+25 -6

include/net/bluetooth/hci_core.h

reviewed

··· 376 376 extern int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, 377 377 u16 flags); 378 378 379 379 - extern int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr); 379 379 + extern int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags); 380 380 extern void sco_connect_cfm(struct hci_conn *hcon, __u8 status); 381 381 extern void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason); 382 382 extern int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb); ··· 577 577 int hci_conn_del(struct hci_conn *conn); 578 578 void hci_conn_hash_flush(struct hci_dev *hdev); 579 579 void hci_conn_check_pending(struct hci_dev *hdev); 580 580 + void hci_conn_accept(struct hci_conn *conn, int mask); 580 581 581 582 struct hci_chan *hci_chan_create(struct hci_conn *conn); 582 583 void hci_chan_del(struct hci_chan *chan); ··· 767 766 #define lmp_sniffsubr_capable(dev) ((dev)->features[5] & LMP_SNIFF_SUBR) 768 767 #define lmp_pause_enc_capable(dev) ((dev)->features[5] & LMP_PAUSE_ENC) 769 768 #define lmp_ext_inq_capable(dev) ((dev)->features[6] & LMP_EXT_INQ) 770 770 - #define lmp_le_br_capable(dev) ((dev)->features[6] & LMP_SIMUL_LE_BR) 769 769 + #define lmp_le_br_capable(dev) !!((dev)->features[6] & LMP_SIMUL_LE_BR) 771 770 #define lmp_ssp_capable(dev) ((dev)->features[6] & LMP_SIMPLE_PAIR) 772 771 #define lmp_no_flush_capable(dev) ((dev)->features[6] & LMP_NO_FLUSH) 773 772 #define lmp_lsto_capable(dev) ((dev)->features[7] & LMP_LSTO) ··· 776 775 777 776 /* ----- Extended LMP capabilities ----- */ 778 777 #define lmp_host_ssp_capable(dev) ((dev)->host_features[0] & LMP_HOST_SSP) 779 779 - #define lmp_host_le_capable(dev) ((dev)->host_features[0] & LMP_HOST_LE) 780 780 - #define lmp_host_le_br_capable(dev) ((dev)->host_features[0] & LMP_HOST_LE_BREDR) 778 778 + #define lmp_host_le_capable(dev) !!((dev)->host_features[0] & LMP_HOST_LE) 779 779 + #define lmp_host_le_br_capable(dev) !!((dev)->host_features[0] & LMP_HOST_LE_BREDR) 780 780 + 781 781 + /* returns true if at least one AMP active */ 782 782 + static inline bool hci_amp_capable(void) 783 783 + { 784 784 + struct hci_dev *hdev; 785 785 + bool ret = false; 786 786 + 787 787 + read_lock(&hci_dev_list_lock); 788 788 + list_for_each_entry(hdev, &hci_dev_list, list) 789 789 + if (hdev->amp_type == HCI_AMP && 790 790 + test_bit(HCI_UP, &hdev->flags)) 791 791 + ret = true; 792 792 + read_unlock(&hci_dev_list_lock); 793 793 + 794 794 + return ret; 795 795 + } 781 796 782 797 /* ----- HCI protocols ----- */ 798 798 + #define HCI_PROTO_DEFER 0x01 799 799 + 783 800 static inline int hci_proto_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, 784 784 - __u8 type) 801 801 + __u8 type, __u8 *flags) 785 802 { 786 803 switch (type) { 787 804 case ACL_LINK: ··· 807 788 808 789 case SCO_LINK: 809 790 case ESCO_LINK: 810 810 - return sco_connect_ind(hdev, bdaddr); 791 791 + return sco_connect_ind(hdev, bdaddr, flags); 811 792 812 793 default: 813 794 BT_ERR("unknown link type %d", type);

+1 -1

include/net/bluetooth/l2cap.h

reviewed

··· 611 611 CONF_MTU_DONE, 612 612 CONF_MODE_DONE, 613 613 CONF_CONNECT_PEND, 614 614 - CONF_NO_FCS_RECV, 614 614 + CONF_RECV_NO_FCS, 615 615 CONF_STATE2_DEVICE, 616 616 CONF_EWS_RECV, 617 617 CONF_LOC_CONF_PEND,

+5

net/bluetooth/hci_core.c

reviewed

··· 861 861 /* Clear flags */ 862 862 hdev->flags = 0; 863 863 864 864 + /* Controller radio is available but is currently powered down */ 865 865 + hdev->amp_status = 0; 866 866 + 864 867 memset(hdev->eir, 0, sizeof(hdev->eir)); 865 868 memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); 866 869 ··· 1856 1853 1857 1854 for (i = 0; i < NUM_REASSEMBLY; i++) 1858 1855 kfree_skb(hdev->reassembly[i]); 1856 1856 + 1857 1857 + cancel_work_sync(&hdev->power_on); 1859 1858 1860 1859 if (!test_bit(HCI_INIT, &hdev->flags) && 1861 1860 !test_bit(HCI_SETUP, &hdev->dev_flags)) {

+50 -6

net/bluetooth/hci_event.c

reviewed

··· 794 794 795 795 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 796 796 cp.le = 1; 797 797 - cp.simul = !!lmp_le_br_capable(hdev); 797 797 + cp.simul = lmp_le_br_capable(hdev); 798 798 } 799 799 800 800 - if (cp.le != !!lmp_host_le_capable(hdev)) 800 800 + if (cp.le != lmp_host_le_capable(hdev)) 801 801 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), 802 802 &cp); 803 803 } ··· 2047 2047 hci_conn_check_pending(hdev); 2048 2048 } 2049 2049 2050 2050 + void hci_conn_accept(struct hci_conn *conn, int mask) 2051 2051 + { 2052 2052 + struct hci_dev *hdev = conn->hdev; 2053 2053 + 2054 2054 + BT_DBG("conn %p", conn); 2055 2055 + 2056 2056 + conn->state = BT_CONFIG; 2057 2057 + 2058 2058 + if (!lmp_esco_capable(hdev)) { 2059 2059 + struct hci_cp_accept_conn_req cp; 2060 2060 + 2061 2061 + bacpy(&cp.bdaddr, &conn->dst); 2062 2062 + 2063 2063 + if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER)) 2064 2064 + cp.role = 0x00; /* Become master */ 2065 2065 + else 2066 2066 + cp.role = 0x01; /* Remain slave */ 2067 2067 + 2068 2068 + hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp); 2069 2069 + } else /* lmp_esco_capable(hdev)) */ { 2070 2070 + struct hci_cp_accept_sync_conn_req cp; 2071 2071 + 2072 2072 + bacpy(&cp.bdaddr, &conn->dst); 2073 2073 + cp.pkt_type = cpu_to_le16(conn->pkt_type); 2074 2074 + 2075 2075 + cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40); 2076 2076 + cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40); 2077 2077 + cp.max_latency = __constant_cpu_to_le16(0xffff); 2078 2078 + cp.content_format = cpu_to_le16(hdev->voice_setting); 2079 2079 + cp.retrans_effort = 0xff; 2080 2080 + 2081 2081 + hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 2082 2082 + sizeof(cp), &cp); 2083 2083 + } 2084 2084 + } 2085 2085 + 2050 2086 static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 2051 2087 { 2052 2088 struct hci_ev_conn_request *ev = (void *) skb->data; 2053 2089 int mask = hdev->link_mode; 2090 2090 + __u8 flags = 0; 2054 2091 2055 2092 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr, 2056 2093 ev->link_type); 2057 2094 2058 2058 - mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type); 2095 2095 + mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type, 2096 2096 + &flags); 2059 2097 2060 2098 if ((mask & HCI_LM_ACCEPT) && 2061 2099 !hci_blacklist_lookup(hdev, &ev->bdaddr)) { ··· 2119 2081 } 2120 2082 2121 2083 memcpy(conn->dev_class, ev->dev_class, 3); 2122 2122 - conn->state = BT_CONNECT; 2123 2084 2124 2085 hci_dev_unlock(hdev); 2125 2086 2126 2126 - if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) { 2087 2087 + if (ev->link_type == ACL_LINK || 2088 2088 + (!(flags & HCI_PROTO_DEFER) && !lmp_esco_capable(hdev))) { 2127 2089 struct hci_cp_accept_conn_req cp; 2090 2090 + conn->state = BT_CONNECT; 2128 2091 2129 2092 bacpy(&cp.bdaddr, &ev->bdaddr); 2130 2093 ··· 2136 2097 2137 2098 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), 2138 2099 &cp); 2139 2139 - } else { 2100 2100 + } else if (!(flags & HCI_PROTO_DEFER)) { 2140 2101 struct hci_cp_accept_sync_conn_req cp; 2102 2102 + conn->state = BT_CONNECT; 2141 2103 2142 2104 bacpy(&cp.bdaddr, &ev->bdaddr); 2143 2105 cp.pkt_type = cpu_to_le16(conn->pkt_type); ··· 2151 2111 2152 2112 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, 2153 2113 sizeof(cp), &cp); 2114 2114 + } else { 2115 2115 + conn->state = BT_CONNECT2; 2116 2116 + hci_proto_connect_cfm(conn, 0); 2117 2117 + hci_conn_put(conn); 2154 2118 } 2155 2119 } else { 2156 2120 /* Connection rejected */

+51 -49

net/bluetooth/l2cap_core.c

reviewed

··· 53 53 static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, 54 54 void *data); 55 55 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data); 56 56 - static void l2cap_send_disconn_req(struct l2cap_conn *conn, 57 57 - struct l2cap_chan *chan, int err); 56 56 + static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err); 58 57 59 58 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control, 60 59 struct sk_buff_head *skbs, u8 event); ··· 631 632 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && 632 633 conn->hcon->type == ACL_LINK) { 633 634 __set_chan_timer(chan, sk->sk_sndtimeo); 634 634 - l2cap_send_disconn_req(conn, chan, reason); 635 635 + l2cap_send_disconn_req(chan, reason); 635 636 } else 636 637 l2cap_chan_del(chan, reason); 637 638 break; ··· 1013 1014 struct l2cap_conn *conn = chan->conn; 1014 1015 1015 1016 if (enable_hs && 1017 1017 + hci_amp_capable() && 1016 1018 chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED && 1017 1019 conn->fixed_chan_mask & L2CAP_FC_A2MP) 1018 1020 return true; ··· 1180 1180 } 1181 1181 } 1182 1182 1183 1183 - static void l2cap_send_disconn_req(struct l2cap_conn *conn, 1184 1184 - struct l2cap_chan *chan, int err) 1183 1183 + static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err) 1185 1184 { 1186 1185 struct sock *sk = chan->sk; 1186 1186 + struct l2cap_conn *conn = chan->conn; 1187 1187 struct l2cap_disconn_req req; 1188 1188 1189 1189 if (!conn) ··· 1960 1960 if (chan->max_tx != 0 && 1961 1961 bt_cb(skb)->control.retries > chan->max_tx) { 1962 1962 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); 1963 1963 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 1963 1963 + l2cap_send_disconn_req(chan, ECONNRESET); 1964 1964 l2cap_seq_list_clear(&chan->retrans_list); 1965 1965 break; 1966 1966 } ··· 2666 2666 __set_monitor_timer(chan); 2667 2667 chan->retry_count++; 2668 2668 } else { 2669 2669 - l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED); 2669 2669 + l2cap_send_disconn_req(chan, ECONNABORTED); 2670 2670 } 2671 2671 break; 2672 2672 default: ··· 3106 3106 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 3107 3107 l2cap_add_opt_efs(&ptr, chan); 3108 3108 3109 3109 - if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS)) 3110 3110 - break; 3111 3111 - 3112 3112 - if (chan->fcs == L2CAP_FCS_NONE || 3113 3113 - test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 3114 3114 - chan->fcs = L2CAP_FCS_NONE; 3115 3115 - l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 3116 3116 - } 3117 3117 - 3118 3109 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) 3119 3110 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2, 3120 3111 chan->tx_win); 3112 3112 + 3113 3113 + if (chan->conn->feat_mask & L2CAP_FEAT_FCS) 3114 3114 + if (chan->fcs == L2CAP_FCS_NONE || 3115 3115 + test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) { 3116 3116 + chan->fcs = L2CAP_FCS_NONE; 3117 3117 + l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, 3118 3118 + chan->fcs); 3119 3119 + } 3121 3120 break; 3122 3121 3123 3122 case L2CAP_MODE_STREAMING: ··· 3138 3139 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) 3139 3140 l2cap_add_opt_efs(&ptr, chan); 3140 3141 3141 3141 - if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS)) 3142 3142 - break; 3143 3143 - 3144 3144 - if (chan->fcs == L2CAP_FCS_NONE || 3145 3145 - test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) { 3146 3146 - chan->fcs = L2CAP_FCS_NONE; 3147 3147 - l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs); 3148 3148 - } 3142 3142 + if (chan->conn->feat_mask & L2CAP_FEAT_FCS) 3143 3143 + if (chan->fcs == L2CAP_FCS_NONE || 3144 3144 + test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) { 3145 3145 + chan->fcs = L2CAP_FCS_NONE; 3146 3146 + l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, 3147 3147 + chan->fcs); 3148 3148 + } 3149 3149 break; 3150 3150 } 3151 3151 ··· 3196 3198 3197 3199 case L2CAP_CONF_FCS: 3198 3200 if (val == L2CAP_FCS_NONE) 3199 3199 - set_bit(CONF_NO_FCS_RECV, &chan->conf_state); 3201 3201 + set_bit(CONF_RECV_NO_FCS, &chan->conf_state); 3200 3202 break; 3201 3203 3202 3204 case L2CAP_CONF_EFS: ··· 3430 3432 3431 3433 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), 3432 3434 (unsigned long) &efs); 3435 3435 + break; 3436 3436 + 3437 3437 + case L2CAP_CONF_FCS: 3438 3438 + if (*result == L2CAP_CONF_PENDING) 3439 3439 + if (val == L2CAP_FCS_NONE) 3440 3440 + set_bit(CONF_RECV_NO_FCS, 3441 3441 + &chan->conf_state); 3433 3442 break; 3434 3443 } 3435 3444 } ··· 3807 3802 */ 3808 3803 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING) 3809 3804 chan->fcs = L2CAP_FCS_NONE; 3810 3810 - else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) 3805 3805 + else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) 3811 3806 chan->fcs = L2CAP_FCS_CRC16; 3812 3807 } 3813 3808 ··· 3882 3877 /* Complete config. */ 3883 3878 len = l2cap_parse_conf_req(chan, rsp); 3884 3879 if (len < 0) { 3885 3885 - l2cap_send_disconn_req(conn, chan, ECONNRESET); 3880 3880 + l2cap_send_disconn_req(chan, ECONNRESET); 3886 3881 goto unlock; 3887 3882 } 3888 3883 ··· 3904 3899 err = l2cap_ertm_init(chan); 3905 3900 3906 3901 if (err < 0) 3907 3907 - l2cap_send_disconn_req(chan->conn, chan, -err); 3902 3902 + l2cap_send_disconn_req(chan, -err); 3908 3903 else 3909 3904 l2cap_chan_ready(chan); 3910 3905 ··· 3972 3967 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 3973 3968 buf, &result); 3974 3969 if (len < 0) { 3975 3975 - l2cap_send_disconn_req(conn, chan, ECONNRESET); 3970 3970 + l2cap_send_disconn_req(chan, ECONNRESET); 3976 3971 goto done; 3977 3972 } 3978 3973 ··· 3993 3988 char req[64]; 3994 3989 3995 3990 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { 3996 3996 - l2cap_send_disconn_req(conn, chan, ECONNRESET); 3991 3991 + l2cap_send_disconn_req(chan, ECONNRESET); 3997 3992 goto done; 3998 3993 } 3999 3994 ··· 4002 3997 len = l2cap_parse_conf_rsp(chan, rsp->data, len, 4003 3998 req, &result); 4004 3999 if (len < 0) { 4005 4005 - l2cap_send_disconn_req(conn, chan, ECONNRESET); 4000 4000 + l2cap_send_disconn_req(chan, ECONNRESET); 4006 4001 goto done; 4007 4002 } 4008 4003 ··· 4018 4013 l2cap_chan_set_err(chan, ECONNRESET); 4019 4014 4020 4015 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT); 4021 4021 - l2cap_send_disconn_req(conn, chan, ECONNRESET); 4016 4016 + l2cap_send_disconn_req(chan, ECONNRESET); 4022 4017 goto done; 4023 4018 } 4024 4019 ··· 4035 4030 err = l2cap_ertm_init(chan); 4036 4031 4037 4032 if (err < 0) 4038 4038 - l2cap_send_disconn_req(chan->conn, chan, -err); 4033 4033 + l2cap_send_disconn_req(chan, -err); 4039 4034 else 4040 4035 l2cap_chan_ready(chan); 4041 4036 } ··· 4397 4392 /* Logical link setup failed */ 4398 4393 if (chan->state != BT_CONNECTED) { 4399 4394 /* Create channel failure, disconnect */ 4400 4400 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 4395 4395 + l2cap_send_disconn_req(chan, ECONNRESET); 4401 4396 return; 4402 4397 } 4403 4398 ··· 4440 4435 4441 4436 err = l2cap_ertm_init(chan); 4442 4437 if (err < 0) 4443 4443 - l2cap_send_disconn_req(chan->conn, chan, -err); 4438 4438 + l2cap_send_disconn_req(chan, -err); 4444 4439 else 4445 4440 l2cap_chan_ready(chan); 4446 4441 } ··· 5405 5400 5406 5401 if (control->reqseq == chan->next_tx_seq) { 5407 5402 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); 5408 5408 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5403 5403 + l2cap_send_disconn_req(chan, ECONNRESET); 5409 5404 return; 5410 5405 } 5411 5406 ··· 5419 5414 5420 5415 if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) { 5421 5416 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); 5422 5422 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5417 5417 + l2cap_send_disconn_req(chan, ECONNRESET); 5423 5418 return; 5424 5419 } 5425 5420 ··· 5463 5458 5464 5459 if (control->reqseq == chan->next_tx_seq) { 5465 5460 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); 5466 5466 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5461 5461 + l2cap_send_disconn_req(chan, ECONNRESET); 5467 5462 return; 5468 5463 } 5469 5464 ··· 5472 5467 if (chan->max_tx && skb && 5473 5468 bt_cb(skb)->control.retries >= chan->max_tx) { 5474 5469 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); 5475 5475 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5470 5470 + l2cap_send_disconn_req(chan, ECONNRESET); 5476 5471 return; 5477 5472 } 5478 5473 ··· 5656 5651 break; 5657 5652 case L2CAP_TXSEQ_INVALID: 5658 5653 default: 5659 5659 - l2cap_send_disconn_req(chan->conn, chan, 5660 5660 - ECONNRESET); 5654 5654 + l2cap_send_disconn_req(chan, ECONNRESET); 5661 5655 break; 5662 5656 } 5663 5657 break; ··· 5789 5785 break; 5790 5786 case L2CAP_TXSEQ_INVALID: 5791 5787 default: 5792 5792 - l2cap_send_disconn_req(chan->conn, chan, 5793 5793 - ECONNRESET); 5788 5788 + l2cap_send_disconn_req(chan, ECONNRESET); 5794 5789 break; 5795 5790 } 5796 5791 break; ··· 5984 5981 BT_DBG("Invalid reqseq %d (next_tx_seq %d, expected_ack_seq %d", 5985 5982 control->reqseq, chan->next_tx_seq, 5986 5983 chan->expected_ack_seq); 5987 5987 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 5984 5984 + l2cap_send_disconn_req(chan, ECONNRESET); 5988 5985 } 5989 5986 5990 5987 return err; ··· 6053 6050 len -= L2CAP_FCS_SIZE; 6054 6051 6055 6052 if (len > chan->mps) { 6056 6056 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 6053 6053 + l2cap_send_disconn_req(chan, ECONNRESET); 6057 6054 goto drop; 6058 6055 } 6059 6056 ··· 6078 6075 } 6079 6076 6080 6077 if (err) 6081 6081 - l2cap_send_disconn_req(chan->conn, chan, 6082 6082 - ECONNRESET); 6078 6078 + l2cap_send_disconn_req(chan, ECONNRESET); 6083 6079 } else { 6084 6080 const u8 rx_func_to_event[4] = { 6085 6081 L2CAP_EV_RECV_RR, L2CAP_EV_RECV_REJ, ··· 6095 6093 6096 6094 if (len != 0) { 6097 6095 BT_ERR("Trailing bytes: %d in sframe", len); 6098 6098 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 6096 6096 + l2cap_send_disconn_req(chan, ECONNRESET); 6099 6097 goto drop; 6100 6098 } 6101 6099 ··· 6106 6104 6107 6105 event = rx_func_to_event[control->super]; 6108 6106 if (l2cap_rx(chan, control, skb, event)) 6109 6109 - l2cap_send_disconn_req(chan->conn, chan, ECONNRESET); 6107 6107 + l2cap_send_disconn_req(chan, ECONNRESET); 6110 6108 } 6111 6109 6112 6110 return 0;

+5 -5

net/bluetooth/mgmt.c

reviewed

··· 1226 1226 } 1227 1227 1228 1228 val = !!cp->val; 1229 1229 - enabled = !!lmp_host_le_capable(hdev); 1229 1229 + enabled = lmp_host_le_capable(hdev); 1230 1230 1231 1231 if (!hdev_is_powered(hdev) || val == enabled) { 1232 1232 bool changed = false; ··· 1262 1262 1263 1263 if (val) { 1264 1264 hci_cp.le = val; 1265 1265 - hci_cp.simul = !!lmp_le_br_capable(hdev); 1265 1265 + hci_cp.simul = lmp_le_br_capable(hdev); 1266 1266 } 1267 1267 1268 1268 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), ··· 2926 2926 struct hci_cp_write_le_host_supported cp; 2927 2927 2928 2928 cp.le = 1; 2929 2929 - cp.simul = !!lmp_le_br_capable(hdev); 2929 2929 + cp.simul = lmp_le_br_capable(hdev); 2930 2930 2931 2931 /* Check first if we already have the right 2932 2932 * host state (host features set) 2933 2933 */ 2934 2934 - if (cp.le != !!lmp_host_le_capable(hdev) || 2935 2935 - cp.simul != !!lmp_host_le_br_capable(hdev)) 2934 2934 + if (cp.le != lmp_host_le_capable(hdev) || 2935 2935 + cp.simul != lmp_host_le_br_capable(hdev)) 2936 2936 hci_send_cmd(hdev, 2937 2937 HCI_OP_WRITE_LE_HOST_SUPPORTED, 2938 2938 sizeof(cp), &cp);

+2 -2

net/bluetooth/rfcomm/sock.c

reviewed

··· 467 467 long timeo; 468 468 int err = 0; 469 469 470 470 - lock_sock(sk); 470 470 + lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 471 471 472 472 if (sk->sk_type != SOCK_STREAM) { 473 473 err = -EINVAL; ··· 504 504 505 505 release_sock(sk); 506 506 timeo = schedule_timeout(timeo); 507 507 - lock_sock(sk); 507 507 + lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 508 508 } 509 509 __set_current_state(TASK_RUNNING); 510 510 remove_wait_queue(sk_sleep(sk), &wait);

+74 -12

net/bluetooth/sco.c

reviewed

··· 131 131 sco_sock_clear_timer(sk); 132 132 sco_chan_del(sk, err); 133 133 bh_unlock_sock(sk); 134 134 - 135 135 - sco_conn_lock(conn); 136 136 - conn->sk = NULL; 137 137 - sco_pi(sk)->conn = NULL; 138 138 - sco_conn_unlock(conn); 139 139 - 140 140 - if (conn->hcon) 141 141 - hci_conn_put(conn->hcon); 142 142 - 143 134 sco_sock_kill(sk); 144 135 } 145 136 ··· 388 397 389 398 if (parent) { 390 399 sk->sk_type = parent->sk_type; 400 400 + bt_sk(sk)->flags = bt_sk(parent)->flags; 391 401 security_sk_clone(parent, sk); 392 402 } 393 403 } ··· 654 662 return err; 655 663 } 656 664 665 665 + static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 666 666 + struct msghdr *msg, size_t len, int flags) 667 667 + { 668 668 + struct sock *sk = sock->sk; 669 669 + struct sco_pinfo *pi = sco_pi(sk); 670 670 + 671 671 + lock_sock(sk); 672 672 + 673 673 + if (sk->sk_state == BT_CONNECT2 && 674 674 + test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 675 675 + hci_conn_accept(pi->conn->hcon, 0); 676 676 + sk->sk_state = BT_CONFIG; 677 677 + 678 678 + release_sock(sk); 679 679 + return 0; 680 680 + } 681 681 + 682 682 + release_sock(sk); 683 683 + 684 684 + return bt_sock_recvmsg(iocb, sock, msg, len, flags); 685 685 + } 686 686 + 657 687 static int sco_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) 658 688 { 659 689 struct sock *sk = sock->sk; 660 690 int err = 0; 691 691 + u32 opt; 661 692 662 693 BT_DBG("sk %p", sk); 663 694 664 695 lock_sock(sk); 665 696 666 697 switch (optname) { 698 698 + 699 699 + case BT_DEFER_SETUP: 700 700 + if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 701 701 + err = -EINVAL; 702 702 + break; 703 703 + } 704 704 + 705 705 + if (get_user(opt, (u32 __user *) optval)) { 706 706 + err = -EFAULT; 707 707 + break; 708 708 + } 709 709 + 710 710 + if (opt) 711 711 + set_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 712 712 + else 713 713 + clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags); 714 714 + break; 715 715 + 667 716 default: 668 717 err = -ENOPROTOOPT; 669 718 break; ··· 786 753 lock_sock(sk); 787 754 788 755 switch (optname) { 756 756 + 757 757 + case BT_DEFER_SETUP: 758 758 + if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) { 759 759 + err = -EINVAL; 760 760 + break; 761 761 + } 762 762 + 763 763 + if (put_user(test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags), 764 764 + (u32 __user *) optval)) 765 765 + err = -EFAULT; 766 766 + 767 767 + break; 768 768 + 789 769 default: 790 770 err = -ENOPROTOOPT; 791 771 break; ··· 876 830 877 831 BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 878 832 833 833 + if (conn) { 834 834 + sco_conn_lock(conn); 835 835 + conn->sk = NULL; 836 836 + sco_pi(sk)->conn = NULL; 837 837 + sco_conn_unlock(conn); 838 838 + 839 839 + if (conn->hcon) 840 840 + hci_conn_put(conn->hcon); 841 841 + } 842 842 + 879 843 sk->sk_state = BT_CLOSED; 880 844 sk->sk_err = err; 881 845 sk->sk_state_change(sk); ··· 930 874 hci_conn_hold(conn->hcon); 931 875 __sco_chan_add(conn, sk, parent); 932 876 933 933 - sk->sk_state = BT_CONNECTED; 877 877 + if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags)) 878 878 + sk->sk_state = BT_CONNECT2; 879 879 + else 880 880 + sk->sk_state = BT_CONNECTED; 934 881 935 882 /* Wake up parent */ 936 883 parent->sk_data_ready(parent, 1); ··· 946 887 } 947 888 948 889 /* ----- SCO interface with lower layer (HCI) ----- */ 949 949 - int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr) 890 890 + int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 950 891 { 951 892 struct sock *sk; 952 893 struct hlist_node *node; ··· 963 904 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr) || 964 905 !bacmp(&bt_sk(sk)->src, BDADDR_ANY)) { 965 906 lm |= HCI_LM_ACCEPT; 907 907 + 908 908 + if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 909 909 + *flags |= HCI_PROTO_DEFER; 966 910 break; 967 911 } 968 912 } ··· 1054 992 .accept = sco_sock_accept, 1055 993 .getname = sco_sock_getname, 1056 994 .sendmsg = sco_sock_sendmsg, 1057 1057 - .recvmsg = bt_sock_recvmsg, 995 995 + .recvmsg = sco_sock_recvmsg, 1058 996 .poll = bt_sock_poll, 1059 997 .ioctl = bt_sock_ioctl, 1060 998 .mmap = sock_no_mmap,