scratch + 4 * AES_BLOCK_LEN; | 295 | |
296 | b_0 = scratch + 3 * AES_BLOCK_SIZE; | ||
297 | aad = scratch + 4 * AES_BLOCK_SIZE; | ||
304 | 298 | ||
305 | /* | 299 | /* |
306 | * Mask FC: zero subtype b4 b5 b6 (if not mgmt) | 300 | * Mask FC: zero subtype b4 b5 b6 (if not mgmt) |
@@ -389,8 +383,10 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) | |||
389 | struct ieee80211_key *key = tx->key; | 383 | struct ieee80211_key *key = tx->key; |
390 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); | 384 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); |
391 | int hdrlen, len, tail; | 385 | int hdrlen, len, tail; |
392 | u8 *pos, *pn; | 386 | u8 *pos; |
393 | int i; | 387 | u8 pn[6]; |
388 | u64 pn64; | ||
389 | u8 scratch[6 * AES_BLOCK_SIZE]; | ||
394 | 390 | ||
395 | if (info->control.hw_key && | 391 | if (info->control.hw_key && |
396 | !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) { | 392 | !(info->control.hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV)) { |
@@ -418,14 +414,14 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) | |||
418 | hdr = (struct ieee80211_hdr *) pos; | 414 | hdr = (struct ieee80211_hdr *) pos; |
419 | pos += hdrlen; | 415 | pos += hdrlen; |
420 | 416 | ||
421 | /* PN = PN + 1 */ | 417 | pn64 = atomic64_inc_return(&key->u.ccmp.tx_pn); |
422 | pn = key->u.ccmp.tx_pn; | ||
423 | 418 | ||
424 | for (i = CCMP_PN_LEN - 1; i >= 0; i--) { | 419 | pn[5] = pn64; |
425 | pn[i]++; | 420 | pn[4] = pn64 >> 8; |
426 | if (pn[i]) | 421 | pn[3] = pn64 >> 16; |
427 | break; | 422 | pn[2] = pn64 >> 24; |
428 | } | 423 | pn[1] = pn64 >> 32; |
424 | pn[0] = pn64 >> 40; | ||
429 | 425 | ||
430 | ccmp_pn2hdr(pos, pn, key->conf.keyidx); | 426 | ccmp_pn2hdr(pos, pn, key->conf.keyidx); |
431 | 427 | ||
@@ -434,8 +430,8 @@ static int ccmp_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) | |||
434 | return 0; | 430 | return 0; |
435 | 431 | ||
436 | pos += CCMP_HDR_LEN; | 432 | pos += CCMP_HDR_LEN; |
437 | ccmp_special_blocks(skb, pn, key->u.ccmp.tx_crypto_buf, 0); | 433 | ccmp_special_blocks(skb, pn, scratch, 0); |
438 | ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, key->u.ccmp.tx_crypto_buf, pos, len, | 434 | ieee80211_aes_ccm_encrypt(key->u.ccmp.tfm, scratch, pos, len, |
439 | pos, skb_put(skb, CCMP_MIC_LEN)); | 435 | pos, skb_put(skb, CCMP_MIC_LEN)); |
440 | 436 | ||
441 | return 0; | 437 | return 0; |
@@ -482,8 +478,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) | |||
482 | 478 | ||
483 | ccmp_hdr2pn(pn, skb->data + hdrlen); | 479 | ccmp_hdr2pn(pn, skb->data + hdrlen); |
484 | 480 | ||
485 | queue = ieee80211_is_mgmt(hdr->frame_control) ? | 481 | queue = rx->security_idx; |
486 | NUM_RX_DATA_QUEUES : rx->queue; | ||
487 | 482 | ||
488 | if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) { | 483 | if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) { |
489 | key->u.ccmp.replays++; | 484 | key->u.ccmp.replays++; |
@@ -491,11 +486,12 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) | |||
491 | } | 486 | } |
492 | 487 | ||
493 | if (!(status->flag & RX_FLAG_DECRYPTED)) { | 488 | if (!(status->flag & RX_FLAG_DECRYPTED)) { |
489 | u8 scratch[6 * AES_BLOCK_SIZE]; | ||
494 | /* hardware didn't decrypt/verify MIC */ | 490 | /* hardware didn't decrypt/verify MIC */ |
495 | ccmp_special_blocks(skb, pn, key->u.ccmp.rx_crypto_buf, 1); | 491 | ccmp_special_blocks(skb, pn, scratch, 1); |
496 | 492 | ||
497 | if (ieee80211_aes_ccm_decrypt( | 493 | if (ieee80211_aes_ccm_decrypt( |
498 | key->u.ccmp.tfm, key->u.ccmp.rx_crypto_buf, | 494 | key->u.ccmp.tfm, scratch, |
499 | skb->data + hdrlen + CCMP_HDR_LEN, data_len, | 495 | skb->data + hdrlen + CCMP_HDR_LEN, data_len, |
500 | skb->data + skb->len - CCMP_MIC_LEN, | 496 | skb->data + skb->len - CCMP_MIC_LEN, |
501 | skb->data + hdrlen + CCMP_HDR_LEN)) | 497 | skb->data + hdrlen + CCMP_HDR_LEN)) |
@@ -526,6 +522,16 @@ static void bip_aad(struct sk_buff *skb, u8 *aad) | |||
526 | } | 522 | } |
527 | 523 | ||
528 | 524 | ||
525 | static inline void bip_ipn_set64(u8 *d, u64 pn) | ||
526 | { | ||
527 | *d++ = pn; | ||
528 | *d++ = pn >> 8; | ||
529 | *d++ = pn >> 16; | ||
530 | *d++ = pn >> 24; | ||
531 | *d++ = pn >> 32; | ||
532 | *d = pn >> 40; | ||
533 | } | ||
534 | |||
529 | static inline void bip_ipn_swap(u8 *d, const u8 *s) | 535 | static inline void bip_ipn_swap(u8 *d, const u8 *s) |
530 | { | 536 | { |
531 | *d++ = s[5]; | 537 | *d++ = s[5]; |
@@ -544,8 +550,8 @@ ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) | |||
544 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); | 550 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); |
545 | struct ieee80211_key *key = tx->key; | 551 | struct ieee80211_key *key = tx->key; |
546 | struct ieee80211_mmie *mmie; | 552 | struct ieee80211_mmie *mmie; |
547 | u8 *pn, aad[20]; | 553 | u8 aad[20]; |
548 | int i; | 554 | u64 pn64; |
549 | 555 | ||
550 | if (info->control.hw_key) | 556 | if (info->control.hw_key) |
551 | return 0; | 557 | return 0; |
@@ -559,22 +565,17 @@ ieee80211_crypto_aes_cmac_encrypt(struct ieee80211_tx_data *tx) | |||
559 | mmie->key_id = cpu_to_le16(key->conf.keyidx); | 565 | mmie->key_id = cpu_to_le16(key->conf.keyidx); |
560 | 566 | ||
561 | /* PN = PN + 1 */ | 567 | /* PN = PN + 1 */ |
562 | pn = key->u.aes_cmac.tx_pn; | 568 | pn64 = atomic64_inc_return(&key->u.aes_cmac.tx_pn); |
563 | 569 | ||
564 | for (i = sizeof(key->u.aes_cmac.tx_pn) - 1; i >= 0; i--) { | 570 | bip_ipn_set64(mmie->sequence_number, pn64); |
565 | pn[i]++; | ||
566 | if (pn[i]) | ||
567 | break; | ||
568 | } | ||
569 | bip_ipn_swap(mmie->sequence_number, pn); | ||
570 | 571 | ||
571 | bip_aad(skb, aad); | 572 | bip_aad(skb, aad); |
572 | 573 | ||
573 | /* | 574 | /* |
574 | * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) | 575 | * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) |
575 | */ | 576 | */ |
576 | ieee80211_aes_cmac(key->u.aes_cmac.tfm, key->u.aes_cmac.tx_crypto_buf, | 577 | ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, |
577 | aad, skb->data + 24, skb->len - 24, mmie->mic); | 578 | skb->data + 24, skb->len - 24, mmie->mic); |
578 | 579 | ||
579 | return TX_CONTINUE; | 580 | return TX_CONTINUE; |
580 | } | 581 | } |
@@ -612,8 +613,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) | |||
612 | if (!(status->flag & RX_FLAG_DECRYPTED)) { | 613 | if (!(status->flag & RX_FLAG_DECRYPTED)) { |
613 | /* hardware didn't decrypt/verify MIC */ | 614 | /* hardware didn't decrypt/verify MIC */ |
614 | bip_aad(skb, aad); | 615 | bip_aad(skb, aad); |
615 | ieee80211_aes_cmac(key->u.aes_cmac.tfm, | 616 | ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad, |
616 | key->u.aes_cmac.rx_crypto_buf, aad, | ||
617 | skb->data + 24, skb->len - 24, mic); | 617 | skb->data + 24, skb->len - 24, mic); |
618 | if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { | 618 | if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) { |
619 | key->u.aes_cmac.icverrors++; | 619 | key->u.aes_cmac.icverrors++; |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 6ef64adf7362..a7ec8512f552 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -1693,6 +1693,8 @@ static int netlink_dump(struct sock *sk) | |||
1693 | if (!nlh) | 1693 | if (!nlh) |
1694 | goto errout_skb; | 1694 | goto errout_skb; |
1695 | 1695 | ||
1696 | nl_dump_check_consistent(cb, nlh); | ||
1697 | |||
1696 | memcpy(nlmsg_data(nlh), &len, sizeof(len)); | 1698 | memcpy(nlmsg_data(nlh), &len, sizeof(len)); |
1697 | 1699 | ||
1698 | if (sk_filter(sk, skb)) | 1700 | if (sk_filter(sk, skb)) |
diff --git a/net/nfc/Kconfig b/net/nfc/Kconfig new file mode 100644 index 000000000000..33e095b124b3 --- /dev/null +++ b/net/nfc/Kconfig | |||
@@ -0,0 +1,16 @@ | |||
1 | # | ||
2 | # NFC sybsystem configuration | ||
3 | # | ||
4 | |||
5 | menuconfig NFC | ||
6 | depends on NET && EXPERIMENTAL | ||
7 | tristate "NFC subsystem support (EXPERIMENTAL)" | ||
8 | default n | ||
9 | help | ||
10 | Say Y here if you want to build support for NFC (Near field | ||
11 | communication) devices. | ||
12 | |||
13 | To compile this support as a module, choose M here: the module will | ||
14 | be called nfc. | ||
15 | |||
16 | source "drivers/nfc/Kconfig" | ||
diff --git a/net/nfc/Makefile b/net/nfc/Makefile new file mode 100644 index 000000000000..16250c353851 --- /dev/null +++ b/net/nfc/Makefile | |||
@@ -0,0 +1,7 @@ | |||
1 | # | ||
2 | # Makefile for the Linux NFC subsystem. | ||
3 | # | ||
4 | |||
5 | obj-$(CONFIG_NFC) += nfc.o | ||
6 | |||
7 | nfc-objs := core.o netlink.o af_nfc.o rawsock.o | ||
diff --git a/net/nfc/af_nfc.c b/net/nfc/af_nfc.c new file mode 100644 index 000000000000..e982cef8f49d --- /dev/null +++ b/net/nfc/af_nfc.c | |||
@@ -0,0 +1,98 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia | ||
3 | * | ||
4 | * Authors: | ||
5 | * Aloisio Almeida Jr <aloisio.almeida@openbossa.org> | ||
6 | * Lauro Ramos Venancio <lauro.venancio@openbossa.org> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or modify | ||
9 | * it under the terms of the GNU General Public License as published by | ||
10 | * the Free Software Foundation; either version 2 of the License, or | ||
11 | * (at your option) any later version. | ||
12 | * | ||
13 | * This program is distributed in the hope that it will be useful, | ||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | * GNU General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with this program; if not, write to the | ||
20 | * Free Software Foundation, Inc., | ||
21 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
22 | */ | ||
23 | |||
24 | #include <linux/nfc.h> | ||
25 | |||
26 | #include "nfc.h" | ||
27 | |||
28 | static DEFINE_RWLOCK(proto_tab_lock); | ||
29 | static const struct nfc_protocol *proto_tab[NFC_SOCKPROTO_MAX]; | ||
30 | |||
31 | static int nfc_sock_create(struct net *net, struct socket *sock, int proto, | ||
32 | int kern) | ||
33 | { | ||
34 | int rc = -EPROTONOSUPPORT; | ||
35 | |||
36 | if (net != &init_net) | ||
37 | return -EAFNOSUPPORT; | ||
38 | |||
39 | if (proto < 0 || proto >= NFC_SOCKPROTO_MAX) | ||
40 | return -EINVAL; | ||
41 | |||
42 | read_lock(&proto_tab_lock); | ||
43 | if (proto_tab[proto] && try_module_get(proto_tab[proto]->owner)) { | ||
44 | rc = proto_tab[proto]->create(net, sock, proto_tab[proto]); | ||
45 | module_put(proto_tab[proto]->owner); | ||
46 | } | ||
47 | read_unlock(&proto_tab_lock); | ||
48 | |||
49 | return rc; | ||
50 | } | ||
51 | |||
52 | static struct net_proto_family nfc_sock_family_ops = { | ||
53 | .owner = THIS_MODULE, | ||
54 | .family = PF_NFC, | ||
55 | .create = nfc_sock_create, | ||
56 | }; | ||
57 | |||
58 | int nfc_proto_register(const struct nfc_protocol *nfc_proto) | ||
59 | { | ||
60 | int rc; | ||
61 | |||
62 | if (nfc_proto->id < 0 || nfc_proto->id >= NFC_SOCKPROTO_MAX) | ||
63 | return -EINVAL; | ||
64 | |||
65 | rc = proto_register(nfc_proto->proto, 0); | ||
66 | if (rc) | ||
67 | return rc; | ||
68 | |||
69 | write_lock(&proto_tab_lock); | ||
70 | if (proto_tab[nfc_proto->id]) | ||
71 | rc = -EBUSY; | ||
72 | else | ||
73 | proto_tab[nfc_proto->id] = nfc_proto; | ||
74 | write_unlock(&proto_tab_lock); | ||
75 | |||
76 | return rc; | ||
77 | } | ||
78 | EXPORT_SYMBOL(nfc_proto_register); | ||
79 | |||
80 | void nfc_proto_unregister(const struct nfc_protocol *nfc_proto) | ||
81 | { | ||
82 | write_lock(&proto_tab_lock); | ||
83 | proto_tab[nfc_proto->id] = NULL; | ||
84 | write_unlock(&proto_tab_lock); | ||
85 | |||
86 | proto_unregister(nfc_proto->proto); | ||
87 | } | ||
88 | EXPORT_SYMBOL(nfc_proto_unregister); | ||
89 | |||
90 | int __init af_nfc_init(void) | ||
91 | { | ||
92 | return sock_register(&nfc_sock_family_ops); | ||
93 | } | ||
94 | |||
95 | void af_nfc_exit(void) | ||
96 | { | ||
97 | sock_unregister(PF_NFC); | ||
98 | } | ||
diff --git a/net/nfc/core.c b/net/nfc/core.c new file mode 100644 index 000000000000..b6fd4e1f2057 --- /dev/null +++ b/net/nfc/core.c | |||
@@ -0,0 +1,468 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia | ||
3 | * | ||
4 | * Authors: | ||
5 | * Lauro Ramos Venancio <lauro.venancio@openbossa.org> | ||
6 | * Aloisio Almeida Jr <aloisio.almeida@openbossa.org> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or modify | ||
9 | * it under the terms of the GNU General Public License as published by | ||
10 | * the Free Software Foundation; either version 2 of the License, or | ||
11 | * (at your option) any later version. | ||
12 | * | ||
13 | * This program is distributed in the hope that it will be useful, | ||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | * GNU General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with this program; if not, write to the | ||
20 | * Free Software Foundation, Inc., | ||
21 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
22 | */ | ||
23 | |||
24 | #include <linux/init.h> | ||
25 | #include <linux/kernel.h> | ||
26 | #include <linux/module.h> | ||
27 | #include <linux/slab.h> | ||
28 | |||
29 | #include "nfc.h" | ||
30 | |||
31 | #define VERSION "0.1" | ||
32 | |||
33 | int nfc_devlist_generation; | ||
34 | DEFINE_MUTEX(nfc_devlist_mutex); | ||
35 | |||
36 | int nfc_printk(const char *level, const char *format, ...) | ||
37 | { | ||
38 | struct va_format vaf; | ||
39 | va_list args; | ||
40 | int r; | ||
41 | |||
42 | va_start(args, format); | ||
43 | |||
44 | vaf.fmt = format; | ||
45 | vaf.va = &args; | ||
46 | |||
47 | r = printk("%sNFC: %pV\n", level, &vaf); | ||
48 | |||
49 | va_end(args); | ||
50 | |||
51 | return r; | ||
52 | } | ||
53 | EXPORT_SYMBOL(nfc_printk); | ||
54 | |||
55 | /** | ||
56 | * nfc_start_poll - start polling for nfc targets | ||
57 | * | ||
58 | * @dev: The nfc device that must start polling | ||
59 | * @protocols: bitset of nfc protocols that must be used for polling | ||
60 | * | ||
61 | * The device remains polling for targets until a target is found or | ||
62 | * the nfc_stop_poll function is called. | ||
63 | */ | ||
64 | int nfc_start_poll(struct nfc_dev *dev, u32 protocols) | ||
65 | { | ||
66 | int rc; | ||
67 | |||
68 | nfc_dbg("dev_name=%s protocols=0x%x", dev_name(&dev->dev), protocols); | ||
69 | |||
70 | if (!protocols) | ||
71 | return -EINVAL; | ||
72 | |||
73 | device_lock(&dev->dev); | ||
74 | |||
75 | if (!device_is_registered(&dev->dev)) { | ||
76 | rc = -ENODEV; | ||
77 | goto error; | ||
78 | } | ||
79 | |||
80 | if (dev->polling) { | ||
81 | rc = -EBUSY; | ||
82 | goto error; | ||
83 | } | ||
84 | |||
85 | rc = dev->ops->start_poll(dev, protocols); | ||
86 | if (!rc) | ||
87 | dev->polling = true; | ||
88 | |||
89 | error: | ||
90 | device_unlock(&dev->dev); | ||
91 | return rc; | ||
92 | } | ||
93 | |||
94 | /** | ||
95 | * nfc_stop_poll - stop polling for nfc targets | ||
96 | * | ||
97 | * @dev: The nfc device that must stop polling | ||
98 | */ | ||
99 | int nfc_stop_poll(struct nfc_dev *dev) | ||
100 | { | ||
101 | int rc = 0; | ||
102 | |||
103 | nfc_dbg("dev_name=%s", dev_name(&dev->dev)); | ||
104 | |||
105 | device_lock(&dev->dev); | ||
106 | |||
107 | if (!device_is_registered(&dev->dev)) { | ||
108 | rc = -ENODEV; | ||
109 | goto error; | ||
110 | } | ||
111 | |||
112 | if (!dev->polling) { | ||
113 | rc = -EINVAL; | ||
114 | goto error; | ||
115 | } | ||
116 | |||
117 | dev->ops->stop_poll(dev); | ||
118 | dev->polling = false; | ||
119 | |||
120 | error: | ||
121 | device_unlock(&dev->dev); | ||
122 | return rc; | ||
123 | } | ||
124 | |||
125 | /** | ||
126 | * nfc_activate_target - prepare the target for data exchange | ||
127 | * | ||
128 | * @dev: The nfc device that found the target | ||
129 | * @target_idx: index of the target that must be activated | ||
130 | * @protocol: nfc protocol that will be used for data exchange | ||
131 | */ | ||
132 | int nfc_activate_target(struct nfc_dev *dev, u32 target_idx, u32 protocol) | ||
133 | { | ||
134 | int rc; | ||
135 | |||
136 | nfc_dbg("dev_name=%s target_idx=%u protocol=%u", dev_name(&dev->dev), | ||
137 | target_idx, protocol); | ||
138 | |||
139 | device_lock(&dev->dev); | ||
140 | |||
141 | if (!device_is_registered(&dev->dev)) { | ||
142 | rc = -ENODEV; | ||
143 | goto error; | ||
144 | } | ||
145 | |||
146 | rc = dev->ops->activate_target(dev, target_idx, protocol); | ||
147 | |||
148 | error: | ||
149 | device_unlock(&dev->dev); | ||
150 | return rc; | ||
151 | } | ||
152 | |||
153 | /** | ||
154 | * nfc_deactivate_target - deactivate a nfc target | ||
155 | * | ||
156 | * @dev: The nfc device that found the target | ||
157 | * @target_idx: index of the target that must be deactivated | ||
158 | */ | ||
159 | int nfc_deactivate_target(struct nfc_dev *dev, u32 target_idx) | ||
160 | { | ||
161 | int rc = 0; | ||
162 | |||
163 | nfc_dbg("dev_name=%s target_idx=%u", dev_name(&dev->dev), target_idx); | ||
164 | |||
165 | device_lock(&dev->dev); | ||
166 | |||
167 | if (!device_is_registered(&dev->dev)) { | ||
168 | rc = -ENODEV; | ||
169 | goto error; | ||
170 | } | ||
171 | |||
172 | dev->ops->deactivate_target(dev, target_idx); | ||
173 | |||
174 | error: | ||
175 | device_unlock(&dev->dev); | ||
176 | return rc; | ||
177 | } | ||
178 | |||
179 | /** | ||
180 | * nfc_data_exchange - transceive data | ||
181 | * | ||
182 | * @dev: The nfc device that found the target | ||
183 | * @target_idx: index of the target | ||
184 | * @skb: data to be sent | ||
185 | * @cb: callback called when the response is received | ||
186 | * @cb_context: parameter for the callback function | ||
187 | * | ||
188 | * The user must wait for the callback before calling this function again. | ||
189 | */ | ||
190 | int nfc_data_exchange(struct nfc_dev *dev, u32 target_idx, | ||
191 | struct sk_buff *skb, | ||
192 | data_exchange_cb_t cb, | ||
193 | void *cb_context) | ||
194 | { | ||
195 | int rc; | ||
196 | |||
197 | nfc_dbg("dev_name=%s target_idx=%u skb->len=%u", dev_name(&dev->dev), | ||
198 | target_idx, skb->len); | ||
199 | |||
200 | device_lock(&dev->dev); | ||
201 | |||
202 | if (!device_is_registered(&dev->dev)) { | ||
203 | rc = -ENODEV; | ||
204 | kfree_skb(skb); | ||
205 | goto error; | ||
206 | } | ||
207 | |||
208 | rc = dev->ops->data_exchange(dev, target_idx, skb, cb, cb_context); | ||
209 | |||
210 | error: | ||
211 | device_unlock(&dev->dev); | ||
212 | return rc; | ||
213 | } | ||
214 | |||
215 | /** | ||
216 | * nfc_alloc_skb - allocate a skb for data exchange responses | ||
217 | * | ||
218 | * @size: size to allocate | ||
219 | * @gfp: gfp flags | ||
220 | */ | ||
221 | struct sk_buff *nfc_alloc_skb(unsigned int size, gfp_t gfp) | ||
222 | { | ||
223 | struct sk_buff *skb; | ||
224 | unsigned int total_size; | ||
225 | |||
226 | total_size = size + 1; | ||
227 | skb = alloc_skb(total_size, gfp); | ||
228 | |||
229 | if (skb) | ||
230 | skb_reserve(skb, 1); | ||
231 | |||
232 | return skb; | ||
233 | } | ||
234 | EXPORT_SYMBOL(nfc_alloc_skb); | ||
235 | |||
236 | /** | ||
237 | * nfc_targets_found - inform that targets were found | ||
238 | * | ||
239 | * @dev: The nfc device that found the targets | ||
240 | * @targets: array of nfc targets found | ||
241 | * @ntargets: targets array size | ||
242 | * | ||
243 | * The device driver must call this function when one or many nfc targets | ||
244 | * are found. After calling this function, the device driver must stop | ||
245 | * polling for targets. | ||
246 | */ | ||
247 | int nfc_targets_found(struct nfc_dev *dev, struct nfc_target *targets, | ||
248 | int n_targets) | ||
249 | { | ||
250 | int i; | ||
251 | |||
252 | nfc_dbg("dev_name=%s n_targets=%d", dev_name(&dev->dev), n_targets); | ||
253 | |||
254 | dev->polling = false; | ||
255 | |||
256 | for (i = 0; i < n_targets; i++) | ||
257 | targets[i].idx = dev->target_idx++; | ||
258 | |||
259 | spin_lock_bh(&dev->targets_lock); | ||
260 | |||
261 | dev->targets_generation++; | ||
262 | |||
263 | kfree(dev->targets); | ||
264 | dev->targets = kmemdup(targets, n_targets * sizeof(struct nfc_target), | ||
265 | GFP_ATOMIC); | ||
266 | |||
267 | if (!dev->targets) { | ||
268 | dev->n_targets = 0; | ||
269 | spin_unlock_bh(&dev->targets_lock); | ||
270 | return -ENOMEM; | ||
271 | } | ||
272 | |||
273 | dev->n_targets = n_targets; | ||
274 | spin_unlock_bh(&dev->targets_lock); | ||
275 | |||
276 | nfc_genl_targets_found(dev); | ||
277 | |||
278 | return 0; | ||
279 | } | ||
280 | EXPORT_SYMBOL(nfc_targets_found); | ||
281 | |||
282 | static void nfc_release(struct device *d) | ||
283 | { | ||
284 | struct nfc_dev *dev = to_nfc_dev(d); | ||
285 | |||
286 | nfc_dbg("dev_name=%s", dev_name(&dev->dev)); | ||
287 | |||
288 | nfc_genl_data_exit(&dev->genl_data); | ||
289 | kfree(dev->targets); | ||
290 | kfree(dev); | ||
291 | } | ||
292 | |||
293 | struct class nfc_class = { | ||
294 | .name = "nfc", | ||
295 | .dev_release = nfc_release, | ||
296 | }; | ||
297 | EXPORT_SYMBOL(nfc_class); | ||
298 | |||
299 | static int match_idx(struct device *d, void *data) | ||
300 | { | ||
301 | struct nfc_dev *dev = to_nfc_dev(d); | ||
302 | unsigned *idx = data; | ||
303 | |||
304 | return dev->idx == *idx; | ||
305 | } | ||
306 | |||
307 | struct nfc_dev *nfc_get_device(unsigned idx) | ||
308 | { | ||
309 | struct device *d; | ||
310 | |||
311 | d = class_find_device(&nfc_class, NULL, &idx, match_idx); | ||
312 | if (!d) | ||
313 | return NULL; | ||
314 | |||
315 | return to_nfc_dev(d); | ||
316 | } | ||
317 | |||
318 | /** | ||
319 | * nfc_allocate_device - allocate a new nfc device | ||
320 | * | ||
321 | * @ops: device operations | ||
322 | * @supported_protocols: NFC protocols supported by the device | ||
323 | */ | ||
324 | struct nfc_dev *nfc_allocate_device(struct nfc_ops *ops, | ||
325 | u32 supported_protocols) | ||
326 | { | ||
327 | static atomic_t dev_no = ATOMIC_INIT(0); | ||
328 | struct nfc_dev *dev; | ||
329 | |||
330 | if (!ops->start_poll || !ops->stop_poll || !ops->activate_target || | ||
331 | !ops->deactivate_target || !ops->data_exchange) | ||
332 | return NULL; | ||
333 | |||
334 | if (!supported_protocols) | ||
335 | return NULL; | ||
336 | |||
337 | dev = kzalloc(sizeof(struct nfc_dev), GFP_KERNEL); | ||
338 | if (!dev) | ||
339 | return NULL; | ||
340 | |||
341 | dev->dev.class = &nfc_class; | ||
342 | dev->idx = atomic_inc_return(&dev_no) - 1; | ||
343 | dev_set_name(&dev->dev, "nfc%d", dev->idx); | ||
344 | device_initialize(&dev->dev); | ||
345 | |||
346 | dev->ops = ops; | ||
347 | dev->supported_protocols = supported_protocols; | ||
348 | |||
349 | spin_lock_init(&dev->targets_lock); | ||
350 | nfc_genl_data_init(&dev->genl_data); | ||
351 | |||
352 | /* first generation must not be 0 */ | ||
353 | dev->targets_generation = 1; | ||
354 | |||
355 | return dev; | ||
356 | } | ||
357 | EXPORT_SYMBOL(nfc_allocate_device); | ||
358 | |||
359 | /** | ||
360 | * nfc_register_device - register a nfc device in the nfc subsystem | ||
361 | * | ||
362 | * @dev: The nfc device to register | ||
363 | */ | ||
364 | int nfc_register_device(struct nfc_dev *dev) | ||
365 | { | ||
366 | int rc; | ||
367 | |||
368 | nfc_dbg("dev_name=%s", dev_name(&dev->dev)); | ||
369 | |||
370 | mutex_lock(&nfc_devlist_mutex); | ||
371 | nfc_devlist_generation++; | ||
372 | rc = device_add(&dev->dev); | ||
373 | mutex_unlock(&nfc_devlist_mutex); | ||
374 | |||
375 | if (rc < 0) | ||
376 | return rc; | ||
377 | |||
378 | rc = nfc_genl_device_added(dev); | ||
379 | if (rc) | ||
380 | nfc_dbg("The userspace won't be notified that the device %s was" | ||
381 | " added", dev_name(&dev->dev)); | ||
382 | |||
383 | |||
384 | return 0; | ||
385 | } | ||
386 | EXPORT_SYMBOL(nfc_register_device); | ||
387 | |||
388 | /** | ||
389 | * nfc_unregister_device - unregister a nfc device in the nfc subsystem | ||
390 | * | ||
391 | * @dev: The nfc device to unregister | ||
392 | */ | ||
393 | void nfc_unregister_device(struct nfc_dev *dev) | ||
394 | { | ||
395 | int rc; | ||
396 | |||
397 | nfc_dbg("dev_name=%s", dev_name(&dev->dev)); | ||
398 | |||
399 | mutex_lock(&nfc_devlist_mutex); | ||
400 | nfc_devlist_generation++; | ||
401 | |||
402 | /* lock to avoid unregistering a device while an operation | ||
403 | is in progress */ | ||
404 | device_lock(&dev->dev); | ||
405 | device_del(&dev->dev); | ||
406 | device_unlock(&dev->dev); | ||
407 | |||
408 | mutex_unlock(&nfc_devlist_mutex); | ||
409 | |||
410 | rc = nfc_genl_device_removed(dev); | ||
411 | if (rc) | ||
412 | nfc_dbg("The userspace won't be notified that the device %s" | ||
413 | " was removed", dev_name(&dev->dev)); | ||
414 | |||
415 | } | ||
416 | EXPORT_SYMBOL(nfc_unregister_device); | ||
417 | |||
418 | static int __init nfc_init(void) | ||
419 | { | ||
420 | int rc; | ||
421 | |||
422 | nfc_info("NFC Core ver %s", VERSION); | ||
423 | |||
424 | rc = class_register(&nfc_class); | ||
425 | if (rc) | ||
426 | return rc; | ||
427 | |||
428 | rc = nfc_genl_init(); | ||
429 | if (rc) | ||
430 | goto err_genl; | ||
431 | |||
432 | /* the first generation must not be 0 */ | ||
433 | nfc_devlist_generation = 1; | ||
434 | |||
435 | rc = rawsock_init(); | ||
436 | if (rc) | ||
437 | goto err_rawsock; | ||
438 | |||
439 | rc = af_nfc_init(); | ||
440 | if (rc) | ||
441 | goto err_af_nfc; | ||
442 | |||
443 | return 0; | ||
444 | |||
445 | err_af_nfc: | ||
446 | rawsock_exit(); | ||
447 | err_rawsock: | ||
448 | nfc_genl_exit(); | ||
449 | err_genl: | ||
450 | class_unregister(&nfc_class); | ||
451 | return rc; | ||
452 | } | ||
453 | |||
454 | static void __exit nfc_exit(void) | ||
455 | { | ||
456 | af_nfc_exit(); | ||
457 | rawsock_exit(); | ||
458 | nfc_genl_exit(); | ||
459 | class_unregister(&nfc_class); | ||
460 | } | ||
461 | |||
462 | subsys_initcall(nfc_init); | ||
463 | module_exit(nfc_exit); | ||
464 | |||
465 | MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>"); | ||
466 | MODULE_DESCRIPTION("NFC Core ver " VERSION); | ||
467 | MODULE_VERSION(VERSION); | ||
468 | MODULE_LICENSE("GPL"); | ||
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c new file mode 100644 index 000000000000..ccdff7953f7d --- /dev/null +++ b/net/nfc/netlink.c | |||
@@ -0,0 +1,537 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia | ||
3 | * | ||
4 | * Authors: | ||
5 | * Lauro Ramos Venancio <lauro.venancio@openbossa.org> | ||
6 | * Aloisio Almeida Jr <aloisio.almeida@openbossa.org> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or modify | ||
9 | * it under the terms of the GNU General Public License as published by | ||
10 | * the Free Software Foundation; either version 2 of the License, or | ||
11 | * (at your option) any later version. | ||
12 | * | ||
13 | * This program is distributed in the hope that it will be useful, | ||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | * GNU General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with this program; if not, write to the | ||
20 | * Free Software Foundation, Inc., | ||
21 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
22 | */ | ||
23 | |||
24 | #include <net/genetlink.h> | ||
25 | #include <linux/nfc.h> | ||
26 | #include <linux/slab.h> | ||
27 | |||
28 | #include "nfc.h" | ||
29 | |||
30 | static struct genl_multicast_group nfc_genl_event_mcgrp = { | ||
31 | .name = NFC_GENL_MCAST_EVENT_NAME, | ||
32 | }; | ||
33 | |||
34 | struct genl_family nfc_genl_family = { | ||
35 | .id = GENL_ID_GENERATE, | ||
36 | .hdrsize = 0, | ||
37 | .name = NFC_GENL_NAME, | ||
38 | .version = NFC_GENL_VERSION, | ||
39 | .maxattr = NFC_ATTR_MAX, | ||
40 | }; | ||
41 | |||
42 | static const struct nla_policy nfc_genl_policy[NFC_ATTR_MAX + 1] = { | ||
43 | [NFC_ATTR_DEVICE_INDEX] = { .type = NLA_U32 }, | ||
44 | [NFC_ATTR_DEVICE_NAME] = { .type = NLA_STRING, | ||
45 | .len = NFC_DEVICE_NAME_MAXSIZE }, | ||
46 | [NFC_ATTR_PROTOCOLS] = { .type = NLA_U32 }, | ||
47 | }; | ||
48 | |||
49 | static int nfc_genl_send_target(struct sk_buff *msg, struct nfc_target *target, | ||
50 | struct netlink_callback *cb, int flags) | ||
51 | { | ||
52 | void *hdr; | ||
53 | |||
54 | nfc_dbg("entry"); | ||
55 | |||
56 | hdr = genlmsg_put(msg, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, | ||
57 | &nfc_genl_family, flags, NFC_CMD_GET_TARGET); | ||
58 | if (!hdr) | ||
59 | return -EMSGSIZE; | ||
60 | |||
61 | genl_dump_check_consistent(cb, hdr, &nfc_genl_family); | ||
62 | |||
63 | NLA_PUT_U32(msg, NFC_ATTR_TARGET_INDEX, target->idx); | ||
64 | NLA_PUT_U32(msg, NFC_ATTR_PROTOCOLS, | ||
65 | target->supported_protocols); | ||
66 | NLA_PUT_U16(msg, NFC_ATTR_TARGET_SENS_RES, target->sens_res); | ||
67 | NLA_PUT_U8(msg, NFC_ATTR_TARGET_SEL_RES, target->sel_res); | ||
68 | |||
69 | return genlmsg_end(msg, hdr); | ||
70 | |||
71 | nla_put_failure: | ||
72 | genlmsg_cancel(msg, hdr); | ||
73 | return -EMSGSIZE; | ||
74 | } | ||
75 | |||
76 | static struct nfc_dev *__get_device_from_cb(struct netlink_callback *cb) | ||
77 | { | ||
78 | struct nfc_dev *dev; | ||
79 | int rc; | ||
80 | u32 idx; | ||
81 | |||
82 | rc = nlmsg_parse(cb->nlh, GENL_HDRLEN + nfc_genl_family.hdrsize, | ||
83 | nfc_genl_family.attrbuf, | ||
84 | nfc_genl_family.maxattr, | ||
85 | nfc_genl_policy); | ||
86 | if (rc < 0) | ||
87 | return ERR_PTR(rc); | ||
88 | |||
89 | if (!nfc_genl_family.attrbuf[NFC_ATTR_DEVICE_INDEX]) | ||
90 | return ERR_PTR(-EINVAL); | ||
91 | |||
92 | idx = nla_get_u32(nfc_genl_family.attrbuf[NFC_ATTR_DEVICE_INDEX]); | ||
93 | |||
94 | dev = nfc_get_device(idx); | ||
95 | if (!dev) | ||
96 | return ERR_PTR(-ENODEV); | ||
97 | |||
98 | return dev; | ||
99 | } | ||
100 | |||
101 | static int nfc_genl_dump_targets(struct sk_buff *skb, | ||
102 | struct netlink_callback *cb) | ||
103 | { | ||
104 | int i = cb->args[0]; | ||
105 | struct nfc_dev *dev = (struct nfc_dev *) cb->args[1]; | ||
106 | int rc; | ||
107 | |||
108 | nfc_dbg("entry"); | ||
109 | |||
110 | if (!dev) { | ||
111 | dev = __get_device_from_cb(cb); | ||
112 | if (IS_ERR(dev)) | ||
113 | return PTR_ERR(dev); | ||
114 | |||
115 | cb->args[1] = (long) dev; | ||
116 | } | ||
117 | |||
118 | spin_lock_bh(&dev->targets_lock); | ||
119 | |||
120 | cb->seq = dev->targets_generation; | ||
121 | |||
122 | while (i < dev->n_targets) { | ||
123 | rc = nfc_genl_send_target(skb, &dev->targets[i], cb, | ||
124 | NLM_F_MULTI); | ||
125 | if (rc < 0) | ||
126 | break; | ||
127 | |||
128 | i++; | ||
129 | } | ||
130 | |||
131 | spin_unlock_bh(&dev->targets_lock); | ||
132 | |||
133 | cb->args[0] = i; | ||
134 | |||
135 | return skb->len; | ||
136 | } | ||
137 | |||
138 | static int nfc_genl_dump_targets_done(struct netlink_callback *cb) | ||
139 | { | ||
140 | struct nfc_dev *dev = (struct nfc_dev *) cb->args[1]; | ||
141 | |||
142 | nfc_dbg("entry"); | ||
143 | |||
144 | if (dev) | ||
145 | nfc_put_device(dev); | ||
146 | |||
147 | return 0; | ||
148 | } | ||
149 | |||
150 | int nfc_genl_targets_found(struct nfc_dev *dev) | ||
151 | { | ||
152 | struct sk_buff *msg; | ||
153 | void *hdr; | ||
154 | |||
155 | nfc_dbg("entry"); | ||
156 | |||
157 | dev->genl_data.poll_req_pid = 0; | ||
158 | |||
159 | msg = nlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC); | ||
160 | if (!msg) | ||
161 | return -ENOMEM; | ||
162 | |||
163 | hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0, | ||
164 | NFC_EVENT_TARGETS_FOUND); | ||
165 | if (!hdr) | ||
166 | goto free_msg; | ||
167 | |||
168 | NLA_PUT_U32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx); | ||
169 | |||
170 | genlmsg_end(msg, hdr); | ||
171 | |||
172 | return genlmsg_multicast(msg, 0, nfc_genl_event_mcgrp.id, GFP_ATOMIC); | ||
173 | |||
174 | nla_put_failure: | ||
175 | genlmsg_cancel(msg, hdr); | ||
176 | free_msg: | ||
177 | nlmsg_free(msg); | ||
178 | return -EMSGSIZE; | ||
179 | } | ||
180 | |||
181 | int nfc_genl_device_added(struct nfc_dev *dev) | ||
182 | { | ||
183 | struct sk_buff *msg; | ||
184 | void *hdr; | ||
185 | |||
186 | nfc_dbg("entry"); | ||
187 | |||
188 | msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); | ||
189 | if (!msg) | ||
190 | return -ENOMEM; | ||
191 | |||
192 | hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0, | ||
193 | NFC_EVENT_DEVICE_ADDED); | ||
194 | if (!hdr) | ||
195 | goto free_msg; | ||
196 | |||
197 | NLA_PUT_STRING(msg, NFC_ATTR_DEVICE_NAME, nfc_device_name(dev)); | ||
198 | NLA_PUT_U32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx); | ||
199 | NLA_PUT_U32(msg, NFC_ATTR_PROTOCOLS, dev->supported_protocols); | ||
200 | |||
201 | genlmsg_end(msg, hdr); | ||
202 | |||
203 | genlmsg_multicast(msg, 0, nfc_genl_event_mcgrp.id, GFP_KERNEL); | ||
204 | |||
205 | return 0; | ||
206 | |||
207 | nla_put_failure: | ||
208 | genlmsg_cancel(msg, hdr); | ||
209 | free_msg: | ||
210 | nlmsg_free(msg); | ||
211 | return -EMSGSIZE; | ||
212 | } | ||
213 | |||
214 | int nfc_genl_device_removed(struct nfc_dev *dev) | ||
215 | { | ||
216 | struct sk_buff *msg; | ||
217 | void *hdr; | ||
218 | |||
219 | nfc_dbg("entry"); | ||
220 | |||
221 | msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); | ||
222 | if (!msg) | ||
223 | return -ENOMEM; | ||
224 | |||
225 | hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0, | ||
226 | NFC_EVENT_DEVICE_REMOVED); | ||
227 | if (!hdr) | ||
228 | goto free_msg; | ||
229 | |||
230 | NLA_PUT_U32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx); | ||
231 | |||
232 | genlmsg_end(msg, hdr); | ||
233 | |||
234 | genlmsg_multicast(msg, 0, nfc_genl_event_mcgrp.id, GFP_KERNEL); | ||
235 | |||
236 | return 0; | ||
237 | |||
238 | nla_put_failure: | ||
239 | genlmsg_cancel(msg, hdr); | ||
240 | free_msg: | ||
241 | nlmsg_free(msg); | ||
242 | return -EMSGSIZE; | ||
243 | } | ||
244 | |||
245 | static int nfc_genl_send_device(struct sk_buff *msg, struct nfc_dev *dev, | ||
246 | u32 pid, u32 seq, | ||
247 | struct netlink_callback *cb, | ||
248 | int flags) | ||
249 | { | ||
250 | void *hdr; | ||
251 | |||
252 | nfc_dbg("entry"); | ||
253 | |||
254 | hdr = genlmsg_put(msg, pid, seq, &nfc_genl_family, flags, | ||
255 | NFC_CMD_GET_DEVICE); | ||
256 | if (!hdr) | ||
257 | return -EMSGSIZE; | ||
258 | |||
259 | if (cb) | ||
260 | genl_dump_check_consistent(cb, hdr, &nfc_genl_family); | ||
261 | |||
262 | NLA_PUT_STRING(msg, NFC_ATTR_DEVICE_NAME, nfc_device_name(dev)); | ||
263 | NLA_PUT_U32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx); | ||
264 | NLA_PUT_U32(msg, NFC_ATTR_PROTOCOLS, dev->supported_protocols); | ||
265 | |||
266 | return genlmsg_end(msg, hdr); | ||
267 | |||
268 | nla_put_failure: | ||
269 | genlmsg_cancel(msg, hdr); | ||
270 | return -EMSGSIZE; | ||
271 | } | ||
272 | |||
273 | static int nfc_genl_dump_devices(struct sk_buff *skb, | ||
274 | struct netlink_callback *cb) | ||
275 | { | ||
276 | struct class_dev_iter *iter = (struct class_dev_iter *) cb->args[0]; | ||
277 | struct nfc_dev *dev = (struct nfc_dev *) cb->args[1]; | ||
278 | bool first_call = false; | ||
279 | |||
280 | nfc_dbg("entry"); | ||
281 | |||
282 | if (!iter) { | ||
283 | first_call = true; | ||
284 | iter = kmalloc(sizeof(struct class_dev_iter), GFP_KERNEL); | ||
285 | if (!iter) | ||
286 | return -ENOMEM; | ||
287 | cb->args[0] = (long) iter; | ||
288 | } | ||
289 | |||
290 | mutex_lock(&nfc_devlist_mutex); | ||
291 | |||
292 | cb->seq = nfc_devlist_generation; | ||
293 | |||
294 | if (first_call) { | ||
295 | nfc_device_iter_init(iter); | ||
296 | dev = nfc_device_iter_next(iter); | ||
297 | } | ||
298 | |||
299 | while (dev) { | ||
300 | int rc; | ||
301 | |||
302 | rc = nfc_genl_send_device(skb, dev, NETLINK_CB(cb->skb).pid, | ||
303 | cb->nlh->nlmsg_seq, | ||
304 | cb, NLM_F_MULTI); | ||
305 | if (rc < 0) | ||
306 | break; | ||
307 | |||
308 | dev = nfc_device_iter_next(iter); | ||
309 | } | ||
310 | |||
311 | mutex_unlock(&nfc_devlist_mutex); | ||
312 | |||
313 | cb->args[1] = (long) dev; | ||
314 | |||
315 | return skb->len; | ||
316 | } | ||
317 | |||
318 | static int nfc_genl_dump_devices_done(struct netlink_callback *cb) | ||
319 | { | ||
320 | struct class_dev_iter *iter = (struct class_dev_iter *) cb->args[0]; | ||
321 | |||
322 | nfc_dbg("entry"); | ||
323 | |||
324 | nfc_device_iter_exit(iter); | ||
325 | kfree(iter); | ||
326 | |||
327 | return 0; | ||
328 | } | ||
329 | |||
330 | static int nfc_genl_get_device(struct sk_buff *skb, struct genl_info *info) | ||
331 | { | ||
332 | struct sk_buff *msg; | ||
333 | struct nfc_dev *dev; | ||
334 | u32 idx; | ||
335 | int rc = -ENOBUFS; | ||
336 | |||
337 | nfc_dbg("entry"); | ||
338 | |||
339 | if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) | ||
340 | return -EINVAL; | ||
341 | |||
342 | idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); | ||
343 | |||
344 | dev = nfc_get_device(idx); | ||
345 | if (!dev) | ||
346 | return -ENODEV; | ||
347 | |||
348 | msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); | ||
349 | if (!msg) { | ||
350 | rc = -ENOMEM; | ||
351 | goto out_putdev; | ||
352 | } | ||
353 | |||
354 | rc = nfc_genl_send_device(msg, dev, info->snd_pid, info->snd_seq, | ||
355 | NULL, 0); | ||
356 | if (rc < 0) | ||
357 | goto out_free; | ||
358 | |||
359 | nfc_put_device(dev); | ||
360 | |||
361 | return genlmsg_reply(msg, info); | ||
362 | |||
363 | out_free: | ||
364 | nlmsg_free(msg); | ||
365 | out_putdev: | ||
366 | nfc_put_device(dev); | ||
367 | return rc; | ||
368 | } | ||
369 | |||
370 | static int nfc_genl_start_poll(struct sk_buff *skb, struct genl_info *info) | ||
371 | { | ||
372 | struct nfc_dev *dev; | ||
373 | int rc; | ||
374 | u32 idx; | ||
375 | u32 protocols; | ||
376 | |||
377 | nfc_dbg("entry"); | ||
378 | |||
379 | if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || | ||
380 | !info->attrs[NFC_ATTR_PROTOCOLS]) | ||
381 | return -EINVAL; | ||
382 | |||
383 | idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); | ||
384 | protocols = nla_get_u32(info->attrs[NFC_ATTR_PROTOCOLS]); | ||
385 | |||
386 | dev = nfc_get_device(idx); | ||
387 | if (!dev) | ||
388 | return -ENODEV; | ||
389 | |||
390 | mutex_lock(&dev->genl_data.genl_data_mutex); | ||
391 | |||
392 | rc = nfc_start_poll(dev, protocols); | ||
393 | if (!rc) | ||
394 | dev->genl_data.poll_req_pid = info->snd_pid; | ||
395 | |||
396 | mutex_unlock(&dev->genl_data.genl_data_mutex); | ||
397 | |||
398 | nfc_put_device(dev); | ||
399 | return rc; | ||
400 | } | ||
401 | |||
402 | static int nfc_genl_stop_poll(struct sk_buff *skb, struct genl_info *info) | ||
403 | { | ||
404 | struct nfc_dev *dev; | ||
405 | int rc; | ||
406 | u32 idx; | ||
407 | |||
408 | nfc_dbg("entry"); | ||
409 | |||
410 | if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) | ||
411 | return -EINVAL; | ||
412 | |||
413 | idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); | ||
414 | |||
415 | dev = nfc_get_device(idx); | ||
416 | if (!dev) | ||
417 | return -ENODEV; | ||
418 | |||
419 | mutex_lock(&dev->genl_data.genl_data_mutex); | ||
420 | |||
421 | if (dev->genl_data.poll_req_pid != info->snd_pid) { | ||
422 | rc = -EBUSY; | ||
423 | goto out; | ||
424 | } | ||
425 | |||
426 | rc = nfc_stop_poll(dev); | ||
427 | dev->genl_data.poll_req_pid = 0; | ||
428 | |||
429 | out: | ||
430 | mutex_unlock(&dev->genl_data.genl_data_mutex); | ||
431 | nfc_put_device(dev); | ||
432 | return rc; | ||
433 | } | ||
434 | |||
435 | static struct genl_ops nfc_genl_ops[] = { | ||
436 | { | ||
437 | .cmd = NFC_CMD_GET_DEVICE, | ||
438 | .doit = nfc_genl_get_device, | ||
439 | .dumpit = nfc_genl_dump_devices, | ||
440 | .done = nfc_genl_dump_devices_done, | ||
441 | .policy = nfc_genl_policy, | ||
442 | }, | ||
443 | { | ||
444 | .cmd = NFC_CMD_START_POLL, | ||
445 | .doit = nfc_genl_start_poll, | ||
446 | .policy = nfc_genl_policy, | ||
447 | }, | ||
448 | { | ||
449 | .cmd = NFC_CMD_STOP_POLL, | ||
450 | .doit = nfc_genl_stop_poll, | ||
451 | .policy = nfc_genl_policy, | ||
452 | }, | ||
453 | { | ||
454 | .cmd = NFC_CMD_GET_TARGET, | ||
455 | .dumpit = nfc_genl_dump_targets, | ||
456 | .done = nfc_genl_dump_targets_done, | ||
457 | .policy = nfc_genl_policy, | ||
458 | }, | ||
459 | }; | ||
460 | |||
461 | static int nfc_genl_rcv_nl_event(struct notifier_block *this, | ||
462 | unsigned long event, void *ptr) | ||
463 | { | ||
464 | struct netlink_notify *n = ptr; | ||
465 | struct class_dev_iter iter; | ||
466 | struct nfc_dev *dev; | ||
467 | |||
468 | if (event != NETLINK_URELEASE || n->protocol != NETLINK_GENERIC) | ||
469 | goto out; | ||
470 | |||
471 | nfc_dbg("NETLINK_URELEASE event from id %d", n->pid); | ||
472 | |||
473 | nfc_device_iter_init(&iter); | ||
474 | dev = nfc_device_iter_next(&iter); | ||
475 | |||
476 | while (dev) { | ||
477 | mutex_lock(&dev->genl_data.genl_data_mutex); | ||
478 | if (dev->genl_data.poll_req_pid == n->pid) { | ||
479 | nfc_stop_poll(dev); | ||
480 | dev->genl_data.poll_req_pid = 0; | ||
481 | } | ||
482 | mutex_unlock(&dev->genl_data.genl_data_mutex); | ||
483 | dev = nfc_device_iter_next(&iter); | ||
484 | } | ||
485 | |||
486 | nfc_device_iter_exit(&iter); | ||
487 | |||
488 | out: | ||
489 | return NOTIFY_DONE; | ||
490 | } | ||
491 | |||
492 | void nfc_genl_data_init(struct nfc_genl_data *genl_data) | ||
493 | { | ||
494 | genl_data->poll_req_pid = 0; | ||
495 | mutex_init(&genl_data->genl_data_mutex); | ||
496 | } | ||
497 | |||
498 | void nfc_genl_data_exit(struct nfc_genl_data *genl_data) | ||
499 | { | ||
500 | mutex_destroy(&genl_data->genl_data_mutex); | ||
501 | } | ||
502 | |||
503 | static struct notifier_block nl_notifier = { | ||
504 | .notifier_call = nfc_genl_rcv_nl_event, | ||
505 | }; | ||
506 | |||
507 | /** | ||
508 | * nfc_genl_init() - Initialize netlink interface | ||
509 | * | ||
510 | * This initialization function registers the nfc netlink family. | ||
511 | */ | ||
512 | int __init nfc_genl_init(void) | ||
513 | { | ||
514 | int rc; | ||
515 | |||
516 | rc = genl_register_family_with_ops(&nfc_genl_family, nfc_genl_ops, | ||
517 | ARRAY_SIZE(nfc_genl_ops)); | ||
518 | if (rc) | ||
519 | return rc; | ||
520 | |||
521 | rc = genl_register_mc_group(&nfc_genl_family, &nfc_genl_event_mcgrp); | ||
522 | |||
523 | netlink_register_notifier(&nl_notifier); | ||
524 | |||
525 | return rc; | ||
526 | } | ||
527 | |||
528 | /** | ||
529 | * nfc_genl_exit() - Deinitialize netlink interface | ||
530 | * | ||
531 | * This exit function unregisters the nfc netlink family. | ||
532 | */ | ||
533 | void nfc_genl_exit(void) | ||
534 | { | ||
535 | netlink_unregister_notifier(&nl_notifier); | ||
536 | genl_unregister_family(&nfc_genl_family); | ||
537 | } | ||
diff --git a/net/nfc/nfc.h b/net/nfc/nfc.h new file mode 100644 index 000000000000..aaf9832298f3 --- /dev/null +++ b/net/nfc/nfc.h | |||
@@ -0,0 +1,117 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia | ||
3 | * | ||
4 | * Authors: | ||
5 | * Lauro Ramos Venancio <lauro.venancio@openbossa.org> | ||
6 | * Aloisio Almeida Jr <aloisio.almeida@openbossa.org> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or modify | ||
9 | * it under the terms of the GNU General Public License as published by | ||
10 | * the Free Software Foundation; either version 2 of the License, or | ||
11 | * (at your option) any later version. | ||
12 | * | ||
13 | * This program is distributed in the hope that it will be useful, | ||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | * GNU General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with this program; if not, write to the | ||
20 | * Free Software Foundation, Inc., | ||
21 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
22 | */ | ||
23 | |||
24 | #ifndef __LOCAL_NFC_H | ||
25 | #define __LOCAL_NFC_H | ||
26 | |||
27 | #include <net/nfc.h> | ||
28 | #include <net/sock.h> | ||
29 | |||
30 | __attribute__((format (printf, 2, 3))) | ||
31 | int nfc_printk(const char *level, const char *fmt, ...); | ||
32 | |||
33 | #define nfc_info(fmt, arg...) nfc_printk(KERN_INFO, fmt, ##arg) | ||
34 | #define nfc_err(fmt, arg...) nfc_printk(KERN_ERR, fmt, ##arg) | ||
35 | #define nfc_dbg(fmt, arg...) pr_debug(fmt "\n", ##arg) | ||
36 | |||
37 | struct nfc_protocol { | ||
38 | int id; | ||
39 | struct proto *proto; | ||
40 | struct module *owner; | ||
41 | int (*create)(struct net *net, struct socket *sock, | ||
42 | const struct nfc_protocol *nfc_proto); | ||
43 | }; | ||
44 | |||
45 | struct nfc_rawsock { | ||
46 | struct sock sk; | ||
47 | struct nfc_dev *dev; | ||
48 | u32 target_idx; | ||
49 | struct work_struct tx_work; | ||
50 | bool tx_work_scheduled; | ||
51 | }; | ||
52 | #define nfc_rawsock(sk) ((struct nfc_rawsock *) sk) | ||
53 | #define to_rawsock_sk(_tx_work) \ | ||
54 | ((struct sock *) container_of(_tx_work, struct nfc_rawsock, tx_work)) | ||
55 | |||
56 | int __init rawsock_init(void); | ||
57 | void rawsock_exit(void); | ||
58 | |||
59 | int __init af_nfc_init(void); | ||
60 | void af_nfc_exit(void); | ||
61 | int nfc_proto_register(const struct nfc_protocol *nfc_proto); | ||
62 | void nfc_proto_unregister(const struct nfc_protocol *nfc_proto); | ||
63 | |||
64 | extern int nfc_devlist_generation; | ||
65 | extern struct mutex nfc_devlist_mutex; | ||
66 | |||
67 | int __init nfc_genl_init(void); | ||
68 | void nfc_genl_exit(void); | ||
69 | |||
70 | void nfc_genl_data_init(struct nfc_genl_data *genl_data); | ||
71 | void nfc_genl_data_exit(struct nfc_genl_data *genl_data); | ||
72 | |||
73 | int nfc_genl_targets_found(struct nfc_dev *dev); | ||
74 | |||
75 | int nfc_genl_device_added(struct nfc_dev *dev); | ||
76 | int nfc_genl_device_removed(struct nfc_dev *dev); | ||
77 | |||
78 | struct nfc_dev *nfc_get_device(unsigned idx); | ||
79 | |||
80 | static inline void nfc_put_device(struct nfc_dev *dev) | ||
81 | { | ||
82 | put_device(&dev->dev); | ||
83 | } | ||
84 | |||
85 | static inline void nfc_device_iter_init(struct class_dev_iter *iter) | ||
86 | { | ||
87 | class_dev_iter_init(iter, &nfc_class, NULL, NULL); | ||
88 | } | ||
89 | |||
90 | static inline struct nfc_dev *nfc_device_iter_next(struct class_dev_iter *iter) | ||
91 | { | ||
92 | struct device *d = class_dev_iter_next(iter); | ||
93 | if (!d) | ||
94 | return NULL; | ||
95 | |||
96 | return to_nfc_dev(d); | ||
97 | } | ||
98 | |||
99 | static inline void nfc_device_iter_exit(struct class_dev_iter *iter) | ||
100 | { | ||
101 | class_dev_iter_exit(iter); | ||
102 | } | ||
103 | |||
104 | int nfc_start_poll(struct nfc_dev *dev, u32 protocols); | ||
105 | |||
106 | int nfc_stop_poll(struct nfc_dev *dev); | ||
107 | |||
108 | int nfc_activate_target(struct nfc_dev *dev, u32 target_idx, u32 protocol); | ||
109 | |||
110 | int nfc_deactivate_target(struct nfc_dev *dev, u32 target_idx); | ||
111 | |||
112 | int nfc_data_exchange(struct nfc_dev *dev, u32 target_idx, | ||
113 | struct sk_buff *skb, | ||
114 | data_exchange_cb_t cb, | ||
115 | void *cb_context); | ||
116 | |||
117 | #endif /* __LOCAL_NFC_H */ | ||
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c new file mode 100644 index 000000000000..52de84a55115 --- /dev/null +++ b/net/nfc/rawsock.c | |||
@@ -0,0 +1,354 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2011 Instituto Nokia de Tecnologia | ||
3 | * | ||
4 | * Authors: | ||
5 | * Aloisio Almeida Jr <aloisio.almeida@openbossa.org> | ||
6 | * Lauro Ramos Venancio <lauro.venancio@openbossa.org> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or modify | ||
9 | * it under the terms of the GNU General Public License as published by | ||
10 | * the Free Software Foundation; either version 2 of the License, or | ||
11 | * (at your option) any later version. | ||
12 | * | ||
13 | * This program is distributed in the hope that it will be useful, | ||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
16 | * GNU General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with this program; if not, write to the | ||
20 | * Free Software Foundation, Inc., | ||
21 | * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | ||
22 | */ | ||
23 | |||
24 | #include <net/tcp_states.h> | ||
25 | #include <linux/nfc.h> | ||
26 | |||
27 | #include "nfc.h" | ||
28 | |||
29 | static void rawsock_write_queue_purge(struct sock *sk) | ||
30 | { | ||
31 | nfc_dbg("sk=%p", sk); | ||
32 | |||
33 | spin_lock_bh(&sk->sk_write_queue.lock); | ||
34 | __skb_queue_purge(&sk->sk_write_queue); | ||
35 | nfc_rawsock(sk)->tx_work_scheduled = false; | ||
36 | spin_unlock_bh(&sk->sk_write_queue.lock); | ||
37 | } | ||
38 | |||
39 | static void rawsock_report_error(struct sock *sk, int err) | ||
40 | { | ||
41 | nfc_dbg("sk=%p err=%d", sk, err); | ||
42 | |||
43 | sk->sk_shutdown = SHUTDOWN_MASK; | ||
44 | sk->sk_err = -err; | ||
45 | sk->sk_error_report(sk); | ||
46 | |||
47 | rawsock_write_queue_purge(sk); | ||
48 | } | ||
49 | |||
50 | static int rawsock_release(struct socket *sock) | ||
51 | { | ||
52 | struct sock *sk = sock->sk; | ||
53 | |||
54 | nfc_dbg("sock=%p", sock); | ||
55 | |||
56 | sock_orphan(sk); | ||
57 | sock_put(sk); | ||
58 | |||
59 | return 0; | ||
60 | } | ||
61 | |||
62 | static int rawsock_connect(struct socket *sock, struct sockaddr *_addr, | ||
63 | int len, int flags) | ||
64 | { | ||
65 | struct sock *sk = sock->sk; | ||
66 | struct sockaddr_nfc *addr = (struct sockaddr_nfc *)_addr; | ||
67 | struct nfc_dev *dev; | ||
68 | int rc = 0; | ||
69 | |||
70 | nfc_dbg("sock=%p sk=%p flags=%d", sock, sk, flags); | ||
71 | |||
72 | if (!addr || len < sizeof(struct sockaddr_nfc) || | ||
73 | addr->sa_family != AF_NFC) | ||
74 | return -EINVAL; | ||
75 | |||
76 | nfc_dbg("addr dev_idx=%u target_idx=%u protocol=%u", addr->dev_idx, | ||
77 | addr->target_idx, addr->nfc_protocol); | ||
78 | |||
79 | lock_sock(sk); | ||
80 | |||
81 | if (sock->state == SS_CONNECTED) { | ||
82 | rc = -EISCONN; | ||
83 | goto error; | ||
84 | } | ||
85 | |||
86 | dev = nfc_get_device(addr->dev_idx); | ||
87 | if (!dev) { | ||
88 | rc = -ENODEV; | ||
89 | goto error; | ||
90 | } | ||
91 | |||
92 | if (addr->target_idx > dev->target_idx - 1 || | ||
93 | addr->target_idx < dev->target_idx - dev->n_targets) { | ||
94 | rc = -EINVAL; | ||
95 | goto error; | ||
96 | } | ||
97 | |||
98 | if (addr->target_idx > dev->target_idx - 1 || | ||
99 | addr->target_idx < dev->target_idx - dev->n_targets) { | ||
100 | rc = -EINVAL; | ||
101 | goto error; | ||
102 | } | ||
103 | |||
104 | rc = nfc_activate_target(dev, addr->target_idx, addr->nfc_protocol); | ||
105 | if (rc) | ||
106 | goto put_dev; | ||
107 | |||
108 | nfc_rawsock(sk)->dev = dev; | ||
109 | nfc_rawsock(sk)->target_idx = addr->target_idx; | ||
110 | sock->state = SS_CONNECTED; | ||
111 | sk->sk_state = TCP_ESTABLISHED; | ||
112 | sk->sk_state_change(sk); | ||
113 | |||
114 | release_sock(sk); | ||
115 | return 0; | ||
116 | |||
117 | put_dev: | ||
118 | nfc_put_device(dev); | ||
119 | error: | ||
120 | release_sock(sk); | ||
121 | return rc; | ||
122 | } | ||
123 | |||
124 | static int rawsock_add_header(struct sk_buff *skb) | ||
125 | { | ||
126 | |||
127 | if (skb_cow_head(skb, 1)) | ||
128 | return -ENOMEM; | ||
129 | |||
130 | *skb_push(skb, 1) = 0; | ||
131 | |||
132 | return 0; | ||
133 | } | ||
134 | |||
135 | static void rawsock_data_exchange_complete(void *context, struct sk_buff *skb, | ||
136 | int err) | ||
137 | { | ||
138 | struct sock *sk = (struct sock *) context; | ||
139 | |||
140 | BUG_ON(in_irq()); | ||
141 | |||
142 | nfc_dbg("sk=%p err=%d", sk, err); | ||
143 | |||
144 | if (err) | ||
145 | goto error; | ||
146 | |||
147 | err = rawsock_add_header(skb); | ||
148 | if (err) | ||
149 | goto error; | ||
150 | |||
151 | err = sock_queue_rcv_skb(sk, skb); | ||
152 | if (err) | ||
153 | goto error; | ||
154 | |||
155 | spin_lock_bh(&sk->sk_write_queue.lock); | ||
156 | if (!skb_queue_empty(&sk->sk_write_queue)) | ||
157 | schedule_work(&nfc_rawsock(sk)->tx_work); | ||
158 | else | ||
159 | nfc_rawsock(sk)->tx_work_scheduled = false; | ||
160 | spin_unlock_bh(&sk->sk_write_queue.lock); | ||
161 | |||
162 | sock_put(sk); | ||
163 | return; | ||
164 | |||
165 | error: | ||
166 | rawsock_report_error(sk, err); | ||
167 | sock_put(sk); | ||
168 | } | ||
169 | |||
170 | static void rawsock_tx_work(struct work_struct *work) | ||
171 | { | ||
172 | struct sock *sk = to_rawsock_sk(work); | ||
173 | struct nfc_dev *dev = nfc_rawsock(sk)->dev; | ||
174 | u32 target_idx = nfc_rawsock(sk)->target_idx; | ||
175 | struct sk_buff *skb; | ||
176 | int rc; | ||
177 | |||
178 | nfc_dbg("sk=%p target_idx=%u", sk, target_idx); | ||
179 | |||
180 | if (sk->sk_shutdown & SEND_SHUTDOWN) { | ||
181 | rawsock_write_queue_purge(sk); | ||
182 | return; | ||
183 | } | ||
184 | |||
185 | skb = skb_dequeue(&sk->sk_write_queue); | ||
186 | |||
187 | sock_hold(sk); | ||
188 | rc = nfc_data_exchange(dev, target_idx, skb, | ||
189 | rawsock_data_exchange_complete, sk); | ||
190 | if (rc) { | ||
191 | rawsock_report_error(sk, rc); | ||
192 | sock_put(sk); | ||
193 | } | ||
194 | } | ||
195 | |||
196 | static int rawsock_sendmsg(struct kiocb *iocb, struct socket *sock, | ||
197 | struct msghdr *msg, size_t len) | ||
198 | { | ||
199 | struct sock *sk = sock->sk; | ||
200 | struct sk_buff *skb; | ||
201 | int rc; | ||
202 | |||
203 | nfc_dbg("sock=%p sk=%p len=%zu", sock, sk, len); | ||
204 | |||
205 | if (msg->msg_namelen) | ||
206 | return -EOPNOTSUPP; | ||
207 | |||
208 | if (sock->state != SS_CONNECTED) | ||
209 | return -ENOTCONN; | ||
210 | |||
211 | skb = sock_alloc_send_skb(sk, len, msg->msg_flags & MSG_DONTWAIT, | ||
212 | &rc); | ||
213 | if (!skb) | ||
214 | return rc; | ||
215 | |||
216 | rc = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); | ||
217 | if (rc < 0) { | ||
218 | kfree_skb(skb); | ||
219 | return rc; | ||
220 | } | ||
221 | |||
222 | spin_lock_bh(&sk->sk_write_queue.lock); | ||
223 | __skb_queue_tail(&sk->sk_write_queue, skb); | ||
224 | if (!nfc_rawsock(sk)->tx_work_scheduled) { | ||
225 | schedule_work(&nfc_rawsock(sk)->tx_work); | ||
226 | nfc_rawsock(sk)->tx_work_scheduled = true; | ||
227 | } | ||
228 | spin_unlock_bh(&sk->sk_write_queue.lock); | ||
229 | |||
230 | return len; | ||
231 | } | ||
232 | |||
233 | static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock, | ||
234 | struct msghdr *msg, size_t len, int flags) | ||
235 | { | ||
236 | int noblock = flags & MSG_DONTWAIT; | ||
237 | struct sock *sk = sock->sk; | ||
238 | struct sk_buff *skb; | ||
239 | int copied; | ||
240 | int rc; | ||
241 | |||
242 | nfc_dbg("sock=%p sk=%p len=%zu flags=%d", sock, sk, len, flags); | ||
243 | |||
244 | skb = skb_recv_datagram(sk, flags, noblock, &rc); | ||
245 | if (!skb) | ||
246 | return rc; | ||
247 | |||
248 | msg->msg_namelen = 0; | ||
249 | |||
250 | copied = skb->len; | ||
251 | if (len < copied) { | ||
252 | msg->msg_flags |= MSG_TRUNC; | ||
253 | copied = len; | ||
254 | } | ||
255 | |||
256 | rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); | ||
257 | |||
258 | skb_free_datagram(sk, skb); | ||
259 | |||
260 | return rc ? : copied; | ||
261 | } | ||
262 | |||
263 | |||
264 | static const struct proto_ops rawsock_ops = { | ||
265 | .family = PF_NFC, | ||
266 | .owner = THIS_MODULE, | ||
267 | .release = rawsock_release, | ||
268 | .bind = sock_no_bind, | ||
269 | .connect = rawsock_connect, | ||
270 | .socketpair = sock_no_socketpair, | ||
271 | .accept = sock_no_accept, | ||
272 | .getname = sock_no_getname, | ||
273 | .poll = datagram_poll, | ||
274 | .ioctl = sock_no_ioctl, | ||
275 | .listen = sock_no_listen, | ||
276 | .shutdown = sock_no_shutdown, | ||
277 | .setsockopt = sock_no_setsockopt, | ||
278 | .getsockopt = sock_no_getsockopt, | ||
279 | .sendmsg = rawsock_sendmsg, | ||
280 | .recvmsg = rawsock_recvmsg, | ||
281 | .mmap = sock_no_mmap, | ||
282 | }; | ||
283 | |||
284 | static void rawsock_destruct(struct sock *sk) | ||
285 | { | ||
286 | nfc_dbg("sk=%p", sk); | ||
287 | |||
288 | if (sk->sk_state == TCP_ESTABLISHED) { | ||
289 | nfc_deactivate_target(nfc_rawsock(sk)->dev, | ||
290 | nfc_rawsock(sk)->target_idx); | ||
291 | nfc_put_device(nfc_rawsock(sk)->dev); | ||
292 | } | ||
293 | |||
294 | skb_queue_purge(&sk->sk_receive_queue); | ||
295 | |||
296 | if (!sock_flag(sk, SOCK_DEAD)) { | ||
297 | nfc_err("Freeing alive NFC raw socket %p", sk); | ||
298 | return; | ||
299 | } | ||
300 | } | ||
301 | |||
302 | static int rawsock_create(struct net *net, struct socket *sock, | ||
303 | const struct nfc_protocol *nfc_proto) | ||
304 | { | ||
305 | struct sock *sk; | ||
306 | |||
307 | nfc_dbg("sock=%p", sock); | ||
308 | |||
309 | if (sock->type != SOCK_SEQPACKET) | ||
310 | return -ESOCKTNOSUPPORT; | ||
311 | |||
312 | sock->ops = &rawsock_ops; | ||
313 | |||
314 | sk = sk_alloc(net, PF_NFC, GFP_KERNEL, nfc_proto->proto); | ||
315 | if (!sk) | ||
316 | return -ENOMEM; | ||
317 | |||
318 | sock_init_data(sock, sk); | ||
319 | sk->sk_protocol = nfc_proto->id; | ||
320 | sk->sk_destruct = rawsock_destruct; | ||
321 | sock->state = SS_UNCONNECTED; | ||
322 | |||
323 | INIT_WORK(&nfc_rawsock(sk)->tx_work, rawsock_tx_work); | ||
324 | nfc_rawsock(sk)->tx_work_scheduled = false; | ||
325 | |||
326 | return 0; | ||
327 | } | ||
328 | |||
329 | static struct proto rawsock_proto = { | ||
330 | .name = "NFC_RAW", | ||
331 | .owner = THIS_MODULE, | ||
332 | .obj_size = sizeof(struct nfc_rawsock), | ||
333 | }; | ||
334 | |||
335 | static const struct nfc_protocol rawsock_nfc_proto = { | ||
336 | .id = NFC_SOCKPROTO_RAW, | ||
337 | .proto = &rawsock_proto, | ||
338 | .owner = THIS_MODULE, | ||
339 | .create = rawsock_create | ||
340 | }; | ||
341 | |||
342 | int __init rawsock_init(void) | ||
343 | { | ||
344 | int rc; | ||
345 | |||
346 | rc = nfc_proto_register(&rawsock_nfc_proto); | ||
347 | |||
348 | return rc; | ||
349 | } | ||
350 | |||
351 | void rawsock_exit(void) | ||
352 | { | ||
353 | nfc_proto_unregister(&rawsock_nfc_proto); | ||
354 | } | ||
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 493b939970cd..832f6574e4ed 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c | |||
@@ -170,7 +170,9 @@ void __cfg80211_send_deauth(struct net_device *dev, | |||
170 | break; | 170 | break; |
171 | } | 171 | } |
172 | if (wdev->authtry_bsses[i] && | 172 | if (wdev->authtry_bsses[i] && |
173 | memcmp(wdev->authtry_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) { | 173 | memcmp(wdev->authtry_bsses[i]->pub.bssid, bssid, |
174 | ETH_ALEN) == 0 && | ||
175 | memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) == 0) { | ||
174 | cfg80211_unhold_bss(wdev->authtry_bsses[i]); | 176 | cfg80211_unhold_bss(wdev->authtry_bsses[i]); |
175 | cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); | 177 | cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); |
176 | wdev->authtry_bsses[i] = NULL; | 178 | wdev->authtry_bsses[i] = NULL; |
@@ -1082,3 +1084,14 @@ void cfg80211_cqm_pktloss_notify(struct net_device *dev, | |||
1082 | nl80211_send_cqm_pktloss_notify(rdev, dev, peer, num_packets, gfp); | 1084 | nl80211_send_cqm_pktloss_notify(rdev, dev, peer, num_packets, gfp); |
1083 | } | 1085 | } |
1084 | EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); | 1086 | EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); |
1087 | |||
1088 | void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, | ||
1089 | const u8 *replay_ctr, gfp_t gfp) | ||
1090 | { | ||
1091 | struct wireless_dev *wdev = dev->ieee80211_ptr; | ||
1092 | struct wiphy *wiphy = wdev->wiphy; | ||
1093 | struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); | ||
1094 | |||
1095 | nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); | ||
1096 | } | ||
1097 | EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); | ||
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index cea338150d05..6a82c898f831 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
@@ -176,6 +176,7 @@ static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { | |||
176 | [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, | 176 | [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, |
177 | [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, | 177 | [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, |
178 | [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, | 178 | [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, |
179 | [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, | ||
179 | }; | 180 | }; |
180 | 181 | ||
181 | /* policy for the key attributes */ | 182 | /* policy for the key attributes */ |
@@ -206,6 +207,14 @@ nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { | |||
206 | [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, | 207 | [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, |
207 | }; | 208 | }; |
208 | 209 | ||
210 | /* policy for GTK rekey offload attributes */ | ||
211 | static const struct nla_policy | ||
212 | nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { | ||
213 | [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, | ||
214 | [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, | ||
215 | [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, | ||
216 | }; | ||
217 | |||
209 | /* ifidx get helper */ | 218 | /* ifidx get helper */ |
210 | static int nl80211_get_ifidx(struct netlink_callback *cb) | 219 | static int nl80211_get_ifidx(struct netlink_callback *cb) |
211 | { | 220 | { |
@@ -3632,7 +3641,8 @@ static int nl80211_stop_sched_scan(struct sk_buff *skb, | |||
3632 | return err; | 3641 | return err; |
3633 | } | 3642 | } |
3634 | 3643 | ||
3635 | static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, | 3644 | static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, |
3645 | u32 seq, int flags, | ||
3636 | struct cfg80211_registered_device *rdev, | 3646 | struct cfg80211_registered_device *rdev, |
3637 | struct wireless_dev *wdev, | 3647 | struct wireless_dev *wdev, |
3638 | struct cfg80211_internal_bss *intbss) | 3648 | struct cfg80211_internal_bss *intbss) |
@@ -3644,11 +3654,13 @@ static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, | |||
3644 | 3654 | ||
3645 | ASSERT_WDEV_LOCK(wdev); | 3655 | ASSERT_WDEV_LOCK(wdev); |
3646 | 3656 | ||
3647 | hdr = nl80211hdr_put(msg, pid, seq, flags, | 3657 | hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags, |
3648 | NL80211_CMD_NEW_SCAN_RESULTS); | 3658 | NL80211_CMD_NEW_SCAN_RESULTS); |
3649 | if (!hdr) | 3659 | if (!hdr) |
3650 | return -1; | 3660 | return -1; |
3651 | 3661 | ||
3662 | genl_dump_check_consistent(cb, hdr, &nl80211_fam); | ||
3663 | |||
3652 | NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); | 3664 | NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); |
3653 | NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); | 3665 | NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); |
3654 | 3666 | ||
@@ -3737,11 +3749,12 @@ static int nl80211_dump_scan(struct sk_buff *skb, | |||
3737 | spin_lock_bh(&rdev->bss_lock); | 3749 | spin_lock_bh(&rdev->bss_lock); |
3738 | cfg80211_bss_expire(rdev); | 3750 | cfg80211_bss_expire(rdev); |
3739 | 3751 | ||
3752 | cb->seq = rdev->bss_generation; | ||
3753 | |||
3740 | list_for_each_entry(scan, &rdev->bss_list, list) { | 3754 | list_for_each_entry(scan, &rdev->bss_list, list) { |
3741 | if (++idx <= start) | 3755 | if (++idx <= start) |
3742 | continue; | 3756 | continue; |
3743 | if (nl80211_send_bss(skb, | 3757 | if (nl80211_send_bss(skb, cb, |
3744 | NETLINK_CB(cb->skb).pid, | ||
3745 | cb->nlh->nlmsg_seq, NLM_F_MULTI, | 3758 | cb->nlh->nlmsg_seq, NLM_F_MULTI, |
3746 | rdev, wdev, scan) < 0) { | 3759 | rdev, wdev, scan) < 0) { |
3747 | idx--; | 3760 | idx--; |
@@ -3765,10 +3778,6 @@ static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, | |||
3765 | void *hdr; | 3778 | void *hdr; |
3766 | struct nlattr *infoattr; | 3779 | struct nlattr *infoattr; |
3767 | 3780 | ||
3768 | /* Survey without a channel doesn't make sense */ | ||
3769 | if (!survey->channel) | ||
3770 | return -EINVAL; | ||
3771 | |||
3772 | hdr = nl80211hdr_put(msg, pid, seq, flags, | 3781 | hdr = nl80211hdr_put(msg, pid, seq, flags, |
3773 | NL80211_CMD_NEW_SURVEY_RESULTS); | 3782 | NL80211_CMD_NEW_SURVEY_RESULTS); |
3774 | if (!hdr) | 3783 | if (!hdr) |
@@ -3831,6 +3840,8 @@ static int nl80211_dump_survey(struct sk_buff *skb, | |||
3831 | } | 3840 | } |
3832 | 3841 | ||
3833 | while (1) { | 3842 | while (1) { |
3843 | struct ieee80211_channel *chan; | ||
3844 | |||
3834 | res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, | 3845 | res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, |
3835 | &survey); | 3846 | &survey); |
3836 | if (res == -ENOENT) | 3847 | if (res == -ENOENT) |
@@ -3838,6 +3849,19 @@ static int nl80211_dump_survey(struct sk_buff *skb, | |||
3838 | if (res) | 3849 | if (res) |
3839 | goto out_err; | 3850 | goto out_err; |
3840 | 3851 | ||
3852 | /* Survey without a channel doesn't make sense */ | ||
3853 | if (!survey.channel) { | ||
3854 | res = -EINVAL; | ||
3855 | goto out; | ||
3856 | } | ||
3857 | |||
3858 | chan = ieee80211_get_channel(&dev->wiphy, | ||
3859 | survey.channel->center_freq); | ||
3860 | if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { | ||
3861 | survey_idx++; | ||
3862 | continue; | ||
3863 | } | ||
3864 | |||
3841 | if (nl80211_send_survey(skb, | 3865 | if (nl80211_send_survey(skb, |
3842 | NETLINK_CB(cb->skb).pid, | 3866 | NETLINK_CB(cb->skb).pid, |
3843 | cb->nlh->nlmsg_seq, NLM_F_MULTI, | 3867 | cb->nlh->nlmsg_seq, NLM_F_MULTI, |
@@ -4372,6 +4396,93 @@ static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) | |||
4372 | return err; | 4396 | return err; |
4373 | } | 4397 | } |
4374 | 4398 | ||
4399 | static int nl80211_testmode_dump(struct sk_buff *skb, | ||
4400 | struct netlink_callback *cb) | ||
4401 | { | ||
4402 | struct cfg80211_registered_device *dev; | ||
4403 | int err; | ||
4404 | long phy_idx; | ||
4405 | void *data = NULL; | ||
4406 | int data_len = 0; | ||
4407 | |||
4408 | if (cb->args[0]) { | ||
4409 | /* | ||
4410 | * 0 is a valid index, but not valid for args[0], | ||
4411 | * so we need to offset by 1. | ||
4412 | */ | ||
4413 | phy_idx = cb->args[0] - 1; | ||
4414 | } else { | ||
4415 | err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, | ||
4416 | nl80211_fam.attrbuf, nl80211_fam.maxattr, | ||
4417 | nl80211_policy); | ||
4418 | if (err) | ||
4419 | return err; | ||
4420 | if (!nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) | ||
4421 | return -EINVAL; | ||
4422 | phy_idx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]); | ||
4423 | if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) | ||
4424 | cb->args[1] = | ||
4425 | (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; | ||
4426 | } | ||
4427 | |||
4428 | if (cb->args[1]) { | ||
4429 | data = nla_data((void *)cb->args[1]); | ||
4430 | data_len = nla_len((void *)cb->args[1]); | ||
4431 | } | ||
4432 | |||
4433 | mutex_lock(&cfg80211_mutex); | ||
4434 | dev = cfg80211_rdev_by_wiphy_idx(phy_idx); | ||
4435 | if (!dev) { | ||
4436 | mutex_unlock(&cfg80211_mutex); | ||
4437 | return -ENOENT; | ||
4438 | } | ||
4439 | cfg80211_lock_rdev(dev); | ||
4440 | mutex_unlock(&cfg80211_mutex); | ||
4441 | |||
4442 | if (!dev->ops->testmode_dump) { | ||
4443 | err = -EOPNOTSUPP; | ||
4444 | goto out_err; | ||
4445 | } | ||
4446 | |||
4447 | while (1) { | ||
4448 | void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid, | ||
4449 | cb->nlh->nlmsg_seq, NLM_F_MULTI, | ||
4450 | NL80211_CMD_TESTMODE); | ||
4451 | struct nlattr *tmdata; | ||
4452 | |||
4453 | if (nla_put_u32(skb, NL80211_ATTR_WIPHY, dev->wiphy_idx) < 0) { | ||
4454 | genlmsg_cancel(skb, hdr); | ||
4455 | break; | ||
4456 | } | ||
4457 | |||
4458 | tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); | ||
4459 | if (!tmdata) { | ||
4460 | genlmsg_cancel(skb, hdr); | ||
4461 | break; | ||
4462 | } | ||
4463 | err = dev->ops->testmode_dump(&dev->wiphy, skb, cb, | ||
4464 | data, data_len); | ||
4465 | nla_nest_end(skb, tmdata); | ||
4466 | |||
4467 | if (err == -ENOBUFS || err == -ENOENT) { | ||
4468 | genlmsg_cancel(skb, hdr); | ||
4469 | break; | ||
4470 | } else if (err) { | ||
4471 | genlmsg_cancel(skb, hdr); | ||
4472 | goto out_err; | ||
4473 | } | ||
4474 | |||
4475 | genlmsg_end(skb, hdr); | ||
4476 | } | ||
4477 | |||
4478 | err = skb->len; | ||
4479 | /* see above */ | ||
4480 | cb->args[0] = phy_idx + 1; | ||
4481 | out_err: | ||
4482 | cfg80211_unlock_rdev(dev); | ||
4483 | return err; | ||
4484 | } | ||
4485 | |||
4375 | static struct sk_buff * | 4486 | static struct sk_buff * |
4376 | __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, | 4487 | __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, |
4377 | int approxlen, u32 pid, u32 seq, gfp_t gfp) | 4488 | int approxlen, u32 pid, u32 seq, gfp_t gfp) |
@@ -5318,6 +5429,57 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) | |||
5318 | return err; | 5429 | return err; |
5319 | } | 5430 | } |
5320 | 5431 | ||
5432 | static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) | ||
5433 | { | ||
5434 | struct cfg80211_registered_device *rdev = info->user_ptr[0]; | ||
5435 | struct net_device *dev = info->user_ptr[1]; | ||
5436 | struct wireless_dev *wdev = dev->ieee80211_ptr; | ||
5437 | struct nlattr *tb[NUM_NL80211_REKEY_DATA]; | ||
5438 | struct cfg80211_gtk_rekey_data rekey_data; | ||
5439 | int err; | ||
5440 | |||
5441 | if (!info->attrs[NL80211_ATTR_REKEY_DATA]) | ||
5442 | return -EINVAL; | ||
5443 | |||
5444 | err = nla_parse(tb, MAX_NL80211_REKEY_DATA, | ||
5445 | nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), | ||
5446 | nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), | ||
5447 | nl80211_rekey_policy); | ||
5448 | if (err) | ||
5449 | return err; | ||
5450 | |||
5451 | if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) | ||
5452 | return -ERANGE; | ||
5453 | if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) | ||
5454 | return -ERANGE; | ||
5455 | if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) | ||
5456 | return -ERANGE; | ||
5457 | |||
5458 | memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), | ||
5459 | NL80211_KEK_LEN); | ||
5460 | memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), | ||
5461 | NL80211_KCK_LEN); | ||
5462 | memcpy(rekey_data.replay_ctr, | ||
5463 | nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), | ||
5464 | NL80211_REPLAY_CTR_LEN); | ||
5465 | |||
5466 | wdev_lock(wdev); | ||
5467 | if (!wdev->current_bss) { | ||
5468 | err = -ENOTCONN; | ||
5469 | goto out; | ||
5470 | } | ||
5471 | |||
5472 | if (!rdev->ops->set_rekey_data) { | ||
5473 | err = -EOPNOTSUPP; | ||
5474 | goto out; | ||
5475 | } | ||
5476 | |||
5477 | err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); | ||
5478 | out: | ||
5479 | wdev_unlock(wdev); | ||
5480 | return err; | ||
5481 | } | ||
5482 | |||
5321 | #define NL80211_FLAG_NEED_WIPHY 0x01 | 5483 | #define NL80211_FLAG_NEED_WIPHY 0x01 |
5322 | #define NL80211_FLAG_NEED_NETDEV 0x02 | 5484 | #define NL80211_FLAG_NEED_NETDEV 0x02 |
5323 | #define NL80211_FLAG_NEED_RTNL 0x04 | 5485 | #define NL80211_FLAG_NEED_RTNL 0x04 |
@@ -5669,6 +5831,7 @@ static struct genl_ops nl80211_ops[] = { | |||
5669 | { | 5831 | { |
5670 | .cmd = NL80211_CMD_TESTMODE, | 5832 | .cmd = NL80211_CMD_TESTMODE, |
5671 | .doit = nl80211_testmode_do, | 5833 | .doit = nl80211_testmode_do, |
5834 | .dumpit = nl80211_testmode_dump, | ||
5672 | .policy = nl80211_policy, | 5835 | .policy = nl80211_policy, |
5673 | .flags = GENL_ADMIN_PERM, | 5836 | .flags = GENL_ADMIN_PERM, |
5674 | .internal_flags = NL80211_FLAG_NEED_WIPHY | | 5837 | .internal_flags = NL80211_FLAG_NEED_WIPHY | |
@@ -5848,6 +6011,14 @@ static struct genl_ops nl80211_ops[] = { | |||
5848 | .internal_flags = NL80211_FLAG_NEED_WIPHY | | 6011 | .internal_flags = NL80211_FLAG_NEED_WIPHY | |
5849 | NL80211_FLAG_NEED_RTNL, | 6012 | NL80211_FLAG_NEED_RTNL, |
5850 | }, | 6013 | }, |
6014 | { | ||
6015 | .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, | ||
6016 | .doit = nl80211_set_rekey_data, | ||
6017 | .policy = nl80211_policy, | ||
6018 | .flags = GENL_ADMIN_PERM, | ||
6019 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | ||
6020 | NL80211_FLAG_NEED_RTNL, | ||
6021 | }, | ||
5851 | }; | 6022 | }; |
5852 | 6023 | ||
5853 | static struct genl_multicast_group nl80211_mlme_mcgrp = { | 6024 | static struct genl_multicast_group nl80211_mlme_mcgrp = { |
@@ -6792,6 +6963,51 @@ nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, | |||
6792 | nlmsg_free(msg); | 6963 | nlmsg_free(msg); |
6793 | } | 6964 | } |
6794 | 6965 | ||
6966 | void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, | ||
6967 | struct net_device *netdev, const u8 *bssid, | ||
6968 | const u8 *replay_ctr, gfp_t gfp) | ||
6969 | { | ||
6970 | struct sk_buff *msg; | ||
6971 | struct nlattr *rekey_attr; | ||
6972 | void *hdr; | ||
6973 | |||
6974 | msg = nlmsg_new(NLMSG_GOODSIZE, gfp); | ||
6975 | if (!msg) | ||
6976 | return; | ||
6977 | |||
6978 | hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); | ||
6979 | if (!hdr) { | ||
6980 | nlmsg_free(msg); | ||
6981 | return; | ||
6982 | } | ||
6983 | |||
6984 | NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); | ||
6985 | NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); | ||
6986 | NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); | ||
6987 | |||
6988 | rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); | ||
6989 | if (!rekey_attr) | ||
6990 | goto nla_put_failure; | ||
6991 | |||
6992 | NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, | ||
6993 | NL80211_REPLAY_CTR_LEN, replay_ctr); | ||
6994 | |||
6995 | nla_nest_end(msg, rekey_attr); | ||
6996 | |||
6997 | if (genlmsg_end(msg, hdr) < 0) { | ||
6998 | nlmsg_free(msg); | ||
6999 | return; | ||
7000 | } | ||
7001 | |||
7002 | genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, | ||
7003 | nl80211_mlme_mcgrp.id, gfp); | ||
7004 | return; | ||
7005 | |||
7006 | nla_put_failure: | ||
7007 | genlmsg_cancel(msg, hdr); | ||
7008 | nlmsg_free(msg); | ||
7009 | } | ||
7010 | |||
6795 | void | 7011 | void |
6796 | nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, | 7012 | nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, |
6797 | struct net_device *netdev, const u8 *peer, | 7013 | struct net_device *netdev, const u8 *peer, |
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h index 2f1bfb87a651..5d69c56400ae 100644 --- a/net/wireless/nl80211.h +++ b/net/wireless/nl80211.h | |||
@@ -109,4 +109,8 @@ nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, | |||
109 | struct net_device *netdev, const u8 *peer, | 109 | struct net_device *netdev, const u8 *peer, |
110 | u32 num_packets, gfp_t gfp); | 110 | u32 num_packets, gfp_t gfp); |
111 | 111 | ||
112 | void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, | ||
113 | struct net_device *netdev, const u8 *bssid, | ||
114 | const u8 *replay_ctr, gfp_t gfp); | ||
115 | |||
112 | #endif /* __NET_WIRELESS_NL80211_H */ | 116 | #endif /* __NET_WIRELESS_NL80211_H */ |
diff --git a/net/wireless/scan.c b/net/wireless/scan.c index ae0c2256ba3b..1c4672e35144 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c | |||
@@ -132,18 +132,17 @@ EXPORT_SYMBOL(cfg80211_sched_scan_stopped); | |||
132 | int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, | 132 | int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, |
133 | bool driver_initiated) | 133 | bool driver_initiated) |
134 | { | 134 | { |
135 | int err; | ||
136 | struct net_device *dev; | 135 | struct net_device *dev; |
137 | 136 | ||
138 | lockdep_assert_held(&rdev->sched_scan_mtx); | 137 | lockdep_assert_held(&rdev->sched_scan_mtx); |
139 | 138 | ||
140 | if (!rdev->sched_scan_req) | 139 | if (!rdev->sched_scan_req) |
141 | return 0; | 140 | return -ENOENT; |
142 | 141 | ||
143 | dev = rdev->sched_scan_req->dev; | 142 | dev = rdev->sched_scan_req->dev; |
144 | 143 | ||
145 | if (!driver_initiated) { | 144 | if (!driver_initiated) { |
146 | err = rdev->ops->sched_scan_stop(&rdev->wiphy, dev); | 145 | int err = rdev->ops->sched_scan_stop(&rdev->wiphy, dev); |
147 | if (err) | 146 | if (err) |
148 | return err; | 147 | return err; |
149 | } | 148 | } |
@@ -153,7 +152,7 @@ int __cfg80211_stop_sched_scan(struct cfg80211_registered_device *rdev, | |||
153 | kfree(rdev->sched_scan_req); | 152 | kfree(rdev->sched_scan_req); |
154 | rdev->sched_scan_req = NULL; | 153 | rdev->sched_scan_req = NULL; |
155 | 154 | ||
156 | return err; | 155 | return 0; |
157 | } | 156 | } |
158 | 157 | ||
159 | static void bss_release(struct kref *ref) | 158 | static void bss_release(struct kref *ref) |