Store the MTU to use the proper MTU requested by remote if the
configuration fails for other options. If the remote does not
send the MTU in the next configuration request,
we need to use that value.
CRs-fixed: 373233
Change-Id: I35d9aa777f237bce5a4194036261128af1a7ada7
Signed-off-by: Mallikarjuna GB <gbmalli@codeaurora.org>
Class of device information is required to the bluez userspace
to write to persistant storage and also update upper layers on
request. So update the local CoD info to bluez once the hci write
is successful.
Change-Id: If45910d4b391616592b49d77d87ca0314be1f033
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
If due to timing issues out of our control, an outbound ATT Indicate
is delayed to the point that user space code does not receive
confirmation within it time-out period, both Client and Server
sockets must be torn down. We also must always respond to incoming
ATT Indicate pkt with a Confirmation, as the Error Response is an
illegal response for Indicate.
CRs-Fixed: 363355
Change-Id: I4003a59e1a731a08818f18d5b79db537e2aa2619
Signed-off-by: Brian Gix <bgix@codeaurora.org>
This change addresses an L2CAP ERTM throughput problem when a remote
device does not fully utilize the available transmit window.
The L2CAP ERTM transmit window size determines the maximum number of
unacked frames that may be outstanding at any time. It is configured
separately for each direction of an ERTM connection. Each side sends a
configuration request with a tx_win field indicating how many unacked
frames it is capable of receiving before sending an ack. The
configuration response's tx_win field shows how many frames the
transmitter will actually send before waiting for an ack.
It's important to trace both the actual transmit window (to check for
validity of incoming frames) and the number of frames that the
transmitter will send before waiting (to send acks at the appropriate
time). Now there are separate tx_win and ack_win values. ack_win is
updated based on configuration responses, and is used to determine
when acks are sent.
CRs-fixed: 370909
Change-Id: I6d9ef55a2ff2f5f3d0117ad376a09e4cc26fe742
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
AMP feature is decommitted from Android PL's. Make advertising and
support for the A2MP protocol depend on an L2CAP module parameter
and make the default state disabled.
Change-Id: Icb9827d2d4205818d6c3b49e7a53938666f769e8
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
In case of 2.1 capable devices, when remote device had unpaired,
successive connect from the DUT was resulting in general bonding with
automatic accept allowed for numeric comparison
(i.e. authentication_requirements = 0x04). This lead to bad user
experience as user confirmation pop up wasn't notified on the DUT. Now
its ensured that if remote device has unpaired then DUT would trigger
dedicated bonding as part of the DUT intiated connect.
CRs-fixed: 362572
Change-Id: Id55f6cf3cc70621c29f583aa913fc08180e2d8f0
Signed-off-by: Royston Rodrigues <roystonr@codeaurora.org>
When an adapter gets powered off or is removed any pending commands
should receive a ENETDOWN or ENODEV status response.
Change-Id: I2fec5fa19b2349a48a6aafd5b33ef7946067f16b
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Bhasker Neti <bneti@codeaurora.org>
CRs-fixed: 364664
[bneti@codeaurora.org: Resolved conflict]
The fix in commit ff9718f8254b96dc313dd998c195c1c3769417ba was not
complete. In l2cap_logical_link_complete the socket pointer was
dereferenced in two places, the previous fix only handled one of
the locations.
This fixes an infrequent crash when performing OPP or FTP transfer
over AMP (Bluetooth 3.0+HS).
Change-Id: I730a503b143723ffff1765602151d66fe87103da
CRs-fixed: 360758
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Holding a wakelock avoids suspend power collapse, which
allow the BT idle timer to kick in, which eventually
initiates BT low power modes.
CRs-Fixed: 361067
Change-Id: I93e3950b6f854e70dbce092a5529120ec008c2b8
Signed-off-by: Rahul Kashyap <rkashyap@codeaurora.org>
Remove holding the AMP manger list lock when sending the
A2MP Change Notify message, as this uses L2CAP and will
lock the socket and possibly sleep.
This removes a potential deadlock and a "BUG: sleeping
function called from invalid context" message from the
kernel log.
Change-Id: Icf8c5afc1a5cde36517bb979820c83a20ee207fd
CRs-fixed: 358736
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
In order to support extended window sizes with L2CAP streaming mode,
an extended window size option must be included in the outgoing
configuration request when an application has requested a transmit
window larger than the default transmit window.
Streaming mode does not have a transmit window, so initialization of
the transmit window data structures was not taking place. However, the
transmit window socket option does trigger use of extended headers,
which are required for full streaming mode support and
qualification. Utilizing the existing transmit window initialization
code enables extended header use.
CRs-fixed: 355437
Change-Id: I7bf25b7a70bb2b68c0f5bfd42b2b46b99d68e990
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Various LE profiles require very specific LE parameters for
both establishing and maintaining LE connections to remote
peripherals. These LE only parameters are encapsulated into
a single sockopts structure, and may be passed from user space.
CRs-Fixed: 335971
Change-Id: I408edb97ab0fa9717c7d3fe5fc8ad6ac179a2fff
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Possible for l2cap_logical_link_complete handler to be scheduled
twice with mis-behaving PAL. Since handler clears the socket pointer
must check for NULL socket pointer.
This fixes an infrequent crash when performing OPP or FTP transfer
over AMP (Bluetooth 3.0+HS).
CRs-fixed: 355451
Change-Id: I2e78529f4f1e3b411af13fe6a68a49e724a581ee
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
On LE connections, either side may request security elevation. This
patch propogates the secuity level being requested by remote devices
to local servers and clients.
CRs-Fixed: 352637
Change-Id: Ia9ada039f0fef03c35c19d90b415423117e00e9a
Signed-off-by: Brian Gix <bgix@codeaurora.org>
The hci_dev should be locked/unlocked with the _bh form of
the spin lock, and function may not return while lock is held.
Change-Id: I2179a59506c2b212db5fb5b57bc27bff165b2cc6
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Restarting Riva will abruptly disconnect the hci device, which can
tear down the hci_conn struct on one processor while RFCOMM code
is running on another. This would keep l2cap_chan_del from being
executed while RFCOMM is in the middle of using a socket.
CRs-fixed: 351273
Change-Id: I37c82cac022a1d1c0fd60791f7c15b56e2415850
Signed-off-by: Ankit Verma <ankitv@codeaurora.org>
When BT2.1 link is in encrypted state, if HOST posts
SET_CONNECTION_ENCRYPTION with enable as on, in some cases
SoC fails to generate ENCRYPT_CHANGE event. Since the link is
already in encrypted state with current link key, HOST can avoid
repeated request for encrypting the link while doing service level
authentication. This patch avoids the repeated request for encrypting
the link after service level authentication from HOST, if the link
is already encrypted by current link key.
Change-Id: I9402d64310f0e4e6240ca6ed610e0108de061a12
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Code executing in process context should use hci_dev_lock_bh()
and hci_dev_unlock_bh() instead of hci_dev_lock/hci_dev_unlock
when dealing with the hci_dev lock so that it cannot be
interrupted while the lock is held.
Change-Id: Iebc2da96837db29ab4911b0429399e3e9ba4b93e
CRs-fixed: 350532
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
Sometimes an ACL link must be raised to a higher security level after
an L2CAP connection is requested, but before a connection response is
sent. In these cases, a connection response would be sent by L2CAP
but would not be followed by a configuration request. If the remote
device waits for a configuration request, the connection stalls. This
change immediately sends a configuration request after a connect
response rather than waiting for a configuration request from the
remote device.
Change-Id: I118329ebf5f10a763d992975e04a817e13a1c665
CRs-fixed: 349285
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
If the remote device does not support Encryption Pause,
It might disable Encryption during role switch. Allow a
Grace period of 500 ms for such devices to re-enable.
Change-Id: I8af8082e16e185fe8c15adaf07169cc73179c59f
CRs-fixed: 336828
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
The Security levels have been decided based on
remote_features or remote_extended_features for 2.0
and 2.1 devices. In case of security mode - 3 pairing,
this data is not available since pairing happens before
ACL connection complete. This patch fixes this problem.
Change-Id: I0397d090fb1eecaf7b8cf385c3bf47c75fa5a8fb
CRs-fixed: 350377
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Fix issue where when setting up an AMP link the socket pointer
is not set when the logical link complete callback is called,
resulting in the L2CAP channel being disconnected.
The socket pointer must be set before the HCI logical link
create command is sent, as it is possible for the logical link
complete event to arrive before the HCI command send logic
has returned.
Change-Id: I5d89c14d45bd6b4cf47d5754f822b435ce8076a8
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
CRs-fixed: 344553
It is possible for the AMP move state to become WAIT_CONFIRM_RSP
before the logical link complete handler runs, so must allow
that state in the handler.
This fixes an issue where the move to AMP fails when moving a
second channel onto an existing logical link. In this case
the move responses are received from the remote very close
together (because there is no logical link to create) and they
are processed (and the state changed to WAIT_CONFIRM_RSP) before
the logical link complete handler runs on the work queue.
Change-Id: I0fc33c3e447ec8bd0009db406622adfc1cd83429
CRs-fixed: 348299
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Take a reference on the hci_conn and do not de-reference l2cap_conn
while setting up the A2MP fixed channel. l2cap_conn is not reference
counted and may go away before the channel is set up.
This fixes scenario where the ACL disconnects (and l2cap_conn goes
away) while amp_conn_ind worker is running or is on the workqueue
waiting to run.
Change-Id: I10fc6d9b146fcc5e010f26a046f7e0570f2b93dd
CRs-fixed: 347079
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix sending alert from the proximity client when the
received RSSI of the remote device equals the threshold
set on the client.
CRs-fixed: 344936
Change-Id: I598d7d66b492cb76754280d657b6e6d55dd0903b
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
This improves compatbility with a lot of headset / chipset
combinations. Ideally this should not be needed.
Change-Id: I8b676701e12e416aa7d60801b9d353b15d102709
Signed-off-by: hyungseoung.yoo <hyungseoung.yoo@samsung.com>
Signed-off-by: Jaikumar Ganesh <jaikumarg@android.com>
For non SSP devices, MEDIUM_SECURITY has to be used for pairing. This
can be determined and set while receiving remote supported features
event for BT2.0 devices.
Change-Id: I24558d40be01c4232fff4a871e2b57e390d4128a
CRs-fixed: 345945
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Fix issue where if a SCO connection is initiated during an AMP
OBEX transfer the fallback to BR-EDR fails and the OBEX connection
is disconnected.
When moving a channel back to BR-EDR L2CAP must allow for receiving
a Move Channel Response with Pending status before receiving the
Response with Success status.
Change-Id: I017bf607fa8ab5d0d582d61538c9a0e5ec25cd26
CRs-fixed: 341363
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix issue where if there are two OBEX connections on an AMP link and one
of them is moved back to BR-EDR (or disconnected) the remaining connection
ceases to transfer any data, times out, and disconnects.
The l2cap_data pointer of the AMP hci_conn structure should not be cleared
whenever an L2CAP channel on AMP is deleted, it should only be cleared
when the last L2CAP channel on the AMP is deleted. This allows multiple
L2CAP channels to be open concurrently on AMP.
CRs-fixed: 344557
Change-Id: Ifb15a7156437a6ab7a7a76c3dae4b1cd901c796f
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix issue where the attempt to move a second OBEX connection onto an
AMP link fails and the connection is disconnected.
When handling a Move when there is an existing Best Effort Logical Link
L2CAP must check for the WAIT_MOVE_CONFIRM and WAIT_MOVE_RSP_SUCESS
states when the logical link completes. In these scenarios the logical
link completes before the Move Confirm or Move Response Success is
received and L2CAP must continue to wait for the confirm or response.
CRs-fixed: 344557
Change-Id: I3e0786f780fa48592bb45ec2e81ae1ffa4a6ab80
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
This feature is required for implementing Low energy
proximity client immediate alert service. The proximtiy
client registers with the kernel for receiving RSSI updates
of the remote device. The kernel starts polling for RSSI
value using READ_RSSI HCI command and When it reaches
a particular threshold set by the proximity client,
updates are sent to the client.
Change-Id: I723dd140ad3bf02978c57b3ab127bb6768f28cca
CRs-fixed: 344936
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).
However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.
Change-Id: I9751454d450345b648d34445324b04ebfceae4b4
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
CRs-fixed: 343392
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
In hci_conn_security ( which is used during L2CAP connection
establishment ) test for HCI_CONN_ENCRYPT_PEND state also
sets this state, which is bogus and leads to connection time-out
on L2CAP sockets in certain situations (especially when
using non-ssp devices )
Change-Id: I4b962ef332c03485912f9e8e7b501d86b375daca
Signed-off-by: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
[mathewm@codeaurora.org: Resolved conflict]
CRs-fixed: 343392
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Connection security level is modified based on remote device's
extended feature. Deciding SSP capability of remote device
by EIR response is incorrect, because few BT2.1 devices do not
send EIR and few BT2.1 devices which send EIR do not support
SSP. SSP capability of remote device has to be decided based on
remote_extended_features event. This patch makes sure that
MEDIUM_SECURITY is set for non ssp devices' pairing process.
Change-Id: I328a35a30895f2ab6abaaeec51b364ecd633e642
CRs-fixed: 339166
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
HCI_INQUIRY flags wasn't cleared thereby causing successive inquiry scans
triggered via IOCTLs to fail as connection timeout. As a consequence
successive device scans triggered by Bluez tool (hcitool) failed.
Now HCI_INQUIRY flags are cleared irrespective of device type being BR/EDR
or LE.
Change-Id: Ic5e4804b52f18a46940f38d1e14e8c6825fa97bb
Signed-off-by: Royston Rodrigues <roystonr@codeaurora.org>
Expose Bluetooth remote features to the userspace. A2DP profile
setup in the userspace would need this information to
determine if the remote side supports EDR ACL link or not.
Change-Id: Ib6713707baaf30ffe872247313b2185ae2897385
Signed-off-by: Sunny Kapdi <sunnyk@codeaurora.org>
When a Bluetooth device is powered down while RFCOMM connections are
open, there are race conditions where RFCOMM tries to use an HCI
connection after the data structures have been deleted. Since the
powerdown procedure runs in process context, it is possible to lock
sockets before accessing them to close connections. This change adds
that locking, which will serialize socket access between processors
during powerdown.
Change-Id: I587720799b35d9ee6e66340bdeda8a2b9e2ea7b5
CRs-fixed: 336893
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
In case both side have no MITM requirements, we need
to use Just Works Association Model. We should not
display PassKey in this case and just YES/NO option
should be displayed
Change-Id: I447aa84a0d021e8834138062a26a9380d3b9b2d9
Signed-off-by: AnubhavGupta <anubhavg@codeaurora.org>
When AUTH_REQUESTED command status is error status, do the bonding
cleanup, so that there will not be any problem for next time
pairing process and in user space.
Change-Id: I0150382be902279b856099c840598c5be91d03ac
CRs-fixed: 331126
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Because traffic between the local GATT client(s) and
remote servers are subject to different controls than
remote clients and the local server, all on the shared
fixed CID, it is important to manage the traffic on
seperate sockets.
Change-Id: I62385143c86522f4b123b32592b69f2a0ae6dc76
CRs-fixed: 336029
Signed-off-by: Brian Gix <bgix@codeaurora.org>
We only support a 23 octet MTU, so auto-respond to all
MTU change requests with the 23 octet response.
Change-Id: Ic69d5f068759d983f8cd98b329acbb9d3a481c49
CRs-fixed: 336025
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Some rebalancing of refcnts due to issues found during testing:
Refcnt was not being released on security completion, if local side
was paired but the remote side had deleted the pairing info, and then
the re-pair failed to complete successfully.
Additionally, the refcnt was not held-released properly if pairing
was initiated due to the client socket being opened with security
level elevated from the start.
Change-Id: I120fed4dc74035d280781ca949a23d4cbcfa3f3e
CRs-fixed: 335993
Signed-off-by: Brian Gix <bgix@codeaurora.org>
An application may call recv() on a disconnected socket if the
connection has unexpectedly dropped. In this case, the socket may
still exist, but it will be in an error state and the L2CAP connection
will be mostly torn down.
A crash was observed when the ERTM code attempted to send an ACK when
the L2CAP connection was not up. If the error state is detected and
ERTM queue processing is skipped, then the crash is avoided and the
recv() call just returns an error in userspace.
CRs-fixed: 336000
Change-Id: I540d774c5d42f0df856b13b6e634e6ba31d86492
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
For every incoming connection, both l2cap_connect_ind and
sco_connect_ind are called. One will always have a mismatched link
type (which is expected), the incoming link will be either L2CAP or
SCO but both connect_ind functions get called anyway. If the incoming
link is an L2CAP link, sco_connect_ind should return 0 so it doesn't
set any mask bits. Similarly, an incoming SCO link should make
l2cap_connect_ind return 0.
CRs-fixed: 336437
Change-Id: I4722d64ef65988d7898b178f05c4e6709ead1362
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Even after the device is down, some hci commands are getting queued in
some scenarios, since there is no command queue purge mechanism in the
initialization sequence, so the immediate device up initialization
sequence is messed up with unexpected commands.
The current change blocks some of the hci commands to get queued if the
device is down and also purges the queue in the beginning of the next
device initialization sequence.
CRs-fixed: 336160
Change-Id: Ice5a38da47af11babd5b9dd33b9d711ef96e6732
Signed-off-by: Bhasker Neti <bneti@codeaurora.org>
The L2CAP specification has two ways to support streaming mode: Allow
fallback to ERTM or basic mode when the remote device requests one of
those modes, or make the connection fail unless both sides agree on
streaming mode.
The current code does not properly support either method. This change
makes a streaming mode connection fail if the remote device does not
also request streaming mode.
CRs-fixed: 336291
Change-Id: Id26f963a5e15d18e85a2faf2f8f01848e2a73fa4
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
If encryption fails during socket setup, the L2CAP channel should not
be marked as Ready until after re-pairing takes place.
Change-Id: I57a07ae72d4a57584c9367db9a832f4560629ac7
CRs-fixed: 335988
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Increased the LE supervision timeout to 10 seconds
so that concurrent operations can be performed with LE
connection.
Change-Id: I34cc53d1a0eb8943de11fc35580a27b037b87b2f
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
