tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Johan Hedberg says:
====================
pull request: bluetooth-next 2015-04-04
Here's what's probably the last bluetooth-next pull request for 4.1:
- Fixes for LE advertising data & advertising parameters
- Fix for race condition with HCI_RESET flag
- New BNEPGETSUPPFEAT ioctl, needed for certification
- New HCI request callback type to get the resulting skb
- Cleanups to use BIT() macro wherever possible
- Consolidate Broadcom device entries in the btusb HCI driver
- Check for valid flags in CMTP, HIDP & BNEP
- Disallow local privacy & OOB data combo to prevent a potential race
- Expose SMP & ECDH selftest results through debugfs
- Expose current Device ID info through debugfs
Please let me know if there are any issues pulling. Thanks.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
+576
-344
+4
-8
drivers/bluetooth/btusb.c
+4
-8
drivers/bluetooth/btusb.c
···
111
111
{ USB_DEVICE(0x0c10, 0x0000) },
112
112
113
113
/* Broadcom BCM20702A0 */
114
-
{ USB_DEVICE(0x0489, 0xe042) },
115
-
{ USB_DEVICE(0x04ca, 0x2003) },
116
-
{ USB_DEVICE(0x0b05, 0x17b5) },
117
-
{ USB_DEVICE(0x0b05, 0x17cb) },
118
114
{ USB_DEVICE(0x413c, 0x8197) },
119
-
{ USB_DEVICE(0x13d3, 0x3404),
120
-
.driver_info = BTUSB_BCM_PATCHRAM },
121
115
122
116
/* Broadcom BCM20702B0 (Dynex/Insignia) */
123
117
{ USB_DEVICE(0x19ff, 0x0239), .driver_info = BTUSB_BCM_PATCHRAM },
···
133
139
.driver_info = BTUSB_BCM_PATCHRAM },
134
140
135
141
/* Belkin F8065bf - Broadcom based */
136
-
{ USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
142
+
{ USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01),
143
+
.driver_info = BTUSB_BCM_PATCHRAM },
137
144
138
145
/* IMC Networks - Broadcom based */
139
-
{ USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01) },
146
+
{ USB_VENDOR_AND_INTERFACE_INFO(0x13d3, 0xff, 0x01, 0x01),
147
+
.driver_info = BTUSB_BCM_PATCHRAM },
140
148
141
149
/* Intel Bluetooth USB Bootloader (RAM module) */
142
150
{ USB_DEVICE(0x8087, 0x0a5a),
+1
-1
drivers/bluetooth/hci_ldisc.c
+1
-1
drivers/bluetooth/hci_ldisc.c
+2
fs/compat_ioctl.c
+2
fs/compat_ioctl.c
···
570
570
#define BNEPCONNDEL _IOW('B', 201, int)
571
571
#define BNEPGETCONNLIST _IOR('B', 210, int)
572
572
#define BNEPGETCONNINFO _IOR('B', 211, int)
573
+
#define BNEPGETSUPPFEAT _IOR('B', 212, int)
573
574
574
575
#define CMTPCONNADD _IOW('C', 200, int)
575
576
#define CMTPCONNDEL _IOW('C', 201, int)
···
1248
1247
COMPATIBLE_IOCTL(BNEPCONNDEL)
1249
1248
COMPATIBLE_IOCTL(BNEPGETCONNLIST)
1250
1249
COMPATIBLE_IOCTL(BNEPGETCONNINFO)
1250
+
COMPATIBLE_IOCTL(BNEPGETSUPPFEAT)
1251
1251
COMPATIBLE_IOCTL(CMTPCONNADD)
1252
1252
COMPATIBLE_IOCTL(CMTPCONNDEL)
1253
1253
COMPATIBLE_IOCTL(CMTPGETCONNLIST)
+16
-7
include/net/bluetooth/bluetooth.h
+16
-7
include/net/bluetooth/bluetooth.h
···
269
269
__u16 reqseq;
270
270
__u16 txseq;
271
271
__u8 retries;
272
+
__le16 psm;
273
+
bdaddr_t bdaddr;
274
+
struct l2cap_chan *chan;
272
275
};
273
276
274
277
struct hci_dev;
275
278
276
279
typedef void (*hci_req_complete_t)(struct hci_dev *hdev, u8 status, u16 opcode);
280
+
typedef void (*hci_req_complete_skb_t)(struct hci_dev *hdev, u8 status,
281
+
u16 opcode, struct sk_buff *skb);
282
+
283
+
struct req_ctrl {
284
+
bool start;
285
+
u8 event;
286
+
hci_req_complete_t complete;
287
+
hci_req_complete_skb_t complete_skb;
288
+
};
277
289
278
290
struct bt_skb_cb {
279
291
__u8 pkt_type;
···
293
281
__u16 opcode;
294
282
__u16 expect;
295
283
__u8 incoming:1;
296
-
__u8 req_start:1;
297
-
u8 req_event;
298
-
hci_req_complete_t req_complete;
299
-
struct l2cap_chan *chan;
300
-
struct l2cap_ctrl control;
301
-
bdaddr_t bdaddr;
302
-
__le16 psm;
284
+
union {
285
+
struct l2cap_ctrl l2cap;
286
+
struct req_ctrl req;
287
+
};
303
288
};
304
289
#define bt_cb(skb) ((struct bt_skb_cb *)((skb)->cb))
305
290
+1
-6
include/net/bluetooth/hci_core.h
+1
-6
include/net/bluetooth/hci_core.h
···
326
326
struct sk_buff_head raw_q;
327
327
struct sk_buff_head cmd_q;
328
328
329
-
struct sk_buff *recv_evt;
330
329
struct sk_buff *sent_cmd;
331
330
struct sk_buff *reassembly[NUM_REASSEMBLY];
332
331
···
333
334
wait_queue_head_t req_wait_q;
334
335
__u32 req_status;
335
336
__u32 req_result;
337
+
struct sk_buff *req_skb;
336
338
337
339
void *smp_data;
338
340
void *smp_bredr_data;
···
1284
1284
int hci_register_cb(struct hci_cb *hcb);
1285
1285
int hci_unregister_cb(struct hci_cb *hcb);
1286
1286
1287
-
bool hci_req_pending(struct hci_dev *hdev);
1288
-
1289
1287
struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1290
1288
const void *param, u32 timeout);
1291
1289
struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
···
1391
1393
void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
1392
1394
u8 status);
1393
1395
void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status);
1394
-
void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
1395
-
u8 *rand192, u8 *hash256, u8 *rand256,
1396
-
u8 status);
1397
1396
void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
1398
1397
u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
1399
1398
u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len);
+4
net/bluetooth/bnep/bnep.h
+4
net/bluetooth/bnep/bnep.h
···
111
111
#define BNEPCONNDEL _IOW('B', 201, int)
112
112
#define BNEPGETCONNLIST _IOR('B', 210, int)
113
113
#define BNEPGETCONNINFO _IOR('B', 211, int)
114
+
#define BNEPGETSUPPFEAT _IOR('B', 212, int)
115
+
116
+
#define BNEP_SETUP_RESPONSE 0
117
+
#define BNEP_SETUP_RSP_SENT 10
114
118
115
119
struct bnep_connadd_req {
116
120
int sock; /* Connected socket */
+59
-15
net/bluetooth/bnep/core.c
+59
-15
net/bluetooth/bnep/core.c
···
231
231
break;
232
232
233
233
case BNEP_SETUP_CONN_REQ:
234
-
err = bnep_send_rsp(s, BNEP_SETUP_CONN_RSP, BNEP_CONN_NOT_ALLOWED);
234
+
/* Successful response should be sent only once */
235
+
if (test_bit(BNEP_SETUP_RESPONSE, &s->flags) &&
236
+
!test_and_set_bit(BNEP_SETUP_RSP_SENT, &s->flags))
237
+
err = bnep_send_rsp(s, BNEP_SETUP_CONN_RSP,
238
+
BNEP_SUCCESS);
239
+
else
240
+
err = bnep_send_rsp(s, BNEP_SETUP_CONN_RSP,
241
+
BNEP_CONN_NOT_ALLOWED);
235
242
break;
236
243
237
244
default: {
···
246
239
pkt[0] = BNEP_CONTROL;
247
240
pkt[1] = BNEP_CMD_NOT_UNDERSTOOD;
248
241
pkt[2] = cmd;
249
-
bnep_send(s, pkt, sizeof(pkt));
242
+
err = bnep_send(s, pkt, sizeof(pkt));
250
243
}
251
244
break;
252
245
}
···
299
292
{
300
293
struct net_device *dev = s->dev;
301
294
struct sk_buff *nskb;
302
-
u8 type;
295
+
u8 type, ctrl_type;
303
296
304
297
dev->stats.rx_bytes += skb->len;
305
298
306
299
type = *(u8 *) skb->data;
307
300
skb_pull(skb, 1);
301
+
ctrl_type = *(u8 *)skb->data;
308
302
309
303
if ((type & BNEP_TYPE_MASK) >= sizeof(__bnep_rx_hlen))
310
304
goto badframe;
311
305
312
306
if ((type & BNEP_TYPE_MASK) == BNEP_CONTROL) {
313
-
bnep_rx_control(s, skb->data, skb->len);
314
-
kfree_skb(skb);
315
-
return 0;
307
+
if (bnep_rx_control(s, skb->data, skb->len) < 0) {
308
+
dev->stats.tx_errors++;
309
+
kfree_skb(skb);
310
+
return 0;
311
+
}
312
+
313
+
if (!(type & BNEP_EXT_HEADER)) {
314
+
kfree_skb(skb);
315
+
return 0;
316
+
}
317
+
318
+
/* Verify and pull ctrl message since it's already processed */
319
+
switch (ctrl_type) {
320
+
case BNEP_SETUP_CONN_REQ:
321
+
/* Pull: ctrl type (1 b), len (1 b), data (len bytes) */
322
+
if (!skb_pull(skb, 2 + *(u8 *)(skb->data + 1) * 2))
323
+
goto badframe;
324
+
break;
325
+
case BNEP_FILTER_MULTI_ADDR_SET:
326
+
case BNEP_FILTER_NET_TYPE_SET:
327
+
/* Pull: ctrl type (1 b), len (2 b), data (len bytes) */
328
+
if (!skb_pull(skb, 3 + *(u16 *)(skb->data + 1) * 2))
329
+
goto badframe;
330
+
break;
331
+
default:
332
+
kfree_skb(skb);
333
+
return 0;
334
+
}
335
+
} else {
336
+
skb_reset_mac_header(skb);
337
+
338
+
/* Verify and pull out header */
339
+
if (!skb_pull(skb, __bnep_rx_hlen[type & BNEP_TYPE_MASK]))
340
+
goto badframe;
341
+
342
+
s->eh.h_proto = get_unaligned((__be16 *) (skb->data - 2));
316
343
}
317
-
318
-
skb_reset_mac_header(skb);
319
-
320
-
/* Verify and pull out header */
321
-
if (!skb_pull(skb, __bnep_rx_hlen[type & BNEP_TYPE_MASK]))
322
-
goto badframe;
323
-
324
-
s->eh.h_proto = get_unaligned((__be16 *) (skb->data - 2));
325
344
326
345
if (type & BNEP_EXT_HEADER) {
327
346
if (bnep_rx_extension(s, skb) < 0)
···
558
525
559
526
int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
560
527
{
528
+
u32 valid_flags = BIT(BNEP_SETUP_RESPONSE);
561
529
struct net_device *dev;
562
530
struct bnep_session *s, *ss;
563
531
u8 dst[ETH_ALEN], src[ETH_ALEN];
···
568
534
569
535
if (!l2cap_is_socket(sock))
570
536
return -EBADFD;
537
+
538
+
if (req->flags & ~valid_flags)
539
+
return -EINVAL;
571
540
572
541
baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
573
542
baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
···
603
566
s->sock = sock;
604
567
s->role = req->role;
605
568
s->state = BT_CONNECTED;
569
+
s->flags = req->flags;
606
570
607
571
s->msg.msg_flags = MSG_NOSIGNAL;
608
572
···
649
611
650
612
int bnep_del_connection(struct bnep_conndel_req *req)
651
613
{
614
+
u32 valid_flags = 0;
652
615
struct bnep_session *s;
653
616
int err = 0;
654
617
655
618
BT_DBG("");
619
+
620
+
if (req->flags & ~valid_flags)
621
+
return -EINVAL;
656
622
657
623
down_read(&bnep_session_sem);
658
624
···
673
631
674
632
static void __bnep_copy_ci(struct bnep_conninfo *ci, struct bnep_session *s)
675
633
{
634
+
u32 valid_flags = BIT(BNEP_SETUP_RESPONSE);
635
+
676
636
memset(ci, 0, sizeof(*ci));
677
637
memcpy(ci->dst, s->eh.h_source, ETH_ALEN);
678
638
strcpy(ci->device, s->dev->name);
679
-
ci->flags = s->flags;
639
+
ci->flags = s->flags & valid_flags;
680
640
ci->state = s->state;
681
641
ci->role = s->role;
682
642
}
+7
net/bluetooth/bnep/sock.c
+7
net/bluetooth/bnep/sock.c
···
57
57
struct bnep_conninfo ci;
58
58
struct socket *nsock;
59
59
void __user *argp = (void __user *)arg;
60
+
__u32 supp_feat = BIT(BNEP_SETUP_RESPONSE);
60
61
int err;
61
62
62
63
BT_DBG("cmd %x arg %lx", cmd, arg);
···
120
119
return -EFAULT;
121
120
122
121
return err;
122
+
123
+
case BNEPGETSUPPFEAT:
124
+
if (copy_to_user(argp, &supp_feat, sizeof(supp_feat)))
125
+
return -EFAULT;
126
+
127
+
return 0;
123
128
124
129
default:
125
130
return -EINVAL;
+1
-1
net/bluetooth/cmtp/capi.c
+1
-1
net/bluetooth/cmtp/capi.c
+12
-3
net/bluetooth/cmtp/core.c
+12
-3
net/bluetooth/cmtp/core.c
···
75
75
76
76
static void __cmtp_copy_session(struct cmtp_session *session, struct cmtp_conninfo *ci)
77
77
{
78
+
u32 valid_flags = BIT(CMTP_LOOPBACK);
78
79
memset(ci, 0, sizeof(*ci));
79
80
bacpy(&ci->bdaddr, &session->bdaddr);
80
81
81
-
ci->flags = session->flags;
82
+
ci->flags = session->flags & valid_flags;
82
83
ci->state = session->state;
83
84
84
85
ci->num = session->num;
···
314
313
315
314
down_write(&cmtp_session_sem);
316
315
317
-
if (!(session->flags & (1 << CMTP_LOOPBACK)))
316
+
if (!(session->flags & BIT(CMTP_LOOPBACK)))
318
317
cmtp_detach_device(session);
319
318
320
319
fput(session->sock->file);
···
330
329
331
330
int cmtp_add_connection(struct cmtp_connadd_req *req, struct socket *sock)
332
331
{
332
+
u32 valid_flags = BIT(CMTP_LOOPBACK);
333
333
struct cmtp_session *session, *s;
334
334
int i, err;
335
335
···
338
336
339
337
if (!l2cap_is_socket(sock))
340
338
return -EBADFD;
339
+
340
+
if (req->flags & ~valid_flags)
341
+
return -EINVAL;
341
342
342
343
session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
343
344
if (!session)
···
390
385
goto unlink;
391
386
}
392
387
393
-
if (!(session->flags & (1 << CMTP_LOOPBACK))) {
388
+
if (!(session->flags & BIT(CMTP_LOOPBACK))) {
394
389
err = cmtp_attach_device(session);
395
390
if (err < 0) {
396
391
atomic_inc(&session->terminate);
···
414
409
415
410
int cmtp_del_connection(struct cmtp_conndel_req *req)
416
411
{
412
+
u32 valid_flags = 0;
417
413
struct cmtp_session *session;
418
414
int err = 0;
419
415
420
416
BT_DBG("");
417
+
418
+
if (req->flags & ~valid_flags)
419
+
return -EINVAL;
421
420
422
421
down_read(&cmtp_session_sem);
423
422
+31
-89
net/bluetooth/hci_core.c
+31
-89
net/bluetooth/hci_core.c
···
141
141
142
142
/* ---- HCI requests ---- */
143
143
144
-
static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode)
144
+
static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
145
+
struct sk_buff *skb)
145
146
{
146
147
BT_DBG("%s result 0x%2.2x", hdev->name, result);
147
148
148
149
if (hdev->req_status == HCI_REQ_PEND) {
149
150
hdev->req_result = result;
150
151
hdev->req_status = HCI_REQ_DONE;
152
+
if (skb)
153
+
hdev->req_skb = skb_get(skb);
151
154
wake_up_interruptible(&hdev->req_wait_q);
152
155
}
153
156
}
···
166
163
}
167
164
}
168
165
169
-
static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
170
-
u8 event)
171
-
{
172
-
struct hci_ev_cmd_complete *ev;
173
-
struct hci_event_hdr *hdr;
174
-
struct sk_buff *skb;
175
-
176
-
hci_dev_lock(hdev);
177
-
178
-
skb = hdev->recv_evt;
179
-
hdev->recv_evt = NULL;
180
-
181
-
hci_dev_unlock(hdev);
182
-
183
-
if (!skb)
184
-
return ERR_PTR(-ENODATA);
185
-
186
-
if (skb->len < sizeof(*hdr)) {
187
-
BT_ERR("Too short HCI event");
188
-
goto failed;
189
-
}
190
-
191
-
hdr = (void *) skb->data;
192
-
skb_pull(skb, HCI_EVENT_HDR_SIZE);
193
-
194
-
if (event) {
195
-
if (hdr->evt != event)
196
-
goto failed;
197
-
return skb;
198
-
}
199
-
200
-
if (hdr->evt != HCI_EV_CMD_COMPLETE) {
201
-
BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
202
-
goto failed;
203
-
}
204
-
205
-
if (skb->len < sizeof(*ev)) {
206
-
BT_ERR("Too short cmd_complete event");
207
-
goto failed;
208
-
}
209
-
210
-
ev = (void *) skb->data;
211
-
skb_pull(skb, sizeof(*ev));
212
-
213
-
if (opcode == __le16_to_cpu(ev->opcode))
214
-
return skb;
215
-
216
-
BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
217
-
__le16_to_cpu(ev->opcode));
218
-
219
-
failed:
220
-
kfree_skb(skb);
221
-
return ERR_PTR(-ENODATA);
222
-
}
223
-
224
166
struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
225
167
const void *param, u8 event, u32 timeout)
226
168
{
227
169
DECLARE_WAITQUEUE(wait, current);
228
170
struct hci_request req;
171
+
struct sk_buff *skb;
229
172
int err = 0;
230
173
231
174
BT_DBG("%s", hdev->name);
···
185
236
add_wait_queue(&hdev->req_wait_q, &wait);
186
237
set_current_state(TASK_INTERRUPTIBLE);
187
238
188
-
err = hci_req_run(&req, hci_req_sync_complete);
239
+
err = hci_req_run_skb(&req, hci_req_sync_complete);
189
240
if (err < 0) {
190
241
remove_wait_queue(&hdev->req_wait_q, &wait);
191
242
set_current_state(TASK_RUNNING);
···
214
265
}
215
266
216
267
hdev->req_status = hdev->req_result = 0;
268
+
skb = hdev->req_skb;
269
+
hdev->req_skb = NULL;
217
270
218
271
BT_DBG("%s end: err %d", hdev->name, err);
219
272
220
-
if (err < 0)
273
+
if (err < 0) {
274
+
kfree_skb(skb);
221
275
return ERR_PTR(err);
276
+
}
222
277
223
-
return hci_get_cmd_complete(hdev, opcode, event);
278
+
if (!skb)
279
+
return ERR_PTR(-ENODATA);
280
+
281
+
return skb;
224
282
}
225
283
EXPORT_SYMBOL(__hci_cmd_sync_ev);
226
284
···
259
303
add_wait_queue(&hdev->req_wait_q, &wait);
260
304
set_current_state(TASK_INTERRUPTIBLE);
261
305
262
-
err = hci_req_run(&req, hci_req_sync_complete);
306
+
err = hci_req_run_skb(&req, hci_req_sync_complete);
263
307
if (err < 0) {
264
308
hdev->req_status = 0;
265
309
···
1645
1689
kfree_skb(hdev->sent_cmd);
1646
1690
hdev->sent_cmd = NULL;
1647
1691
}
1648
-
1649
-
kfree_skb(hdev->recv_evt);
1650
-
hdev->recv_evt = NULL;
1651
1692
1652
1693
/* After this point our queues are empty
1653
1694
* and no tasks are scheduled. */
···
3516
3563
}
3517
3564
}
3518
3565
3519
-
bool hci_req_pending(struct hci_dev *hdev)
3520
-
{
3521
-
return (hdev->req_status == HCI_REQ_PEND);
3522
-
}
3523
-
3524
3566
/* Send HCI command */
3525
3567
int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3526
3568
const void *param)
···
3533
3585
/* Stand-alone HCI commands must be flagged as
3534
3586
* single-command requests.
3535
3587
*/
3536
-
bt_cb(skb)->req_start = 1;
3588
+
bt_cb(skb)->req.start = true;
3537
3589
3538
3590
skb_queue_tail(&hdev->cmd_q, skb);
3539
3591
queue_work(hdev->workqueue, &hdev->cmd_work);
···
4211
4263
if (!skb)
4212
4264
return true;
4213
4265
4214
-
return bt_cb(skb)->req_start;
4266
+
return bt_cb(skb)->req.start;
4215
4267
}
4216
4268
4217
4269
static void hci_resend_last(struct hci_dev *hdev)
···
4236
4288
queue_work(hdev->workqueue, &hdev->cmd_work);
4237
4289
}
4238
4290
4239
-
void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
4291
+
void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4292
+
hci_req_complete_t *req_complete,
4293
+
hci_req_complete_skb_t *req_complete_skb)
4240
4294
{
4241
-
hci_req_complete_t req_complete = NULL;
4242
4295
struct sk_buff *skb;
4243
4296
unsigned long flags;
4244
4297
···
4271
4322
* callback would be found in hdev->sent_cmd instead of the
4272
4323
* command queue (hdev->cmd_q).
4273
4324
*/
4274
-
if (hdev->sent_cmd) {
4275
-
req_complete = bt_cb(hdev->sent_cmd)->req_complete;
4325
+
if (bt_cb(hdev->sent_cmd)->req.complete) {
4326
+
*req_complete = bt_cb(hdev->sent_cmd)->req.complete;
4327
+
return;
4328
+
}
4276
4329
4277
-
if (req_complete) {
4278
-
/* We must set the complete callback to NULL to
4279
-
* avoid calling the callback more than once if
4280
-
* this function gets called again.
4281
-
*/
4282
-
bt_cb(hdev->sent_cmd)->req_complete = NULL;
4283
-
4284
-
goto call_complete;
4285
-
}
4330
+
if (bt_cb(hdev->sent_cmd)->req.complete_skb) {
4331
+
*req_complete_skb = bt_cb(hdev->sent_cmd)->req.complete_skb;
4332
+
return;
4286
4333
}
4287
4334
4288
4335
/* Remove all pending commands belonging to this request */
4289
4336
spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4290
4337
while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4291
-
if (bt_cb(skb)->req_start) {
4338
+
if (bt_cb(skb)->req.start) {
4292
4339
__skb_queue_head(&hdev->cmd_q, skb);
4293
4340
break;
4294
4341
}
4295
4342
4296
-
req_complete = bt_cb(skb)->req_complete;
4343
+
*req_complete = bt_cb(skb)->req.complete;
4344
+
*req_complete_skb = bt_cb(skb)->req.complete_skb;
4297
4345
kfree_skb(skb);
4298
4346
}
4299
4347
spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4300
-
4301
-
call_complete:
4302
-
if (req_complete)
4303
-
req_complete(hdev, status, status ? opcode : HCI_OP_NOP);
4304
4348
}
4305
4349
4306
4350
static void hci_rx_work(struct work_struct *work)
+26
net/bluetooth/hci_debugfs.c
+26
net/bluetooth/hci_debugfs.c
···
114
114
.release = single_release,
115
115
};
116
116
117
+
static int device_id_show(struct seq_file *f, void *ptr)
118
+
{
119
+
struct hci_dev *hdev = f->private;
120
+
121
+
hci_dev_lock(hdev);
122
+
seq_printf(f, "%4.4x:%4.4x:%4.4x:%4.4x\n", hdev->devid_source,
123
+
hdev->devid_vendor, hdev->devid_product, hdev->devid_version);
124
+
hci_dev_unlock(hdev);
125
+
126
+
return 0;
127
+
}
128
+
129
+
static int device_id_open(struct inode *inode, struct file *file)
130
+
{
131
+
return single_open(file, device_id_show, inode->i_private);
132
+
}
133
+
134
+
static const struct file_operations device_id_fops = {
135
+
.open = device_id_open,
136
+
.read = seq_read,
137
+
.llseek = seq_lseek,
138
+
.release = single_release,
139
+
};
140
+
117
141
static int device_list_show(struct seq_file *f, void *ptr)
118
142
{
119
143
struct hci_dev *hdev = f->private;
···
359
335
debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
360
336
debugfs_create_u8("hardware_error", 0444, hdev->debugfs,
361
337
&hdev->hw_error_code);
338
+
debugfs_create_file("device_id", 0444, hdev->debugfs, hdev,
339
+
&device_id_fops);
362
340
363
341
debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
364
342
&device_list_fops);
+120
-59
net/bluetooth/hci_event.c
+120
-59
net/bluetooth/hci_event.c
···
1045
1045
struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1046
1046
1047
1047
BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1048
-
1049
-
hci_dev_lock(hdev);
1050
-
mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
1051
-
rp->status);
1052
-
hci_dev_unlock(hdev);
1053
1048
}
1054
1049
1055
1050
static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
···
1053
1058
struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
1054
1059
1055
1060
BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1056
-
1057
-
hci_dev_lock(hdev);
1058
-
mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
1059
-
rp->hash256, rp->rand256,
1060
-
rp->status);
1061
-
hci_dev_unlock(hdev);
1062
1061
}
1063
-
1064
1062
1065
1063
static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1066
1064
{
···
2720
2732
hci_dev_unlock(hdev);
2721
2733
}
2722
2734
2723
-
static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2735
+
static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
2736
+
u16 *opcode, u8 *status,
2737
+
hci_req_complete_t *req_complete,
2738
+
hci_req_complete_skb_t *req_complete_skb)
2724
2739
{
2725
2740
struct hci_ev_cmd_complete *ev = (void *) skb->data;
2726
-
u8 status = skb->data[sizeof(*ev)];
2727
-
__u16 opcode;
2741
+
2742
+
*opcode = __le16_to_cpu(ev->opcode);
2743
+
*status = skb->data[sizeof(*ev)];
2728
2744
2729
2745
skb_pull(skb, sizeof(*ev));
2730
2746
2731
-
opcode = __le16_to_cpu(ev->opcode);
2732
-
2733
-
switch (opcode) {
2747
+
switch (*opcode) {
2734
2748
case HCI_OP_INQUIRY_CANCEL:
2735
2749
hci_cc_inquiry_cancel(hdev, skb);
2736
2750
break;
···
3010
3020
break;
3011
3021
3012
3022
default:
3013
-
BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3023
+
BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3014
3024
break;
3015
3025
}
3016
3026
3017
-
if (opcode != HCI_OP_NOP)
3027
+
if (*opcode != HCI_OP_NOP)
3018
3028
cancel_delayed_work(&hdev->cmd_timer);
3019
3029
3020
-
hci_req_cmd_complete(hdev, opcode, status);
3021
-
3022
-
if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3030
+
if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3023
3031
atomic_set(&hdev->cmd_cnt, 1);
3024
-
if (!skb_queue_empty(&hdev->cmd_q))
3025
-
queue_work(hdev->workqueue, &hdev->cmd_work);
3026
-
}
3032
+
3033
+
hci_req_cmd_complete(hdev, *opcode, *status, req_complete,
3034
+
req_complete_skb);
3035
+
3036
+
if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3037
+
queue_work(hdev->workqueue, &hdev->cmd_work);
3027
3038
}
3028
3039
3029
-
static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
3040
+
static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3041
+
u16 *opcode, u8 *status,
3042
+
hci_req_complete_t *req_complete,
3043
+
hci_req_complete_skb_t *req_complete_skb)
3030
3044
{
3031
3045
struct hci_ev_cmd_status *ev = (void *) skb->data;
3032
-
__u16 opcode;
3033
3046
3034
3047
skb_pull(skb, sizeof(*ev));
3035
3048
3036
-
opcode = __le16_to_cpu(ev->opcode);
3049
+
*opcode = __le16_to_cpu(ev->opcode);
3050
+
*status = ev->status;
3037
3051
3038
-
switch (opcode) {
3052
+
switch (*opcode) {
3039
3053
case HCI_OP_INQUIRY:
3040
3054
hci_cs_inquiry(hdev, ev->status);
3041
3055
break;
···
3109
3115
break;
3110
3116
3111
3117
default:
3112
-
BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3118
+
BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3113
3119
break;
3114
3120
}
3115
3121
3116
-
if (opcode != HCI_OP_NOP)
3122
+
if (*opcode != HCI_OP_NOP)
3117
3123
cancel_delayed_work(&hdev->cmd_timer);
3118
3124
3119
-
if (ev->status ||
3120
-
(hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req_event))
3121
-
hci_req_cmd_complete(hdev, opcode, ev->status);
3122
-
3123
-
if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
3125
+
if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags))
3124
3126
atomic_set(&hdev->cmd_cnt, 1);
3125
-
if (!skb_queue_empty(&hdev->cmd_q))
3126
-
queue_work(hdev->workqueue, &hdev->cmd_work);
3127
-
}
3127
+
3128
+
/* Indicate request completion if the command failed. Also, if
3129
+
* we're not waiting for a special event and we get a success
3130
+
* command status we should try to flag the request as completed
3131
+
* (since for this kind of commands there will not be a command
3132
+
* complete event).
3133
+
*/
3134
+
if (ev->status ||
3135
+
(hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
3136
+
hci_req_cmd_complete(hdev, *opcode, ev->status, req_complete,
3137
+
req_complete_skb);
3138
+
3139
+
if (atomic_read(&hdev->cmd_cnt) && !skb_queue_empty(&hdev->cmd_q))
3140
+
queue_work(hdev->workqueue, &hdev->cmd_work);
3128
3141
}
3129
3142
3130
3143
static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
···
5032
5031
amp_read_loc_assoc_final_data(hdev, hcon);
5033
5032
}
5034
5033
5034
+
static bool hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
5035
+
u8 event, struct sk_buff *skb)
5036
+
{
5037
+
struct hci_ev_cmd_complete *ev;
5038
+
struct hci_event_hdr *hdr;
5039
+
5040
+
if (!skb)
5041
+
return false;
5042
+
5043
+
if (skb->len < sizeof(*hdr)) {
5044
+
BT_ERR("Too short HCI event");
5045
+
return false;
5046
+
}
5047
+
5048
+
hdr = (void *) skb->data;
5049
+
skb_pull(skb, HCI_EVENT_HDR_SIZE);
5050
+
5051
+
if (event) {
5052
+
if (hdr->evt != event)
5053
+
return false;
5054
+
return true;
5055
+
}
5056
+
5057
+
if (hdr->evt != HCI_EV_CMD_COMPLETE) {
5058
+
BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
5059
+
return false;
5060
+
}
5061
+
5062
+
if (skb->len < sizeof(*ev)) {
5063
+
BT_ERR("Too short cmd_complete event");
5064
+
return false;
5065
+
}
5066
+
5067
+
ev = (void *) skb->data;
5068
+
skb_pull(skb, sizeof(*ev));
5069
+
5070
+
if (opcode != __le16_to_cpu(ev->opcode)) {
5071
+
BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
5072
+
__le16_to_cpu(ev->opcode));
5073
+
return false;
5074
+
}
5075
+
5076
+
return true;
5077
+
}
5078
+
5035
5079
void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
5036
5080
{
5037
5081
struct hci_event_hdr *hdr = (void *) skb->data;
5038
-
__u8 event = hdr->evt;
5082
+
hci_req_complete_t req_complete = NULL;
5083
+
hci_req_complete_skb_t req_complete_skb = NULL;
5084
+
struct sk_buff *orig_skb = NULL;
5085
+
u8 status = 0, event = hdr->evt, req_evt = 0;
5086
+
u16 opcode = HCI_OP_NOP;
5039
5087
5040
-
hci_dev_lock(hdev);
5041
-
5042
-
/* Received events are (currently) only needed when a request is
5043
-
* ongoing so avoid unnecessary memory allocation.
5044
-
*/
5045
-
if (hci_req_pending(hdev)) {
5046
-
kfree_skb(hdev->recv_evt);
5047
-
hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
5088
+
if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
5089
+
struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5090
+
opcode = __le16_to_cpu(cmd_hdr->opcode);
5091
+
hci_req_cmd_complete(hdev, opcode, status, &req_complete,
5092
+
&req_complete_skb);
5093
+
req_evt = event;
5048
5094
}
5049
5095
5050
-
hci_dev_unlock(hdev);
5096
+
/* If it looks like we might end up having to call
5097
+
* req_complete_skb, store a pristine copy of the skb since the
5098
+
* various handlers may modify the original one through
5099
+
* skb_pull() calls, etc.
5100
+
*/
5101
+
if (req_complete_skb || event == HCI_EV_CMD_STATUS ||
5102
+
event == HCI_EV_CMD_COMPLETE)
5103
+
orig_skb = skb_clone(skb, GFP_KERNEL);
5051
5104
5052
5105
skb_pull(skb, HCI_EVENT_HDR_SIZE);
5053
-
5054
-
if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req_event == event) {
5055
-
struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
5056
-
u16 opcode = __le16_to_cpu(cmd_hdr->opcode);
5057
-
5058
-
hci_req_cmd_complete(hdev, opcode, 0);
5059
-
}
5060
5106
5061
5107
switch (event) {
5062
5108
case HCI_EV_INQUIRY_COMPLETE:
···
5147
5099
break;
5148
5100
5149
5101
case HCI_EV_CMD_COMPLETE:
5150
-
hci_cmd_complete_evt(hdev, skb);
5102
+
hci_cmd_complete_evt(hdev, skb, &opcode, &status,
5103
+
&req_complete, &req_complete_skb);
5151
5104
break;
5152
5105
5153
5106
case HCI_EV_CMD_STATUS:
5154
-
hci_cmd_status_evt(hdev, skb);
5107
+
hci_cmd_status_evt(hdev, skb, &opcode, &status, &req_complete,
5108
+
&req_complete_skb);
5155
5109
break;
5156
5110
5157
5111
case HCI_EV_HARDWARE_ERROR:
···
5285
5235
break;
5286
5236
}
5287
5237
5238
+
if (req_complete) {
5239
+
req_complete(hdev, status, opcode);
5240
+
} else if (req_complete_skb) {
5241
+
if (!hci_get_cmd_complete(hdev, opcode, req_evt, orig_skb)) {
5242
+
kfree_skb(orig_skb);
5243
+
orig_skb = NULL;
5244
+
}
5245
+
req_complete_skb(hdev, status, opcode, orig_skb);
5246
+
}
5247
+
5248
+
kfree_skb(orig_skb);
5288
5249
kfree_skb(skb);
5289
5250
hdev->stat.evt_rx++;
5290
5251
}
+16
-4
net/bluetooth/hci_request.c
+16
-4
net/bluetooth/hci_request.c
···
34
34
req->err = 0;
35
35
}
36
36
37
-
int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
37
+
static int req_run(struct hci_request *req, hci_req_complete_t complete,
38
+
hci_req_complete_skb_t complete_skb)
38
39
{
39
40
struct hci_dev *hdev = req->hdev;
40
41
struct sk_buff *skb;
···
56
55
return -ENODATA;
57
56
58
57
skb = skb_peek_tail(&req->cmd_q);
59
-
bt_cb(skb)->req_complete = complete;
58
+
bt_cb(skb)->req.complete = complete;
59
+
bt_cb(skb)->req.complete_skb = complete_skb;
60
60
61
61
spin_lock_irqsave(&hdev->cmd_q.lock, flags);
62
62
skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
···
66
64
queue_work(hdev->workqueue, &hdev->cmd_work);
67
65
68
66
return 0;
67
+
}
68
+
69
+
int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
70
+
{
71
+
return req_run(req, complete, NULL);
72
+
}
73
+
74
+
int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete)
75
+
{
76
+
return req_run(req, NULL, complete);
69
77
}
70
78
71
79
struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
···
128
116
}
129
117
130
118
if (skb_queue_empty(&req->cmd_q))
131
-
bt_cb(skb)->req_start = 1;
119
+
bt_cb(skb)->req.start = true;
132
120
133
-
bt_cb(skb)->req_event = event;
121
+
bt_cb(skb)->req.event = event;
134
122
135
123
skb_queue_tail(&req->cmd_q, skb);
136
124
}
+4
-1
net/bluetooth/hci_request.h
+4
-1
net/bluetooth/hci_request.h
···
32
32
33
33
void hci_req_init(struct hci_request *req, struct hci_dev *hdev);
34
34
int hci_req_run(struct hci_request *req, hci_req_complete_t complete);
35
+
int hci_req_run_skb(struct hci_request *req, hci_req_complete_skb_t complete);
35
36
void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
36
37
const void *param);
37
38
void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
38
39
const void *param, u8 event);
39
-
void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status);
40
+
void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
41
+
hci_req_complete_t *req_complete,
42
+
hci_req_complete_skb_t *req_complete_skb);
40
43
41
44
struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode, u32 plen,
42
45
const void *param);
+1
-1
net/bluetooth/hci_sock.c
+1
-1
net/bluetooth/hci_sock.c
+12
-3
net/bluetooth/hidp/core.c
+12
-3
net/bluetooth/hidp/core.c
···
70
70
71
71
static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
72
72
{
73
+
u32 valid_flags = 0;
73
74
memset(ci, 0, sizeof(*ci));
74
75
bacpy(&ci->bdaddr, &session->bdaddr);
75
76
76
-
ci->flags = session->flags;
77
+
ci->flags = session->flags & valid_flags;
77
78
ci->state = BT_CONNECTED;
78
79
79
80
if (session->input) {
···
908
907
kref_init(&session->ref);
909
908
atomic_set(&session->state, HIDP_SESSION_IDLING);
910
909
init_waitqueue_head(&session->state_queue);
911
-
session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
910
+
session->flags = req->flags & BIT(HIDP_BLUETOOTH_VENDOR_ID);
912
911
913
912
/* connection management */
914
913
bacpy(&session->bdaddr, bdaddr);
···
1313
1312
struct socket *ctrl_sock,
1314
1313
struct socket *intr_sock)
1315
1314
{
1315
+
u32 valid_flags = 0;
1316
1316
struct hidp_session *session;
1317
1317
struct l2cap_conn *conn;
1318
1318
struct l2cap_chan *chan;
···
1322
1320
ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1323
1321
if (ret)
1324
1322
return ret;
1323
+
1324
+
if (req->flags & ~valid_flags)
1325
+
return -EINVAL;
1325
1326
1326
1327
chan = l2cap_pi(ctrl_sock->sk)->chan;
1327
1328
conn = NULL;
···
1356
1351
1357
1352
int hidp_connection_del(struct hidp_conndel_req *req)
1358
1353
{
1354
+
u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG);
1359
1355
struct hidp_session *session;
1356
+
1357
+
if (req->flags & ~valid_flags)
1358
+
return -EINVAL;
1360
1359
1361
1360
session = hidp_session_find(&req->bdaddr);
1362
1361
if (!session)
1363
1362
return -ENOENT;
1364
1363
1365
-
if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1364
+
if (req->flags & BIT(HIDP_VIRTUAL_CABLE_UNPLUG))
1366
1365
hidp_send_ctrl_message(session,
1367
1366
HIDP_TRANS_HID_CONTROL |
1368
1367
HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
+24
-24
net/bluetooth/l2cap_core.c
+24
-24
net/bluetooth/l2cap_core.c
···
292
292
struct sk_buff *skb;
293
293
294
294
skb_queue_walk(head, skb) {
295
-
if (bt_cb(skb)->control.txseq == seq)
295
+
if (bt_cb(skb)->l2cap.txseq == seq)
296
296
return skb;
297
297
}
298
298
···
954
954
{
955
955
if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
956
956
__unpack_extended_control(get_unaligned_le32(skb->data),
957
-
&bt_cb(skb)->control);
957
+
&bt_cb(skb)->l2cap);
958
958
skb_pull(skb, L2CAP_EXT_CTRL_SIZE);
959
959
} else {
960
960
__unpack_enhanced_control(get_unaligned_le16(skb->data),
961
-
&bt_cb(skb)->control);
961
+
&bt_cb(skb)->l2cap);
962
962
skb_pull(skb, L2CAP_ENH_CTRL_SIZE);
963
963
}
964
964
}
···
1200
1200
1201
1201
chan->retry_count = 0;
1202
1202
skb_queue_walk(&chan->tx_q, skb) {
1203
-
if (bt_cb(skb)->control.retries)
1204
-
bt_cb(skb)->control.retries = 1;
1203
+
if (bt_cb(skb)->l2cap.retries)
1204
+
bt_cb(skb)->l2cap.retries = 1;
1205
1205
else
1206
1206
break;
1207
1207
}
···
1846
1846
1847
1847
skb = skb_dequeue(&chan->tx_q);
1848
1848
1849
-
bt_cb(skb)->control.retries = 1;
1850
-
control = &bt_cb(skb)->control;
1849
+
bt_cb(skb)->l2cap.retries = 1;
1850
+
control = &bt_cb(skb)->l2cap;
1851
1851
1852
1852
control->reqseq = 0;
1853
1853
control->txseq = chan->next_tx_seq;
···
1891
1891
1892
1892
skb = chan->tx_send_head;
1893
1893
1894
-
bt_cb(skb)->control.retries = 1;
1895
-
control = &bt_cb(skb)->control;
1894
+
bt_cb(skb)->l2cap.retries = 1;
1895
+
control = &bt_cb(skb)->l2cap;
1896
1896
1897
1897
if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
1898
1898
control->final = 1;
···
1963
1963
continue;
1964
1964
}
1965
1965
1966
-
bt_cb(skb)->control.retries++;
1967
-
control = bt_cb(skb)->control;
1966
+
bt_cb(skb)->l2cap.retries++;
1967
+
control = bt_cb(skb)->l2cap;
1968
1968
1969
1969
if (chan->max_tx != 0 &&
1970
-
bt_cb(skb)->control.retries > chan->max_tx) {
1970
+
bt_cb(skb)->l2cap.retries > chan->max_tx) {
1971
1971
BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
1972
1972
l2cap_send_disconn_req(chan, ECONNRESET);
1973
1973
l2cap_seq_list_clear(&chan->retrans_list);
···
2045
2045
2046
2046
if (chan->unacked_frames) {
2047
2047
skb_queue_walk(&chan->tx_q, skb) {
2048
-
if (bt_cb(skb)->control.txseq == control->reqseq ||
2048
+
if (bt_cb(skb)->l2cap.txseq == control->reqseq ||
2049
2049
skb == chan->tx_send_head)
2050
2050
break;
2051
2051
}
···
2055
2055
break;
2056
2056
2057
2057
l2cap_seq_list_append(&chan->retrans_list,
2058
-
bt_cb(skb)->control.txseq);
2058
+
bt_cb(skb)->l2cap.txseq);
2059
2059
}
2060
2060
2061
2061
l2cap_ertm_resend(chan);
···
2267
2267
return ERR_PTR(err);
2268
2268
}
2269
2269
2270
-
bt_cb(skb)->control.fcs = chan->fcs;
2271
-
bt_cb(skb)->control.retries = 0;
2270
+
bt_cb(skb)->l2cap.fcs = chan->fcs;
2271
+
bt_cb(skb)->l2cap.retries = 0;
2272
2272
return skb;
2273
2273
}
2274
2274
···
2321
2321
return PTR_ERR(skb);
2322
2322
}
2323
2323
2324
-
bt_cb(skb)->control.sar = sar;
2324
+
bt_cb(skb)->l2cap.sar = sar;
2325
2325
__skb_queue_tail(seg_queue, skb);
2326
2326
2327
2327
len -= pdu_len;
···
2856
2856
continue;
2857
2857
2858
2858
/* Don't send frame to the channel it came from */
2859
-
if (bt_cb(skb)->chan == chan)
2859
+
if (bt_cb(skb)->l2cap.chan == chan)
2860
2860
continue;
2861
2861
2862
2862
nskb = skb_clone(skb, GFP_KERNEL);
···
5918
5918
5919
5919
skb_unlink(skb, &chan->srej_q);
5920
5920
chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
5921
-
err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->control);
5921
+
err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->l2cap);
5922
5922
if (err)
5923
5923
break;
5924
5924
}
···
5952
5952
return;
5953
5953
}
5954
5954
5955
-
if (chan->max_tx != 0 && bt_cb(skb)->control.retries >= chan->max_tx) {
5955
+
if (chan->max_tx != 0 && bt_cb(skb)->l2cap.retries >= chan->max_tx) {
5956
5956
BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
5957
5957
l2cap_send_disconn_req(chan, ECONNRESET);
5958
5958
return;
···
6005
6005
skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
6006
6006
6007
6007
if (chan->max_tx && skb &&
6008
-
bt_cb(skb)->control.retries >= chan->max_tx) {
6008
+
bt_cb(skb)->l2cap.retries >= chan->max_tx) {
6009
6009
BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
6010
6010
l2cap_send_disconn_req(chan, ECONNRESET);
6011
6011
return;
···
6565
6565
6566
6566
static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6567
6567
{
6568
-
struct l2cap_ctrl *control = &bt_cb(skb)->control;
6568
+
struct l2cap_ctrl *control = &bt_cb(skb)->l2cap;
6569
6569
u16 len;
6570
6570
u8 event;
6571
6571
···
6864
6864
goto drop;
6865
6865
6866
6866
/* Store remote BD_ADDR and PSM for msg_name */
6867
-
bacpy(&bt_cb(skb)->bdaddr, &hcon->dst);
6868
-
bt_cb(skb)->psm = psm;
6867
+
bacpy(&bt_cb(skb)->l2cap.bdaddr, &hcon->dst);
6868
+
bt_cb(skb)->l2cap.psm = psm;
6869
6869
6870
6870
if (!chan->ops->recv(chan, skb)) {
6871
6871
l2cap_chan_put(chan);
+3
-3
net/bluetooth/l2cap_sock.c
+3
-3
net/bluetooth/l2cap_sock.c
···
1330
1330
1331
1331
skb->priority = sk->sk_priority;
1332
1332
1333
-
bt_cb(skb)->chan = chan;
1333
+
bt_cb(skb)->l2cap.chan = chan;
1334
1334
1335
1335
return skb;
1336
1336
}
···
1444
1444
1445
1445
memset(la, 0, sizeof(struct sockaddr_l2));
1446
1446
la->l2_family = AF_BLUETOOTH;
1447
-
la->l2_psm = bt_cb(skb)->psm;
1448
-
bacpy(&la->l2_bdaddr, &bt_cb(skb)->bdaddr);
1447
+
la->l2_psm = bt_cb(skb)->l2cap.psm;
1448
+
bacpy(&la->l2_bdaddr, &bt_cb(skb)->l2cap.bdaddr);
1449
1449
1450
1450
*msg_namelen = sizeof(struct sockaddr_l2);
1451
1451
}
+166
-105
net/bluetooth/mgmt.c
+166
-105
net/bluetooth/mgmt.c
···
985
985
/* Instance 0 always manages the "Tx Power" and "Flags" fields */
986
986
flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
987
987
988
-
/* For instance 0, assemble the flags from global settings */
989
-
if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE) ||
990
-
get_connectable(hdev))
988
+
/* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting corresponds
989
+
* to the "connectable" instance flag.
990
+
*/
991
+
if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
991
992
flags |= MGMT_ADV_FLAG_CONNECTABLE;
992
993
993
994
return flags;
995
+
}
996
+
997
+
static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
998
+
{
999
+
/* Ignore instance 0 and other unsupported instances */
1000
+
if (instance != 0x01)
1001
+
return 0;
1002
+
1003
+
/* TODO: Take into account the "appearance" and "local-name" flags here.
1004
+
* These are currently being ignored as they are not supported.
1005
+
*/
1006
+
return hdev->adv_instance.scan_rsp_len;
994
1007
}
995
1008
996
1009
static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
···
1043
1030
}
1044
1031
}
1045
1032
1033
+
if (instance) {
1034
+
memcpy(ptr, hdev->adv_instance.adv_data,
1035
+
hdev->adv_instance.adv_data_len);
1036
+
1037
+
ad_len += hdev->adv_instance.adv_data_len;
1038
+
ptr += hdev->adv_instance.adv_data_len;
1039
+
}
1040
+
1046
1041
/* Provide Tx Power only if we can provide a valid value for it */
1047
1042
if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1048
1043
(instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
···
1060
1039
1061
1040
ad_len += 3;
1062
1041
ptr += 3;
1063
-
}
1064
-
1065
-
if (instance) {
1066
-
memcpy(ptr, hdev->adv_instance.adv_data,
1067
-
hdev->adv_instance.adv_data_len);
1068
-
ad_len += hdev->adv_instance.adv_data_len;
1069
1042
}
1070
1043
1071
1044
return ad_len;
···
1257
1242
1258
1243
instance = get_current_adv_instance(hdev);
1259
1244
flags = get_adv_instance_flags(hdev, instance);
1260
-
connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE);
1245
+
1246
+
/* If the "connectable" instance flag was not set, then choose between
1247
+
* ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1248
+
*/
1249
+
connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1250
+
get_connectable(hdev);
1261
1251
1262
1252
/* Set require_privacy to true only when non-connectable
1263
1253
* advertising is used. In that case it is fine to use a
···
1274
1254
memset(&cp, 0, sizeof(cp));
1275
1255
cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1276
1256
cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1277
-
cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1257
+
1258
+
if (connectable)
1259
+
cp.type = LE_ADV_IND;
1260
+
else if (get_adv_instance_scan_rsp_len(hdev, instance))
1261
+
cp.type = LE_ADV_SCAN_IND;
1262
+
else
1263
+
cp.type = LE_ADV_NONCONN_IND;
1264
+
1278
1265
cp.own_address_type = own_addr_type;
1279
1266
cp.channel_map = hdev->le_adv_channel_map;
1280
1267
···
2115
2088
2116
2089
no_scan_update:
2117
2090
/* Update the advertising parameters if necessary */
2118
-
if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
2091
+
if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2092
+
hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2119
2093
enable_advertising(&req);
2120
2094
2121
2095
err = hci_req_run(&req, set_connectable_complete);
···
3785
3757
return err;
3786
3758
}
3787
3759
3760
+
static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3761
+
u16 opcode, struct sk_buff *skb)
3762
+
{
3763
+
struct mgmt_rp_read_local_oob_data mgmt_rp;
3764
+
size_t rp_size = sizeof(mgmt_rp);
3765
+
struct mgmt_pending_cmd *cmd;
3766
+
3767
+
BT_DBG("%s status %u", hdev->name, status);
3768
+
3769
+
cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3770
+
if (!cmd)
3771
+
return;
3772
+
3773
+
if (status || !skb) {
3774
+
mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3775
+
status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3776
+
goto remove;
3777
+
}
3778
+
3779
+
memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3780
+
3781
+
if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3782
+
struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3783
+
3784
+
if (skb->len < sizeof(*rp)) {
3785
+
mgmt_cmd_status(cmd->sk, hdev->id,
3786
+
MGMT_OP_READ_LOCAL_OOB_DATA,
3787
+
MGMT_STATUS_FAILED);
3788
+
goto remove;
3789
+
}
3790
+
3791
+
memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3792
+
memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3793
+
3794
+
rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3795
+
} else {
3796
+
struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3797
+
3798
+
if (skb->len < sizeof(*rp)) {
3799
+
mgmt_cmd_status(cmd->sk, hdev->id,
3800
+
MGMT_OP_READ_LOCAL_OOB_DATA,
3801
+
MGMT_STATUS_FAILED);
3802
+
goto remove;
3803
+
}
3804
+
3805
+
memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3806
+
memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3807
+
3808
+
memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3809
+
memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3810
+
}
3811
+
3812
+
mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3813
+
MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3814
+
3815
+
remove:
3816
+
mgmt_pending_remove(cmd);
3817
+
}
3818
+
3788
3819
static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3789
3820
void *data, u16 data_len)
3790
3821
{
3791
3822
struct mgmt_pending_cmd *cmd;
3823
+
struct hci_request req;
3792
3824
int err;
3793
3825
3794
3826
BT_DBG("%s", hdev->name);
···
3879
3791
goto unlock;
3880
3792
}
3881
3793
3882
-
if (bredr_sc_enabled(hdev))
3883
-
err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3884
-
0, NULL);
3885
-
else
3886
-
err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3794
+
hci_req_init(&req, hdev);
3887
3795
3796
+
if (bredr_sc_enabled(hdev))
3797
+
hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3798
+
else
3799
+
hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3800
+
3801
+
err = hci_req_run_skb(&req, read_local_oob_data_complete);
3888
3802
if (err < 0)
3889
3803
mgmt_pending_remove(cmd);
3890
3804
···
6478
6388
6479
6389
BT_DBG("%s", hdev->name);
6480
6390
6481
-
if (!hdev_is_powered(hdev))
6482
-
return mgmt_cmd_complete(sk, hdev->id,
6483
-
MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6484
-
MGMT_STATUS_NOT_POWERED,
6485
-
&cp->type, sizeof(cp->type));
6486
-
6487
-
switch (cp->type) {
6488
-
case BIT(BDADDR_BREDR):
6489
-
status = mgmt_bredr_support(hdev);
6490
-
if (status)
6491
-
return mgmt_cmd_complete(sk, hdev->id,
6492
-
MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6493
-
status, &cp->type,
6494
-
sizeof(cp->type));
6495
-
eir_len = 5;
6496
-
break;
6497
-
case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6498
-
status = mgmt_le_support(hdev);
6499
-
if (status)
6500
-
return mgmt_cmd_complete(sk, hdev->id,
6501
-
MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6502
-
status, &cp->type,
6503
-
sizeof(cp->type));
6504
-
eir_len = 9 + 3 + 18 + 18 + 3;
6505
-
break;
6506
-
default:
6507
-
return mgmt_cmd_complete(sk, hdev->id,
6508
-
MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6509
-
MGMT_STATUS_INVALID_PARAMS,
6510
-
&cp->type, sizeof(cp->type));
6391
+
if (hdev_is_powered(hdev)) {
6392
+
switch (cp->type) {
6393
+
case BIT(BDADDR_BREDR):
6394
+
status = mgmt_bredr_support(hdev);
6395
+
if (status)
6396
+
eir_len = 0;
6397
+
else
6398
+
eir_len = 5;
6399
+
break;
6400
+
case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6401
+
status = mgmt_le_support(hdev);
6402
+
if (status)
6403
+
eir_len = 0;
6404
+
else
6405
+
eir_len = 9 + 3 + 18 + 18 + 3;
6406
+
break;
6407
+
default:
6408
+
status = MGMT_STATUS_INVALID_PARAMS;
6409
+
eir_len = 0;
6410
+
break;
6411
+
}
6412
+
} else {
6413
+
status = MGMT_STATUS_NOT_POWERED;
6414
+
eir_len = 0;
6511
6415
}
6512
-
6513
-
hci_dev_lock(hdev);
6514
6416
6515
6417
rp_len = sizeof(*rp) + eir_len;
6516
6418
rp = kmalloc(rp_len, GFP_ATOMIC);
6517
-
if (!rp) {
6518
-
hci_dev_unlock(hdev);
6419
+
if (!rp)
6519
6420
return -ENOMEM;
6520
-
}
6421
+
6422
+
if (status)
6423
+
goto complete;
6424
+
6425
+
hci_dev_lock(hdev);
6521
6426
6522
6427
eir_len = 0;
6523
6428
switch (cp->type) {
···
6524
6439
if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6525
6440
smp_generate_oob(hdev, hash, rand) < 0) {
6526
6441
hci_dev_unlock(hdev);
6527
-
err = mgmt_cmd_complete(sk, hdev->id,
6528
-
MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6529
-
MGMT_STATUS_FAILED,
6530
-
&cp->type, sizeof(cp->type));
6531
-
goto done;
6442
+
status = MGMT_STATUS_FAILED;
6443
+
goto complete;
6532
6444
}
6533
6445
6446
+
/* This should return the active RPA, but since the RPA
6447
+
* is only programmed on demand, it is really hard to fill
6448
+
* this in at the moment. For now disallow retrieving
6449
+
* local out-of-band data when privacy is in use.
6450
+
*
6451
+
* Returning the identity address will not help here since
6452
+
* pairing happens before the identity resolving key is
6453
+
* known and thus the connection establishment happens
6454
+
* based on the RPA and not the identity address.
6455
+
*/
6534
6456
if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6535
-
memcpy(addr, &hdev->rpa, 6);
6536
-
addr[6] = 0x01;
6537
-
} else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6538
-
!bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6539
-
(!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6540
-
bacmp(&hdev->static_addr, BDADDR_ANY))) {
6457
+
hci_dev_unlock(hdev);
6458
+
status = MGMT_STATUS_REJECTED;
6459
+
goto complete;
6460
+
}
6461
+
6462
+
if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6463
+
!bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6464
+
(!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6465
+
bacmp(&hdev->static_addr, BDADDR_ANY))) {
6541
6466
memcpy(addr, &hdev->static_addr, 6);
6542
6467
addr[6] = 0x01;
6543
6468
} else {
···
6586
6491
break;
6587
6492
}
6588
6493
6589
-
rp->type = cp->type;
6590
-
rp->eir_len = cpu_to_le16(eir_len);
6591
-
6592
6494
hci_dev_unlock(hdev);
6593
6495
6594
6496
hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6595
6497
6498
+
status = MGMT_STATUS_SUCCESS;
6499
+
6500
+
complete:
6501
+
rp->type = cp->type;
6502
+
rp->eir_len = cpu_to_le16(eir_len);
6503
+
6596
6504
err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6597
-
MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
6598
-
if (err < 0)
6505
+
status, rp, sizeof(*rp) + eir_len);
6506
+
if (err < 0 || status)
6599
6507
goto done;
6600
6508
6601
6509
err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
···
7995
7897
7996
7898
mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7997
7899
cmd ? cmd->sk : NULL);
7998
-
}
7999
-
8000
-
void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
8001
-
u8 *rand192, u8 *hash256, u8 *rand256,
8002
-
u8 status)
8003
-
{
8004
-
struct mgmt_pending_cmd *cmd;
8005
-
8006
-
BT_DBG("%s status %u", hdev->name, status);
8007
-
8008
-
cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
8009
-
if (!cmd)
8010
-
return;
8011
-
8012
-
if (status) {
8013
-
mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
8014
-
mgmt_status(status));
8015
-
} else {
8016
-
struct mgmt_rp_read_local_oob_data rp;
8017
-
size_t rp_size = sizeof(rp);
8018
-
8019
-
memcpy(rp.hash192, hash192, sizeof(rp.hash192));
8020
-
memcpy(rp.rand192, rand192, sizeof(rp.rand192));
8021
-
8022
-
if (bredr_sc_enabled(hdev) && hash256 && rand256) {
8023
-
memcpy(rp.hash256, hash256, sizeof(rp.hash256));
8024
-
memcpy(rp.rand256, rand256, sizeof(rp.rand256));
8025
-
} else {
8026
-
rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
8027
-
}
8028
-
8029
-
mgmt_cmd_complete(cmd->sk, hdev->id,
8030
-
MGMT_OP_READ_LOCAL_OOB_DATA, 0,
8031
-
&rp, rp_size);
8032
-
}
8033
-
8034
-
mgmt_pending_remove(cmd);
8035
7900
}
8036
7901
8037
7902
static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
+31
-4
net/bluetooth/selftest.c
+31
-4
net/bluetooth/selftest.c
···
21
21
SOFTWARE IS DISCLAIMED.
22
22
*/
23
23
24
+
#include <linux/debugfs.h>
25
+
24
26
#include <net/bluetooth/bluetooth.h>
25
27
#include <net/bluetooth/hci_core.h>
26
28
···
156
154
return 0;
157
155
}
158
156
157
+
static char test_ecdh_buffer[32];
158
+
159
+
static ssize_t test_ecdh_read(struct file *file, char __user *user_buf,
160
+
size_t count, loff_t *ppos)
161
+
{
162
+
return simple_read_from_buffer(user_buf, count, ppos, test_ecdh_buffer,
163
+
strlen(test_ecdh_buffer));
164
+
}
165
+
166
+
static const struct file_operations test_ecdh_fops = {
167
+
.open = simple_open,
168
+
.read = test_ecdh_read,
169
+
.llseek = default_llseek,
170
+
};
171
+
159
172
static int __init test_ecdh(void)
160
173
{
161
174
ktime_t calltime, delta, rettime;
···
182
165
err = test_ecdh_sample(priv_a_1, priv_b_1, pub_a_1, pub_b_1, dhkey_1);
183
166
if (err) {
184
167
BT_ERR("ECDH sample 1 failed");
185
-
return err;
168
+
goto done;
186
169
}
187
170
188
171
err = test_ecdh_sample(priv_a_2, priv_b_2, pub_a_2, pub_b_2, dhkey_2);
189
172
if (err) {
190
173
BT_ERR("ECDH sample 2 failed");
191
-
return err;
174
+
goto done;
192
175
}
193
176
194
177
err = test_ecdh_sample(priv_a_3, priv_a_3, pub_a_3, pub_a_3, dhkey_3);
195
178
if (err) {
196
179
BT_ERR("ECDH sample 3 failed");
197
-
return err;
180
+
goto done;
198
181
}
199
182
200
183
rettime = ktime_get();
···
203
186
204
187
BT_INFO("ECDH test passed in %llu usecs", duration);
205
188
206
-
return 0;
189
+
done:
190
+
if (!err)
191
+
snprintf(test_ecdh_buffer, sizeof(test_ecdh_buffer),
192
+
"PASS (%llu usecs)\n", duration);
193
+
else
194
+
snprintf(test_ecdh_buffer, sizeof(test_ecdh_buffer), "FAIL\n");
195
+
196
+
debugfs_create_file("selftest_ecdh", 0444, bt_debugfs, NULL,
197
+
&test_ecdh_fops);
198
+
199
+
return err;
207
200
}
208
201
209
202
#else
+35
-10
net/bluetooth/smp.c
+35
-10
net/bluetooth/smp.c
···
3017
3017
return ERR_PTR(-ENOMEM);
3018
3018
3019
3019
skb->priority = HCI_PRIO_MAX;
3020
-
bt_cb(skb)->chan = chan;
3020
+
bt_cb(skb)->l2cap.chan = chan;
3021
3021
3022
3022
return skb;
3023
3023
}
···
3549
3549
return 0;
3550
3550
}
3551
3551
3552
+
static char test_smp_buffer[32];
3553
+
3554
+
static ssize_t test_smp_read(struct file *file, char __user *user_buf,
3555
+
size_t count, loff_t *ppos)
3556
+
{
3557
+
return simple_read_from_buffer(user_buf, count, ppos, test_smp_buffer,
3558
+
strlen(test_smp_buffer));
3559
+
}
3560
+
3561
+
static const struct file_operations test_smp_fops = {
3562
+
.open = simple_open,
3563
+
.read = test_smp_read,
3564
+
.llseek = default_llseek,
3565
+
};
3566
+
3552
3567
static int __init run_selftests(struct crypto_blkcipher *tfm_aes,
3553
3568
struct crypto_hash *tfm_cmac)
3554
3569
{
···
3576
3561
err = test_ah(tfm_aes);
3577
3562
if (err) {
3578
3563
BT_ERR("smp_ah test failed");
3579
-
return err;
3564
+
goto done;
3580
3565
}
3581
3566
3582
3567
err = test_c1(tfm_aes);
3583
3568
if (err) {
3584
3569
BT_ERR("smp_c1 test failed");
3585
-
return err;
3570
+
goto done;
3586
3571
}
3587
3572
3588
3573
err = test_s1(tfm_aes);
3589
3574
if (err) {
3590
3575
BT_ERR("smp_s1 test failed");
3591
-
return err;
3576
+
goto done;
3592
3577
}
3593
3578
3594
3579
err = test_f4(tfm_cmac);
3595
3580
if (err) {
3596
3581
BT_ERR("smp_f4 test failed");
3597
-
return err;
3582
+
goto done;
3598
3583
}
3599
3584
3600
3585
err = test_f5(tfm_cmac);
3601
3586
if (err) {
3602
3587
BT_ERR("smp_f5 test failed");
3603
-
return err;
3588
+
goto done;
3604
3589
}
3605
3590
3606
3591
err = test_f6(tfm_cmac);
3607
3592
if (err) {
3608
3593
BT_ERR("smp_f6 test failed");
3609
-
return err;
3594
+
goto done;
3610
3595
}
3611
3596
3612
3597
err = test_g2(tfm_cmac);
3613
3598
if (err) {
3614
3599
BT_ERR("smp_g2 test failed");
3615
-
return err;
3600
+
goto done;
3616
3601
}
3617
3602
3618
3603
err = test_h6(tfm_cmac);
3619
3604
if (err) {
3620
3605
BT_ERR("smp_h6 test failed");
3621
-
return err;
3606
+
goto done;
3622
3607
}
3623
3608
3624
3609
rettime = ktime_get();
···
3627
3612
3628
3613
BT_INFO("SMP test passed in %llu usecs", duration);
3629
3614
3630
-
return 0;
3615
+
done:
3616
+
if (!err)
3617
+
snprintf(test_smp_buffer, sizeof(test_smp_buffer),
3618
+
"PASS (%llu usecs)\n", duration);
3619
+
else
3620
+
snprintf(test_smp_buffer, sizeof(test_smp_buffer), "FAIL\n");
3621
+
3622
+
debugfs_create_file("selftest_smp", 0444, bt_debugfs, NULL,
3623
+
&test_smp_fops);
3624
+
3625
+
return err;
3631
3626
}
3632
3627
3633
3628
int __init bt_selftest_smp(void)