GitHub/LineageOS/G12/android_kernel_amlogic_linux-4.9.git
12 years agoBluetooth: Fix issue with shared SKB between HCI raw socket and driver
Marcel Holtmann [Mon, 20 Feb 2012 13:50:36 +0000 (14:50 +0100)]
Bluetooth: Fix issue with shared SKB between HCI raw socket and driver

Any HCI raw socket gets a copy of each SKB that is either received or
send via the Bluetooth subsystem. The raw socket uses SKB clones to
send out data, but the problem is that it needs to add an extra packet
type byte in front of it. And some drivers need to also add an extra
header before submitting the packet.

So far this all worked magically fine since all of the drivers and the
raw sockets are adding the same byte at the same location. But that is
by pure coincidence. Since the data of cloned SKBs is shared, this means
that the raw socket and driver kept writing into the shared data area.

To fix this the only safe way is if the HCI raw socket creates a copy of
the SKB before sending it out. To not always copy all SKBs around, the
copy is only created once and only after any of the HCI filter checks
succeeded.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Simplify HCI socket bind handling
Marcel Holtmann [Mon, 20 Feb 2012 13:50:35 +0000 (14:50 +0100)]
Bluetooth: Simplify HCI socket bind handling

The HCI socket bind handling checks a few too many times the channel
we are binding. So centralize this and make the function easier to read.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add HCI CMSG details only to raw sockets
Marcel Holtmann [Mon, 20 Feb 2012 13:50:34 +0000 (14:50 +0100)]
Bluetooth: Add HCI CMSG details only to raw sockets

The HCI CMSG specific data is for raw sockets only. So only add them to
actual raw sockets.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Lock socket when reading HCI socket options
Marcel Holtmann [Mon, 20 Feb 2012 13:50:33 +0000 (14:50 +0100)]
Bluetooth: Lock socket when reading HCI socket options

When reading the HCI raw socket option, the socket was never locked. So
lock the socket and in addition return EINVAL on non raw sockets.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Limit HCI raw socket options to actual raw sockets
Marcel Holtmann [Mon, 20 Feb 2012 13:50:32 +0000 (14:50 +0100)]
Bluetooth: Limit HCI raw socket options to actual raw sockets

Currently the socket options of HCI sockets can be set on raw and control
sockets, but on control sockets they make no sense. So just return EINVAL
in that case.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove unneeded bt_cb(skb)->channel variable
Marcel Holtmann [Mon, 20 Feb 2012 13:50:31 +0000 (14:50 +0100)]
Bluetooth: Remove unneeded bt_cb(skb)->channel variable

The bt_cb(skb)->channel was only needed to make hci_send_to_sock() be
used for HCI raw and control sockets. Since they have now separate sending
functions this is no longer needed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Split sending for HCI raw and control sockets
Marcel Holtmann [Mon, 20 Feb 2012 13:50:30 +0000 (14:50 +0100)]
Bluetooth: Split sending for HCI raw and control sockets

The sending functions for HCI raw and control sockets have nothing in
common except that they iterate over the socket list. Split them into
two so they can do their job more efficient. In addition the code becomes
more readable.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix hci_connect error return values
Johan Hedberg [Sun, 19 Feb 2012 12:06:48 +0000 (14:06 +0200)]
Bluetooth: Fix hci_connect error return values

The hci_connect function should either return a valid hci_conn pointer
or a ERR_PTR() but never NULL. This patch fixes the two places where
hci_conn_add failures would have caused a NULL return. The only reason
for failure with hci_conn_add is memory allocation so ENOMEM seems to be
a good choice here.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Bump mgmt version
Johan Hedberg [Fri, 17 Feb 2012 12:39:28 +0000 (14:39 +0200)]
Bluetooth: mgmt: Bump mgmt version

This patch bumps the mgmt version to 1 and resets the revision to 0.
This is in order to indicate API stability to user space. The mgmt API
has reached a point where no major backwards incompatible changes are
expected so it makes sense to do this version bump now.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Fix OOB command response parameters
Johan Hedberg [Sun, 19 Feb 2012 11:16:14 +0000 (13:16 +0200)]
Bluetooth: mgmt: Fix OOB command response parameters

The response to the Add/Remove Out Of Band Data commands should include
the same address as was given in the command itself.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Fix (Un)Block Device return parameters
Johan Hedberg [Sun, 19 Feb 2012 10:58:54 +0000 (12:58 +0200)]
Bluetooth: mgmt: Fix (Un)Block Device return parameters

The same address as was passed to the (Un)Block Device command should
also be returned in the command response message.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Fix Start Discovery return parameters
Johan Hedberg [Sun, 19 Feb 2012 10:52:07 +0000 (12:52 +0200)]
Bluetooth: mgmt: Fix Start Discovery return parameters

The same address type that was passed to the Start Discovery command
should also be returned in the response message.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Fix Pair Device response status values
Johan Hedberg [Sat, 18 Feb 2012 13:20:03 +0000 (15:20 +0200)]
Bluetooth: mgmt: Fix Pair Device response status values

This patch fixes the status in Pair Device responses to follow proper
mgmt status values.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Move status parameters into the cmd_complete header
Johan Hedberg [Sat, 18 Feb 2012 13:07:59 +0000 (15:07 +0200)]
Bluetooth: mgmt: Move status parameters into the cmd_complete header

Instead of having status paramters part of each individual command
response it's simpler to just have the status as part of the command
complete header. This patch updates the code to follow this convention
and thereby also ensures compliance with the latest mgmt API
specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Change ordering of cmd_status paramters
Johan Hedberg [Sat, 18 Feb 2012 12:49:58 +0000 (14:49 +0200)]
Bluetooth: mgmt: Change ordering of cmd_status paramters

In accordance to the latest mgmt API specification the opcode comes
first and then the status.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Interleaved discovery support
Andre Guedes [Fri, 17 Feb 2012 23:39:38 +0000 (20:39 -0300)]
Bluetooth: Interleaved discovery support

This patch adds interleaved discovery support to MGMT Start
Discovery command.

In case interleaved discovery is not supported (not a dual mode
device), we perform BR/EDR or LE-only discovery according to the
device capabilities.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Merge INQUIRY and LE_SCAN discovery states
Andre Guedes [Fri, 17 Feb 2012 23:39:37 +0000 (20:39 -0300)]
Bluetooth: Merge INQUIRY and LE_SCAN discovery states

This patch merges DISCOVERY_INQUIRY and DISCOVERY_LE_SCAN states
into a new state called DISCOVERY_FINDING.

From the discovery perspective, we are pretty much worried about
to know just if we are finding devices than what exactly phase of
"finding devices" (inquiry or LE scan) we are currently running.
Besides, to know if the controller is performing inquiry or LE scan
we should check HCI_INQUIRY or HCI_LE_SCAN bits in hdev flags.

Moreover, merging this two states will simplify the discovery state
machine and will keep interleaved discovery implementation simpler.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Track discovery type
Andre Guedes [Fri, 17 Feb 2012 23:39:36 +0000 (20:39 -0300)]
Bluetooth: Track discovery type

This patch adds to struct discovery_state the field 'type' so that
we can track the discovery type the device is performing.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Prepare start_discovery
Andre Guedes [Fri, 17 Feb 2012 23:39:35 +0000 (20:39 -0300)]
Bluetooth: Prepare start_discovery

This patch does some code refactoring in start_discovery function
in order to prepare it for interleaved discovery support.

MGMT_ADDR_* macros were moved to hci_core.h since they are now used
to define discovery type macros.

Discovery type macros were defined according to mgmt-api.txt
specification:

Possible values for the Type parameter are a bit-wise or of the
following bits:

1 BR/EDR
2 LE Public
3 LE Random

By combining these e.g. the following values are possible:

1 BR/EDR
6 LE (public & random)
7 BR/EDR/LE (interleaved discovery)

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add Intel copyright to mgmt files
Johan Hedberg [Fri, 17 Feb 2012 12:50:39 +0000 (14:50 +0200)]
Bluetooth: Add Intel copyright to mgmt files

This patch adds the appropriate Intel copyright to mgmt files.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Add address type to confirm name command
Johan Hedberg [Fri, 17 Feb 2012 12:27:06 +0000 (14:27 +0200)]
Bluetooth: mgmt: Add address type to confirm name command

The latest mgmt API includes an address type for all messages containing
an address. This patch updates the confirm name command to match this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Add address type to PIN code messages
Johan Hedberg [Fri, 17 Feb 2012 12:24:57 +0000 (14:24 +0200)]
Bluetooth: mgmt: Add address type to PIN code messages

The latest mgmt API includes address types for all messages containing
an address. This patch updates the PIN code messages to match this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Add address type to link key messages
Johan Hedberg [Fri, 17 Feb 2012 12:06:34 +0000 (14:06 +0200)]
Bluetooth: mgmt: Add address type to link key messages

The latest mgmt API includes an address type wherever there's an address
present. This patch updates the link key messages to match it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Prefix hex numbers with object name
Andrei Emeltchenko [Fri, 17 Feb 2012 09:40:57 +0000 (11:40 +0200)]
Bluetooth: Prefix hex numbers with object name

Several hex numbers were printed without object name which
complicates debugging.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Use symbolic names for state in debug
Andrei Emeltchenko [Fri, 17 Feb 2012 09:40:56 +0000 (11:40 +0200)]
Bluetooth: Use symbolic names for state in debug

Use state_to_string function in debug statements.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Move scope of state_to_string
Andrei Emeltchenko [Fri, 17 Feb 2012 09:40:55 +0000 (11:40 +0200)]
Bluetooth: Move scope of state_to_string

Function state_to_string will be used in other files in debug
statements.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add logging functions bt_info and bt_err
Joe Perches [Fri, 17 Feb 2012 07:32:42 +0000 (23:32 -0800)]
Bluetooth: Add logging functions bt_info and bt_err

Use specific logging functions instead of a generic
bt_printk function can save some text.

Remove now unused bt_printk function.
Add compatibility BT_INFO and BT_ERR macros.

(compiled x86 and defconfig with bluetooth and all bluetooth drivers)

$ size net/bluetooth/built-in.o*
   text    data     bss     dec     hex filename
 381662   20072  100416  502150   7a986 net/bluetooth/built-in.o.allyesconfig.new
 382463   20072  100400  502935   7ac97 net/bluetooth/built-in.o.allyesconfig.old
 126635    1388     132  128155   1f49b net/bluetooth/built-in.o.defconfig.new
 127175    1388     132  128695   1f6b7 net/bluetooth/built-in.o.defconfig.old

$ size drivers/bluetooth/built-in.o*
 127575    8976   29476  166027   2888b drivers/bluetooth/built-in.o.allyesconfig.new
 129512    8976   29516  168004   29044 drivers/bluetooth/built-in.o.allyesconfig.old
  52998    3292     156   56446    dc7e drivers/bluetooth/built-in.o.defconfig.new
  54358    3292     156   57806    e1ce drivers/bluetooth/built-in.o.defconfig.old

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: mgmt: Add support for Set SSP command
Johan Hedberg [Thu, 16 Feb 2012 22:56:28 +0000 (00:56 +0200)]
Bluetooth: mgmt: Add support for Set SSP command

The Set SSP mgmt command can be used for enabling and disabling Secure
Simple Pairing support for controllers that support it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Add support for Set Link Security command
Johan Hedberg [Thu, 16 Feb 2012 21:56:27 +0000 (23:56 +0200)]
Bluetooth: mgmt: Add support for Set Link Security command

The Set Link Security mgmt command is used to enable or disable link
level security, also known as Security Mode 3. This is rarely enabled in
modern systems but the command needs to be available for completeness,
qualification purposes and those few systems that actually want to
enable it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: mgmt: Use more consistent error variable names
Johan Hedberg [Thu, 16 Feb 2012 23:20:00 +0000 (01:20 +0200)]
Bluetooth: mgmt: Use more consistent error variable names

For simple integer errors the variable name "err" is more consistent
with the existing code base than "ret".

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Remove unused member from cmd_lookup struct
Johan Hedberg [Thu, 16 Feb 2012 22:34:40 +0000 (00:34 +0200)]
Bluetooth: Remove unused member from cmd_lookup struct

The val member of cmd_lookup isn't used anywhere so it can be removed.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Do not dereference zero sk
Andrei Emeltchenko [Tue, 14 Feb 2012 13:12:57 +0000 (15:12 +0200)]
Bluetooth: Do not dereference zero sk

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
Johan Hedberg [Thu, 16 Feb 2012 12:23:04 +0000 (14:23 +0200)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-next.git

Conflicts:
include/net/bluetooth/l2cap.h
net/bluetooth/hci_conn.c
net/bluetooth/l2cap_core.c

12 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville [Wed, 15 Feb 2012 21:24:37 +0000 (16:24 -0500)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless

Conflicts:
net/mac80211/debugfs_sta.c
net/mac80211/sta_info.h

12 years agoath9k: stop on rates with idx -1 in ath9k rate control's .tx_status
Pavel Roskin [Sat, 11 Feb 2012 15:01:53 +0000 (10:01 -0500)]
ath9k: stop on rates with idx -1 in ath9k rate control's .tx_status

Rate control algorithms are supposed to stop processing when they
encounter a rate with the index -1.  Checking for rate->count not being
zero is not enough.

Allowing a rate with negative index leads to memory corruption in
ath_debug_stat_rc().

One consequence of the bug is discussed at
https://bugzilla.redhat.com/show_bug.cgi?id=768639

Signed-off-by: Pavel Roskin <proski@gnu.org>
Cc: stable@vger.kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomwifiex: clear previous security setting during association
Amitkumar Karwar [Fri, 10 Feb 2012 02:32:22 +0000 (18:32 -0800)]
mwifiex: clear previous security setting during association

Driver maintains different flags for WEP, WPA, WPA2 security modes.
Appropriate flag is set using security information provided in
connect request. mwifiex_is_network_compatible() routine uses them
to check if driver's setting is compatible with AP. Association is
aborted if the routine fails.

For some corner cases, it is observed that association is failed
even for valid security information based on association history.
This patch fixes the problem by clearing previous security setting
during each association.

We should set WEP key provided in connect request as default tx key.
This missing change is also added here.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: do not call rate control .tx_status before .rate_init
Felix Fietkau [Wed, 8 Feb 2012 18:17:11 +0000 (19:17 +0100)]
mac80211: do not call rate control .tx_status before .rate_init

Most rate control implementations assume .get_rate and .tx_status are only
called once the per-station data has been fully initialized.
minstrel_ht crashes if this assumption is violated.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Tested-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agomac80211: call rate control only after init
Johannes Berg [Fri, 20 Jan 2012 12:55:23 +0000 (13:55 +0100)]
mac80211: call rate control only after init

There are situations where we don't have the
necessary rate control information yet for
station entries, e.g. when associating. This
currently doesn't really happen due to the
dummy station handling; explicitly disabling
rate control when it's not initialised will
allow us to remove dummy stations.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
12 years agoBluetooth: Fix event sending with DISCOVERY_STOPPED state
Andre Guedes [Mon, 13 Feb 2012 18:41:02 +0000 (15:41 -0300)]
Bluetooth: Fix event sending with DISCOVERY_STOPPED state

We are not supposed to send mgmt_discovering events if we are transiting
from DISCOVERY_STARTING to DISCOVERY_STOPPED state. It doesn't make
sense to send mgmt_discovering event once discovery procedure has not
been even started.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix discovery state machine
Andre Guedes [Mon, 13 Feb 2012 18:41:01 +0000 (15:41 -0300)]
Bluetooth: Fix discovery state machine

In case of Start Discovery command failure, we should set the discovery
state to DISCOVERY_STOPPED. Otherwise, we stuck at DISCOVERY_STARTING
state and subsequent Start Discovery commands will simply fail.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Implement Read Supported Commands commands for mgmt
Johan Hedberg [Mon, 13 Feb 2012 14:59:33 +0000 (16:59 +0200)]
Bluetooth: Implement Read Supported Commands commands for mgmt

This patch implements the Read Supported Commands mgmt command which was
recently added to the API specification. It returns a list of supported
commands and events to user space.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix possible use after free in delete path
Ulisses Furquim [Mon, 30 Jan 2012 20:26:29 +0000 (18:26 -0200)]
Bluetooth: Fix possible use after free in delete path

We need to use the _sync() version for cancelling the info and security
timer in the L2CAP connection delete path. Otherwise the delayed work
handler might run after the connection object is freed.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove usage of __cancel_delayed_work()
Ulisses Furquim [Mon, 30 Jan 2012 20:26:28 +0000 (18:26 -0200)]
Bluetooth: Remove usage of __cancel_delayed_work()

__cancel_delayed_work() is being used in some paths where we cannot
sleep waiting for the delayed work to finish. However, that function
might return while the timer is running and the work will be queued
again. Replace the calls with safer cancel_delayed_work() version
which spins until the timer handler finishes on other CPUs and
cancels the delayed work.

Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0
Manoj Iyer [Thu, 2 Feb 2012 15:32:36 +0000 (09:32 -0600)]
Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0

T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f3 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=74DE2B344A7B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)

Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Dennis Chua <dennis.chua@canonical.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close
Johan Hedberg [Fri, 3 Feb 2012 19:29:40 +0000 (21:29 +0200)]
Bluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close

We should only perform a reset in hci_dev_do_close if the
HCI_QUIRK_NO_RESET flag is set (since in such a case a reset will not be
performed when initializing the device).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix RFCOMM session reference counting issue
Octavian Purdila [Fri, 27 Jan 2012 17:32:39 +0000 (19:32 +0200)]
Bluetooth: Fix RFCOMM session reference counting issue

There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:

[  685.010159] BUG: unable to handle kernel paging request at 6b6b6b6b
[  685.010169] IP: [<c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[  685.010181] *pdpt = 000000002d665001 *pde = 0000000000000000
[  685.010191] Oops: 0000 [#1] PREEMPT SMP
[  685.010247]
[  685.010255] Pid: 947, comm: krfcommd Tainted: G         C  3.0.16-mid8-dirty #44
[  685.010266] EIP: 0060:[<c149d76d>] EFLAGS: 00010246 CPU: 1
[  685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[  685.010281] EAX: e79f551c EBX: 6b6b6b6b ECX: 00000007 EDX: e79f40b4
[  685.010288] ESI: e79f4060 EDI: ed4e1f70 EBP: ed4e1f68 ESP: ed4e1f50
[  685.010295]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  685.010303] Process krfcommd (pid: 947, ti=ed4e0000 task=ed43e5e0 task.ti=ed4e0000)
[  685.010308] Stack:
[  685.010312]  ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[  685.010331]  00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[  685.010348]  00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[  685.010367] Call Trace:
[  685.010376]  [<c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[  685.010387]  [<c149ec10>] rfcomm_process_sessions+0xb7/0xde
[  685.010398]  [<c149ec87>] rfcomm_run+0x50/0x6d
[  685.010409]  [<c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[  685.010419]  [<c104fe01>] kthread+0x63/0x68
[  685.010431]  [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[  685.010442]  [<c14dae82>] kernel_thread_helper+0x6/0xd

This issue has been brought up earlier here:

https://lkml.org/lkml/2011/5/21/127

The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.

There have been several attempts to fix these issue:

6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it

but AFAICS they do not fix the issue just make it harder to reproduce.

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix potential deadlock
Andre Guedes [Fri, 27 Jan 2012 22:42:02 +0000 (19:42 -0300)]
Bluetooth: Fix potential deadlock

We don't need to use the _sync variant in hci_conn_hold and
hci_conn_put to cancel conn->disc_work delayed work. This way
we avoid potential deadlocks like this one reported by lockdep.

======================================================
[ INFO: possible circular locking dependency detected ]
3.2.0+ #1 Not tainted
-------------------------------------------------------
kworker/u:1/17 is trying to acquire lock:
 (&hdev->lock){+.+.+.}, at: [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]

but task is already holding lock:
 ((&(&conn->disc_work)->work)){+.+...}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #2 ((&(&conn->disc_work)->work)){+.+...}:
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff81034ed1>] wait_on_work+0x3d/0xaa
       [<ffffffff81035b54>] __cancel_work_timer+0xac/0xef
       [<ffffffff81035ba4>] cancel_delayed_work_sync+0xd/0xf
       [<ffffffffa00554b0>] smp_chan_create+0xde/0xe6 [bluetooth]
       [<ffffffffa0056160>] smp_conn_security+0xa3/0x12d [bluetooth]
       [<ffffffffa0053640>] l2cap_connect_cfm+0x237/0x2e8 [bluetooth]
       [<ffffffffa004239c>] hci_proto_connect_cfm+0x2d/0x6f [bluetooth]
       [<ffffffffa0046ea5>] hci_event_packet+0x29d1/0x2d60 [bluetooth]
       [<ffffffffa003dde3>] hci_rx_work+0xd0/0x2e1 [bluetooth]
       [<ffffffff810357af>] process_one_work+0x178/0x2bf
       [<ffffffff81036178>] worker_thread+0xce/0x152
       [<ffffffff81039a03>] kthread+0x95/0x9d
       [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10

-> #1 (slock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff812e553a>] _raw_spin_lock_bh+0x36/0x6a
       [<ffffffff81244d56>] lock_sock_nested+0x24/0x7f
       [<ffffffffa004d96f>] lock_sock+0xb/0xd [bluetooth]
       [<ffffffffa0052906>] l2cap_chan_connect+0xa9/0x26f [bluetooth]
       [<ffffffffa00545f8>] l2cap_sock_connect+0xb3/0xff [bluetooth]
       [<ffffffff81243b48>] sys_connect+0x69/0x8a
       [<ffffffff812e6579>] system_call_fastpath+0x16/0x1b

-> #0 (&hdev->lock){+.+.+.}:
       [<ffffffff81056d06>] __lock_acquire+0xa80/0xd74
       [<ffffffff81057444>] lock_acquire+0x8a/0xa7
       [<ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
       [<ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
       [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
       [<ffffffff810357af>] process_one_work+0x178/0x2bf
       [<ffffffff81036178>] worker_thread+0xce/0x152
       [<ffffffff81039a03>] kthread+0x95/0x9d
       [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10

other info that might help us debug this:

Chain exists of:
  &hdev->lock --> slock-AF_BLUETOOTH-BTPROTO_L2CAP --> (&(&conn->disc_work)->work)

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&(&conn->disc_work)->work));
                               lock(slock-AF_BLUETOOTH-BTPROTO_L2CAP);
                               lock((&(&conn->disc_work)->work));
  lock(&hdev->lock);

 *** DEADLOCK ***

2 locks held by kworker/u:1/17:
 #0:  (hdev->name){.+.+.+}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf
 #1:  ((&(&conn->disc_work)->work)){+.+...}, at: [<ffffffff81035751>] process_one_work+0x11a/0x2bf

stack backtrace:
Pid: 17, comm: kworker/u:1 Not tainted 3.2.0+ #1
Call Trace:
 [<ffffffff812e06c6>] print_circular_bug+0x1f8/0x209
 [<ffffffff81056d06>] __lock_acquire+0xa80/0xd74
 [<ffffffff81021ef2>] ? arch_local_irq_restore+0x6/0xd
 [<ffffffff81022bc7>] ? vprintk+0x3f9/0x41e
 [<ffffffff81057444>] lock_acquire+0x8a/0xa7
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff81190fd6>] ? __dynamic_pr_debug+0x6d/0x6f
 [<ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff8105320f>] ? trace_hardirqs_off+0xd/0xf
 [<ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
 [<ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
 [<ffffffff810357af>] process_one_work+0x178/0x2bf
 [<ffffffff81035751>] ? process_one_work+0x11a/0x2bf
 [<ffffffff81055af3>] ? lock_acquired+0x1d0/0x1df
 [<ffffffffa00410f3>] ? hci_acl_disconn+0x65/0x65 [bluetooth]
 [<ffffffff81036178>] worker_thread+0xce/0x152
 [<ffffffff810407ed>] ? finish_task_switch+0x45/0xc5
 [<ffffffff810360aa>] ? manage_workers.isra.25+0x16a/0x16a
 [<ffffffff81039a03>] kthread+0x95/0x9d
 [<ffffffff812e7754>] kernel_thread_helper+0x4/0x10
 [<ffffffff812e5db4>] ? retint_restore_args+0x13/0x13
 [<ffffffff8103996e>] ? __init_kthread_worker+0x55/0x55
 [<ffffffff812e7750>] ? gs_change+0x13/0x13

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: silence lockdep warning
Octavian Purdila [Sat, 21 Jan 2012 22:28:34 +0000 (00:28 +0200)]
Bluetooth: silence lockdep warning

Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).

This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:

<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544] 3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869]  (rfcomm_mutex){+.+.+.}, at: [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045]  (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977]        [<c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411]        [<c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858]        [<c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279]        [<c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687]        [<c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106]        [<c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542]        [<c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959]        [<c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365]        [<c104f095>] kthread+0x63/0x68
<4>[ 1864.742742]        [<c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667]        [<c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100]        [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519]        [<c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975]        [<c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412]        [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842]        [<c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288]        [<c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737]        [<c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165]        [<c14d42f0>] syscall_call+0x7/0xb

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix using an absolute timeout on hci_conn_put()
Vinicius Costa Gomes [Wed, 4 Jan 2012 14:57:17 +0000 (11:57 -0300)]
Bluetooth: Fix using an absolute timeout on hci_conn_put()

queue_delayed_work() expects a relative time for when that work
should be scheduled.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: l2cap_set_timer needs jiffies as timeout value
Andrzej Kaczmarek [Wed, 4 Jan 2012 11:10:42 +0000 (12:10 +0100)]
Bluetooth: l2cap_set_timer needs jiffies as timeout value

After moving L2CAP timers to workqueues l2cap_set_timer expects timeout
value to be specified in jiffies but constants defined in miliseconds
are used. This makes timeouts unreliable when CONFIG_HZ is not set to
1000.

__set_chan_timer macro still uses jiffies as input to avoid multiple
conversions from/to jiffies for sk_sndtimeo value which is already
specified in jiffies.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Ackec-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix sk_sndtimeo initialization for L2CAP socket
Andrzej Kaczmarek [Wed, 4 Jan 2012 11:10:41 +0000 (12:10 +0100)]
Bluetooth: Fix sk_sndtimeo initialization for L2CAP socket

sk_sndtime value should be specified in jiffies thus initial value
needs to be converted from miliseconds. Otherwise this timeout is
unreliable when CONFIG_HZ is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove bogus inline declaration from l2cap_chan_connect
Johan Hedberg [Sun, 8 Jan 2012 20:51:16 +0000 (22:51 +0200)]
Bluetooth: Remove bogus inline declaration from l2cap_chan_connect

As reported by Dan Carpenter this function causes a Sparse warning and
shouldn't be declared inline:

include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a
definition"

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Don't mark non xfer isoc endpoint URBs with URB_ISO_ASAP
Daniel Wagner [Tue, 3 Jan 2012 10:53:53 +0000 (11:53 +0100)]
Bluetooth: Don't mark non xfer isoc endpoint URBs with URB_ISO_ASAP

[ 2096.384084] btusb_send_frame:684: hci0
[ 2096.384087] usb 3-1: BOGUS urb flags, 2 --> 0
[ 2096.384091] Bluetooth: hci0 urb ffff8801b61d3a80 submission failed (22)

According the documentation in usb_submit_urb() URB_ISO_ASAP
flag is only allowed for endpoints of type USB_ENDPOINT_XFER_ISOC.

This reverts commit b8aabfc92249b239c425da7e4ca85b7e4855e984.

Signed-off-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix l2cap conn failures for ssp devices
Peter Hurley [Fri, 13 Jan 2012 14:11:30 +0000 (15:11 +0100)]
Bluetooth: Fix l2cap conn failures for ssp devices

Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).

However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: btusb: Remove device lock on release
David Herrmann [Thu, 9 Feb 2012 20:58:31 +0000 (21:58 +0100)]
Bluetooth: btusb: Remove device lock on release

Recently we changed the way how we release driver-data. A driver is now
responsible of destroying the data so we no longer need the device lock
on deinitialization in btusb driver.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Use proper datatypes in release-callbacks
David Herrmann [Thu, 9 Feb 2012 20:58:34 +0000 (21:58 +0100)]
Bluetooth: Use proper datatypes in release-callbacks

This enhances code readability a lot and avoids using void* even though
we know the type of the variable.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Introduce to_hci_conn
David Herrmann [Thu, 9 Feb 2012 20:58:33 +0000 (21:58 +0100)]
Bluetooth: Introduce to_hci_conn

This avoids using the dev_set/get_drvdata() functions to retrieve a
pointer to our own structure. We can use simple pointer arithmetic here.
The drvdata field is actually not needed by any other code-path but this
makes the code more consistent with hci_dev.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove hci_dev->driver_data
David Herrmann [Thu, 9 Feb 2012 20:58:32 +0000 (21:58 +0100)]
Bluetooth: Remove hci_dev->driver_data

The linux device model provides dev_set/get_drvdata so we can use this
to save private driver data.
This also removes several unnecessary casts.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Introduce to_hci_dev()
David Herrmann [Thu, 9 Feb 2012 20:58:30 +0000 (21:58 +0100)]
Bluetooth: Introduce to_hci_dev()

We currently use dev_set_drvdata to keep a pointer to ourself. This
doesn't make sense as we are the bus and not a driver. Therefore,
introduce to_hci_dev() so we can get a struct hci_dev pointer from a
struct device pointer.

dev_set/get_drvdata() is reserved for drivers that provide a device and
not for the bus using the device. The bus can use simple pointer
arithmetic to retrieve its private data.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add Device Unpaired mgmt event
Johan Hedberg [Thu, 9 Feb 2012 15:21:16 +0000 (17:21 +0200)]
Bluetooth: Add Device Unpaired mgmt event

This patch add a new Device Unpaired mgmt event. This will be sent to
all mgmt sockets except the one that requested unpairing (that socket
will get a command complete instead). The event is also reserved for
future SMP updates where a remote device will be able to request pairing
revocation from us.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix mgmt_unpair_device command status
Johan Hedberg [Thu, 9 Feb 2012 15:19:27 +0000 (17:19 +0200)]
Bluetooth: Fix mgmt_unpair_device command status

The default response status to unpair_device should be set as 0 instead
of a generic failure value. When disconnection is not needed (i.e. we
can reply imediately) we should return success and not failure.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Add address type to mgmt_ev_auth_failed
Johan Hedberg [Thu, 9 Feb 2012 14:07:29 +0000 (16:07 +0200)]
Bluetooth: Add address type to mgmt_ev_auth_failed

This patch updates the Authentication Failed mgmt event to match the
latest API specification by adding an address type to it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Add address type to mgmt blacklist messages
Johan Hedberg [Thu, 9 Feb 2012 13:56:11 +0000 (15:56 +0200)]
Bluetooth: Add address type to mgmt blacklist messages

This patch updates the implmentation for mgmt_block_device and
mgmt_unblock_device and their corresponding events to match the latest
API specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Add address type to Out Of Band mgmt messages
Johan Hedberg [Thu, 9 Feb 2012 13:44:09 +0000 (15:44 +0200)]
Bluetooth: Add address type to Out Of Band mgmt messages

This patch updates the implementation for these mgmt to be up to date
with the latest API specification. Right now the address type isn't
actually used for anything but that might change in the future.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Add address type to user_confirm and user_passkey messages
Johan Hedberg [Thu, 9 Feb 2012 13:26:12 +0000 (15:26 +0200)]
Bluetooth: Add address type to user_confirm and user_passkey messages

This patch upadate the user confirm and user passkey mgmt messages to
match the latest API specification by adding an address type parameter
to them.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Update mgmt_disconnect to match latest API
Johan Hedberg [Thu, 9 Feb 2012 12:27:38 +0000 (14:27 +0200)]
Bluetooth: Update mgmt_disconnect to match latest API

This patch adds an address type parameter to the disconnect command and
response in order to match the latest mgmt API specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Update and rename mgmt_remove_keys to mgmt_unpair_device
Johan Hedberg [Thu, 9 Feb 2012 11:50:12 +0000 (13:50 +0200)]
Bluetooth: Update and rename mgmt_remove_keys to mgmt_unpair_device

This patch renames the mgmt_remove_keys command to mgmt_unpair_device
and updates its parameters to match the latest API (specifically, it
adds an address type parameter to the command and its response).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix double acking I-Frames when sending pending I-Frames
Szymon Janc [Tue, 7 Feb 2012 14:43:02 +0000 (15:43 +0100)]
Bluetooth: Fix double acking I-Frames when sending pending I-Frames

Pending I-Frame(s) are considered as acknowledgement. To void double
acking (via I-Frame and later via RR) clear ack timer when sending
first pending I-Frame.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix possible missing I-Frame acknowledgement
Szymon Janc [Tue, 7 Feb 2012 14:43:01 +0000 (15:43 +0100)]
Bluetooth: Fix possible missing I-Frame acknowledgement

Make l2cap_ertm_send return number of pending I-Frames transmitted
instead of all (pending + retransmitted) I-Frames transmitted.

As only pending I-Frames are considered as acknowledgement, this could
lead to situation when no ACK was sent in __l2cap_send_ack (if only
already transmitted I-Frames were retransmitted).

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Remove unneeded sk variable
Andrei Emeltchenko [Mon, 6 Feb 2012 13:04:01 +0000 (15:04 +0200)]
Bluetooth: Remove unneeded sk variable

In debug use chan %p instead of sk.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Clean up l2cap_chan_add
Andrei Emeltchenko [Mon, 6 Feb 2012 13:04:00 +0000 (15:04 +0200)]
Bluetooth: Clean up l2cap_chan_add

Change elseif to switch. This make sense even more with following
patches which otherwise have to add more elseifs statements.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Change chan_ready param from sk to chan
Andrei Emeltchenko [Mon, 6 Feb 2012 13:03:59 +0000 (15:03 +0200)]
Bluetooth: Change chan_ready param from sk to chan

Change is needed to remove dependency on sk when possible
before introducing l2cap channel lock.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add BT_DBG to mgmt_discovering()
Andre Guedes [Tue, 22 Nov 2011 20:14:19 +0000 (17:14 -0300)]
Bluetooth: Add BT_DBG to mgmt_discovering()

This is helpful for device discovery implementation & debuging.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix device_found event length for remote name resolving
Johan Hedberg [Fri, 3 Feb 2012 22:06:00 +0000 (00:06 +0200)]
Bluetooth: Fix device_found event length for remote name resolving

The correct length of the event is the size of the ev struct (not size
of the pointer like the code was previously using) plus the length of
the variable-sized EIR data at the end of the struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix indentation
Andre Guedes [Fri, 3 Feb 2012 20:48:02 +0000 (17:48 -0300)]
Bluetooth: Fix indentation

This patch fixes a #define indentation in mgmt.c.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: MGMT start discovery LE-Only support
Andre Guedes [Fri, 3 Feb 2012 20:48:01 +0000 (17:48 -0300)]
Bluetooth: MGMT start discovery LE-Only support

This patch adds LE-Only discovery procedure support to MGMT Start
Discovery command.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add hci_le_scan()
Andre Guedes [Fri, 3 Feb 2012 20:48:00 +0000 (17:48 -0300)]
Bluetooth: Add hci_le_scan()

We are not supposed to block in start_discovery() because
start_discovery code is running in write() syscall context
and this would block the write operation on the mgmt socket.
This way, we cannot directly call hci_do_le_scan() to scan
LE devices in start_discovery(). To overcome this issue a
derefered work (hdev->le_scan) was created so we can properly
call hci_do_le_scan().

The helper function hci_le_scan() simply set LE scan parameters
and queue hdev->le_scan work. The work is queued on system_long_wq
since it can sleep for a few seconds in the worst case (timeout).

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add hci_do_le_scan()
Andre Guedes [Fri, 3 Feb 2012 20:47:59 +0000 (17:47 -0300)]
Bluetooth: Add hci_do_le_scan()

This patch adds to hci_core the hci_do_le_scan function which
should be used to scan LE devices.

In order to enable LE scan, hci_do_le_scan() sends commands (Set
LE Scan Parameters and Set LE Scan Enable) to the controller and
waits for its results. If commands were executed successfully a
delayed work is scheduled to disable the ongoing scanning after
some amount of time. This function blocks.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Minor code refactoring
Andre Guedes [Fri, 3 Feb 2012 20:47:58 +0000 (17:47 -0300)]
Bluetooth: Minor code refactoring

This patch does a trivial code refacting in hci_discovery_active.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: LE scan should send Discovering events
Andre Guedes [Fri, 3 Feb 2012 20:47:57 +0000 (17:47 -0300)]
Bluetooth: LE scan should send Discovering events

Send MGMT Discovering events once LE scan starts/stops so the
userspace can track when local adapters are discovering LE devices.

This way, we also keep the same behavior of inquiry which sends MGMT
Discovering events once inquiry starts/stops even if it is triggered
by an external tool (e.g. hcitool).

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close
Johan Hedberg [Fri, 3 Feb 2012 19:29:40 +0000 (21:29 +0200)]
Bluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close

We should only perform a reset in hci_dev_do_close if the
HCI_QUIRK_NO_RESET flag is set (since in such a case a reset will not be
performed when initializing the device).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Helper removes duplicated code
Andrei Emeltchenko [Fri, 3 Feb 2012 14:27:55 +0000 (16:27 +0200)]
Bluetooth: Helper removes duplicated code

Use __check_timout helper to remove duplicated code

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Recalculate sched HCI blk/pkt flow ctrl
Andrei Emeltchenko [Fri, 3 Feb 2012 14:27:54 +0000 (16:27 +0200)]
Bluetooth: Recalculate sched HCI blk/pkt flow ctrl

Split HCI scheduling for block and packet flow control.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add support for notifying userspace of new LTK's
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:05 +0000 (21:08 -0300)]
Bluetooth: Add support for notifying userspace of new LTK's

If we want to have proper pairing support over LE we need to
inform userspace that a new LTK is available, so userspace
can store that key permanently.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Clean up structures left unused
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:04 +0000 (21:08 -0300)]
Bluetooth: Clean up structures left unused

With the use of the new structures and lists for the SMP LTK's
we may remove some code that is now unused. No need to have extra
fields of information inside link_key now that it is only used
for Link Keys.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add support for removing LTK's when pairing is removed
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:03 +0000 (21:08 -0300)]
Bluetooth: Add support for removing LTK's when pairing is removed

Instead of having a separated command for removing SMP keys, we use the
Remove Keys command to remove *all* keys.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add MGMT handlers for dealing with SMP LTK's
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:02 +0000 (21:08 -0300)]
Bluetooth: Add MGMT handlers for dealing with SMP LTK's

This adds a method to notify that a new LTK is available and
a handler to store keys coming from userspace into the kernel LTK
list.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Use the updated key structures for handling LTKs
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:01 +0000 (21:08 -0300)]
Bluetooth: Use the updated key structures for handling LTKs

This updates all the users of the older way, that was using the
link_keys list to store the SMP keys, to use the new way.

This includes defining new types for the keys, we have a type for each
combination of STK/LTK and Master/Slave.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Add new structures for handling SMP Long Term Keys
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:00 +0000 (21:08 -0300)]
Bluetooth: Add new structures for handling SMP Long Term Keys

This includes a new list for storing the keys and a new structure used
to represent each key.

Some notes: authenticated is used to identify that the key may be used
to setup a HIGH security link. As the same list is used to store both
the STK's and the LTK's the type field is used so we can separate
between those two types of keys and if the key should be used when
in the master or slave role.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix doing some useless casts when receiving MGMT commands
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:07:59 +0000 (21:07 -0300)]
Bluetooth: Fix doing some useless casts when receiving MGMT commands

Every command handler of mgmt does a cast to the command structure
so it can properly interpreted. So we can avoid that cast if we
make those functions receive a void * directly.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0
Manoj Iyer [Thu, 2 Feb 2012 15:32:36 +0000 (09:32 -0600)]
Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0

T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f3 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=74DE2B344A7B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)

Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Dennis Chua <dennis.chua@canonical.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Use list _safe deleting from conn chan_list
Andrei Emeltchenko [Thu, 2 Feb 2012 08:32:18 +0000 (10:32 +0200)]
Bluetooth: Use list _safe deleting from conn chan_list

Fixes possible bug when deleting element from the list in
function hci_chan_list_flush. list_for_each_entry_rcu is used
and after deleting element from the list we also free pointer
and then list_entry_rcu is taken from freed pointer.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Use list _safe deleting from conn_hash_list
Andrei Emeltchenko [Thu, 2 Feb 2012 08:32:17 +0000 (10:32 +0200)]
Bluetooth: Use list _safe deleting from conn_hash_list

Use list_for_each_entry_safe which is safe version against removal
of list entry. Otherwise we remove hci_conn element and reference
next element which result in accessing LIST_POISON.

[   95.571834] Bluetooth: unknown link type 127
[   95.578349] BUG: unable to handle kernel paging request at 20002000
[   95.580236] IP: [<20002000>] 0x20001fff
[   95.580763] *pde = 00000000
[   95.581196] Oops: 0000 [#1] SMP
...
[   95.582298] Pid: 3355, comm: hciconfig Tainted: G   O 3.2.0-VirttualBox
[   95.582298] EIP: 0060:[<20002000>] EFLAGS: 00210206 CPU: 0
[   95.582298] EIP is at 0x20002000
...
[   95.582298] Call Trace:
[   95.582298]  [<f8231ab6>] ? hci_conn_hash_flush+0x76/0xf0 [bluetooth]
[   95.582298]  [<f822bcb1>] hci_dev_do_close+0xc1/0x2e0 [bluetooth]
[   95.582298]  [<f822d679>] ? hci_dev_get+0x69/0xb0 [bluetooth]
[   95.582298]  [<f822e1da>] hci_dev_close+0x2a/0x50 [bluetooth]
[   95.582298]  [<f824102f>] hci_sock_ioctl+0x1af/0x3f0 [bluetooth]
[   95.582298]  [<c11153ea>] ? handle_pte_fault+0x8a/0x8f0
[   95.582298]  [<c146becf>] sock_ioctl+0x5f/0x260
[   95.582298]  [<c146be70>] ? sock_fasync+0x90/0x90
[   95.582298]  [<c1152b33>] do_vfs_ioctl+0x83/0x5b0
[   95.582298]  [<c1563f87>] ? do_page_fault+0x297/0x500
[   95.582298]  [<c1563cf0>] ? spurious_fault+0xd0/0xd0
[   95.582298]  [<c107165b>] ? up_read+0x1b/0x30
[   95.582298]  [<c1563f87>] ? do_page_fault+0x297/0x500
[   95.582298]  [<c100aa9f>] ? init_fpu+0xef/0x160
[   95.582298]  [<c15617c0>] ? do_debug+0x180/0x180
[   95.582298]  [<c100a958>] ? fpu_finit+0x28/0x80
[   95.582298]  [<c11530e7>] sys_ioctl+0x87/0x90
[   95.582298]  [<c156795f>] sysenter_do_call+0x12/0x38
...

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: mgmt: Implement Cancel Pair Device command
Johan Hedberg [Thu, 2 Feb 2012 02:02:29 +0000 (04:02 +0200)]
Bluetooth: mgmt: Implement Cancel Pair Device command

This patch implements the Cancel Pair Device command for mgmt. It's used
by user space to cancel an ongoing pairing attempt which was triggered
by the Pair Device command.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix clearing of debug and linkkey flags
Hemant Gupta [Mon, 23 Jan 2012 10:06:11 +0000 (15:36 +0530)]
Bluetooth: Fix clearing of debug and linkkey flags

This patch fixes clearing of HCI_LINK_KEYS and HCI_DEBUG_KEYS
dev_flags while resetting. Without this patch pairing does
not work over management interface for BR-EDR devices.

Signed-off-by: Hemant Gupta <hemant.gupta@stericsson.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Send correct response to IO Capability Request
Hemant Gupta [Mon, 16 Jan 2012 08:04:29 +0000 (13:34 +0530)]
Bluetooth: Send correct response to IO Capability Request

This patch sends correct IO Capability response to remote device
in case Local Device supports KeyBoardDisplay IO Capability as
this capability is not valid as per BT spec for IO capability
Request Reply Command.
This capability is mapped to DisplayYesNo which is in accordance
with BT spec.

Signed-off-by: Hemant Gupta <hemant.gupta@stericsson.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix l2cap conn failures for ssp devices
Peter Hurley [Fri, 13 Jan 2012 14:11:30 +0000 (15:11 +0100)]
Bluetooth: Fix l2cap conn failures for ssp devices

Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).

However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Update mgmt.h to match latest API spec
Johan Hedberg [Wed, 1 Feb 2012 21:42:38 +0000 (23:42 +0200)]
Bluetooth: Update mgmt.h to match latest API spec

This patch updates the opcodes for mgmt commands and events to match the
latest user space API specification.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
12 years agoBluetooth: Fix invalid memory access when there's no SMP channel
Vinicius Costa Gomes [Wed, 1 Feb 2012 21:27:56 +0000 (18:27 -0300)]
Bluetooth: Fix invalid memory access when there's no SMP channel

We only should try to free the SMP channel that was created if there
is a pending SMP session.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
12 years agoBluetooth: Fix RFCOMM session reference counting issue
Octavian Purdila [Fri, 27 Jan 2012 17:32:39 +0000 (19:32 +0200)]
Bluetooth: Fix RFCOMM session reference counting issue

There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:

[  685.010159] BUG: unable to handle kernel paging request at 6b6b6b6b
[  685.010169] IP: [<c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[  685.010181] *pdpt = 000000002d665001 *pde = 0000000000000000
[  685.010191] Oops: 0000 [#1] PREEMPT SMP
[  685.010247]
[  685.010255] Pid: 947, comm: krfcommd Tainted: G         C  3.0.16-mid8-dirty #44
[  685.010266] EIP: 0060:[<c149d76d>] EFLAGS: 00010246 CPU: 1
[  685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[  685.010281] EAX: e79f551c EBX: 6b6b6b6b ECX: 00000007 EDX: e79f40b4
[  685.010288] ESI: e79f4060 EDI: ed4e1f70 EBP: ed4e1f68 ESP: ed4e1f50
[  685.010295]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[  685.010303] Process krfcommd (pid: 947, ti=ed4e0000 task=ed43e5e0 task.ti=ed4e0000)
[  685.010308] Stack:
[  685.010312]  ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[  685.010331]  00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[  685.010348]  00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[  685.010367] Call Trace:
[  685.010376]  [<c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[  685.010387]  [<c149ec10>] rfcomm_process_sessions+0xb7/0xde
[  685.010398]  [<c149ec87>] rfcomm_run+0x50/0x6d
[  685.010409]  [<c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[  685.010419]  [<c104fe01>] kthread+0x63/0x68
[  685.010431]  [<c104fd9e>] ? __init_kthread_worker+0x42/0x42
[  685.010442]  [<c14dae82>] kernel_thread_helper+0x6/0xd

This issue has been brought up earlier here:

https://lkml.org/lkml/2011/5/21/127

The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.

There have been several attempts to fix these issue:

6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it

but AFAICS they do not fix the issue just make it harder to reproduce.

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>