Commit Graph

1503 Commits

Author SHA1 Message Date
Octavian Purdila
66f0129696 Bluetooth: Fix RFCOMM session reference counting issue
There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:

[  685.010159] BUG: unable to handle kernel paging request at 6b6b6b6b
[  685.010169] IP: [<c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[  685.010181] *pdpt = 000000002d665001 *pde = 0000000000000000
[  685.010191] Oops: 0000 [#1] PREEMPT SMP
[  685.010247]
[  685.010255] Pid: 947, comm: krfcommd Tainted: G         C  3.0.16-mid8-dirty #44
[  685.010266] EIP: 0060:[<c149d76d>] EFLAGS: 00010246 CPU: 1
[  685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[  685.010281] EAX: e79f551c EBX: 6b6b6b6b ECX: 00000007 EDX: e79f40b4
[  685.010288] ESI: e79f4060 EDI: ed4e1f70 EBP: ed4e1f68 ESP: ed4e1f50
[  685.010295]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  685.010303] Process krfcommd (pid: 947, ti=ed4e0000 task=ed43e5e0 task.ti=ed4e0000)
[  685.010308] Stack:
[  685.010312]  ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[  685.010331]  00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[  685.010348]  00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[  685.010367] Call Trace:
[  685.010376]  [<c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[  685.010387]  [<c149ec10>] rfcomm_process_sessions+0xb7/0xde
[  685.010398]  [<c149ec87>] rfcomm_run+0x50/0x6d
[  685.010409]  [<c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[  685.010419]  [<c104fe01>] kthread+0x63/0x68
[  685.010431]  [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[  685.010442]  [<c14dae82>] kernel_thread_helper+0x6/0xd

This issue has been brought up earlier here:

https://lkml.org/lkml/2011/5/21/127

The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.

There have been several attempts to fix these issue:

6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it

but AFAICS they do not fix the issue just make it harder to reproduce.

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:31 +02:00
Andre Guedes
4777bfdebb Bluetooth: Use GFP_KERNEL in hci_add_adv_entry()
This function is not called in interrupt context anymore, so it
should use GFP_KERNEL to allocate memory.

Signed-off-by: Andre Guedes <aguedespe@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:31 +02:00
Vinicius Costa Gomes
f7aa611a0e Bluetooth: Rename smp_key_size to enc_key_size
This makes clear that this is the size of the key used to
encrypt the link.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:30 +02:00
Ulisses Furquim
127074bfa3 Bluetooth: Fix possible use after free in delete path
We need to use the _sync() version for cancelling the info and security
timer in the L2CAP connection delete path. Otherwise the delayed work
handler might run after the connection object is freed.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:30 +02:00
Ulisses Furquim
17cd3f374b Bluetooth: Remove usage of __cancel_delayed_work()
__cancel_delayed_work() is being used in some paths where we cannot
sleep waiting for the delayed work to finish. However, that function
might return while the timer is running and the work will be queued
again. Replace the calls with safer cancel_delayed_work() version
which spins until the timer handler finishes on other CPUs and
cancels the delayed work.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:30 +02:00
Andre Guedes
e72acc13c7 Bluetooth: Remove unneeded locking
We don't need locking hdev in hci_conn_timeout() since it doesn't
access any hdev's shared resources, it basically queues HCI commands.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:30 +02:00
Andre Guedes
75d7735c7a Bluetooth: Use GFP_KERNEL in hci_chan_create()
This function is called in process context only, so it should use
GFP_KERNEL to allocate memory.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:30 +02:00
Andre Guedes
cb601d7e65 Bluetooth: Use GFP_KERNEL in hci_conn_add()
This function is called in process context only, so it should use
GFP_KERNEL to allocate memory.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:30 +02:00
Szymon Janc
cad8f1d072 Bluetooth: Make l2cap_ertm_data_rcv static
It is not used outside of l2cap_core.c. Also l2cap_ertm_data_rcv is
only used after it is defined so there is no need for forward declaration.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:29 +02:00
Andrei Emeltchenko
2f7719ce54 Bluetooth: Add alloc_skb chan operator
Add channel-specific skb allocation method

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:29 +02:00
Octavian Purdila
d22015aad4 Bluetooth: silence lockdep warning
Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).

This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:

<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544] 3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869]  (rfcomm_mutex){+.+.+.}, at: [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045]  (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977]        [<c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411]        [<c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858]        [<c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279]        [<c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687]        [<c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106]        [<c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542]        [<c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959]        [<c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365]        [<c104f095>] kthread+0x63/0x68
<4>[ 1864.742742]        [<c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667]        [<c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519]        [<c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975]        [<c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412]        [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842]        [<c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288]        [<c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737]        [<c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165]        [<c14d42f0>] syscall_call+0x7/0xb

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:29 +02:00
Andrei Emeltchenko
61e1b4b7de Bluetooth: trivial: space correction
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:29 +02:00
Johan Hedberg
aa64a8b500 Bluetooth: Add a convenience function to check for SSP enabled
It's a very common test to see if both the local and the remote device
have SSP enabled. By creating a simple function to test this we can
shorten many if-statements in the code.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:29 +02:00
Johan Hedberg
84bde9d6c0 Bluetooth: Convert hdev->ssp_mode to a flag
The ssp_mode is essentially just a boolean so it's more appropriate to
have it simply as a flag in hdev->dev_flags.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:29 +02:00
Johan Hedberg
58a681ef14 Bluetooth: Merge boolean members of struct hci_conn into flags
Now that the flags member of struct hci_conn is supposed to accommodate
any boolean type values we can easily merge all boolean members into it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:28 +02:00
Johan Hedberg
b644ba3369 Bluetooth: Update device_connected and device_found events to latest API
This patch updates mgmt_ev_device_connected and mgmt_ev_device found to
include an EIR-encoded remote name and class whenever possible. With
this addition the mgmt_ev_remote_name event becomes unnecessary and can
be removed. Since the connected event doesn't map to hci_conn_complete
anymore a HCI_CONN_MGMT_CONNECTED flag is added to track when mgmt has
been notified about a connection.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:28 +02:00
Johan Hedberg
a0c808b373 Bluetooth: Convert hdev->out to a bool type
The hdev->out variable is essentially a boolean so the type 'bool' makes
more sense than u8.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:28 +02:00
Johan Hedberg
51a8efd7d0 Bluetooth: Rename conn->pend to conn->flags
These flags can and will be used for more general purpose values than
just pending state transitions so the more common name "flags" makes
more sense than "pend".

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:28 +02:00
Johan Hedberg
1dc06093a9 Bluetooth: Merge device class into the EIR data in mgmt_ev_device_found
There's no need to have a separate device class field since the same
information can be encoded into the EIR data.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:28 +02:00
Johan Hedberg
6759a67579 Bluetooth: Move eir_has_data_field to hci_core.h
This makes the function accessible from all places it's needed (e.g.
mgmt.c and hci_event.c).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:28 +02:00
Johan Hedberg
4ddb1930f9 Bluetooth: Rename eir_has_complete_name to eir_has_data_type
This allows for other uses such as checking for an embedded class of
device value in order to decide whether to append the class or not.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:27 +02:00
Johan Hedberg
e319d2e743 Bluetooth: Add eir_len parameter to mgmt_ev_device_found
This patch add a two byte eir_len parameter mgmt_ev_device_found. Since
it's unlikely that the data will in the short term be much bigger than
conventional EIR lengths just use a small stack based buffer for now to
avoid dynamic memory allocation & freeing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:27 +02:00
Johan Hedberg
afc747a600 Bluetooth: Rename mgmt connected events to match user space
User space uses device_(dis)connected instead of just (dis)connected so
rename the defines and functions to match this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:27 +02:00
Johan Hedberg
7005ff1780 Bluetooth: Fix clearing persistent flags
There are several other dev_flags besided HCI_MGMT that should not be
cleared upon reset.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:27 +02:00
Andre Guedes
3c9e919511 Bluetooth: Report LE devices
Devices found during LE scan should be reported to userspace through
mgmt_device_found events.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:27 +02:00
Andre Guedes
7d262f86f6 Bluetooth: Add 'eir_len' param to mgmt_device_found()
This patch adds a new parameter to mgmt_device_found() to inform
the length of 'eir' pointer.

EIR data from LE advertising report event doesn't have a fixed length
as EIR data from extended inquiry result event does. We needed to
change mgmt_device_found() so it copies 'eir_len' bytes instead of
HCI_MAX_EIR_LENGTH.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:27 +02:00
Andrei Emeltchenko
0952a57a25 Bluetooth: Change sk to l2cap_chan
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:27 +02:00
Andrei Emeltchenko
5ef8cb9e5b Bluetooth: Use chan instead of sk
Remove unneeded conversion from sk to chan.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:26 +02:00
Szymon Janc
09bfb2ee52 Bluetooth: Drop L2CAP chan reference if ERTM ack_timer fired
Reference counter was incremented when starting ack timer but
decremented only when clearing timer, not when timer fired.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:26 +02:00
Szymon Janc
77f918bc7b Bluetooth: Don't send RNR immediately when entering local busy
There is no need to send RNR immediately when entring local busy.
Also upper layer might clear local busy condition before ack timer
expires saving few cycles for sending RNR.

This also prevents sending two RNRs in some cases where sending one
would be enough i.e received N I-frame can trigger local busy
(sending RNR acking up to N-1 I-frame) and later sending ack (RNR
acking up to N I-frame).

This was affecting TC_ERM_BV_07_C and TC_ERM_BV_22_C with some non
default channel parameters (tx window and receiving buffer sizes).

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:26 +02:00
Szymon Janc
b17e73bb42 Bluetooth: Clear ack_timer when sending ack
ack_timer should be cleared when sending ACK to avoid acking I-frames
twice.

This commit introduces helper function (only send ack, not clearing
timer) which is used by l2cap_send_ack and l2cap_ack_timeout. This is
to avoid clearing ack timer in timer function.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:26 +02:00
Szymon Janc
0ef3ef0f67 Bluetooth: Set P-bit for SREJ frame only if there are I-frames to ack
SREJ frame with P-bit set acknowledges I-frames numbered up to
(ReqSeq - 1). With this patch P-bit in SREJ is set only when there are
some I-frames to ack.

This fixes ambiguous situation when lost of I-frame with TxSeq=0 would
result in sending SREJ acking all previous I-frames.
Consider following scenario:
TxWindow=3

HostA: sent I-frame TxSeq=0
HostA: sent I-frame TxSeq=1
HostA: sent I-frame TxSeq=2
HostB: missed I-frame TxSeq=0
HostB: received I-frame TxSeq=1
HostB: sent SREJ ReqSeq=0 Pbit=1
HostA: received SREJ ReqSeq=0 Pbit=1   <- All I-frames acked or not?
...

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:25 +02:00
Fabio Estevam
8b281b9c78 Bluetooth: Fix 'enable_hs' type
Fix the following build warning:

  CC [M]  net/bluetooth/hci_core.o
net/bluetooth/hci_core.c: In function ‘__check_enable_hs’:
net/bluetooth/hci_core.c:2587: warning: return from incompatible pointer type

module_param in hci_core.c passes 'enable_hs' as bool format, so fix
this variable definition type.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:25 +02:00
Johan Hedberg
a3d4e20a88 Bluetooth: Sort to-be-resolved devices by RSSI during discovery
This patch makes sure that devices with stronger signal (RSSI closer to
0) are sorted first in the resolve list and will therefore get their
names resolved first during device discovery. Since it's more likely
that the device the user is trying to discover has a strong signal due
to its proximity this ensures that the user gets the "device found"
event for it more quickly.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:25 +02:00
Johan Hedberg
44b5f7d0cb Bluetooth: Fix resetting HCI_MGMT flag
The HCI_MGMT flag should not be cleared when resetting a HCI device.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:25 +02:00
Johan Hedberg
a8b2d5c2cf Bluetooth: Move mgmt related flags from hdev->flags to hdev->dev_flags
There's no point in exposing these to user-space (which is what happens
to everything in hdev->flags) so move them to dev_flags instead.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:25 +02:00
Johan Hedberg
cbe8fed490 Bluetooth: Remove bogus inline declaration from l2cap_chan_connect
As reported by Dan Carpenter this function causes a Sparse warning and
shouldn't be declared inline:

include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a
definition"

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:25 +02:00
David Herrmann
dc946bd86f Bluetooth: Remove __hci_dev_put/hold
Since we remove the owner field of hci_dev hci_dev_put and __hci_dev_put
do the same so we can merge them into one function. Same for
hci_dev_hold and __hci_dev_hold.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:24 +02:00
David Herrmann
4c724c7135 Bluetooth: Correctly take hci_dev->dev refcount
The hci_dev->dev device structure has an internal refcount. This
refcount is used to protect the whole hci_dev object. However, we
currently do not use it.  Therefore, if someone calls hci_free_dev() we
currently immediately destroy the hci_dev object because we never took
the device refcount.

This even happens if the hci_dev->refcnt is not 0. In fact, the
hci_dev->refcnt is totally useless in its current state. Therefore, we
simply remove hci_dev->refcnt and instead use hci_dev->dev refcnt.

This fixes all the symptoms and also correctly integrates the device
structure into our bluetooth bus system.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:24 +02:00
David Herrmann
e9b9cfa157 Bluetooth: Remove HCI-owner field
After unregistering an hci_dev object a bluetooth driver does not have
any callbacks in the hci_dev structure left over. Therefore, there is no
need to keep a reference to the module.

Previously, we needed this to protect the hci-destruct callback.
However, this callback is no longer available so we do not need this
owner field, anymore.  Drivers now call hci_unregister_dev() and they
are done with the object.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:24 +02:00
David Herrmann
46e06531a5 Bluetooth: Correctly acquire module ref
We provide a device-object to other subsystems and we provide our own
release-function. Therefore, the device-object must own a reference to
our module, otherwise the release-function may get deleted before the
device-object does.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:24 +02:00
David Herrmann
010666a126 Bluetooth: Make hci-destruct callback optional
Several drivers already provide an empty callback so we can actually
make this optional and then remove all those empty callbacks in the
drivers.

This callback isn't needed at all by most drivers as they can remove
their allocated structures on device disconnect and not on hci
destruction.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:22 +02:00
Andrei Emeltchenko
cc48dc0a99 Bluetooth: Remove magic number from ACL TO
Adds HCI_ACL_TX_TIMEOUT and clear conversion from msec to jiffies

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:21 +02:00
Andrzej Kaczmarek
b83ddfe2ac Bluetooth: l2cap_set_timer needs jiffies as timeout value
After moving L2CAP timers to workqueues l2cap_set_timer expects timeout
value to be specified in jiffies but constants defined in miliseconds
are used. This makes timeouts unreliable when CONFIG_HZ is not set to
1000.

__set_chan_timer macro still uses jiffies as input to avoid multiple
conversions from/to jiffies for sk_sndtimeo value which is already
specified in jiffies.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Ackec-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:21 +02:00
Andrzej Kaczmarek
6423cf3a18 Bluetooth: Fix sk_sndtimeo initialization for L2CAP socket
sk_sndtime value should be specified in jiffies thus initial value
needs to be converted from miliseconds. Otherwise this timeout is
unreliable when CONFIG_HZ is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:21 +02:00
Andrei Emeltchenko
25e89e99b4 Bluetooth: Process num completed data blocks event
Adds support for Number Of Completed Data Blocks Event.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:20 +02:00
Johan Hedberg
30dc78e1a2 Bluetooth: Add name resolving support for mgmt based discovery
This patch adds the necessary logic to perform name lookups after
inquiry completes. This is done by checking for entries in the resolve
list after each inquiry complete and remote name complete HCI event.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:20 +02:00
Johan Hedberg
ff9ef57870 Bluetooth: Add discovery state tracking
This patch adds proper state tracking to the device discovery process.
This makes it possible to return appropriate errors when trying to stop
a non-active discovery or start discovery when it is already ongoing.
Once name resolving is implemented this also makes it possible to know
what the right action to do is when a remote name lookup is cancelled.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:20 +02:00
Johan Hedberg
30883512be Bluetooth: Rename hdev->inq_cache to hdev->discovery
This struct is used for not just inquiry caching but also for general
device discovery state tracking so it's better to rename it to something
more appropriate.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:20 +02:00
Johan Hedberg
4663262c29 Bluetooth: Flush inquiry cache when starting mgmt triggered inquiry
For the remote name state tracking for the management interface to work
the cache needs to be flushed whenever inquiry is started. The
hci_do_inquiry function is only used by the management interface so by
having the flushing done from it ensures that old ioctl based
functionality isn't affected.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:20 +02:00
Johan Hedberg
3175405b90 Bluetooth: Return updated name state with hci_inquiry_cache_update
If user-space has already confirmed the name for a remote device we
shouldn't request confirmation again. The simplest way to do this is to
return the name state from hci_inquiry_cache_update (if it is anything
else than unknown then we do not need confirmation from user-space).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:20 +02:00
Johan Hedberg
561aafbcb2 Bluetooth: Add initial mgmt_confirm_name support
This patch adds initial support for mgmt_confirm_name. It adds the
necessary tracking of the name state by extending the inquiry cache. The
actual name resolving operation (to be done once inquiry is finished) is
not yet part of this patch.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:19 +02:00
Johan Hedberg
32748db002 Bluetooth: Move Extended Inquiry Response defines to hci.h
The EIR defines are needed also outside of mgmt.c (e.g. in hci_event.c
to check if EIR data has the complete name) so it's better to have them
in a single public place, i.e. hci.h.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:19 +02:00
Johan Hedberg
b57c1a5646 Bluetooth: Convert inquiry cache to use standard list types
This makes it possible to use the convenience functions provided for
standard kernel list types and it also makes it easier to extend the use
of the cache for the management interface where e.g. name resolving
control will be needed.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-13 17:01:19 +02:00
David S. Miller
b1cc16b8e6 bluetooth: hci: Fix type of "enable_hs" to bool.
Fixes:

net/bluetooth/hci_core.c: In function ‘__check_enable_hs’:
net/bluetooth/hci_core.c:2587:1: warning: return from incompatible pointer type [enabled by default]

Signed-off-by: David S. Miller <davem@davemloft.net>
2012-01-22 15:08:46 -05:00
John W. Linville
874c60bad9 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next 2012-01-10 15:44:17 -05:00
David S. Miller
117ff42fd4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-01-04 21:35:43 -05:00
John W. Linville
d8f46ff110 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2012-01-04 11:37:30 -05:00
John W. Linville
57adc1fcba Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
Conflicts:
	drivers/net/wireless/b43/dma.c
	drivers/net/wireless/brcm80211/brcmfmac/dhd_linux.c
2012-01-03 15:16:34 -05:00
Andrei Emeltchenko
c5993de864 Bluetooth: Correct packet len calculation
Remove unneeded skb_pull and correct packet length calculation
removing magic number. Move BT_DBG after len check otherwise
it could possibly access wrong memory.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-03 01:38:37 -02:00
Gustavo F. Padovan
3542b854bc Bluetooth: Keep chan->state and sk->sk_state in sync
Those vars need to be in sync, otherwise l2cap_core.c can get the wrong
state.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-03 01:38:37 -02:00
Gustavo F. Padovan
333055f2aa Bluetooth: Don't use *_bh locks anymore
Those locks are not shared between interrupt and process context anymore,
so remove the part that disable interrupts.  We are still safe because
preemption is disabled.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-03 01:38:36 -02:00
Andre Guedes
e75a8b0c33 Bluetooth: Fix mgmt_stop_discovery_failed()
Stop Discovery Command Status Event should use mgmt status code.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-03 01:35:23 -02:00
Andre Guedes
d084329e28 Bluetooth: Queue adv_work on system workqueue
This patch queues hdev->adv_work on the system-wide workqueue
instead of on hdev->workqueue. This way we keep only tx/rx works
on hdev->workqueue.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:30:10 -02:00
Andre Guedes
c1b9b4f45f Bluetooth: Fix adv_work delay
This patch fixes the adv_work delay. It should be set to ADV_
CLEAR_TIMEOUT instead of (jiffies + ADV_CLEAR_TIMEOUT) since
queue_delayed_work() receives the number of jiffies to wait
before queueing. It also removes the unnecessary cancel_delayed_
work_sync() call in case LE scan has been disabled.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:30:09 -02:00
Andre Guedes
b5b32b653d Bluetooth: Fix hci_cc_read_local_ext_features()
Copy the Features value according to the Page number.

Signed-off-by: Andre Guedes <aguedespe@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:29:51 -02:00
Andre Guedes
59e294065d Bluetooth: Rename extfeatures
This patch renames hdev->extfeatures to hdev->host_features since it
holds the extended features Page 1 (aka host features).

Signed-off-by: Andre Guedes <aguedespe@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:21:05 -02:00
Gustavo F. Padovan
94f5bfb8c1 Bluetooth: Remove *_bh from socket list lock.
We don't need it anymore.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:20:24 -02:00
Gustavo F. Padovan
4b5dd696f8 Bluetooth: Remove local_bh_disable() from hci_sock.c
Everything is in process context now, we do not need such a call.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:20:12 -02:00
Gustavo F. Padovan
ee65d19e25 Bluetooth: Remove *_bh locks from SCO
Those locks are not shared between interrupt and process context anymore,
so remove the part that disable interrupts. We are still safe because
preemption is disabled.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:19:52 -02:00
Gustavo F. Padovan
393432cd8d Bluetooth: Fix context in RFCOMM tty
We now run in process context, no need to disable interrupts.
Calls from the tty layer also run in process context.

rw_lock was converted to spinlock, we have more writers than readers in
this case.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:19:29 -02:00
Gustavo F. Padovan
95ca83f42f Bluetooth: Fix context in rfcomm_sock_lock
Code now run in process context, does not need to disable interrupt
anymore.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 22:17:29 -02:00
Gustavo F. Padovan
9219b2a08c Bluetooth: Fix bacpy in l2cap_core.c
It should be the dst in the copy not src. 03a001948 introduced this bug.

Reported-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2012-01-02 20:08:04 -02:00
Gustavo F. Padovan
4ae1652ef1 Bluetooth: Fix a compile warning in RFCOMM
sock and sk were leftover from another change.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-27 14:43:41 -02:00
David S. Miller
abb434cb05 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts:
	net/bluetooth/l2cap_core.c

Just two overlapping changes, one added an initialization of
a local variable, and another change added a new local variable.

Signed-off-by: David S. Miller <davem@davemloft.net>
2011-12-23 17:13:56 -05:00
Gustavo F. Padovan
cad44c2bf6 Revert "Bluetooth: Increase HCI reset timeout in hci_dev_do_close"
This reverts commit e1b6eb3ccb.

This was causing a delay of 10 seconds in the resume process of a Thinkpad
laptop. I'm afraid this could affect more devices once 3.2 is released.

Reported-by: Tomáš Janoušek <tomi@nomi.cz>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-23 19:00:02 -02:00
Hemant Gupta
3573b80c42 Bluetooth: Incorrect address while storing LTK.
This patch fixes incorrect address storage while storing
Long Term Key for LE Devices using SMP (Security Manager Protocol).
The address stored should be of remote device and not of source device.

Signed-off-by: Hemant Gupta <hemant.gupta@stericsson.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-23 16:55:06 -02:00
Gustavo F. Padovan
af3e6359a2 Bluetooth: Don't disable interrupt when locking the queue
We run everything in process context now.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 18:07:01 -02:00
Gustavo F. Padovan
f20d09d5f7 Bluetooth: remove *_bh usage from hci_dev_list and hci_cb_list
They don't need to disable interrupts anymore, we only run in process
context now.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 18:06:24 -02:00
Gustavo F. Padovan
2fb9b3d4e5 Bluetooth: add debug output to l2cap_ack_timeout()
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 18:00:54 -02:00
Gustavo F. Padovan
5436538fb5 Bluetooth: Remove l2cap priority from inside RFCOMM.
RFCOMM needs a proper priority mechanism inside itself and not try to use
l2cap priority to fix its own problem.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:45:10 -02:00
Brian Gix
5fe57d9e9e Bluetooth: Add SMP to User Passkey and Confirm
Low Energy pairing is performed through the SMP (Security Manager Protocol)
mechanism rather than HCI.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:19:03 -02:00
Brian Gix
2b64d153a0 Bluetooth: Add MITM mechanism to LE-SMP
To achive Man-In-The-Middle (MITM) level security with Low Energy,
we have to enable User Passkey Comparison.  This commit modifies the
hard-coded JUST-WORKS pairing mechanism to support query via the MGMT
interface of Passkey comparison and User Confirmation.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Acked-by: Marcel Holtmann<marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:18:59 -02:00
Ulisses Furquim
371fd83563 Bluetooth: Fix deadlocks with sock lock and L2CAP timers locks
When cancelling a delayed work (timer) in L2CAP we can not sleep holding
the sock mutex otherwise we might deadlock with an L2CAP timer handler.
This is possible because RX/TX and L2CAP timers run in different workqueues.
The scenario below illustrates the problem. Thus we are now avoiding to
sleep on the timers locks.

 ======================================================
 [ INFO: possible circular locking dependency detected ]
 3.1.0-05270-ga978dc7-dirty #239
 -------------------------------------------------------
 kworker/1:1/873 is trying to acquire lock:
  (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}, at: [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]

 but task is already holding lock:
  ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450

 which lock already depends on the new lock.

 the existing dependency chain (in reverse order) is:

 -> #1 ((&(&chan->chan_timer)->work)){+.+...}:
        [<ffffffff8106b276>] check_prevs_add+0xf6/0x170
        [<ffffffff8106b903>] validate_chain+0x613/0x790
        [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
        [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
        [<ffffffff81052a6f>] wait_on_work+0x4f/0x160
        [<ffffffff81052ca3>] __cancel_work_timer+0x73/0x80
        [<ffffffff81052cbd>] cancel_delayed_work_sync+0xd/0x10
        [<ffffffffa002f2ed>] l2cap_chan_connect+0x22d/0x470 [bluetooth]
        [<ffffffffa002fb51>] l2cap_sock_connect+0xb1/0x140 [bluetooth]
        [<ffffffff8130811b>] kernel_connect+0xb/0x10
        [<ffffffffa00cf98a>] rfcomm_session_create+0x12a/0x1c0 [rfcomm]
        [<ffffffffa00cfbe7>] __rfcomm_dlc_open+0x1c7/0x240 [rfcomm]
        [<ffffffffa00d07c2>] rfcomm_dlc_open+0x42/0x70 [rfcomm]
        [<ffffffffa00d3b03>] rfcomm_sock_connect+0x103/0x150 [rfcomm]
        [<ffffffff8130bd7e>] sys_connect+0xae/0xc0
        [<ffffffff813368d2>] compat_sys_socketcall+0xb2/0x220
        [<ffffffff813b2089>] sysenter_dispatch+0x7/0x30

 -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
        [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0
        [<ffffffff8106b276>] check_prevs_add+0xf6/0x170
        [<ffffffff8106b903>] validate_chain+0x613/0x790
        [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
        [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
        [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0
        [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
        [<ffffffff81051ae4>] process_one_work+0x184/0x450
        [<ffffffff8105276e>] worker_thread+0x15e/0x340
        [<ffffffff81057bb6>] kthread+0x96/0xa0
        [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10

 other info that might help us debug this:

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock((&(&chan->chan_timer)->work));
                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
                                lock((&(&chan->chan_timer)->work));
   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);

  *** DEADLOCK ***

 2 locks held by kworker/1:1/873:
  #0:  (events){.+.+.+}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450
  #1:  ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450

 stack backtrace:
 Pid: 873, comm: kworker/1:1 Not tainted 3.1.0-05270-ga978dc7-dirty #239
 Call Trace:
  [<ffffffff813a0f6e>] print_circular_bug+0xd2/0xe3
  [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0
  [<ffffffff8106b276>] check_prevs_add+0xf6/0x170
  [<ffffffff8106b903>] validate_chain+0x613/0x790
  [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
  [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0
  [<ffffffff8106ea30>] ? lock_release_nested+0x100/0x110
  [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0
  [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
  [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
  [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0
  [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
  [<ffffffff81051a86>] ? process_one_work+0x126/0x450
  [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
  [<ffffffff81051ae4>] process_one_work+0x184/0x450
  [<ffffffff81051a86>] ? process_one_work+0x126/0x450
  [<ffffffffa002ce70>] ? l2cap_security_cfm+0x4e0/0x4e0 [bluetooth]
  [<ffffffff8105276e>] worker_thread+0x15e/0x340
  [<ffffffff81052610>] ? manage_workers+0x110/0x110
  [<ffffffff81057bb6>] kthread+0x96/0xa0
  [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10
  [<ffffffff813af69d>] ? retint_restore_args+0xe/0xe
  [<ffffffff81057b20>] ? __init_kthread_worker+0x70/0x70
  [<ffffffff813b1ef0>] ? gs_change+0xb/0xb

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:15:09 -02:00
Ulisses Furquim
686ebf283b Bluetooth: Make HCI call directly into SCO and L2CAP event functions
The struct hci_proto and all related register/unregister and dispatching
code was removed. HCI core code now call directly the SCO and L2CAP
event functions.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:07:29 -02:00
Andrei Emeltchenko
68a8aea459 Bluetooth: Remove magic numbers from le scan cmd
Make code readable by removing magic numbers.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:03:24 -02:00
Gustavo F. Padovan
8a154a8feb Bluetooth: fix bt_accept_dequeue() to work in process context
No local_bh_disable is needed there once we run everything in process
context. The same goes for the replacement of bh_lock_sock() by
lock_sock().

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-22 14:02:08 -02:00
John W. Linville
b4949b8456 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2011-12-21 13:18:22 -05:00
Ulisses Furquim
f1e91e1640 Bluetooth: Always compile SCO and L2CAP in Bluetooth Core
The handling of SCO audio links and the L2CAP protocol are essential to
any system with Bluetooth thus are always compiled in from now on.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-21 02:21:08 -02:00
Ulisses Furquim
f2d64f6aa6 Bluetooth: Remove global mutex hci_task_lock
The hci_task_lock mutex (previously a lock) was supposed to protect the
register/unregister of HCI protocols against RX/TX tasks. This will not
be needed anymore because SCO and L2CAP will always be compiled.

Moreover, with the recent move of RX/TX to workqueues per device the
global hci_task_lock was causing starvation between different HCI
devices.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-21 02:19:18 -02:00
Gustavo F. Padovan
030013d858 Bluetooth: Rename info_work to info_timer
It makes more sense this way, since info_timer is a timer using delayed
work API.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 17:07:16 -02:00
Gustavo F. Padovan
6c9d42a161 Bluetooth: convert security timer to delayed_work
This one also needs to run in process context

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 17:07:03 -02:00
Gustavo F. Padovan
c2ec9c1bbd Bluetooth: Move l2cap_{set,clear}_timer to l2cap.h
It is the only place where it is used.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 17:06:30 -02:00
Andrei Emeltchenko
613a1c0c59 Bluetooth: Clean up magic pointers
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 17:00:22 -02:00
Andrei Emeltchenko
32ac5b9b57 Bluetooth: Check for flow control mode
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 16:59:40 -02:00
Andrei Emeltchenko
2455a3ea0c Bluetooth: Initialize default flow control mode
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 16:59:30 -02:00
Andrei Emeltchenko
e61ef49966 Bluetooth: Split ctrl init to BREDR and AMP parts
Current controller initialization is moved tp bredr_init and new
function added amp_init to handle later AMP init sequence. Current
AMP init sequence include Reset and Read Local Version.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-20 16:59:12 -02:00
Rusty Russell
eb93992207 module_param: make bool parameters really bool (net & drivers/net)
module_param(bool) used to counter-intuitively take an int.  In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.

It's time to remove the int/unsigned int option.  For this version
it'll simply give a warning, but it'll break next kernel version.

(Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false).

Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-12-19 22:27:29 -05:00
John W. Linville
9662cbc712 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next 2011-12-19 14:28:22 -05:00
Gustavo F. Padovan
4b0b2f088f Merge git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth
Conflicts:
	net/bluetooth/l2cap_core.c
2011-12-19 11:37:53 -02:00
Gustavo F. Padovan
d7660918fc Revert "Bluetooth: Revert: Fix L2CAP connection establishment"
This reverts commit 4dff523a91.

It was reported that this patch cause issues when trying to connect to
legacy devices so reverting it.

Reported-by: David Fries <david@fries.net>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 22:33:30 -02:00
Mat Martineau
79e654787c Bluetooth: Clear RFCOMM session timer when disconnecting last channel
When the last RFCOMM data channel is closed, a timer is normally set
up to disconnect the control channel at a later time.  If the control
channel disconnect command is sent with the timer pending, the timer
needs to be cancelled.

If the timer is not cancelled in this situation, the reference
counting logic for the RFCOMM session does not work correctly when the
remote device closes the L2CAP connection.  The session is freed at
the wrong time, leading to a kernel panic.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 22:29:35 -02:00
Mat Martineau
36e999a83a Bluetooth: Prevent uninitialized data access in L2CAP configuration
When configuring an ERTM or streaming mode connection, remote devices
are expected to send an RFC option in a successful config response.  A
misbehaving remote device might not send an RFC option, and the L2CAP
code should not access uninitialized data in this case.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 22:16:04 -02:00
Mat Martineau
65983fc7bb Bluetooth: Incoming ACL packets do not force active mode
Incoming sk_buffs always have bt_cb(skb)->force_active set to 0, so
it's misleading to use that value from the control block when calling
hci_conn_enter_active_mode() for incoming data. The destination socket
is not known in the HCI layer, so the force_active setting for each
socket isn't known either. Hard-coding the force_active parameter does
not change any behavior, but makes it obvious that incoming ACL data
never exits sniff mode.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 21:57:21 -02:00
Andrei Emeltchenko
f428091858 Bluetooth: Simplify num_comp_pkts_evt function
Simplify function and remove fourth level of indentation.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 21:35:26 -02:00
Andrei Emeltchenko
350ee4cfc0 Bluetooth: Add HCI Read Data Block Size function
Implement block size read function. Use different variables for
packet-based and block-based flow control.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 21:34:56 -02:00
Johan Hedberg
c9c2659f1e Bluetooth: Use correct struct for user_confirm_neg_reply
This patch fixes user_confirm_neg_reply to use the appropriate struct
for accessing the call parameters.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:43:19 -02:00
Johan Hedberg
7d78525dcf Bluetooth: Add timer for automatically disabling the service cache
We do not want the service cache to be enabled indefinitely after
mgmt_read_info is called. To solve this a timer is added which will
automatically disable the cache if mgmt_set_dev_class isn't called
within 5 seconds of calling mgmt_read_info.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:41:04 -02:00
Johan Hedberg
ef5803729c Bluetooth: Move EIR and CoD update functions to a better position
Due to the upcoming addition of a service cache timer the functions to
update the EIR and CoD need to be higher up in mgmt.c in order to avoid
unnecessary forward-declarations. This patch simply moves code around
without any other changes in order to make subsequent patches more
readable.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:38:08 -02:00
Johan Hedberg
14c0b60829 Bluetooth: Remove mgmt_set_service_cache
Instead of having an explicit service cache command we can make the mgmt
API simpler by implicitly enabling the cache when mgmt_read_info is
called for the first time and disabling it when mgmt_set_dev_class is
called.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:37:26 -02:00
Johan Hedberg
f7c6869ceb Bluetooth: Move mgmt_set_fast_connectable to the right location
Fast connectable is logically after the connectable property so that's
where it should show up in the code as well (it's also after connectable
in the settings bitfield).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:34:48 -02:00
Johan Hedberg
69ab39ea5d Bluetooth: Update mgmt_read_info and related mgmt messages
This patch updates the mgmt_read_info and related messages to the latest
management API which uses a bitfield of settings instead of individual
boolean values.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:34:04 -02:00
Gustavo F. Padovan
590051de5c Bluetooth: Add ProFUSION's copyright
Add ProFUSION's copyright to some files I've been touching recently.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:59 -02:00
Gustavo F. Padovan
7f971041cf Bluetooth: Use system workqueue to schedule power_on
hdev->workqueue should be only for rx/tx, so move this one out.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:58 -02:00
Gustavo F. Padovan
6d438e335c Bluetooth: Remove work_add and work_del from hci_sysfs
As we run in process context now we don't need worqueue to add e del from
sysfs.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:58 -02:00
Gustavo F. Padovan
32845eb124 Bluetooth: Use new alloc_workqueue()
Update hdev workqueue API usage to use the new interface, this new
interface also allow us to mark this workqueue as WQ_HIGHPRI, so now rx
and tx work gets higher priority when running.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:58 -02:00
Gustavo F. Padovan
80b7ab3341 Bluetooth: move power_off to system workqueue
hdev->workqueue will be only for for rx/tx/cmd processing, all other small
works should go to the system workqueue for now.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:58 -02:00
Gustavo F. Padovan
3d57dc6806 Bluetooth: Change l2cap chan_list to use RCU
This list has much more reads than writes, so RCU makes senses here, also
it avoid deadlock against the socket lock.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:57 -02:00
Gustavo F. Padovan
03a0019481 Bluetooth: invert locking order in connect path
This move some checking code that was in l2cap_sock_connect() to
l2cap_chan_connect(). Thus we can invert the lock calls, i.e., call
lock_sock() before hci_dev_lock() to avoid a deadlock scenario.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:57 -02:00
Gustavo F. Padovan
f878fcad17 Bluetooth: convert info timer to delayed_work
Another step of remove interrupt context from Bluetooth Core.
Use the system workqueue.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:57 -02:00
Gustavo F. Padovan
3eff45eaf8 Bluetooth: convert tx_task to workqueue
This should simplify Bluetooth core processing a lot.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:57 -02:00
Gustavo F. Padovan
c347b765fe Bluetooth: Move command task to workqueue
As part of the moving on all the Bluetooth processing to Process context.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:57 -02:00
Gustavo F. Padovan
3c54711c4f Bluetooth: Don't disable tasklets to call hdev->notify()
It's pointless, we aren't protecting anything since btusb_notify()
schedules a work to run, then all it operation happens without protection.
If protection is really needed here, we will fix it further.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:57 -02:00
Gustavo F. Padovan
bf4c632524 Bluetooth: convert conn hash to RCU
Handling hci_conn_hash with RCU make us avoid some locking and disable
tasklets.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:56 -02:00
Gustavo F. Padovan
8192edef03 Bluetooth: Use RCU to manipulate chan_list
Instead of using tasklet_disable() to prevent acess to the channel use, we
can use RCU and improve the performance of our code.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:56 -02:00
Gustavo F. Padovan
d01b2ff4e6 Bluetooth: convert chan_lock to mutex
spin lock doesn't fit ok anymore on the new code based on workqueues.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:56 -02:00
Gustavo F. Padovan
67d0dfb5ec Bluetooth: move hci_task_lock to mutex
Now we can sleep in any path inside Bluetooth core, so mutex can make
sense here.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:56 -02:00
Gustavo F. Padovan
eb403a1b7e Bluetooth: Remove sk_backlog usage from L2CAP
We run everything in the same lock now. The backlog queue is useless now

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:55 -02:00
Gustavo F. Padovan
aa2ac881ba Bluetooth: Don't use spin_lock socket lock anymore
We now run everything in process context, so the mutex lock is the best
option. But in some places we still need the bh_lock_sock()

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:55 -02:00
Gustavo F. Padovan
721c41812d Bluetooth: Move L2CAP timers to workqueue
L2CAP timers also need to run in process context. As the works in l2cap
are small we are using the system worqueue.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:55 -02:00
Gustavo F. Padovan
b9cc553f12 Bluetooth: hci_conn_auto_accept() doesn't need locking
It doesn't really touch any sensitive information about hdev. So no need
to lock here.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:55 -02:00
Gustavo F. Padovan
db323f2fff Bluetooth: Use delayed work for advertisiment cache timeout
As HCI rx path is now done in process context it makes sense to do all the
timer in process context as well.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:55 -02:00
Gustavo F. Padovan
19c40e3bca Bluetooth: Use delayed_work for connection timeout
Bluetooth rx task runs now in a workqueue, so it a good approach run any
timer that share locking with process context code also in a workqueue.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:54 -02:00
Gustavo F. Padovan
09fd0de5bd Bluetooth: Replace spin_lock by mutex in hci_dev
Now we run everything in HCI in process context, so it's a better idea use
mutex instead spin_lock. The macro remains hci_dev_lock() (and I got rid
of hci_dev_lock_bh()), of course.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:54 -02:00
Marcel Holtmann
b78752cc71 Bluetooth: Process recv path in a workqueue instead of a tasklet
Run recv process in workqueue helps a lot with our processing as the recv
path will also be in the process context, i.e., now all our tx and rx are
in process context.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-18 17:07:54 -02:00
Gustavo F. Padovan
416dc94baa Bluetooth: make hci_conn_enter_sniff_mode static
It isn't used outside hci_conn.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-16 20:51:55 -02:00
Gustavo F. Padovan
3e9c40a6f7 Bluetooth: Use list_for_each_entry in hci_conn_hash_flush()
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-16 18:16:15 -02:00
Gustavo F. Padovan
f9c3123b5a Bluetooth: Use chan instead of l2cap_pi macro
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-16 18:16:14 -02:00
Gustavo F. Padovan
2c33c06a8f Bluetooth: remove struct hci_chan_hash
Only the list member of the struct was used, so we now fold it into
hci_conn.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-16 18:16:14 -02:00
John W. Linville
e7ab5f1c32 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2011-12-09 14:07:12 -05:00
John W. Linville
5f779bbd47 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next 2011-12-06 16:02:05 -05:00
Andrei Emeltchenko
5a13b09531 Bluetooth: trivial: correct check for LMP version
Make sure that code match exactly what comment says about pre 1.2
bluetooth version. Since this is HCI detail lmp_ver changed to hci_ver.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-03 08:28:17 +09:00
Andrei Emeltchenko
d095c1ebd4 Bluetooth: Remove magic bluetooth version numbers
Use bluetooth names instead of BT SIG assigned numbers

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-03 08:27:58 +09:00
Gustavo F. Padovan
5c69b0ada6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth 2011-12-03 08:26:25 +09:00
Andrei Emeltchenko
33cb722c22 Bluetooth: Correct version check in hci_setup
Check for hci_ver instead of lmp_ver

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-03 08:20:00 +09:00
Andrei Emeltchenko
ce7e4ad143 Bluetooth: remove old code
Remove old code not touched for several years.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-02 21:26:59 +09:00
Andre Guedes
07f7fa5db1 Bluetooth: LE Set Scan Parameter Command
This patch adds the parameter struct and the command complete event
handler to the LE Set Scan Parameter HCI command.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-02 21:19:31 +09:00
Andre Guedes
d23264a896 Bluetooth: Add dev_flags to struct hci_dev
This patch adds the dev_flags field to struct hci_dev. This new
flags variable should be used to define flags related to BR/EDR
and/or LE controller itself. It should be used to define flags
which represents states from the controller. The dev_flags is
cleared in case the controller sends a Reset Command Complete
Event to the host.

Also, this patch adds the HCI_LE_SCAN flag which was created to
track if the controller is performing LE scan or not. The flag
is set/cleared when the controller starts/stops scanning.

This is an initial effort to stop using hdev->flags to define
internal flags since it is exported to userspace by an ioctl.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-02 21:19:18 +09:00
Andrei Emeltchenko
1e89cffb44 Bluetooth: Add HCI Read Flow Control Mode function
Upstream Code Aurora function with minor trivial fixes.
Origin: git://codeaurora.org/kernel/msm.git

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-02 20:59:53 +09:00
Brian Gix
4f957a7601 Bluetooth: Centralize SMP pairing failure handling
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-01 22:54:37 +09:00
Brian Gix
c8eb969071 Bluetooth: Cleanup blkcipher on SMP termination
The blkcipher must be freed to avoid memory leak.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-01 22:53:46 +09:00
Brian Gix
1143d45846 Bluetooth: Add HCI User Passkey Req Evt handling
Some MITM scenarios require handling of the User Passkey Request event,
by querying the user, and passing the response back.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-01 22:53:26 +09:00
Brian Gix
604086b73b Bluetooth: Add User Passkey Response handling
For some MITM protection pairing scenarios, the user is
required to enter or accept a 6 digit passkey.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-12-01 22:51:53 +09:00
Gustavo F. Padovan
badaaa00f2 Bluetooth: Add user readable debug for state changes
I did this as a part of a testing course at university, but it might be
useful upstream as well.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-23 20:11:46 -02:00
John W. Linville
515db09338 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
Conflicts:
	drivers/net/wireless/iwlegacy/iwl-debugfs.c
	drivers/net/wireless/iwlegacy/iwl-rx.c
	drivers/net/wireless/iwlegacy/iwl-scan.c
	drivers/net/wireless/iwlegacy/iwl-tx.c
	include/net/bluetooth/bluetooth.h
2011-11-22 14:05:46 -05:00
Andrei Emeltchenko
c6feeb28ae Bluetooth: Use queue in the device list
Use queue instead of stack discipline for device list. When processing
dev_list with list_for_each* devices will be prosessed in order they
were added (Usually BR/EDR first and AMP later).

Also output from hciconfig looks nicer :-)

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-21 14:45:38 -02:00
Brian Gix
47c15e2b33 Bluetooth: Differentiate LE User Pairing Responses
Low Energy (LE) pairing responses must be recognized and handled
differently from BR/EDR pairing responses. BR/EDR responses are
handled via HCI commands by the LMP layer, and LE responses are
handled by the Host.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-21 14:44:52 -02:00
Brian Gix
0df4c185ed Bluetooth: User Pairing Response restructuring
There are 4 possible User Responses to pairing requests,
and they all share the same checks and handling. This
restructures the handling of the two Confirm responses
in preperation for the second two.

Signed-off-by: Brian Gix <bgix@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-21 14:44:50 -02:00
Andrei Emeltchenko
7784d78f18 Bluetooth: making enable_hs independent from L2CAP
Fixes bluetooth compiling when CONFIG_BT_L2CAP is not enabled

net/built-in.o: In function `hci_dev_open':
(.text+0xdce9a): undefined reference to `enable_hs'

Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-21 14:44:49 -02:00
David Herrmann
9b338c3dd1 Bluetooth: bnep: Fix module reference
We cannot call module_put(THIS_MODULE) if this is our last reference. Otherwise,
this call may cleanup our module before it returns.

Gladly, the kthread API provides a simple wrapper for us. So lets use
module_put_and_exit() to avoid a race condition with the module cleanup code.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-21 14:29:25 -02:00
David Herrmann
48b28b8db9 Bluetooth: cmtp: Fix module reference
We cannot call module_put(THIS_MODULE) if this is our last reference. Otherwise,
this call may cleanup our module before it returns.

Gladly, the kthread API provides a simple wrapper for us. So lets use
module_put_and_exit() to avoid a race condition with the module cleanup code.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-21 14:28:45 -02:00
Szymon Janc
1ec918cef5 Bluetooth: Fix some checkpatch.pl errors and warnings
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 18:30:21 -02:00
Szymon Janc
250938cb37 Bluetooth: Simplify __l2cap_global_chan_by_addr
Make __l2cap_global_chan_by_addr similar to other find functions.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 18:29:44 -02:00
Szymon Janc
d1726b6dc9 Bluetooth: Refactor loop in l2cap_retransmit_one_frame
This make it easier to see what is the real reason for loop to exit.
skb_queue_next return valid skb or garbage, not NULL.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 18:29:28 -02:00
Szymon Janc
039d9572f1 Bluetooth: Simplify l2cap_add_to_srej_queue
Make it easier to see what is loop break condition.
skb_queue_next return valid skb or garbage, not NULL.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 18:29:07 -02:00
Szymon Janc
aef89f214e Bluetooth: Fix possible NULL pointer derefence in l2cap code
Due to ERTM reliability L2CAP channel needs to be disconnected if
adding to srej list failed.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 18:28:37 -02:00
Andrei Emeltchenko
07e3b94ac3 Bluetooth: Do not set HCI_RAW when HS enabled
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 16:54:29 -02:00
Johan Hedberg
450dfdafbc Bluetooth: Pass all message parameters to mgmt_start_discovery
The mgmt_start_discovery command contains the type of discovery that
should be started so this should be passed to the start_discovery
function. This patch doesn't yet add any action depending on the type of
the requested discovery.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 16:32:00 -02:00
Johan Hedberg
0e5f875a8f Bluetooth: Add missing cmd_complete for mgmt_load_link_keys
The command complete event was completely missing for this command.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 16:23:06 -02:00
Johan Hedberg
ca69b7957b Bluetooth: Create a unique mgmt error code hierarchy
The management protocol uses a single byte for error codes (aka command
status). In some places this value is directly copied from HCI and in
other a POSIX error number is used. This makes it impossible for
user-space to uniquily decipher the meaning of an error.

To solve this issue a new mgmt-specific set of error codes is added
along with a conversion table for HCI status values.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 16:07:52 -02:00
Johan Hedberg
8680570b0c Bluetooth: Return success instead of EALREADY for mgmt commands
When the adapter state is already what is requested it's more friendly
to user-space to simply report success than to send a EALREADY error
message.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 16:05:50 -02:00
Johan Hedberg
1425acb74b Bluetooth: Fix mgmt_pair_device imediate error responses
When possible cmd_complete should be returned instead of cmd_status
since it contains the remote address (this helps user-space track what
exactly failed).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 15:59:49 -02:00
Johan Hedberg
ba4e564f60 Bluetooth: Add address type to mgmt_pair_device
The kernel needs to know whether it should connect to a device over
BR/EDR or over LE. This is particularly important in the future when
dual-mode device may be connectable also over LE. It is also important
if/when we decide to move the LE advertisement cache from the kernel
into user-space. Adding the type to the mgmt command also ensures
conformance with the latest mgmt API spec.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 15:57:12 -02:00
Andre Guedes
e6d465cb48 Bluetooth: mgmt_stop_discovery_failed()
This patches creates mgmt_stop_discovery_failed() which removes
pending MGMT_OP_STOP_DISCOVERY commands and sends proper command
status events.

This patch also fixes the MGMT_OP_STOP_DISCOVERY command leak in
case cancel inquiry fails.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 15:40:30 -02:00
Andre Guedes
7a13510902 Bluetooth: Rename mgmt_inquiry_failed()
This patch renames the function mgmt_inquiry_failed() to
mgmt_start_discovery_failed(). This function is more related
to MGMT_OP_START_DISCOVERY command handling than to inquiry.
Besides, this functions will be reused by LE based discovery
procedures in case of failure.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-16 15:40:19 -02:00
Gustavo F. Padovan
4d611e4d3d Bluetooth: Only set ack_timer if we didn't send and ack
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 20:43:31 -02:00
Gustavo F. Padovan
0bee1d60cb Bluetooth: Allow L2CAP to increase the security level
Some incomming connections needs to increase the security level by
requesting encryption for example (HID keyboard case). This change allows
the userspace to change it through setsockopt with defer_setup enabled.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 20:25:04 -02:00
Gustavo F. Padovan
d45fc42323 Bluetooth: Rename l2cap_check_security()
rename to l2cap_chan_check_security() to make it consistent with other
l2cap_exported functions. This function will be exported in a later
commit.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 20:25:03 -02:00
Johan Hedberg
37d9ef76c2 Bluetooth: Add status parameter to mgmt_disconnect response
Since disconnecting may fail the status needs to be communicated to user
space. This also updates the implementation to match the latest mgmt API
specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 18:05:41 -02:00
Johan Hedberg
a8a1d19e9d Bluetooth: Add proper response to mgmt_remove_keys command
Since the command can fail we need to have a proper response with the
remote address and a failure status for it. This also updates it to
conform to the latest mgmt API spec.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 18:05:37 -02:00
Johan Hedberg
c3f06755ca Bluetooth: Fix deadlock with mgmt_pair_device
The hci_conn callbacks are called with the hci_dev lock already held so
no locking should be attempted in them.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 17:54:06 -02:00
Johan Hedberg
48264f0694 Bluetooth: Add public/random LE address information to mgmt messages
It's necessary to know the distinction between public and random LE
addresses so the mgmt interface also needs to distinguish between them.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-10 17:53:41 -02:00
David S. Miller
3b971a7ceb Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2011-11-09 16:22:15 -05:00
John W. Linville
312fef7d18 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next
Conflicts:
	net/bluetooth/l2cap_sock.c
	net/bluetooth/mgmt.c
2011-11-09 14:54:33 -05:00
Johan Hedberg
2aeabcbedd Bluetooth: Remove redundant hci_dev comparisons in mgmt lookups
Now that pending commands are hci_dev specific there's no need to check
whether a command matches hci_dev when iterating through them.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-09 12:48:47 -02:00
Johan Hedberg
fc2f4b13d8 Bluetooth: Fix consistency with u16 integer type in mgmt pending_cmd
For consistency the integer type should be u16 and not __u16.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-09 12:48:39 -02:00
Johan Hedberg
e0f9309f37 Bluetooth: Fix cancel_delayed_work_sync usage with locks
The cancel_delayed_work_sync function should not be used if we hold any
locks. Luckily all places where this is the case it is also safe to use
the non-sync version.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-09 12:33:52 -02:00
Johan Hedberg
56e5cb86eb Bluetooth: Add missing hci_dev locking when calling mgmt functions
Now that the pending commands are within struct hci_dev we can properly
control access to them throught the hci_dev locking mechanism.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-09 12:33:46 -02:00
Johan Hedberg
2e58ef3e11 Bluetooth: Move pending management command list into struct hci_dev
This patch moves the pending management command list (previously global
to mgmt.c) into struct hci_dev. This makes it possible to do proper
locking when accessing it (through the existing hci_dev locks) and
thereby avoid race conditions.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-09 12:33:39 -02:00
Johan Hedberg
744cf19ead Bluetooth: Pass full hci_dev struct to mgmt callbacks
The current global pending command list in mgmt.c is racy. Possibly the
simplest way to fix it is to have per-hci dev lists instead of a global
one (all commands that need a pending struct are hci_dev specific).
This way the list can be protected using the already existing per-hci
dev lock. To enable this refactoring the first thing that needs to be
done is to ensure that the mgmt functions have access to the hci_dev
struct (instead of just the dev id).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-09 12:33:26 -02:00
Johan Hedberg
4c659c3976 Bluetooth: Add address type fields to mgmt messages that need them
This patch adds address type info (typically BR/EDR vs LE) to management
messages that need this. This also ensures conformance to the latest
management API specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 13:05:57 -02:00
Johan Hedberg
86742e1eca Bluetooth: Update link key mgmt APIs to match latest spec.
BR/EDR link keys have their own commands and events (separate from SMP)
and the remove_keys command (previously remove_key) removes keys of any
kind for the specified remote address.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 13:03:25 -02:00
Johan Hedberg
bd2d1334e1 Bluetooth: Fix response for mgmt_start_discovery when powered off
We should return a ENETDOWN status response if the adapter is powered
off (i.e. the HCI_UP flag isn't set).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 13:02:08 -02:00
Johan Hedberg
889d07ee57 Bluetooth: Remove redundant code from mgmt_block & mgmt_unblock
There's no need to deal with mgmt_pending_cmd when blocking and
unblocking devices since these actions are synchronous.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 13:01:53 -02:00
Johan Hedberg
3243553fdc Bluetooth: Convert power off mechanism to use delayed_work
The power off code doesn't need to use its own custom timer since the
delayed_work API provides the exact same functionality.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:54:10 -02:00
Johan Hedberg
2d7cee5836 Bluetooth: Fix mgmt response when HCI_Write_Scan_Enable fails
A proper mgmt_command_status should be returned to user-space if either
discoverable or connectable enabling fails.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:54:10 -02:00
Johan Hedberg
16ab91ab48 Bluetooth: Add timeout field to mgmt_set_discoverable
Based on the revised mgmt API set_discoverable has a timeout parameter
to specify how long the adapter will remain discoverable. A value of 0
means "indefinitively".

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:54:09 -02:00
Andre Guedes
89352e7d3a Bluetooth: Periodic Inquiry and Discovery
By using periodic inquiry command we're not able to detect correctly
when the controller has started inquiry.

Today we have this workaround in inquiry result event handler
to set the HCI_INQUIRY flag when it sees the first inquiry result
event. This workaround isn't enough because the device may be
performing an inquiry but the HCI_INQUIRY flag is not set. For
instance, if there is no device in range, no inquiry result event
is generated, consequently, the HCI_INQUIRY flags isn't set when
it should so.

We rely on HCI_INQUIRY flag to implement the discovery procedure
properly. So, as we aren't able to clear/set the HCI_INQUIRY flag
in a reliable manner, periodic inquiry events shouldn't change
the HCI_INQUIRY flag.

Thus, due to that issue and in order to keep compatibility with
userspace, periodic inquiry events shouldn't send mgmt discovering
events.

In future, we might track if periodic inquiry is enabled or not.
By tracking this state we'll be able to do some improvements in
Discovery such as failing MGMT_OP_START_DISCOVERY command in case
periodic inquiry is on. We can also send no mgmt_device_found
event if periodic inquiry is on.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:54:08 -02:00
Andre Guedes
023d50498d Bluetooth: Create hci_cancel_inquiry()
This patch adds a function to hci_core to cancel an ongoing inquiry.

According to the Bluetooth spec, the inquiry cancel command should
only be issued after the inquiry command has been issued, a command
status event has been received for the inquiry command, and before
the inquiry complete event occurs.

As HCI_INQUIRY flag is only set just after an inquiry command status
event occurs and it is cleared just after an inquiry complete event
occurs, the inquiry cancel command should be issued only if HCI_INQUIRY
flag is set.

Additionally, cancel inquiry related code from stop_discovery() were
replaced by a hci_cancel_inquiry() call.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:54:08 -02:00
Andre Guedes
2519a1fc82 Bluetooth: Create hci_do_inquiry()
This patch adds a function to hci_core to carry out inquiry.

All inquiry code from start_discovery() were replaced by a
hci_do_inquiry() call.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:54:07 -02:00
Andrei Emeltchenko
66af7aaf9e Bluetooth: EFS: parse L2CAP config response
Add parsing Extended Flow Specification in L2CAP Config Response.
Based upon haijun.liu <haijun.liu@atheros.com> series of patches
(sent Sun, 22 Aug 2010)

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:53:57 -02:00
Andrei Emeltchenko
9f5a0d7bf0 Bluetooth: Define HCI reasons instead of magic number
Use HCI error reasons instead of magic numbers.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-08 12:53:11 -02:00
Johan Hedberg
36f7fc7e9a Bluetooth: Clean up logic in hci_cc_write_scan_enable
This patch adds a new label to hci_cc_write_scan_enable to avoid
unnecessary indentation. This will be convenient especially when new
code for the discoverable timeout gets added.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:06 -02:00
Szymon Janc
abc545b8ef Bluetooth: Add debug print to l2cap_chan_create
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:05 -02:00
Johan Hedberg
b24752fe65 Bluetooth: Fix mgmt response when adapter goes down or is removed
When an adapter gets powered off or is removed any pending commands
should receive a ENETDOWN or ENODEV status response.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:04 -02:00
Mat Martineau
08add513ca Bluetooth: Guarantee BR-EDR device will be registered as hci0
It's convenient to use the HCI device index the AMP controller id, but
the spec requires that an AMP controller never has id 0.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:04 -02:00
Mat Martineau
8d5a04a130 Bluetooth: Add signal handlers for channel moves
AMP channels can be moved between BR/EDR and AMP controllers using a
sequence of signals. Every attempted channel move involves a series of
four signals:

   Move Initiator                 Move Responder
        |                                 |
        |       Move Channel Request      |
        |  ---------------------------->  |
        |                                 |
        |       Move Channel Response     |
        |  <----------------------------  |
        |                                 |
        |       Move Channel Confirm      |
        |  ---------------------------->  |
        |                                 |
        |  Move Channel Confirm Response  |
	|  <----------------------------  |

All four signals are sent even if the move fails.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:03 -02:00
Mat Martineau
50a147cd9c Bluetooth: Use symbolic values for the fixed channel map
The A2MP fixed channel bit is only set when high-speed mode is enabled.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:03 -02:00
Mat Martineau
f94ff6fff7 Bluetooth: Add signal handlers for channel creation
Handle both "create channel request" and "create channel response".

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:01 -02:00
Mat Martineau
2ea664822a Bluetooth: Add channel policy to getsockopt/setsockopt
Each channel has a policy to require BR/EDR (the default),
prefer BR/EDR, or prefer AMP.

Check for valid policy value and L2CAP mode.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:25:00 -02:00
Andrei Emeltchenko
6b3c710467 Bluetooth: Initialize tx_win_max for fixed channel
tx_win_max is initialized during L2CAP configuration phase. For fixed
channels (e.g. A2MP) we want to have it initialized when channel is
created.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:58 -02:00
Luiz Augusto von Dentz
02b20f0bb6 Bluetooth: recalculate priorities when channels are starving
To avoid starvation the priority is recalculated so that the starving
channels are promoted to HCI_PRIO_MAX - 1 (6).

HCI_PRIO_MAX (7) is considered special, because it requires CAP_NET_ADMIN
capability which can be used to provide more guaranties, so it is not used
when promoting.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:57 -02:00
Luiz Augusto von Dentz
ec1cce24d5 Bluetooth: handle priority change within quote
The quote is calculated based on the first buffer in the queue so if the
priority changes to something lower than the priority of the first skb
the quote needs to be recalculated.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:56 -02:00
Luiz Augusto von Dentz
73d80deb7b Bluetooth: prioritizing data over HCI
This implement priority based scheduler using skbuffer priority set via
SO_PRIORITY socket option.

It introduces hci_chan_hash (list of HCI Channel/hci_chan) per connection,
each item in this list refer to a L2CAP connection and it is used to
queue the data for transmission.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:56 -02:00
Gustavo F. Padovan
3c32fa93e5 Bluetooth: Fix hidp_get_connection()
This functions needs crtl_sock and intr_sock to be set first.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:55 -02:00
David Herrmann
25df0845e0 Bluetooth: hidp: Fix module reference cleanup
Calling module_put(THIS_MODULE) is *never* safe when we cannot go sure that we
own at least two references. This is because the call may unload our module
before it returns and then the "return" will jump into invalid memory.

Gladly, module.h provides a wrapper for kthread-users: module_put_and_exit().
This puts our module and then exits the kthread without returning to the module.

This patch fixes the hidp kthread to use this wrapper instead of manually
freeing its own reference. See nfsd or lockd for other kthreads using this.

Calling __module_get() inside the kthread is safe as the hidp module will always
wait until the kthread sets "waiting_for_startup" to 0.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:54 -02:00
Johan Hedberg
df164df9a7 Bluetooth: Set HCI_MGMT flag only in read_controller_info
The HCI_MGMT flag should only be set when user space requests the full
controller information. This way we avoid potential issues with setting
change events ariving before the actual read_controller_info command
finishes.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:51 -02:00
Szymon Janc
43611a7b16 Bluetooth: Increase HCI reset timeout in hci_dev_do_close
I've noticed that my CSR usb dongle was not working if it was plugged in when
PC was booting. It looks like I get two HCI reset command complete events (see
hcidump logs below).
The root cause is reset called from off_timer. Timeout for this reset to
complete is set to 250ms and my bt dongle requires more time for replying with
command complete event. After that, chip seems to reply with reset command
complete event for next non-reset command.

Attached patch increase mentioned timeout to HCI_INIT_TIMEOUT, this value is
already used for timeouting hci_reset_req in hci_dev_reset().

This might also be related to BT not working after suspend that was reported
here some time ago.

Hcidump log:

2011-09-12 23:13:27.379465 < HCI Command: Reset (0x03|0x0003) plen 0
2011-09-12 23:13:27.380797 > HCI Event: Command Complete (0x0e) plen 4
    Reset (0x03|0x0003) ncmd 1
    status 0x00
2011-09-12 23:13:27.380859 < HCI Command: Read Local Supported Features (0x04|0x000
3) plen 0
2011-09-12 23:13:27.760789 > HCI Event: Command Complete (0x0e) plen 4
    Reset (0x03|0x0003) ncmd 1
    status 0x00
2011-09-12 23:13:27.760831 < HCI Command: Read Local Version Information (0x04|0x00
01) plen 0
2011-09-12 23:13:27.764780 > HCI Event: Command Complete (0x0e) plen 12
    Read Local Version Information (0x04|0x0001) ncmd 1
    status 0x00
    HCI Version: 1.1 (0x1) HCI Revision: 0x36f
    LMP Version: 1.1 (0x1) LMP Subversion: 0x36f
    Manufacturer: Cambridge Silicon Radio (10)

Signed-off-by: Szymon Janc <szymon@janc.net.pl>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:50 -02:00
Szymon Janc
db54467a89 Bluetooth: rfcomm: Fix sleep in invalid context in rfcomm_security_cfm
This was triggered by turning off encryption on ACL link when rfcomm
was using high security. rfcomm_security_cfm (which is called from rx
task) was closing DLC and this involves sending disconnect message
(and locking socket).

Move closing DLC to rfcomm_process_dlcs and only flag DLC for closure
in rfcomm_security_cfm.

BUG: sleeping function called from invalid context at net/core/sock.c:2032
in_atomic(): 1, irqs_disabled(): 0, pid: 1788, name: kworker/0:3
[<c0068a08>] (unwind_backtrace+0x0/0x108) from [<c05e25dc>] (dump_stack+0x20/0x24)
[<c05e25dc>] (dump_stack+0x20/0x24) from [<c0087ba8>] (__might_sleep+0x110/0x12c)
[<c0087ba8>] (__might_sleep+0x110/0x12c) from [<c04801d8>] (lock_sock_nested+0x2c/0x64)
[<c04801d8>] (lock_sock_nested+0x2c/0x64) from [<c05670c8>] (l2cap_sock_sendmsg+0x58/0xcc)
[<c05670c8>] (l2cap_sock_sendmsg+0x58/0xcc) from [<c047cf6c>] (sock_sendmsg+0xb0/0xd0)
[<c047cf6c>] (sock_sendmsg+0xb0/0xd0) from [<c047cfc8>] (kernel_sendmsg+0x3c/0x44)
[<c047cfc8>] (kernel_sendmsg+0x3c/0x44) from [<c056b0e8>] (rfcomm_send_frame+0x50/0x58)
[<c056b0e8>] (rfcomm_send_frame+0x50/0x58) from [<c056b168>] (rfcomm_send_disc+0x78/0x80)
[<c056b168>] (rfcomm_send_disc+0x78/0x80) from [<c056b9f4>] (__rfcomm_dlc_close+0x2d0/0x2fc)
[<c056b9f4>] (__rfcomm_dlc_close+0x2d0/0x2fc) from [<c056bbac>] (rfcomm_security_cfm+0x140/0x1e0)
[<c056bbac>] (rfcomm_security_cfm+0x140/0x1e0) from [<c0555ec0>] (hci_event_packet+0x1ce8/0x4d84)
[<c0555ec0>] (hci_event_packet+0x1ce8/0x4d84) from [<c0550380>] (hci_rx_task+0x1d0/0x2d0)
[<c0550380>] (hci_rx_task+0x1d0/0x2d0) from [<c009ee04>] (tasklet_action+0x138/0x1e4)
[<c009ee04>] (tasklet_action+0x138/0x1e4) from [<c009f21c>] (__do_softirq+0xcc/0x274)
[<c009f21c>] (__do_softirq+0xcc/0x274) from [<c009f6c0>] (do_softirq+0x60/0x6c)
[<c009f6c0>] (do_softirq+0x60/0x6c) from [<c009f794>] (local_bh_enable_ip+0xc8/0xd4)
[<c009f794>] (local_bh_enable_ip+0xc8/0xd4) from [<c05e5804>] (_raw_spin_unlock_bh+0x48/0x4c)
[<c05e5804>] (_raw_spin_unlock_bh+0x48/0x4c) from [<c040d470>] (data_from_chip+0xf4/0xaec)
[<c040d470>] (data_from_chip+0xf4/0xaec) from [<c04136c0>] (send_skb_to_core+0x40/0x178)
[<c04136c0>] (send_skb_to_core+0x40/0x178) from [<c04139f4>] (cg2900_hu_receive+0x15c/0x2d0)
[<c04139f4>] (cg2900_hu_receive+0x15c/0x2d0) from [<c0414cb8>] (hci_uart_tty_receive+0x74/0xa0)
[<c0414cb8>] (hci_uart_tty_receive+0x74/0xa0) from [<c02cbd9c>] (flush_to_ldisc+0x188/0x198)
[<c02cbd9c>] (flush_to_ldisc+0x188/0x198) from [<c00b2774>] (process_one_work+0x144/0x4b8)
[<c00b2774>] (process_one_work+0x144/0x4b8) from [<c00b2e8c>] (worker_thread+0x198/0x468)
[<c00b2e8c>] (worker_thread+0x198/0x468) from [<c00b9bc8>] (kthread+0x98/0xa0)
[<c00b9bc8>] (kthread+0x98/0xa0) from [<c0061744>] (kernel_thread_exit+0x0/0x8)

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:49 -02:00
Johan Hedberg
164a6e7899 Bluetooth: Fix command complete/status for discovery commands
This patch adds the necessary code to send proper command status or
command complete events to the start/stop discovery management commands.
Before this patch these events were completely missing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:48 -02:00
Luiz Augusto von Dentz
262038fcb2 Bluetooth: make use sk_priority to priritize RFCOMM packets
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:47 -02:00
Luiz Augusto von Dentz
5e59b791c3 Bluetooth: set skbuffer priority based on L2CAP socket priority
This uses SO_PRIORITY to set the skbuffer priority field

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:47 -02:00
Luiz Augusto von Dentz
8035ded466 Bluetooth: replace list_for_each with list_for_each_entry whenever possible
When all items in the list have the same type there is no much of a point
to use list_for_each except if you want to use the list pointer itself.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:46 -02:00
Andrei Emeltchenko
457f48507d Bluetooth: correct debug output
l2cap_set_timer function prints sk instead of chan pointer.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:45 -02:00
Andrei Emeltchenko
c6337ea6e5 Bluetooth: remove magic offset and size
make code readable by removing magic numbers

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:44 -02:00
Gustavo F. Padovan
3e6b3b95f2 Bluetooth: small styles clean ups to l2cap_core.c
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:44 -02:00
Andrei Emeltchenko
0e8b207e8a Bluetooth: EFS: implement L2CAP config pending state
Add L2CAP Config Pending state for EFS. Currently after receiving
Config Response Pending respond with Config Response Success.

...
> ACL data: handle 1 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0040 result 0 status 0
      Connection successful
> ACL data: handle 1 flags 0x02 dlen 45
    L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33
      RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 1009)
      EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
          AccLat 0xffffffff, FlushTO 0x0000ffff)
< ACL data: handle 1 flags 0x00 dlen 45
    L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33
      RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 498)
      EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
          AccLat 0xffffffff, FlushTO 0x0000ffff)
< ACL data: handle 1 flags 0x00 dlen 47
    L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 4 clen 33
      Pending
      MTU 672
      RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 2000, MTo 12000, MPS 498)
      EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
          AccLat 0xffffffff, FlushTO 0x0000ffff)
> ACL data: handle 1 flags 0x02 dlen 47
    L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 4 clen 33
      Pending
      MTU 672
      RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 2000, MTo 12000, MPS 498)
      EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
          AccLat 0xffffffff, FlushTO 0x0000ffff)
> ACL data: handle 1 flags 0x02 dlen 14
    L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0
      Success
< ACL data: handle 1 flags 0x00 dlen 14
    L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0
      Success
< ACL data: handle 1 flags 0x00 dlen 510
    L2CAP(d): cid 0x0040 len 506 ext_ctrl 0x00010000 fcs 0xebe0 [psm 4113]
      I-frame: Start (len 672) TxSeq 0 ReqSeq 0
...

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:43 -02:00
David Herrmann
59735631d2 Bluetooth: Make hci_unregister_dev return void
hci_unregister_dev cannot fail and always returns 0. The drivers already ignore
the return value so we can safely make it return void.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:41 -02:00
David Herrmann
96af7391b7 Bluetooth: Replace rfcomm tty tasklet by workqueue
Remove old tasklets and replace by workqueue. To avoid reentrancy (which
tasklets always avoid) we use the system_nrt_wq.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:40 -02:00
David Herrmann
5ada991363 Bluetooth: Return proper error codes on rfcomm tty init
Forward error codes from tty core to the rfcomm_init caller instead of using
generic -1 errors.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:24:39 -02:00
Andrzej Kaczmarek
f3f668b0ef Bluetooth: Use miliseconds for L2CAP channel timeouts
Timers set by __set_chan_timer() should use miliseconds instead of
jiffies. Commit 942ecc9c46 updated
l2cap_set_timer() so it expects timeout to be specified in msecs
instead of jiffies. This makes timeouts unreliable when CONFIG_HZ
is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 17:19:04 -02:00
Linus Torvalds
94956eed14 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
  forcedeth: fix a few sparse warnings (variable shadowing)
  forcedeth: Improve stats counters
  forcedeth: remove unneeded stats updates
  forcedeth: Acknowledge only interrupts that are being processed
  forcedeth: fix race when unloading module
  MAINTAINERS/rds: update maintainer
  wanrouter: Remove kernel_lock annotations
  usbnet: fix oops in usbnet_start_xmit
  ixgbe: Fix compile for kernel without CONFIG_PCI_IOV defined
  etherh: Add MAINTAINERS entry for etherh
  bonding: comparing a u8 with -1 is always false
  sky2: fix regression on Yukon Optima
  netlink: clarify attribute length check documentation
  netlink: validate NLA_MSECS length
  i825xx:xscale:8390:freescale: Fix Kconfig dependancies
  macvlan: receive multicast with local address
  tg3: Update version to 3.121
  tg3: Eliminate timer race with reset_task
  tg3: Schedule at most one tg3_reset_task run
  tg3: Obtain PCI function number from device
  ...
2011-11-07 10:55:33 -08:00
Arek Lichwa
4dff523a91 Bluetooth: Revert: Fix L2CAP connection establishment
This reverts commit 330605423c.
The commit introduces regression when two 2.1 devices attempt
establish rfcomm channel. Such connection is refused since there's
a security block issue on l2cap. It means the link is unencrypted.

2011-09-16 18:08:46.567616 < ACL data: handle 1 flags 0x00 dlen 24
    0000: 14 00 40 00 06 00 02 00  0f 35 03 19 12 00 ff ff
..@......5....˙˙
    0010: 35 05 0a 00 00 ff ff 00                           5....˙˙.
2011-09-16 18:08:46.572377 > HCI Event: Number of Completed Packets
(0x13) plen 5
    handle 1 packets 1
2011-09-16 18:08:46.577931 > ACL data: handle 1 flags 0x02 dlen 88
    L2CAP(d): cid 0x0040 len 84 [psm 0]
      0000: 07 00 02 00 4f 00 4c 35  4a 35 48 09 00 00 0a 00
....O.L5J5H.....
      0010: 01 00 00 09 00 01 35 03  19 12 00 09 00 05 35 03
......5.......5.
      0020: 19 10 02 09 00 09 35 08  35 06 19 12 00 09 01 02
......5.5.......
      0030: 09 02 00 09 01 02 09 02  01 09 00 0a 09 02 02 09
................
      0040: 00 00 09 02 03 09 00 00  09 02 04 28 01 09 02 05
...........(....
      0050: 09 00 02 00                                       ....
2011-09-16 18:08:46.626057 < HCI Command: Authentication Requested
(0x01|0x0011) plen 2
    handle 1
2011-09-16 18:08:46.627614 > HCI Event: Command Status (0x0f) plen 4
    Authentication Requested (0x01|0x0011) status 0x00 ncmd 1
2011-09-16 18:08:46.627675 > HCI Event: Link Key Request (0x17) plen 6
    bdaddr 00:00:F2:6A:29:69
2011-09-16 18:08:46.634999 < HCI Command: Link Key Request Reply
(0x01|0x000b) plen 22
    bdaddr 00:00:F2:6A:29:69 key 58CD393179FC902E5E8F512A855EE532
2011-09-16 18:08:46.683278 > HCI Event: Command Complete (0x0e) plen 10
    Link Key Request Reply (0x01|0x000b) ncmd 1
    status 0x00 bdaddr 00:00:F2:6A:29:69
2011-09-16 18:08:46.764729 > HCI Event: Auth Complete (0x06) plen 3
    status 0x00 handle 1
2011-09-16 18:08:46.764821 < ACL data: handle 1 flags 0x00 dlen 12
    0000: 08 00 01 00 02 05 04 00  03 00 41 00              ..........A.
2011-09-16 18:08:46.764851 > HCI Event: Command Status (0x0f) plen 4
    Unknown (0x00|0x0000) status 0x00 ncmd 2
2011-09-16 18:08:46.768117 > HCI Event: Number of Completed Packets
(0x13) plen 5
    handle 1 packets 1
2011-09-16 18:08:46.770894 > ACL data: handle 1 flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0000 scid 0x0041 result 3 status 0
      Connection refused - security block
2011-09-16 18:08:49.000691 < ACL data: handle 1 flags 0x00 dlen 12
    0000: 08 00 01 00 06 06 04 00  40 00 40 00              ........@.@.
2011-09-16 18:08:49.015675 > HCI Event: Number of Completed Packets
(0x13) plen 5
    handle 1 packets 1
2011-09-16 18:08:49.016927 > ACL data: handle 1 flags 0x02 dlen 12
    L2CAP(s): Disconn rsp: dcid 0x0040 scid 0x0040
2011-09-16 18:08:51.009480 < HCI Command: Disconnect (0x01|0x0006) plen
3
    handle 1 reason 0x13
    Reason: Remote User Terminated Connection
2011-09-16 18:08:51.011525 > HCI Event: Command Status (0x0f) plen 4
    Disconnect (0x01|0x0006) status 0x00 ncmd 1
2011-09-16 18:08:51.123494 > HCI Event: Disconn Complete (0x05) plen 4
    status 0x00 handle 1 reason 0x16
    Reason: Connection Terminated by Local Host

Signed-off-by: Arek Lichwa <arkadiusz.lichwa@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-11-07 16:46:05 -02:00
John W. Linville
c125d5e846 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth 2011-11-02 15:15:51 -04:00
Paul Gortmaker
bc3b2d7fb9 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-10-31 19:30:30 -04:00
Paul Gortmaker
3a9a231d97 net: Fix files explicitly needing to include module.h
With calls to modular infrastructure, these files really
needs the full module.h header.  Call it out so some of the
cleanups of implicit and unrequired includes elsewhere can be
cleaned up.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-10-31 19:30:28 -04:00
Johan Hedberg
dafbde395e Bluetooth: Set HCI_MGMT flag only in read_controller_info
The HCI_MGMT flag should only be set when user space requests the full
controller information. This way we avoid potential issues with setting
change events ariving before the actual read_controller_info command
finishes.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-31 17:31:02 -02:00
Szymon Janc
e1b6eb3ccb Bluetooth: Increase HCI reset timeout in hci_dev_do_close
I've noticed that my CSR usb dongle was not working if it was plugged in when
PC was booting. It looks like I get two HCI reset command complete events (see
hcidump logs below).
The root cause is reset called from off_timer. Timeout for this reset to
complete is set to 250ms and my bt dongle requires more time for replying with
command complete event. After that, chip seems to reply with reset command
complete event for next non-reset command.

Attached patch increase mentioned timeout to HCI_INIT_TIMEOUT, this value is
already used for timeouting hci_reset_req in hci_dev_reset().

This might also be related to BT not working after suspend that was reported
here some time ago.

Hcidump log:

2011-09-12 23:13:27.379465 < HCI Command: Reset (0x03|0x0003) plen 0
2011-09-12 23:13:27.380797 > HCI Event: Command Complete (0x0e) plen 4
    Reset (0x03|0x0003) ncmd 1
    status 0x00
2011-09-12 23:13:27.380859 < HCI Command: Read Local Supported Features (0x04|0x000
3) plen 0
2011-09-12 23:13:27.760789 > HCI Event: Command Complete (0x0e) plen 4
    Reset (0x03|0x0003) ncmd 1
    status 0x00
2011-09-12 23:13:27.760831 < HCI Command: Read Local Version Information (0x04|0x00
01) plen 0
2011-09-12 23:13:27.764780 > HCI Event: Command Complete (0x0e) plen 12
    Read Local Version Information (0x04|0x0001) ncmd 1
    status 0x00
    HCI Version: 1.1 (0x1) HCI Revision: 0x36f
    LMP Version: 1.1 (0x1) LMP Subversion: 0x36f
    Manufacturer: Cambridge Silicon Radio (10)

Signed-off-by: Szymon Janc <szymon@janc.net.pl>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-31 17:10:18 -02:00
David S. Miller
1805b2f048 Merge branch 'master' of ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2011-10-24 18:18:09 -04:00
Paul Moore
6230c9b4f8 bluetooth: Properly clone LSM attributes to newly created child connections
The Bluetooth stack has internal connection handlers for all of the various
Bluetooth protocols, and unfortunately, they are currently lacking the LSM
hooks found in the core network stack's connection handlers.  I say
unfortunately, because this can cause problems for users who have have an
LSM enabled and are using certain Bluetooth devices.  See one problem
report below:

 * http://bugzilla.redhat.com/show_bug.cgi?id=741703

In order to keep things simple at this point in time, this patch fixes the
problem by cloning the parent socket's LSM attributes to the newly created
child socket.  If we decide we need a more elaborate LSM marking mechanism
for Bluetooth (I somewhat doubt this) we can always revisit this decision
in the future.

Reported-by: James M. Cape <jcape@ignore-your.tv>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-10-18 23:36:43 -04:00
Andrei Emeltchenko
42dceae281 Bluetooth: EFS: parse L2CAP config request
Add parsing Extended Flow Specification option in L2CAP Config Request
Based upon haijun.liu <haijun.liu@atheros.com> series of patches
(sent Sun, 22 Aug 2010)

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-17 18:09:06 -02:00
Andrei Emeltchenko
c8f791626a Bluetooth: EWS: fix max_pdu calculation
Fix max_pdu_size calculationin for RFC. Change magic number to human readable
defines.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-17 18:04:58 -02:00
Andrei Emeltchenko
03a512137d Bluetooth: EWS: remove magic numbers in l2cap
Remove magic numbers for FCS, SDU LEN and PSM LEN
when calculating packet payload.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-17 18:04:14 -02:00
Andrei Emeltchenko
836be93421 Bluetooth: EWS: support extended seq numbers
Adds support for extended sequence numbers found in
extended control fields.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-17 18:04:00 -02:00
Andrei Emeltchenko
88843ab06b Bluetooth: EWS: handling different Control fields
There are three different Control Field formats: the Standard Control
Field, the Enhanced Control Field, and the Extended Control Field.
Patch adds function to handle all those fields seamlessly.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-17 17:58:08 -02:00
Gustavo F. Padovan
e5b82e5892 Bluetooth: Fix missing cmd_status in mgmt
set_service_cache() was missing a cmd_status for the error case.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-15 18:03:15 -03:00
Gustavo F. Padovan
12dc074301 Bluetooth: Use list_for_each_entry() in mgmt
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-14 19:32:56 -03:00
Gustavo F. Padovan
b7059136d7 Bluetooth: Add missing cmd_status() in mgmt
Improve error handling in mgmt load_keys()

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-14 19:23:27 -03:00
Gustavo F. Padovan
56b7d13785 Bluetooth: return proper error if sock_queue_rcv_skb() fails
Improve error handling at cmd_status() and cmd_complete()

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-14 19:20:01 -03:00
David Herrmann
33ca954daf Bluetooth: Forward errors from hci_register_dev
We need to catch errors when calling hci_add_sysfs() and return them to
the caller to avoid kernel oopses on device_add() failure.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-10-14 15:22:44 -03:00