tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Bluetooth: Remove BT_HS

High Speed, Alternate MAC and PHY (AMP) extension, has been removed from
Bluetooth Core specification on 5.3:

https://www.bluetooth.com/blog/new-core-specification-v5-3-feature-enhancements/

Fixes: 244bc377591c ("Bluetooth: Add BT_HS config option")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Luiz Augusto von Dentz e7b02296 b79e0409

+20 -3056
-1
include/net/bluetooth/hci.h
··· 394 394 HCI_LIMITED_PRIVACY, 395 395 HCI_RPA_EXPIRED, 396 396 HCI_RPA_RESOLVING, 397 - HCI_HS_ENABLED, 398 397 HCI_LE_ENABLED, 399 398 HCI_ADVERTISING, 400 399 HCI_ADVERTISING_CONNECTABLE,
-42
include/net/bluetooth/l2cap.h
··· 59 59 #define L2CAP_WAIT_ACK_POLL_PERIOD msecs_to_jiffies(200) 60 60 #define L2CAP_WAIT_ACK_TIMEOUT msecs_to_jiffies(10000) 61 61 62 - #define L2CAP_A2MP_DEFAULT_MTU 670 63 - 64 62 /* L2CAP socket address */ 65 63 struct sockaddr_l2 { 66 64 sa_family_t l2_family; ··· 107 109 #define L2CAP_ECHO_RSP 0x09 108 110 #define L2CAP_INFO_REQ 0x0a 109 111 #define L2CAP_INFO_RSP 0x0b 110 - #define L2CAP_CREATE_CHAN_REQ 0x0c 111 - #define L2CAP_CREATE_CHAN_RSP 0x0d 112 - #define L2CAP_MOVE_CHAN_REQ 0x0e 113 - #define L2CAP_MOVE_CHAN_RSP 0x0f 114 - #define L2CAP_MOVE_CHAN_CFM 0x10 115 - #define L2CAP_MOVE_CHAN_CFM_RSP 0x11 116 112 #define L2CAP_CONN_PARAM_UPDATE_REQ 0x12 117 113 #define L2CAP_CONN_PARAM_UPDATE_RSP 0x13 118 114 #define L2CAP_LE_CONN_REQ 0x14 ··· 136 144 /* L2CAP fixed channels */ 137 145 #define L2CAP_FC_SIG_BREDR 0x02 138 146 #define L2CAP_FC_CONNLESS 0x04 139 - #define L2CAP_FC_A2MP 0x08 140 147 #define L2CAP_FC_ATT 0x10 141 148 #define L2CAP_FC_SIG_LE 0x20 142 149 #define L2CAP_FC_SMP_LE 0x40 ··· 258 267 /* channel identifier */ 259 268 #define L2CAP_CID_SIGNALING 0x0001 260 269 #define L2CAP_CID_CONN_LESS 0x0002 261 - #define L2CAP_CID_A2MP 0x0003 262 270 #define L2CAP_CID_ATT 0x0004 263 271 #define L2CAP_CID_LE_SIGNALING 0x0005 264 272 #define L2CAP_CID_SMP 0x0006 ··· 272 282 #define L2CAP_CR_BAD_PSM 0x0002 273 283 #define L2CAP_CR_SEC_BLOCK 0x0003 274 284 #define L2CAP_CR_NO_MEM 0x0004 275 - #define L2CAP_CR_BAD_AMP 0x0005 276 285 #define L2CAP_CR_INVALID_SCID 0x0006 277 286 #define L2CAP_CR_SCID_IN_USE 0x0007 278 287 ··· 393 404 __u8 data[]; 394 405 } __packed; 395 406 396 - struct l2cap_create_chan_req { 397 - __le16 psm; 398 - __le16 scid; 399 - __u8 amp_id; 400 - } __packed; 401 - 402 - struct l2cap_create_chan_rsp { 403 - __le16 dcid; 404 - __le16 scid; 405 - __le16 result; 406 - __le16 status; 407 - } __packed; 408 - 409 - struct l2cap_move_chan_req { 410 - __le16 icid; 411 - __u8 dest_amp_id; 412 - } __packed; 413 - 414 - struct l2cap_move_chan_rsp { 415 - __le16 icid; 416 - __le16 result; 417 - } __packed; 418 - 419 407 #define L2CAP_MR_SUCCESS 0x0000 420 408 #define L2CAP_MR_PEND 0x0001 421 409 #define L2CAP_MR_BAD_ID 0x0002 ··· 505 539 506 540 struct l2cap_chan { 507 541 struct l2cap_conn *conn; 508 - struct hci_conn *hs_hcon; 509 - struct hci_chan *hs_hchan; 510 542 struct kref kref; 511 543 atomic_t nesting; 512 544 ··· 554 590 unsigned long conf_state; 555 591 unsigned long conn_state; 556 592 unsigned long flags; 557 - 558 - __u8 remote_amp_id; 559 - __u8 local_amp_id; 560 - __u8 move_id; 561 - __u8 move_state; 562 - __u8 move_role; 563 593 564 594 __u16 next_tx_seq; 565 595 __u16 expected_ack_seq;
-8
net/bluetooth/Kconfig
··· 62 62 63 63 source "net/bluetooth/hidp/Kconfig" 64 64 65 - config BT_HS 66 - bool "Bluetooth High Speed (HS) features" 67 - depends on BT_BREDR 68 - help 69 - Bluetooth High Speed includes support for off-loading 70 - Bluetooth connections via 802.11 (wifi) physical layer 71 - available with Bluetooth version 3.0 or later. 72 - 73 65 config BT_LE 74 66 bool "Bluetooth Low Energy (LE) features" 75 67 depends on BT
-1
net/bluetooth/Makefile
··· 21 21 22 22 bluetooth-$(CONFIG_BT_BREDR) += sco.o 23 23 bluetooth-$(CONFIG_BT_LE) += iso.o 24 - bluetooth-$(CONFIG_BT_HS) += a2mp.o amp.o 25 24 bluetooth-$(CONFIG_BT_LEDS) += leds.o 26 25 bluetooth-$(CONFIG_BT_MSFTEXT) += msft.o 27 26 bluetooth-$(CONFIG_BT_AOSPEXT) += aosp.o
-1054
net/bluetooth/a2mp.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-only 2 - /* 3 - Copyright (c) 2010,2011 Code Aurora Forum. All rights reserved. 4 - Copyright (c) 2011,2012 Intel Corp. 5 - 6 - */ 7 - 8 - #include <net/bluetooth/bluetooth.h> 9 - #include <net/bluetooth/hci_core.h> 10 - #include <net/bluetooth/l2cap.h> 11 - 12 - #include "hci_request.h" 13 - #include "a2mp.h" 14 - #include "amp.h" 15 - 16 - #define A2MP_FEAT_EXT 0x8000 17 - 18 - /* Global AMP Manager list */ 19 - static LIST_HEAD(amp_mgr_list); 20 - static DEFINE_MUTEX(amp_mgr_list_lock); 21 - 22 - /* A2MP build & send command helper functions */ 23 - static struct a2mp_cmd *__a2mp_build(u8 code, u8 ident, u16 len, void *data) 24 - { 25 - struct a2mp_cmd *cmd; 26 - int plen; 27 - 28 - plen = sizeof(*cmd) + len; 29 - cmd = kzalloc(plen, GFP_KERNEL); 30 - if (!cmd) 31 - return NULL; 32 - 33 - cmd->code = code; 34 - cmd->ident = ident; 35 - cmd->len = cpu_to_le16(len); 36 - 37 - memcpy(cmd->data, data, len); 38 - 39 - return cmd; 40 - } 41 - 42 - static void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data) 43 - { 44 - struct l2cap_chan *chan = mgr->a2mp_chan; 45 - struct a2mp_cmd *cmd; 46 - u16 total_len = len + sizeof(*cmd); 47 - struct kvec iv; 48 - struct msghdr msg; 49 - 50 - cmd = __a2mp_build(code, ident, len, data); 51 - if (!cmd) 52 - return; 53 - 54 - iv.iov_base = cmd; 55 - iv.iov_len = total_len; 56 - 57 - memset(&msg, 0, sizeof(msg)); 58 - 59 - iov_iter_kvec(&msg.msg_iter, ITER_SOURCE, &iv, 1, total_len); 60 - 61 - l2cap_chan_send(chan, &msg, total_len); 62 - 63 - kfree(cmd); 64 - } 65 - 66 - static u8 __next_ident(struct amp_mgr *mgr) 67 - { 68 - if (++mgr->ident == 0) 69 - mgr->ident = 1; 70 - 71 - return mgr->ident; 72 - } 73 - 74 - static struct amp_mgr *amp_mgr_lookup_by_state(u8 state) 75 - { 76 - struct amp_mgr *mgr; 77 - 78 - mutex_lock(&amp_mgr_list_lock); 79 - list_for_each_entry(mgr, &amp_mgr_list, list) { 80 - if (test_and_clear_bit(state, &mgr->state)) { 81 - amp_mgr_get(mgr); 82 - mutex_unlock(&amp_mgr_list_lock); 83 - return mgr; 84 - } 85 - } 86 - mutex_unlock(&amp_mgr_list_lock); 87 - 88 - return NULL; 89 - } 90 - 91 - /* hci_dev_list shall be locked */ 92 - static void __a2mp_add_cl(struct amp_mgr *mgr, struct a2mp_cl *cl) 93 - { 94 - struct hci_dev *hdev; 95 - int i = 1; 96 - 97 - cl[0].id = AMP_ID_BREDR; 98 - cl[0].type = AMP_TYPE_BREDR; 99 - cl[0].status = AMP_STATUS_BLUETOOTH_ONLY; 100 - 101 - list_for_each_entry(hdev, &hci_dev_list, list) { 102 - if (hdev->dev_type == HCI_AMP) { 103 - cl[i].id = hdev->id; 104 - cl[i].type = hdev->amp_type; 105 - if (test_bit(HCI_UP, &hdev->flags)) 106 - cl[i].status = hdev->amp_status; 107 - else 108 - cl[i].status = AMP_STATUS_POWERED_DOWN; 109 - i++; 110 - } 111 - } 112 - } 113 - 114 - /* Processing A2MP messages */ 115 - static int a2mp_command_rej(struct amp_mgr *mgr, struct sk_buff *skb, 116 - struct a2mp_cmd *hdr) 117 - { 118 - struct a2mp_cmd_rej *rej = (void *) skb->data; 119 - 120 - if (le16_to_cpu(hdr->len) < sizeof(*rej)) 121 - return -EINVAL; 122 - 123 - BT_DBG("ident %u reason %d", hdr->ident, le16_to_cpu(rej->reason)); 124 - 125 - skb_pull(skb, sizeof(*rej)); 126 - 127 - return 0; 128 - } 129 - 130 - static int a2mp_discover_req(struct amp_mgr *mgr, struct sk_buff *skb, 131 - struct a2mp_cmd *hdr) 132 - { 133 - struct a2mp_discov_req *req = (void *) skb->data; 134 - u16 len = le16_to_cpu(hdr->len); 135 - struct a2mp_discov_rsp *rsp; 136 - u16 ext_feat; 137 - u8 num_ctrl; 138 - struct hci_dev *hdev; 139 - 140 - if (len < sizeof(*req)) 141 - return -EINVAL; 142 - 143 - skb_pull(skb, sizeof(*req)); 144 - 145 - ext_feat = le16_to_cpu(req->ext_feat); 146 - 147 - BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(req->mtu), ext_feat); 148 - 149 - /* check that packet is not broken for now */ 150 - while (ext_feat & A2MP_FEAT_EXT) { 151 - if (len < sizeof(ext_feat)) 152 - return -EINVAL; 153 - 154 - ext_feat = get_unaligned_le16(skb->data); 155 - BT_DBG("efm 0x%4.4x", ext_feat); 156 - len -= sizeof(ext_feat); 157 - skb_pull(skb, sizeof(ext_feat)); 158 - } 159 - 160 - read_lock(&hci_dev_list_lock); 161 - 162 - /* at minimum the BR/EDR needs to be listed */ 163 - num_ctrl = 1; 164 - 165 - list_for_each_entry(hdev, &hci_dev_list, list) { 166 - if (hdev->dev_type == HCI_AMP) 167 - num_ctrl++; 168 - } 169 - 170 - len = struct_size(rsp, cl, num_ctrl); 171 - rsp = kmalloc(len, GFP_ATOMIC); 172 - if (!rsp) { 173 - read_unlock(&hci_dev_list_lock); 174 - return -ENOMEM; 175 - } 176 - 177 - rsp->mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU); 178 - rsp->ext_feat = 0; 179 - 180 - __a2mp_add_cl(mgr, rsp->cl); 181 - 182 - read_unlock(&hci_dev_list_lock); 183 - 184 - a2mp_send(mgr, A2MP_DISCOVER_RSP, hdr->ident, len, rsp); 185 - 186 - kfree(rsp); 187 - return 0; 188 - } 189 - 190 - static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb, 191 - struct a2mp_cmd *hdr) 192 - { 193 - struct a2mp_discov_rsp *rsp = (void *) skb->data; 194 - u16 len = le16_to_cpu(hdr->len); 195 - struct a2mp_cl *cl; 196 - u16 ext_feat; 197 - bool found = false; 198 - 199 - if (len < sizeof(*rsp)) 200 - return -EINVAL; 201 - 202 - len -= sizeof(*rsp); 203 - skb_pull(skb, sizeof(*rsp)); 204 - 205 - ext_feat = le16_to_cpu(rsp->ext_feat); 206 - 207 - BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(rsp->mtu), ext_feat); 208 - 209 - /* check that packet is not broken for now */ 210 - while (ext_feat & A2MP_FEAT_EXT) { 211 - if (len < sizeof(ext_feat)) 212 - return -EINVAL; 213 - 214 - ext_feat = get_unaligned_le16(skb->data); 215 - BT_DBG("efm 0x%4.4x", ext_feat); 216 - len -= sizeof(ext_feat); 217 - skb_pull(skb, sizeof(ext_feat)); 218 - } 219 - 220 - cl = (void *) skb->data; 221 - while (len >= sizeof(*cl)) { 222 - BT_DBG("Remote AMP id %u type %u status %u", cl->id, cl->type, 223 - cl->status); 224 - 225 - if (cl->id != AMP_ID_BREDR && cl->type != AMP_TYPE_BREDR) { 226 - struct a2mp_info_req req; 227 - 228 - found = true; 229 - 230 - memset(&req, 0, sizeof(req)); 231 - 232 - req.id = cl->id; 233 - a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr), 234 - sizeof(req), &req); 235 - } 236 - 237 - len -= sizeof(*cl); 238 - cl = skb_pull(skb, sizeof(*cl)); 239 - } 240 - 241 - /* Fall back to L2CAP init sequence */ 242 - if (!found) { 243 - struct l2cap_conn *conn = mgr->l2cap_conn; 244 - struct l2cap_chan *chan; 245 - 246 - mutex_lock(&conn->chan_lock); 247 - 248 - list_for_each_entry(chan, &conn->chan_l, list) { 249 - 250 - BT_DBG("chan %p state %s", chan, 251 - state_to_string(chan->state)); 252 - 253 - if (chan->scid == L2CAP_CID_A2MP) 254 - continue; 255 - 256 - l2cap_chan_lock(chan); 257 - 258 - if (chan->state == BT_CONNECT) 259 - l2cap_send_conn_req(chan); 260 - 261 - l2cap_chan_unlock(chan); 262 - } 263 - 264 - mutex_unlock(&conn->chan_lock); 265 - } 266 - 267 - return 0; 268 - } 269 - 270 - static int a2mp_change_notify(struct amp_mgr *mgr, struct sk_buff *skb, 271 - struct a2mp_cmd *hdr) 272 - { 273 - struct a2mp_cl *cl = (void *) skb->data; 274 - 275 - while (skb->len >= sizeof(*cl)) { 276 - BT_DBG("Controller id %u type %u status %u", cl->id, cl->type, 277 - cl->status); 278 - cl = skb_pull(skb, sizeof(*cl)); 279 - } 280 - 281 - /* TODO send A2MP_CHANGE_RSP */ 282 - 283 - return 0; 284 - } 285 - 286 - static void read_local_amp_info_complete(struct hci_dev *hdev, u8 status, 287 - u16 opcode) 288 - { 289 - BT_DBG("%s status 0x%2.2x", hdev->name, status); 290 - 291 - a2mp_send_getinfo_rsp(hdev); 292 - } 293 - 294 - static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb, 295 - struct a2mp_cmd *hdr) 296 - { 297 - struct a2mp_info_req *req = (void *) skb->data; 298 - struct hci_dev *hdev; 299 - struct hci_request hreq; 300 - int err = 0; 301 - 302 - if (le16_to_cpu(hdr->len) < sizeof(*req)) 303 - return -EINVAL; 304 - 305 - BT_DBG("id %u", req->id); 306 - 307 - hdev = hci_dev_get(req->id); 308 - if (!hdev || hdev->dev_type != HCI_AMP) { 309 - struct a2mp_info_rsp rsp; 310 - 311 - memset(&rsp, 0, sizeof(rsp)); 312 - 313 - rsp.id = req->id; 314 - rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 315 - 316 - a2mp_send(mgr, A2MP_GETINFO_RSP, hdr->ident, sizeof(rsp), 317 - &rsp); 318 - 319 - goto done; 320 - } 321 - 322 - set_bit(READ_LOC_AMP_INFO, &mgr->state); 323 - hci_req_init(&hreq, hdev); 324 - hci_req_add(&hreq, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL); 325 - err = hci_req_run(&hreq, read_local_amp_info_complete); 326 - if (err < 0) 327 - a2mp_send_getinfo_rsp(hdev); 328 - 329 - done: 330 - if (hdev) 331 - hci_dev_put(hdev); 332 - 333 - skb_pull(skb, sizeof(*req)); 334 - return 0; 335 - } 336 - 337 - static int a2mp_getinfo_rsp(struct amp_mgr *mgr, struct sk_buff *skb, 338 - struct a2mp_cmd *hdr) 339 - { 340 - struct a2mp_info_rsp *rsp = (struct a2mp_info_rsp *) skb->data; 341 - struct a2mp_amp_assoc_req req; 342 - struct amp_ctrl *ctrl; 343 - 344 - if (le16_to_cpu(hdr->len) < sizeof(*rsp)) 345 - return -EINVAL; 346 - 347 - BT_DBG("id %u status 0x%2.2x", rsp->id, rsp->status); 348 - 349 - if (rsp->status) 350 - return -EINVAL; 351 - 352 - ctrl = amp_ctrl_add(mgr, rsp->id); 353 - if (!ctrl) 354 - return -ENOMEM; 355 - 356 - memset(&req, 0, sizeof(req)); 357 - 358 - req.id = rsp->id; 359 - a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req), 360 - &req); 361 - 362 - skb_pull(skb, sizeof(*rsp)); 363 - return 0; 364 - } 365 - 366 - static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb, 367 - struct a2mp_cmd *hdr) 368 - { 369 - struct a2mp_amp_assoc_req *req = (void *) skb->data; 370 - struct hci_dev *hdev; 371 - struct amp_mgr *tmp; 372 - 373 - if (le16_to_cpu(hdr->len) < sizeof(*req)) 374 - return -EINVAL; 375 - 376 - BT_DBG("id %u", req->id); 377 - 378 - /* Make sure that other request is not processed */ 379 - tmp = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC); 380 - 381 - hdev = hci_dev_get(req->id); 382 - if (!hdev || hdev->amp_type == AMP_TYPE_BREDR || tmp) { 383 - struct a2mp_amp_assoc_rsp rsp; 384 - 385 - memset(&rsp, 0, sizeof(rsp)); 386 - rsp.id = req->id; 387 - 388 - if (tmp) { 389 - rsp.status = A2MP_STATUS_COLLISION_OCCURED; 390 - amp_mgr_put(tmp); 391 - } else { 392 - rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 393 - } 394 - 395 - a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, hdr->ident, sizeof(rsp), 396 - &rsp); 397 - 398 - goto done; 399 - } 400 - 401 - amp_read_loc_assoc(hdev, mgr); 402 - 403 - done: 404 - if (hdev) 405 - hci_dev_put(hdev); 406 - 407 - skb_pull(skb, sizeof(*req)); 408 - return 0; 409 - } 410 - 411 - static int a2mp_getampassoc_rsp(struct amp_mgr *mgr, struct sk_buff *skb, 412 - struct a2mp_cmd *hdr) 413 - { 414 - struct a2mp_amp_assoc_rsp *rsp = (void *) skb->data; 415 - u16 len = le16_to_cpu(hdr->len); 416 - struct hci_dev *hdev; 417 - struct amp_ctrl *ctrl; 418 - struct hci_conn *hcon; 419 - size_t assoc_len; 420 - 421 - if (len < sizeof(*rsp)) 422 - return -EINVAL; 423 - 424 - assoc_len = len - sizeof(*rsp); 425 - 426 - BT_DBG("id %u status 0x%2.2x assoc len %zu", rsp->id, rsp->status, 427 - assoc_len); 428 - 429 - if (rsp->status) 430 - return -EINVAL; 431 - 432 - /* Save remote ASSOC data */ 433 - ctrl = amp_ctrl_lookup(mgr, rsp->id); 434 - if (ctrl) { 435 - u8 *assoc; 436 - 437 - assoc = kmemdup(rsp->amp_assoc, assoc_len, GFP_KERNEL); 438 - if (!assoc) { 439 - amp_ctrl_put(ctrl); 440 - return -ENOMEM; 441 - } 442 - 443 - ctrl->assoc = assoc; 444 - ctrl->assoc_len = assoc_len; 445 - ctrl->assoc_rem_len = assoc_len; 446 - ctrl->assoc_len_so_far = 0; 447 - 448 - amp_ctrl_put(ctrl); 449 - } 450 - 451 - /* Create Phys Link */ 452 - hdev = hci_dev_get(rsp->id); 453 - if (!hdev) 454 - return -EINVAL; 455 - 456 - hcon = phylink_add(hdev, mgr, rsp->id, true); 457 - if (!hcon) 458 - goto done; 459 - 460 - BT_DBG("Created hcon %p: loc:%u -> rem:%u", hcon, hdev->id, rsp->id); 461 - 462 - mgr->bredr_chan->remote_amp_id = rsp->id; 463 - 464 - amp_create_phylink(hdev, mgr, hcon); 465 - 466 - done: 467 - hci_dev_put(hdev); 468 - skb_pull(skb, len); 469 - return 0; 470 - } 471 - 472 - static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb, 473 - struct a2mp_cmd *hdr) 474 - { 475 - struct a2mp_physlink_req *req = (void *) skb->data; 476 - struct a2mp_physlink_rsp rsp; 477 - struct hci_dev *hdev; 478 - struct hci_conn *hcon; 479 - struct amp_ctrl *ctrl; 480 - 481 - if (le16_to_cpu(hdr->len) < sizeof(*req)) 482 - return -EINVAL; 483 - 484 - BT_DBG("local_id %u, remote_id %u", req->local_id, req->remote_id); 485 - 486 - memset(&rsp, 0, sizeof(rsp)); 487 - 488 - rsp.local_id = req->remote_id; 489 - rsp.remote_id = req->local_id; 490 - 491 - hdev = hci_dev_get(req->remote_id); 492 - if (!hdev || hdev->amp_type == AMP_TYPE_BREDR) { 493 - rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 494 - goto send_rsp; 495 - } 496 - 497 - ctrl = amp_ctrl_lookup(mgr, rsp.remote_id); 498 - if (!ctrl) { 499 - ctrl = amp_ctrl_add(mgr, rsp.remote_id); 500 - if (ctrl) { 501 - amp_ctrl_get(ctrl); 502 - } else { 503 - rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION; 504 - goto send_rsp; 505 - } 506 - } 507 - 508 - if (ctrl) { 509 - size_t assoc_len = le16_to_cpu(hdr->len) - sizeof(*req); 510 - u8 *assoc; 511 - 512 - assoc = kmemdup(req->amp_assoc, assoc_len, GFP_KERNEL); 513 - if (!assoc) { 514 - amp_ctrl_put(ctrl); 515 - hci_dev_put(hdev); 516 - return -ENOMEM; 517 - } 518 - 519 - ctrl->assoc = assoc; 520 - ctrl->assoc_len = assoc_len; 521 - ctrl->assoc_rem_len = assoc_len; 522 - ctrl->assoc_len_so_far = 0; 523 - 524 - amp_ctrl_put(ctrl); 525 - } 526 - 527 - hcon = phylink_add(hdev, mgr, req->local_id, false); 528 - if (hcon) { 529 - amp_accept_phylink(hdev, mgr, hcon); 530 - rsp.status = A2MP_STATUS_SUCCESS; 531 - } else { 532 - rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION; 533 - } 534 - 535 - send_rsp: 536 - if (hdev) 537 - hci_dev_put(hdev); 538 - 539 - /* Reply error now and success after HCI Write Remote AMP Assoc 540 - command complete with success status 541 - */ 542 - if (rsp.status != A2MP_STATUS_SUCCESS) { 543 - a2mp_send(mgr, A2MP_CREATEPHYSLINK_RSP, hdr->ident, 544 - sizeof(rsp), &rsp); 545 - } else { 546 - set_bit(WRITE_REMOTE_AMP_ASSOC, &mgr->state); 547 - mgr->ident = hdr->ident; 548 - } 549 - 550 - skb_pull(skb, le16_to_cpu(hdr->len)); 551 - return 0; 552 - } 553 - 554 - static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb, 555 - struct a2mp_cmd *hdr) 556 - { 557 - struct a2mp_physlink_req *req = (void *) skb->data; 558 - struct a2mp_physlink_rsp rsp; 559 - struct hci_dev *hdev; 560 - struct hci_conn *hcon; 561 - 562 - if (le16_to_cpu(hdr->len) < sizeof(*req)) 563 - return -EINVAL; 564 - 565 - BT_DBG("local_id %u remote_id %u", req->local_id, req->remote_id); 566 - 567 - memset(&rsp, 0, sizeof(rsp)); 568 - 569 - rsp.local_id = req->remote_id; 570 - rsp.remote_id = req->local_id; 571 - rsp.status = A2MP_STATUS_SUCCESS; 572 - 573 - hdev = hci_dev_get(req->remote_id); 574 - if (!hdev) { 575 - rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 576 - goto send_rsp; 577 - } 578 - 579 - hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, 580 - &mgr->l2cap_conn->hcon->dst); 581 - if (!hcon) { 582 - bt_dev_err(hdev, "no phys link exist"); 583 - rsp.status = A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS; 584 - goto clean; 585 - } 586 - 587 - /* TODO Disconnect Phys Link here */ 588 - 589 - clean: 590 - hci_dev_put(hdev); 591 - 592 - send_rsp: 593 - a2mp_send(mgr, A2MP_DISCONNPHYSLINK_RSP, hdr->ident, sizeof(rsp), &rsp); 594 - 595 - skb_pull(skb, sizeof(*req)); 596 - return 0; 597 - } 598 - 599 - static inline int a2mp_cmd_rsp(struct amp_mgr *mgr, struct sk_buff *skb, 600 - struct a2mp_cmd *hdr) 601 - { 602 - BT_DBG("ident %u code 0x%2.2x", hdr->ident, hdr->code); 603 - 604 - skb_pull(skb, le16_to_cpu(hdr->len)); 605 - return 0; 606 - } 607 - 608 - /* Handle A2MP signalling */ 609 - static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb) 610 - { 611 - struct a2mp_cmd *hdr; 612 - struct amp_mgr *mgr = chan->data; 613 - int err = 0; 614 - 615 - amp_mgr_get(mgr); 616 - 617 - while (skb->len >= sizeof(*hdr)) { 618 - u16 len; 619 - 620 - hdr = (void *) skb->data; 621 - len = le16_to_cpu(hdr->len); 622 - 623 - BT_DBG("code 0x%2.2x id %u len %u", hdr->code, hdr->ident, len); 624 - 625 - skb_pull(skb, sizeof(*hdr)); 626 - 627 - if (len > skb->len || !hdr->ident) { 628 - err = -EINVAL; 629 - break; 630 - } 631 - 632 - mgr->ident = hdr->ident; 633 - 634 - switch (hdr->code) { 635 - case A2MP_COMMAND_REJ: 636 - a2mp_command_rej(mgr, skb, hdr); 637 - break; 638 - 639 - case A2MP_DISCOVER_REQ: 640 - err = a2mp_discover_req(mgr, skb, hdr); 641 - break; 642 - 643 - case A2MP_CHANGE_NOTIFY: 644 - err = a2mp_change_notify(mgr, skb, hdr); 645 - break; 646 - 647 - case A2MP_GETINFO_REQ: 648 - err = a2mp_getinfo_req(mgr, skb, hdr); 649 - break; 650 - 651 - case A2MP_GETAMPASSOC_REQ: 652 - err = a2mp_getampassoc_req(mgr, skb, hdr); 653 - break; 654 - 655 - case A2MP_CREATEPHYSLINK_REQ: 656 - err = a2mp_createphyslink_req(mgr, skb, hdr); 657 - break; 658 - 659 - case A2MP_DISCONNPHYSLINK_REQ: 660 - err = a2mp_discphyslink_req(mgr, skb, hdr); 661 - break; 662 - 663 - case A2MP_DISCOVER_RSP: 664 - err = a2mp_discover_rsp(mgr, skb, hdr); 665 - break; 666 - 667 - case A2MP_GETINFO_RSP: 668 - err = a2mp_getinfo_rsp(mgr, skb, hdr); 669 - break; 670 - 671 - case A2MP_GETAMPASSOC_RSP: 672 - err = a2mp_getampassoc_rsp(mgr, skb, hdr); 673 - break; 674 - 675 - case A2MP_CHANGE_RSP: 676 - case A2MP_CREATEPHYSLINK_RSP: 677 - case A2MP_DISCONNPHYSLINK_RSP: 678 - err = a2mp_cmd_rsp(mgr, skb, hdr); 679 - break; 680 - 681 - default: 682 - BT_ERR("Unknown A2MP sig cmd 0x%2.2x", hdr->code); 683 - err = -EINVAL; 684 - break; 685 - } 686 - } 687 - 688 - if (err) { 689 - struct a2mp_cmd_rej rej; 690 - 691 - memset(&rej, 0, sizeof(rej)); 692 - 693 - rej.reason = cpu_to_le16(0); 694 - hdr = (void *) skb->data; 695 - 696 - BT_DBG("Send A2MP Rej: cmd 0x%2.2x err %d", hdr->code, err); 697 - 698 - a2mp_send(mgr, A2MP_COMMAND_REJ, hdr->ident, sizeof(rej), 699 - &rej); 700 - } 701 - 702 - /* Always free skb and return success error code to prevent 703 - from sending L2CAP Disconnect over A2MP channel */ 704 - kfree_skb(skb); 705 - 706 - amp_mgr_put(mgr); 707 - 708 - return 0; 709 - } 710 - 711 - static void a2mp_chan_close_cb(struct l2cap_chan *chan) 712 - { 713 - l2cap_chan_put(chan); 714 - } 715 - 716 - static void a2mp_chan_state_change_cb(struct l2cap_chan *chan, int state, 717 - int err) 718 - { 719 - struct amp_mgr *mgr = chan->data; 720 - 721 - if (!mgr) 722 - return; 723 - 724 - BT_DBG("chan %p state %s", chan, state_to_string(state)); 725 - 726 - chan->state = state; 727 - 728 - switch (state) { 729 - case BT_CLOSED: 730 - if (mgr) 731 - amp_mgr_put(mgr); 732 - break; 733 - } 734 - } 735 - 736 - static struct sk_buff *a2mp_chan_alloc_skb_cb(struct l2cap_chan *chan, 737 - unsigned long hdr_len, 738 - unsigned long len, int nb) 739 - { 740 - struct sk_buff *skb; 741 - 742 - skb = bt_skb_alloc(hdr_len + len, GFP_KERNEL); 743 - if (!skb) 744 - return ERR_PTR(-ENOMEM); 745 - 746 - return skb; 747 - } 748 - 749 - static const struct l2cap_ops a2mp_chan_ops = { 750 - .name = "L2CAP A2MP channel", 751 - .recv = a2mp_chan_recv_cb, 752 - .close = a2mp_chan_close_cb, 753 - .state_change = a2mp_chan_state_change_cb, 754 - .alloc_skb = a2mp_chan_alloc_skb_cb, 755 - 756 - /* Not implemented for A2MP */ 757 - .new_connection = l2cap_chan_no_new_connection, 758 - .teardown = l2cap_chan_no_teardown, 759 - .ready = l2cap_chan_no_ready, 760 - .defer = l2cap_chan_no_defer, 761 - .resume = l2cap_chan_no_resume, 762 - .set_shutdown = l2cap_chan_no_set_shutdown, 763 - .get_sndtimeo = l2cap_chan_no_get_sndtimeo, 764 - }; 765 - 766 - static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked) 767 - { 768 - struct l2cap_chan *chan; 769 - int err; 770 - 771 - chan = l2cap_chan_create(); 772 - if (!chan) 773 - return NULL; 774 - 775 - BT_DBG("chan %p", chan); 776 - 777 - chan->chan_type = L2CAP_CHAN_FIXED; 778 - chan->scid = L2CAP_CID_A2MP; 779 - chan->dcid = L2CAP_CID_A2MP; 780 - chan->omtu = L2CAP_A2MP_DEFAULT_MTU; 781 - chan->imtu = L2CAP_A2MP_DEFAULT_MTU; 782 - chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; 783 - 784 - chan->ops = &a2mp_chan_ops; 785 - 786 - l2cap_chan_set_defaults(chan); 787 - chan->remote_max_tx = chan->max_tx; 788 - chan->remote_tx_win = chan->tx_win; 789 - 790 - chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO; 791 - chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO; 792 - 793 - skb_queue_head_init(&chan->tx_q); 794 - 795 - chan->mode = L2CAP_MODE_ERTM; 796 - 797 - err = l2cap_ertm_init(chan); 798 - if (err < 0) { 799 - l2cap_chan_del(chan, 0); 800 - return NULL; 801 - } 802 - 803 - chan->conf_state = 0; 804 - 805 - if (locked) 806 - __l2cap_chan_add(conn, chan); 807 - else 808 - l2cap_chan_add(conn, chan); 809 - 810 - chan->remote_mps = chan->omtu; 811 - chan->mps = chan->omtu; 812 - 813 - chan->state = BT_CONNECTED; 814 - 815 - return chan; 816 - } 817 - 818 - /* AMP Manager functions */ 819 - struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr) 820 - { 821 - BT_DBG("mgr %p orig refcnt %d", mgr, kref_read(&mgr->kref)); 822 - 823 - kref_get(&mgr->kref); 824 - 825 - return mgr; 826 - } 827 - 828 - static void amp_mgr_destroy(struct kref *kref) 829 - { 830 - struct amp_mgr *mgr = container_of(kref, struct amp_mgr, kref); 831 - 832 - BT_DBG("mgr %p", mgr); 833 - 834 - mutex_lock(&amp_mgr_list_lock); 835 - list_del(&mgr->list); 836 - mutex_unlock(&amp_mgr_list_lock); 837 - 838 - amp_ctrl_list_flush(mgr); 839 - kfree(mgr); 840 - } 841 - 842 - int amp_mgr_put(struct amp_mgr *mgr) 843 - { 844 - BT_DBG("mgr %p orig refcnt %d", mgr, kref_read(&mgr->kref)); 845 - 846 - return kref_put(&mgr->kref, &amp_mgr_destroy); 847 - } 848 - 849 - static struct amp_mgr *amp_mgr_create(struct l2cap_conn *conn, bool locked) 850 - { 851 - struct amp_mgr *mgr; 852 - struct l2cap_chan *chan; 853 - 854 - mgr = kzalloc(sizeof(*mgr), GFP_KERNEL); 855 - if (!mgr) 856 - return NULL; 857 - 858 - BT_DBG("conn %p mgr %p", conn, mgr); 859 - 860 - mgr->l2cap_conn = conn; 861 - 862 - chan = a2mp_chan_open(conn, locked); 863 - if (!chan) { 864 - kfree(mgr); 865 - return NULL; 866 - } 867 - 868 - mgr->a2mp_chan = chan; 869 - chan->data = mgr; 870 - 871 - conn->hcon->amp_mgr = mgr; 872 - 873 - kref_init(&mgr->kref); 874 - 875 - /* Remote AMP ctrl list initialization */ 876 - INIT_LIST_HEAD(&mgr->amp_ctrls); 877 - mutex_init(&mgr->amp_ctrls_lock); 878 - 879 - mutex_lock(&amp_mgr_list_lock); 880 - list_add(&mgr->list, &amp_mgr_list); 881 - mutex_unlock(&amp_mgr_list_lock); 882 - 883 - return mgr; 884 - } 885 - 886 - struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn, 887 - struct sk_buff *skb) 888 - { 889 - struct amp_mgr *mgr; 890 - 891 - if (conn->hcon->type != ACL_LINK) 892 - return NULL; 893 - 894 - mgr = amp_mgr_create(conn, false); 895 - if (!mgr) { 896 - BT_ERR("Could not create AMP manager"); 897 - return NULL; 898 - } 899 - 900 - BT_DBG("mgr: %p chan %p", mgr, mgr->a2mp_chan); 901 - 902 - return mgr->a2mp_chan; 903 - } 904 - 905 - void a2mp_send_getinfo_rsp(struct hci_dev *hdev) 906 - { 907 - struct amp_mgr *mgr; 908 - struct a2mp_info_rsp rsp; 909 - 910 - mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_INFO); 911 - if (!mgr) 912 - return; 913 - 914 - BT_DBG("%s mgr %p", hdev->name, mgr); 915 - 916 - memset(&rsp, 0, sizeof(rsp)); 917 - 918 - rsp.id = hdev->id; 919 - rsp.status = A2MP_STATUS_INVALID_CTRL_ID; 920 - 921 - if (hdev->amp_type != AMP_TYPE_BREDR) { 922 - rsp.status = 0; 923 - rsp.total_bw = cpu_to_le32(hdev->amp_total_bw); 924 - rsp.max_bw = cpu_to_le32(hdev->amp_max_bw); 925 - rsp.min_latency = cpu_to_le32(hdev->amp_min_latency); 926 - rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap); 927 - rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size); 928 - } 929 - 930 - a2mp_send(mgr, A2MP_GETINFO_RSP, mgr->ident, sizeof(rsp), &rsp); 931 - amp_mgr_put(mgr); 932 - } 933 - 934 - void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status) 935 - { 936 - struct amp_mgr *mgr; 937 - struct amp_assoc *loc_assoc = &hdev->loc_assoc; 938 - struct a2mp_amp_assoc_rsp *rsp; 939 - size_t len; 940 - 941 - mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC); 942 - if (!mgr) 943 - return; 944 - 945 - BT_DBG("%s mgr %p", hdev->name, mgr); 946 - 947 - len = sizeof(struct a2mp_amp_assoc_rsp) + loc_assoc->len; 948 - rsp = kzalloc(len, GFP_KERNEL); 949 - if (!rsp) { 950 - amp_mgr_put(mgr); 951 - return; 952 - } 953 - 954 - rsp->id = hdev->id; 955 - 956 - if (status) { 957 - rsp->status = A2MP_STATUS_INVALID_CTRL_ID; 958 - } else { 959 - rsp->status = A2MP_STATUS_SUCCESS; 960 - memcpy(rsp->amp_assoc, loc_assoc->data, loc_assoc->len); 961 - } 962 - 963 - a2mp_send(mgr, A2MP_GETAMPASSOC_RSP, mgr->ident, len, rsp); 964 - amp_mgr_put(mgr); 965 - kfree(rsp); 966 - } 967 - 968 - void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status) 969 - { 970 - struct amp_mgr *mgr; 971 - struct amp_assoc *loc_assoc = &hdev->loc_assoc; 972 - struct a2mp_physlink_req *req; 973 - struct l2cap_chan *bredr_chan; 974 - size_t len; 975 - 976 - mgr = amp_mgr_lookup_by_state(READ_LOC_AMP_ASSOC_FINAL); 977 - if (!mgr) 978 - return; 979 - 980 - len = sizeof(*req) + loc_assoc->len; 981 - 982 - BT_DBG("%s mgr %p assoc_len %zu", hdev->name, mgr, len); 983 - 984 - req = kzalloc(len, GFP_KERNEL); 985 - if (!req) { 986 - amp_mgr_put(mgr); 987 - return; 988 - } 989 - 990 - bredr_chan = mgr->bredr_chan; 991 - if (!bredr_chan) 992 - goto clean; 993 - 994 - req->local_id = hdev->id; 995 - req->remote_id = bredr_chan->remote_amp_id; 996 - memcpy(req->amp_assoc, loc_assoc->data, loc_assoc->len); 997 - 998 - a2mp_send(mgr, A2MP_CREATEPHYSLINK_REQ, __next_ident(mgr), len, req); 999 - 1000 - clean: 1001 - amp_mgr_put(mgr); 1002 - kfree(req); 1003 - } 1004 - 1005 - void a2mp_send_create_phy_link_rsp(struct hci_dev *hdev, u8 status) 1006 - { 1007 - struct amp_mgr *mgr; 1008 - struct a2mp_physlink_rsp rsp; 1009 - struct hci_conn *hs_hcon; 1010 - 1011 - mgr = amp_mgr_lookup_by_state(WRITE_REMOTE_AMP_ASSOC); 1012 - if (!mgr) 1013 - return; 1014 - 1015 - memset(&rsp, 0, sizeof(rsp)); 1016 - 1017 - hs_hcon = hci_conn_hash_lookup_state(hdev, AMP_LINK, BT_CONNECT); 1018 - if (!hs_hcon) { 1019 - rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION; 1020 - } else { 1021 - rsp.remote_id = hs_hcon->remote_id; 1022 - rsp.status = A2MP_STATUS_SUCCESS; 1023 - } 1024 - 1025 - BT_DBG("%s mgr %p hs_hcon %p status %u", hdev->name, mgr, hs_hcon, 1026 - status); 1027 - 1028 - rsp.local_id = hdev->id; 1029 - a2mp_send(mgr, A2MP_CREATEPHYSLINK_RSP, mgr->ident, sizeof(rsp), &rsp); 1030 - amp_mgr_put(mgr); 1031 - } 1032 - 1033 - void a2mp_discover_amp(struct l2cap_chan *chan) 1034 - { 1035 - struct l2cap_conn *conn = chan->conn; 1036 - struct amp_mgr *mgr = conn->hcon->amp_mgr; 1037 - struct a2mp_discov_req req; 1038 - 1039 - BT_DBG("chan %p conn %p mgr %p", chan, conn, mgr); 1040 - 1041 - if (!mgr) { 1042 - mgr = amp_mgr_create(conn, true); 1043 - if (!mgr) 1044 - return; 1045 - } 1046 - 1047 - mgr->bredr_chan = chan; 1048 - 1049 - memset(&req, 0, sizeof(req)); 1050 - 1051 - req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU); 1052 - req.ext_feat = 0; 1053 - a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req); 1054 - }
-154
net/bluetooth/a2mp.h
··· 1 - /* SPDX-License-Identifier: GPL-2.0-only */ 2 - /* 3 - Copyright (c) 2010,2011 Code Aurora Forum. All rights reserved. 4 - Copyright (c) 2011,2012 Intel Corp. 5 - 6 - */ 7 - 8 - #ifndef __A2MP_H 9 - #define __A2MP_H 10 - 11 - #include <net/bluetooth/l2cap.h> 12 - 13 - enum amp_mgr_state { 14 - READ_LOC_AMP_INFO, 15 - READ_LOC_AMP_ASSOC, 16 - READ_LOC_AMP_ASSOC_FINAL, 17 - WRITE_REMOTE_AMP_ASSOC, 18 - }; 19 - 20 - struct amp_mgr { 21 - struct list_head list; 22 - struct l2cap_conn *l2cap_conn; 23 - struct l2cap_chan *a2mp_chan; 24 - struct l2cap_chan *bredr_chan; 25 - struct kref kref; 26 - __u8 ident; 27 - __u8 handle; 28 - unsigned long state; 29 - unsigned long flags; 30 - 31 - struct list_head amp_ctrls; 32 - struct mutex amp_ctrls_lock; 33 - }; 34 - 35 - struct a2mp_cmd { 36 - __u8 code; 37 - __u8 ident; 38 - __le16 len; 39 - __u8 data[]; 40 - } __packed; 41 - 42 - /* A2MP command codes */ 43 - #define A2MP_COMMAND_REJ 0x01 44 - struct a2mp_cmd_rej { 45 - __le16 reason; 46 - __u8 data[]; 47 - } __packed; 48 - 49 - #define A2MP_DISCOVER_REQ 0x02 50 - struct a2mp_discov_req { 51 - __le16 mtu; 52 - __le16 ext_feat; 53 - } __packed; 54 - 55 - struct a2mp_cl { 56 - __u8 id; 57 - __u8 type; 58 - __u8 status; 59 - } __packed; 60 - 61 - #define A2MP_DISCOVER_RSP 0x03 62 - struct a2mp_discov_rsp { 63 - __le16 mtu; 64 - __le16 ext_feat; 65 - struct a2mp_cl cl[]; 66 - } __packed; 67 - 68 - #define A2MP_CHANGE_NOTIFY 0x04 69 - #define A2MP_CHANGE_RSP 0x05 70 - 71 - #define A2MP_GETINFO_REQ 0x06 72 - struct a2mp_info_req { 73 - __u8 id; 74 - } __packed; 75 - 76 - #define A2MP_GETINFO_RSP 0x07 77 - struct a2mp_info_rsp { 78 - __u8 id; 79 - __u8 status; 80 - __le32 total_bw; 81 - __le32 max_bw; 82 - __le32 min_latency; 83 - __le16 pal_cap; 84 - __le16 assoc_size; 85 - } __packed; 86 - 87 - #define A2MP_GETAMPASSOC_REQ 0x08 88 - struct a2mp_amp_assoc_req { 89 - __u8 id; 90 - } __packed; 91 - 92 - #define A2MP_GETAMPASSOC_RSP 0x09 93 - struct a2mp_amp_assoc_rsp { 94 - __u8 id; 95 - __u8 status; 96 - __u8 amp_assoc[]; 97 - } __packed; 98 - 99 - #define A2MP_CREATEPHYSLINK_REQ 0x0A 100 - #define A2MP_DISCONNPHYSLINK_REQ 0x0C 101 - struct a2mp_physlink_req { 102 - __u8 local_id; 103 - __u8 remote_id; 104 - __u8 amp_assoc[]; 105 - } __packed; 106 - 107 - #define A2MP_CREATEPHYSLINK_RSP 0x0B 108 - #define A2MP_DISCONNPHYSLINK_RSP 0x0D 109 - struct a2mp_physlink_rsp { 110 - __u8 local_id; 111 - __u8 remote_id; 112 - __u8 status; 113 - } __packed; 114 - 115 - /* A2MP response status */ 116 - #define A2MP_STATUS_SUCCESS 0x00 117 - #define A2MP_STATUS_INVALID_CTRL_ID 0x01 118 - #define A2MP_STATUS_UNABLE_START_LINK_CREATION 0x02 119 - #define A2MP_STATUS_NO_PHYSICAL_LINK_EXISTS 0x02 120 - #define A2MP_STATUS_COLLISION_OCCURED 0x03 121 - #define A2MP_STATUS_DISCONN_REQ_RECVD 0x04 122 - #define A2MP_STATUS_PHYS_LINK_EXISTS 0x05 123 - #define A2MP_STATUS_SECURITY_VIOLATION 0x06 124 - 125 - struct amp_mgr *amp_mgr_get(struct amp_mgr *mgr); 126 - 127 - #if IS_ENABLED(CONFIG_BT_HS) 128 - int amp_mgr_put(struct amp_mgr *mgr); 129 - struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn, 130 - struct sk_buff *skb); 131 - void a2mp_discover_amp(struct l2cap_chan *chan); 132 - #else 133 - static inline int amp_mgr_put(struct amp_mgr *mgr) 134 - { 135 - return 0; 136 - } 137 - 138 - static inline struct l2cap_chan *a2mp_channel_create(struct l2cap_conn *conn, 139 - struct sk_buff *skb) 140 - { 141 - return NULL; 142 - } 143 - 144 - static inline void a2mp_discover_amp(struct l2cap_chan *chan) 145 - { 146 - } 147 - #endif 148 - 149 - void a2mp_send_getinfo_rsp(struct hci_dev *hdev); 150 - void a2mp_send_getampassoc_rsp(struct hci_dev *hdev, u8 status); 151 - void a2mp_send_create_phy_link_req(struct hci_dev *hdev, u8 status); 152 - void a2mp_send_create_phy_link_rsp(struct hci_dev *hdev, u8 status); 153 - 154 - #endif /* __A2MP_H */
-590
net/bluetooth/amp.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-only 2 - /* 3 - Copyright (c) 2011,2012 Intel Corp. 4 - 5 - */ 6 - 7 - #include <net/bluetooth/bluetooth.h> 8 - #include <net/bluetooth/hci.h> 9 - #include <net/bluetooth/hci_core.h> 10 - #include <crypto/hash.h> 11 - 12 - #include "hci_request.h" 13 - #include "a2mp.h" 14 - #include "amp.h" 15 - 16 - /* Remote AMP Controllers interface */ 17 - void amp_ctrl_get(struct amp_ctrl *ctrl) 18 - { 19 - BT_DBG("ctrl %p orig refcnt %d", ctrl, 20 - kref_read(&ctrl->kref)); 21 - 22 - kref_get(&ctrl->kref); 23 - } 24 - 25 - static void amp_ctrl_destroy(struct kref *kref) 26 - { 27 - struct amp_ctrl *ctrl = container_of(kref, struct amp_ctrl, kref); 28 - 29 - BT_DBG("ctrl %p", ctrl); 30 - 31 - kfree(ctrl->assoc); 32 - kfree(ctrl); 33 - } 34 - 35 - int amp_ctrl_put(struct amp_ctrl *ctrl) 36 - { 37 - BT_DBG("ctrl %p orig refcnt %d", ctrl, 38 - kref_read(&ctrl->kref)); 39 - 40 - return kref_put(&ctrl->kref, &amp_ctrl_destroy); 41 - } 42 - 43 - struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id) 44 - { 45 - struct amp_ctrl *ctrl; 46 - 47 - ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL); 48 - if (!ctrl) 49 - return NULL; 50 - 51 - kref_init(&ctrl->kref); 52 - ctrl->id = id; 53 - 54 - mutex_lock(&mgr->amp_ctrls_lock); 55 - list_add(&ctrl->list, &mgr->amp_ctrls); 56 - mutex_unlock(&mgr->amp_ctrls_lock); 57 - 58 - BT_DBG("mgr %p ctrl %p", mgr, ctrl); 59 - 60 - return ctrl; 61 - } 62 - 63 - void amp_ctrl_list_flush(struct amp_mgr *mgr) 64 - { 65 - struct amp_ctrl *ctrl, *n; 66 - 67 - BT_DBG("mgr %p", mgr); 68 - 69 - mutex_lock(&mgr->amp_ctrls_lock); 70 - list_for_each_entry_safe(ctrl, n, &mgr->amp_ctrls, list) { 71 - list_del(&ctrl->list); 72 - amp_ctrl_put(ctrl); 73 - } 74 - mutex_unlock(&mgr->amp_ctrls_lock); 75 - } 76 - 77 - struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id) 78 - { 79 - struct amp_ctrl *ctrl; 80 - 81 - BT_DBG("mgr %p id %u", mgr, id); 82 - 83 - mutex_lock(&mgr->amp_ctrls_lock); 84 - list_for_each_entry(ctrl, &mgr->amp_ctrls, list) { 85 - if (ctrl->id == id) { 86 - amp_ctrl_get(ctrl); 87 - mutex_unlock(&mgr->amp_ctrls_lock); 88 - return ctrl; 89 - } 90 - } 91 - mutex_unlock(&mgr->amp_ctrls_lock); 92 - 93 - return NULL; 94 - } 95 - 96 - /* Physical Link interface */ 97 - static u8 __next_handle(struct amp_mgr *mgr) 98 - { 99 - if (++mgr->handle == 0) 100 - mgr->handle = 1; 101 - 102 - return mgr->handle; 103 - } 104 - 105 - struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr, 106 - u8 remote_id, bool out) 107 - { 108 - bdaddr_t *dst = &mgr->l2cap_conn->hcon->dst; 109 - struct hci_conn *hcon; 110 - u8 role = out ? HCI_ROLE_MASTER : HCI_ROLE_SLAVE; 111 - 112 - hcon = hci_conn_add(hdev, AMP_LINK, dst, role, __next_handle(mgr)); 113 - if (!hcon) 114 - return NULL; 115 - 116 - BT_DBG("hcon %p dst %pMR", hcon, dst); 117 - 118 - hcon->state = BT_CONNECT; 119 - hcon->attempt++; 120 - hcon->remote_id = remote_id; 121 - hcon->amp_mgr = amp_mgr_get(mgr); 122 - 123 - return hcon; 124 - } 125 - 126 - /* AMP crypto key generation interface */ 127 - static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output) 128 - { 129 - struct crypto_shash *tfm; 130 - struct shash_desc *shash; 131 - int ret; 132 - 133 - if (!ksize) 134 - return -EINVAL; 135 - 136 - tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); 137 - if (IS_ERR(tfm)) { 138 - BT_DBG("crypto_alloc_ahash failed: err %ld", PTR_ERR(tfm)); 139 - return PTR_ERR(tfm); 140 - } 141 - 142 - ret = crypto_shash_setkey(tfm, key, ksize); 143 - if (ret) { 144 - BT_DBG("crypto_ahash_setkey failed: err %d", ret); 145 - goto failed; 146 - } 147 - 148 - shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(tfm), 149 - GFP_KERNEL); 150 - if (!shash) { 151 - ret = -ENOMEM; 152 - goto failed; 153 - } 154 - 155 - shash->tfm = tfm; 156 - 157 - ret = crypto_shash_digest(shash, plaintext, psize, output); 158 - 159 - kfree(shash); 160 - 161 - failed: 162 - crypto_free_shash(tfm); 163 - return ret; 164 - } 165 - 166 - int phylink_gen_key(struct hci_conn *conn, u8 *data, u8 *len, u8 *type) 167 - { 168 - struct hci_dev *hdev = conn->hdev; 169 - struct link_key *key; 170 - u8 keybuf[HCI_AMP_LINK_KEY_SIZE]; 171 - u8 gamp_key[HCI_AMP_LINK_KEY_SIZE]; 172 - int err; 173 - 174 - if (!hci_conn_check_link_mode(conn)) 175 - return -EACCES; 176 - 177 - BT_DBG("conn %p key_type %d", conn, conn->key_type); 178 - 179 - /* Legacy key */ 180 - if (conn->key_type < 3) { 181 - bt_dev_err(hdev, "legacy key type %u", conn->key_type); 182 - return -EACCES; 183 - } 184 - 185 - *type = conn->key_type; 186 - *len = HCI_AMP_LINK_KEY_SIZE; 187 - 188 - key = hci_find_link_key(hdev, &conn->dst); 189 - if (!key) { 190 - BT_DBG("No Link key for conn %p dst %pMR", conn, &conn->dst); 191 - return -EACCES; 192 - } 193 - 194 - /* BR/EDR Link Key concatenated together with itself */ 195 - memcpy(&keybuf[0], key->val, HCI_LINK_KEY_SIZE); 196 - memcpy(&keybuf[HCI_LINK_KEY_SIZE], key->val, HCI_LINK_KEY_SIZE); 197 - 198 - /* Derive Generic AMP Link Key (gamp) */ 199 - err = hmac_sha256(keybuf, HCI_AMP_LINK_KEY_SIZE, "gamp", 4, gamp_key); 200 - if (err) { 201 - bt_dev_err(hdev, "could not derive Generic AMP Key: err %d", err); 202 - return err; 203 - } 204 - 205 - if (conn->key_type == HCI_LK_DEBUG_COMBINATION) { 206 - BT_DBG("Use Generic AMP Key (gamp)"); 207 - memcpy(data, gamp_key, HCI_AMP_LINK_KEY_SIZE); 208 - return err; 209 - } 210 - 211 - /* Derive Dedicated AMP Link Key: "802b" is 802.11 PAL keyID */ 212 - return hmac_sha256(gamp_key, HCI_AMP_LINK_KEY_SIZE, "802b", 4, data); 213 - } 214 - 215 - static void read_local_amp_assoc_complete(struct hci_dev *hdev, u8 status, 216 - u16 opcode, struct sk_buff *skb) 217 - { 218 - struct hci_rp_read_local_amp_assoc *rp = (void *)skb->data; 219 - struct amp_assoc *assoc = &hdev->loc_assoc; 220 - size_t rem_len, frag_len; 221 - 222 - BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); 223 - 224 - if (rp->status) 225 - goto send_rsp; 226 - 227 - frag_len = skb->len - sizeof(*rp); 228 - rem_len = __le16_to_cpu(rp->rem_len); 229 - 230 - if (rem_len > frag_len) { 231 - BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len); 232 - 233 - memcpy(assoc->data + assoc->offset, rp->frag, frag_len); 234 - assoc->offset += frag_len; 235 - 236 - /* Read other fragments */ 237 - amp_read_loc_assoc_frag(hdev, rp->phy_handle); 238 - 239 - return; 240 - } 241 - 242 - memcpy(assoc->data + assoc->offset, rp->frag, rem_len); 243 - assoc->len = assoc->offset + rem_len; 244 - assoc->offset = 0; 245 - 246 - send_rsp: 247 - /* Send A2MP Rsp when all fragments are received */ 248 - a2mp_send_getampassoc_rsp(hdev, rp->status); 249 - a2mp_send_create_phy_link_req(hdev, rp->status); 250 - } 251 - 252 - void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle) 253 - { 254 - struct hci_cp_read_local_amp_assoc cp; 255 - struct amp_assoc *loc_assoc = &hdev->loc_assoc; 256 - struct hci_request req; 257 - int err; 258 - 259 - BT_DBG("%s handle %u", hdev->name, phy_handle); 260 - 261 - cp.phy_handle = phy_handle; 262 - cp.max_len = cpu_to_le16(hdev->amp_assoc_size); 263 - cp.len_so_far = cpu_to_le16(loc_assoc->offset); 264 - 265 - hci_req_init(&req, hdev); 266 - hci_req_add(&req, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); 267 - err = hci_req_run_skb(&req, read_local_amp_assoc_complete); 268 - if (err < 0) 269 - a2mp_send_getampassoc_rsp(hdev, A2MP_STATUS_INVALID_CTRL_ID); 270 - } 271 - 272 - void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr) 273 - { 274 - struct hci_cp_read_local_amp_assoc cp; 275 - struct hci_request req; 276 - int err; 277 - 278 - memset(&hdev->loc_assoc, 0, sizeof(struct amp_assoc)); 279 - memset(&cp, 0, sizeof(cp)); 280 - 281 - cp.max_len = cpu_to_le16(hdev->amp_assoc_size); 282 - 283 - set_bit(READ_LOC_AMP_ASSOC, &mgr->state); 284 - hci_req_init(&req, hdev); 285 - hci_req_add(&req, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); 286 - err = hci_req_run_skb(&req, read_local_amp_assoc_complete); 287 - if (err < 0) 288 - a2mp_send_getampassoc_rsp(hdev, A2MP_STATUS_INVALID_CTRL_ID); 289 - } 290 - 291 - void amp_read_loc_assoc_final_data(struct hci_dev *hdev, 292 - struct hci_conn *hcon) 293 - { 294 - struct hci_cp_read_local_amp_assoc cp; 295 - struct amp_mgr *mgr = hcon->amp_mgr; 296 - struct hci_request req; 297 - int err; 298 - 299 - if (!mgr) 300 - return; 301 - 302 - cp.phy_handle = hcon->handle; 303 - cp.len_so_far = cpu_to_le16(0); 304 - cp.max_len = cpu_to_le16(hdev->amp_assoc_size); 305 - 306 - set_bit(READ_LOC_AMP_ASSOC_FINAL, &mgr->state); 307 - 308 - /* Read Local AMP Assoc final link information data */ 309 - hci_req_init(&req, hdev); 310 - hci_req_add(&req, HCI_OP_READ_LOCAL_AMP_ASSOC, sizeof(cp), &cp); 311 - err = hci_req_run_skb(&req, read_local_amp_assoc_complete); 312 - if (err < 0) 313 - a2mp_send_getampassoc_rsp(hdev, A2MP_STATUS_INVALID_CTRL_ID); 314 - } 315 - 316 - static void write_remote_amp_assoc_complete(struct hci_dev *hdev, u8 status, 317 - u16 opcode, struct sk_buff *skb) 318 - { 319 - struct hci_rp_write_remote_amp_assoc *rp = (void *)skb->data; 320 - 321 - BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x", 322 - hdev->name, rp->status, rp->phy_handle); 323 - 324 - if (rp->status) 325 - return; 326 - 327 - amp_write_rem_assoc_continue(hdev, rp->phy_handle); 328 - } 329 - 330 - /* Write AMP Assoc data fragments, returns true with last fragment written*/ 331 - static bool amp_write_rem_assoc_frag(struct hci_dev *hdev, 332 - struct hci_conn *hcon) 333 - { 334 - struct hci_cp_write_remote_amp_assoc *cp; 335 - struct amp_mgr *mgr = hcon->amp_mgr; 336 - struct amp_ctrl *ctrl; 337 - struct hci_request req; 338 - u16 frag_len, len; 339 - 340 - ctrl = amp_ctrl_lookup(mgr, hcon->remote_id); 341 - if (!ctrl) 342 - return false; 343 - 344 - if (!ctrl->assoc_rem_len) { 345 - BT_DBG("all fragments are written"); 346 - ctrl->assoc_rem_len = ctrl->assoc_len; 347 - ctrl->assoc_len_so_far = 0; 348 - 349 - amp_ctrl_put(ctrl); 350 - return true; 351 - } 352 - 353 - frag_len = min_t(u16, 248, ctrl->assoc_rem_len); 354 - len = frag_len + sizeof(*cp); 355 - 356 - cp = kzalloc(len, GFP_KERNEL); 357 - if (!cp) { 358 - amp_ctrl_put(ctrl); 359 - return false; 360 - } 361 - 362 - BT_DBG("hcon %p ctrl %p frag_len %u assoc_len %u rem_len %u", 363 - hcon, ctrl, frag_len, ctrl->assoc_len, ctrl->assoc_rem_len); 364 - 365 - cp->phy_handle = hcon->handle; 366 - cp->len_so_far = cpu_to_le16(ctrl->assoc_len_so_far); 367 - cp->rem_len = cpu_to_le16(ctrl->assoc_rem_len); 368 - memcpy(cp->frag, ctrl->assoc, frag_len); 369 - 370 - ctrl->assoc_len_so_far += frag_len; 371 - ctrl->assoc_rem_len -= frag_len; 372 - 373 - amp_ctrl_put(ctrl); 374 - 375 - hci_req_init(&req, hdev); 376 - hci_req_add(&req, HCI_OP_WRITE_REMOTE_AMP_ASSOC, len, cp); 377 - hci_req_run_skb(&req, write_remote_amp_assoc_complete); 378 - 379 - kfree(cp); 380 - 381 - return false; 382 - } 383 - 384 - void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle) 385 - { 386 - struct hci_conn *hcon; 387 - 388 - BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle); 389 - 390 - hcon = hci_conn_hash_lookup_handle(hdev, handle); 391 - if (!hcon) 392 - return; 393 - 394 - /* Send A2MP create phylink rsp when all fragments are written */ 395 - if (amp_write_rem_assoc_frag(hdev, hcon)) 396 - a2mp_send_create_phy_link_rsp(hdev, 0); 397 - } 398 - 399 - void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle) 400 - { 401 - struct hci_conn *hcon; 402 - 403 - BT_DBG("%s phy handle 0x%2.2x", hdev->name, handle); 404 - 405 - hcon = hci_conn_hash_lookup_handle(hdev, handle); 406 - if (!hcon) 407 - return; 408 - 409 - BT_DBG("%s phy handle 0x%2.2x hcon %p", hdev->name, handle, hcon); 410 - 411 - amp_write_rem_assoc_frag(hdev, hcon); 412 - } 413 - 414 - static void create_phylink_complete(struct hci_dev *hdev, u8 status, 415 - u16 opcode) 416 - { 417 - struct hci_cp_create_phy_link *cp; 418 - 419 - BT_DBG("%s status 0x%2.2x", hdev->name, status); 420 - 421 - cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK); 422 - if (!cp) 423 - return; 424 - 425 - hci_dev_lock(hdev); 426 - 427 - if (status) { 428 - struct hci_conn *hcon; 429 - 430 - hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle); 431 - if (hcon) 432 - hci_conn_del(hcon); 433 - } else { 434 - amp_write_remote_assoc(hdev, cp->phy_handle); 435 - } 436 - 437 - hci_dev_unlock(hdev); 438 - } 439 - 440 - void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr, 441 - struct hci_conn *hcon) 442 - { 443 - struct hci_cp_create_phy_link cp; 444 - struct hci_request req; 445 - 446 - cp.phy_handle = hcon->handle; 447 - 448 - BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon, 449 - hcon->handle); 450 - 451 - if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len, 452 - &cp.key_type)) { 453 - BT_DBG("Cannot create link key"); 454 - return; 455 - } 456 - 457 - hci_req_init(&req, hdev); 458 - hci_req_add(&req, HCI_OP_CREATE_PHY_LINK, sizeof(cp), &cp); 459 - hci_req_run(&req, create_phylink_complete); 460 - } 461 - 462 - static void accept_phylink_complete(struct hci_dev *hdev, u8 status, 463 - u16 opcode) 464 - { 465 - struct hci_cp_accept_phy_link *cp; 466 - 467 - BT_DBG("%s status 0x%2.2x", hdev->name, status); 468 - 469 - if (status) 470 - return; 471 - 472 - cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK); 473 - if (!cp) 474 - return; 475 - 476 - amp_write_remote_assoc(hdev, cp->phy_handle); 477 - } 478 - 479 - void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr, 480 - struct hci_conn *hcon) 481 - { 482 - struct hci_cp_accept_phy_link cp; 483 - struct hci_request req; 484 - 485 - cp.phy_handle = hcon->handle; 486 - 487 - BT_DBG("%s hcon %p phy handle 0x%2.2x", hdev->name, hcon, 488 - hcon->handle); 489 - 490 - if (phylink_gen_key(mgr->l2cap_conn->hcon, cp.key, &cp.key_len, 491 - &cp.key_type)) { 492 - BT_DBG("Cannot create link key"); 493 - return; 494 - } 495 - 496 - hci_req_init(&req, hdev); 497 - hci_req_add(&req, HCI_OP_ACCEPT_PHY_LINK, sizeof(cp), &cp); 498 - hci_req_run(&req, accept_phylink_complete); 499 - } 500 - 501 - void amp_physical_cfm(struct hci_conn *bredr_hcon, struct hci_conn *hs_hcon) 502 - { 503 - struct hci_dev *bredr_hdev = hci_dev_hold(bredr_hcon->hdev); 504 - struct amp_mgr *mgr = hs_hcon->amp_mgr; 505 - struct l2cap_chan *bredr_chan; 506 - 507 - BT_DBG("bredr_hcon %p hs_hcon %p mgr %p", bredr_hcon, hs_hcon, mgr); 508 - 509 - if (!bredr_hdev || !mgr || !mgr->bredr_chan) 510 - return; 511 - 512 - bredr_chan = mgr->bredr_chan; 513 - 514 - l2cap_chan_lock(bredr_chan); 515 - 516 - set_bit(FLAG_EFS_ENABLE, &bredr_chan->flags); 517 - bredr_chan->remote_amp_id = hs_hcon->remote_id; 518 - bredr_chan->local_amp_id = hs_hcon->hdev->id; 519 - bredr_chan->hs_hcon = hs_hcon; 520 - bredr_chan->conn->mtu = hs_hcon->hdev->block_mtu; 521 - 522 - __l2cap_physical_cfm(bredr_chan, 0); 523 - 524 - l2cap_chan_unlock(bredr_chan); 525 - 526 - hci_dev_put(bredr_hdev); 527 - } 528 - 529 - void amp_create_logical_link(struct l2cap_chan *chan) 530 - { 531 - struct hci_conn *hs_hcon = chan->hs_hcon; 532 - struct hci_cp_create_accept_logical_link cp; 533 - struct hci_dev *hdev; 534 - 535 - BT_DBG("chan %p hs_hcon %p dst %pMR", chan, hs_hcon, 536 - &chan->conn->hcon->dst); 537 - 538 - if (!hs_hcon) 539 - return; 540 - 541 - hdev = hci_dev_hold(chan->hs_hcon->hdev); 542 - if (!hdev) 543 - return; 544 - 545 - cp.phy_handle = hs_hcon->handle; 546 - 547 - cp.tx_flow_spec.id = chan->local_id; 548 - cp.tx_flow_spec.stype = chan->local_stype; 549 - cp.tx_flow_spec.msdu = cpu_to_le16(chan->local_msdu); 550 - cp.tx_flow_spec.sdu_itime = cpu_to_le32(chan->local_sdu_itime); 551 - cp.tx_flow_spec.acc_lat = cpu_to_le32(chan->local_acc_lat); 552 - cp.tx_flow_spec.flush_to = cpu_to_le32(chan->local_flush_to); 553 - 554 - cp.rx_flow_spec.id = chan->remote_id; 555 - cp.rx_flow_spec.stype = chan->remote_stype; 556 - cp.rx_flow_spec.msdu = cpu_to_le16(chan->remote_msdu); 557 - cp.rx_flow_spec.sdu_itime = cpu_to_le32(chan->remote_sdu_itime); 558 - cp.rx_flow_spec.acc_lat = cpu_to_le32(chan->remote_acc_lat); 559 - cp.rx_flow_spec.flush_to = cpu_to_le32(chan->remote_flush_to); 560 - 561 - if (hs_hcon->out) 562 - hci_send_cmd(hdev, HCI_OP_CREATE_LOGICAL_LINK, sizeof(cp), 563 - &cp); 564 - else 565 - hci_send_cmd(hdev, HCI_OP_ACCEPT_LOGICAL_LINK, sizeof(cp), 566 - &cp); 567 - 568 - hci_dev_put(hdev); 569 - } 570 - 571 - void amp_disconnect_logical_link(struct hci_chan *hchan) 572 - { 573 - struct hci_conn *hcon = hchan->conn; 574 - struct hci_cp_disconn_logical_link cp; 575 - 576 - if (hcon->state != BT_CONNECTED) { 577 - BT_DBG("hchan %p not connected", hchan); 578 - return; 579 - } 580 - 581 - cp.log_handle = cpu_to_le16(hchan->handle); 582 - hci_send_cmd(hcon->hdev, HCI_OP_DISCONN_LOGICAL_LINK, sizeof(cp), &cp); 583 - } 584 - 585 - void amp_destroy_logical_link(struct hci_chan *hchan, u8 reason) 586 - { 587 - BT_DBG("hchan %p", hchan); 588 - 589 - hci_chan_del(hchan); 590 - }
-60
net/bluetooth/amp.h
··· 1 - /* SPDX-License-Identifier: GPL-2.0-only */ 2 - /* 3 - Copyright (c) 2011,2012 Intel Corp. 4 - 5 - */ 6 - 7 - #ifndef __AMP_H 8 - #define __AMP_H 9 - 10 - struct amp_ctrl { 11 - struct list_head list; 12 - struct kref kref; 13 - __u8 id; 14 - __u16 assoc_len_so_far; 15 - __u16 assoc_rem_len; 16 - __u16 assoc_len; 17 - __u8 *assoc; 18 - }; 19 - 20 - int amp_ctrl_put(struct amp_ctrl *ctrl); 21 - void amp_ctrl_get(struct amp_ctrl *ctrl); 22 - struct amp_ctrl *amp_ctrl_add(struct amp_mgr *mgr, u8 id); 23 - struct amp_ctrl *amp_ctrl_lookup(struct amp_mgr *mgr, u8 id); 24 - void amp_ctrl_list_flush(struct amp_mgr *mgr); 25 - 26 - struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr, 27 - u8 remote_id, bool out); 28 - 29 - int phylink_gen_key(struct hci_conn *hcon, u8 *data, u8 *len, u8 *type); 30 - 31 - void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle); 32 - void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr); 33 - void amp_read_loc_assoc_final_data(struct hci_dev *hdev, 34 - struct hci_conn *hcon); 35 - void amp_create_phylink(struct hci_dev *hdev, struct amp_mgr *mgr, 36 - struct hci_conn *hcon); 37 - void amp_accept_phylink(struct hci_dev *hdev, struct amp_mgr *mgr, 38 - struct hci_conn *hcon); 39 - 40 - #if IS_ENABLED(CONFIG_BT_HS) 41 - void amp_create_logical_link(struct l2cap_chan *chan); 42 - void amp_disconnect_logical_link(struct hci_chan *hchan); 43 - #else 44 - static inline void amp_create_logical_link(struct l2cap_chan *chan) 45 - { 46 - } 47 - 48 - static inline void amp_disconnect_logical_link(struct hci_chan *hchan) 49 - { 50 - } 51 - #endif 52 - 53 - void amp_write_remote_assoc(struct hci_dev *hdev, u8 handle); 54 - void amp_write_rem_assoc_continue(struct hci_dev *hdev, u8 handle); 55 - void amp_physical_cfm(struct hci_conn *bredr_hcon, struct hci_conn *hs_hcon); 56 - void amp_create_logical_link(struct l2cap_chan *chan); 57 - void amp_disconnect_logical_link(struct hci_chan *hchan); 58 - void amp_destroy_logical_link(struct hci_chan *hchan, u8 reason); 59 - 60 - #endif /* __AMP_H */
-4
net/bluetooth/hci_conn.c
··· 36 36 37 37 #include "hci_request.h" 38 38 #include "smp.h" 39 - #include "a2mp.h" 40 39 #include "eir.h" 41 40 42 41 struct sco_param { ··· 1173 1174 hdev->acl_cnt += conn->sent; 1174 1175 } 1175 1176 } 1176 - 1177 - if (conn->amp_mgr) 1178 - amp_mgr_put(conn->amp_mgr); 1179 1177 1180 1178 skb_queue_purge(&conn->data_q); 1181 1179
-2
net/bluetooth/hci_event.c
··· 36 36 #include "hci_request.h" 37 37 #include "hci_debugfs.h" 38 38 #include "hci_codec.h" 39 - #include "a2mp.h" 40 - #include "amp.h" 41 39 #include "smp.h" 42 40 #include "msft.h" 43 41 #include "eir.h"
+18 -1051
net/bluetooth/l2cap_core.c
··· 39 39 #include <net/bluetooth/l2cap.h> 40 40 41 41 #include "smp.h" 42 - #include "a2mp.h" 43 - #include "amp.h" 44 42 45 43 #define LE_FLOWCTL_MAX_CREDITS 65535 46 44 ··· 163 165 return c; 164 166 } 165 167 return NULL; 166 - } 167 - 168 - static struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, 169 - u8 ident) 170 - { 171 - struct l2cap_chan *c; 172 - 173 - mutex_lock(&conn->chan_lock); 174 - c = __l2cap_get_chan_by_ident(conn, ident); 175 - if (c) { 176 - /* Only lock if chan reference is not 0 */ 177 - c = l2cap_chan_hold_unless_zero(c); 178 - if (c) 179 - l2cap_chan_lock(c); 180 - } 181 - mutex_unlock(&conn->chan_lock); 182 - 183 - return c; 184 168 } 185 169 186 170 static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src, ··· 631 651 chan->ops->teardown(chan, err); 632 652 633 653 if (conn) { 634 - struct amp_mgr *mgr = conn->hcon->amp_mgr; 635 654 /* Delete from channel list */ 636 655 list_del(&chan->list); 637 656 ··· 645 666 if (chan->chan_type != L2CAP_CHAN_FIXED || 646 667 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags)) 647 668 hci_conn_drop(conn->hcon); 648 - 649 - if (mgr && mgr->bredr_chan == chan) 650 - mgr->bredr_chan = NULL; 651 - } 652 - 653 - if (chan->hs_hchan) { 654 - struct hci_chan *hs_hchan = chan->hs_hchan; 655 - 656 - BT_DBG("chan %p disconnect hs_hchan %p", chan, hs_hchan); 657 - amp_disconnect_logical_link(hs_hchan); 658 669 } 659 670 660 671 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state)) ··· 946 977 hci_send_acl(conn->hchan, skb, flags); 947 978 } 948 979 949 - static bool __chan_is_moving(struct l2cap_chan *chan) 950 - { 951 - return chan->move_state != L2CAP_MOVE_STABLE && 952 - chan->move_state != L2CAP_MOVE_WAIT_PREPARE; 953 - } 954 - 955 980 static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb) 956 981 { 957 982 struct hci_conn *hcon = chan->conn->hcon; ··· 953 990 954 991 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len, 955 992 skb->priority); 956 - 957 - if (chan->hs_hcon && !__chan_is_moving(chan)) { 958 - if (chan->hs_hchan) 959 - hci_send_acl(chan->hs_hchan, skb, ACL_COMPLETE); 960 - else 961 - kfree_skb(skb); 962 - 963 - return; 964 - } 965 993 966 994 /* Use NO_FLUSH for LE links (where this is the only option) or 967 995 * if the BR/EDR link supports it and flushing has not been ··· 1134 1180 if (!control->sframe) 1135 1181 return; 1136 1182 1137 - if (__chan_is_moving(chan)) 1138 - return; 1139 - 1140 1183 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) && 1141 1184 !control->poll) 1142 1185 control->final = 1; ··· 1188 1237 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); 1189 1238 } 1190 1239 1191 - static bool __amp_capable(struct l2cap_chan *chan) 1192 - { 1193 - struct l2cap_conn *conn = chan->conn; 1194 - struct hci_dev *hdev; 1195 - bool amp_available = false; 1196 - 1197 - if (!(conn->local_fixed_chan & L2CAP_FC_A2MP)) 1198 - return false; 1199 - 1200 - if (!(conn->remote_fixed_chan & L2CAP_FC_A2MP)) 1201 - return false; 1202 - 1203 - read_lock(&hci_dev_list_lock); 1204 - list_for_each_entry(hdev, &hci_dev_list, list) { 1205 - if (hdev->amp_type != AMP_TYPE_BREDR && 1206 - test_bit(HCI_UP, &hdev->flags)) { 1207 - amp_available = true; 1208 - break; 1209 - } 1210 - } 1211 - read_unlock(&hci_dev_list_lock); 1212 - 1213 - if (chan->chan_policy == BT_CHANNEL_POLICY_AMP_PREFERRED) 1214 - return amp_available; 1215 - 1216 - return false; 1217 - } 1218 - 1219 - static bool l2cap_check_efs(struct l2cap_chan *chan) 1220 - { 1221 - /* Check EFS parameters */ 1222 - return true; 1223 - } 1224 - 1225 1240 void l2cap_send_conn_req(struct l2cap_chan *chan) 1226 1241 { 1227 1242 struct l2cap_conn *conn = chan->conn; ··· 1201 1284 set_bit(CONF_CONNECT_PEND, &chan->conf_state); 1202 1285 1203 1286 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req); 1204 - } 1205 - 1206 - static void l2cap_send_create_chan_req(struct l2cap_chan *chan, u8 amp_id) 1207 - { 1208 - struct l2cap_create_chan_req req; 1209 - req.scid = cpu_to_le16(chan->scid); 1210 - req.psm = chan->psm; 1211 - req.amp_id = amp_id; 1212 - 1213 - chan->ident = l2cap_get_ident(chan->conn); 1214 - 1215 - l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_REQ, 1216 - sizeof(req), &req); 1217 - } 1218 - 1219 - static void l2cap_move_setup(struct l2cap_chan *chan) 1220 - { 1221 - struct sk_buff *skb; 1222 - 1223 - BT_DBG("chan %p", chan); 1224 - 1225 - if (chan->mode != L2CAP_MODE_ERTM) 1226 - return; 1227 - 1228 - __clear_retrans_timer(chan); 1229 - __clear_monitor_timer(chan); 1230 - __clear_ack_timer(chan); 1231 - 1232 - chan->retry_count = 0; 1233 - skb_queue_walk(&chan->tx_q, skb) { 1234 - if (bt_cb(skb)->l2cap.retries) 1235 - bt_cb(skb)->l2cap.retries = 1; 1236 - else 1237 - break; 1238 - } 1239 - 1240 - chan->expected_tx_seq = chan->buffer_seq; 1241 - 1242 - clear_bit(CONN_REJ_ACT, &chan->conn_state); 1243 - clear_bit(CONN_SREJ_ACT, &chan->conn_state); 1244 - l2cap_seq_list_clear(&chan->retrans_list); 1245 - l2cap_seq_list_clear(&chan->srej_list); 1246 - skb_queue_purge(&chan->srej_q); 1247 - 1248 - chan->tx_state = L2CAP_TX_STATE_XMIT; 1249 - chan->rx_state = L2CAP_RX_STATE_MOVE; 1250 - 1251 - set_bit(CONN_REMOTE_BUSY, &chan->conn_state); 1252 - } 1253 - 1254 - static void l2cap_move_done(struct l2cap_chan *chan) 1255 - { 1256 - u8 move_role = chan->move_role; 1257 - BT_DBG("chan %p", chan); 1258 - 1259 - chan->move_state = L2CAP_MOVE_STABLE; 1260 - chan->move_role = L2CAP_MOVE_ROLE_NONE; 1261 - 1262 - if (chan->mode != L2CAP_MODE_ERTM) 1263 - return; 1264 - 1265 - switch (move_role) { 1266 - case L2CAP_MOVE_ROLE_INITIATOR: 1267 - l2cap_tx(chan, NULL, NULL, L2CAP_EV_EXPLICIT_POLL); 1268 - chan->rx_state = L2CAP_RX_STATE_WAIT_F; 1269 - break; 1270 - case L2CAP_MOVE_ROLE_RESPONDER: 1271 - chan->rx_state = L2CAP_RX_STATE_WAIT_P; 1272 - break; 1273 - } 1274 1287 } 1275 1288 1276 1289 static void l2cap_chan_ready(struct l2cap_chan *chan) ··· 1352 1505 1353 1506 static void l2cap_start_connection(struct l2cap_chan *chan) 1354 1507 { 1355 - if (__amp_capable(chan)) { 1356 - BT_DBG("chan %p AMP capable: discover AMPs", chan); 1357 - a2mp_discover_amp(chan); 1358 - } else if (chan->conn->hcon->type == LE_LINK) { 1508 + if (chan->conn->hcon->type == LE_LINK) { 1359 1509 l2cap_le_start(chan); 1360 1510 } else { 1361 1511 l2cap_send_conn_req(chan); ··· 1453 1609 __clear_retrans_timer(chan); 1454 1610 __clear_monitor_timer(chan); 1455 1611 __clear_ack_timer(chan); 1456 - } 1457 - 1458 - if (chan->scid == L2CAP_CID_A2MP) { 1459 - l2cap_state_change(chan, BT_DISCONN); 1460 - return; 1461 1612 } 1462 1613 1463 1614 req.dcid = cpu_to_le16(chan->dcid); ··· 1592 1753 list_for_each_entry(chan, &conn->chan_l, list) { 1593 1754 1594 1755 l2cap_chan_lock(chan); 1595 - 1596 - if (chan->scid == L2CAP_CID_A2MP) { 1597 - l2cap_chan_unlock(chan); 1598 - continue; 1599 - } 1600 1756 1601 1757 if (hcon->type == LE_LINK) { 1602 1758 l2cap_le_start(chan); ··· 1901 2067 1902 2068 BT_DBG("chan %p, skbs %p", chan, skbs); 1903 2069 1904 - if (__chan_is_moving(chan)) 1905 - return; 1906 - 1907 2070 skb_queue_splice_tail_init(skbs, &chan->tx_q); 1908 2071 1909 2072 while (!skb_queue_empty(&chan->tx_q)) { ··· 1941 2110 return -ENOTCONN; 1942 2111 1943 2112 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) 1944 - return 0; 1945 - 1946 - if (__chan_is_moving(chan)) 1947 2113 return 0; 1948 2114 1949 2115 while (chan->tx_send_head && ··· 2006 2178 BT_DBG("chan %p", chan); 2007 2179 2008 2180 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) 2009 - return; 2010 - 2011 - if (__chan_is_moving(chan)) 2012 2181 return; 2013 2182 2014 2183 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) { ··· 2347 2522 pdu_len = chan->conn->mtu; 2348 2523 2349 2524 /* Constrain PDU size for BR/EDR connections */ 2350 - if (!chan->hs_hcon) 2351 - pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD); 2525 + pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD); 2352 2526 2353 2527 /* Adjust for largest possible L2CAP overhead. */ 2354 2528 if (chan->fcs) ··· 3111 3287 3112 3288 skb_queue_head_init(&chan->tx_q); 3113 3289 3114 - chan->local_amp_id = AMP_ID_BREDR; 3115 - chan->move_id = AMP_ID_BREDR; 3116 - chan->move_state = L2CAP_MOVE_STABLE; 3117 - chan->move_role = L2CAP_MOVE_ROLE_NONE; 3118 - 3119 3290 if (chan->mode != L2CAP_MODE_ERTM) 3120 3291 return 0; 3121 3292 ··· 3145 3326 3146 3327 static inline bool __l2cap_ews_supported(struct l2cap_conn *conn) 3147 3328 { 3148 - return ((conn->local_fixed_chan & L2CAP_FC_A2MP) && 3149 - (conn->feat_mask & L2CAP_FEAT_EXT_WINDOW)); 3329 + return (conn->feat_mask & L2CAP_FEAT_EXT_WINDOW); 3150 3330 } 3151 3331 3152 3332 static inline bool __l2cap_efs_supported(struct l2cap_conn *conn) 3153 3333 { 3154 - return ((conn->local_fixed_chan & L2CAP_FC_A2MP) && 3155 - (conn->feat_mask & L2CAP_FEAT_EXT_FLOW)); 3334 + return (conn->feat_mask & L2CAP_FEAT_EXT_FLOW); 3156 3335 } 3157 3336 3158 3337 static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan, 3159 3338 struct l2cap_conf_rfc *rfc) 3160 3339 { 3161 - if (chan->local_amp_id != AMP_ID_BREDR && chan->hs_hcon) { 3162 - u64 ertm_to = chan->hs_hcon->hdev->amp_be_flush_to; 3163 - 3164 - /* Class 1 devices have must have ERTM timeouts 3165 - * exceeding the Link Supervision Timeout. The 3166 - * default Link Supervision Timeout for AMP 3167 - * controllers is 10 seconds. 3168 - * 3169 - * Class 1 devices use 0xffffffff for their 3170 - * best-effort flush timeout, so the clamping logic 3171 - * will result in a timeout that meets the above 3172 - * requirement. ERTM timeouts are 16-bit values, so 3173 - * the maximum timeout is 65.535 seconds. 3174 - */ 3175 - 3176 - /* Convert timeout to milliseconds and round */ 3177 - ertm_to = DIV_ROUND_UP_ULL(ertm_to, 1000); 3178 - 3179 - /* This is the recommended formula for class 2 devices 3180 - * that start ERTM timers when packets are sent to the 3181 - * controller. 3182 - */ 3183 - ertm_to = 3 * ertm_to + 500; 3184 - 3185 - if (ertm_to > 0xffff) 3186 - ertm_to = 0xffff; 3187 - 3188 - rfc->retrans_timeout = cpu_to_le16((u16) ertm_to); 3189 - rfc->monitor_timeout = rfc->retrans_timeout; 3190 - } else { 3191 - rfc->retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO); 3192 - rfc->monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO); 3193 - } 3340 + rfc->retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO); 3341 + rfc->monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO); 3194 3342 } 3195 3343 3196 3344 static inline void l2cap_txwin_setup(struct l2cap_chan *chan) ··· 3409 3623 case L2CAP_CONF_EWS: 3410 3624 if (olen != 2) 3411 3625 break; 3412 - if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP)) 3413 - return -ECONNREFUSED; 3414 - set_bit(FLAG_EXT_CTRL, &chan->flags); 3415 - set_bit(CONF_EWS_RECV, &chan->conf_state); 3416 - chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; 3417 - chan->remote_tx_win = val; 3418 - break; 3626 + return -ECONNREFUSED; 3419 3627 3420 3628 default: 3421 3629 if (hint) ··· 3807 4027 rsp.dcid = cpu_to_le16(chan->scid); 3808 4028 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 3809 4029 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 3810 - 3811 - if (chan->hs_hcon) 3812 - rsp_code = L2CAP_CREATE_CHAN_RSP; 3813 - else 3814 - rsp_code = L2CAP_CONN_RSP; 4030 + rsp_code = L2CAP_CONN_RSP; 3815 4031 3816 4032 BT_DBG("chan %p rsp_code %u", chan, rsp_code); 3817 4033 ··· 3966 4190 chan->dst_type = bdaddr_dst_type(conn->hcon); 3967 4191 chan->psm = psm; 3968 4192 chan->dcid = scid; 3969 - chan->local_amp_id = amp_id; 3970 4193 3971 4194 __l2cap_chan_add(conn, chan); 3972 4195 ··· 4291 4516 /* check compatibility */ 4292 4517 4293 4518 /* Send rsp for BR/EDR channel */ 4294 - if (!chan->hs_hcon) 4295 - l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags); 4296 - else 4297 - chan->ident = cmd->ident; 4519 + l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags); 4298 4520 } 4299 4521 4300 4522 unlock: ··· 4343 4571 goto done; 4344 4572 } 4345 4573 4346 - if (!chan->hs_hcon) { 4347 - l2cap_send_efs_conf_rsp(chan, buf, cmd->ident, 4348 - 0); 4349 - } else { 4350 - if (l2cap_check_efs(chan)) { 4351 - amp_create_logical_link(chan); 4352 - chan->ident = cmd->ident; 4353 - } 4354 - } 4574 + l2cap_send_efs_conf_rsp(chan, buf, cmd->ident, 0); 4355 4575 } 4356 4576 goto done; 4357 4577 ··· 4514 4750 if (!disable_ertm) 4515 4751 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING 4516 4752 | L2CAP_FEAT_FCS; 4517 - if (conn->local_fixed_chan & L2CAP_FC_A2MP) 4518 - feat_mask |= L2CAP_FEAT_EXT_FLOW 4519 - | L2CAP_FEAT_EXT_WINDOW; 4520 4753 4521 4754 put_unaligned_le32(feat_mask, rsp->data); 4522 4755 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf), ··· 4598 4837 l2cap_conn_start(conn); 4599 4838 break; 4600 4839 } 4601 - 4602 - return 0; 4603 - } 4604 - 4605 - static int l2cap_create_channel_req(struct l2cap_conn *conn, 4606 - struct l2cap_cmd_hdr *cmd, 4607 - u16 cmd_len, void *data) 4608 - { 4609 - struct l2cap_create_chan_req *req = data; 4610 - struct l2cap_create_chan_rsp rsp; 4611 - struct l2cap_chan *chan; 4612 - struct hci_dev *hdev; 4613 - u16 psm, scid; 4614 - 4615 - if (cmd_len != sizeof(*req)) 4616 - return -EPROTO; 4617 - 4618 - if (!(conn->local_fixed_chan & L2CAP_FC_A2MP)) 4619 - return -EINVAL; 4620 - 4621 - psm = le16_to_cpu(req->psm); 4622 - scid = le16_to_cpu(req->scid); 4623 - 4624 - BT_DBG("psm 0x%2.2x, scid 0x%4.4x, amp_id %d", psm, scid, req->amp_id); 4625 - 4626 - /* For controller id 0 make BR/EDR connection */ 4627 - if (req->amp_id == AMP_ID_BREDR) { 4628 - l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP, 4629 - req->amp_id); 4630 - return 0; 4631 - } 4632 - 4633 - /* Validate AMP controller id */ 4634 - hdev = hci_dev_get(req->amp_id); 4635 - if (!hdev) 4636 - goto error; 4637 - 4638 - if (hdev->dev_type != HCI_AMP || !test_bit(HCI_UP, &hdev->flags)) { 4639 - hci_dev_put(hdev); 4640 - goto error; 4641 - } 4642 - 4643 - chan = l2cap_connect(conn, cmd, data, L2CAP_CREATE_CHAN_RSP, 4644 - req->amp_id); 4645 - if (chan) { 4646 - struct amp_mgr *mgr = conn->hcon->amp_mgr; 4647 - struct hci_conn *hs_hcon; 4648 - 4649 - hs_hcon = hci_conn_hash_lookup_ba(hdev, AMP_LINK, 4650 - &conn->hcon->dst); 4651 - if (!hs_hcon) { 4652 - hci_dev_put(hdev); 4653 - cmd_reject_invalid_cid(conn, cmd->ident, chan->scid, 4654 - chan->dcid); 4655 - return 0; 4656 - } 4657 - 4658 - BT_DBG("mgr %p bredr_chan %p hs_hcon %p", mgr, chan, hs_hcon); 4659 - 4660 - mgr->bredr_chan = chan; 4661 - chan->hs_hcon = hs_hcon; 4662 - chan->fcs = L2CAP_FCS_NONE; 4663 - conn->mtu = hdev->block_mtu; 4664 - } 4665 - 4666 - hci_dev_put(hdev); 4667 - 4668 - return 0; 4669 - 4670 - error: 4671 - rsp.dcid = 0; 4672 - rsp.scid = cpu_to_le16(scid); 4673 - rsp.result = cpu_to_le16(L2CAP_CR_BAD_AMP); 4674 - rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 4675 - 4676 - l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP, 4677 - sizeof(rsp), &rsp); 4678 - 4679 - return 0; 4680 - } 4681 - 4682 - static void l2cap_send_move_chan_req(struct l2cap_chan *chan, u8 dest_amp_id) 4683 - { 4684 - struct l2cap_move_chan_req req; 4685 - u8 ident; 4686 - 4687 - BT_DBG("chan %p, dest_amp_id %d", chan, dest_amp_id); 4688 - 4689 - ident = l2cap_get_ident(chan->conn); 4690 - chan->ident = ident; 4691 - 4692 - req.icid = cpu_to_le16(chan->scid); 4693 - req.dest_amp_id = dest_amp_id; 4694 - 4695 - l2cap_send_cmd(chan->conn, ident, L2CAP_MOVE_CHAN_REQ, sizeof(req), 4696 - &req); 4697 - 4698 - __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT); 4699 - } 4700 - 4701 - static void l2cap_send_move_chan_rsp(struct l2cap_chan *chan, u16 result) 4702 - { 4703 - struct l2cap_move_chan_rsp rsp; 4704 - 4705 - BT_DBG("chan %p, result 0x%4.4x", chan, result); 4706 - 4707 - rsp.icid = cpu_to_le16(chan->dcid); 4708 - rsp.result = cpu_to_le16(result); 4709 - 4710 - l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_RSP, 4711 - sizeof(rsp), &rsp); 4712 - } 4713 - 4714 - static void l2cap_send_move_chan_cfm(struct l2cap_chan *chan, u16 result) 4715 - { 4716 - struct l2cap_move_chan_cfm cfm; 4717 - 4718 - BT_DBG("chan %p, result 0x%4.4x", chan, result); 4719 - 4720 - chan->ident = l2cap_get_ident(chan->conn); 4721 - 4722 - cfm.icid = cpu_to_le16(chan->scid); 4723 - cfm.result = cpu_to_le16(result); 4724 - 4725 - l2cap_send_cmd(chan->conn, chan->ident, L2CAP_MOVE_CHAN_CFM, 4726 - sizeof(cfm), &cfm); 4727 - 4728 - __set_chan_timer(chan, L2CAP_MOVE_TIMEOUT); 4729 - } 4730 - 4731 - static void l2cap_send_move_chan_cfm_icid(struct l2cap_conn *conn, u16 icid) 4732 - { 4733 - struct l2cap_move_chan_cfm cfm; 4734 - 4735 - BT_DBG("conn %p, icid 0x%4.4x", conn, icid); 4736 - 4737 - cfm.icid = cpu_to_le16(icid); 4738 - cfm.result = cpu_to_le16(L2CAP_MC_UNCONFIRMED); 4739 - 4740 - l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_MOVE_CHAN_CFM, 4741 - sizeof(cfm), &cfm); 4742 - } 4743 - 4744 - static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident, 4745 - u16 icid) 4746 - { 4747 - struct l2cap_move_chan_cfm_rsp rsp; 4748 - 4749 - BT_DBG("icid 0x%4.4x", icid); 4750 - 4751 - rsp.icid = cpu_to_le16(icid); 4752 - l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp); 4753 - } 4754 - 4755 - static void __release_logical_link(struct l2cap_chan *chan) 4756 - { 4757 - chan->hs_hchan = NULL; 4758 - chan->hs_hcon = NULL; 4759 - 4760 - /* Placeholder - release the logical link */ 4761 - } 4762 - 4763 - static void l2cap_logical_fail(struct l2cap_chan *chan) 4764 - { 4765 - /* Logical link setup failed */ 4766 - if (chan->state != BT_CONNECTED) { 4767 - /* Create channel failure, disconnect */ 4768 - l2cap_send_disconn_req(chan, ECONNRESET); 4769 - return; 4770 - } 4771 - 4772 - switch (chan->move_role) { 4773 - case L2CAP_MOVE_ROLE_RESPONDER: 4774 - l2cap_move_done(chan); 4775 - l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_SUPP); 4776 - break; 4777 - case L2CAP_MOVE_ROLE_INITIATOR: 4778 - if (chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_COMP || 4779 - chan->move_state == L2CAP_MOVE_WAIT_LOGICAL_CFM) { 4780 - /* Remote has only sent pending or 4781 - * success responses, clean up 4782 - */ 4783 - l2cap_move_done(chan); 4784 - } 4785 - 4786 - /* Other amp move states imply that the move 4787 - * has already aborted 4788 - */ 4789 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); 4790 - break; 4791 - } 4792 - } 4793 - 4794 - static void l2cap_logical_finish_create(struct l2cap_chan *chan, 4795 - struct hci_chan *hchan) 4796 - { 4797 - struct l2cap_conf_rsp rsp; 4798 - 4799 - chan->hs_hchan = hchan; 4800 - chan->hs_hcon->l2cap_data = chan->conn; 4801 - 4802 - l2cap_send_efs_conf_rsp(chan, &rsp, chan->ident, 0); 4803 - 4804 - if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) { 4805 - int err; 4806 - 4807 - set_default_fcs(chan); 4808 - 4809 - err = l2cap_ertm_init(chan); 4810 - if (err < 0) 4811 - l2cap_send_disconn_req(chan, -err); 4812 - else 4813 - l2cap_chan_ready(chan); 4814 - } 4815 - } 4816 - 4817 - static void l2cap_logical_finish_move(struct l2cap_chan *chan, 4818 - struct hci_chan *hchan) 4819 - { 4820 - chan->hs_hcon = hchan->conn; 4821 - chan->hs_hcon->l2cap_data = chan->conn; 4822 - 4823 - BT_DBG("move_state %d", chan->move_state); 4824 - 4825 - switch (chan->move_state) { 4826 - case L2CAP_MOVE_WAIT_LOGICAL_COMP: 4827 - /* Move confirm will be sent after a success 4828 - * response is received 4829 - */ 4830 - chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS; 4831 - break; 4832 - case L2CAP_MOVE_WAIT_LOGICAL_CFM: 4833 - if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { 4834 - chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; 4835 - } else if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) { 4836 - chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP; 4837 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED); 4838 - } else if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) { 4839 - chan->move_state = L2CAP_MOVE_WAIT_CONFIRM; 4840 - l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS); 4841 - } 4842 - break; 4843 - default: 4844 - /* Move was not in expected state, free the channel */ 4845 - __release_logical_link(chan); 4846 - 4847 - chan->move_state = L2CAP_MOVE_STABLE; 4848 - } 4849 - } 4850 - 4851 - /* Call with chan locked */ 4852 - void l2cap_logical_cfm(struct l2cap_chan *chan, struct hci_chan *hchan, 4853 - u8 status) 4854 - { 4855 - BT_DBG("chan %p, hchan %p, status %d", chan, hchan, status); 4856 - 4857 - if (status) { 4858 - l2cap_logical_fail(chan); 4859 - __release_logical_link(chan); 4860 - return; 4861 - } 4862 - 4863 - if (chan->state != BT_CONNECTED) { 4864 - /* Ignore logical link if channel is on BR/EDR */ 4865 - if (chan->local_amp_id != AMP_ID_BREDR) 4866 - l2cap_logical_finish_create(chan, hchan); 4867 - } else { 4868 - l2cap_logical_finish_move(chan, hchan); 4869 - } 4870 - } 4871 - 4872 - void l2cap_move_start(struct l2cap_chan *chan) 4873 - { 4874 - BT_DBG("chan %p", chan); 4875 - 4876 - if (chan->local_amp_id == AMP_ID_BREDR) { 4877 - if (chan->chan_policy != BT_CHANNEL_POLICY_AMP_PREFERRED) 4878 - return; 4879 - chan->move_role = L2CAP_MOVE_ROLE_INITIATOR; 4880 - chan->move_state = L2CAP_MOVE_WAIT_PREPARE; 4881 - /* Placeholder - start physical link setup */ 4882 - } else { 4883 - chan->move_role = L2CAP_MOVE_ROLE_INITIATOR; 4884 - chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS; 4885 - chan->move_id = 0; 4886 - l2cap_move_setup(chan); 4887 - l2cap_send_move_chan_req(chan, 0); 4888 - } 4889 - } 4890 - 4891 - static void l2cap_do_create(struct l2cap_chan *chan, int result, 4892 - u8 local_amp_id, u8 remote_amp_id) 4893 - { 4894 - BT_DBG("chan %p state %s %u -> %u", chan, state_to_string(chan->state), 4895 - local_amp_id, remote_amp_id); 4896 - 4897 - chan->fcs = L2CAP_FCS_NONE; 4898 - 4899 - /* Outgoing channel on AMP */ 4900 - if (chan->state == BT_CONNECT) { 4901 - if (result == L2CAP_CR_SUCCESS) { 4902 - chan->local_amp_id = local_amp_id; 4903 - l2cap_send_create_chan_req(chan, remote_amp_id); 4904 - } else { 4905 - /* Revert to BR/EDR connect */ 4906 - l2cap_send_conn_req(chan); 4907 - } 4908 - 4909 - return; 4910 - } 4911 - 4912 - /* Incoming channel on AMP */ 4913 - if (__l2cap_no_conn_pending(chan)) { 4914 - struct l2cap_conn_rsp rsp; 4915 - char buf[128]; 4916 - rsp.scid = cpu_to_le16(chan->dcid); 4917 - rsp.dcid = cpu_to_le16(chan->scid); 4918 - 4919 - if (result == L2CAP_CR_SUCCESS) { 4920 - /* Send successful response */ 4921 - rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS); 4922 - rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 4923 - } else { 4924 - /* Send negative response */ 4925 - rsp.result = cpu_to_le16(L2CAP_CR_NO_MEM); 4926 - rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 4927 - } 4928 - 4929 - l2cap_send_cmd(chan->conn, chan->ident, L2CAP_CREATE_CHAN_RSP, 4930 - sizeof(rsp), &rsp); 4931 - 4932 - if (result == L2CAP_CR_SUCCESS) { 4933 - l2cap_state_change(chan, BT_CONFIG); 4934 - set_bit(CONF_REQ_SENT, &chan->conf_state); 4935 - l2cap_send_cmd(chan->conn, l2cap_get_ident(chan->conn), 4936 - L2CAP_CONF_REQ, 4937 - l2cap_build_conf_req(chan, buf, sizeof(buf)), buf); 4938 - chan->num_conf_req++; 4939 - } 4940 - } 4941 - } 4942 - 4943 - static void l2cap_do_move_initiate(struct l2cap_chan *chan, u8 local_amp_id, 4944 - u8 remote_amp_id) 4945 - { 4946 - l2cap_move_setup(chan); 4947 - chan->move_id = local_amp_id; 4948 - chan->move_state = L2CAP_MOVE_WAIT_RSP; 4949 - 4950 - l2cap_send_move_chan_req(chan, remote_amp_id); 4951 - } 4952 - 4953 - static void l2cap_do_move_respond(struct l2cap_chan *chan, int result) 4954 - { 4955 - struct hci_chan *hchan = NULL; 4956 - 4957 - /* Placeholder - get hci_chan for logical link */ 4958 - 4959 - if (hchan) { 4960 - if (hchan->state == BT_CONNECTED) { 4961 - /* Logical link is ready to go */ 4962 - chan->hs_hcon = hchan->conn; 4963 - chan->hs_hcon->l2cap_data = chan->conn; 4964 - chan->move_state = L2CAP_MOVE_WAIT_CONFIRM; 4965 - l2cap_send_move_chan_rsp(chan, L2CAP_MR_SUCCESS); 4966 - 4967 - l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS); 4968 - } else { 4969 - /* Wait for logical link to be ready */ 4970 - chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM; 4971 - } 4972 - } else { 4973 - /* Logical link not available */ 4974 - l2cap_send_move_chan_rsp(chan, L2CAP_MR_NOT_ALLOWED); 4975 - } 4976 - } 4977 - 4978 - static void l2cap_do_move_cancel(struct l2cap_chan *chan, int result) 4979 - { 4980 - if (chan->move_role == L2CAP_MOVE_ROLE_RESPONDER) { 4981 - u8 rsp_result; 4982 - if (result == -EINVAL) 4983 - rsp_result = L2CAP_MR_BAD_ID; 4984 - else 4985 - rsp_result = L2CAP_MR_NOT_ALLOWED; 4986 - 4987 - l2cap_send_move_chan_rsp(chan, rsp_result); 4988 - } 4989 - 4990 - chan->move_role = L2CAP_MOVE_ROLE_NONE; 4991 - chan->move_state = L2CAP_MOVE_STABLE; 4992 - 4993 - /* Restart data transmission */ 4994 - l2cap_ertm_send(chan); 4995 - } 4996 - 4997 - /* Invoke with locked chan */ 4998 - void __l2cap_physical_cfm(struct l2cap_chan *chan, int result) 4999 - { 5000 - u8 local_amp_id = chan->local_amp_id; 5001 - u8 remote_amp_id = chan->remote_amp_id; 5002 - 5003 - BT_DBG("chan %p, result %d, local_amp_id %d, remote_amp_id %d", 5004 - chan, result, local_amp_id, remote_amp_id); 5005 - 5006 - if (chan->state == BT_DISCONN || chan->state == BT_CLOSED) 5007 - return; 5008 - 5009 - if (chan->state != BT_CONNECTED) { 5010 - l2cap_do_create(chan, result, local_amp_id, remote_amp_id); 5011 - } else if (result != L2CAP_MR_SUCCESS) { 5012 - l2cap_do_move_cancel(chan, result); 5013 - } else { 5014 - switch (chan->move_role) { 5015 - case L2CAP_MOVE_ROLE_INITIATOR: 5016 - l2cap_do_move_initiate(chan, local_amp_id, 5017 - remote_amp_id); 5018 - break; 5019 - case L2CAP_MOVE_ROLE_RESPONDER: 5020 - l2cap_do_move_respond(chan, result); 5021 - break; 5022 - default: 5023 - l2cap_do_move_cancel(chan, result); 5024 - break; 5025 - } 5026 - } 5027 - } 5028 - 5029 - static inline int l2cap_move_channel_req(struct l2cap_conn *conn, 5030 - struct l2cap_cmd_hdr *cmd, 5031 - u16 cmd_len, void *data) 5032 - { 5033 - struct l2cap_move_chan_req *req = data; 5034 - struct l2cap_move_chan_rsp rsp; 5035 - struct l2cap_chan *chan; 5036 - u16 icid = 0; 5037 - u16 result = L2CAP_MR_NOT_ALLOWED; 5038 - 5039 - if (cmd_len != sizeof(*req)) 5040 - return -EPROTO; 5041 - 5042 - icid = le16_to_cpu(req->icid); 5043 - 5044 - BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id); 5045 - 5046 - if (!(conn->local_fixed_chan & L2CAP_FC_A2MP)) 5047 - return -EINVAL; 5048 - 5049 - chan = l2cap_get_chan_by_dcid(conn, icid); 5050 - if (!chan) { 5051 - rsp.icid = cpu_to_le16(icid); 5052 - rsp.result = cpu_to_le16(L2CAP_MR_NOT_ALLOWED); 5053 - l2cap_send_cmd(conn, cmd->ident, L2CAP_MOVE_CHAN_RSP, 5054 - sizeof(rsp), &rsp); 5055 - return 0; 5056 - } 5057 - 5058 - chan->ident = cmd->ident; 5059 - 5060 - if (chan->scid < L2CAP_CID_DYN_START || 5061 - chan->chan_policy == BT_CHANNEL_POLICY_BREDR_ONLY || 5062 - (chan->mode != L2CAP_MODE_ERTM && 5063 - chan->mode != L2CAP_MODE_STREAMING)) { 5064 - result = L2CAP_MR_NOT_ALLOWED; 5065 - goto send_move_response; 5066 - } 5067 - 5068 - if (chan->local_amp_id == req->dest_amp_id) { 5069 - result = L2CAP_MR_SAME_ID; 5070 - goto send_move_response; 5071 - } 5072 - 5073 - if (req->dest_amp_id != AMP_ID_BREDR) { 5074 - struct hci_dev *hdev; 5075 - hdev = hci_dev_get(req->dest_amp_id); 5076 - if (!hdev || hdev->dev_type != HCI_AMP || 5077 - !test_bit(HCI_UP, &hdev->flags)) { 5078 - if (hdev) 5079 - hci_dev_put(hdev); 5080 - 5081 - result = L2CAP_MR_BAD_ID; 5082 - goto send_move_response; 5083 - } 5084 - hci_dev_put(hdev); 5085 - } 5086 - 5087 - /* Detect a move collision. Only send a collision response 5088 - * if this side has "lost", otherwise proceed with the move. 5089 - * The winner has the larger bd_addr. 5090 - */ 5091 - if ((__chan_is_moving(chan) || 5092 - chan->move_role != L2CAP_MOVE_ROLE_NONE) && 5093 - bacmp(&conn->hcon->src, &conn->hcon->dst) > 0) { 5094 - result = L2CAP_MR_COLLISION; 5095 - goto send_move_response; 5096 - } 5097 - 5098 - chan->move_role = L2CAP_MOVE_ROLE_RESPONDER; 5099 - l2cap_move_setup(chan); 5100 - chan->move_id = req->dest_amp_id; 5101 - 5102 - if (req->dest_amp_id == AMP_ID_BREDR) { 5103 - /* Moving to BR/EDR */ 5104 - if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { 5105 - chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; 5106 - result = L2CAP_MR_PEND; 5107 - } else { 5108 - chan->move_state = L2CAP_MOVE_WAIT_CONFIRM; 5109 - result = L2CAP_MR_SUCCESS; 5110 - } 5111 - } else { 5112 - chan->move_state = L2CAP_MOVE_WAIT_PREPARE; 5113 - /* Placeholder - uncomment when amp functions are available */ 5114 - /*amp_accept_physical(chan, req->dest_amp_id);*/ 5115 - result = L2CAP_MR_PEND; 5116 - } 5117 - 5118 - send_move_response: 5119 - l2cap_send_move_chan_rsp(chan, result); 5120 - 5121 - l2cap_chan_unlock(chan); 5122 - l2cap_chan_put(chan); 5123 - 5124 - return 0; 5125 - } 5126 - 5127 - static void l2cap_move_continue(struct l2cap_conn *conn, u16 icid, u16 result) 5128 - { 5129 - struct l2cap_chan *chan; 5130 - struct hci_chan *hchan = NULL; 5131 - 5132 - chan = l2cap_get_chan_by_scid(conn, icid); 5133 - if (!chan) { 5134 - l2cap_send_move_chan_cfm_icid(conn, icid); 5135 - return; 5136 - } 5137 - 5138 - __clear_chan_timer(chan); 5139 - if (result == L2CAP_MR_PEND) 5140 - __set_chan_timer(chan, L2CAP_MOVE_ERTX_TIMEOUT); 5141 - 5142 - switch (chan->move_state) { 5143 - case L2CAP_MOVE_WAIT_LOGICAL_COMP: 5144 - /* Move confirm will be sent when logical link 5145 - * is complete. 5146 - */ 5147 - chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM; 5148 - break; 5149 - case L2CAP_MOVE_WAIT_RSP_SUCCESS: 5150 - if (result == L2CAP_MR_PEND) { 5151 - break; 5152 - } else if (test_bit(CONN_LOCAL_BUSY, 5153 - &chan->conn_state)) { 5154 - chan->move_state = L2CAP_MOVE_WAIT_LOCAL_BUSY; 5155 - } else { 5156 - /* Logical link is up or moving to BR/EDR, 5157 - * proceed with move 5158 - */ 5159 - chan->move_state = L2CAP_MOVE_WAIT_CONFIRM_RSP; 5160 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED); 5161 - } 5162 - break; 5163 - case L2CAP_MOVE_WAIT_RSP: 5164 - /* Moving to AMP */ 5165 - if (result == L2CAP_MR_SUCCESS) { 5166 - /* Remote is ready, send confirm immediately 5167 - * after logical link is ready 5168 - */ 5169 - chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_CFM; 5170 - } else { 5171 - /* Both logical link and move success 5172 - * are required to confirm 5173 - */ 5174 - chan->move_state = L2CAP_MOVE_WAIT_LOGICAL_COMP; 5175 - } 5176 - 5177 - /* Placeholder - get hci_chan for logical link */ 5178 - if (!hchan) { 5179 - /* Logical link not available */ 5180 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); 5181 - break; 5182 - } 5183 - 5184 - /* If the logical link is not yet connected, do not 5185 - * send confirmation. 5186 - */ 5187 - if (hchan->state != BT_CONNECTED) 5188 - break; 5189 - 5190 - /* Logical link is already ready to go */ 5191 - 5192 - chan->hs_hcon = hchan->conn; 5193 - chan->hs_hcon->l2cap_data = chan->conn; 5194 - 5195 - if (result == L2CAP_MR_SUCCESS) { 5196 - /* Can confirm now */ 5197 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_CONFIRMED); 5198 - } else { 5199 - /* Now only need move success 5200 - * to confirm 5201 - */ 5202 - chan->move_state = L2CAP_MOVE_WAIT_RSP_SUCCESS; 5203 - } 5204 - 5205 - l2cap_logical_cfm(chan, hchan, L2CAP_MR_SUCCESS); 5206 - break; 5207 - default: 5208 - /* Any other amp move state means the move failed. */ 5209 - chan->move_id = chan->local_amp_id; 5210 - l2cap_move_done(chan); 5211 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); 5212 - } 5213 - 5214 - l2cap_chan_unlock(chan); 5215 - l2cap_chan_put(chan); 5216 - } 5217 - 5218 - static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, 5219 - u16 result) 5220 - { 5221 - struct l2cap_chan *chan; 5222 - 5223 - chan = l2cap_get_chan_by_ident(conn, ident); 5224 - if (!chan) { 5225 - /* Could not locate channel, icid is best guess */ 5226 - l2cap_send_move_chan_cfm_icid(conn, icid); 5227 - return; 5228 - } 5229 - 5230 - __clear_chan_timer(chan); 5231 - 5232 - if (chan->move_role == L2CAP_MOVE_ROLE_INITIATOR) { 5233 - if (result == L2CAP_MR_COLLISION) { 5234 - chan->move_role = L2CAP_MOVE_ROLE_RESPONDER; 5235 - } else { 5236 - /* Cleanup - cancel move */ 5237 - chan->move_id = chan->local_amp_id; 5238 - l2cap_move_done(chan); 5239 - } 5240 - } 5241 - 5242 - l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); 5243 - 5244 - l2cap_chan_unlock(chan); 5245 - l2cap_chan_put(chan); 5246 - } 5247 - 5248 - static int l2cap_move_channel_rsp(struct l2cap_conn *conn, 5249 - struct l2cap_cmd_hdr *cmd, 5250 - u16 cmd_len, void *data) 5251 - { 5252 - struct l2cap_move_chan_rsp *rsp = data; 5253 - u16 icid, result; 5254 - 5255 - if (cmd_len != sizeof(*rsp)) 5256 - return -EPROTO; 5257 - 5258 - icid = le16_to_cpu(rsp->icid); 5259 - result = le16_to_cpu(rsp->result); 5260 - 5261 - BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result); 5262 - 5263 - if (result == L2CAP_MR_SUCCESS || result == L2CAP_MR_PEND) 5264 - l2cap_move_continue(conn, icid, result); 5265 - else 5266 - l2cap_move_fail(conn, cmd->ident, icid, result); 5267 - 5268 - return 0; 5269 - } 5270 - 5271 - static int l2cap_move_channel_confirm(struct l2cap_conn *conn, 5272 - struct l2cap_cmd_hdr *cmd, 5273 - u16 cmd_len, void *data) 5274 - { 5275 - struct l2cap_move_chan_cfm *cfm = data; 5276 - struct l2cap_chan *chan; 5277 - u16 icid, result; 5278 - 5279 - if (cmd_len != sizeof(*cfm)) 5280 - return -EPROTO; 5281 - 5282 - icid = le16_to_cpu(cfm->icid); 5283 - result = le16_to_cpu(cfm->result); 5284 - 5285 - BT_DBG("icid 0x%4.4x, result 0x%4.4x", icid, result); 5286 - 5287 - chan = l2cap_get_chan_by_dcid(conn, icid); 5288 - if (!chan) { 5289 - /* Spec requires a response even if the icid was not found */ 5290 - l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); 5291 - return 0; 5292 - } 5293 - 5294 - if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM) { 5295 - if (result == L2CAP_MC_CONFIRMED) { 5296 - chan->local_amp_id = chan->move_id; 5297 - if (chan->local_amp_id == AMP_ID_BREDR) 5298 - __release_logical_link(chan); 5299 - } else { 5300 - chan->move_id = chan->local_amp_id; 5301 - } 5302 - 5303 - l2cap_move_done(chan); 5304 - } 5305 - 5306 - l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); 5307 - 5308 - l2cap_chan_unlock(chan); 5309 - l2cap_chan_put(chan); 5310 - 5311 - return 0; 5312 - } 5313 - 5314 - static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn, 5315 - struct l2cap_cmd_hdr *cmd, 5316 - u16 cmd_len, void *data) 5317 - { 5318 - struct l2cap_move_chan_cfm_rsp *rsp = data; 5319 - struct l2cap_chan *chan; 5320 - u16 icid; 5321 - 5322 - if (cmd_len != sizeof(*rsp)) 5323 - return -EPROTO; 5324 - 5325 - icid = le16_to_cpu(rsp->icid); 5326 - 5327 - BT_DBG("icid 0x%4.4x", icid); 5328 - 5329 - chan = l2cap_get_chan_by_scid(conn, icid); 5330 - if (!chan) 5331 - return 0; 5332 - 5333 - __clear_chan_timer(chan); 5334 - 5335 - if (chan->move_state == L2CAP_MOVE_WAIT_CONFIRM_RSP) { 5336 - chan->local_amp_id = chan->move_id; 5337 - 5338 - if (chan->local_amp_id == AMP_ID_BREDR && chan->hs_hchan) 5339 - __release_logical_link(chan); 5340 - 5341 - l2cap_move_done(chan); 5342 - } 5343 - 5344 - l2cap_chan_unlock(chan); 5345 - l2cap_chan_put(chan); 5346 4840 5347 4841 return 0; 5348 4842 } ··· 4761 5745 break; 4762 5746 4763 5747 case L2CAP_CONN_RSP: 4764 - case L2CAP_CREATE_CHAN_RSP: 4765 5748 l2cap_connect_create_rsp(conn, cmd, cmd_len, data); 4766 5749 break; 4767 5750 ··· 4793 5778 4794 5779 case L2CAP_INFO_RSP: 4795 5780 l2cap_information_rsp(conn, cmd, cmd_len, data); 4796 - break; 4797 - 4798 - case L2CAP_CREATE_CHAN_REQ: 4799 - err = l2cap_create_channel_req(conn, cmd, cmd_len, data); 4800 - break; 4801 - 4802 - case L2CAP_MOVE_CHAN_REQ: 4803 - err = l2cap_move_channel_req(conn, cmd, cmd_len, data); 4804 - break; 4805 - 4806 - case L2CAP_MOVE_CHAN_RSP: 4807 - l2cap_move_channel_rsp(conn, cmd, cmd_len, data); 4808 - break; 4809 - 4810 - case L2CAP_MOVE_CHAN_CFM: 4811 - err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data); 4812 - break; 4813 - 4814 - case L2CAP_MOVE_CHAN_CFM_RSP: 4815 - l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data); 4816 5781 break; 4817 5782 4818 5783 default: ··· 6046 7051 if (control->final) { 6047 7052 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); 6048 7053 6049 - if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state) && 6050 - !__chan_is_moving(chan)) { 7054 + if (!test_and_clear_bit(CONN_REJ_ACT, 7055 + &chan->conn_state)) { 6051 7056 control->final = 0; 6052 7057 l2cap_retransmit_all(chan, control); 6053 7058 } ··· 6240 7245 BT_DBG("chan %p", chan); 6241 7246 6242 7247 chan->rx_state = L2CAP_RX_STATE_RECV; 6243 - 6244 - if (chan->hs_hcon) 6245 - chan->conn->mtu = chan->hs_hcon->hdev->block_mtu; 6246 - else 6247 - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; 7248 + chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; 6248 7249 6249 7250 return l2cap_resegment(chan); 6250 7251 } ··· 6307 7316 */ 6308 7317 chan->next_tx_seq = control->reqseq; 6309 7318 chan->unacked_frames = 0; 6310 - 6311 - if (chan->hs_hcon) 6312 - chan->conn->mtu = chan->hs_hcon->hdev->block_mtu; 6313 - else 6314 - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; 7319 + chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; 6315 7320 6316 7321 err = l2cap_resegment(chan); 6317 7322 ··· 6659 7672 6660 7673 chan = l2cap_get_chan_by_scid(conn, cid); 6661 7674 if (!chan) { 6662 - if (cid == L2CAP_CID_A2MP) { 6663 - chan = a2mp_channel_create(conn, skb); 6664 - if (!chan) { 6665 - kfree_skb(skb); 6666 - return; 6667 - } 6668 - 6669 - l2cap_chan_hold(chan); 6670 - l2cap_chan_lock(chan); 6671 - } else { 6672 - BT_DBG("unknown cid 0x%4.4x", cid); 6673 - /* Drop packet and return */ 6674 - kfree_skb(skb); 6675 - return; 6676 - } 7675 + BT_DBG("unknown cid 0x%4.4x", cid); 7676 + /* Drop packet and return */ 7677 + kfree_skb(skb); 7678 + return; 6677 7679 } 6678 7680 6679 7681 BT_DBG("chan %p, len %d", chan, skb->len); ··· 6862 7886 conn->feat_mask = 0; 6863 7887 6864 7888 conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; 6865 - 6866 - if (hcon->type == ACL_LINK && 6867 - hci_dev_test_flag(hcon->hdev, HCI_HS_ENABLED)) 6868 - conn->local_fixed_chan |= L2CAP_FC_A2MP; 6869 7889 6870 7890 if (hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED) && 6871 7891 (bredr_sc_enabled(hcon->hdev) || ··· 7326 8354 7327 8355 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid, 7328 8356 state_to_string(chan->state)); 7329 - 7330 - if (chan->scid == L2CAP_CID_A2MP) { 7331 - l2cap_chan_unlock(chan); 7332 - continue; 7333 - } 7334 8357 7335 8358 if (!status && encrypt) 7336 8359 chan->sec_level = hcon->sec_level;
+1 -17
net/bluetooth/l2cap_sock.c
··· 1027 1027 break; 1028 1028 } 1029 1029 1030 - if (opt > BT_CHANNEL_POLICY_AMP_PREFERRED) { 1031 - err = -EINVAL; 1032 - break; 1033 - } 1034 - 1035 - if (chan->mode != L2CAP_MODE_ERTM && 1036 - chan->mode != L2CAP_MODE_STREAMING) { 1037 - err = -EOPNOTSUPP; 1038 - break; 1039 - } 1040 - 1041 - chan->chan_policy = (u8) opt; 1042 - 1043 - if (sk->sk_state == BT_CONNECTED && 1044 - chan->move_role == L2CAP_MOVE_ROLE_NONE) 1045 - l2cap_move_start(chan); 1046 - 1030 + err = -EOPNOTSUPP; 1047 1031 break; 1048 1032 1049 1033 case BT_SNDMTU:
+1 -72
net/bluetooth/mgmt.c
··· 835 835 836 836 if (lmp_ssp_capable(hdev)) { 837 837 settings |= MGMT_SETTING_SSP; 838 - if (IS_ENABLED(CONFIG_BT_HS)) 839 - settings |= MGMT_SETTING_HS; 840 838 } 841 839 842 840 if (lmp_sc_capable(hdev)) ··· 898 900 899 901 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 900 902 settings |= MGMT_SETTING_SSP; 901 - 902 - if (hci_dev_test_flag(hdev, HCI_HS_ENABLED)) 903 - settings |= MGMT_SETTING_HS; 904 903 905 904 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 906 905 settings |= MGMT_SETTING_ADVERTISING; ··· 1933 1938 1934 1939 if (enable && hci_dev_test_and_clear_flag(hdev, 1935 1940 HCI_SSP_ENABLED)) { 1936 - hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1937 1941 new_settings(hdev, NULL); 1938 1942 } 1939 1943 ··· 1945 1951 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED); 1946 1952 } else { 1947 1953 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED); 1948 - 1949 - if (!changed) 1950 - changed = hci_dev_test_and_clear_flag(hdev, 1951 - HCI_HS_ENABLED); 1952 - else 1953 - hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 1954 1954 } 1955 1955 1956 1956 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match); ··· 2008 2020 } else { 2009 2021 changed = hci_dev_test_and_clear_flag(hdev, 2010 2022 HCI_SSP_ENABLED); 2011 - if (!changed) 2012 - changed = hci_dev_test_and_clear_flag(hdev, 2013 - HCI_HS_ENABLED); 2014 - else 2015 - hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 2016 2023 } 2017 2024 2018 2025 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev); ··· 2053 2070 2054 2071 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) 2055 2072 { 2056 - struct mgmt_mode *cp = data; 2057 - bool changed; 2058 - u8 status; 2059 - int err; 2060 - 2061 2073 bt_dev_dbg(hdev, "sock %p", sk); 2062 2074 2063 - if (!IS_ENABLED(CONFIG_BT_HS)) 2064 - return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2075 + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2065 2076 MGMT_STATUS_NOT_SUPPORTED); 2066 - 2067 - status = mgmt_bredr_support(hdev); 2068 - if (status) 2069 - return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status); 2070 - 2071 - if (!lmp_ssp_capable(hdev)) 2072 - return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2073 - MGMT_STATUS_NOT_SUPPORTED); 2074 - 2075 - if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) 2076 - return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2077 - MGMT_STATUS_REJECTED); 2078 - 2079 - if (cp->val != 0x00 && cp->val != 0x01) 2080 - return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2081 - MGMT_STATUS_INVALID_PARAMS); 2082 - 2083 - hci_dev_lock(hdev); 2084 - 2085 - if (pending_find(MGMT_OP_SET_SSP, hdev)) { 2086 - err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2087 - MGMT_STATUS_BUSY); 2088 - goto unlock; 2089 - } 2090 - 2091 - if (cp->val) { 2092 - changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED); 2093 - } else { 2094 - if (hdev_is_powered(hdev)) { 2095 - err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, 2096 - MGMT_STATUS_REJECTED); 2097 - goto unlock; 2098 - } 2099 - 2100 - changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED); 2101 - } 2102 - 2103 - err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev); 2104 - if (err < 0) 2105 - goto unlock; 2106 - 2107 - if (changed) 2108 - err = new_settings(hdev, sk); 2109 - 2110 - unlock: 2111 - hci_dev_unlock(hdev); 2112 - return err; 2113 2077 } 2114 2078 2115 2079 static void set_le_complete(struct hci_dev *hdev, void *data, int err) ··· 6704 6774 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED); 6705 6775 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY); 6706 6776 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE); 6707 - hci_dev_clear_flag(hdev, HCI_HS_ENABLED); 6708 6777 } 6709 6778 6710 6779 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);