Sometimes HCI command sending timeouts and gives error message without
specifying which command causes error. Patch makes sure that opcode
is printed to help debugging.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Bluetooth: Update HCI timeouts constants to use msecs_to_jiffies
The HCI constants are always used in form of jiffies. So just
include the conversion from msecs in the define itself. This has the
advantage of making the code where the timeout is used more readable
and avoiding unnecessary conversions.
The patch is similar to commit ba13ccd9 doing the same job for L2CAP
Johan Hedberg [Fri, 8 Jun 2012 15:31:13 +0000 (23:31 +0800)]
Bluetooth: Add support for encryption key refresh
With LE/SMP the completion of a security level elavation from medium to
high is indicated by a HCI Encryption Key Refresh Complete event. The
necessary behavior upon receiving this event is a mix of what's done for
auth_complete and encryption_change, which is also where most of the
event handling code has been copied from.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Johan Hedberg [Thu, 7 Jun 2012 06:58:37 +0000 (14:58 +0800)]
Bluetooth: Fix SMP security elevation from medium to high
If we have an unauthenticated key it is not sufficient to acheive high
security. Therefore, when deciding whether to encrypt the link or
request pairing, it is essential to in addition to checking the
existence of a key to also check whether it is authenticated or not.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Johan Hedberg [Wed, 6 Jun 2012 10:44:11 +0000 (18:44 +0800)]
Bluetooth: Fix deadlock and crash when SMP pairing times out
The l2cap_conn_del function tries to cancel_sync the security timer, but
when it's called from the timeout function itself a deadlock occurs.
Subsequently the "hcon->l2cap_data = NULL" that's supposed to protect
multiple calls to l2cap_conn_del never gets cleared and when the
connection finally drops we double free's etc which will crash the
kernel.
This patch fixes the issue by using the HCI_CONN_LE_SMP_PEND for
protecting against this. The same flag is also used for the same purpose
in other places in the SMP code.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Vishal Agarwal [Thu, 7 Jun 2012 14:57:35 +0000 (20:27 +0530)]
Bluetooth: Fix LE pairing completion on connection failure
For BR/EDR pairing is assumed to be finished when connection is
done. For LE if connection is successful it did not necessarily
mean that pairing is also done but if the connection is unsuccessful
it should be assumed that pairing procedure is also finished.
This patch registers a new function with connect_cfm_cb callback for
LE link which sends the pairing complete signal to user space if
connection is unsuccessful.
Johan Hedberg [Wed, 6 Jun 2012 10:54:15 +0000 (18:54 +0800)]
Bluetooth: Fix SMP pairing method selection
The tk_request function takes the local IO capability as the second last
parameter and the remote IO capability as the last parameter. They were
previously swapped: when we receive a pairing response
req->io_capability contains the local one and rsp->io_capability the
remote one.
Andre Guedes [Thu, 31 May 2012 23:01:41 +0000 (20:01 -0300)]
Bluetooth: Filter duplicated reports in LE scan
This patch enables filtering duplicated advertising reports during
LE scan.
Some LE devices advertise using very small intervals generating lots
of equal advertising report events to the host. Each event generates
a mgmt_device_found event which is copied to userspace.
Enabling this feature, duplicated advertising reports are filtered
at controller's link layer. This way, the controller doesn't wake up
the host to report duplicated advertising reports and, consequently,
less data is copied to userspace.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Andre Guedes [Thu, 31 May 2012 20:01:33 +0000 (17:01 -0300)]
Bluetooth: Change default MTU for L2CAP ATT channel
This patch changes the default MTU value for L2CAP ATT fixed channel
to L2CAP_DEFAULT_MTU (672 octets).
Differently from others L2CAP channels, in L2CAP ATT fixed channel
there is no MTU negotiation. The MTU value for that channel is up to
the L2CAP implementation. The only restriction in L2CAP spec is the
MTU value must not be less than 23 octets.
At ATT protocol level (on top of L2CAP), we have the ATT_MTU which
defines the maximum size of any ATT message sent between client and
server. GATT profile defines ATT_MTU default value to 23 octets. If
a GATT based profile wants to use ATT_MTU greater than 23 octets
(e.g. HID over GATT profile), it should negotiate a new value by
executing the GATT Exchange MTU sub-procedure.
Thus, in order to support any value of ATT_MTU negotiated at ATT
protocol level, our L2CAP implementation should have L2CAP ATT
fixed channel MTU equal or greater than ATT_MAX_MTU (512 octets).
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Bluetooth: Fix not removing hci_conn for failed LE connection
This patch changes way LE Connection Complete event with error status are
handled. BDADDR returned in such event packet do not need to be valid and
should not be used to search for existing hci_conn. Instead, any hci_conn
with BT_CONNECT state should be matched since there can be only one
pending LE outgoing connection at any time.
If not handled properly, appriopriate hci_conn will not be removed and
subsequent connection to given peer will try to reuse it without making
actual connection attempt.
2012-05-07 11:21:39.133378 < HCI Command: LE Create Connection (0x08|0x000d) plen 25
bdaddr 00:22:D0:10:13:EE type 1
2012-05-07 11:21:39.138774 > HCI Event: Command Status (0x0f) plen 4
LE Create Connection (0x08|0x000d) status 0x00 ncmd 1
2012-05-07 11:21:44.752854 < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0
2012-05-07 11:21:44.759475 > HCI Event: Command Complete (0x0e) plen 4
LE Create Connection Cancel (0x08|0x000e) ncmd 1
2012-05-07 11:21:44.764479 > HCI Event: LE Meta Event (0x3e) plen 19
LE Connection Complete
status 0x02 handle 0, role master
bdaddr 00:00:00:00:00:00 (Public)
Gustavo Padovan [Tue, 29 May 2012 16:29:16 +0000 (13:29 -0300)]
Bluetooth: Create function to return the ERTM header size
Simplify the handling of different ERTM header size. We were the same
check in some places of the code, and more is expected to come, so just
replace them with a function.
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make A2MP channel special channel which do not reference hci_conn.
This prevents from keeping ACL connection open when all L2CAP
channels got closed.
hci_conn_hold and hci_conn_put are not reference counts on the
hci_conn structure in the typical way. They are reference counts for
the ACL. When you do the last hci_conn_put, the ACL is disconnected
after a timeout.
Reported-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Bluetooth: A2MP: Process A2MP Create Physlink Request
Placeholder for A2MP Create Physlink Request.
Handles requests with invalid controler id as shown below:
...
> ACL data: handle 11 flags 0x02 dlen 50
A2MP: Create Physical Link req: local id 1 remote id 85
Assoc data:
<skipped>
< ACL data: handle 11 flags 0x00 dlen 15
A2MP: Create Physical Link rsp: local id 85 remote id 1 status 1
Invalid Controller ID
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Process A2MP Get Info Request.
Example of trace log for invalid controller id is shown below:
...
> ACL data: handle 11 flags 0x02 dlen 13
A2MP: Get Info req: id 238
< ACL data: handle 11 flags 0x00 dlen 30
A2MP: Get Info rsp: id 238 status (1) Invalid Controller ID
...
Note that If the Status field is set to Invalid Controller ID all subsequent
fields in the AMP Get Info Response shall be ignored by the receiver.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Adds helper functions to count HCI devs and process A2MP Discover
Request, code makes sure that first controller in the list is
BREDR one. Trace is shown below:
...
> ACL data: handle 11 flags 0x02 dlen 16
A2MP: Discover req: mtu/mps 670 mask: 0x0000
< ACL data: handle 11 flags 0x00 dlen 22
A2MP: Discover rsp: mtu/mps 670 mask: 0x0000
Controller list:
id 0 type 0 (BR-EDR) status 0x01 (Bluetooth only)
id 1 type 1 (802.11 AMP) status 0x01 (Bluetooth only)
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Sasha Levin [Sun, 27 May 2012 20:36:56 +0000 (22:36 +0200)]
Bluetooth: Really fix registering hci with duplicate name
Commit fc50744 ("Bluetooth: Fix registering hci with duplicate name") didn't
fully fix the duplicate naming issue with devices, and duplicate device names
could still be created:
Mat Martineau [Wed, 23 May 2012 21:59:30 +0000 (14:59 -0700)]
Bluetooth: Send a configuration request after security confirmation
Sometimes an ACL link must be raised to a higher security level after
an L2CAP connection is requested, but before a connection response is
sent. In this case, a connection response sent by L2CAP was not
immediately followed by a configuration request. Other code paths do
send this configuration request right away. It was possible for the
connection to stall while L2CAP waited for the remote device (like
PTS) to trigger the configuration process.
Here is an abbreviated hcidump of the failure case with PTS:
Gustavo Padovan [Wed, 23 May 2012 07:04:21 +0000 (04:04 -0300)]
Bluetooth: Fix coding style in the subsystem
This is some leftover from the last patches that fixed style. It is mostly
line over 80 characters fixes reported by checkpatch.pl.
checkpatch.pl is clean for these files now.
Previous callers of l2cap_build_conf_rsp in l2cap_config_req use
flags instead of continuation flag hardcoded value. It does not change
logic and preserve future possible flags.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Szymon Janc [Wed, 23 May 2012 10:35:46 +0000 (12:35 +0200)]
Bluetooth: Rename HCI_QUIRK_NO_RESET to HCI_QUIRK_RESET_ON_CLOSE
HCI_QUIRK_NO_RESET name is misleading - purpose of this quirk is to
reset device on close instead of init, not to not reset at all.
Rename it to HCI_QUIRK_RESET_ON_CLOSE to avoid confusion.
net/bluetooth/l2cap_core.c:1662:24: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:1662:27: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:1683:24: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:1683:27: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:2260:46: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:2574:33: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:2581:33: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:4556:24: warning: Using plain integer
as NULL pointer
net/bluetooth/l2cap_core.c:4556:27: warning: Using plain integer
as NULL pointer
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:53 +0000 (20:53 -0700)]
Bluetooth: Set txwin values for streaming mode
The transmit window values must be configured for streaming mode, even
though streaming mode does not have a window. This enables use of
extended headers when the transmit window socket option is set to 64
or larger.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:49 +0000 (20:53 -0700)]
Bluetooth: Check rules when setting retransmit or monitor timers
The ERTM specification requires the retransmit timer to be cancelled
when the monitor timer is set. The retransmit timer cannot be set
again while the monitor timer is pending.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:47 +0000 (20:53 -0700)]
Bluetooth: Handle incoming REJ frames
REJ frames are sent by the remote device to request that all frames
after a given sequence number be retransmitted. These are also an
implicit indication that the remote device is not in a busy state and
can receive new iframes.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:46 +0000 (20:53 -0700)]
Bluetooth: Handle SREJ requests to resend unacked frames
When a remote device sends an SREJ, retransmit the frame with the
corresponding sequence number (subject to special cases with poll and
final flags). An SREJ is also an implicit indication the the remote
device is not in a busy state.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:45 +0000 (20:53 -0700)]
Bluetooth: Reassemble all available data when retransmissions succeed.
As retransmitted packets arrive, attempt to reassemble SDUs. If all
requested retransmissions have been received, acknowledge them and
transition back to the RECV state.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:44 +0000 (20:53 -0700)]
Bluetooth: Send SREJ frames when packets go missing
The ERTM specification lays out three scenarios for sending SREJ
frames to request retransmission of specific frames. l2cap_send_srej
requests all frames up to a given txseq that are not already queued
for reassembly. l2cap_send_srej_tail only requests the most recent
missing frame. l2cap_send_srej_list resends SREJ frames for data that
was requested for resend but never received.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:43 +0000 (20:53 -0700)]
Bluetooth: Add implementation for retransmitting all unacked frames
This adds l2cap_ertm_resend to retransmit frames based on the sequence
numbers in chan->retrans_list. If the retransmit limit is reached for
any individual frame is reached, the connection is dropped. skbs that
are cloned already are copied to avoid modifying shared data (this is
uncommon). To retransmit all frames, l2cap_retransmit_all now builds
a list of all unacked sequence numbers and then calls
l2cap_ertm_resend.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:42 +0000 (20:53 -0700)]
Bluetooth: Add the ERTM receive state machine
This adds a top-level state machine with handlers for two receive
states defined in the ERTM spec, RECV and SREJ_SENT. The reqseq value
of the incoming frame is also validated at the top level and a
disconnection is forced if it is invalid. The actions for the RECV
and SREJ_SENT states are implemented according to the state tables in
the ERTM specification.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:41 +0000 (20:53 -0700)]
Bluetooth: Update l2cap_send_i_or_rr_or_rnr to fit the spec better
This action now exactly matches what is defined in the ERTM
specification, including clearing the remote busy flag and setting the
retransmit timer rather than retransmitting frames directly. The spec
does not retransmit frames as part of this action, since
retransmission is only triggered by REJ, SREJ, or an RR with the final
bit set. struct l2cap_ctrl is also used to set up header values.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:39 +0000 (20:53 -0700)]
Bluetooth: Refactor l2cap_send_ack
The function now encapsulates more of the logic to either immediately
send an ack if the transmit window is over 75% full, or wait for the
ack timer to expire if the transmit window is not full enough. It is
also able to push out waiting iframes that can carry an
acknowledgement.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:38 +0000 (20:53 -0700)]
Bluetooth: Remove receive code that has been superceded
This deletes the receive code that had handlers for each frame type at
the top level, and then had logic to determine the receive state
within each handler.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:37 +0000 (20:53 -0700)]
Bluetooth: Add streaming mode receive and incoming packet classifier
Streaming mode reception is fairly simple, with in-sequence frames
being reassembled as they arrive. Out-of-sequence frames are dropped,
and also clear any partially-assembled SDUs that may exist.
The packet classifier determines if the txseq value of the incoming
packet is expected, invalid (resulting in a disconnection), invalid
(ignorable), duplicate, or having to do with an SREJ request that was
previously sent. The rules for each classification are defined in the
ERTM specification, and consolidating these rules in one place helps
clarify the receive state machine.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:36 +0000 (20:53 -0700)]
Bluetooth: Consolidate common receive code for ERTM and streaming mode
Creates a new l2cap_data_rcv function that combines previous code from
l2cap_ertm_data_rcv and l2cap_data_channel. This reduces duplicate
code for streaming mode, and sets up a framework for the ERTM receive
state machine.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Mat Martineau [Fri, 18 May 2012 03:53:35 +0000 (20:53 -0700)]
Bluetooth: Refactor l2cap_send_sframe
The new implementation uses struct l2cap_ctrl to set up the sframe
fields, and also reduces duplicate acks by canceling the ack timer
whenever an RR or RNR frame is sent. sframe PDU generation is also
split in to a separate function to separate it from the logic related
to the connection state and sframe type.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>