History log of /net/bluetooth/l2cap_sock.c
Revision Date Author Comments
c16900cf285ca240f0f84117bf8b88a03c55469b 15-Aug-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix hci_conn reference counting for fixed channels

Now that SMP has been converted to use fixed channels we've got a bit of
a problem with the hci_conn reference counting. So far the L2CAP code
has kept a reference for each L2CAP channel that was notified of the
connection. With SMP however this would mean that the connection is
never dropped even though there are no other users of it. Furthermore,
SMP already does its own hci_conn reference counting internally,
starting from a security or pairing request and ending with the key
distribution.

This patch makes L2CAP fixed channels default to the L2CAP core not
keeping a hci_conn reference for them. A new FLAG_HOLD_HCI_CONN flag is
added so that L2CAP users can declare an exception to this rule and hold
a reference even for their fixed channels. One such exception is the
L2CAP socket layer which does want a reference for each socket (e.g. an
ATT socket which uses a fixed channel).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
148243087b3a5d95a32825da26858dc9d893b141 07-Aug-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Move parts of fixed channel initialization to l2cap_add_scid

The l2cap_add_scid function is used for registering a fixed L2CAP
channel. Instead of having separate initialization of the channel type
and outgoing MTU in l2cap_sock.c it's more intuitive to do these things
in the l2cap_add_scid function itself (and thereby make the
functionality available to other users besides l2cap_sock.c).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
d52deb17489b8155e031fb1a9f116c602d719e11 07-Aug-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Resume BT_CONNECTED state after LE security elevation

The LE ATT socket uses a special trick where it temporarily sets
BT_CONFIG state for the duration of a security level elevation. In order
to not require special hacks for going back to BT_CONNECTED state in the
l2cap_core.c code the most reasonable place to resume the state is the
resume callback. This patch adds a new flag to track the pending
security level change and ensures that the state is set back to
BT_CONNECTED in the resume callback in case the flag is set.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
beb19e4c079d626bf0502fbb65bd7c9891a10c2e 18-Jul-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Use EOPNOTSUPP instead of ENOTSUPP

The EOPNOTSUPP and ENOTSUPP errors are very similar in meaning, but
ENOTSUPP is a fairly new addition to POSIX. Not all libc versions know
about the value the kernel uses for ENOTSUPP so it's better to use
EOPNOTSUPP to ensure understandable error messages.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
e7cafc45258c852c5176cd421615846e79a3d307 17-Jul-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Pass initiator/acceptor information to hci_conn_security()

We're interested in whether an authentication request is because of a
remote or local action. So far hci_conn_security() has been used both
for incoming and outgoing actions (e.g. RFCOMM or L2CAP connect
requests) so without some modifications it cannot know which peer is
responsible for requesting authentication.

This patch adds a new "bool initiator" parameter to hci_conn_security()
to indicate which side is responsible for the request and updates the
current users to pass this information correspondingly.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
093facf3634da1b0c2cc7ed106f1983da901bbab 14-Jul-2014 Vladimir Davydov <vdavydov@parallels.com> Bluetooth: never linger on process exit

If the current process is exiting, lingering on socket close will make
it unkillable, so we should avoid it.

Reproducer:

#include <sys/types.h>
#include <sys/socket.h>

#define BTPROTO_L2CAP 0
#define BTPROTO_SCO 2
#define BTPROTO_RFCOMM 3

int main()
{
int fd;
struct linger ling;

fd = socket(PF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM);
//or: fd = socket(PF_BLUETOOTH, SOCK_DGRAM, BTPROTO_L2CAP);
//or: fd = socket(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_SCO);

ling.l_onoff = 1;
ling.l_linger = 1000000000;
setsockopt(fd, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling));

return 0;
}

Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
bf19d51b768ceeccab12f932cac73b60b1d20bab 30-Jun-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Allow L2CAP getpeername() for BT_CONFIG state

We have all the necessary remote information for getpeername() when we
are in the BT_CONFIG state so this should be allowed. This is
particularly important for LE sockets where changing the security level
will temporarily move the socket into BT_CONFIG state.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
0498878b18993891f7b71c75b6adcb7c157501db 18-Jun-2014 Jukka Rissanen <jukka.rissanen@linux.intel.com> Bluetooth: Provide L2CAP ops callback for memcpy_fromiovec

The highly optimized TX path for L2CAP channels and its fragmentation
within the HCI ACL packets requires to copy data from user provided
IO vectors and also kernel provided memory buffers.

This patch allows channel clients to provide a memcpy_fromiovec callback
to keep this optimized behavior, but adapt it to kernel vs user memory
for the TX path. For all kernel internal L2CAP channels, a default
implementation is provided that can be referenced.

In case of A2MP, this fixes a long-standing issue with wrongly accessing
kernel memory as user memory.

This patch originally by Marcel Holtmann.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
d9fbd02be5c201c1659ee0d79c0820bb68d95c8c 08-Jun-2014 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Use explicit header and body length for L2CAP SKB allocation

When allocating the L2CAP SKB for transmission, provide the upper layers
with a clear distinction on what is the header and what is the body
portion of the SKB.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
8d46321c4f63f7c2be9e3ba0bb26cb437fc5eded 05-Jun-2014 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Assign L2CAP socket priority when allocating SKB

The SKB for L2CAP sockets are all allocated in a central callback
in the socket support. Instead of having to pass around the socket
priority all the time, assign it to skb->priority when actually
allocating the SKB.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
67f86a45bb82091a2775561a1e498010afff54ee 08-Jun-2014 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Use const for struct l2cap_ops field

The struct l2cap_ops field should not allow any modifications and thus
it is better declared as const.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
92d1372e1a9fec00e146b74e8b9ad7a385b9b37f 13-Jun-2014 Marcin Kraglak <marcin.kraglak@tieto.com> Bluetooth: Allow change security level on ATT_CID in slave role

Kernel supports SMP Security Request so don't block increasing security
when we are slave.

Signed-off-by: Marcin Kraglak <marcin.kraglak@tieto.com>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
8a96f3cd22878fc0bb564a8478a6e17c0b8dca73 22-May-2014 Jukka Taimisto <jtt@codenomicon.com> Bluetooth: Fix L2CAP deadlock

-[0x01 Introduction

We have found a programming error causing a deadlock in Bluetooth subsystem
of Linux kernel. The problem is caused by missing release_sock() call when
L2CAP connection creation fails due full accept queue.

The issue can be reproduced with 3.15-rc5 kernel and is also present in
earlier kernels.

-[0x02 Details

The problem occurs when multiple L2CAP connections are created to a PSM which
contains listening socket (like SDP) and left pending, for example,
configuration (the underlying ACL link is not disconnected between
connections).

When L2CAP connection request is received and listening socket is found the
l2cap_sock_new_connection_cb() function (net/bluetooth/l2cap_sock.c) is called.
This function locks the 'parent' socket and then checks if the accept queue
is full.

1178 lock_sock(parent);
1179
1180 /* Check for backlog size */
1181 if (sk_acceptq_is_full(parent)) {
1182 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1183 return NULL;
1184 }

If case the accept queue is full NULL is returned, but the 'parent' socket
is not released. Thus when next L2CAP connection request is received the code
blocks on lock_sock() since the parent is still locked.

Also note that for connections already established and waiting for
configuration to complete a timeout will occur and l2cap_chan_timeout()
(net/bluetooth/l2cap_core.c) will be called. All threads calling this
function will also be blocked waiting for the channel mutex since the thread
which is waiting on lock_sock() alread holds the channel mutex.

We were able to reproduce this by sending continuously L2CAP connection
request followed by disconnection request containing invalid CID. This left
the created connections pending configuration.

After the deadlock occurs it is impossible to kill bluetoothd, btmon will not
get any more data etc. requiring reboot to recover.

-[0x03 Fix

Releasing the 'parent' socket when l2cap_sock_new_connection_cb() returns NULL
seems to fix the issue.

Signed-off-by: Jukka Taimisto <jtt@codenomicon.com>
Reported-by: Tommi Mäkilä <tmakila@codenomicon.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org
676d23690fb62b5d51ba5d659935e9f7d9da9f8e 11-Apr-2014 David S. Miller <davem@davemloft.net> net: Fix use after free by removing length arg from sk_data_ready callbacks.

Several spots in the kernel perform a sequence like:

skb_queue_tail(&sk->s_receive_queue, skb);
sk->sk_data_ready(sk, skb->len);

But at the moment we place the SKB onto the socket receive queue it
can be consumed and freed up. So this skb->len access is potentially
to freed up memory.

Furthermore, the skb->len can be modified by the consumer so it is
possible that the value isn't accurate.

And finally, no actual implementation of this callback actually uses
the length argument. And since nobody actually cared about it's
value, lots of call sites pass arbitrary values in such as '0' and
even '1'.

So just remove the length argument from the callback, that way there
is no confusion whatsoever and all of these use-after-free cases get
fixed as a side effect.

Based upon a patch by Eric Dumazet and his suggestion to audit this
issue tree-wide.

Signed-off-by: David S. Miller <davem@davemloft.net>
e8b1ab9e6d30394e0df3e4f60bf56c4dc9bf0863 26-Mar-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix returning peer address in pending connect state

We should let user space request the peer address also in the pending
connect states, i.e. BT_CONNECT and BT_CONNECT2. There is existing user
space code that tries to do this and will fail without extending the set
of allowed states for the peer address information.

This patch adds the two states to the allowed ones in the L2CAP and
RFCOMM sock_getname functions, thereby preventing ENOTCONN from being
returned.

Reported-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Tested-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
dcf4adbfdc7ad14ca50c1133f93f998c78493c2d 12-Mar-2014 Joe Perches <joe@perches.com> Bluetooth: Convert uses of __constant_<foo> to <foo>

The use of __constant_<foo> has been unnecessary for quite awhile now.

Make these uses consistent with the rest of the kernel.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9b7655eafeeec9e74e97e9056e820ede8d18093e 14-Feb-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Enable LE L2CAP CoC support by default

Now that the LE L2CAP Connection Oriented Channel support has undergone a
decent amount of testing we can make it officially supported. This patch
removes the enable_lecoc module parameter which was previously needed to
enable support for LE L2CAP CoC.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
d7e5e76b6f4c5848ad3093493bdb226c27d8350e 29-Jan-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Always use l2cap_chan->psm for returning PSM to user space

The l2cap_chan->psm value is always set to a valid value for a
connection oriented channel. The l2cap_chan->sport is used for tracking
local PSM allocations but will not always have a proper value, such as
with connected sockets derived from a listening socket. This patch fixes
the sock_getname callback to always use chan->psm when returning address
information.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
b783fbc3a55691f978b9f78d552a0d7e7d2705ad 29-Jan-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Refuse peer L2CAP address reading when not connected

When we're not connected the peer address information is undefined. This
patch fixes the remote address getting to return a proper error in case
the state is anything else than BT_CONNECTED.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
7a8e5a31ecd50ace4fce57304c8fdd206f013fde 25-Jan-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix CID initialization for fixed channels

Fixed channels have the same source and destination CID. Ensure that the
values get properly initialized when receiving incoming connections and
deriving values from the parent socket.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
e0c888ad739513b9baae5c25e85dd6490595e5be 25-Jan-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix BT_SECURITY socket option for fixed channels (ATT)

The BT_SECURITY option should also be allowed for fixed channels, so
punch the appropriate hole for it when checking for the channel type.
The main user of fixed CID user space sockets is right now ATT (which is
broken without this patch).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
21626e6214f92aaae580052c760dc85f83b5faef 24-Jan-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Switch ATT channels to use L2CAP_CHAN_FIXED

ATT channels are not connection oriented so having them use
L2CAP_CHAN_CONN_ORIENTED is quite confusing. Instead, use the new
L2CAP_CHAN_FIXED type and ensure that the MTU and CID values get
properly set.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
7d513e9243afd01df315db45ffe96a6e3688e612 16-Jan-2014 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Handle security level 4 for L2CAP connections

With the introduction of security level 4, the L2CAP sockets need to
be made aware of this new level. This change ensures that the pairing
requirements are set correctly for these connections.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
342dfc306fb32155314dad277f3c3686b83fb9f1 17-Jan-2014 Steffen Hurrle <steffen@hurrle.net> net: add build-time checks for msg->msg_name size

This is a follow-up patch to f3d3342602f8bc ("net: rework recvmsg
handler msg_name and msg_namelen logic").

DECLARE_SOCKADDR validates that the structure we use for writing the
name information to is not larger than the buffer which is reserved
for msg->msg_name (which is 128 bytes). Also use DECLARE_SOCKADDR
consistently in sendmsg code paths.

Signed-off-by: Steffen Hurrle <steffen@hurrle.net>
Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
cb6ca8e1ed922082bacc6e5e5ee040491a443ea2 06-Jan-2014 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Default to no security with L2CAP RAW sockets

L2CAP RAW sockets can be used for things which do not involve
establishing actual connection oriented L2CAP channels. One example of
such usage is the l2ping tool. The default security level for L2CAP
sockets is LOW, which implies that for SSP based connection
authentication is still requested (although with no MITM requirement),
which is not what we want (or need) for things like l2ping. Therefore,
default to one lower level, i.e. BT_SECURITY_SDP, for L2CAP RAW sockets
in order not to trigger unwanted authentication requests.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
0ce43ce60d5e0c079d33be1fe33ba92828c7e5da 05-Dec-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Simplify l2cap_chan initialization for LE CoC

The values in l2cap_chan that are used for actually transmitting data
only need to be initialized right after we've received an L2CAP Connect
Request or just before we send one. The only thing that we need to
initialize though bind() and connect() is the chan->mode value. This way
all other initializations can be done in the l2cap_le_flowctl_init
function (which now becomes private to l2cap_core.c) and the
l2cap_le_flowctl_start function can be completely removed.

Also, since the l2cap_sock_init function initializes the imtu and omtu
to adequate values these do not need to be part of l2cap_le_flowctl_init.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
4946096d43d1d02fb07cc80f82e1747b01571c41 08-Oct-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix validating LE PSM values

LE PSM values have different ranges than those for BR/EDR. The valid
ranges for fixed, SIG assigned values is 0x0001-0x007f and for dynamic
PSM values 0x0080-0x00ff. We need to ensure that bind() and connect()
calls conform to these ranges when operating on LE CoC sockets.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
837776f7904024df451422f32b09c67e88ae2aa2 15-Oct-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Introduce L2CAP channel callback for suspending

Setting the BT_SK_SUSPEND socket flag from the L2CAP core is causing a
dependency on the socket. So instead of doing that, use a channel
callback into the socket handling to suspend.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
1f435424ce2c93c31c3887ec67e3afb6056f18f6 02-Dec-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Add new BT_SNDMTU and BT_RCVMTU socket options

This patch adds new socket options for LE sockets since the existing
L2CAP_OPTIONS socket option is not usable for LE. For now, the new
socket options also require LE CoC support to be explicitly enabled to
leave some playroom in case something needs to be changed in a backwards
incompatible way.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
64b4f8dc763d5c26dea0f483d6e475540eaf9759 02-Dec-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Limit L2CAP_OPTIONS socket option usage with LE

Most of the values in L2CAP_OPTIONS are not applicable for LE and those
that are have different semantics. It makes therefore sense to
completely block this socket option for LE and add (in a separate patch)
a new socket option for tweaking the values that do make sense (mainly
the send and receive MTU). Legacy user space ATT code still depends on
getsockopt for L2CAP_OPTIONS though so we need to plug a hole for that
for backwards compatibility.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
0cd75f7ed740a8c605fe55ac71a9b5162c612422 17-May-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Track LE L2CAP credits in l2cap_chan

This patch adds tracking of L2CAP connection oriented channel local and
remote credits to struct l2cap_chan and ensures that connect requests
and responses contain the right values.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
3831971355d901ccfb76533a422b4395072849a3 16-May-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Add LE L2CAP flow control mode

The LE connection oriented channels have their own mode with its own
data transfer rules. In order to implement this properly we need to
distinguish L2CAP channels operating in this mode from other modes.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9149761ad74f618371b58fd37141d4c3706d88fc 02-Dec-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Add module parameter to enable LE CoC support

Along with the L2CAP Connection Oriented Channels features it is now
allowed to use both custom fixed CIDs as well as PSM based (connection
oriented connections). Since the support for this (with the subsequent
patches) is still on an experimental stage, add a module parameter to
enable it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
d78a32a8fcf775111ccc9ba611a08ca5c29784b6 21-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Remove sk member from struct l2cap_chan

There is no access to chan->sk in L2CAP core now. This change marks the
end of the task of splitting L2CAP between Core and Socket, thus sk is now
gone from struct l2cap_chan.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
0e790c64f37a1a43c147720bdfa03b7c5538e24a 21-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Add L2CAP channel to skb private data

Adding the channel to the skb private data makes possible to us know which
channel the skb we have came from.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8ffb929098a56939ac71509302eeab5b207bf262 21-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Remove parent socket usage from l2cap_core.c

The parent socket is not used inside the L2CAP core anymore. We only lock
it to indirect access through the new_connection() callback. The hold of
the socket lock was moved to the new_connection() callback.

Inside L2CAP core the channel lock is now used in l2cap_le_conn_ready()
and l2cap_conn_ready() to protect the execution of these two functions
during the handling of new incoming connections.

This change remove the socket lock usage from L2CAP core while keeping
the code safe against race conditions.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
acdcabf532908fbefbea294fcad2e3989d1dc036 21-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Hold socket in defer callback in L2CAP socket

In both places that we use the defer callback the socket lock is held for
a indirect sk access inside __l2cap_change_state() and chan->ops->defer(),
all the rest of the code between lock_sock() and release_sock() is
already protected by the channel lock and won't be affected by this
change.

We now use l2cap_change_state(), the locked version of the change state
function, and the defer callback does the locking itself now. This does
not affect other uses of the defer callback.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
0f2c6153746f270cf28559aa81a4da27847bd395 21-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Do not access chan->sk directly

In the process of removing socket usage from L2CAP we now access the L2CAP
socket from the data member of struct l2cap_chan. For the L2CAP socket
user the data member points to the L2CAP socket.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
eb622495e89879bb7d62bb27b2561a306bbe2401 18-Oct-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix ATT socket backwards compatibility with user space

Old user space versions bind the Attribute Protocol socket to
BDADDR_BREDR when they should be using BDADDR_LE_PUBLIC or
BDADDR_LE_RANDOM. The kernel recently introduced stricter checks on the
socket parameters but we need to punch this hole for old user space
versions to keep them working.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
7f59ddada192583aee81ebf0de4cdc5a94642915 16-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Socket address parameter for CID is in little endian

The L2CAP socket parameter for CID are actually provided in little
endian. So convert our constants into little endian before comparing
them.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
bfe4655f05d7ec4a7c0c1c7e4051862f824cd8ec 16-Oct-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Reintroduce socket restrictions for LE sockets

Right now we do not allow user space to use connection oriented channels
on LE, and the only CID that can be used is the Attribute Protocol one.
These restrictions went away together with the recent refactoring of the
L2CAP code, but this patch puts them back to their appropriate places.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
dc25306b033cc27ca2a45b4bb307a437092408d1 16-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Move l2cap_wait_ack() to l2cap_sock.c

The wait_ack code has a heavy dependency on the socket data structures
and, as of now, it won't be worthless change it to use non-socket
structures as the only user of such feature is a socket.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
5ec1bbe549d939ff1ef88e2cc22b2c3b95d76401 16-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Add chan->ops->set_shutdown()

We need to remove all direct access of struct sock from L2CAP core.
This change is pretty simple and just add a new L2CAP channel callback to
do the work in the L2CAP socket side.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
8d836d71e2223b8961b21112bb4ce89ef8231682 16-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Access sk_sndtimeo indirectly in l2cap_core.c

As part of the work to remove struct sock from l2cap_core.c and make it
more generic we remove in this commit the direct access to sk->sk_sndtimeo
member. This objective of this change is purely remove sk usage from
l2cap_core.c

Now we have a new l2cap ops to get the current value of sk->sndtimeo. A
l2cap_chan_no_get_sndtimeo was added for users of L2CAP that doesn't need
to set a timeout.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
53f5212121fc3bcd0bccb8841c01e08ca942f333 16-Oct-2013 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Extend state_change() call to report errors too

Instead of creating an new function pointer to report errors we are just
reusing state_change for that and there is a simple reason for this, one
place in the l2cap_core.c code needs, in a locked sk, set both the sk_state
and sk_err. If we create two different functions for this we would need to
release the lock between the two operation putting the socket in non
desired state.

The change is transparent to the l2cap_core.c code, user that only needs
to set the state won't need any modification.

This is another step of an ongoing work to make l2cap_core.c totally
independent from l2cap's struct sock.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
1f209383f2be94e15e179da3a4cbcfeabcc2efc2 14-Oct-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Check that bind() bdaddr type matches connect()

If a socket was bound to an address type other than BR/EDR (such as LE)
we should reject trying to connect it to a BR/EDR address. The same
applies for binding to BR/EDR and trying to connect to non-BR/EDR.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
80c1a2e76dbb36588facb265ab364b1302f7ef8c 14-Oct-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Reject invalid bdaddr types for sockets

We need to verify that the bdaddr type passed to connect() and bind() is
within the set of valid values. If it is not we need to cleanly fail
with EINVAL.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
d97c899bde330cd1c76c3a162558177563a74362 14-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Introduce L2CAP channel callback for resuming

Clearing the BT_SK_SUSPEND socket flag from the L2CAP core is causing
a dependency on the socket. So intead of doing that, use a channel
callback into the socket handling to resume.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
bdc257830760a784370ae4ab2d682b252b983e77 14-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Introduce L2CAP channel flag for defer setup

The L2CAP core should not look into the socket flags to figure out the
setting of defer setup. So introduce a L2CAP channel flag that mirrors
the socket flag.

Since the defer setup option is only set in one place this becomes a
really easy thing to do.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2edf870d198adeb43d5a2a5ddfa7e3cea4fc999b 13-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Provide msg_name callback for L2CAP connectionless channels

The L2CAP connectionless channels use SOCK_DGRAM and recvmsg() and need
to receive the remote BD_ADDR and PSM information via msg_name from
the recvmsg() system call.

So in case the L2CAP socket is for connectionless channels, provide
a msg_name callback that can update the data. Also store the remote
BD_ADDR and PSM in the skb so it can be extracted later on.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
84b34d9867f826caecaab4444c86438935b7eb2b 13-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Use l2cap_pi(sk) directly where possible

There are few places where it makes sense to use l2cap_pi(sk) directly
instead of assigning it to temporary structure.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
4f1654e08464abad06487e173661cb73721d27a7 13-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Return the correct address type for L2CAP sockets

The L2CAP sockets can use BR/EDR public, LE public and LE random
addresses for various combinations of source and destination
devices. So make sure that getsockname(), getpeername() and
accept() return the correct address type.

For this the address type of the source and destination is stored
with the L2CAP channel information. The stored address type is
not the one specific for the HCI protocol. It is the address
type used for the L2CAP sockets and the management interface.

The underlying HCI connections store the HCI address type. If
needed, it gets converted to the socket address type.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
7eafc59e2f547fce3a31b3e2d03c14d57e9162b2 13-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Store address information in L2CAP channel structure

With the effort of abstracting the L2CAP socket from the underlying
L2CAP channel it is important to store the source and destination
address information directly in the L2CAP channel structure.

Direct access to the HCI connection address information is not
possible since they might not be avaiable at L2CAP channel
creation time. The address information will be updated when
the underlying BR/EDR or LE connection status changes.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
3124b84309a0699c98bdc0ef1fc8cd5e058ad5fa 12-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Allow 3D profile to use security mode 4 level 0

The PSM 0x0021 is dedicated to the 3D profile and has permission to
use security mode 4 level 0 for L2CAP connectionless unicast data
transfers.

When establishing a L2CAP connectionless channel on PSM 0x0021, it
will no longer force Secure Simple Pairing.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
6a974b50a1b0909803faac3c3228f7c1339d9971 12-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Limit security mode 4 level 0 to connection oriented channels

The exception for certain PSM channels when it comes to security
mode 4 level 0 should only be checked when actually a connection
oriented channel is established.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
ac4b7236610cef99821f40f44a74030b85d85270 10-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Move smp.h header file into net/bluetooth/

The smp.h header file is only used internally by the bluetooth.ko
module and is not a public API. So make it local to the core
Bluetooth module.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
c1f23a2bfc89a886776dc141130ca995ea16a826 07-Oct-2013 Johannes Berg <johannes.berg@intel.com> Bluetooth: Fix variable shadow warnings

Sparse points out three places where variables are shadowed,
rename two of the variables and remove the duplicate third.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
848566b381e72b07e41beffde677955ae1498153 02-Oct-2013 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Provide high speed configuration option

Hiding the Bluetooth high speed support behind a module parameter is
not really useful. This can be enabled and disabled at runtime via
the management interface. This also has the advantage that this can
now be changed per controller and not just global.

This patch removes the module parameter and exposes the high speed
setting of the management interface to all controllers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
970871bc9cb2f5f783cb7cca31ff223c44662327 25-Sep-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Clean up socket locking in l2cap_sock_recvmsg

This patch cleans up the locking login in l2cap_sock_recvmsg by pairing
up each lock_sock call with a release_sock call. The function already
has a "done" label that handles releasing the socket and returning from
the function so the fix is rather simple.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
e793dcf082c847bd2b742c781252c20cbec37986 16-Sep-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Fix waiting for clearing of BT_SK_SUSPEND flag

In the case of blocking sockets we should not proceed with sendmsg() if
the socket has the BT_SK_SUSPEND flag set. So far the code was only
ensuring that POLLOUT doesn't get set for non-blocking sockets using
poll() but there was no code in place to ensure that blocking sockets do
the right thing when writing to them.

This patch adds a new bt_sock_wait_ready helper function to sleep in the
sendmsg call if the BT_SK_SUSPEND flag is set, and wake up as soon as it
is unset. It also updates the L2CAP and RFCOMM sendmsg callbacks to take
advantage of this new helper function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
073d1cf35fe45d89f5a553c21eea18b504dd6937 29-Apr-2013 Johan Hedberg <johan.hedberg@intel.com> Bluetooth: Rename L2CAP_CID_LE_DATA to L2CAP_CID_ATT

In future Core Specification versions the ATT CID will be just one of
many possible CIDs that can be used for data transfer. Therefore, it
makes sense to rename the define for the ATT CID to something less
ambigous.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
b03166152f6da91cec8b66837b309dd3923ea536 05-Apr-2013 Al Viro <viro@zeniv.linux.org.uk> bluetooth: kill unused 'module' argument of bt_procfs_init()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
b3916db32c4a3124eee9f3742a2f4723731d7602 05-Apr-2013 David Herrmann <dh.herrmann@gmail.com> Bluetooth: hidp: verify l2cap sockets

We need to verify that the given sockets actually are l2cap sockets. If
they aren't, we are not supposed to access bt_sk(sock) and we shouldn't
start the session if the offsets turn out to be valid local BT addresses.

That is, if someone passes a TCP socket to HIDCONNADD, then we access some
random offset in the TCP socket (which isn't even guaranteed to be valid).

Fix this by checking that the socket is an l2cap socket.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
5e9d7f868f04106139a58212b860dcdc268ad3af 24-Feb-2013 David Herrmann <dh.herrmann@gmail.com> Bluetooth: discard bt_sock_unregister() errors

After we successfully registered a socket via bt_sock_register() there is
no reason to ever check the return code of bt_sock_unregister(). If
bt_sock_unregister() fails, it means the socket _is_ already unregistered
so we have what we want, don't we?

Also, to get bt_sock_unregister() to fail, another part of the kernel has
to unregister _our_ socket. This is sooo _wrong_ that it will break way
earlier than when we unregister our socket.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
3f7a56c4ff438f4727439cb048034f56320dd228 24-Oct-2012 Mat Martineau <mathewm@codeaurora.org> Bluetooth: Start channel move when socket option is changed

Channel moves are triggered by changes to the BT_CHANNEL_POLICY
sockopt when an ERTM or streaming-mode channel is connected.

Moves are only started if enable_hs is true.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2dc4e5105f012bda7eef2f459ed3d5299ded9672 12-Oct-2012 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Add chan->ops->defer()

When DEFER_SETUP is set defer() will trigger an authorization
request to the userspace.

l2cap_chan_no_defer() is meant to be used when one does not want to
support DEFER_SETUP (A2MP for example).

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
644912e18ac1d27f57f6673b0236b568ff750fd1 12-Oct-2012 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Move bt_accept_enqueue() to l2cap_sock.c

This is part of the move the parent socket usage to l2cap_sock.c

The change is safe when it comes to locking, bt_accept_enqueue() is still
protected by the parent socket lock inside the
l2cap_sock_new_connection_cb() code.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2d7928184c3d8724064de282be4e3c3d70f39d32 06-Oct-2012 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Fix L2CAP coding style

Follow the net subsystem coding style

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
12d5978165944a9c5b059a8258685539387fcf90 10-Oct-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Allow to set flush timeout

Enable setting of flush timeout via setsockopt

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
23d3a86948b65055345dc1fe778513e4bf3b07d6 08-Oct-2012 Sasha Levin <sasha.levin@oracle.com> Bluetooth: don't attempt to free a channel that wasn't created

We may currently attempt to free a channel which wasn't created due to
an error in the initialization path, this would cause a NULL ptr deref.

This would cause the following oops:

[ 12.919073] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 12.919131] IP: [<ffffffff836645c4>] l2cap_chan_put+0x34/0x50
[ 12.919135] PGD 0
[ 12.919138] Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 12.919193] Dumping ftrace buffer:
[ 12.919242] (ftrace buffer empty)
[ 12.919314] Modules linked in:
[ 12.919318] CPU 1
[ 12.919319] Pid: 6210, comm: krfcommd Tainted: G W 3.6.0-next-20121004-sasha-00005-gb010653-dirty #30
[ 12.919374] RIP: 0010:[<ffffffff836645c4>] [<ffffffff836645c4>] l2cap_chan_put+0x34/0x50
[ 12.919377] RSP: 0000:ffff880066933c38 EFLAGS: 00010246
[ 12.919378] RAX: ffffffff8366c780 RBX: 0000000000000000 RCX: 6666666666666667
[ 12.919379] RDX: 0000000000000fa0 RSI: ffffffff84d3f79e RDI: 0000000000000010
[ 12.919381] RBP: ffff880066933c48 R08: ffffffff859989f8 R09: 0000000000000001
[ 12.919382] R10: 0000000000000000 R11: 7fffffffffffffff R12: 0000000000000000
[ 12.919383] R13: ffff88009b00a200 R14: ffff88009b00a200 R15: 0000000000000001
[ 12.919385] FS: 0000000000000000(0000) GS:ffff880033600000(0000) knlGS:0000000000000000
[ 12.919437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 12.919440] CR2: 0000000000000010 CR3: 0000000005026000 CR4: 00000000000406e0
[ 12.919446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 12.919451] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 12.919504] Process krfcommd (pid: 6210, threadinfo ffff880066932000, task ffff880065c4b000)
[ 12.919506] Stack:
[ 12.919510] ffff88009b00a200 ffff880032084000 ffff880066933c68 ffffffff8366c7bc
[ 12.919513] 7fffffffffffffff ffff880032084000 ffff880066933c98 ffffffff833ae0ae
[ 12.919516] ffff880066933ca8 0000000000000000 0000000000000000 ffff88009b00a200
[ 12.919517] Call Trace:
[ 12.919522] [<ffffffff8366c7bc>] l2cap_sock_destruct+0x3c/0x80
[ 12.919527] [<ffffffff833ae0ae>] __sk_free+0x1e/0x1f0
[ 12.919530] [<ffffffff833ae2f7>] sk_free+0x17/0x20
[ 12.919585] [<ffffffff8366ca4e>] l2cap_sock_alloc.constprop.5+0x9e/0xd0
[ 12.919591] [<ffffffff8366cb9e>] l2cap_sock_create+0x7e/0x100
[ 12.919652] [<ffffffff83a4f32a>] ? _raw_read_lock+0x6a/0x80
[ 12.919658] [<ffffffff836402c4>] ? bt_sock_create+0x74/0x110
[ 12.919660] [<ffffffff83640308>] bt_sock_create+0xb8/0x110
[ 12.919664] [<ffffffff833aa232>] __sock_create+0x282/0x3b0
[ 12.919720] [<ffffffff833aa0b0>] ? __sock_create+0x100/0x3b0
[ 12.919725] [<ffffffff836785b0>] ? rfcomm_process_sessions+0x17e0/0x17e0
[ 12.919779] [<ffffffff833aa37f>] sock_create_kern+0x1f/0x30
[ 12.919784] [<ffffffff83675714>] rfcomm_l2sock_create+0x44/0x70
[ 12.919787] [<ffffffff836785b0>] ? rfcomm_process_sessions+0x17e0/0x17e0
[ 12.919790] [<ffffffff836785fe>] rfcomm_run+0x4e/0x1f0
[ 12.919846] [<ffffffff836785b0>] ? rfcomm_process_sessions+0x17e0/0x17e0
[ 12.919852] [<ffffffff81138ee3>] kthread+0xe3/0xf0
[ 12.919908] [<ffffffff8117b12e>] ? put_lock_stats.isra.14+0xe/0x40
[ 12.919914] [<ffffffff81138e00>] ? flush_kthread_work+0x1f0/0x1f0
[ 12.919968] [<ffffffff83a5077c>] ret_from_fork+0x7c/0x90
[ 12.919973] [<ffffffff81138e00>] ? flush_kthread_work+0x1f0/0x1f0
[ 12.920161] Code: 83 ec 08 f6 05 ff 58 44 02 04 74 1b 8b 4f 10 48 89 fa 48 c7 c6 d9 d7 d4 84 48 c7 c7 80 9e aa 85 31 c0 e8 80
ac 3a fe 48 8d 7b 10 <f0> 83 6b 10 01 0f 94 c0 84 c0 74 05 e8 8b e0 ff ff 48 83 c4 08
[ 12.920165] RIP [<ffffffff836645c4>] l2cap_chan_put+0x34/0x50
[ 12.920166] RSP <ffff880066933c38>
[ 12.920167] CR2: 0000000000000010
[ 12.920417] ---[ end trace 5a9114e8a158ab84 ]---

Introduced in commit 61d6ef3e ("Bluetooth: Make better use of l2cap_chan
reference counting").

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
85e34368dea6fc8a2d16464e01c85d3b7bd682bd 05-Oct-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Fix dereference after NULL check

Move code dereferencing possible NULL pointer to the check branch.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
cc110922da7e902b62d18641a370fec01a9fa794 24-Aug-2012 Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Bluetooth: Change signature of smp_conn_security()

To make it clear that it may be called from contexts that may not have
any knowledge of L2CAP, we change the connection parameter, to receive
a hci_conn.

This also makes it clear that it is checking the security of the link.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
792039c73cf176c8e39a6e8beef2c94ff46522ed 15-Aug-2012 Mathias Krause <minipli@googlemail.com> Bluetooth: L2CAP - Fix info leak via getsockname()

The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
49dfbb9129c4edb318578de35cc45c555df37884 18-Jul-2012 Jaganath Kanakkassery <jaganath.k@samsung.com> Bluetooth: Fix socket not getting freed if l2cap channel create fails

If l2cap_chan_create() fails then it will return from l2cap_sock_kill
since zapped flag of sk is reset.

Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
5b28d95c13e876037d2c692e61862bb3e98249af 25-Jul-2012 Masatake YAMATO <yamato@redhat.com> Bluetooth: Added /proc/net/l2cap via bt_procfs_init()

Added /proc/net/l2cap via bt_procfs_init().

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
4af66c691f4e5c2db9bb00793669a548e9db1974 13-Jul-2012 Jaganath Kanakkassery <jaganath.k@samsung.com> Bluetooth: Free the l2cap channel list only when refcount is zero

Move the l2cap channel list chan->global_l under the refcnt
protection and free it based on the refcnt.

Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Syam Sidhardhan <s.syam@samsung.com>
Reviewed-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
8c3a4f004e706fd7e681c68c6de4946c8c76b976 31-May-2012 Andre Guedes <andre.guedes@openbossa.org> Bluetooth: Rename L2CAP_LE_DEFAULT_MTU

This patch renames L2CAP_LE_DEFAULT_MTU macro to L2CAP_LE_MIN_MTU
since it represents the minimum MTU value, not the default MTU
value for LE.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
682877c31fc1b6510b694b6b8e78d8dde53a47cc 31-May-2012 Andre Guedes <andre.guedes@openbossa.org> Bluetooth: Check MTU value in l2cap_sock_setsockopt_old

If user tries to set an invalid MTU value, l2cap_sock_setsockopt_old
should return -EINVAL.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
538266929eb7165f92b91eb0f403120fe759e742 28-May-2012 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Move check for backlog size to l2cap_sock.c

Remove socket specific code from l2cap_core.c

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
54a59aa2b562872781d6a8fc89f300d360941691 28-May-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Add l2cap_chan->ops->ready()

This move socket specific code to l2cap_sock.c.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
c0df7f6e06e1aeccee39c801af7f78cadeb9f345 28-May-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Move clean up code and set of SOCK_ZAPPED to l2cap_sock.c

This remove a bit more of socket code from l2cap core, this calls set the
SOCK_ZAPPED and do some clean up depending on the socket state.

Reported-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
80b980279508edd1a92d8d77ec99b0ddad00c5fe 28-May-2012 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Use chan as parameters for l2cap chan ops

Use chan instead of void * makes more sense here.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2983fd682444180e45567ce8147a612b97ba69da 24-May-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Define and use PSM identifiers

Define assigned Protocol and Service Multiplexor (PSM) identifiers
and use them instead of magic numbers.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
8c520a59927a5600973782505dbb750d985057c4 23-May-2012 Gustavo Padovan <gustavo.padovan@collabora.co.uk> Bluetooth: Remove unnecessary headers include

Most of the include were unnecessary or already included by some other
header.
Replace module.h by export.h where possible.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
c5daa683f2d3315cd766f550ef7d88bfca1671f4 16-May-2012 Gustavo Padovan <gustavo@padovan.org> Bluetooth: Create flags for bt_sk()

defer_setup and suspended are now flags into bt_sk().

Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
c6585a4da0c709a7a9f59aab68869298b52ca1e1 07-May-2012 Gustavo Padovan <gustavo@padovan.org> Bluetooth: report the right security level in getsockopt

During a security level elevation we need to keep track of the current
security level of a connection until the new one is not confirmed.

Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
a6a5568c03c4805d4d250f6bd9d468eeeb4ea059 04-May-2012 Mat Martineau <mathewm@codeaurora.org> Bluetooth: Lock the L2CAP channel when sending

The ERTM and streaming mode transmit queue must only be accessed while
the L2CAP channel lock is held. Locking the channel before calling
l2cap_chan_send ensures that multiple threads cannot simultaneously
manipulate the queue when sending and receiving concurrently.

L2CAP channel locking had previously moved to the l2cap_chan struct
instead of the associated socket, so some of the old socket locking
can also be removed in this patch.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
a7d7723ae7c0178d715c06c5621e8fd8014ba92f 13-May-2012 Gustavo Padovan <gustavo@padovan.org> Bluetooth: notify userspace of security level change

It fixes L2CAP socket based security level elevation during a
connection. The HID profile needs this (for keyboards) and it is the only
way to achieve the security level elevation when using the management
interface to talk to the kernel (hence the management enabling patch
being the one that exposes this issue).

It enables the userspace a security level change when the socket is
already connected and create a way to notify the socket the result of the
request. At the moment of the request the socket is made non writable, if
the request fails the connections closes, otherwise the socket is made
writable again, POLL_OUT is emmited.

Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
61d6ef3e3408cdf7e622646fb90a9f7f9560b943 28-Apr-2012 Mat Martineau <mathewm@codeaurora.org> Bluetooth: Make better use of l2cap_chan reference counting

L2CAP sockets contain a pointer to l2cap_chan that needs to be
reference counted in order to prevent a possible dangling pointer when
the channel is freed.

There were a few other cases where an l2cap_chan pointer on the stack
was dereferenced after a call to l2cap_chan_del. Those pointers are
also now reference counted.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
8e9f98921c0718cda76bc53c2b51954657b60fa6 25-Apr-2012 Andre Guedes <andre.guedes@openbossa.org> Bluetooth: Use address type info from user-space

In order to establish a LE connection we need the address type
information. User-space already pass this information to kernel
through struct sockaddr_l2.

This patch adds the dst_type parameter to l2cap_chan_connect so we
are able to pass the address type info from user-space down to
hci_conn layer.

Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
6b3af7334bd3c403647606adfb04f6e6bcf1597e 19-Apr-2012 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Split error handling for L2CAP listen sockets

Split the checks for sk->sk_state and sk->sk_type for L2CAP listen
sockets. This makes the code more readable.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
9033894722ec595053c92bfa4359b37e7bc91b78 07-Apr-2012 Gustavo Padovan <gustavo@padovan.org> Bluetooth: Remove err parameter from alloc_skb()

Use ERR_PTR maginc instead.

Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
bd4b165312bacbf1e732cbc22c141362cfb5fda3 28-Mar-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Adds set_default function in L2CAP setup

Some parameters in L2CAP chan are set to default similar way in
socket based channels and A2MP channels. Adds common function which
sets all defaults.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
3a602a00a4a9d531b4a71ceed487d84103e4b141 28-Mar-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Remove unneeded zero initialization

Remove zero initialization since channel is allocated with kzalloc
in l2cap_chan_create.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
eef1d9b668c51dcae58d8bb41ce0c805f866dbbd 25-Mar-2012 Gustavo Padovan <gustavo@padovan.org> Bluetooth: Remove sk parameter from l2cap_chan_create()

Following the separation if core and sock code this change avoid
manipulation of sk inside l2cap_chan_create().

Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
6e4aff103774d6ee937a1dba9b1b4bf89100e7f6 01-Mar-2012 Santosh Nayak <santoshprasadnayak@gmail.com> Bluetooth: Fix Endian Bug.

Fix network to host endian conversion for L2CAP chan id.

Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
04124681f104c1980024ff249a34a77a249fd2bc 08-Mar-2012 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: fix conding style issues all over the tree

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
ba13ccd9b911e043c0f11e60cbb72bd4de194205 01-Mar-2012 Marcel Holtmann <marcel@holtmann.org> Bluetooth: Update L2CAP timeout constants to use msecs_to_jiffies

The L2CAP timeout constants are always used in form of jiffies. So just
include the conversion from msecs in the define itself. This has the
advantage of making the code where the timeout is used more readable.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
b3fb611ec7b76048cb14600e9a5a9b57e5d913da 22-Feb-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Remove socket lock check

Simplify code so that we do not need to check whether socket is locked.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
6be3655552ee49aa2b5fd20fa1b08f28d0feac86 22-Feb-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Change sk lock to chan lock in L2CAP core

Change sk lock to chan lock in l2cap core and move sk locks
to l2cap sock code. bh_locks were used because of being RCU
critical section. When needed use explicit socket locks.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
3df91ea20e744344100b10ae69a17211fcf5b207 20-Feb-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Revert to mutexes from RCU list

Usage of RCU list looks not reasonalbe for a number of reasons:
our code sleep and we had to use socket spinlocks. Most parts
of code are updaters thus there is little sense to use RCU.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
e05dcc3291dcfe9ab1b456f38ccb3041ebbda59c 17-Feb-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Use symbolic names for state in debug

Use state_to_string function in debug statements.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
7ddb6e0f3f7aa265c905b947e9ac4ab9562e52f2 14-Feb-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Do not dereference zero sk

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
b5a30dda6598af216c070165ece6068f9f00f33a 21-Jan-2012 Octavian Purdila <tavi.purdila@gmail.com> Bluetooth: silence lockdep warning

Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).

This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:

<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544] 3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869] (rfcomm_mutex){+.+.+.}, at: [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045] (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549] [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977] [<c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411] [<c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858] [<c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279] [<c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687] [<c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106] [<c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542] [<c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959] [<c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365] [<c104f095>] kthread+0x63/0x68
<4>[ 1864.742742] [<c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667] [<c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100] [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519] [<c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975] [<c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412] [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842] [<c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288] [<c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737] [<c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165] [<c14d42f0>] syscall_call+0x7/0xb

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
a63752552b95624a9f1dfa3d763870f72f964ad0 04-Jan-2012 Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Bluetooth: Fix sk_sndtimeo initialization for L2CAP socket

sk_sndtime value should be specified in jiffies thus initial value
needs to be converted from miliseconds. Otherwise this timeout is
unreliable when CONFIG_HZ is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2f7719ce54bf6e877987f6ef578b580a51d8c2e3 20-Jan-2012 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Add alloc_skb chan operator

Add channel-specific skb allocation method

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
d22015aad40b4316f0f74c8e410debca44c3e6e2 21-Jan-2012 Octavian Purdila <tavi.purdila@gmail.com> Bluetooth: silence lockdep warning

Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).

This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:

<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544] 3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869] (rfcomm_mutex){+.+.+.}, at: [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045] (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549] [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977] [<c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411] [<c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858] [<c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279] [<c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687] [<c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106] [<c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542] [<c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959] [<c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365] [<c104f095>] kthread+0x63/0x68
<4>[ 1864.742742] [<c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667] [<c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100] [<c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519] [<c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975] [<c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412] [<c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842] [<c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288] [<c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737] [<c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165] [<c14d42f0>] syscall_call+0x7/0xb

Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
6423cf3a1862d5b162aaa13543bf69216a9f6ac0 04-Jan-2012 Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Bluetooth: Fix sk_sndtimeo initialization for L2CAP socket

sk_sndtime value should be specified in jiffies thus initial value
needs to be converted from miliseconds. Otherwise this timeout is
unreliable when CONFIG_HZ is not set to 1000.

Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
3542b854bc26e5f8e42e0eab4d7f7453b74a362d 28-Dec-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Keep chan->state and sk->sk_state in sync

Those vars need to be in sync, otherwise l2cap_core.c can get the wrong
state.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
590051de5ce54f7ae02997ed0a2532f08c7b7866 18-Dec-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Add ProFUSION's copyright

Add ProFUSION's copyright to some files I've been touching recently.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
03a001948166d966d0d580cddb8ae3a23f8b795b 09-Dec-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: invert locking order in connect path

This move some checking code that was in l2cap_sock_connect() to
l2cap_chan_connect(). Thus we can invert the lock calls, i.e., call
lock_sock() before hci_dev_lock() to avoid a deadlock scenario.

Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
f9c3123b5a7c9585902927b14983e6635aca00c6 09-Dec-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Use chan instead of l2cap_pi macro

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
0bee1d60cbad24288c75573511356d450c1fd45a 05-Nov-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Allow L2CAP to increase the security level

Some incomming connections needs to increase the security level by
requesting encryption for example (HID keyboard case). This change allows
the userspace to change it through setsockopt with defer_setup enabled.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2ea664822af6705574dfbbf8c77fc7d75a94e9b3 03-Nov-2011 Mat Martineau <mathewm@codeaurora.org> Bluetooth: Add channel policy to getsockopt/setsockopt

Each channel has a policy to require BR/EDR (the default),
prefer BR/EDR, or prefer AMP.

Check for valid policy value and L2CAP mode.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
6b3c7104677a731cf6d3638e09d9d6c530b9bc25 02-Nov-2011 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: Initialize tx_win_max for fixed channel

tx_win_max is initialized during L2CAP configuration phase. For fixed
channels (e.g. A2MP) we want to have it initialized when channel is
created.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
5e59b791c3561e2fbb4aee17df3505ad25c16b7a 01-Nov-2011 Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Bluetooth: set skbuffer priority based on L2CAP socket priority

This uses SO_PRIORITY to set the skbuffer priority field

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
bc3b2d7fb9b014d75ebb79ba371a763dbab5e8cf 15-Jul-2011 Paul Gortmaker <paul.gortmaker@windriver.com> net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules

These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
6230c9b4f8957c8938ee4cf2d03166d3c2dc89de 07-Oct-2011 Paul Moore <pmoore@redhat.com> bluetooth: Properly clone LSM attributes to newly created child connections

The Bluetooth stack has internal connection handlers for all of the various
Bluetooth protocols, and unfortunately, they are currently lacking the LSM
hooks found in the core network stack's connection handlers. I say
unfortunately, because this can cause problems for users who have have an
LSM enabled and are using certain Bluetooth devices. See one problem
report below:

* http://bugzilla.redhat.com/show_bug.cgi?id=741703

In order to keep things simple at this point in time, this patch fixes the
problem by cloning the parent socket's LSM attributes to the newly created
child socket. If we decide we need a more elaborate LSM marking mechanism
for Bluetooth (I somewhat doubt this) we can always revisit this decision
in the future.

Reported-by: James M. Cape <jcape@ignore-your.tv>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
6327eb980d2ff0c96363b81cb0ce580165cb81b8 11-Oct-2011 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: EWS: extended window size option support

Adds support for extended window size (EWS) config option. We enable EWS
feature in L2CAP Info RSP when hs enabled. EWS option is included in L2CAP
Config Req if tx_win (which is set via socket) bigger then standard default
value (63) && hs enabled && remote side supports EWS feature.

Using EWS selects extended control field in L2CAP.

Code partly based on Qualcomm and Atheros patches sent upstream a year ago.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
43bd0f32d5cf6593e420b26e2c1c41dc371a47d7 11-Oct-2011 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: convert role_switch variable to flag in l2cap chan

role_switch variable inside l2cap_chan is a logical one and can
be easily converted to flag

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
15770b1ab9747de47604da3494e187056b120aff 11-Oct-2011 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: convert force_active variable to flag in l2cap chan

force_active variable inside l2cap_chan is a logical one and can
be easily converted to flag

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
ecf61bdba845b5e77cf1d5e8620ef54abcfa50ef 11-Oct-2011 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: convert force_reliable variable to flag in l2cap chan

force_reliable variable inside l2cap_chan is a logical one and can
be easily converted to flag

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
d57b0e8b8990419b7b7ae0dda5cc4452720b3c7c 11-Oct-2011 Andrei Emeltchenko <andrei.emeltchenko@intel.com> Bluetooth: convert flushable variable to flag in l2cap chan

flushable variable inside l2cap_chan is a logical one and can
be easily converted to flag. Added flags in l2cap_chan structure.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
6be6b11f006840ba7d8d4b959b3fa0c522f8468a 28-Jul-2011 Chen Ganir <chen.ganir@ti.com> Bluetooth: Fixed wrong L2CAP Sock timer value

L2CAP connection timeout needs to be assigned as miliseconds
and not as jiffies.

Signed-off-by: Chen Ganir <chen.ganir@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
f9a3c20aa07462108fc6fd759dea956053f020bb 24-Jul-2011 Peter Hurley <peter@hurleysoftware.com> Bluetooth: l2cap: Fix lost wakeups waiting to accept socket

Fix race conditions which can cause lost wakeups (or misssed signals)
while waiting to accept an l2cap socket connection.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
8f360119243c214eb5c5549c61981d51a276154a 08-Jul-2011 Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Bluetooth: Add support for returning the encryption key size

This will be useful when userspace wants to restrict some kinds of
operations based on the length of the key size used to encrypt the
link.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
e328140fdacbba43292a59a22fb55d9185288318 07-Jul-2011 Mat Martineau <mathewm@codeaurora.org> Bluetooth: Use event-driven approach for handling ERTM receive buffer

This change moves most L2CAP ERTM receive buffer handling out of the
L2CAP core and in to the socket code. It's up to the higher layer
(the socket code, in this case) to tell the core when its buffer is
full or has space available. The recv op should always accept
incoming ERTM data or else the connection will go down.

Within the socket layer, an skb that does not fit in the socket
receive buffer will be temporarily stored. When the socket is read
from, that skb will be placed in the receive buffer if possible. Once
adequate buffer space becomes available, the L2CAP core is informed
and the ERTM local busy state is cleared.

Receive buffer management for non-ERTM modes is unchanged.

Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
c1360a1cf35117d6f3898cb5183ce4349d06714c 10-Jun-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: use bit operation on conf_state

Instead of making the bit operations manually, we now use set_bit,
test_bit, etc.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
f1cb9af557dd8fb5d98fbcc4b5d3eb9d6d235af7 27-Jan-2011 Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Bluetooth: Add support for resuming socket when SMP is finished

This adds support for resuming the user space traffic when SMP
negotiation is complete.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
89bc500e41fc5b48e0573e6b0d927fc97b8951dc 03-Jun-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Add state tracking to struct l2cap_chan

Now socket state is tracked by struct sock and channel state is tracked by
chan->state. At this point both says the same, but this is going to change
when we add AMP Support for example.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
ba3bd0ee3946d9300512e685e8d5573dfa10c060 16-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: add close() callback to l2cap_chan_ops

close() calls l2cap_sock_kill() on l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
230704942283cb3990584ddd6955ac8decfa6a2c 16-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: add recv() callback to l2cap_chan_ops

This abstracts the call to sock_queue_recv_skb() into
l2cap_chan_ops->recv().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
80808e431e1ef25856457de82ce141bed6a6313a 16-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Add l2cap_chan_ops abstraction

Add an abstraction layer between L2CAP core and its users (only
l2cap_sock.c now). The first function implemented is new_connection() that
replaces calls to l2cap_sock_alloc() in l2cap_core.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
dc50a06dac61d7ca7ddb3d9bb8921ca5d68f51b6 16-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Merge l2cap_chan_create() in the l2cap_sock_alloc()

As a first step to remove l2cap_sock_alloc() and l2cap_sock_init() from
l2cap_core.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
8d03e971cf403305217b8e62db3a2e5ad2d6263f 12-May-2011 Filip Palian <s3810@pjwstk.edu.pl> Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.

Structures "l2cap_conninfo" and "rfcomm_conninfo" have one padding
byte each. This byte in "cinfo" is copied to userspace uninitialized.

Signed-off-by: Filip Palian <filip.palian@pjwstk.edu.pl>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
14b12d0b98f87162b7e9e93dde66d1af97886567 24-May-2011 Jaikumar Ganesh <jaikumar@google.com> Bluetooth: Add BT_POWER L2CAP socket option.

Add BT_POWER socket option used to control the power
characteristics of the underlying ACL link. When the remote end
has put the link in sniff mode and the host stack wants to send
data we need need to explicitly exit sniff mode to work well with
certain devices (For example, A2DP on Plantronics Voyager 855).
However, this causes problems with HID devices.

Hence, moving into active mode when sending data, irrespective
of who set the sniff mode has been made as a socket option. By
default, we will move into active mode. HID devices can set the
L2CAP socket option to prevent this from happening.

Currently, this has been implemented for L2CAP sockets. This has been
tested with incoming and outgoing L2CAP sockets for HID and A2DP.

Based on discussions on linux-bluetooth and patches submitted by
Andrei Emeltchenko.

Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
0f8527249646bbe75d036fe8b9b84d662ece90a9 05-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Rename __l2cap_chan_close() to l2cap_chan_close()

To make it consistent with the rest of the API.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
500698d3fd987f6c405d6d5f68fdf535a539e71e 05-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Remove export of l2cap_chan_clear_timer()

The call to l2cap_chan_clear_timer() is not really needed in l2cap_sock.c.
This patch also adds a call to l2cap_chan_clear_timer() to the only place
in __l2cap_sock_close() that wasn't calling it. It's safe call it there
because l2cap_chan_clear_timer() check first for timer_peding().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
ab07801d28985090ac38047b5a4d8952a7e1689f 02-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: create channel timer to replace sk_timer

The new timer does not belong to struct sock, tought it still touch some
sock things, but this will be sorted out soon.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
715ec005cd10c5d53109ffe513e4d403644e3e48 02-May-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Add chan->chan_type struct member

chan_type says if our chan is raw(direclty access to HCI),
connection less or connection oriented.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
9a91a04a95d30a18909e2aec9d7b17b4c86088a7 28-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Create l2cap_chan_send()

This move all the sending logic to l2cap_core.c, but we still have a
socket dependence there, struct msghdr. It will be removed in some of the
further commits.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
4519de9a0478d8de438f8b80ab2e94668ef63ab4 28-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Create __l2cap_chan_close()

This is actually __l2cap_sock_close() renamed to __l2cap_chan_close().
At a first look it may not make sense, but with the further cleanups that
will come it will.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
23691d75cdc69c3b285211b4d77746aa20a17d18 27-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Remove l2cap_sk_list

A new list was added to replace the socket based one. This new list
doesn't depent on sock and then fits better inside l2cap_core.c code.

It also rename l2cap_chan_alloc() to l2cap_chan_create() and
l2cap_chan_free() to l2cap_chan_destroy)

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
73b2ec18532f45e9028ce4c7bc8d7f8818eabd2a 19-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Handle psm == 0 case inside l2cap_add_psm()

When the user doesn't specify a psm we have the choose one for the
channel. Now we do this inside l2cap_add_psm().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
9e4425fff9e0a0fb6a8c705777ed861f991f8747 18-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Add l2cap_add_psm() and l2cap_add_scid()

The intention is to get rid of the l2cap_sk_list usage inside
l2cap_core.c. l2cap_sk_list will soon be replaced by a list that does not
depend on socket usage.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
cf2f90f59bbf2c2a539d171cde6e1dfe72048555 27-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Don't export l2cap_sock_ops

l2cap_sk_ops can be static, it's not used outside l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
6ff5abbf4e4aa88feb9c2367d4fbd9ea081bf98c 25-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Fix memory leak with L2CAP channels

A new l2cap_chan_free() is added to free the channels.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
8c1d787be4b62d2d1b6f04953eca4bcf7c839d44 14-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move conn to struct l2cap_chan

There is no need to the socket deal directly with the channel, most of the
time it cares about the channel only.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
fe4128e0aabc3c748786c00da21e6eff9d3aeddb 14-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move more vars to struct l2cap_chan

In this commit, psm, scid and dcid.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
0c1bc5c626e9783034264ccca4b262b3acc628f1 13-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move more channel info to struct l2cap_chan

In this commit, omtu, imtu, flush_to, mode and sport. It also remove the
pi var from l2cap_sock_sendmsg().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
47d1ec6161da2c7b9dbc56a5200fa26b17d5fdc1 13-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move more vars to struct l2cap_chan

In this commit all ERTM and Streaming Mode specific vars.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
4343478f3a4806394136d8141b2e451aa5443f03 12-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move some more elements to struct l2cap_chan

In this commit sec_level, force_reliable, role_switch and flushable.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
77a74c7e0861e6ebac7effe233fd7e83f1ad9ecc 12-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Rename l2cap_do_connect() to l2cap_chan_connect()

l2cap_chan_connect() is a much better name and reflects what this
functions is doing (or will do once socket dependence is removed from the
core).

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
b44500351845e4f6df0d752a8870da246be8216f 12-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move conf_state to struct l2cap_chan

First move of elements depending on user data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
5d41ce1dd91bce01d50aff79786dc5d5eedcfab7 08-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Refactor L2CAP channel allocation

If the allocation happens at l2cap_sock_create() will be able to use the
struct l2cap_chan to store channel info that comes from the user via
setsockopt.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
cd69a03af1106c486033df600c7945957ea5abeb 05-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Fix wrong comparison in listen()

We should check for the pi->scid there.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
58d35f87effa0235181a24d55576aaa756ef7312 04-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move tx queue to struct l2cap_chan

tx_q is the queue used by ERTM mode.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
39d5a3ee355fa903ef4609402c79f570eb9fc4d2 04-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move SREJ list to struct l2cap_chan

As part of moving all the Channel related operation to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
f1c6775be6fc944e32e0150305d9753b9a846519 26-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move srej and busy queues to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
e92c8e70faf5e3cc22979daba2a895359aa1eab2 01-Apr-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move ERTM timers to struct l2cap_chan

This also triggered a change in l2cap_send_disconn_req() parameters.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2c03a7a49e0831646bd35d0877ec7d051d8f174b 26-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move remote info to struct l2cap_chan

As part of the moving channel stuff to l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
42e5c8027bad6f1591032941f0ebf4fc079405c8 25-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move of ERTM *_seq vars to struct l2cap_chan

As part of the moving channel to stuff to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
525cd1851b9faaadf5ea33e05192b8d22f42487e 25-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move conn_state to struct l2cap_chan

This is part of "moving things to l2cap_chan". As one the first move it
triggered a big number of changes in the funcions parameters, basically
changing the struct sock param to struct l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
710f9b0a423cad155144742f6497efe5163ed750 25-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: clean up l2cap_sock_recvmsg()

Move some channel specific stuff to l2cap_core.c, this will make things
more clear.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
73ffa904b78287f6acf8797e040150aa26a4af4a 25-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan

They are also l2cap_chan specific.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
fc7f8a7ed4543853a99852ca405ea71fabe78946 25-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Move ident to struct l2cap_chan

ident is chan property, no need to reside on socket.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
48454079c2d4b9ee65c570a22c5fdfe1827996a4 25-Mar-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Create struct l2cap_chan

struct l2cap_chan cames to create a clear separation between what
properties and data belongs to the L2CAP channel and what belongs to the
socket. By now we just fold the struct sock * in struct l2cap_chan as all
the channel info is struct l2cap_pinfo today.

In the next commits we will see a move of channel stuff to struct
l2cap_chan.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
34bd0273b631742e8d929c80e90cb7782105d8da 24-Mar-2011 Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Bluetooth: delete hanging L2CAP channel

Sometimes L2CAP connection remains hanging. Make sure that
L2CAP channel is deleted.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
25985edcedea6396277003854657b5f3cb31a628 31-Mar-2011 Lucas De Marchi <lucas.demarchi@profusion.mobi> Fix common misspellings

Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
a0cc9a1b5712ea52aaa4e7abfa0ec2dbe0d820ff 24-Mar-2011 Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Bluetooth: delete hanging L2CAP channel

Sometimes L2CAP connection remains hanging. Make sure that
L2CAP channel is deleted.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
e2174ca430ec52375a02ed20859aeceb0d455b72 17-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: fix errors reported by checkpatch.pl

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
5589fa9c2d2b8c134f44db36892ccc500aac3147 11-Feb-2011 Ville Tervo <ville.tervo@nokia.com> Bluetooth: Do not send disconn comand over LE links

l2cap over LE links can be disconnected without sending
disconnect command first.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
b62f328b8f20abe97cdbaaf44c6e4f5e7a610f18 11-Feb-2011 Ville Tervo <ville.tervo@nokia.com> Bluetooth: Add server socket support for LE connection

Add support for LE server sockets.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
acd7d3708555b3da7522e23c183cc21efc785f72 11-Feb-2011 Ville Tervo <ville.tervo@nokia.com> Bluetooth: Add LE connection support to L2CAP

Add basic LE connection support to L2CAP. LE
connection can be created by specifying cid
in struct sockaddr_l2

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
e3fb592b15602196d38b225dc78aab8d631a5f89 10-Feb-2011 Vasiliy Kulikov <segoon@openwall.com> Bluetooth: l2cap: fix 1 byte infoleak to userspace

Structure l2cap_options has one padding byte between max_tx and
txwin_size fields. This byte in "opts" is copied to userspace
uninitialized.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
6de0702b5b93da0ef097aa092b4597fbc024ebba 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move __l2cap_sock_close() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
05fc1576dabb1defae3c8c0371fb9d21f7db997a 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_kill() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
6ddc0485e1a6ecd450140ea40ffa52786f99183c 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move L2CAP sock timers function to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
fd83ccdb393e3190633e0240dd73faac8998164b 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_sendmsg() to l2cap_sock.c

Also moves some L2CAP sending functions declaration to l2cap.h

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
dcba0dba54b566a08376f93cab35cdabd6abda20 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_shutdown() to l2cap_sock.c

Declare __l2cap_wait_ack() and l2cap_sock_clear_timer() in l2cap.h

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
6898325923f9571fbede3372dc490faa43b3258a 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_recvmsg() to l2cap_sock.c

It causes the move of the declaration of 3 functions to l2cap.h:
l2cap_get_ident(), l2cap_send_cmd(), l2cap_build_conf_req()

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
4e34c50bfe5ba87da1622cc7c6ed10712da255ad 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_connect() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
99f4808db0c052f3c92a689ec2841618bf2ce14a 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_getsockopt() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
33575df7be6748292f88453f29319af6d639c5c8 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_setsockopt() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
d7175d55255cb0a576844bc6e986000e0d7f8e9d 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_getname() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
c47b7c724bc7106acf602b2ce99922a2d14ea62b 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_accept() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
af6bcd8205ac06fa1de98b2b28303157fb9c3dfc 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_bind()/listen() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
554f05bb8a0707dcc0ba4ea1dba1fb9970846ab5 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_release() to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
65390587c7bcf8bb60b48387db766d8d7dfea982 04-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: move l2cap_sock_ops to l2cap_sock.c

First step to move all l2cap_sock_ops function to l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
bb58f747e519aba07a6f05a78d58cf8a0788e2d5 03-Feb-2011 Gustavo F. Padovan <padovan@profusion.mobi> Bluetooth: Initial work for L2CAP split.

This patch tries to do the minimal to move l2cap_sock_create() and its
dependencies to l2cap_sock.c. It create a API to initialize and cleanup
the L2CAP sockets from l2cap_core.c through l2cap_init_sockets() and
l2cap_cleanup_sockets().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>