+2

drivers/bluetooth/Makefile

reviewed

··· 30 30 hci_uart-$(CONFIG_BT_HCIUART_ATH3K) += hci_ath.o 31 31 hci_uart-$(CONFIG_BT_HCIUART_3WIRE) += hci_h5.o 32 32 hci_uart-objs := $(hci_uart-y) 33 33 + 34 34 + ccflags-y += -D__CHECK_ENDIAN__

+2

drivers/bluetooth/ath3k.c

reviewed

··· 85 85 { USB_DEVICE(0x04CA, 0x3008) }, 86 86 { USB_DEVICE(0x13d3, 0x3362) }, 87 87 { USB_DEVICE(0x0CF3, 0xE004) }, 88 88 + { USB_DEVICE(0x0CF3, 0xE005) }, 88 89 { USB_DEVICE(0x0930, 0x0219) }, 89 90 { USB_DEVICE(0x0489, 0xe057) }, 90 91 { USB_DEVICE(0x13d3, 0x3393) }, ··· 127 126 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 128 127 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 129 128 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 129 129 + { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 130 130 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 131 131 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 132 132 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },

+7 -5

drivers/bluetooth/btmrvl_drv.h

reviewed

··· 23 23 #include <linux/bitops.h> 24 24 #include <linux/slab.h> 25 25 #include <net/bluetooth/bluetooth.h> 26 26 + #include <linux/ctype.h> 27 27 + #include <linux/firmware.h> 26 28 27 29 #define BTM_HEADER_LEN 4 28 30 #define BTM_UPLD_SIZE 2312 ··· 43 41 struct btmrvl_device { 44 42 void *card; 45 43 struct hci_dev *hcidev; 44 44 + struct device *dev; 45 45 + const char *cal_data; 46 46 47 47 u8 dev_type; 48 48 ··· 95 91 #define BT_CMD_HOST_SLEEP_CONFIG 0x59 96 92 #define BT_CMD_HOST_SLEEP_ENABLE 0x5A 97 93 #define BT_CMD_MODULE_CFG_REQ 0x5B 94 94 + #define BT_CMD_LOAD_CONFIG_DATA 0x61 98 95 99 96 /* Sub-commands: Module Bringup/Shutdown Request/Response */ 100 97 #define MODULE_BRINGUP_REQ 0xF1 ··· 121 116 #define PS_SLEEP 0x01 122 117 #define PS_AWAKE 0x00 123 118 124 124 - struct btmrvl_cmd { 125 125 - __le16 ocf_ogf; 126 126 - u8 length; 127 127 - u8 data[4]; 128 128 - } __packed; 119 119 + #define BT_CMD_DATA_SIZE 32 120 120 + #define BT_CAL_DATA_SIZE 28 129 121 130 122 struct btmrvl_event { 131 123 u8 ec; /* event counter */

+176 -93

drivers/bluetooth/btmrvl_main.c

reviewed

··· 57 57 ocf = hci_opcode_ocf(opcode); 58 58 ogf = hci_opcode_ogf(opcode); 59 59 60 60 - if (ocf == BT_CMD_MODULE_CFG_REQ && 61 61 - priv->btmrvl_dev.sendcmdflag) { 60 60 + if (priv->btmrvl_dev.sendcmdflag) { 62 61 priv->btmrvl_dev.sendcmdflag = false; 63 62 priv->adapter->cmd_complete = true; 64 63 wake_up_interruptible(&priv->adapter->cmd_wait_q); ··· 115 116 adapter->hs_state = HS_ACTIVATED; 116 117 if (adapter->psmode) 117 118 adapter->ps_state = PS_SLEEP; 118 118 - wake_up_interruptible(&adapter->cmd_wait_q); 119 119 BT_DBG("HS ACTIVATED!"); 120 120 } else { 121 121 BT_DBG("HS Enable failed"); ··· 166 168 } 167 169 EXPORT_SYMBOL_GPL(btmrvl_process_event); 168 170 169 169 - int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd) 171 171 + static int btmrvl_send_sync_cmd(struct btmrvl_private *priv, u16 cmd_no, 172 172 + const void *param, u8 len) 170 173 { 171 174 struct sk_buff *skb; 172 172 - struct btmrvl_cmd *cmd; 173 173 - int ret = 0; 175 175 + struct hci_command_hdr *hdr; 174 176 175 175 - skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC); 177 177 + skb = bt_skb_alloc(HCI_COMMAND_HDR_SIZE + len, GFP_ATOMIC); 176 178 if (skb == NULL) { 177 179 BT_ERR("No free skb"); 178 180 return -ENOMEM; 179 181 } 180 182 181 181 - cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd)); 182 182 - cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_MODULE_CFG_REQ)); 183 183 - cmd->length = 1; 184 184 - cmd->data[0] = subcmd; 183 183 + hdr = (struct hci_command_hdr *)skb_put(skb, HCI_COMMAND_HDR_SIZE); 184 184 + hdr->opcode = cpu_to_le16(hci_opcode_pack(OGF, cmd_no)); 185 185 + hdr->plen = len; 186 186 + 187 187 + if (len) 188 188 + memcpy(skb_put(skb, len), param, len); 185 189 186 190 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT; 187 191 ··· 194 194 195 195 priv->adapter->cmd_complete = false; 196 196 197 197 - BT_DBG("Queue module cfg Command"); 198 198 - 199 197 wake_up_interruptible(&priv->main_thread.wait_q); 200 198 201 199 if (!wait_event_interruptible_timeout(priv->adapter->cmd_wait_q, 202 200 priv->adapter->cmd_complete, 203 203 - msecs_to_jiffies(WAIT_UNTIL_CMD_RESP))) { 204 204 - ret = -ETIMEDOUT; 205 205 - BT_ERR("module_cfg_cmd(%x): timeout: %d", 206 206 - subcmd, priv->btmrvl_dev.sendcmdflag); 207 207 - } 201 201 + msecs_to_jiffies(WAIT_UNTIL_CMD_RESP))) 202 202 + return -ETIMEDOUT; 208 203 209 209 - BT_DBG("module cfg Command done"); 204 204 + return 0; 205 205 + } 206 206 + 207 207 + int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd) 208 208 + { 209 209 + int ret; 210 210 + 211 211 + ret = btmrvl_send_sync_cmd(priv, BT_CMD_MODULE_CFG_REQ, &subcmd, 1); 212 212 + if (ret) 213 213 + BT_ERR("module_cfg_cmd(%x) failed\n", subcmd); 210 214 211 215 return ret; 212 216 } ··· 218 214 219 215 int btmrvl_send_hscfg_cmd(struct btmrvl_private *priv) 220 216 { 221 221 - struct sk_buff *skb; 222 222 - struct btmrvl_cmd *cmd; 217 217 + int ret; 218 218 + u8 param[2]; 223 219 224 224 - skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC); 225 225 - if (!skb) { 226 226 - BT_ERR("No free skb"); 227 227 - return -ENOMEM; 228 228 - } 220 220 + param[0] = (priv->btmrvl_dev.gpio_gap & 0xff00) >> 8; 221 221 + param[1] = (u8) (priv->btmrvl_dev.gpio_gap & 0x00ff); 229 222 230 230 - cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd)); 231 231 - cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, 232 232 - BT_CMD_HOST_SLEEP_CONFIG)); 233 233 - cmd->length = 2; 234 234 - cmd->data[0] = (priv->btmrvl_dev.gpio_gap & 0xff00) >> 8; 235 235 - cmd->data[1] = (u8) (priv->btmrvl_dev.gpio_gap & 0x00ff); 223 223 + BT_DBG("Sending HSCFG Command, gpio=0x%x, gap=0x%x", 224 224 + param[0], param[1]); 236 225 237 237 - bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT; 226 226 + ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_CONFIG, param, 2); 227 227 + if (ret) 228 228 + BT_ERR("HSCFG command failed\n"); 238 229 239 239 - skb->dev = (void *) priv->btmrvl_dev.hcidev; 240 240 - skb_queue_head(&priv->adapter->tx_queue, skb); 241 241 - 242 242 - BT_DBG("Queue HSCFG Command, gpio=0x%x, gap=0x%x", cmd->data[0], 243 243 - cmd->data[1]); 244 244 - 245 245 - return 0; 230 230 + return ret; 246 231 } 247 232 EXPORT_SYMBOL_GPL(btmrvl_send_hscfg_cmd); 248 233 249 234 int btmrvl_enable_ps(struct btmrvl_private *priv) 250 235 { 251 251 - struct sk_buff *skb; 252 252 - struct btmrvl_cmd *cmd; 253 253 - 254 254 - skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC); 255 255 - if (skb == NULL) { 256 256 - BT_ERR("No free skb"); 257 257 - return -ENOMEM; 258 258 - } 259 259 - 260 260 - cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd)); 261 261 - cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, 262 262 - BT_CMD_AUTO_SLEEP_MODE)); 263 263 - cmd->length = 1; 236 236 + int ret; 237 237 + u8 param; 264 238 265 239 if (priv->btmrvl_dev.psmode) 266 266 - cmd->data[0] = BT_PS_ENABLE; 240 240 + param = BT_PS_ENABLE; 267 241 else 268 268 - cmd->data[0] = BT_PS_DISABLE; 242 242 + param = BT_PS_DISABLE; 269 243 270 270 - bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT; 271 271 - 272 272 - skb->dev = (void *) priv->btmrvl_dev.hcidev; 273 273 - skb_queue_head(&priv->adapter->tx_queue, skb); 274 274 - 275 275 - BT_DBG("Queue PSMODE Command:%d", cmd->data[0]); 244 244 + ret = btmrvl_send_sync_cmd(priv, BT_CMD_AUTO_SLEEP_MODE, &param, 1); 245 245 + if (ret) 246 246 + BT_ERR("PSMODE command failed\n"); 276 247 277 248 return 0; 278 249 } ··· 255 276 256 277 int btmrvl_enable_hs(struct btmrvl_private *priv) 257 278 { 258 258 - struct sk_buff *skb; 259 259 - struct btmrvl_cmd *cmd; 260 260 - int ret = 0; 279 279 + int ret; 261 280 262 262 - skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC); 263 263 - if (skb == NULL) { 264 264 - BT_ERR("No free skb"); 265 265 - return -ENOMEM; 266 266 - } 267 267 - 268 268 - cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd)); 269 269 - cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_HOST_SLEEP_ENABLE)); 270 270 - cmd->length = 0; 271 271 - 272 272 - bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT; 273 273 - 274 274 - skb->dev = (void *) priv->btmrvl_dev.hcidev; 275 275 - skb_queue_head(&priv->adapter->tx_queue, skb); 276 276 - 277 277 - BT_DBG("Queue hs enable Command"); 278 278 - 279 279 - wake_up_interruptible(&priv->main_thread.wait_q); 280 280 - 281 281 - if (!wait_event_interruptible_timeout(priv->adapter->cmd_wait_q, 282 282 - priv->adapter->hs_state, 283 283 - msecs_to_jiffies(WAIT_UNTIL_HS_STATE_CHANGED))) { 284 284 - ret = -ETIMEDOUT; 285 285 - BT_ERR("timeout: %d, %d,%d", priv->adapter->hs_state, 286 286 - priv->adapter->ps_state, 287 287 - priv->adapter->wakeup_tries); 288 288 - } 281 281 + ret = btmrvl_send_sync_cmd(priv, BT_CMD_HOST_SLEEP_ENABLE, NULL, 0); 282 282 + if (ret) 283 283 + BT_ERR("Host sleep enable command failed\n"); 289 284 290 285 return ret; 291 286 } ··· 433 480 } 434 481 435 482 /* 483 483 + * This function parses provided calibration data input. It should contain 484 484 + * hex bytes separated by space or new line character. Here is an example. 485 485 + * 00 1C 01 37 FF FF FF FF 02 04 7F 01 486 486 + * CE BA 00 00 00 2D C6 C0 00 00 00 00 487 487 + * 00 F0 00 00 488 488 + */ 489 489 + static int btmrvl_parse_cal_cfg(const u8 *src, u32 len, u8 *dst, u32 dst_size) 490 490 + { 491 491 + const u8 *s = src; 492 492 + u8 *d = dst; 493 493 + int ret; 494 494 + u8 tmp[3]; 495 495 + 496 496 + tmp[2] = '\0'; 497 497 + while ((s - src) <= len - 2) { 498 498 + if (isspace(*s)) { 499 499 + s++; 500 500 + continue; 501 501 + } 502 502 + 503 503 + if (isxdigit(*s)) { 504 504 + if ((d - dst) >= dst_size) { 505 505 + BT_ERR("calibration data file too big!!!"); 506 506 + return -EINVAL; 507 507 + } 508 508 + 509 509 + memcpy(tmp, s, 2); 510 510 + 511 511 + ret = kstrtou8(tmp, 16, d++); 512 512 + if (ret < 0) 513 513 + return ret; 514 514 + 515 515 + s += 2; 516 516 + } else { 517 517 + return -EINVAL; 518 518 + } 519 519 + } 520 520 + if (d == dst) 521 521 + return -EINVAL; 522 522 + 523 523 + return 0; 524 524 + } 525 525 + 526 526 + static int btmrvl_load_cal_data(struct btmrvl_private *priv, 527 527 + u8 *config_data) 528 528 + { 529 529 + int i, ret; 530 530 + u8 data[BT_CMD_DATA_SIZE]; 531 531 + 532 532 + data[0] = 0x00; 533 533 + data[1] = 0x00; 534 534 + data[2] = 0x00; 535 535 + data[3] = BT_CMD_DATA_SIZE - 4; 536 536 + 537 537 + /* Swap cal-data bytes. Each four bytes are swapped. Considering 4 538 538 + * byte SDIO header offset, mapping of input and output bytes will be 539 539 + * {3, 2, 1, 0} -> {0+4, 1+4, 2+4, 3+4}, 540 540 + * {7, 6, 5, 4} -> {4+4, 5+4, 6+4, 7+4} */ 541 541 + for (i = 4; i < BT_CMD_DATA_SIZE; i++) 542 542 + data[i] = config_data[(i / 4) * 8 - 1 - i]; 543 543 + 544 544 + print_hex_dump_bytes("Calibration data: ", 545 545 + DUMP_PREFIX_OFFSET, data, BT_CMD_DATA_SIZE); 546 546 + 547 547 + ret = btmrvl_send_sync_cmd(priv, BT_CMD_LOAD_CONFIG_DATA, data, 548 548 + BT_CMD_DATA_SIZE); 549 549 + if (ret) 550 550 + BT_ERR("Failed to download caibration data\n"); 551 551 + 552 552 + return 0; 553 553 + } 554 554 + 555 555 + static int 556 556 + btmrvl_process_cal_cfg(struct btmrvl_private *priv, u8 *data, u32 size) 557 557 + { 558 558 + u8 cal_data[BT_CAL_DATA_SIZE]; 559 559 + int ret; 560 560 + 561 561 + ret = btmrvl_parse_cal_cfg(data, size, cal_data, sizeof(cal_data)); 562 562 + if (ret) 563 563 + return ret; 564 564 + 565 565 + ret = btmrvl_load_cal_data(priv, cal_data); 566 566 + if (ret) { 567 567 + BT_ERR("Fail to load calibrate data"); 568 568 + return ret; 569 569 + } 570 570 + 571 571 + return 0; 572 572 + } 573 573 + 574 574 + static int btmrvl_cal_data_config(struct btmrvl_private *priv) 575 575 + { 576 576 + const struct firmware *cfg; 577 577 + int ret; 578 578 + const char *cal_data = priv->btmrvl_dev.cal_data; 579 579 + 580 580 + if (!cal_data) 581 581 + return 0; 582 582 + 583 583 + ret = request_firmware(&cfg, cal_data, priv->btmrvl_dev.dev); 584 584 + if (ret < 0) { 585 585 + BT_DBG("Failed to get %s file, skipping cal data download", 586 586 + cal_data); 587 587 + return 0; 588 588 + } 589 589 + 590 590 + ret = btmrvl_process_cal_cfg(priv, (u8 *)cfg->data, cfg->size); 591 591 + release_firmware(cfg); 592 592 + return ret; 593 593 + } 594 594 + 595 595 + static int btmrvl_setup(struct hci_dev *hdev) 596 596 + { 597 597 + struct btmrvl_private *priv = hci_get_drvdata(hdev); 598 598 + 599 599 + btmrvl_send_module_cfg_cmd(priv, MODULE_BRINGUP_REQ); 600 600 + 601 601 + if (btmrvl_cal_data_config(priv)) 602 602 + BT_ERR("Set cal data failed"); 603 603 + 604 604 + priv->btmrvl_dev.psmode = 1; 605 605 + btmrvl_enable_ps(priv); 606 606 + 607 607 + priv->btmrvl_dev.gpio_gap = 0xffff; 608 608 + btmrvl_send_hscfg_cmd(priv); 609 609 + 610 610 + return 0; 611 611 + } 612 612 + 613 613 + /* 436 614 * This function handles the event generated by firmware, rx data 437 615 * received from firmware, and tx data sent from kernel. 438 616 */ ··· 656 572 hdev->flush = btmrvl_flush; 657 573 hdev->send = btmrvl_send_frame; 658 574 hdev->ioctl = btmrvl_ioctl; 659 659 - 660 660 - btmrvl_send_module_cfg_cmd(priv, MODULE_BRINGUP_REQ); 575 575 + hdev->setup = btmrvl_setup; 661 576 662 577 hdev->dev_type = priv->btmrvl_dev.dev_type; 663 578

+8 -7

drivers/bluetooth/btmrvl_sdio.c

reviewed

··· 18 18 * this warranty disclaimer. 19 19 **/ 20 20 21 21 - #include <linux/firmware.h> 22 21 #include <linux/slab.h> 23 22 24 23 #include <linux/mmc/sdio_ids.h> ··· 101 102 static const struct btmrvl_sdio_device btmrvl_sdio_sd8688 = { 102 103 .helper = "mrvl/sd8688_helper.bin", 103 104 .firmware = "mrvl/sd8688.bin", 105 105 + .cal_data = NULL, 104 106 .reg = &btmrvl_reg_8688, 105 107 .sd_blksz_fw_dl = 64, 106 108 }; ··· 109 109 static const struct btmrvl_sdio_device btmrvl_sdio_sd8787 = { 110 110 .helper = NULL, 111 111 .firmware = "mrvl/sd8787_uapsta.bin", 112 112 + .cal_data = NULL, 112 113 .reg = &btmrvl_reg_87xx, 113 114 .sd_blksz_fw_dl = 256, 114 115 }; ··· 117 116 static const struct btmrvl_sdio_device btmrvl_sdio_sd8797 = { 118 117 .helper = NULL, 119 118 .firmware = "mrvl/sd8797_uapsta.bin", 119 119 + .cal_data = "mrvl/sd8797_caldata.conf", 120 120 .reg = &btmrvl_reg_87xx, 121 121 .sd_blksz_fw_dl = 256, 122 122 }; ··· 125 123 static const struct btmrvl_sdio_device btmrvl_sdio_sd8897 = { 126 124 .helper = NULL, 127 125 .firmware = "mrvl/sd8897_uapsta.bin", 126 126 + .cal_data = NULL, 128 127 .reg = &btmrvl_reg_88xx, 129 128 .sd_blksz_fw_dl = 256, 130 129 }; ··· 1009 1006 struct btmrvl_sdio_device *data = (void *) id->driver_data; 1010 1007 card->helper = data->helper; 1011 1008 card->firmware = data->firmware; 1009 1009 + card->cal_data = data->cal_data; 1012 1010 card->reg = data->reg; 1013 1011 card->sd_blksz_fw_dl = data->sd_blksz_fw_dl; 1014 1012 } ··· 1038 1034 } 1039 1035 1040 1036 card->priv = priv; 1037 1037 + priv->btmrvl_dev.dev = &card->func->dev; 1038 1038 + priv->btmrvl_dev.cal_data = card->cal_data; 1041 1039 1042 1040 /* Initialize the interface specific function pointers */ 1043 1041 priv->hw_host_to_card = btmrvl_sdio_host_to_card; ··· 1051 1045 ret = -ENODEV; 1052 1046 goto disable_host_int; 1053 1047 } 1054 1054 - 1055 1055 - priv->btmrvl_dev.psmode = 1; 1056 1056 - btmrvl_enable_ps(priv); 1057 1057 - 1058 1058 - priv->btmrvl_dev.gpio_gap = 0xffff; 1059 1059 - btmrvl_send_hscfg_cmd(priv); 1060 1048 1061 1049 return 0; 1062 1050 ··· 1222 1222 MODULE_FIRMWARE("mrvl/sd8688.bin"); 1223 1223 MODULE_FIRMWARE("mrvl/sd8787_uapsta.bin"); 1224 1224 MODULE_FIRMWARE("mrvl/sd8797_uapsta.bin"); 1225 1225 + MODULE_FIRMWARE("mrvl/sd8797_caldata.conf"); 1225 1226 MODULE_FIRMWARE("mrvl/sd8897_uapsta.bin");

+2

drivers/bluetooth/btmrvl_sdio.h

reviewed

··· 85 85 u32 ioport; 86 86 const char *helper; 87 87 const char *firmware; 88 88 + const char *cal_data; 88 89 const struct btmrvl_sdio_card_reg *reg; 89 90 u16 sd_blksz_fw_dl; 90 91 u8 rx_unit; ··· 95 94 struct btmrvl_sdio_device { 96 95 const char *helper; 97 96 const char *firmware; 97 97 + const char *cal_data; 98 98 const struct btmrvl_sdio_card_reg *reg; 99 99 u16 sd_blksz_fw_dl; 100 100 };

+5

drivers/bluetooth/btusb.c

reviewed

··· 102 102 103 103 /* Broadcom BCM20702A0 */ 104 104 { USB_DEVICE(0x0b05, 0x17b5) }, 105 105 + { USB_DEVICE(0x0b05, 0x17cb) }, 105 106 { USB_DEVICE(0x04ca, 0x2003) }, 106 107 { USB_DEVICE(0x0489, 0xe042) }, 107 108 { USB_DEVICE(0x413c, 0x8197) }, ··· 112 111 113 112 /*Broadcom devices with vendor specific id */ 114 113 { USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) }, 114 114 + 115 115 + /* Belkin F8065bf - Broadcom based */ 116 116 + { USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) }, 115 117 116 118 { } /* Terminating entry */ 117 119 }; ··· 152 148 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 153 149 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 154 150 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 151 151 + { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 155 152 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 156 153 { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, 157 154 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 },

+124 -46

drivers/bluetooth/hci_vhci.c

reviewed

··· 24 24 */ 25 25 26 26 #include <linux/module.h> 27 27 + #include <asm/unaligned.h> 27 28 28 29 #include <linux/kernel.h> 29 30 #include <linux/init.h> ··· 40 39 #include <net/bluetooth/bluetooth.h> 41 40 #include <net/bluetooth/hci_core.h> 42 41 43 43 - #define VERSION "1.3" 42 42 + #define VERSION "1.4" 44 43 45 44 static bool amp; 46 45 47 46 struct vhci_data { 48 47 struct hci_dev *hdev; 49 48 50 50 - unsigned long flags; 51 51 - 52 49 wait_queue_head_t read_wait; 53 50 struct sk_buff_head readq; 51 51 + 52 52 + struct delayed_work open_timeout; 54 53 }; 55 54 56 55 static int vhci_open_dev(struct hci_dev *hdev) ··· 100 99 skb_queue_tail(&data->readq, skb); 101 100 102 101 wake_up_interruptible(&data->read_wait); 102 102 + return 0; 103 103 + } 103 104 105 105 + static int vhci_create_device(struct vhci_data *data, __u8 dev_type) 106 106 + { 107 107 + struct hci_dev *hdev; 108 108 + struct sk_buff *skb; 109 109 + 110 110 + skb = bt_skb_alloc(4, GFP_KERNEL); 111 111 + if (!skb) 112 112 + return -ENOMEM; 113 113 + 114 114 + hdev = hci_alloc_dev(); 115 115 + if (!hdev) { 116 116 + kfree_skb(skb); 117 117 + return -ENOMEM; 118 118 + } 119 119 + 120 120 + data->hdev = hdev; 121 121 + 122 122 + hdev->bus = HCI_VIRTUAL; 123 123 + hdev->dev_type = dev_type; 124 124 + hci_set_drvdata(hdev, data); 125 125 + 126 126 + hdev->open = vhci_open_dev; 127 127 + hdev->close = vhci_close_dev; 128 128 + hdev->flush = vhci_flush; 129 129 + hdev->send = vhci_send_frame; 130 130 + 131 131 + if (hci_register_dev(hdev) < 0) { 132 132 + BT_ERR("Can't register HCI device"); 133 133 + hci_free_dev(hdev); 134 134 + data->hdev = NULL; 135 135 + kfree_skb(skb); 136 136 + return -EBUSY; 137 137 + } 138 138 + 139 139 + bt_cb(skb)->pkt_type = HCI_VENDOR_PKT; 140 140 + 141 141 + *skb_put(skb, 1) = 0xff; 142 142 + *skb_put(skb, 1) = dev_type; 143 143 + put_unaligned_le16(hdev->id, skb_put(skb, 2)); 144 144 + skb_queue_tail(&data->readq, skb); 145 145 + 146 146 + wake_up_interruptible(&data->read_wait); 104 147 return 0; 105 148 } 106 149 107 150 static inline ssize_t vhci_get_user(struct vhci_data *data, 108 108 - const char __user *buf, size_t count) 151 151 + const char __user *buf, size_t count) 109 152 { 110 153 struct sk_buff *skb; 154 154 + __u8 pkt_type, dev_type; 155 155 + int ret; 111 156 112 112 - if (count > HCI_MAX_FRAME_SIZE) 157 157 + if (count < 2 || count > HCI_MAX_FRAME_SIZE) 113 158 return -EINVAL; 114 159 115 160 skb = bt_skb_alloc(count, GFP_KERNEL); ··· 167 120 return -EFAULT; 168 121 } 169 122 170 170 - skb->dev = (void *) data->hdev; 171 171 - bt_cb(skb)->pkt_type = *((__u8 *) skb->data); 123 123 + pkt_type = *((__u8 *) skb->data); 172 124 skb_pull(skb, 1); 173 125 174 174 - hci_recv_frame(skb); 126 126 + switch (pkt_type) { 127 127 + case HCI_EVENT_PKT: 128 128 + case HCI_ACLDATA_PKT: 129 129 + case HCI_SCODATA_PKT: 130 130 + if (!data->hdev) { 131 131 + kfree_skb(skb); 132 132 + return -ENODEV; 133 133 + } 175 134 176 176 - return count; 135 135 + skb->dev = (void *) data->hdev; 136 136 + bt_cb(skb)->pkt_type = pkt_type; 137 137 + 138 138 + ret = hci_recv_frame(skb); 139 139 + break; 140 140 + 141 141 + case HCI_VENDOR_PKT: 142 142 + if (data->hdev) { 143 143 + kfree_skb(skb); 144 144 + return -EBADFD; 145 145 + } 146 146 + 147 147 + cancel_delayed_work_sync(&data->open_timeout); 148 148 + 149 149 + dev_type = *((__u8 *) skb->data); 150 150 + skb_pull(skb, 1); 151 151 + 152 152 + if (skb->len > 0) { 153 153 + kfree_skb(skb); 154 154 + return -EINVAL; 155 155 + } 156 156 + 157 157 + kfree_skb(skb); 158 158 + 159 159 + if (dev_type != HCI_BREDR && dev_type != HCI_AMP) 160 160 + return -EINVAL; 161 161 + 162 162 + ret = vhci_create_device(data, dev_type); 163 163 + break; 164 164 + 165 165 + default: 166 166 + kfree_skb(skb); 167 167 + return -EINVAL; 168 168 + } 169 169 + 170 170 + return (ret < 0) ? ret : count; 177 171 } 178 172 179 173 static inline ssize_t vhci_put_user(struct vhci_data *data, 180 180 - struct sk_buff *skb, char __user *buf, int count) 174 174 + struct sk_buff *skb, 175 175 + char __user *buf, int count) 181 176 { 182 177 char __user *ptr = buf; 183 183 - int len, total = 0; 178 178 + int len; 184 179 185 180 len = min_t(unsigned int, skb->len, count); 186 181 187 182 if (copy_to_user(ptr, skb->data, len)) 188 183 return -EFAULT; 189 184 190 190 - total += len; 185 185 + if (!data->hdev) 186 186 + return len; 191 187 192 188 data->hdev->stat.byte_tx += len; 193 189 ··· 238 148 case HCI_COMMAND_PKT: 239 149 data->hdev->stat.cmd_tx++; 240 150 break; 241 241 - 242 151 case HCI_ACLDATA_PKT: 243 152 data->hdev->stat.acl_tx++; 244 153 break; 245 245 - 246 154 case HCI_SCODATA_PKT: 247 155 data->hdev->stat.sco_tx++; 248 156 break; 249 157 } 250 158 251 251 - return total; 159 159 + return len; 252 160 } 253 161 254 162 static ssize_t vhci_read(struct file *file, 255 255 - char __user *buf, size_t count, loff_t *pos) 163 163 + char __user *buf, size_t count, loff_t *pos) 256 164 { 257 165 struct vhci_data *data = file->private_data; 258 166 struct sk_buff *skb; ··· 273 185 } 274 186 275 187 ret = wait_event_interruptible(data->read_wait, 276 276 - !skb_queue_empty(&data->readq)); 188 188 + !skb_queue_empty(&data->readq)); 277 189 if (ret < 0) 278 190 break; 279 191 } ··· 282 194 } 283 195 284 196 static ssize_t vhci_write(struct file *file, 285 285 - const char __user *buf, size_t count, loff_t *pos) 197 197 + const char __user *buf, size_t count, loff_t *pos) 286 198 { 287 199 struct vhci_data *data = file->private_data; 288 200 ··· 301 213 return POLLOUT | POLLWRNORM; 302 214 } 303 215 216 216 + static void vhci_open_timeout(struct work_struct *work) 217 217 + { 218 218 + struct vhci_data *data = container_of(work, struct vhci_data, 219 219 + open_timeout.work); 220 220 + 221 221 + vhci_create_device(data, amp ? HCI_AMP : HCI_BREDR); 222 222 + } 223 223 + 304 224 static int vhci_open(struct inode *inode, struct file *file) 305 225 { 306 226 struct vhci_data *data; 307 307 - struct hci_dev *hdev; 308 227 309 228 data = kzalloc(sizeof(struct vhci_data), GFP_KERNEL); 310 229 if (!data) ··· 320 225 skb_queue_head_init(&data->readq); 321 226 init_waitqueue_head(&data->read_wait); 322 227 323 323 - hdev = hci_alloc_dev(); 324 324 - if (!hdev) { 325 325 - kfree(data); 326 326 - return -ENOMEM; 327 327 - } 328 328 - 329 329 - data->hdev = hdev; 330 330 - 331 331 - hdev->bus = HCI_VIRTUAL; 332 332 - hci_set_drvdata(hdev, data); 333 333 - 334 334 - if (amp) 335 335 - hdev->dev_type = HCI_AMP; 336 336 - 337 337 - hdev->open = vhci_open_dev; 338 338 - hdev->close = vhci_close_dev; 339 339 - hdev->flush = vhci_flush; 340 340 - hdev->send = vhci_send_frame; 341 341 - 342 342 - if (hci_register_dev(hdev) < 0) { 343 343 - BT_ERR("Can't register HCI device"); 344 344 - kfree(data); 345 345 - hci_free_dev(hdev); 346 346 - return -EBUSY; 347 347 - } 228 228 + INIT_DELAYED_WORK(&data->open_timeout, vhci_open_timeout); 348 229 349 230 file->private_data = data; 350 231 nonseekable_open(inode, file); 232 232 + 233 233 + schedule_delayed_work(&data->open_timeout, msecs_to_jiffies(1000)); 351 234 352 235 return 0; 353 236 } ··· 335 262 struct vhci_data *data = file->private_data; 336 263 struct hci_dev *hdev = data->hdev; 337 264 338 338 - hci_unregister_dev(hdev); 339 339 - hci_free_dev(hdev); 265 265 + cancel_delayed_work_sync(&data->open_timeout); 266 266 + 267 267 + if (hdev) { 268 268 + hci_unregister_dev(hdev); 269 269 + hci_free_dev(hdev); 270 270 + } 340 271 341 272 file->private_data = NULL; 342 273 kfree(data); ··· 386 309 MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION); 387 310 MODULE_VERSION(VERSION); 388 311 MODULE_LICENSE("GPL"); 312 312 + MODULE_ALIAS("devname:vhci");

+3 -2

include/net/bluetooth/bluetooth.h

reviewed

··· 197 197 return false; 198 198 } 199 199 200 200 - #define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0} }) 201 201 - #define BDADDR_LOCAL (&(bdaddr_t) {{0, 0, 0, 0xff, 0xff, 0xff} }) 200 200 + #define BDADDR_ANY (&(bdaddr_t) {{0, 0, 0, 0, 0, 0}}) 201 201 + #define BDADDR_NONE (&(bdaddr_t) {{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}}) 202 202 203 203 /* Copy, swap, convert BD Address */ 204 204 static inline int bacmp(const bdaddr_t *ba1, const bdaddr_t *ba2) ··· 249 249 uint bt_sock_poll(struct file *file, struct socket *sock, poll_table *wait); 250 250 int bt_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); 251 251 int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo); 252 252 + int bt_sock_wait_ready(struct sock *sk, unsigned long flags); 252 253 253 254 void bt_accept_enqueue(struct sock *parent, struct sock *sk); 254 255 void bt_accept_unlink(struct sock *sk);

+79 -3

include/net/bluetooth/hci.h

reviewed

··· 35 35 36 36 #define HCI_MAX_AMP_ASSOC_SIZE 672 37 37 38 38 + #define HCI_MAX_CSB_DATA_SIZE 252 39 39 + 38 40 /* HCI dev events */ 39 41 #define HCI_DEV_REG 1 40 42 #define HCI_DEV_UNREG 2 ··· 106 104 enum { 107 105 HCI_SETUP, 108 106 HCI_AUTO_OFF, 107 107 + HCI_RFKILLED, 109 108 HCI_MGMT, 110 109 HCI_PAIRABLE, 111 110 HCI_SERVICE_CACHE, 112 111 HCI_DEBUG_KEYS, 113 112 HCI_UNREGISTER, 113 113 + HCI_USER_CHANNEL, 114 114 115 115 HCI_LE_SCAN, 116 116 HCI_SSP_ENABLED, ··· 124 120 HCI_LINK_SECURITY, 125 121 HCI_PERIODIC_INQ, 126 122 HCI_FAST_CONNECTABLE, 123 123 + HCI_BREDR_ENABLED, 127 124 }; 128 125 129 126 /* A mask for the flags that are supposed to remain when a reset happens ··· 628 623 __u8 flow_spec_id; 629 624 } __packed; 630 625 626 626 + #define HCI_OP_SET_CSB 0x0441 627 627 + struct hci_cp_set_csb { 628 628 + __u8 enable; 629 629 + __u8 lt_addr; 630 630 + __u8 lpo_allowed; 631 631 + __le16 packet_type; 632 632 + __le16 interval_min; 633 633 + __le16 interval_max; 634 634 + __le16 csb_sv_tout; 635 635 + } __packed; 636 636 + struct hci_rp_set_csb { 637 637 + __u8 status; 638 638 + __u8 lt_addr; 639 639 + __le16 interval; 640 640 + } __packed; 641 641 + 642 642 + #define HCI_OP_START_SYNC_TRAIN 0x0443 643 643 + 631 644 #define HCI_OP_SNIFF_MODE 0x0803 632 645 struct hci_cp_sniff_mode { 633 646 __le16 handle; ··· 716 693 } __packed; 717 694 718 695 #define HCI_OP_SET_EVENT_MASK 0x0c01 719 719 - struct hci_cp_set_event_mask { 720 720 - __u8 mask[8]; 721 721 - } __packed; 722 696 723 697 #define HCI_OP_RESET 0x0c03 724 698 ··· 845 825 __s8 tx_power; 846 826 } __packed; 847 827 828 828 + #define HCI_OP_SET_EVENT_MASK_PAGE_2 0x0c63 829 829 + 848 830 #define HCI_OP_READ_FLOW_CONTROL_MODE 0x0c66 849 831 struct hci_rp_read_flow_control_mode { 850 832 __u8 status; ··· 857 835 struct hci_cp_write_le_host_supported { 858 836 __u8 le; 859 837 __u8 simul; 838 838 + } __packed; 839 839 + 840 840 + #define HCI_OP_SET_RESERVED_LT_ADDR 0x0c74 841 841 + struct hci_cp_set_reserved_lt_addr { 842 842 + __u8 lt_addr; 843 843 + } __packed; 844 844 + struct hci_rp_set_reserved_lt_addr { 845 845 + __u8 status; 846 846 + __u8 lt_addr; 847 847 + } __packed; 848 848 + 849 849 + #define HCI_OP_DELETE_RESERVED_LT_ADDR 0x0c75 850 850 + struct hci_cp_delete_reserved_lt_addr { 851 851 + __u8 lt_addr; 852 852 + } __packed; 853 853 + struct hci_rp_delete_reserved_lt_addr { 854 854 + __u8 status; 855 855 + __u8 lt_addr; 856 856 + } __packed; 857 857 + 858 858 + #define HCI_OP_SET_CSB_DATA 0x0c76 859 859 + struct hci_cp_set_csb_data { 860 860 + __u8 lt_addr; 861 861 + __u8 fragment; 862 862 + __u8 data_length; 863 863 + __u8 data[HCI_MAX_CSB_DATA_SIZE]; 864 864 + } __packed; 865 865 + struct hci_rp_set_csb_data { 866 866 + __u8 status; 867 867 + __u8 lt_addr; 868 868 + } __packed; 869 869 + 870 870 + #define HCI_OP_READ_SYNC_TRAIN_PARAMS 0x0c77 871 871 + 872 872 + #define HCI_OP_WRITE_SYNC_TRAIN_PARAMS 0x0c78 873 873 + struct hci_cp_write_sync_train_params { 874 874 + __le16 interval_min; 875 875 + __le16 interval_max; 876 876 + __le32 sync_train_tout; 877 877 + __u8 service_data; 878 878 + } __packed; 879 879 + struct hci_rp_write_sync_train_params { 880 880 + __u8 status; 881 881 + __le16 sync_train_int; 860 882 } __packed; 861 883 862 884 #define HCI_OP_READ_LOCAL_VERSION 0x1001 ··· 1039 973 __u8 status; 1040 974 __u8 features[8]; 1041 975 } __packed; 976 976 + 977 977 + #define HCI_OP_LE_SET_RANDOM_ADDR 0x2005 1042 978 1043 979 #define HCI_OP_LE_READ_ADV_TX_POWER 0x2007 1044 980 struct hci_rp_le_read_adv_tx_power { ··· 1505 1437 struct hci_comp_blocks_info handles[0]; 1506 1438 } __packed; 1507 1439 1440 1440 + #define HCI_EV_SYNC_TRAIN_COMPLETE 0x4F 1441 1441 + struct hci_ev_sync_train_complete { 1442 1442 + __u8 status; 1443 1443 + } __packed; 1444 1444 + 1445 1445 + #define HCI_EV_SLAVE_PAGE_RESP_TIMEOUT 0x54 1446 1446 + 1508 1447 /* Low energy meta events */ 1509 1448 #define LE_CONN_ROLE_MASTER 0x00 1510 1449 ··· 1645 1570 #define HCI_DEV_NONE 0xffff 1646 1571 1647 1572 #define HCI_CHANNEL_RAW 0 1573 1573 + #define HCI_CHANNEL_USER 1 1648 1574 #define HCI_CHANNEL_MONITOR 2 1649 1575 #define HCI_CHANNEL_CONTROL 3 1650 1576

+1 -1

include/net/bluetooth/hci_core.h

reviewed

··· 140 140 __u8 bus; 141 141 __u8 dev_type; 142 142 bdaddr_t bdaddr; 143 143 + bdaddr_t static_addr; 143 144 __u8 dev_name[HCI_MAX_NAME_LENGTH]; 144 145 __u8 short_name[HCI_MAX_SHORT_NAME_LENGTH]; 145 146 __u8 eir[HCI_MAX_EIR_LENGTH]; ··· 1169 1168 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status); 1170 1169 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 1171 1170 u8 *randomizer, u8 status); 1172 1172 - int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status); 1173 1171 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 1174 1172 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, 1175 1173 u8 ssp, u8 *eir, u16 eir_len);

+1

include/net/bluetooth/l2cap.h

reviewed

··· 564 564 565 565 __u32 feat_mask; 566 566 __u8 fixed_chan_mask; 567 567 + bool hs_enabled; 567 568 568 569 __u8 info_state; 569 570 __u8 info_ident;

+11

include/net/bluetooth/mgmt.h

reviewed

··· 93 93 #define MGMT_SETTING_BREDR 0x00000080 94 94 #define MGMT_SETTING_HS 0x00000100 95 95 #define MGMT_SETTING_LE 0x00000200 96 96 + #define MGMT_SETTING_ADVERTISING 0x00000400 96 97 97 98 #define MGMT_OP_READ_INFO 0x0004 98 99 #define MGMT_READ_INFO_SIZE 0 ··· 351 350 __le16 version; 352 351 } __packed; 353 352 #define MGMT_SET_DEVICE_ID_SIZE 8 353 353 + 354 354 + #define MGMT_OP_SET_ADVERTISING 0x0029 355 355 + 356 356 + #define MGMT_OP_SET_BREDR 0x002A 357 357 + 358 358 + #define MGMT_OP_SET_STATIC_ADDRESS 0x002B 359 359 + struct mgmt_cp_set_static_address { 360 360 + bdaddr_t bdaddr; 361 361 + } __packed; 362 362 + #define MGMT_SET_STATIC_ADDRESS_SIZE 6 354 363 355 364 #define MGMT_EV_CMD_COMPLETE 0x0001 356 365 struct mgmt_ev_cmd_complete {

+2

net/bluetooth/Makefile

reviewed

··· 11 11 bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ 12 12 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \ 13 13 a2mp.o amp.o 14 14 + 15 15 + subdir-ccflags-y += -D__CHECK_ENDIAN__

+41

net/bluetooth/af_bluetooth.c

reviewed

··· 490 490 } 491 491 EXPORT_SYMBOL(bt_sock_ioctl); 492 492 493 493 + /* This function expects the sk lock to be held when called */ 493 494 int bt_sock_wait_state(struct sock *sk, int state, unsigned long timeo) 494 495 { 495 496 DECLARE_WAITQUEUE(wait, current); ··· 525 524 return err; 526 525 } 527 526 EXPORT_SYMBOL(bt_sock_wait_state); 527 527 + 528 528 + /* This function expects the sk lock to be held when called */ 529 529 + int bt_sock_wait_ready(struct sock *sk, unsigned long flags) 530 530 + { 531 531 + DECLARE_WAITQUEUE(wait, current); 532 532 + unsigned long timeo; 533 533 + int err = 0; 534 534 + 535 535 + BT_DBG("sk %p", sk); 536 536 + 537 537 + timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); 538 538 + 539 539 + add_wait_queue(sk_sleep(sk), &wait); 540 540 + set_current_state(TASK_INTERRUPTIBLE); 541 541 + while (test_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags)) { 542 542 + if (!timeo) { 543 543 + err = -EAGAIN; 544 544 + break; 545 545 + } 546 546 + 547 547 + if (signal_pending(current)) { 548 548 + err = sock_intr_errno(timeo); 549 549 + break; 550 550 + } 551 551 + 552 552 + release_sock(sk); 553 553 + timeo = schedule_timeout(timeo); 554 554 + lock_sock(sk); 555 555 + set_current_state(TASK_INTERRUPTIBLE); 556 556 + 557 557 + err = sock_error(sk); 558 558 + if (err) 559 559 + break; 560 560 + } 561 561 + __set_current_state(TASK_RUNNING); 562 562 + remove_wait_queue(sk_sleep(sk), &wait); 563 563 + 564 564 + return err; 565 565 + } 566 566 + EXPORT_SYMBOL(bt_sock_wait_ready); 528 567 529 568 #ifdef CONFIG_PROC_FS 530 569 struct bt_seq_state {

+4

net/bluetooth/hci_conn.c

reviewed

··· 518 518 list_for_each_entry(d, &hci_dev_list, list) { 519 519 if (!test_bit(HCI_UP, &d->flags) || 520 520 test_bit(HCI_RAW, &d->flags) || 521 521 + test_bit(HCI_USER_CHANNEL, &d->dev_flags) || 521 522 d->dev_type != HCI_BREDR) 522 523 continue; 523 524 ··· 580 579 u8 sec_level, u8 auth_type) 581 580 { 582 581 struct hci_conn *acl; 582 582 + 583 583 + if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 584 584 + return ERR_PTR(-ENOTSUPP); 583 585 584 586 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 585 587 if (!acl) {

+168 -45

net/bluetooth/hci_core.c

reviewed

··· 519 519 520 520 if (lmp_bredr_capable(hdev)) 521 521 bredr_setup(req); 522 522 + else 523 523 + clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 522 524 523 525 if (lmp_le_capable(hdev)) 524 526 le_setup(req); ··· 609 607 &cp); 610 608 } 611 609 610 610 + static void hci_set_event_mask_page_2(struct hci_request *req) 611 611 + { 612 612 + struct hci_dev *hdev = req->hdev; 613 613 + u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 614 614 + 615 615 + /* If Connectionless Slave Broadcast master role is supported 616 616 + * enable all necessary events for it. 617 617 + */ 618 618 + if (hdev->features[2][0] & 0x01) { 619 619 + events[1] |= 0x40; /* Triggered Clock Capture */ 620 620 + events[1] |= 0x80; /* Synchronization Train Complete */ 621 621 + events[2] |= 0x10; /* Slave Page Response Timeout */ 622 622 + events[2] |= 0x20; /* CSB Channel Map Change */ 623 623 + } 624 624 + 625 625 + /* If Connectionless Slave Broadcast slave role is supported 626 626 + * enable all necessary events for it. 627 627 + */ 628 628 + if (hdev->features[2][0] & 0x02) { 629 629 + events[2] |= 0x01; /* Synchronization Train Received */ 630 630 + events[2] |= 0x02; /* CSB Receive */ 631 631 + events[2] |= 0x04; /* CSB Timeout */ 632 632 + events[2] |= 0x08; /* Truncated Page Complete */ 633 633 + } 634 634 + 635 635 + hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events); 636 636 + } 637 637 + 612 638 static void hci_init3_req(struct hci_request *req, unsigned long opt) 613 639 { 614 640 struct hci_dev *hdev = req->hdev; ··· 678 648 } 679 649 } 680 650 651 651 + static void hci_init4_req(struct hci_request *req, unsigned long opt) 652 652 + { 653 653 + struct hci_dev *hdev = req->hdev; 654 654 + 655 655 + /* Set event mask page 2 if the HCI command for it is supported */ 656 656 + if (hdev->commands[22] & 0x04) 657 657 + hci_set_event_mask_page_2(req); 658 658 + 659 659 + /* Check for Synchronization Train support */ 660 660 + if (hdev->features[2][0] & 0x04) 661 661 + hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); 662 662 + } 663 663 + 681 664 static int __hci_init(struct hci_dev *hdev) 682 665 { 683 666 int err; ··· 710 667 if (err < 0) 711 668 return err; 712 669 713 713 - return __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT); 670 670 + err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT); 671 671 + if (err < 0) 672 672 + return err; 673 673 + 674 674 + return __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT); 714 675 } 715 676 716 677 static void hci_scan_req(struct hci_request *req, unsigned long opt) ··· 1031 984 if (!hdev) 1032 985 return -ENODEV; 1033 986 987 987 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 988 988 + err = -EBUSY; 989 989 + goto done; 990 990 + } 991 991 + 992 992 + if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 993 993 + err = -EOPNOTSUPP; 994 994 + goto done; 995 995 + } 996 996 + 1034 997 hci_dev_lock(hdev); 1035 998 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 1036 999 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) { ··· 1108 1051 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) 1109 1052 flags |= LE_AD_GENERAL; 1110 1053 1111 1111 - if (!lmp_bredr_capable(hdev)) 1054 1054 + if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1055 1055 + if (lmp_le_br_capable(hdev)) 1056 1056 + flags |= LE_AD_SIM_LE_BREDR_CTRL; 1057 1057 + if (lmp_host_le_br_capable(hdev)) 1058 1058 + flags |= LE_AD_SIM_LE_BREDR_HOST; 1059 1059 + } else { 1112 1060 flags |= LE_AD_NO_BREDR; 1113 1113 - 1114 1114 - if (lmp_le_br_capable(hdev)) 1115 1115 - flags |= LE_AD_SIM_LE_BREDR_CTRL; 1116 1116 - 1117 1117 - if (lmp_host_le_br_capable(hdev)) 1118 1118 - flags |= LE_AD_SIM_LE_BREDR_HOST; 1061 1061 + } 1119 1062 1120 1063 if (flags) { 1121 1064 BT_DBG("adv flags 0x%02x", flags); ··· 1183 1126 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 1184 1127 } 1185 1128 1186 1186 - /* ---- HCI ioctl helpers ---- */ 1187 1187 - 1188 1188 - int hci_dev_open(__u16 dev) 1129 1129 + static int hci_dev_do_open(struct hci_dev *hdev) 1189 1130 { 1190 1190 - struct hci_dev *hdev; 1191 1131 int ret = 0; 1192 1192 - 1193 1193 - hdev = hci_dev_get(dev); 1194 1194 - if (!hdev) 1195 1195 - return -ENODEV; 1196 1132 1197 1133 BT_DBG("%s %p", hdev->name, hdev); 1198 1134 ··· 1196 1146 goto done; 1197 1147 } 1198 1148 1199 1199 - if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) { 1149 1149 + /* Check for rfkill but allow the HCI setup stage to proceed 1150 1150 + * (which in itself doesn't cause any RF activity). 1151 1151 + */ 1152 1152 + if (test_bit(HCI_RFKILLED, &hdev->dev_flags) && 1153 1153 + !test_bit(HCI_SETUP, &hdev->dev_flags)) { 1200 1154 ret = -ERFKILL; 1201 1155 goto done; 1202 1156 } ··· 1222 1168 ret = hdev->setup(hdev); 1223 1169 1224 1170 if (!ret) { 1225 1225 - /* Treat all non BR/EDR controllers as raw devices if 1226 1226 - * enable_hs is not set. 1227 1227 - */ 1228 1228 - if (hdev->dev_type != HCI_BREDR && !enable_hs) 1229 1229 - set_bit(HCI_RAW, &hdev->flags); 1230 1230 - 1231 1171 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) 1232 1172 set_bit(HCI_RAW, &hdev->flags); 1233 1173 1234 1234 - if (!test_bit(HCI_RAW, &hdev->flags)) 1174 1174 + if (!test_bit(HCI_RAW, &hdev->flags) && 1175 1175 + !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 1235 1176 ret = __hci_init(hdev); 1236 1177 } 1237 1178 ··· 1237 1188 set_bit(HCI_UP, &hdev->flags); 1238 1189 hci_notify(hdev, HCI_DEV_UP); 1239 1190 if (!test_bit(HCI_SETUP, &hdev->dev_flags) && 1191 1191 + !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && 1240 1192 mgmt_valid_hdev(hdev)) { 1241 1193 hci_dev_lock(hdev); 1242 1194 mgmt_powered(hdev, 1); ··· 1266 1216 1267 1217 done: 1268 1218 hci_req_unlock(hdev); 1269 1269 - hci_dev_put(hdev); 1270 1219 return ret; 1220 1220 + } 1221 1221 + 1222 1222 + /* ---- HCI ioctl helpers ---- */ 1223 1223 + 1224 1224 + int hci_dev_open(__u16 dev) 1225 1225 + { 1226 1226 + struct hci_dev *hdev; 1227 1227 + int err; 1228 1228 + 1229 1229 + hdev = hci_dev_get(dev); 1230 1230 + if (!hdev) 1231 1231 + return -ENODEV; 1232 1232 + 1233 1233 + /* We need to ensure that no other power on/off work is pending 1234 1234 + * before proceeding to call hci_dev_do_open. This is 1235 1235 + * particularly important if the setup procedure has not yet 1236 1236 + * completed. 1237 1237 + */ 1238 1238 + if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1239 1239 + cancel_delayed_work(&hdev->power_off); 1240 1240 + 1241 1241 + flush_workqueue(hdev->req_workqueue); 1242 1242 + 1243 1243 + err = hci_dev_do_open(hdev); 1244 1244 + 1245 1245 + hci_dev_put(hdev); 1246 1246 + 1247 1247 + return err; 1271 1248 } 1272 1249 1273 1250 static int hci_dev_do_close(struct hci_dev *hdev) ··· 1401 1324 if (!hdev) 1402 1325 return -ENODEV; 1403 1326 1327 1327 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 1328 1328 + err = -EBUSY; 1329 1329 + goto done; 1330 1330 + } 1331 1331 + 1404 1332 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1405 1333 cancel_delayed_work(&hdev->power_off); 1406 1334 1407 1335 err = hci_dev_do_close(hdev); 1408 1336 1337 1337 + done: 1409 1338 hci_dev_put(hdev); 1410 1339 return err; 1411 1340 } ··· 1427 1344 1428 1345 hci_req_lock(hdev); 1429 1346 1430 1430 - if (!test_bit(HCI_UP, &hdev->flags)) 1347 1347 + if (!test_bit(HCI_UP, &hdev->flags)) { 1348 1348 + ret = -ENETDOWN; 1431 1349 goto done; 1350 1350 + } 1351 1351 + 1352 1352 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 1353 1353 + ret = -EBUSY; 1354 1354 + goto done; 1355 1355 + } 1432 1356 1433 1357 /* Drop queues */ 1434 1358 skb_queue_purge(&hdev->rx_q); ··· 1470 1380 if (!hdev) 1471 1381 return -ENODEV; 1472 1382 1383 1383 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 1384 1384 + ret = -EBUSY; 1385 1385 + goto done; 1386 1386 + } 1387 1387 + 1473 1388 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 1474 1389 1390 1390 + done: 1475 1391 hci_dev_put(hdev); 1476 1476 - 1477 1392 return ret; 1478 1393 } 1479 1394 ··· 1494 1399 hdev = hci_dev_get(dr.dev_id); 1495 1400 if (!hdev) 1496 1401 return -ENODEV; 1402 1402 + 1403 1403 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 1404 1404 + err = -EBUSY; 1405 1405 + goto done; 1406 1406 + } 1407 1407 + 1408 1408 + if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 1409 1409 + err = -EOPNOTSUPP; 1410 1410 + goto done; 1411 1411 + } 1497 1412 1498 1413 switch (cmd) { 1499 1414 case HCISETAUTH: ··· 1563 1458 break; 1564 1459 } 1565 1460 1461 1461 + done: 1566 1462 hci_dev_put(hdev); 1567 1463 return err; 1568 1464 } ··· 1636 1530 1637 1531 strcpy(di.name, hdev->name); 1638 1532 di.bdaddr = hdev->bdaddr; 1639 1639 - di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4); 1533 1533 + di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4); 1640 1534 di.flags = hdev->flags; 1641 1535 di.pkt_type = hdev->pkt_type; 1642 1536 if (lmp_bredr_capable(hdev)) { ··· 1672 1566 1673 1567 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked); 1674 1568 1675 1675 - if (!blocked) 1676 1676 - return 0; 1569 1569 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 1570 1570 + return -EBUSY; 1677 1571 1678 1678 - hci_dev_do_close(hdev); 1572 1572 + if (blocked) { 1573 1573 + set_bit(HCI_RFKILLED, &hdev->dev_flags); 1574 1574 + if (!test_bit(HCI_SETUP, &hdev->dev_flags)) 1575 1575 + hci_dev_do_close(hdev); 1576 1576 + } else { 1577 1577 + clear_bit(HCI_RFKILLED, &hdev->dev_flags); 1578 1578 + } 1679 1579 1680 1580 return 0; 1681 1581 } ··· 1697 1585 1698 1586 BT_DBG("%s", hdev->name); 1699 1587 1700 1700 - err = hci_dev_open(hdev->id); 1588 1588 + err = hci_dev_do_open(hdev); 1701 1589 if (err < 0) { 1702 1590 mgmt_set_powered_failed(hdev, err); 1703 1591 return; 1704 1592 } 1705 1593 1706 1706 - if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 1594 1594 + if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) { 1595 1595 + clear_bit(HCI_AUTO_OFF, &hdev->dev_flags); 1596 1596 + hci_dev_do_close(hdev); 1597 1597 + } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 1707 1598 queue_delayed_work(hdev->req_workqueue, &hdev->power_off, 1708 1599 HCI_AUTO_OFF_TIMEOUT); 1600 1600 + } 1709 1601 1710 1602 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) 1711 1603 mgmt_index_added(hdev); ··· 2325 2209 } 2326 2210 } 2327 2211 2212 2212 + if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) 2213 2213 + set_bit(HCI_RFKILLED, &hdev->dev_flags); 2214 2214 + 2328 2215 set_bit(HCI_SETUP, &hdev->dev_flags); 2329 2216 2330 2330 - if (hdev->dev_type != HCI_AMP) 2217 2217 + if (hdev->dev_type != HCI_AMP) { 2331 2218 set_bit(HCI_AUTO_OFF, &hdev->dev_flags); 2219 2219 + /* Assume BR/EDR support until proven otherwise (such as 2220 2220 + * through reading supported features during init. 2221 2221 + */ 2222 2222 + set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 2223 2223 + } 2332 2224 2333 2225 write_lock(&hci_dev_list_lock); 2334 2226 list_add(&hdev->list, &hci_dev_list); ··· 3382 3258 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt, 3383 3259 hdev->sco_cnt, hdev->le_cnt); 3384 3260 3385 3385 - /* Schedule queues and send stuff to HCI driver */ 3386 3386 - 3387 3387 - hci_sched_acl(hdev); 3388 3388 - 3389 3389 - hci_sched_sco(hdev); 3390 3390 - 3391 3391 - hci_sched_esco(hdev); 3392 3392 - 3393 3393 - hci_sched_le(hdev); 3261 3261 + if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 3262 3262 + /* Schedule queues and send stuff to HCI driver */ 3263 3263 + hci_sched_acl(hdev); 3264 3264 + hci_sched_sco(hdev); 3265 3265 + hci_sched_esco(hdev); 3266 3266 + hci_sched_le(hdev); 3267 3267 + } 3394 3268 3395 3269 /* Send next queued raw (unknown type) packet */ 3396 3270 while ((skb = skb_dequeue(&hdev->raw_q))) ··· 3579 3457 hci_send_to_sock(hdev, skb); 3580 3458 } 3581 3459 3582 3582 - if (test_bit(HCI_RAW, &hdev->flags)) { 3460 3460 + if (test_bit(HCI_RAW, &hdev->flags) || 3461 3461 + test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 3583 3462 kfree_skb(skb); 3584 3463 continue; 3585 3464 } ··· 3635 3512 3636 3513 kfree_skb(hdev->sent_cmd); 3637 3514 3638 3638 - hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC); 3515 3515 + hdev->sent_cmd = skb_clone(skb, GFP_KERNEL); 3639 3516 if (hdev->sent_cmd) { 3640 3517 atomic_dec(&hdev->cmd_cnt); 3641 3518 hci_send_frame(skb);

+16 -7

net/bluetooth/hci_event.c

reviewed

··· 297 297 goto done; 298 298 } 299 299 300 300 + /* We need to ensure that we set this back on if someone changed 301 301 + * the scan mode through a raw HCI socket. 302 302 + */ 303 303 + set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 304 304 + 300 305 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags); 301 306 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags); 302 307 ··· 999 994 return; 1000 995 1001 996 if (!status) { 1002 1002 - if (sent->le) 997 997 + if (sent->le) { 1003 998 hdev->features[1][0] |= LMP_HOST_LE; 1004 1004 - else 999 999 + set_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1000 1000 + } else { 1005 1001 hdev->features[1][0] &= ~LMP_HOST_LE; 1002 1002 + clear_bit(HCI_LE_ENABLED, &hdev->dev_flags); 1003 1003 + clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 1004 1004 + } 1006 1005 1007 1006 if (sent->simul) 1008 1007 hdev->features[1][0] |= LMP_HOST_LE_BREDR; 1009 1008 else 1010 1009 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; 1011 1010 } 1012 1012 - 1013 1013 - if (test_bit(HCI_MGMT, &hdev->dev_flags) && 1014 1014 - !test_bit(HCI_INIT, &hdev->flags)) 1015 1015 - mgmt_le_enable_complete(hdev, sent->le, status); 1016 1011 } 1017 1012 1018 1013 static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev, ··· 3562 3557 cp.handle = cpu_to_le16(conn->handle); 3563 3558 3564 3559 if (ltk->authenticated) 3565 3565 - conn->sec_level = BT_SECURITY_HIGH; 3560 3560 + conn->pending_sec_level = BT_SECURITY_HIGH; 3561 3561 + else 3562 3562 + conn->pending_sec_level = BT_SECURITY_MEDIUM; 3563 3563 + 3564 3564 + conn->enc_key_size = ltk->enc_size; 3566 3565 3567 3566 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); 3568 3567

+160 -44

net/bluetooth/hci_sock.c

reviewed

··· 66 66 .lock = __RW_LOCK_UNLOCKED(hci_sk_list.lock) 67 67 }; 68 68 69 69 + static bool is_filtered_packet(struct sock *sk, struct sk_buff *skb) 70 70 + { 71 71 + struct hci_filter *flt; 72 72 + int flt_type, flt_event; 73 73 + 74 74 + /* Apply filter */ 75 75 + flt = &hci_pi(sk)->filter; 76 76 + 77 77 + if (bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) 78 78 + flt_type = 0; 79 79 + else 80 80 + flt_type = bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS; 81 81 + 82 82 + if (!test_bit(flt_type, &flt->type_mask)) 83 83 + return true; 84 84 + 85 85 + /* Extra filter for event packets only */ 86 86 + if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT) 87 87 + return false; 88 88 + 89 89 + flt_event = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); 90 90 + 91 91 + if (!hci_test_bit(flt_event, &flt->event_mask)) 92 92 + return true; 93 93 + 94 94 + /* Check filter only when opcode is set */ 95 95 + if (!flt->opcode) 96 96 + return false; 97 97 + 98 98 + if (flt_event == HCI_EV_CMD_COMPLETE && 99 99 + flt->opcode != get_unaligned((__le16 *)(skb->data + 3))) 100 100 + return true; 101 101 + 102 102 + if (flt_event == HCI_EV_CMD_STATUS && 103 103 + flt->opcode != get_unaligned((__le16 *)(skb->data + 4))) 104 104 + return true; 105 105 + 106 106 + return false; 107 107 + } 108 108 + 69 109 /* Send frame to RAW socket */ 70 110 void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) 71 111 { ··· 117 77 read_lock(&hci_sk_list.lock); 118 78 119 79 sk_for_each(sk, &hci_sk_list.head) { 120 120 - struct hci_filter *flt; 121 80 struct sk_buff *nskb; 122 81 123 82 if (sk->sk_state != BT_BOUND || hci_pi(sk)->hdev != hdev) ··· 126 87 if (skb->sk == sk) 127 88 continue; 128 89 129 129 - if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) 130 130 - continue; 131 131 - 132 132 - /* Apply filter */ 133 133 - flt = &hci_pi(sk)->filter; 134 134 - 135 135 - if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ? 136 136 - 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), 137 137 - &flt->type_mask)) 138 138 - continue; 139 139 - 140 140 - if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) { 141 141 - int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); 142 142 - 143 143 - if (!hci_test_bit(evt, &flt->event_mask)) 90 90 + if (hci_pi(sk)->channel == HCI_CHANNEL_RAW) { 91 91 + if (is_filtered_packet(sk, skb)) 144 92 continue; 145 145 - 146 146 - if (flt->opcode && 147 147 - ((evt == HCI_EV_CMD_COMPLETE && 148 148 - flt->opcode != 149 149 - get_unaligned((__le16 *)(skb->data + 3))) || 150 150 - (evt == HCI_EV_CMD_STATUS && 151 151 - flt->opcode != 152 152 - get_unaligned((__le16 *)(skb->data + 4))))) 93 93 + } else if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { 94 94 + if (!bt_cb(skb)->incoming) 153 95 continue; 96 96 + if (bt_cb(skb)->pkt_type != HCI_EVENT_PKT && 97 97 + bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT && 98 98 + bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) 99 99 + continue; 100 100 + } else { 101 101 + /* Don't send frame to other channel types */ 102 102 + continue; 154 103 } 155 104 156 105 if (!skb_copy) { ··· 453 426 bt_sock_unlink(&hci_sk_list, sk); 454 427 455 428 if (hdev) { 429 429 + if (hci_pi(sk)->channel == HCI_CHANNEL_USER) { 430 430 + mgmt_index_added(hdev); 431 431 + clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags); 432 432 + hci_dev_close(hdev->id); 433 433 + } 434 434 + 456 435 atomic_dec(&hdev->promisc); 457 436 hci_dev_put(hdev); 458 437 } ··· 515 482 if (!hdev) 516 483 return -EBADFD; 517 484 485 485 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) 486 486 + return -EBUSY; 487 487 + 518 488 switch (cmd) { 519 489 case HCISETRAW: 520 490 if (!capable(CAP_NET_ADMIN)) ··· 548 512 if (!capable(CAP_NET_ADMIN)) 549 513 return -EPERM; 550 514 return hci_sock_blacklist_del(hdev, (void __user *) arg); 551 551 - 552 552 - default: 553 553 - if (hdev->ioctl) 554 554 - return hdev->ioctl(hdev, cmd, arg); 555 555 - return -EINVAL; 556 515 } 516 516 + 517 517 + if (hdev->ioctl) 518 518 + return hdev->ioctl(hdev, cmd, arg); 519 519 + 520 520 + return -EINVAL; 557 521 } 558 522 559 523 static int hci_sock_ioctl(struct socket *sock, unsigned int cmd, 560 524 unsigned long arg) 561 525 { 562 562 - struct sock *sk = sock->sk; 563 526 void __user *argp = (void __user *) arg; 527 527 + struct sock *sk = sock->sk; 564 528 int err; 565 529 566 530 BT_DBG("cmd %x arg %lx", cmd, arg); 531 531 + 532 532 + lock_sock(sk); 533 533 + 534 534 + if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { 535 535 + err = -EBADFD; 536 536 + goto done; 537 537 + } 538 538 + 539 539 + release_sock(sk); 567 540 568 541 switch (cmd) { 569 542 case HCIGETDEVLIST: ··· 618 573 619 574 case HCIINQUIRY: 620 575 return hci_inquiry(argp); 621 621 - 622 622 - default: 623 623 - lock_sock(sk); 624 624 - err = hci_sock_bound_ioctl(sk, cmd, arg); 625 625 - release_sock(sk); 626 626 - return err; 627 576 } 577 577 + 578 578 + lock_sock(sk); 579 579 + 580 580 + err = hci_sock_bound_ioctl(sk, cmd, arg); 581 581 + 582 582 + done: 583 583 + release_sock(sk); 584 584 + return err; 628 585 } 629 586 630 587 static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, ··· 672 625 673 626 atomic_inc(&hdev->promisc); 674 627 } 628 628 + 629 629 + hci_pi(sk)->hdev = hdev; 630 630 + break; 631 631 + 632 632 + case HCI_CHANNEL_USER: 633 633 + if (hci_pi(sk)->hdev) { 634 634 + err = -EALREADY; 635 635 + goto done; 636 636 + } 637 637 + 638 638 + if (haddr.hci_dev == HCI_DEV_NONE) { 639 639 + err = -EINVAL; 640 640 + goto done; 641 641 + } 642 642 + 643 643 + if (!capable(CAP_NET_ADMIN)) { 644 644 + err = -EPERM; 645 645 + goto done; 646 646 + } 647 647 + 648 648 + hdev = hci_dev_get(haddr.hci_dev); 649 649 + if (!hdev) { 650 650 + err = -ENODEV; 651 651 + goto done; 652 652 + } 653 653 + 654 654 + if (test_bit(HCI_UP, &hdev->flags) || 655 655 + test_bit(HCI_INIT, &hdev->flags) || 656 656 + test_bit(HCI_SETUP, &hdev->dev_flags)) { 657 657 + err = -EBUSY; 658 658 + hci_dev_put(hdev); 659 659 + goto done; 660 660 + } 661 661 + 662 662 + if (test_and_set_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 663 663 + err = -EUSERS; 664 664 + hci_dev_put(hdev); 665 665 + goto done; 666 666 + } 667 667 + 668 668 + mgmt_index_removed(hdev); 669 669 + 670 670 + err = hci_dev_open(hdev->id); 671 671 + if (err) { 672 672 + clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags); 673 673 + hci_dev_put(hdev); 674 674 + goto done; 675 675 + } 676 676 + 677 677 + atomic_inc(&hdev->promisc); 675 678 676 679 hci_pi(sk)->hdev = hdev; 677 680 break; ··· 774 677 { 775 678 struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr; 776 679 struct sock *sk = sock->sk; 777 777 - struct hci_dev *hdev = hci_pi(sk)->hdev; 680 680 + struct hci_dev *hdev; 681 681 + int err = 0; 778 682 779 683 BT_DBG("sock %p sk %p", sock, sk); 780 684 781 781 - if (!hdev) 782 782 - return -EBADFD; 685 685 + if (peer) 686 686 + return -EOPNOTSUPP; 783 687 784 688 lock_sock(sk); 689 689 + 690 690 + hdev = hci_pi(sk)->hdev; 691 691 + if (!hdev) { 692 692 + err = -EBADFD; 693 693 + goto done; 694 694 + } 785 695 786 696 *addr_len = sizeof(*haddr); 787 697 haddr->hci_family = AF_BLUETOOTH; 788 698 haddr->hci_dev = hdev->id; 789 789 - haddr->hci_channel= 0; 699 699 + haddr->hci_channel= hci_pi(sk)->channel; 790 700 701 701 + done: 791 702 release_sock(sk); 792 792 - return 0; 703 703 + return err; 793 704 } 794 705 795 706 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, ··· 872 767 case HCI_CHANNEL_RAW: 873 768 hci_sock_cmsg(sk, msg, skb); 874 769 break; 770 770 + case HCI_CHANNEL_USER: 875 771 case HCI_CHANNEL_CONTROL: 876 772 case HCI_CHANNEL_MONITOR: 877 773 sock_recv_timestamp(msg, sk, skb); ··· 907 801 908 802 switch (hci_pi(sk)->channel) { 909 803 case HCI_CHANNEL_RAW: 804 804 + case HCI_CHANNEL_USER: 910 805 break; 911 806 case HCI_CHANNEL_CONTROL: 912 807 err = mgmt_control(sk, msg, len); ··· 944 837 skb_pull(skb, 1); 945 838 skb->dev = (void *) hdev; 946 839 947 947 - if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) { 840 840 + if (hci_pi(sk)->channel == HCI_CHANNEL_RAW && 841 841 + bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) { 948 842 u16 opcode = get_unaligned_le16(skb->data); 949 843 u16 ogf = hci_opcode_ogf(opcode); 950 844 u16 ocf = hci_opcode_ocf(opcode); ··· 976 868 goto drop; 977 869 } 978 870 871 871 + if (hci_pi(sk)->channel == HCI_CHANNEL_USER && 872 872 + bt_cb(skb)->pkt_type != HCI_COMMAND_PKT && 873 873 + bt_cb(skb)->pkt_type != HCI_ACLDATA_PKT && 874 874 + bt_cb(skb)->pkt_type != HCI_SCODATA_PKT) { 875 875 + err = -EINVAL; 876 876 + goto drop; 877 877 + } 878 878 + 979 879 skb_queue_tail(&hdev->raw_q, skb); 980 880 queue_work(hdev->workqueue, &hdev->tx_work); 981 881 } ··· 1011 895 lock_sock(sk); 1012 896 1013 897 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { 1014 1014 - err = -EINVAL; 898 898 + err = -EBADFD; 1015 899 goto done; 1016 900 } 1017 901 ··· 1097 981 lock_sock(sk); 1098 982 1099 983 if (hci_pi(sk)->channel != HCI_CHANNEL_RAW) { 1100 1100 - err = -EINVAL; 984 984 + err = -EBADFD; 1101 985 goto done; 1102 986 } 1103 987

+104 -71

net/bluetooth/l2cap_core.c

reviewed

··· 1016 1016 { 1017 1017 struct l2cap_conn *conn = chan->conn; 1018 1018 1019 1019 - if (enable_hs && 1020 1020 - hci_amp_capable() && 1019 1019 + if (conn->hs_enabled && hci_amp_capable() && 1021 1020 chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED && 1022 1021 conn->fixed_chan_mask & L2CAP_FC_A2MP) 1023 1022 return true; 1024 1024 - else 1025 1025 - return false; 1023 1023 + 1024 1024 + return false; 1026 1025 } 1027 1026 1028 1027 static bool l2cap_check_efs(struct l2cap_chan *chan) ··· 1636 1637 conn->dst = &hcon->dst; 1637 1638 1638 1639 conn->feat_mask = 0; 1640 1640 + 1641 1641 + if (hcon->type == ACL_LINK) 1642 1642 + conn->hs_enabled = test_bit(HCI_HS_ENABLED, 1643 1643 + &hcon->hdev->dev_flags); 1639 1644 1640 1645 spin_lock_init(&conn->lock); 1641 1646 mutex_init(&conn->chan_lock); ··· 3087 3084 } 3088 3085 } 3089 3086 3090 3090 - static inline bool __l2cap_ews_supported(struct l2cap_chan *chan) 3087 3087 + static inline bool __l2cap_ews_supported(struct l2cap_conn *conn) 3091 3088 { 3092 3092 - return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW; 3089 3089 + return conn->hs_enabled && conn->feat_mask & L2CAP_FEAT_EXT_WINDOW; 3093 3090 } 3094 3091 3095 3095 - static inline bool __l2cap_efs_supported(struct l2cap_chan *chan) 3092 3092 + static inline bool __l2cap_efs_supported(struct l2cap_conn *conn) 3096 3093 { 3097 3097 - return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW; 3094 3094 + return conn->hs_enabled && conn->feat_mask & L2CAP_FEAT_EXT_FLOW; 3098 3095 } 3099 3096 3100 3097 static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan, ··· 3138 3135 static inline void l2cap_txwin_setup(struct l2cap_chan *chan) 3139 3136 { 3140 3137 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW && 3141 3141 - __l2cap_ews_supported(chan)) { 3138 3138 + __l2cap_ews_supported(chan->conn)) { 3142 3139 /* use extended control field */ 3143 3140 set_bit(FLAG_EXT_CTRL, &chan->flags); 3144 3141 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; ··· 3168 3165 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) 3169 3166 break; 3170 3167 3171 3171 - if (__l2cap_efs_supported(chan)) 3168 3168 + if (__l2cap_efs_supported(chan->conn)) 3172 3169 set_bit(FLAG_EFS_ENABLE, &chan->flags); 3173 3170 3174 3171 /* fall through */ ··· 3320 3317 break; 3321 3318 3322 3319 case L2CAP_CONF_EWS: 3323 3323 - if (!enable_hs) 3320 3320 + if (!chan->conn->hs_enabled) 3324 3321 return -ECONNREFUSED; 3325 3322 3326 3323 set_bit(FLAG_EXT_CTRL, &chan->flags); ··· 3352 3349 } 3353 3350 3354 3351 if (remote_efs) { 3355 3355 - if (__l2cap_efs_supported(chan)) 3352 3352 + if (__l2cap_efs_supported(chan->conn)) 3356 3353 set_bit(FLAG_EFS_ENABLE, &chan->flags); 3357 3354 else 3358 3355 return -ECONNREFUSED; ··· 3758 3755 3759 3756 sk = chan->sk; 3760 3757 3758 3758 + /* For certain devices (ex: HID mouse), support for authentication, 3759 3759 + * pairing and bonding is optional. For such devices, inorder to avoid 3760 3760 + * the ACL alive for too long after L2CAP disconnection, reset the ACL 3761 3761 + * disc_timeout back to HCI_DISCONN_TIMEOUT during L2CAP connect. 3762 3762 + */ 3763 3763 + conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT; 3764 3764 + 3761 3765 bacpy(&bt_sk(sk)->src, conn->src); 3762 3766 bacpy(&bt_sk(sk)->dst, conn->dst); 3763 3767 chan->psm = psm; ··· 3894 3884 if (scid) { 3895 3885 chan = __l2cap_get_chan_by_scid(conn, scid); 3896 3886 if (!chan) { 3897 3897 - err = -EFAULT; 3887 3887 + err = -EBADSLT; 3898 3888 goto unlock; 3899 3889 } 3900 3890 } else { 3901 3891 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); 3902 3892 if (!chan) { 3903 3903 - err = -EFAULT; 3893 3893 + err = -EBADSLT; 3904 3894 goto unlock; 3905 3895 } 3906 3896 } ··· 3988 3978 3989 3979 chan = l2cap_get_chan_by_scid(conn, dcid); 3990 3980 if (!chan) 3991 3991 - return -ENOENT; 3981 3981 + return -EBADSLT; 3992 3982 3993 3983 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) { 3994 3984 struct l2cap_cmd_rej_cid rej; ··· 4216 4206 chan = __l2cap_get_chan_by_scid(conn, dcid); 4217 4207 if (!chan) { 4218 4208 mutex_unlock(&conn->chan_lock); 4219 4219 - return 0; 4209 4209 + return -EBADSLT; 4220 4210 } 4221 4211 4222 4212 l2cap_chan_lock(chan); ··· 4306 4296 if (!disable_ertm) 4307 4297 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 4308 4298 | L2CAP_FEAT_FCS; 4309 4309 - if (enable_hs) 4299 4299 + if (conn->hs_enabled) 4310 4300 feat_mask |= L2CAP_FEAT_EXT_FLOW 4311 4301 | L2CAP_FEAT_EXT_WINDOW; 4312 4302 ··· 4317 4307 u8 buf[12]; 4318 4308 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf; 4319 4309 4320 4320 - if (enable_hs) 4310 4310 + if (conn->hs_enabled) 4321 4311 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP; 4322 4312 else 4323 4313 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP; ··· 4414 4404 if (cmd_len != sizeof(*req)) 4415 4405 return -EPROTO; 4416 4406 4417 4417 - if (!enable_hs) 4407 4407 + if (!conn->hs_enabled) 4418 4408 return -EINVAL; 4419 4409 4420 4410 psm = le16_to_cpu(req->psm); ··· 4448 4438 hs_hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, conn->dst); 4449 4439 if (!hs_hcon) { 4450 4440 hci_dev_put(hdev); 4451 4451 - return -EFAULT; 4441 4441 + return -EBADSLT; 4452 4442 } 4453 4443 4454 4444 BT_DBG("mgr %p bredr_chan %p hs_hcon %p", mgr, chan, hs_hcon); ··· 4472 4462 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP, 4473 4463 sizeof(rsp), &rsp); 4474 4464 4475 4475 - return -EFAULT; 4465 4465 + return 0; 4476 4466 } 4477 4467 4478 4468 static void l2cap_send_move_chan_req(struct l2cap_chan *chan, u8 dest_amp_id) ··· 4841 4831 4842 4832 BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id); 4843 4833 4844 4844 - if (!enable_hs) 4834 4834 + if (!conn->hs_enabled) 4845 4835 return -EINVAL; 4846 4836 4847 4837 chan = l2cap_get_chan_by_dcid(conn, icid); ··· 5222 5212 5223 5213 case L2CAP_CONN_RSP: 5224 5214 case L2CAP_CREATE_CHAN_RSP: 5225 5225 - err = l2cap_connect_create_rsp(conn, cmd, cmd_len, data); 5215 5215 + l2cap_connect_create_rsp(conn, cmd, cmd_len, data); 5226 5216 break; 5227 5217 5228 5218 case L2CAP_CONF_REQ: ··· 5230 5220 break; 5231 5221 5232 5222 case L2CAP_CONF_RSP: 5233 5233 - err = l2cap_config_rsp(conn, cmd, cmd_len, data); 5223 5223 + l2cap_config_rsp(conn, cmd, cmd_len, data); 5234 5224 break; 5235 5225 5236 5226 case L2CAP_DISCONN_REQ: ··· 5238 5228 break; 5239 5229 5240 5230 case L2CAP_DISCONN_RSP: 5241 5241 - err = l2cap_disconnect_rsp(conn, cmd, cmd_len, data); 5231 5231 + l2cap_disconnect_rsp(conn, cmd, cmd_len, data); 5242 5232 break; 5243 5233 5244 5234 case L2CAP_ECHO_REQ: ··· 5253 5243 break; 5254 5244 5255 5245 case L2CAP_INFO_RSP: 5256 5256 - err = l2cap_information_rsp(conn, cmd, cmd_len, data); 5246 5246 + l2cap_information_rsp(conn, cmd, cmd_len, data); 5257 5247 break; 5258 5248 5259 5249 case L2CAP_CREATE_CHAN_REQ: ··· 5265 5255 break; 5266 5256 5267 5257 case L2CAP_MOVE_CHAN_RSP: 5268 5268 - err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data); 5258 5258 + l2cap_move_channel_rsp(conn, cmd, cmd_len, data); 5269 5259 break; 5270 5260 5271 5261 case L2CAP_MOVE_CHAN_CFM: ··· 5273 5263 break; 5274 5264 5275 5265 case L2CAP_MOVE_CHAN_CFM_RSP: 5276 5276 - err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data); 5266 5266 + l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data); 5277 5267 break; 5278 5268 5279 5269 default: ··· 5304 5294 } 5305 5295 } 5306 5296 5297 5297 + static __le16 l2cap_err_to_reason(int err) 5298 5298 + { 5299 5299 + switch (err) { 5300 5300 + case -EBADSLT: 5301 5301 + return __constant_cpu_to_le16(L2CAP_REJ_INVALID_CID); 5302 5302 + case -EMSGSIZE: 5303 5303 + return __constant_cpu_to_le16(L2CAP_REJ_MTU_EXCEEDED); 5304 5304 + case -EINVAL: 5305 5305 + case -EPROTO: 5306 5306 + default: 5307 5307 + return __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); 5308 5308 + } 5309 5309 + } 5310 5310 + 5307 5311 static inline void l2cap_le_sig_channel(struct l2cap_conn *conn, 5308 5312 struct sk_buff *skb) 5309 5313 { 5310 5310 - u8 *data = skb->data; 5311 5311 - int len = skb->len; 5312 5312 - struct l2cap_cmd_hdr cmd; 5314 5314 + struct hci_conn *hcon = conn->hcon; 5315 5315 + struct l2cap_cmd_hdr *cmd; 5316 5316 + u16 len; 5313 5317 int err; 5314 5318 5315 5315 - l2cap_raw_recv(conn, skb); 5319 5319 + if (hcon->type != LE_LINK) 5320 5320 + goto drop; 5316 5321 5317 5317 - while (len >= L2CAP_CMD_HDR_SIZE) { 5318 5318 - u16 cmd_len; 5319 5319 - memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE); 5320 5320 - data += L2CAP_CMD_HDR_SIZE; 5321 5321 - len -= L2CAP_CMD_HDR_SIZE; 5322 5322 + if (skb->len < L2CAP_CMD_HDR_SIZE) 5323 5323 + goto drop; 5322 5324 5323 5323 - cmd_len = le16_to_cpu(cmd.len); 5325 5325 + cmd = (void *) skb->data; 5326 5326 + skb_pull(skb, L2CAP_CMD_HDR_SIZE); 5324 5327 5325 5325 - BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, 5326 5326 - cmd.ident); 5328 5328 + len = le16_to_cpu(cmd->len); 5327 5329 5328 5328 - if (cmd_len > len || !cmd.ident) { 5329 5329 - BT_DBG("corrupted command"); 5330 5330 - break; 5331 5331 - } 5330 5330 + BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd->code, len, cmd->ident); 5332 5331 5333 5333 - err = l2cap_le_sig_cmd(conn, &cmd, data); 5334 5334 - if (err) { 5335 5335 - struct l2cap_cmd_rej_unk rej; 5336 5336 - 5337 5337 - BT_ERR("Wrong link type (%d)", err); 5338 5338 - 5339 5339 - /* FIXME: Map err to a valid reason */ 5340 5340 - rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); 5341 5341 - l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, 5342 5342 - sizeof(rej), &rej); 5343 5343 - } 5344 5344 - 5345 5345 - data += cmd_len; 5346 5346 - len -= cmd_len; 5332 5332 + if (len != skb->len || !cmd->ident) { 5333 5333 + BT_DBG("corrupted command"); 5334 5334 + goto drop; 5347 5335 } 5348 5336 5337 5337 + err = l2cap_le_sig_cmd(conn, cmd, skb->data); 5338 5338 + if (err) { 5339 5339 + struct l2cap_cmd_rej_unk rej; 5340 5340 + 5341 5341 + BT_ERR("Wrong link type (%d)", err); 5342 5342 + 5343 5343 + rej.reason = l2cap_err_to_reason(err); 5344 5344 + l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, 5345 5345 + sizeof(rej), &rej); 5346 5346 + } 5347 5347 + 5348 5348 + drop: 5349 5349 kfree_skb(skb); 5350 5350 } 5351 5351 5352 5352 static inline void l2cap_sig_channel(struct l2cap_conn *conn, 5353 5353 struct sk_buff *skb) 5354 5354 { 5355 5355 + struct hci_conn *hcon = conn->hcon; 5355 5356 u8 *data = skb->data; 5356 5357 int len = skb->len; 5357 5358 struct l2cap_cmd_hdr cmd; 5358 5359 int err; 5359 5360 5360 5361 l2cap_raw_recv(conn, skb); 5362 5362 + 5363 5363 + if (hcon->type != ACL_LINK) 5364 5364 + goto drop; 5361 5365 5362 5366 while (len >= L2CAP_CMD_HDR_SIZE) { 5363 5367 u16 cmd_len; ··· 5395 5371 5396 5372 BT_ERR("Wrong link type (%d)", err); 5397 5373 5398 5398 - /* FIXME: Map err to a valid reason */ 5399 5399 - rej.reason = __constant_cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD); 5374 5374 + rej.reason = l2cap_err_to_reason(err); 5400 5375 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, 5401 5376 sizeof(rej), &rej); 5402 5377 } ··· 5404 5381 len -= cmd_len; 5405 5382 } 5406 5383 5384 5384 + drop: 5407 5385 kfree_skb(skb); 5408 5386 } 5409 5387 ··· 5801 5777 struct sk_buff *skb, u8 event) 5802 5778 { 5803 5779 int err = 0; 5804 5804 - bool skb_in_use = 0; 5780 5780 + bool skb_in_use = false; 5805 5781 5806 5782 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb, 5807 5783 event); ··· 5822 5798 control->txseq); 5823 5799 5824 5800 chan->buffer_seq = chan->expected_tx_seq; 5825 5825 - skb_in_use = 1; 5801 5801 + skb_in_use = true; 5826 5802 5827 5803 err = l2cap_reassemble_sdu(chan, skb, control); 5828 5804 if (err) ··· 5858 5834 * current frame is stored for later use. 5859 5835 */ 5860 5836 skb_queue_tail(&chan->srej_q, skb); 5861 5861 - skb_in_use = 1; 5837 5837 + skb_in_use = true; 5862 5838 BT_DBG("Queued %p (queue len %d)", skb, 5863 5839 skb_queue_len(&chan->srej_q)); 5864 5840 ··· 5936 5912 { 5937 5913 int err = 0; 5938 5914 u16 txseq = control->txseq; 5939 5939 - bool skb_in_use = 0; 5915 5915 + bool skb_in_use = false; 5940 5916 5941 5917 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb, 5942 5918 event); ··· 5948 5924 /* Keep frame for reassembly later */ 5949 5925 l2cap_pass_to_tx(chan, control); 5950 5926 skb_queue_tail(&chan->srej_q, skb); 5951 5951 - skb_in_use = 1; 5927 5927 + skb_in_use = true; 5952 5928 BT_DBG("Queued %p (queue len %d)", skb, 5953 5929 skb_queue_len(&chan->srej_q)); 5954 5930 ··· 5959 5935 5960 5936 l2cap_pass_to_tx(chan, control); 5961 5937 skb_queue_tail(&chan->srej_q, skb); 5962 5962 - skb_in_use = 1; 5938 5938 + skb_in_use = true; 5963 5939 BT_DBG("Queued %p (queue len %d)", skb, 5964 5940 skb_queue_len(&chan->srej_q)); 5965 5941 ··· 5974 5950 * the missing frames. 5975 5951 */ 5976 5952 skb_queue_tail(&chan->srej_q, skb); 5977 5977 - skb_in_use = 1; 5953 5953 + skb_in_use = true; 5978 5954 BT_DBG("Queued %p (queue len %d)", skb, 5979 5955 skb_queue_len(&chan->srej_q)); 5980 5956 ··· 5988 5964 * SREJ'd frames. 5989 5965 */ 5990 5966 skb_queue_tail(&chan->srej_q, skb); 5991 5991 - skb_in_use = 1; 5967 5967 + skb_in_use = true; 5992 5968 BT_DBG("Queued %p (queue len %d)", skb, 5993 5969 skb_queue_len(&chan->srej_q)); 5994 5970 ··· 6397 6373 static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, 6398 6374 struct sk_buff *skb) 6399 6375 { 6376 6376 + struct hci_conn *hcon = conn->hcon; 6400 6377 struct l2cap_chan *chan; 6378 6378 + 6379 6379 + if (hcon->type != ACL_LINK) 6380 6380 + goto drop; 6401 6381 6402 6382 chan = l2cap_global_chan_by_psm(0, psm, conn->src, conn->dst); 6403 6383 if (!chan) ··· 6425 6397 static void l2cap_att_channel(struct l2cap_conn *conn, 6426 6398 struct sk_buff *skb) 6427 6399 { 6400 6400 + struct hci_conn *hcon = conn->hcon; 6428 6401 struct l2cap_chan *chan; 6402 6402 + 6403 6403 + if (hcon->type != LE_LINK) 6404 6404 + goto drop; 6429 6405 6430 6406 chan = l2cap_global_chan_by_scid(BT_CONNECTED, L2CAP_CID_ATT, 6431 6407 conn->src, conn->dst); ··· 6466 6434 BT_DBG("len %d, cid 0x%4.4x", len, cid); 6467 6435 6468 6436 switch (cid) { 6469 6469 - case L2CAP_CID_LE_SIGNALING: 6470 6470 - l2cap_le_sig_channel(conn, skb); 6471 6471 - break; 6472 6437 case L2CAP_CID_SIGNALING: 6473 6438 l2cap_sig_channel(conn, skb); 6474 6439 break; ··· 6478 6449 6479 6450 case L2CAP_CID_ATT: 6480 6451 l2cap_att_channel(conn, skb); 6452 6452 + break; 6453 6453 + 6454 6454 + case L2CAP_CID_LE_SIGNALING: 6455 6455 + l2cap_le_sig_channel(conn, skb); 6481 6456 break; 6482 6457 6483 6458 case L2CAP_CID_SMP:

+8 -12

net/bluetooth/l2cap_sock.c

reviewed

··· 445 445 break; 446 446 447 447 case BT_CHANNEL_POLICY: 448 448 - if (!enable_hs) { 449 449 - err = -ENOPROTOOPT; 450 450 - break; 451 451 - } 452 452 - 453 448 if (put_user(chan->chan_policy, (u32 __user *) optval)) 454 449 err = -EFAULT; 455 450 break; ··· 715 720 break; 716 721 717 722 case BT_CHANNEL_POLICY: 718 718 - if (!enable_hs) { 719 719 - err = -ENOPROTOOPT; 720 720 - break; 721 721 - } 722 722 - 723 723 if (get_user(opt, (u32 __user *) optval)) { 724 724 err = -EFAULT; 725 725 break; ··· 767 777 if (sk->sk_state != BT_CONNECTED) 768 778 return -ENOTCONN; 769 779 780 780 + lock_sock(sk); 781 781 + err = bt_sock_wait_ready(sk, msg->msg_flags); 782 782 + release_sock(sk); 783 783 + if (err) 784 784 + return err; 785 785 + 770 786 l2cap_chan_lock(chan); 771 787 err = l2cap_chan_send(chan, msg, len, sk->sk_priority); 772 788 l2cap_chan_unlock(chan); ··· 795 799 pi->chan->state = BT_CONFIG; 796 800 797 801 __l2cap_connect_rsp_defer(pi->chan); 798 798 - release_sock(sk); 799 799 - return 0; 802 802 + err = 0; 803 803 + goto done; 800 804 } 801 805 802 806 release_sock(sk);

+448 -114

net/bluetooth/mgmt.c

reviewed

··· 32 32 #include <net/bluetooth/mgmt.h> 33 33 #include <net/bluetooth/smp.h> 34 34 35 35 - bool enable_hs; 36 36 - 37 35 #define MGMT_VERSION 1 38 38 - #define MGMT_REVISION 3 36 36 + #define MGMT_REVISION 4 39 37 40 38 static const u16 mgmt_commands[] = { 41 39 MGMT_OP_READ_INDEX_LIST, ··· 74 76 MGMT_OP_BLOCK_DEVICE, 75 77 MGMT_OP_UNBLOCK_DEVICE, 76 78 MGMT_OP_SET_DEVICE_ID, 79 79 + MGMT_OP_SET_ADVERTISING, 80 80 + MGMT_OP_SET_BREDR, 81 81 + MGMT_OP_SET_STATIC_ADDRESS, 77 82 }; 78 83 79 84 static const u16 mgmt_events[] = { ··· 340 339 if (test_bit(HCI_SETUP, &d->dev_flags)) 341 340 continue; 342 341 342 342 + if (test_bit(HCI_USER_CHANNEL, &d->dev_flags)) 343 343 + continue; 344 344 + 343 345 if (!mgmt_valid_hdev(d)) 344 346 continue; 345 347 ··· 380 376 settings |= MGMT_SETTING_DISCOVERABLE; 381 377 settings |= MGMT_SETTING_BREDR; 382 378 settings |= MGMT_SETTING_LINK_SECURITY; 379 379 + settings |= MGMT_SETTING_HS; 383 380 } 384 381 385 385 - if (enable_hs) 386 386 - settings |= MGMT_SETTING_HS; 387 387 - 388 388 - if (lmp_le_capable(hdev)) 382 382 + if (lmp_le_capable(hdev)) { 389 383 settings |= MGMT_SETTING_LE; 384 384 + settings |= MGMT_SETTING_ADVERTISING; 385 385 + } 390 386 391 387 return settings; 392 388 } ··· 410 406 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 411 407 settings |= MGMT_SETTING_PAIRABLE; 412 408 413 413 - if (lmp_bredr_capable(hdev)) 409 409 + if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 414 410 settings |= MGMT_SETTING_BREDR; 415 411 416 412 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) ··· 424 420 425 421 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags)) 426 422 settings |= MGMT_SETTING_HS; 423 423 + 424 424 + if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) 425 425 + settings |= MGMT_SETTING_ADVERTISING; 427 426 428 427 return settings; 429 428 } ··· 811 804 812 805 hci_dev_lock(hdev); 813 806 807 807 + if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 808 808 + err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 809 809 + MGMT_STATUS_BUSY); 810 810 + goto failed; 811 811 + } 812 812 + 814 813 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { 815 814 cancel_delayed_work(&hdev->power_off); 816 815 ··· 830 817 831 818 if (!!cp->val == hdev_is_powered(hdev)) { 832 819 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 833 833 - goto failed; 834 834 - } 835 835 - 836 836 - if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 837 837 - err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED, 838 838 - MGMT_STATUS_BUSY); 839 820 goto failed; 840 821 } 841 822 ··· 890 883 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip); 891 884 } 892 885 886 886 + struct cmd_lookup { 887 887 + struct sock *sk; 888 888 + struct hci_dev *hdev; 889 889 + u8 mgmt_status; 890 890 + }; 891 891 + 892 892 + static void settings_rsp(struct pending_cmd *cmd, void *data) 893 893 + { 894 894 + struct cmd_lookup *match = data; 895 895 + 896 896 + send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 897 897 + 898 898 + list_del(&cmd->list); 899 899 + 900 900 + if (match->sk == NULL) { 901 901 + match->sk = cmd->sk; 902 902 + sock_hold(match->sk); 903 903 + } 904 904 + 905 905 + mgmt_pending_free(cmd); 906 906 + } 907 907 + 908 908 + static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 909 909 + { 910 910 + u8 *status = data; 911 911 + 912 912 + cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 913 913 + mgmt_pending_remove(cmd); 914 914 + } 915 915 + 916 916 + static u8 mgmt_bredr_support(struct hci_dev *hdev) 917 917 + { 918 918 + if (!lmp_bredr_capable(hdev)) 919 919 + return MGMT_STATUS_NOT_SUPPORTED; 920 920 + else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 921 921 + return MGMT_STATUS_REJECTED; 922 922 + else 923 923 + return MGMT_STATUS_SUCCESS; 924 924 + } 925 925 + 926 926 + static u8 mgmt_le_support(struct hci_dev *hdev) 927 927 + { 928 928 + if (!lmp_le_capable(hdev)) 929 929 + return MGMT_STATUS_NOT_SUPPORTED; 930 930 + else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 931 931 + return MGMT_STATUS_REJECTED; 932 932 + else 933 933 + return MGMT_STATUS_SUCCESS; 934 934 + } 935 935 + 893 936 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data, 894 937 u16 len) 895 938 { 896 939 struct mgmt_cp_set_discoverable *cp = data; 897 940 struct pending_cmd *cmd; 898 941 u16 timeout; 899 899 - u8 scan; 942 942 + u8 scan, status; 900 943 int err; 901 944 902 945 BT_DBG("request for %s", hdev->name); 903 946 904 904 - if (!lmp_bredr_capable(hdev)) 947 947 + status = mgmt_bredr_support(hdev); 948 948 + if (status) 905 949 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, 906 906 - MGMT_STATUS_NOT_SUPPORTED); 950 950 + status); 907 951 908 952 if (cp->val != 0x00 && cp->val != 0x01) 909 953 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE, ··· 1103 1045 struct mgmt_mode *cp = data; 1104 1046 struct pending_cmd *cmd; 1105 1047 struct hci_request req; 1106 1106 - u8 scan; 1048 1048 + u8 scan, status; 1107 1049 int err; 1108 1050 1109 1051 BT_DBG("request for %s", hdev->name); 1110 1052 1111 1111 - if (!lmp_bredr_capable(hdev)) 1053 1053 + status = mgmt_bredr_support(hdev); 1054 1054 + if (status) 1112 1055 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, 1113 1113 - MGMT_STATUS_NOT_SUPPORTED); 1056 1056 + status); 1114 1057 1115 1058 if (cp->val != 0x00 && cp->val != 0x01) 1116 1059 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE, ··· 1227 1168 { 1228 1169 struct mgmt_mode *cp = data; 1229 1170 struct pending_cmd *cmd; 1230 1230 - u8 val; 1171 1171 + u8 val, status; 1231 1172 int err; 1232 1173 1233 1174 BT_DBG("request for %s", hdev->name); 1234 1175 1235 1235 - if (!lmp_bredr_capable(hdev)) 1176 1176 + status = mgmt_bredr_support(hdev); 1177 1177 + if (status) 1236 1178 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, 1237 1237 - MGMT_STATUS_NOT_SUPPORTED); 1179 1179 + status); 1238 1180 1239 1181 if (cp->val != 0x00 && cp->val != 0x01) 1240 1182 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY, ··· 1296 1236 { 1297 1237 struct mgmt_mode *cp = data; 1298 1238 struct pending_cmd *cmd; 1299 1299 - u8 val; 1239 1239 + u8 val, status; 1300 1240 int err; 1301 1241 1302 1242 BT_DBG("request for %s", hdev->name); 1243 1243 + 1244 1244 + status = mgmt_bredr_support(hdev); 1245 1245 + if (status) 1246 1246 + return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status); 1303 1247 1304 1248 if (!lmp_ssp_capable(hdev)) 1305 1249 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, ··· 1366 1302 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 1367 1303 { 1368 1304 struct mgmt_mode *cp = data; 1305 1305 + bool changed; 1306 1306 + u8 status; 1307 1307 + int err; 1369 1308 1370 1309 BT_DBG("request for %s", hdev->name); 1371 1310 1372 1372 - if (!enable_hs) 1373 1373 - return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1374 1374 - MGMT_STATUS_NOT_SUPPORTED); 1311 1311 + status = mgmt_bredr_support(hdev); 1312 1312 + if (status) 1313 1313 + return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 1375 1314 1376 1315 if (cp->val != 0x00 && cp->val != 0x01) 1377 1316 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1378 1317 MGMT_STATUS_INVALID_PARAMS); 1379 1318 1380 1380 - if (cp->val) 1381 1381 - set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1382 1382 - else 1383 1383 - clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1319 1319 + hci_dev_lock(hdev); 1384 1320 1385 1385 - return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1321 1321 + if (cp->val) { 1322 1322 + changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1323 1323 + } else { 1324 1324 + if (hdev_is_powered(hdev)) { 1325 1325 + err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 1326 1326 + MGMT_STATUS_REJECTED); 1327 1327 + goto unlock; 1328 1328 + } 1329 1329 + 1330 1330 + changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 1331 1331 + } 1332 1332 + 1333 1333 + err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 1334 1334 + if (err < 0) 1335 1335 + goto unlock; 1336 1336 + 1337 1337 + if (changed) 1338 1338 + err = new_settings(hdev, sk); 1339 1339 + 1340 1340 + unlock: 1341 1341 + hci_dev_unlock(hdev); 1342 1342 + return err; 1343 1343 + } 1344 1344 + 1345 1345 + static void le_enable_complete(struct hci_dev *hdev, u8 status) 1346 1346 + { 1347 1347 + struct cmd_lookup match = { NULL, hdev }; 1348 1348 + 1349 1349 + if (status) { 1350 1350 + u8 mgmt_err = mgmt_status(status); 1351 1351 + 1352 1352 + mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 1353 1353 + &mgmt_err); 1354 1354 + return; 1355 1355 + } 1356 1356 + 1357 1357 + mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 1358 1358 + 1359 1359 + new_settings(hdev, match.sk); 1360 1360 + 1361 1361 + if (match.sk) 1362 1362 + sock_put(match.sk); 1386 1363 } 1387 1364 1388 1365 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) ··· 1431 1326 struct mgmt_mode *cp = data; 1432 1327 struct hci_cp_write_le_host_supported hci_cp; 1433 1328 struct pending_cmd *cmd; 1329 1329 + struct hci_request req; 1434 1330 int err; 1435 1331 u8 val, enabled; 1436 1332 ··· 1446 1340 MGMT_STATUS_INVALID_PARAMS); 1447 1341 1448 1342 /* LE-only devices do not allow toggling LE on/off */ 1449 1449 - if (!lmp_bredr_capable(hdev)) 1343 1343 + if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 1450 1344 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1451 1345 MGMT_STATUS_REJECTED); 1452 1346 ··· 1463 1357 changed = true; 1464 1358 } 1465 1359 1360 1360 + if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) { 1361 1361 + clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 1362 1362 + changed = true; 1363 1363 + } 1364 1364 + 1466 1365 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev); 1467 1366 if (err < 0) 1468 1367 goto unlock; ··· 1478 1367 goto unlock; 1479 1368 } 1480 1369 1481 1481 - if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) { 1370 1370 + if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) || 1371 1371 + mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) { 1482 1372 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE, 1483 1373 MGMT_STATUS_BUSY); 1484 1374 goto unlock; ··· 1498 1386 hci_cp.simul = lmp_le_br_capable(hdev); 1499 1387 } 1500 1388 1501 1501 - err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1502 1502 - &hci_cp); 1389 1389 + hci_req_init(&req, hdev); 1390 1390 + 1391 1391 + if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val) 1392 1392 + hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val); 1393 1393 + 1394 1394 + hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1395 1395 + &hci_cp); 1396 1396 + 1397 1397 + err = hci_req_run(&req, le_enable_complete); 1503 1398 if (err < 0) 1504 1399 mgmt_pending_remove(cmd); 1505 1400 ··· 1824 1705 struct mgmt_cp_load_link_keys *cp = data; 1825 1706 u16 key_count, expected_len; 1826 1707 int i; 1708 1708 + 1709 1709 + BT_DBG("request for %s", hdev->name); 1710 1710 + 1711 1711 + if (!lmp_bredr_capable(hdev)) 1712 1712 + return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 1713 1713 + MGMT_STATUS_NOT_SUPPORTED); 1827 1714 1828 1715 key_count = __le16_to_cpu(cp->key_count); 1829 1716 ··· 2810 2685 struct hci_request req; 2811 2686 /* General inquiry access code (GIAC) */ 2812 2687 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 2688 2688 + u8 status; 2813 2689 int err; 2814 2690 2815 2691 BT_DBG("%s", hdev->name); ··· 2847 2721 2848 2722 switch (hdev->discovery.type) { 2849 2723 case DISCOV_TYPE_BREDR: 2850 2850 - if (!lmp_bredr_capable(hdev)) { 2724 2724 + status = mgmt_bredr_support(hdev); 2725 2725 + if (status) { 2851 2726 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2852 2852 - MGMT_STATUS_NOT_SUPPORTED); 2727 2727 + status); 2853 2728 mgmt_pending_remove(cmd); 2854 2729 goto failed; 2855 2730 } ··· 2872 2745 2873 2746 case DISCOV_TYPE_LE: 2874 2747 case DISCOV_TYPE_INTERLEAVED: 2875 2875 - if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 2748 2748 + status = mgmt_le_support(hdev); 2749 2749 + if (status) { 2876 2750 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2877 2877 - MGMT_STATUS_NOT_SUPPORTED); 2751 2751 + status); 2878 2752 mgmt_pending_remove(cmd); 2879 2753 goto failed; 2880 2754 } 2881 2755 2882 2756 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED && 2883 2883 - !lmp_bredr_capable(hdev)) { 2757 2757 + !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 2884 2758 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, 2885 2759 MGMT_STATUS_NOT_SUPPORTED); 2886 2760 mgmt_pending_remove(cmd); ··· 3193 3065 return err; 3194 3066 } 3195 3067 3068 3068 + static void set_advertising_complete(struct hci_dev *hdev, u8 status) 3069 3069 + { 3070 3070 + struct cmd_lookup match = { NULL, hdev }; 3071 3071 + 3072 3072 + if (status) { 3073 3073 + u8 mgmt_err = mgmt_status(status); 3074 3074 + 3075 3075 + mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, 3076 3076 + cmd_status_rsp, &mgmt_err); 3077 3077 + return; 3078 3078 + } 3079 3079 + 3080 3080 + mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp, 3081 3081 + &match); 3082 3082 + 3083 3083 + new_settings(hdev, match.sk); 3084 3084 + 3085 3085 + if (match.sk) 3086 3086 + sock_put(match.sk); 3087 3087 + } 3088 3088 + 3089 3089 + static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 3090 3090 + { 3091 3091 + struct mgmt_mode *cp = data; 3092 3092 + struct pending_cmd *cmd; 3093 3093 + struct hci_request req; 3094 3094 + u8 val, enabled, status; 3095 3095 + int err; 3096 3096 + 3097 3097 + BT_DBG("request for %s", hdev->name); 3098 3098 + 3099 3099 + status = mgmt_le_support(hdev); 3100 3100 + if (status) 3101 3101 + return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3102 3102 + status); 3103 3103 + 3104 3104 + if (cp->val != 0x00 && cp->val != 0x01) 3105 3105 + return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3106 3106 + MGMT_STATUS_INVALID_PARAMS); 3107 3107 + 3108 3108 + hci_dev_lock(hdev); 3109 3109 + 3110 3110 + val = !!cp->val; 3111 3111 + enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 3112 3112 + 3113 3113 + if (!hdev_is_powered(hdev) || val == enabled) { 3114 3114 + bool changed = false; 3115 3115 + 3116 3116 + if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) { 3117 3117 + change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags); 3118 3118 + changed = true; 3119 3119 + } 3120 3120 + 3121 3121 + err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev); 3122 3122 + if (err < 0) 3123 3123 + goto unlock; 3124 3124 + 3125 3125 + if (changed) 3126 3126 + err = new_settings(hdev, sk); 3127 3127 + 3128 3128 + goto unlock; 3129 3129 + } 3130 3130 + 3131 3131 + if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) || 3132 3132 + mgmt_pending_find(MGMT_OP_SET_LE, hdev)) { 3133 3133 + err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 3134 3134 + MGMT_STATUS_BUSY); 3135 3135 + goto unlock; 3136 3136 + } 3137 3137 + 3138 3138 + cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len); 3139 3139 + if (!cmd) { 3140 3140 + err = -ENOMEM; 3141 3141 + goto unlock; 3142 3142 + } 3143 3143 + 3144 3144 + hci_req_init(&req, hdev); 3145 3145 + 3146 3146 + hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val); 3147 3147 + 3148 3148 + err = hci_req_run(&req, set_advertising_complete); 3149 3149 + if (err < 0) 3150 3150 + mgmt_pending_remove(cmd); 3151 3151 + 3152 3152 + unlock: 3153 3153 + hci_dev_unlock(hdev); 3154 3154 + return err; 3155 3155 + } 3156 3156 + 3157 3157 + static int set_static_address(struct sock *sk, struct hci_dev *hdev, 3158 3158 + void *data, u16 len) 3159 3159 + { 3160 3160 + struct mgmt_cp_set_static_address *cp = data; 3161 3161 + int err; 3162 3162 + 3163 3163 + BT_DBG("%s", hdev->name); 3164 3164 + 3165 3165 + if (!lmp_le_capable(hdev)) 3166 3166 + return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3167 3167 + MGMT_STATUS_NOT_SUPPORTED); 3168 3168 + 3169 3169 + if (hdev_is_powered(hdev)) 3170 3170 + return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 3171 3171 + MGMT_STATUS_REJECTED); 3172 3172 + 3173 3173 + if (bacmp(&cp->bdaddr, BDADDR_ANY)) { 3174 3174 + if (!bacmp(&cp->bdaddr, BDADDR_NONE)) 3175 3175 + return cmd_status(sk, hdev->id, 3176 3176 + MGMT_OP_SET_STATIC_ADDRESS, 3177 3177 + MGMT_STATUS_INVALID_PARAMS); 3178 3178 + 3179 3179 + /* Two most significant bits shall be set */ 3180 3180 + if ((cp->bdaddr.b[5] & 0xc0) != 0xc0) 3181 3181 + return cmd_status(sk, hdev->id, 3182 3182 + MGMT_OP_SET_STATIC_ADDRESS, 3183 3183 + MGMT_STATUS_INVALID_PARAMS); 3184 3184 + } 3185 3185 + 3186 3186 + hci_dev_lock(hdev); 3187 3187 + 3188 3188 + bacpy(&hdev->static_addr, &cp->bdaddr); 3189 3189 + 3190 3190 + err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0); 3191 3191 + 3192 3192 + hci_dev_unlock(hdev); 3193 3193 + 3194 3194 + return err; 3195 3195 + } 3196 3196 + 3196 3197 static void fast_connectable_complete(struct hci_dev *hdev, u8 status) 3197 3198 { 3198 3199 struct pending_cmd *cmd; ··· 3365 3108 3366 3109 BT_DBG("%s", hdev->name); 3367 3110 3368 3368 - if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2) 3111 3111 + if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) || 3112 3112 + hdev->hci_ver < BLUETOOTH_VER_1_2) 3369 3113 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 3370 3114 MGMT_STATUS_NOT_SUPPORTED); 3371 3115 ··· 3420 3162 return err; 3421 3163 } 3422 3164 3165 3165 + static void set_bredr_complete(struct hci_dev *hdev, u8 status) 3166 3166 + { 3167 3167 + struct pending_cmd *cmd; 3168 3168 + 3169 3169 + BT_DBG("status 0x%02x", status); 3170 3170 + 3171 3171 + hci_dev_lock(hdev); 3172 3172 + 3173 3173 + cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev); 3174 3174 + if (!cmd) 3175 3175 + goto unlock; 3176 3176 + 3177 3177 + if (status) { 3178 3178 + u8 mgmt_err = mgmt_status(status); 3179 3179 + 3180 3180 + /* We need to restore the flag if related HCI commands 3181 3181 + * failed. 3182 3182 + */ 3183 3183 + clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 3184 3184 + 3185 3185 + cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err); 3186 3186 + } else { 3187 3187 + send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev); 3188 3188 + new_settings(hdev, cmd->sk); 3189 3189 + } 3190 3190 + 3191 3191 + mgmt_pending_remove(cmd); 3192 3192 + 3193 3193 + unlock: 3194 3194 + hci_dev_unlock(hdev); 3195 3195 + } 3196 3196 + 3197 3197 + static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 3198 3198 + { 3199 3199 + struct mgmt_mode *cp = data; 3200 3200 + struct pending_cmd *cmd; 3201 3201 + struct hci_request req; 3202 3202 + int err; 3203 3203 + 3204 3204 + BT_DBG("request for %s", hdev->name); 3205 3205 + 3206 3206 + if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev)) 3207 3207 + return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 3208 3208 + MGMT_STATUS_NOT_SUPPORTED); 3209 3209 + 3210 3210 + if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 3211 3211 + return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 3212 3212 + MGMT_STATUS_REJECTED); 3213 3213 + 3214 3214 + if (cp->val != 0x00 && cp->val != 0x01) 3215 3215 + return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 3216 3216 + MGMT_STATUS_INVALID_PARAMS); 3217 3217 + 3218 3218 + hci_dev_lock(hdev); 3219 3219 + 3220 3220 + if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { 3221 3221 + err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 3222 3222 + goto unlock; 3223 3223 + } 3224 3224 + 3225 3225 + if (!hdev_is_powered(hdev)) { 3226 3226 + if (!cp->val) { 3227 3227 + clear_bit(HCI_CONNECTABLE, &hdev->dev_flags); 3228 3228 + clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags); 3229 3229 + clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); 3230 3230 + clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags); 3231 3231 + clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags); 3232 3232 + clear_bit(HCI_HS_ENABLED, &hdev->dev_flags); 3233 3233 + } 3234 3234 + 3235 3235 + change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 3236 3236 + 3237 3237 + err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev); 3238 3238 + if (err < 0) 3239 3239 + goto unlock; 3240 3240 + 3241 3241 + err = new_settings(hdev, sk); 3242 3242 + goto unlock; 3243 3243 + } 3244 3244 + 3245 3245 + /* Reject disabling when powered on */ 3246 3246 + if (!cp->val) { 3247 3247 + err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 3248 3248 + MGMT_STATUS_REJECTED); 3249 3249 + goto unlock; 3250 3250 + } 3251 3251 + 3252 3252 + if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) { 3253 3253 + err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR, 3254 3254 + MGMT_STATUS_BUSY); 3255 3255 + goto unlock; 3256 3256 + } 3257 3257 + 3258 3258 + cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len); 3259 3259 + if (!cmd) { 3260 3260 + err = -ENOMEM; 3261 3261 + goto unlock; 3262 3262 + } 3263 3263 + 3264 3264 + /* We need to flip the bit already here so that hci_update_ad 3265 3265 + * generates the correct flags. 3266 3266 + */ 3267 3267 + set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags); 3268 3268 + 3269 3269 + hci_req_init(&req, hdev); 3270 3270 + hci_update_ad(&req); 3271 3271 + err = hci_req_run(&req, set_bredr_complete); 3272 3272 + if (err < 0) 3273 3273 + mgmt_pending_remove(cmd); 3274 3274 + 3275 3275 + unlock: 3276 3276 + hci_dev_unlock(hdev); 3277 3277 + return err; 3278 3278 + } 3279 3279 + 3423 3280 static bool ltk_is_valid(struct mgmt_ltk_info *key) 3424 3281 { 3425 3282 if (key->authenticated != 0x00 && key->authenticated != 0x01) ··· 3552 3179 struct mgmt_cp_load_long_term_keys *cp = cp_data; 3553 3180 u16 key_count, expected_len; 3554 3181 int i, err; 3182 3182 + 3183 3183 + BT_DBG("request for %s", hdev->name); 3184 3184 + 3185 3185 + if (!lmp_le_capable(hdev)) 3186 3186 + return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 3187 3187 + MGMT_STATUS_NOT_SUPPORTED); 3555 3188 3556 3189 key_count = __le16_to_cpu(cp->key_count); 3557 3190 ··· 3655 3276 { block_device, false, MGMT_BLOCK_DEVICE_SIZE }, 3656 3277 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE }, 3657 3278 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE }, 3279 3279 + { set_advertising, false, MGMT_SETTING_SIZE }, 3280 3280 + { set_bredr, false, MGMT_SETTING_SIZE }, 3281 3281 + { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE }, 3658 3282 }; 3659 3283 3660 3284 ··· 3698 3316 if (index != MGMT_INDEX_NONE) { 3699 3317 hdev = hci_dev_get(index); 3700 3318 if (!hdev) { 3319 3319 + err = cmd_status(sk, index, opcode, 3320 3320 + MGMT_STATUS_INVALID_INDEX); 3321 3321 + goto done; 3322 3322 + } 3323 3323 + 3324 3324 + if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) { 3701 3325 err = cmd_status(sk, index, opcode, 3702 3326 MGMT_STATUS_INVALID_INDEX); 3703 3327 goto done; ··· 3753 3365 return err; 3754 3366 } 3755 3367 3756 3756 - static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 3757 3757 - { 3758 3758 - u8 *status = data; 3759 3759 - 3760 3760 - cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 3761 3761 - mgmt_pending_remove(cmd); 3762 3762 - } 3763 3763 - 3764 3368 int mgmt_index_added(struct hci_dev *hdev) 3765 3369 { 3766 3370 if (!mgmt_valid_hdev(hdev)) ··· 3771 3391 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 3772 3392 3773 3393 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 3774 3774 - } 3775 3775 - 3776 3776 - struct cmd_lookup { 3777 3777 - struct sock *sk; 3778 3778 - struct hci_dev *hdev; 3779 3779 - u8 mgmt_status; 3780 3780 - }; 3781 3781 - 3782 3782 - static void settings_rsp(struct pending_cmd *cmd, void *data) 3783 3783 - { 3784 3784 - struct cmd_lookup *match = data; 3785 3785 - 3786 3786 - send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 3787 3787 - 3788 3788 - list_del(&cmd->list); 3789 3789 - 3790 3790 - if (match->sk == NULL) { 3791 3791 - match->sk = cmd->sk; 3792 3792 - sock_hold(match->sk); 3793 3793 - } 3794 3794 - 3795 3795 - mgmt_pending_free(cmd); 3796 3394 } 3797 3395 3798 3396 static void set_bredr_scan(struct hci_request *req) ··· 3839 3481 cp.simul != lmp_host_le_br_capable(hdev)) 3840 3482 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, 3841 3483 sizeof(cp), &cp); 3484 3484 + 3485 3485 + /* In case BR/EDR was toggled during the AUTO_OFF phase */ 3486 3486 + hci_update_ad(&req); 3487 3487 + } 3488 3488 + 3489 3489 + if (lmp_le_capable(hdev)) { 3490 3490 + /* Set random address to static address if configured */ 3491 3491 + if (bacmp(&hdev->static_addr, BDADDR_ANY)) 3492 3492 + hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6, 3493 3493 + &hdev->static_addr); 3494 3494 + } 3495 3495 + 3496 3496 + if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) { 3497 3497 + u8 adv = 0x01; 3498 3498 + 3499 3499 + hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv); 3842 3500 } 3843 3501 3844 3502 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags); ··· 3863 3489 sizeof(link_sec), &link_sec); 3864 3490 3865 3491 if (lmp_bredr_capable(hdev)) { 3866 3866 - set_bredr_scan(&req); 3492 3492 + if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 3493 3493 + set_bredr_scan(&req); 3867 3494 update_class(&req); 3868 3495 update_name(&req); 3869 3496 update_eir(&req); ··· 4507 4132 return err; 4508 4133 } 4509 4134 4510 4510 - int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) 4511 4511 - { 4512 4512 - struct cmd_lookup match = { NULL, hdev }; 4513 4513 - bool changed = false; 4514 4514 - int err = 0; 4515 4515 - 4516 4516 - if (status) { 4517 4517 - u8 mgmt_err = mgmt_status(status); 4518 4518 - 4519 4519 - if (enable && test_and_clear_bit(HCI_LE_ENABLED, 4520 4520 - &hdev->dev_flags)) 4521 4521 - err = new_settings(hdev, NULL); 4522 4522 - 4523 4523 - mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, 4524 4524 - &mgmt_err); 4525 4525 - 4526 4526 - return err; 4527 4527 - } 4528 4528 - 4529 4529 - if (enable) { 4530 4530 - if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 4531 4531 - changed = true; 4532 4532 - } else { 4533 4533 - if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags)) 4534 4534 - changed = true; 4535 4535 - } 4536 4536 - 4537 4537 - mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); 4538 4538 - 4539 4539 - if (changed) 4540 4540 - err = new_settings(hdev, match.sk); 4541 4541 - 4542 4542 - if (match.sk) 4543 4543 - sock_put(match.sk); 4544 4544 - 4545 4545 - return err; 4546 4546 - } 4547 4547 - 4548 4135 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 4549 4136 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8 4550 4137 ssp, u8 *eir, u16 eir_len) ··· 4623 4286 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 4624 4287 cmd ? cmd->sk : NULL); 4625 4288 } 4626 4626 - 4627 4627 - module_param(enable_hs, bool, 0644); 4628 4628 - MODULE_PARM_DESC(enable_hs, "Enable High Speed support");

+6 -1

net/bluetooth/rfcomm/sock.c

reviewed

··· 544 544 struct sock *sk = sock->sk; 545 545 struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; 546 546 struct sk_buff *skb; 547 547 - int sent = 0; 547 547 + int sent; 548 548 549 549 if (test_bit(RFCOMM_DEFER_SETUP, &d->flags)) 550 550 return -ENOTCONN; ··· 558 558 BT_DBG("sock %p, sk %p", sock, sk); 559 559 560 560 lock_sock(sk); 561 561 + 562 562 + sent = bt_sock_wait_ready(sk, msg->msg_flags); 563 563 + if (sent) 564 564 + goto done; 561 565 562 566 while (len) { 563 567 size_t size = min_t(size_t, len, d->mtu); ··· 598 594 len -= size; 599 595 } 600 596 597 597 + done: 601 598 release_sock(sk); 602 599 603 600 return sent;

+2 -33

net/bluetooth/rfcomm/tty.c

reviewed

··· 569 569 static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) 570 570 { 571 571 struct rfcomm_dev *dev = dlc->owner; 572 572 - struct tty_struct *tty; 573 572 if (!dev) 574 573 return; 575 574 ··· 580 581 DPM_ORDER_DEV_AFTER_PARENT); 581 582 582 583 wake_up_interruptible(&dev->port.open_wait); 583 583 - } else if (dlc->state == BT_CLOSED) { 584 584 - tty = tty_port_tty_get(&dev->port); 585 585 - if (!tty) { 586 586 - if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { 587 587 - /* Drop DLC lock here to avoid deadlock 588 588 - * 1. rfcomm_dev_get will take rfcomm_dev_lock 589 589 - * but in rfcomm_dev_add there's lock order: 590 590 - * rfcomm_dev_lock -> dlc lock 591 591 - * 2. tty_port_put will deadlock if it's 592 592 - * the last reference 593 593 - * 594 594 - * FIXME: when we release the lock anything 595 595 - * could happen to dev, even its destruction 596 596 - */ 597 597 - rfcomm_dlc_unlock(dlc); 598 598 - if (rfcomm_dev_get(dev->id) == NULL) { 599 599 - rfcomm_dlc_lock(dlc); 600 600 - return; 601 601 - } 602 602 - 603 603 - if (!test_and_set_bit(RFCOMM_TTY_RELEASED, 604 604 - &dev->flags)) 605 605 - tty_port_put(&dev->port); 606 606 - 607 607 - tty_port_put(&dev->port); 608 608 - rfcomm_dlc_lock(dlc); 609 609 - } 610 610 - } else { 611 611 - tty_hangup(tty); 612 612 - tty_kref_put(tty); 613 613 - } 614 614 - } 584 584 + } else if (dlc->state == BT_CLOSED) 585 585 + tty_port_tty_hangup(&dev->port, false); 615 586 } 616 587 617 588 static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig)

+13 -2

net/bluetooth/smp.c

reviewed

··· 847 847 848 848 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) 849 849 { 850 850 - __u8 code = skb->data[0]; 851 851 - __u8 reason; 850 850 + struct hci_conn *hcon = conn->hcon; 851 851 + __u8 code, reason; 852 852 int err = 0; 853 853 + 854 854 + if (hcon->type != LE_LINK) { 855 855 + kfree_skb(skb); 856 856 + return -ENOTSUPP; 857 857 + } 858 858 + 859 859 + if (skb->len < 1) { 860 860 + kfree_skb(skb); 861 861 + return -EILSEQ; 862 862 + } 853 863 854 864 if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) { 855 865 err = -ENOTSUPP; ··· 867 857 goto done; 868 858 } 869 859 860 860 + code = skb->data[0]; 870 861 skb_pull(skb, sizeof(code)); 871 862 872 863 /*