Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/*
2 Copyright (c) 2010,2011 Code Aurora Forum. All rights reserved.
3 Copyright (c) 2011,2012 Intel Corp.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 and
7 only version 2 as published by the Free Software Foundation.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13*/
14
15#include <net/bluetooth/bluetooth.h>
16#include <net/bluetooth/hci_core.h>
17#include <net/bluetooth/l2cap.h>
18#include <net/bluetooth/a2mp.h>
19#include <net/bluetooth/amp.h>
20
21/* Global AMP Manager list */
22LIST_HEAD(amp_mgr_list);
23DEFINE_MUTEX(amp_mgr_list_lock);
24
25/* A2MP build & send command helper functions */
26static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data)
27{
28 struct a2mp_cmd *cmd;
29 int plen;
30
31 plen = sizeof(*cmd) + len;
32 cmd = kzalloc(plen, GFP_KERNEL);
33 if (!cmd)
34 return NULL;
35
36 cmd->code = code;
37 cmd->ident = ident;
38 cmd->len = cpu_to_le16(len);
39
40 memcpy(cmd->data, data, len);
41
42 return cmd;
43}
44
45void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data)
46{
47 struct l2cap_chan *chan = mgr->a2mp_chan;
48 struct a2mp_cmd *cmd;
49 u16 total_len = len + sizeof(*cmd);
50 struct kvec iv;
51 struct msghdr msg;
52
53 cmd = __a2mp_build(code, ident, len, data);
54 if (!cmd)
55 return;
56
57 iv.iov_base = cmd;
58 iv.iov_len = total_len;
59
60 memset(&msg, 0, sizeof(msg));
61
62 msg.msg_iov = (struct iovec *) &iv;
63 msg.msg_iovlen = 1;
64
65 l2cap_chan_send(chan, &msg, total_len, 0);
66
67 kfree(cmd);
68}
69
70u8 __next_ident(struct amp_mgr *mgr)
71{
72 if (++mgr->ident == 0)
73 mgr->ident = 1;
74
75 return mgr->ident;
76}
77
78static inline void __a2mp_cl_bredr(struct a2mp_cl *cl)
79{
80 cl->id = 0;
81 cl->type = 0;
82 cl->status = 1;
83}
84
85/* hci_dev_list shall be locked */
86static void __a2mp_add_cl(struct amp_mgr *mgr, struct a2mp_cl *cl, u8 num_ctrl)
87{
88 int i = 0;
89 struct hci_dev *hdev;
90
91 __a2mp_cl_bredr(cl);
92
93 list_for_each_entry(hdev, &hci_dev_list, list) {
94 /* Iterate through AMP controllers */
95 if (hdev->id == HCI_BREDR_ID)
96 continue;
97
98 /* Starting from second entry */
99 if (++i >= num_ctrl)
100 return;
101
102 cl[i].id = hdev->id;
103 cl[i].type = hdev->amp_type;
104 cl[i].status = hdev->amp_status;
105 }
106}
107
108/* Processing A2MP messages */
109static int a2mp_command_rej(struct amp_mgr *mgr, struct sk_buff *skb,
110 struct a2mp_cmd *hdr)
111{
112 struct a2mp_cmd_rej *rej = (void *) skb->data;
113
114 if (le16_to_cpu(hdr->len) < sizeof(*rej))
115 return -EINVAL;
116
117 BT_DBG("ident %d reason %d", hdr->ident, le16_to_cpu(rej->reason));
118
119 skb_pull(skb, sizeof(*rej));
120
121 return 0;
122}
123
124static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb,
125 struct a2mp_cmd *hdr)
126{
127 struct a2mp_discov_req *req = (void *) skb->data;
128 u16 len = le16_to_cpu(hdr->len);
129 struct a2mp_discov_rsp *rsp;
130 u16 ext_feat;
131 u8 num_ctrl;
132
133 if (len < sizeof(*req))
134 return -EINVAL;
135
136 skb_pull(skb, sizeof(*req));
137
138 ext_feat = le16_to_cpu(req->ext_feat);
139
140 BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(req->mtu), ext_feat);
141
142 /* check that packet is not broken for now */
143 while (ext_feat & A2MP_FEAT_EXT) {
144 if (len < sizeof(ext_feat))
145 return -EINVAL;
146
147 ext_feat = get_unaligned_le16(skb->data);
148 BT_DBG("efm 0x%4.4x", ext_feat);
149 len -= sizeof(ext_feat);
150 skb_pull(skb, sizeof(ext_feat));
151 }
152
153 read_lock(&hci_dev_list_lock);
154
155 num_ctrl = __hci_num_ctrl();
156 len = num_ctrl * sizeof(struct a2mp_cl) + sizeof(*rsp);
157 rsp = kmalloc(len, GFP_ATOMIC);
158 if (!rsp) {
159 read_unlock(&hci_dev_list_lock);
160 return -ENOMEM;
161 }
162
163 rsp->mtu = __constant_cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
164 rsp->ext_feat = 0;
165
166 __a2mp_add_cl(mgr, rsp->cl, num_ctrl);
167
168 read_unlock(&hci_dev_list_lock);
169
170 a2mp_send(mgr, A2MP_DISCOVER_RSP, hdr->ident, len, rsp);
171
172 kfree(rsp);
173 return 0;
174}
175
176static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
177 struct a2mp_cmd *hdr)
178{
179 struct a2mp_discov_rsp *rsp = (void *) skb->data;
180 u16 len = le16_to_cpu(hdr->len);
181 struct a2mp_cl *cl;
182 u16 ext_feat;
183 bool found = false;
184
185 if (len < sizeof(*rsp))
186 return -EINVAL;
187
188 len -= sizeof(*rsp);
189 skb_pull(skb, sizeof(*rsp));
190
191 ext_feat = le16_to_cpu(rsp->ext_feat);
192
193 BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(rsp->mtu), ext_feat);
194
195 /* check that packet is not broken for now */
196 while (ext_feat & A2MP_FEAT_EXT) {
197 if (len < sizeof(ext_feat))
198 return -EINVAL;
199
200 ext_feat = get_unaligned_le16(skb->data);
201 BT_DBG("efm 0x%4.4x", ext_feat);
202 len -= sizeof(ext_feat);
203 skb_pull(skb, sizeof(ext_feat));
204 }
205
206 cl = (void *) skb->data;
207 while (len >= sizeof(*cl)) {
208 BT_DBG("Remote AMP id %d type %d status %d", cl->id, cl->type,
209 cl->status);
210
211 if (cl->id != HCI_BREDR_ID && cl->type == HCI_AMP) {
212 struct a2mp_info_req req;
213
214 found = true;
215 req.id = cl->id;
216 a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr),
217 sizeof(req), &req);
218 }
219
220 len -= sizeof(*cl);
221 cl = (void *) skb_pull(skb, sizeof(*cl));
222 }
223
224 /* Fall back to L2CAP init sequence */
225 if (!found) {
226 struct l2cap_conn *conn = mgr->l2cap_conn;
227 struct l2cap_chan *chan;
228
229 mutex_lock(&conn->chan_lock);
230
231 list_for_each_entry(chan, &conn->chan_l, list) {
232
233 BT_DBG("chan %p state %s", chan,
234 state_to_string(chan->state));
235
236 if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP)
237 continue;
238
239 l2cap_chan_lock(chan);
240
241 if (chan->state == BT_CONNECT)
242 l2cap_send_conn_req(chan);
243
244 l2cap_chan_unlock(chan);
245 }
246
247 mutex_unlock(&conn->chan_lock);
248 }
249
250 return 0;
251}
252
253static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb,
254 struct a2mp_cmd *hdr)
255{
256 struct a2mp_cl *cl = (void *) skb->data;
257
258 while (skb->len >= sizeof(*cl)) {
259 BT_DBG("Controller id %d type %d status %d", cl->id, cl->type,
260 cl->status);
261 cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*cl));
262 }
263
264 /* TODO send A2MP_CHANGE_RSP */
265
266 return 0;
267}
268
269static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
270 struct a2mp_cmd *hdr)
271{
272 struct a2mp_info_req *req = (void *) skb->data;
273 struct hci_dev *hdev;
274
275 if (le16_to_cpu(hdr->len) < sizeof(*req))
276 return -EINVAL;
277
278 BT_DBG("id %d", req->id);
279
280 hdev = hci_dev_get(req->id);
281 if (!hdev || hdev->dev_type != HCI_AMP) {
282 struct a2mp_info_rsp rsp;
283
284 rsp.id = req->id;
285 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
286
287 a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp),
288 &rsp);
289
290 goto done;
291 }
292
293 mgr->state = READ_LOC_AMP_INFO;
294 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
295
296done:
297 if (hdev)
298 hci_dev_put(hdev);
299
300 skb_pull(skb, sizeof(*req));
301 return 0;
302}
303
304static int a2mp_getinfo_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
305 struct a2mp_cmd *hdr)
306{
307 struct a2mp_info_rsp *rsp = (struct a2mp_info_rsp *) skb->data;
308 struct a2mp_amp_assoc_req req;
309 struct amp_ctrl *ctrl;
310
311 if (le16_to_cpu(hdr->len) < sizeof(*rsp))
312 return -EINVAL;
313
314 BT_DBG("id %d status 0x%2.2x", rsp->id, rsp->status);
315
316 if (rsp->status)
317 return -EINVAL;
318
319 ctrl = amp_ctrl_add(mgr, rsp->id);
320 if (!ctrl)
321 return -ENOMEM;
322
323 req.id = rsp->id;
324 a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req),
325 &req);
326
327 skb_pull(skb, sizeof(*rsp));
328 return 0;
329}
330
331static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
332 struct a2mp_cmd *hdr)
333{
334 struct a2mp_amp_assoc_req *req = (void *) skb->data;
335 struct hci_dev *hdev;
336 struct amp_mgr *tmp;
337
338 if (le16_to_cpu(hdr->len) < sizeof(*req))
339 return -EINVAL;
340
341 BT_DBG("id %d", req->id);
342
343 /* Make sure that other request is not processed */
344 tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
345
346 hdev = hci_dev_get(req->id);
347 if (!hdev || hdev->amp_type == HCI_BREDR || tmp) {
348 struct a2mp_amp_assoc_rsp rsp;
349 rsp.id = req->id;
350
351 if (tmp) {
352 rsp.status = A2MP_STATUS_COLLISION_OCCURED;
353 amp_mgr_put(tmp);
354 } else {
355 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
356 }
357
358 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp),
359 &rsp);
360
361 goto done;
362 }
363
364 amp_read_loc_assoc(hdev, mgr);
365
366done:
367 if (hdev)
368 hci_dev_put(hdev);
369
370 skb_pull(skb, sizeof(*req));
371 return 0;
372}
373
374static int a2mp_getampassoc_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
375 struct a2mp_cmd *hdr)
376{
377 struct a2mp_amp_assoc_rsp *rsp = (void *) skb->data;
378 u16 len = le16_to_cpu(hdr->len);
379 struct hci_dev *hdev;
380 struct amp_ctrl *ctrl;
381 struct hci_conn *hcon;
382 size_t assoc_len;
383
384 if (len < sizeof(*rsp))
385 return -EINVAL;
386
387 assoc_len = len - sizeof(*rsp);
388
389 BT_DBG("id %d status 0x%2.2x assoc len %zu", rsp->id, rsp->status,
390 assoc_len);
391
392 if (rsp->status)
393 return -EINVAL;
394
395 /* Save remote ASSOC data */
396 ctrl = amp_ctrl_lookup(mgr, rsp->id);
397 if (ctrl) {
398 u8 *assoc;
399
400 assoc = kzalloc(assoc_len, GFP_KERNEL);
401 if (!assoc) {
402 amp_ctrl_put(ctrl);
403 return -ENOMEM;
404 }
405
406 memcpy(assoc, rsp->amp_assoc, assoc_len);
407 ctrl->assoc = assoc;
408 ctrl->assoc_len = assoc_len;
409 ctrl->assoc_rem_len = assoc_len;
410 ctrl->assoc_len_so_far = 0;
411
412 amp_ctrl_put(ctrl);
413 }
414
415 /* Create Phys Link */
416 hdev = hci_dev_get(rsp->id);
417 if (!hdev)
418 return -EINVAL;
419
420 hcon = phylink_add(hdev, mgr, rsp->id, true);
421 if (!hcon)
422 goto done;
423
424 BT_DBG("Created hcon %p: loc:%d -> rem:%d", hcon, hdev->id, rsp->id);
425
426 mgr->bredr_chan->remote_amp_id = rsp->id;
427
428 amp_create_phylink(hdev, mgr, hcon);
429
430done:
431 hci_dev_put(hdev);
432 skb_pull(skb, len);
433 return 0;
434}
435
436static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
437 struct a2mp_cmd *hdr)
438{
439 struct a2mp_physlink_req *req = (void *) skb->data;
440
441 struct a2mp_physlink_rsp rsp;
442 struct hci_dev *hdev;
443 struct hci_conn *hcon;
444 struct amp_ctrl *ctrl;
445
446 if (le16_to_cpu(hdr->len) < sizeof(*req))
447 return -EINVAL;
448
449 BT_DBG("local_id %d, remote_id %d", req->local_id, req->remote_id);
450
451 rsp.local_id = req->remote_id;
452 rsp.remote_id = req->local_id;
453
454 hdev = hci_dev_get(req->remote_id);
455 if (!hdev || hdev->amp_type != HCI_AMP) {
456 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
457 goto send_rsp;
458 }
459
460 ctrl = amp_ctrl_lookup(mgr, rsp.remote_id);
461 if (!ctrl) {
462 ctrl = amp_ctrl_add(mgr, rsp.remote_id);
463 if (ctrl) {
464 amp_ctrl_get(ctrl);
465 } else {
466 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
467 goto send_rsp;
468 }
469 }
470
471 if (ctrl) {
472 size_t assoc_len = le16_to_cpu(hdr->len) - sizeof(*req);
473 u8 *assoc;
474
475 assoc = kzalloc(assoc_len, GFP_KERNEL);
476 if (!assoc) {
477 amp_ctrl_put(ctrl);
478 return -ENOMEM;
479 }
480
481 memcpy(assoc, req->amp_assoc, assoc_len);
482 ctrl->assoc = assoc;
483 ctrl->assoc_len = assoc_len;
484 ctrl->assoc_rem_len = assoc_len;
485 ctrl->assoc_len_so_far = 0;
486
487 amp_ctrl_put(ctrl);
488 }
489
490 hcon = phylink_add(hdev, mgr, req->local_id, false);
491 if (hcon) {
492 amp_accept_phylink(hdev, mgr, hcon);
493 rsp.status = A2MP_STATUS_SUCCESS;
494 } else {
495 rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
496 }
497
498send_rsp:
499 if (hdev)
500 hci_dev_put(hdev);
501
502 a2mp_send(mgr, A2MP_CREATEPHYSLINK_RSP, hdr->ident, sizeof(rsp),
503 &rsp);
504
505 skb_pull(skb, le16_to_cpu(hdr->len));
506 return 0;
507}
508
509static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
510 struct a2mp_cmd *hdr)
511{
512 struct a2mp_physlink_req *req = (void *) skb->data;
513 struct a2mp_physlink_rsp rsp;
514 struct hci_dev *hdev;
515 struct hci_conn *hcon;
516
517 if (le16_to_cpu(hdr->len) < sizeof(*req))
518 return -EINVAL;
519
520 BT_DBG("local_id %d remote_id %d", req->local_id, req->remote_id);
521
522 rsp.local_id = req->remote_id;
523 rsp.remote_id = req->local_id;
524 rsp.status = A2MP_STATUS_SUCCESS;
525
526 hdev = hci_dev_get(req->remote_id);
527 if (!hdev) {
528 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
529 goto send_rsp;
530 }
531
532 hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, mgr->l2cap_conn->dst);
533 if (!hcon) {
534 BT_ERR("No phys link exist");
535 rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS;
536 goto clean;
537 }
538
539 /* TODO Disconnect Phys Link here */
540
541clean:
542 hci_dev_put(hdev);
543
544send_rsp:
545 a2mp_send(mgr, A2MP_DISCONNPHYSLINK_RSP, hdr->ident, sizeof(rsp), &rsp);
546
547 skb_pull(skb, sizeof(*req));
548 return 0;
549}
550
551static inline int a2mp_cmd_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
552 struct a2mp_cmd *hdr)
553{
554 BT_DBG("ident %d code 0x%2.2x", hdr->ident, hdr->code);
555
556 skb_pull(skb, le16_to_cpu(hdr->len));
557 return 0;
558}
559
560/* Handle A2MP signalling */
561static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
562{
563 struct a2mp_cmd *hdr;
564 struct amp_mgr *mgr = chan->data;
565 int err = 0;
566
567 amp_mgr_get(mgr);
568
569 while (skb->len >= sizeof(*hdr)) {
570 u16 len;
571
572 hdr = (void *) skb->data;
573 len = le16_to_cpu(hdr->len);
574
575 BT_DBG("code 0x%2.2x id %d len %u", hdr->code, hdr->ident, len);
576
577 skb_pull(skb, sizeof(*hdr));
578
579 if (len > skb->len || !hdr->ident) {
580 err = -EINVAL;
581 break;
582 }
583
584 mgr->ident = hdr->ident;
585
586 switch (hdr->code) {
587 case A2MP_COMMAND_REJ:
588 a2mp_command_rej(mgr, skb, hdr);
589 break;
590
591 case A2MP_DISCOVER_REQ:
592 err = a2mp_discover_req(mgr, skb, hdr);
593 break;
594
595 case A2MP_CHANGE_NOTIFY:
596 err = a2mp_change_notify(mgr, skb, hdr);
597 break;
598
599 case A2MP_GETINFO_REQ:
600 err = a2mp_getinfo_req(mgr, skb, hdr);
601 break;
602
603 case A2MP_GETAMPASSOC_REQ:
604 err = a2mp_getampassoc_req(mgr, skb, hdr);
605 break;
606
607 case A2MP_CREATEPHYSLINK_REQ:
608 err = a2mp_createphyslink_req(mgr, skb, hdr);
609 break;
610
611 case A2MP_DISCONNPHYSLINK_REQ:
612 err = a2mp_discphyslink_req(mgr, skb, hdr);
613 break;
614
615 case A2MP_DISCOVER_RSP:
616 err = a2mp_discover_rsp(mgr, skb, hdr);
617 break;
618
619 case A2MP_GETINFO_RSP:
620 err = a2mp_getinfo_rsp(mgr, skb, hdr);
621 break;
622
623 case A2MP_GETAMPASSOC_RSP:
624 err = a2mp_getampassoc_rsp(mgr, skb, hdr);
625 break;
626
627 case A2MP_CHANGE_RSP:
628 case A2MP_CREATEPHYSLINK_RSP:
629 case A2MP_DISCONNPHYSLINK_RSP:
630 err = a2mp_cmd_rsp(mgr, skb, hdr);
631 break;
632
633 default:
634 BT_ERR("Unknown A2MP sig cmd 0x%2.2x", hdr->code);
635 err = -EINVAL;
636 break;
637 }
638 }
639
640 if (err) {
641 struct a2mp_cmd_rej rej;
642
643 rej.reason = __constant_cpu_to_le16(0);
644 hdr = (void *) skb->data;
645
646 BT_DBG("Send A2MP Rej: cmd 0x%2.2x err %d", hdr->code, err);
647
648 a2mp_send(mgr, A2MP_COMMAND_REJ, hdr->ident, sizeof(rej),
649 &rej);
650 }
651
652 /* Always free skb and return success error code to prevent
653 from sending L2CAP Disconnect over A2MP channel */
654 kfree_skb(skb);
655
656 amp_mgr_put(mgr);
657
658 return 0;
659}
660
661static void a2mp_chan_close_cb(struct l2cap_chan *chan)
662{
663 l2cap_chan_put(chan);
664}
665
666static void a2mp_chan_state_change_cb(struct l2cap_chan *chan, int state)
667{
668 struct amp_mgr *mgr = chan->data;
669
670 if (!mgr)
671 return;
672
673 BT_DBG("chan %p state %s", chan, state_to_string(state));
674
675 chan->state = state;
676
677 switch (state) {
678 case BT_CLOSED:
679 if (mgr)
680 amp_mgr_put(mgr);
681 break;
682 }
683}
684
685static struct sk_buff *a2mp_chan_alloc_skb_cb(struct l2cap_chan *chan,
686 unsigned long len, int nb)
687{
688 return bt_skb_alloc(len, GFP_KERNEL);
689}
690
691static struct l2cap_ops a2mp_chan_ops = {
692 .name = "L2CAP A2MP channel",
693 .recv = a2mp_chan_recv_cb,
694 .close = a2mp_chan_close_cb,
695 .state_change = a2mp_chan_state_change_cb,
696 .alloc_skb = a2mp_chan_alloc_skb_cb,
697
698 /* Not implemented for A2MP */
699 .new_connection = l2cap_chan_no_new_connection,
700 .teardown = l2cap_chan_no_teardown,
701 .ready = l2cap_chan_no_ready,
702 .defer = l2cap_chan_no_defer,
703};
704
705static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked)
706{
707 struct l2cap_chan *chan;
708 int err;
709
710 chan = l2cap_chan_create();
711 if (!chan)
712 return NULL;
713
714 BT_DBG("chan %p", chan);
715
716 chan->chan_type = L2CAP_CHAN_CONN_FIX_A2MP;
717 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
718
719 chan->ops = &a2mp_chan_ops;
720
721 l2cap_chan_set_defaults(chan);
722 chan->remote_max_tx = chan->max_tx;
723 chan->remote_tx_win = chan->tx_win;
724
725 chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
726 chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
727
728 skb_queue_head_init(&chan->tx_q);
729
730 chan->mode = L2CAP_MODE_ERTM;
731
732 err = l2cap_ertm_init(chan);
733 if (err < 0) {
734 l2cap_chan_del(chan, 0);
735 return NULL;
736 }
737
738 chan->conf_state = 0;
739
740 if (locked)
741 __l2cap_chan_add(conn, chan);
742 else
743 l2cap_chan_add(conn, chan);
744
745 chan->remote_mps = chan->omtu;
746 chan->mps = chan->omtu;
747
748 chan->state = BT_CONNECTED;
749
750 return chan;
751}
752
753/* AMP Manager functions */
754struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr)
755{
756 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
757
758 kref_get(&mgr->kref);
759
760 return mgr;
761}
762
763static void amp_mgr_destroy(struct kref *kref)
764{
765 struct amp_mgr *mgr = container_of(kref, struct amp_mgr, kref);
766
767 BT_DBG("mgr %p", mgr);
768
769 mutex_lock(&_mgr_list_lock);
770 list_del(&mgr->list);
771 mutex_unlock(&_mgr_list_lock);
772
773 amp_ctrl_list_flush(mgr);
774 kfree(mgr);
775}
776
777int amp_mgr_put(struct amp_mgr *mgr)
778{
779 BT_DBG("mgr %p orig refcnt %d", mgr, atomic_read(&mgr->kref.refcount));
780
781 return kref_put(&mgr->kref, &_mgr_destroy);
782}
783
784static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn, bool locked)
785{
786 struct amp_mgr *mgr;
787 struct l2cap_chan *chan;
788
789 mgr = kzalloc(sizeof(*mgr), GFP_KERNEL);
790 if (!mgr)
791 return NULL;
792
793 BT_DBG("conn %p mgr %p", conn, mgr);
794
795 mgr->l2cap_conn = conn;
796
797 chan = a2mp_chan_open(conn, locked);
798 if (!chan) {
799 kfree(mgr);
800 return NULL;
801 }
802
803 mgr->a2mp_chan = chan;
804 chan->data = mgr;
805
806 conn->hcon->amp_mgr = mgr;
807
808 kref_init(&mgr->kref);
809
810 /* Remote AMP ctrl list initialization */
811 INIT_LIST_HEAD(&mgr->amp_ctrls);
812 mutex_init(&mgr->amp_ctrls_lock);
813
814 mutex_lock(&_mgr_list_lock);
815 list_add(&mgr->list, &_mgr_list);
816 mutex_unlock(&_mgr_list_lock);
817
818 return mgr;
819}
820
821struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn,
822 struct sk_buff *skb)
823{
824 struct amp_mgr *mgr;
825
826 mgr = amp_mgr_create(conn, false);
827 if (!mgr) {
828 BT_ERR("Could not create AMP manager");
829 return NULL;
830 }
831
832 BT_DBG("mgr: %p chan %p", mgr, mgr->a2mp_chan);
833
834 return mgr->a2mp_chan;
835}
836
837struct amp_mgr *amp_mgr_lookup_by_state(u8 state)
838{
839 struct amp_mgr *mgr;
840
841 mutex_lock(&_mgr_list_lock);
842 list_for_each_entry(mgr, &_mgr_list, list) {
843 if (mgr->state == state) {
844 amp_mgr_get(mgr);
845 mutex_unlock(&_mgr_list_lock);
846 return mgr;
847 }
848 }
849 mutex_unlock(&_mgr_list_lock);
850
851 return NULL;
852}
853
854void a2mp_send_getinfo_rsp(struct hci_dev *hdev)
855{
856 struct amp_mgr *mgr;
857 struct a2mp_info_rsp rsp;
858
859 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_INFO);
860 if (!mgr)
861 return;
862
863 BT_DBG("%s mgr %p", hdev->name, mgr);
864
865 rsp.id = hdev->id;
866 rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
867
868 if (hdev->amp_type != HCI_BREDR) {
869 rsp.status = 0;
870 rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
871 rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
872 rsp.min_latency = cpu_to_le32(hdev->amp_min_latency);
873 rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap);
874 rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size);
875 }
876
877 a2mp_send(mgr, A2MP_GETINFO_RSP, mgr->ident, sizeof(rsp), &rsp);
878 amp_mgr_put(mgr);
879}
880
881void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status)
882{
883 struct amp_mgr *mgr;
884 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
885 struct a2mp_amp_assoc_rsp *rsp;
886 size_t len;
887
888 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC);
889 if (!mgr)
890 return;
891
892 BT_DBG("%s mgr %p", hdev->name, mgr);
893
894 len = sizeof(struct a2mp_amp_assoc_rsp) + loc_assoc->len;
895 rsp = kzalloc(len, GFP_KERNEL);
896 if (!rsp) {
897 amp_mgr_put(mgr);
898 return;
899 }
900
901 rsp->id = hdev->id;
902
903 if (status) {
904 rsp->status = A2MP_STATUS_INVALID_CTRL_ID;
905 } else {
906 rsp->status = A2MP_STATUS_SUCCESS;
907 memcpy(rsp->amp_assoc, loc_assoc->data, loc_assoc->len);
908 }
909
910 a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, mgr->ident, len, rsp);
911 amp_mgr_put(mgr);
912 kfree(rsp);
913}
914
915void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status)
916{
917 struct amp_mgr *mgr;
918 struct amp_assoc *loc_assoc = &hdev->loc_assoc;
919 struct a2mp_physlink_req *req;
920 struct l2cap_chan *bredr_chan;
921 size_t len;
922
923 mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC_FINAL);
924 if (!mgr)
925 return;
926
927 len = sizeof(*req) + loc_assoc->len;
928
929 BT_DBG("%s mgr %p assoc_len %zu", hdev->name, mgr, len);
930
931 req = kzalloc(len, GFP_KERNEL);
932 if (!req) {
933 amp_mgr_put(mgr);
934 return;
935 }
936
937 bredr_chan = mgr->bredr_chan;
938 if (!bredr_chan)
939 goto clean;
940
941 req->local_id = hdev->id;
942 req->remote_id = bredr_chan->remote_amp_id;
943 memcpy(req->amp_assoc, loc_assoc->data, loc_assoc->len);
944
945 a2mp_send(mgr, A2MP_CREATEPHYSLINK_REQ, __next_ident(mgr), len, req);
946
947clean:
948 amp_mgr_put(mgr);
949 kfree(req);
950}
951
952void a2mp_discover_amp(struct l2cap_chan *chan)
953{
954 struct l2cap_conn *conn = chan->conn;
955 struct amp_mgr *mgr = conn->hcon->amp_mgr;
956 struct a2mp_discov_req req;
957
958 BT_DBG("chan %p conn %p mgr %p", chan, conn, mgr);
959
960 if (!mgr) {
961 mgr = amp_mgr_create(conn, true);
962 if (!mgr)
963 return;
964 }
965
966 mgr->bredr_chan = chan;
967
968 req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
969 req.ext_feat = 0;
970 a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req);
971}