It is possible to redundently request Discovery
operations. This fix cleans up some stored state to
prevent MGMT event overload when discovery finally completes.
Change-Id: I2ffb5c0749df95e40cd39e8c64c87a62a93fb896
CRs-fixed: 329657
Signed-off-by: Brian Gix <bgix@codeaurora.org>
On ACL connection complete with a remote device, the remote
device lmp version should be available with Controller. The
current change is to read this information from controller to
host and update to bluez userspace through management APIs.
Change-Id: Ie152ed98fa0a6cf9ab170a6bb8c6a05b5b9dfcb0
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
When doing L2CAP configuration, use the correct retransmit and monitor
timeouts when configuring (or reconfiguring) AMP channels. The host
stack needs to use the timeouts read from incoming configuration
responses, and write appropriate timeouts when sending configuration
responses.
Change-Id: I1271ade93dbfee58a1cac115280704a327e901b2
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
This change prevents running timers from being re-initialized
which causes system instablility. Also prevents starting a
discovery operation when already in progress.
CRs-fixed: 328673
Change-Id: Icda36a25fdcb40dab4f95f9cc39ca124b299e308
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Added Flush Timeout parameter setting for l2cap channel. Bluetooth
profiles using l2cap can set this parameter to flush out the data
when it cannot be sent over the air with in timeout duration.
Change-Id: I60420c5be3a790aff26bc30e8089fdca47a99222
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
As a preventative measure, timers on dynamic memory structures must be
not running, or stopped, prior to freeing. Since it is safe to delete
timers whether running or not, all timers are deleted.
CRs-fixed: 328673
Change-Id: I255d99cb2419fad07caf445920050cf2d05ffe4d
Signed-off-by: Brian Gix <bgix@codeaurora.org>
When an incoming HCI logical link event came in at the same time
a socket structure was deleted, it was possible to end up with a stale
pointer to the socket. The socket and associated HCI channel struct
need to be properly reference counted so they are not freed
prematurely.
CRs-Fixed: 325023
Change-Id: Ia5724a9ce2000acd60a174c354be04029bac5324
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Upon properly initializing the incoming connection
link policy, the link is able to enter sniff mode.
CRs-fixed: 327571
Change-Id: Ib21c09234f823f011aad158ae232f3060085183e
Signed-off-by: Rahul Kashyap <rkashyap@codeaurora.org>
When connection initiated from the remote device the class of device
information is required to be updated to userspace through this
event.
Change-Id: I97d715a0b80e12d414ecf03d099955c8b12c82b4
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
Since l2cap_ertm_send() runs in process context, it may be preempted
by incoming data being processed in tasklet context. In order to
avoid race conditions where a packet is acknowledged before the
transmit queue is properly updated, ERTM state should be set up for
the next transmit before the packet is actually sent.
CRs-fixed: 326238
Change-Id: I3df0e93118a357dbd34ff26ad74d7c0c38bf5121
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Notifying Bluez userspace of a shutdown earlier prevents new commands from
being sent. The extra commands were interfering with reinitialization of
the device
Change-Id: I862a658585ffa69348fbb4bdfba96f3916d0e5ef
Signed-off-by: Bhasker Neti <bneti@codeaurora.org>
In ERTM, the outgoing data queue contains both unsent data and unacked
data, and sk_send_head points to the first unsent packet. When
disconnecting a socket, it's possible for a process to attempt a
socket send while a disconnection is in progress and the outgoing data
queue has been purged. When this purge happens, sk_send_head must also
be set to NULL because the packet it was pointing to has been freed.
Change-Id: I87b37a13583fac705241549dfc492950c7c0ec0b
CRs-fixed: 326238
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
After ACL disconnection and removal of pending acl
acknowledgement, we have to schedule HCI_TX task. This will
allow other active connection to send ACL packets.
Change-Id: I3ddf61a3c7ff149b05e963159e10af0ab6ef6143
Signed-off-by: AnubhavGupta <anubhavg@codeaurora.org>
Security level will be set to MEDIUM in case where the remote device
is 2.0 device. This would prevent it from going to 16 digit pairing
in case where the remote device sends the EIR and still doesn't
support SSP
CRs-fixed: 318469
Change-Id: I9d03b2b628cc188de44f44cfc3f8e81fbf3cb79d
Signed-off-by: Bhakthavatsala Raghavendra <braghave@codeaurora.org>
During normal ERTM sends and resends, buffers are copied or cloned.
If the copy/clone fails, take sensible action rather than causing a
kernel panic.
Change-Id: Ib491cfb38dab30014ed08571dbd721dad0cc3714
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
When the connection is not in BT_CONNECTED state it was possible
for code in hci_chan_modify() to attempt to access the hci_chan
structure after it had already been deleted by hci_chan_put().
Change-Id: I5ae352ac12aa3b456e7bcf30633015d98b03e44b
CRs-fixed: 319934
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Default RFC values should use le16 byte ordering. These values are
used only as a fallback when poorly-behaved remote devices do not send
a proper RFC option in an ERTM or streaming configuration response.
Change-Id: I51c9ae892f18229f568b354c92b64e3a8054b619
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Commit f4d7cd4a4c introduced the usage of kthread API.
kthread_stop is a blocking function which returns only when
the thread exits. In this case, the thread can't exit because it's
waiting for the write lock, which is being held by bnep_del_connection()
which is waiting for the thread to exit -- deadlock.
Use atomic_t/wake_up_process instead to signal to the thread to exit.
Change-Id: I538cd17c102cb31b3212c794086a9c2baedb4b14
Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
[skrovvid@codeaurora.org: kthread_should_stop api call is avoided]
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
When the logical link disconnects clear the reference to the
l2cap connection before moving the channel. This prevents the
channel from being disconnected before failover to BR-EDR is
complete.
Change-Id: Id55a472a8dac49fbfca4fa47cffea59acf76ed1f
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
CRs-fixed: 321202
To prevent timers from expiring on potentiatially free'd dynamic memory.
Change-Id: I8b9685150bcee72fa7ca71b221bc54b54516021e
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Fixes a deadlock issue due to spinlock being acquired
first in the process context and followed by a second
acquisition in the interrupt context
CRs-fixed: 319052
Change-Id: If17be9fa6f020dd1abd248f8999c2614251fc509
Signed-off-by: Subramanian Srinivasan <subrsrin@codeaurora.org>
mgmt_encrypt_link procedure is added by implementing
MGMT_OP_ENCRYPT_LINK and MGMT_EV_ENCRYPT_CHANGE
Change-Id: Ibed6e24c67bbea83318a67c636e02a93518de29d
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
A well-behaved remote device should always send a reconfiguration and
flow control (RFC) option in the configuration response when using
ERTM or Streaming mode. By using default RFC option values, the
configuration code can avoid using uninitialized data.
Change-Id: I8f9ef687b694d0b34c6d65d40b934bc7946d515e
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Previously an offset was added to the hci dev number to generate the
AMP controller ID, because it was possible for the PAL to register
as hci0, and 0 is invalid for an AMP controller ID. Since this commit
462bf76d294a480c775a040476bd7eb81f718ec2 it is not possible for
the PAL to register as hci0, so this offset is no longer necessary.
Change-Id: I4b01ddca5fad3aebeb4c138b5aee8819bb146f3d
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
In three places a reference was taken without being returned.
Change-Id: I15b9ab7de530a77832d8b10fe756cfdf0b01760f
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
When local device is done sending LE pairing keys, it should not
be sending a pairing failure event to User space.
Change-Id: I49d77040e8f72567c0c7ece053aa58227c87a0f0
Signed-off-by: Brian Gix <bgix@codeaurora.org>
When the last RFCOMM data channel is closed, a timer is normally set
up to disconnect the control channel at a later time. If the control
channel disconnect command is sent with the timer pending, the timer
needs to be cancelled.
If the timer is not cancelled in this situation, the reference
counting logic for the RFCOMM session does not work correctly when the
remote device closes the L2CAP connection. The session is freed at
the wrong time, leading to a kernel panic.
CRs-fixed: 317859
Change-Id: I778fdf8dbff8afe0a1c157b02d39872262088584
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Since all AMP Manager processing is done on work queues no
bottom-half locking is required.
CRs-fixed: 318632
Change-Id: I3a07c412ccf30d62d68cc80124fad5700bcc0917
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
If we initiated a Dedicated pairing, and the remote device
is a NoInputNoOutput capable device, allow auto-acceptance
of pairing.
Change-Id: Ia5cc3e3d458cee98aef0493a423d29e9955638c3
CRs-fixed: 318144
Signed-off-by: Brian Gix <bgix@codeaurora.org>
On some platforms, device state data can be left around, and some
commands may take longer than 1 second to execute. This change increases
the per command time-out, and reinitializes the features mask.
Change-Id: Ib707996b97139c97e9a0deacd4a11019cf75da8c
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Include auto-setting connection parameters during Pairing for
low latenecy, and default (high latency) settings for non-Pairing
connections.
Change-Id: Ie8e3f65da52213451dcc01fce38d95ae07d1b13b
Signed-off-by: Brian Gix <bgix@codeaurora.org>
A socket can be shut down while pointer to that socket is stored in a
queued skbuff or in a pending workqueue struct. Correct use of socket
reference counting will make sure the socket struct stays around until
there are no remaining references.
Change-Id: Ic3679e023a46b224929b3cefb6370d7871e3368a
CRs-fixed: 313736
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Whenever local device name is changed, EIR payload
is updated with the modified local device name.
CRs-fixed: 314228
Change-Id: Ib2ec05b6ac4f4a55612716f0567ee04056579ed6
Signed-off-by: Royston Rodrigues <roystonr@codeaurora.org>
The upstream kernel has acquired new BT socket options since
BT_AMP_POLICY was first defined, now BT_FLUSHABLE is option 8 and
BT_POWER is option 9. It will save us some future pain if we align
with upstream code now and make BT_AMP_POLICY be option 10.
In addition, the option values for BT_AMP_POLICY were changed during
the upstreaming process.
CRs-fixed: 313757
Change-Id: Ia31e9c8cfd5207a6dd44e40a605d3021f5ce9fd9
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
LE-Only devices require that an Address Type (Public or Random) be
included in Connection Requests. This info is available at Pairing
but must be cached so that it is available at reconnection time.
This change includes the Address type with the Pairing data.
Change-Id: I50c78ad31d8be70f5c3f49a0529039e4a26daaac
Signed-off-by: Brian Gix <bgix@codeaurora.org>
If LE link gets terminated during the pairing process, it
may leave SMP with half of a Long Term Key. This fix ensures
that this partial information is not used for future links.
Change-Id: Ib834fc81d7b4b558cc3d242522acef80dd1d8827
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Before attempting to create a channel directly on an AMP check
that the remote device supports A2MP signalling before starting
the physical link creation process.
Change-Id: Iac2bcebf9630368685e24e636e39ffa82651705d
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix setting of ENCRYPTION_PENDING and Connection refcnt's that could
be out of sync due to remote slave issued security requests.
Change-Id: Ie72abd0648182db0ef60693820139f40ef2e4bf6
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Socket lookup for a fixed channel should be done based on both remote and
local device addresses.
Change-Id: I35f39bea8ade6fd5d8695640251efc54bf21beae
Signed-off-by: Inga Stotland <ingas@codeaurora.org>
If LE devices stop advertising or go out of range, we need
to apply a timeout because the baseband doesn't.
Change-Id: I115672e21fd8aef56ac688b2df4664bb74b725e4
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Add send and receive of Extended Flow Spec option during L2CAP
lockstep configuration and passing the flow specs to HCI.
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Conflicts:
include/net/bluetooth/hci.h
include/net/bluetooth/hci_core.h
net/bluetooth/l2cap_core.c
The MAXI_EN2 register is no longer owned by the RPM. Add local
control of the VPE and Rotator AXI clocks which are in it.
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
