Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / 0cc4fd7098c0ac6368eedfef67d197ccdfb9b09d / . / net / bluetooth / amp.c
blob: ba638d166b0c7fd4669e8f0f1479f2d3cedd758e [file] [log] [blame]
/*
Copyright (c) 2010-2012 Code Aurora Forum. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 and
only version 2 as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/list.h>
#include <linux/workqueue.h>
#include <linux/timer.h>
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <linux/err.h>
#include <crypto/hash.h>
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
#include <net/bluetooth/l2cap.h>
#include <net/bluetooth/amp.h>
static struct workqueue_struct *amp_workqueue;
LIST_HEAD(amp_mgr_list);
DEFINE_RWLOCK(amp_mgr_list_lock);
static int send_a2mp(struct socket *sock, u8 *data, int len);
static void ctx_timeout(unsigned long data);
static void launch_ctx(struct amp_mgr *mgr);
static int execute_ctx(struct amp_ctx *ctx, u8 evt_type, void *data);
static int kill_ctx(struct amp_ctx *ctx);
static int cancel_ctx(struct amp_ctx *ctx);
static struct socket *open_fixed_channel(bdaddr_t *src, bdaddr_t *dst);
static void remove_amp_mgr(struct amp_mgr *mgr)
{
BT_DBG("mgr %p", mgr);
write_lock(&amp_mgr_list_lock);
list_del(&mgr->list);
write_unlock(&amp_mgr_list_lock);
read_lock(&mgr->ctx_list_lock);
while (!list_empty(&mgr->ctx_list)) {
struct amp_ctx *ctx;
ctx = list_first_entry(&mgr->ctx_list, struct amp_ctx, list);
read_unlock(&mgr->ctx_list_lock);
BT_DBG("kill ctx %p", ctx);
kill_ctx(ctx);
read_lock(&mgr->ctx_list_lock);
}
read_unlock(&mgr->ctx_list_lock);
kfree(mgr->ctrls);
kfree(mgr);
}
static struct amp_mgr *get_amp_mgr_sk(struct sock *sk)
{
struct amp_mgr *mgr;
struct amp_mgr *found = NULL;
read_lock(&amp_mgr_list_lock);
list_for_each_entry(mgr, &amp_mgr_list, list) {
if ((mgr->a2mp_sock) && (mgr->a2mp_sock->sk == sk)) {
found = mgr;
break;
}
}
read_unlock(&amp_mgr_list_lock);
return found;
}
static struct amp_mgr *get_create_amp_mgr(struct hci_conn *hcon,
struct sk_buff *skb)
{
struct amp_mgr *mgr;
write_lock(&amp_mgr_list_lock);
list_for_each_entry(mgr, &amp_mgr_list, list) {
if (mgr->l2cap_conn == hcon->l2cap_data) {
BT_DBG("found %p", mgr);
write_unlock(&amp_mgr_list_lock);
goto gc_finished;
}
}
write_unlock(&amp_mgr_list_lock);
mgr = kzalloc(sizeof(*mgr), GFP_ATOMIC);
if (!mgr)
return NULL;
mgr->l2cap_conn = hcon->l2cap_data;
mgr->next_ident = 1;
INIT_LIST_HEAD(&mgr->ctx_list);
rwlock_init(&mgr->ctx_list_lock);
mgr->skb = skb;
BT_DBG("hcon %p mgr %p", hcon, mgr);
mgr->a2mp_sock = open_fixed_channel(&hcon->hdev->bdaddr, &hcon->dst);
if (!mgr->a2mp_sock) {
kfree(mgr);
return NULL;
}
write_lock(&amp_mgr_list_lock);
list_add(&(mgr->list), &amp_mgr_list);
write_unlock(&amp_mgr_list_lock);
gc_finished:
return mgr;
}
static struct amp_ctrl *get_ctrl(struct amp_mgr *mgr, u8 remote_id)
{
if ((mgr->ctrls) && (mgr->ctrls->id == remote_id))
return mgr->ctrls;
else
return NULL;
}
static struct amp_ctrl *get_create_ctrl(struct amp_mgr *mgr, u8 id)
{
struct amp_ctrl *ctrl;
BT_DBG("mgr %p, id %d", mgr, id);
if ((mgr->ctrls) && (mgr->ctrls->id == id))
ctrl = mgr->ctrls;
else {
kfree(mgr->ctrls);
ctrl = kzalloc(sizeof(struct amp_ctrl), GFP_ATOMIC);
if (ctrl) {
ctrl->mgr = mgr;
ctrl->id = id;
}
mgr->ctrls = ctrl;
}
return ctrl;
}
static struct amp_ctx *create_ctx(u8 type, u8 state)
{
struct amp_ctx *ctx = NULL;
ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
if (ctx) {
ctx->type = type;
ctx->state = state;
init_timer(&(ctx->timer));
ctx->timer.function = ctx_timeout;
ctx->timer.data = (unsigned long) ctx;
}
BT_DBG("ctx %p, type %d", ctx, type);
return ctx;
}
static inline void start_ctx(struct amp_mgr *mgr, struct amp_ctx *ctx)
{
BT_DBG("ctx %p", ctx);
write_lock(&mgr->ctx_list_lock);
list_add(&ctx->list, &mgr->ctx_list);
write_unlock(&mgr->ctx_list_lock);
ctx->mgr = mgr;
execute_ctx(ctx, AMP_INIT, 0);
}
static void destroy_ctx(struct amp_ctx *ctx)
{
struct amp_mgr *mgr = ctx->mgr;
BT_DBG("ctx %p deferred %p", ctx, ctx->deferred);
del_timer(&ctx->timer);
write_lock(&mgr->ctx_list_lock);
list_del(&ctx->list);
write_unlock(&mgr->ctx_list_lock);
if (ctx->deferred)
execute_ctx(ctx->deferred, AMP_INIT, 0);
kfree(ctx);
}
static struct amp_ctx *get_ctx_mgr(struct amp_mgr *mgr, u8 type)
{
struct amp_ctx *fnd = NULL;
struct amp_ctx *ctx;
read_lock(&mgr->ctx_list_lock);
list_for_each_entry(ctx, &mgr->ctx_list, list) {
if (ctx->type == type) {
fnd = ctx;
break;
}
}
read_unlock(&mgr->ctx_list_lock);
return fnd;
}
static struct amp_ctx *get_ctx_type(struct amp_ctx *cur, u8 type)
{
struct amp_mgr *mgr = cur->mgr;
struct amp_ctx *fnd = NULL;
struct amp_ctx *ctx;
read_lock(&mgr->ctx_list_lock);
list_for_each_entry(ctx, &mgr->ctx_list, list) {
if ((ctx->type == type) && (ctx != cur)) {
fnd = ctx;
break;
}
}
read_unlock(&mgr->ctx_list_lock);
return fnd;
}
static struct amp_ctx *get_ctx_a2mp(struct amp_mgr *mgr, u8 ident)
{
struct amp_ctx *fnd = NULL;
struct amp_ctx *ctx;
read_lock(&mgr->ctx_list_lock);
list_for_each_entry(ctx, &mgr->ctx_list, list) {
if ((ctx->evt_type & AMP_A2MP_RSP) &&
(ctx->rsp_ident == ident)) {
fnd = ctx;
break;
}
}
read_unlock(&mgr->ctx_list_lock);
return fnd;
}
static struct amp_ctx *get_ctx_hdev(struct hci_dev *hdev, u8 evt_type,
u16 evt_value)
{
struct amp_mgr *mgr;
struct amp_ctx *fnd = NULL;
read_lock(&amp_mgr_list_lock);
list_for_each_entry(mgr, &amp_mgr_list, list) {
struct amp_ctx *ctx;
read_lock(&mgr->ctx_list_lock);
list_for_each_entry(ctx, &mgr->ctx_list, list) {
struct hci_dev *ctx_hdev;
ctx_hdev = hci_dev_get(ctx->id);
if ((ctx_hdev == hdev) && (ctx->evt_type & evt_type)) {
switch (evt_type) {
case AMP_HCI_CMD_STATUS:
case AMP_HCI_CMD_CMPLT:
if (ctx->opcode == evt_value)
fnd = ctx;
break;
case AMP_HCI_EVENT:
if (ctx->evt_code == (u8) evt_value)
fnd = ctx;
break;
}
}
if (ctx_hdev)
hci_dev_put(ctx_hdev);
if (fnd)
break;
}
read_unlock(&mgr->ctx_list_lock);
}
read_unlock(&amp_mgr_list_lock);
return fnd;
}
static inline u8 next_ident(struct amp_mgr *mgr)
{
if (++mgr->next_ident == 0)
mgr->next_ident = 1;
return mgr->next_ident;
}
static inline void send_a2mp_cmd2(struct amp_mgr *mgr, u8 ident, u8 code,
u16 len, void *data, u16 len2, void *data2)
{
struct a2mp_cmd_hdr *hdr;
int plen;
u8 *p, *cmd;
BT_DBG("ident %d code 0x%02x", ident, code);
if (!mgr->a2mp_sock)
return;
plen = sizeof(*hdr) + len + len2;
cmd = kzalloc(plen, GFP_ATOMIC);
if (!cmd)
return;
hdr = (struct a2mp_cmd_hdr *) cmd;
hdr->code = code;
hdr->ident = ident;
hdr->len = cpu_to_le16(len+len2);
p = cmd + sizeof(*hdr);
memcpy(p, data, len);
p += len;
memcpy(p, data2, len2);
send_a2mp(mgr->a2mp_sock, cmd, plen);
kfree(cmd);
}
static inline void send_a2mp_cmd(struct amp_mgr *mgr, u8 ident,
u8 code, u16 len, void *data)
{
send_a2mp_cmd2(mgr, ident, code, len, data, 0, NULL);
}
static inline int command_rej(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
struct a2mp_cmd_rej *rej;
struct amp_ctx *ctx;
BT_DBG("ident %d code %d", hdr->ident, hdr->code);
rej = (struct a2mp_cmd_rej *) skb_pull(skb, sizeof(*hdr));
if (skb->len < sizeof(*rej))
return -EINVAL;
BT_DBG("reason %d", le16_to_cpu(rej->reason));
ctx = get_ctx_a2mp(mgr, hdr->ident);
if (ctx)
kill_ctx(ctx);
skb_pull(skb, sizeof(*rej));
return 0;
}
static int send_a2mp_cl(struct amp_mgr *mgr, u8 ident, u8 code, u16 len,
void *msg)
{
struct a2mp_cl clist[16];
struct a2mp_cl *cl;
struct hci_dev *hdev;
int num_ctrls = 1, id;
cl = clist;
cl->id = 0;
cl->type = 0;
cl->status = 1;
for (id = 0; id < 16; ++id) {
hdev = hci_dev_get(id);
if (hdev) {
if ((hdev->amp_type != HCI_BREDR) &&
test_bit(HCI_UP, &hdev->flags)) {
(cl + num_ctrls)->id = hdev->id;
(cl + num_ctrls)->type = hdev->amp_type;
(cl + num_ctrls)->status = hdev->amp_status;
++num_ctrls;
}
hci_dev_put(hdev);
}
}
send_a2mp_cmd2(mgr, ident, code, len, msg,
num_ctrls*sizeof(*cl), clist);
return 0;
}
static void send_a2mp_change_notify(void)
{
struct amp_mgr *mgr;
list_for_each_entry(mgr, &amp_mgr_list, list) {
if (mgr->discovered)
send_a2mp_cl(mgr, next_ident(mgr),
A2MP_CHANGE_NOTIFY, 0, NULL);
}
}
static inline int discover_req(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
struct a2mp_discover_req *req;
u16 *efm;
struct a2mp_discover_rsp rsp;
req = (struct a2mp_discover_req *) skb_pull(skb, sizeof(*hdr));
if (skb->len < sizeof(*req))
return -EINVAL;
efm = (u16 *) skb_pull(skb, sizeof(*req));
BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(req->mtu),
le16_to_cpu(req->ext_feat));
while (le16_to_cpu(req->ext_feat) & 0x8000) {
if (skb->len < sizeof(*efm))
return -EINVAL;
req->ext_feat = *efm;
BT_DBG("efm 0x%4.4x", le16_to_cpu(req->ext_feat));
efm = (u16 *) skb_pull(skb, sizeof(*efm));
}
rsp.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
rsp.ext_feat = 0;
mgr->discovered = 1;
return send_a2mp_cl(mgr, hdr->ident, A2MP_DISCOVER_RSP,
sizeof(rsp), &rsp);
}
static inline int change_notify(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
struct a2mp_cl *cl;
cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*hdr));
while (skb->len >= sizeof(*cl)) {
struct amp_ctrl *ctrl;
if (cl->id != 0) {
ctrl = get_create_ctrl(mgr, cl->id);
if (ctrl != NULL) {
ctrl->type = cl->type;
ctrl->status = cl->status;
}
}
cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*cl));
}
/* TODO find controllers in manager that were not on received */
/* controller list and destroy them */
send_a2mp_cmd(mgr, hdr->ident, A2MP_CHANGE_RSP, 0, NULL);
return 0;
}
static inline int getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
u8 *data;
int id;
struct hci_dev *hdev;
struct a2mp_getinfo_rsp rsp;
data = (u8 *) skb_pull(skb, sizeof(*hdr));
if (le16_to_cpu(hdr->len) < sizeof(*data))
return -EINVAL;
if (skb->len < sizeof(*data))
return -EINVAL;
id = *data;
skb_pull(skb, sizeof(*data));
rsp.id = id;
rsp.status = 1;
BT_DBG("id %d", id);
hdev = hci_dev_get(id);
if (hdev && hdev->amp_type != HCI_BREDR) {
rsp.status = 0;
rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
rsp.min_latency = cpu_to_le32(hdev->amp_min_latency);
rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap);
rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size);
}
send_a2mp_cmd(mgr, hdr->ident, A2MP_GETINFO_RSP, sizeof(rsp), &rsp);
if (hdev)
hci_dev_put(hdev);
return 0;
}
static void create_physical(struct l2cap_conn *conn, struct sock *sk)
{
struct amp_mgr *mgr;
struct amp_ctx *ctx = NULL;
BT_DBG("conn %p", conn);
mgr = get_create_amp_mgr(conn->hcon, NULL);
if (!mgr)
goto cp_finished;
BT_DBG("mgr %p", mgr);
ctx = create_ctx(AMP_CREATEPHYSLINK, AMP_CPL_INIT);
if (!ctx)
goto cp_finished;
ctx->sk = sk;
sock_hold(sk);
start_ctx(mgr, ctx);
return;
cp_finished:
l2cap_amp_physical_complete(-ENOMEM, 0, 0, sk);
}
static void accept_physical(struct l2cap_conn *lcon, u8 id, struct sock *sk)
{
struct amp_mgr *mgr;
struct hci_dev *hdev;
struct hci_conn *conn;
struct amp_ctx *aplctx = NULL;
u8 remote_id = 0;
int result = -EINVAL;
BT_DBG("lcon %p", lcon);
hdev = hci_dev_get(id);
if (!hdev)
goto ap_finished;
BT_DBG("hdev %p", hdev);
mgr = get_create_amp_mgr(lcon->hcon, NULL);
if (!mgr)
goto ap_finished;
BT_DBG("mgr %p", mgr);
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
&mgr->l2cap_conn->hcon->dst);
if (conn) {
BT_DBG("conn %p", hdev);
result = 0;
remote_id = conn->dst_id;
goto ap_finished;
}
aplctx = get_ctx_mgr(mgr, AMP_ACCEPTPHYSLINK);
if (!aplctx)
goto ap_finished;
aplctx->sk = sk;
sock_hold(sk);
return;
ap_finished:
if (hdev)
hci_dev_put(hdev);
l2cap_amp_physical_complete(result, id, remote_id, sk);
}
static int getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
struct amp_ctx *ctx;
struct a2mp_getampassoc_req *req;
if (hdr->len < sizeof(*req))
return -EINVAL;
req = (struct a2mp_getampassoc_req *) skb_pull(skb, sizeof(*hdr));
skb_pull(skb, sizeof(*req));
ctx = create_ctx(AMP_GETAMPASSOC, AMP_GAA_INIT);
if (!ctx)
return -ENOMEM;
ctx->id = req->id;
ctx->d.gaa.req_ident = hdr->ident;
ctx->hdev = hci_dev_get(ctx->id);
if (ctx->hdev)
ctx->d.gaa.assoc = kmalloc(ctx->hdev->amp_assoc_size,
GFP_ATOMIC);
start_ctx(mgr, ctx);
return 0;
}
static u8 getampassoc_handler(struct amp_ctx *ctx, u8 evt_type, void *data)
{
struct sk_buff *skb = (struct sk_buff *) data;
struct hci_cp_read_local_amp_assoc cp;
struct hci_rp_read_local_amp_assoc *rp;
struct a2mp_getampassoc_rsp rsp;
u16 rem_len;
u16 frag_len;
rsp.status = 1;
if ((evt_type == AMP_KILLED) || (!ctx->hdev) || (!ctx->d.gaa.assoc))
goto gaa_finished;
switch (ctx->state) {
case AMP_GAA_INIT:
ctx->state = AMP_GAA_RLAA_COMPLETE;
ctx->evt_type = AMP_HCI_CMD_CMPLT;
ctx->opcode = HCI_OP_READ_LOCAL_AMP_ASSOC;
ctx->d.gaa.len_so_far = 0;
cp.phy_handle = 0;
cp.len_so_far = 0;
cp.max_len = ctx->hdev->amp_assoc_size;
hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(cp), &cp);
break;
case AMP_GAA_RLAA_COMPLETE:
if (skb->len < 4)
goto gaa_finished;
rp = (struct hci_rp_read_local_amp_assoc *) skb->data;
if (rp->status)
goto gaa_finished;
rem_len = le16_to_cpu(rp->rem_len);
skb_pull(skb, 4);
frag_len = skb->len;
if (ctx->d.gaa.len_so_far + rem_len <=
ctx->hdev->amp_assoc_size) {
struct hci_cp_read_local_amp_assoc cp;
u8 *assoc = ctx->d.gaa.assoc + ctx->d.gaa.len_so_far;
memcpy(assoc, rp->frag, frag_len);
ctx->d.gaa.len_so_far += rem_len;
rem_len -= frag_len;
if (rem_len == 0) {
rsp.status = 0;
goto gaa_finished;
}
/* more assoc data to read */
cp.phy_handle = 0;
cp.len_so_far = ctx->d.gaa.len_so_far;
cp.max_len = ctx->hdev->amp_assoc_size;
hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(cp), &cp);
}
break;
default:
goto gaa_finished;
break;
}
return 0;
gaa_finished:
rsp.id = ctx->id;
send_a2mp_cmd2(ctx->mgr, ctx->d.gaa.req_ident, A2MP_GETAMPASSOC_RSP,
sizeof(rsp), &rsp,
ctx->d.gaa.len_so_far, ctx->d.gaa.assoc);
kfree(ctx->d.gaa.assoc);
if (ctx->hdev)
hci_dev_put(ctx->hdev);
return 1;
}
struct hmac_sha256_result {
struct completion completion;
int err;
};
static void hmac_sha256_final(struct crypto_async_request *req, int err)
{
struct hmac_sha256_result *r = req->data;
if (err == -EINPROGRESS)
return;
r->err = err;
complete(&r->completion);
}
int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize,
u8 *output, u8 outlen)
{
int ret = 0;
struct crypto_ahash *tfm;
struct scatterlist sg;
struct ahash_request *req;
struct hmac_sha256_result tresult;
void *hash_buff = NULL;
unsigned char hash_result[64];
int i;
memset(output, 0, outlen);
init_completion(&tresult.completion);
tfm = crypto_alloc_ahash("hmac(sha256)", CRYPTO_ALG_TYPE_AHASH,
CRYPTO_ALG_TYPE_AHASH_MASK);
if (IS_ERR(tfm)) {
BT_DBG("crypto_alloc_ahash failed");
ret = PTR_ERR(tfm);
goto err_tfm;
}
req = ahash_request_alloc(tfm, GFP_KERNEL);
if (!req) {
BT_DBG("failed to allocate request for hmac(sha256)");
ret = -ENOMEM;
goto err_req;
}
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
hmac_sha256_final, &tresult);
hash_buff = kzalloc(psize, GFP_KERNEL);
if (!hash_buff) {
BT_DBG("failed to kzalloc hash_buff");
ret = -ENOMEM;
goto err_hash_buf;
}
memset(hash_result, 0, 64);
memcpy(hash_buff, plaintext, psize);
sg_init_one(&sg, hash_buff, psize);
if (ksize) {
crypto_ahash_clear_flags(tfm, ~0);
ret = crypto_ahash_setkey(tfm, key, ksize);
if (ret) {
BT_DBG("crypto_ahash_setkey failed");
goto err_setkey;
}
}
ahash_request_set_crypt(req, &sg, hash_result, psize);
ret = crypto_ahash_digest(req);
BT_DBG("ret 0x%x", ret);
switch (ret) {
case 0:
for (i = 0; i < outlen; i++)
output[i] = hash_result[i];
break;
case -EINPROGRESS:
case -EBUSY:
ret = wait_for_completion_interruptible(&tresult.completion);
if (!ret && !tresult.err) {
INIT_COMPLETION(tresult.completion);
break;
} else {
BT_DBG("wait_for_completion_interruptible failed");
if (!ret)
ret = tresult.err;
goto out;
}
default:
goto out;
}
out:
err_setkey:
kfree(hash_buff);
err_hash_buf:
ahash_request_free(req);
err_req:
crypto_free_ahash(tfm);
err_tfm:
return ret;
}
static void show_key(u8 *k)
{
int i = 0;
for (i = 0; i < 32; i += 8)
BT_DBG(" %02x %02x %02x %02x %02x %02x %02x %02x",
*(k+i+0), *(k+i+1), *(k+i+2), *(k+i+3),
*(k+i+4), *(k+i+5), *(k+i+6), *(k+i+7));
}
static int physlink_security(struct hci_conn *conn, u8 *data, u8 *len, u8 *type)
{
u8 bt2_key[32];
u8 gamp_key[32];
u8 b802_key[32];
int result;
if (!hci_conn_check_link_mode(conn))
return -EACCES;
BT_DBG("key_type %d", conn->key_type);
if (conn->key_type < 3)
return -EACCES;
*type = conn->key_type;
*len = 32;
memcpy(&bt2_key[0], conn->link_key, 16);
memcpy(&bt2_key[16], conn->link_key, 16);
result = hmac_sha256(bt2_key, 32, "gamp", 4, gamp_key, 32);
if (result)
goto ps_finished;
if (conn->key_type == 3) {
BT_DBG("gamp_key");
show_key(gamp_key);
memcpy(data, gamp_key, 32);
goto ps_finished;
}
result = hmac_sha256(gamp_key, 32, "802b", 4, b802_key, 32);
if (result)
goto ps_finished;
BT_DBG("802b_key");
show_key(b802_key);
memcpy(data, b802_key, 32);
ps_finished:
return result;
}
static u8 amp_next_handle;
static inline u8 physlink_handle(struct hci_dev *hdev)
{
/* TODO amp_next_handle should be part of hci_dev */
if (amp_next_handle == 0)
amp_next_handle = 1;
return amp_next_handle++;
}
/* Start an Accept Physical Link sequence */
static int createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
struct amp_ctx *ctx = NULL;
struct a2mp_createphyslink_req *req;
if (hdr->len < sizeof(*req))
return -EINVAL;
req = (struct a2mp_createphyslink_req *) skb_pull(skb, sizeof(*hdr));
skb_pull(skb, sizeof(*req));
BT_DBG("local_id %d, remote_id %d", req->local_id, req->remote_id);
/* initialize the context */
ctx = create_ctx(AMP_ACCEPTPHYSLINK, AMP_APL_INIT);
if (!ctx)
return -ENOMEM;
ctx->d.apl.req_ident = hdr->ident;
ctx->d.apl.remote_id = req->local_id;
ctx->id = req->remote_id;
/* add the supplied remote assoc to the context */
ctx->d.apl.remote_assoc = kmalloc(skb->len, GFP_ATOMIC);
if (ctx->d.apl.remote_assoc)
memcpy(ctx->d.apl.remote_assoc, skb->data, skb->len);
ctx->d.apl.len_so_far = 0;
ctx->d.apl.rem_len = skb->len;
skb_pull(skb, skb->len);
ctx->hdev = hci_dev_get(ctx->id);
start_ctx(mgr, ctx);
return 0;
}
static u8 acceptphyslink_handler(struct amp_ctx *ctx, u8 evt_type, void *data)
{
struct sk_buff *skb = data;
struct hci_cp_accept_phys_link acp;
struct hci_cp_write_remote_amp_assoc wcp;
struct hci_rp_write_remote_amp_assoc *wrp;
struct hci_ev_cmd_status *cs = data;
struct hci_ev_phys_link_complete *ev;
struct a2mp_createphyslink_rsp rsp;
struct amp_ctx *cplctx;
struct amp_ctx *aplctx;
u16 frag_len;
struct hci_conn *conn;
int result;
BT_DBG("state %d", ctx->state);
result = -EINVAL;
rsp.status = 1; /* Invalid Controller ID */
if (!ctx->hdev || !test_bit(HCI_UP, &ctx->hdev->flags))
goto apl_finished;
if (evt_type == AMP_KILLED) {
result = -EAGAIN;
rsp.status = 4; /* Disconnect request received */
goto apl_finished;
}
if (!ctx->d.apl.remote_assoc) {
result = -ENOMEM;
rsp.status = 2; /* Unable to Start */
goto apl_finished;
}
switch (ctx->state) {
case AMP_APL_INIT:
BT_DBG("local_id %d, remote_id %d",
ctx->id, ctx->d.apl.remote_id);
conn = hci_conn_hash_lookup_id(ctx->hdev,
&ctx->mgr->l2cap_conn->hcon->dst,
ctx->d.apl.remote_id);
if (conn) {
result = -EEXIST;
rsp.status = 5; /* Already Exists */
goto apl_finished;
}
aplctx = get_ctx_type(ctx, AMP_ACCEPTPHYSLINK);
if ((aplctx) &&
(aplctx->d.cpl.remote_id == ctx->d.apl.remote_id)) {
BT_DBG("deferred to %p", aplctx);
aplctx->deferred = ctx;
break;
}
cplctx = get_ctx_type(ctx, AMP_CREATEPHYSLINK);
if ((cplctx) &&
(cplctx->d.cpl.remote_id == ctx->d.apl.remote_id)) {
struct hci_conn *bcon = ctx->mgr->l2cap_conn->hcon;
BT_DBG("local %s remote %s",
batostr(&bcon->hdev->bdaddr),
batostr(&bcon->dst));
if ((cplctx->state < AMP_CPL_PL_COMPLETE) ||
(bacmp(&bcon->hdev->bdaddr, &bcon->dst) < 0)) {
BT_DBG("COLLISION LOSER");
cplctx->deferred = ctx;
cancel_ctx(cplctx);
break;
} else {
BT_DBG("COLLISION WINNER");
result = -EISCONN;
rsp.status = 3; /* Collision */
goto apl_finished;
}
}
result = physlink_security(ctx->mgr->l2cap_conn->hcon, acp.data,
&acp.key_len, &acp.type);
if (result) {
BT_DBG("SECURITY");
rsp.status = 6; /* Security Violation */
goto apl_finished;
}
ctx->d.apl.phy_handle = physlink_handle(ctx->hdev);
ctx->state = AMP_APL_APL_STATUS;
ctx->evt_type = AMP_HCI_CMD_STATUS;
ctx->opcode = HCI_OP_ACCEPT_PHYS_LINK;
acp.phy_handle = ctx->d.apl.phy_handle;
hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(acp), &acp);
break;
case AMP_APL_APL_STATUS:
if (cs->status != 0)
goto apl_finished;
/* PAL will accept link, send a2mp response */
rsp.local_id = ctx->id;
rsp.remote_id = ctx->d.apl.remote_id;
rsp.status = 0;
send_a2mp_cmd(ctx->mgr, ctx->d.apl.req_ident,
A2MP_CREATEPHYSLINK_RSP, sizeof(rsp), &rsp);
/* send the first assoc fragment */
wcp.phy_handle = ctx->d.apl.phy_handle;
wcp.len_so_far = cpu_to_le16(ctx->d.apl.len_so_far);
wcp.rem_len = cpu_to_le16(ctx->d.apl.rem_len);
frag_len = min_t(u16, 248, ctx->d.apl.rem_len);
memcpy(wcp.frag, ctx->d.apl.remote_assoc, frag_len);
ctx->state = AMP_APL_WRA_COMPLETE;
ctx->evt_type = AMP_HCI_CMD_CMPLT;
ctx->opcode = HCI_OP_WRITE_REMOTE_AMP_ASSOC;
hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
break;
case AMP_APL_WRA_COMPLETE:
/* received write remote amp assoc command complete event */
wrp = (struct hci_rp_write_remote_amp_assoc *) skb->data;
if (wrp->status != 0)
goto apl_finished;
if (wrp->phy_handle != ctx->d.apl.phy_handle)
goto apl_finished;
/* update progress */
frag_len = min_t(u16, 248, ctx->d.apl.rem_len);
ctx->d.apl.len_so_far += frag_len;
ctx->d.apl.rem_len -= frag_len;
if (ctx->d.apl.rem_len > 0) {
u8 *assoc;
/* another assoc fragment to send */
wcp.phy_handle = ctx->d.apl.phy_handle;
wcp.len_so_far = cpu_to_le16(ctx->d.apl.len_so_far);
wcp.rem_len = cpu_to_le16(ctx->d.apl.rem_len);
frag_len = min_t(u16, 248, ctx->d.apl.rem_len);
assoc = ctx->d.apl.remote_assoc + ctx->d.apl.len_so_far;
memcpy(wcp.frag, assoc, frag_len);
hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
break;
}
/* wait for physical link complete event */
ctx->state = AMP_APL_PL_COMPLETE;
ctx->evt_type = AMP_HCI_EVENT;
ctx->evt_code = HCI_EV_PHYS_LINK_COMPLETE;
break;
case AMP_APL_PL_COMPLETE:
/* physical link complete event received */
if (skb->len < sizeof(*ev))
goto apl_finished;
ev = (struct hci_ev_phys_link_complete *) skb->data;
if (ev->phy_handle != ctx->d.apl.phy_handle)
break;
if (ev->status != 0)
goto apl_finished;
conn = hci_conn_hash_lookup_handle(ctx->hdev, ev->phy_handle);
if (!conn)
goto apl_finished;
result = 0;
BT_DBG("PL_COMPLETE phy_handle %x", ev->phy_handle);
conn->dst_id = ctx->d.apl.remote_id;
bacpy(&conn->dst, &ctx->mgr->l2cap_conn->hcon->dst);
goto apl_finished;
break;
default:
goto apl_finished;
break;
}
return 0;
apl_finished:
if (ctx->sk)
l2cap_amp_physical_complete(result, ctx->id,
ctx->d.apl.remote_id, ctx->sk);
if ((result) && (ctx->state < AMP_APL_PL_COMPLETE)) {
rsp.local_id = ctx->id;
rsp.remote_id = ctx->d.apl.remote_id;
send_a2mp_cmd(ctx->mgr, ctx->d.apl.req_ident,
A2MP_CREATEPHYSLINK_RSP, sizeof(rsp), &rsp);
}
kfree(ctx->d.apl.remote_assoc);
if (ctx->sk)
sock_put(ctx->sk);
if (ctx->hdev)
hci_dev_put(ctx->hdev);
return 1;
}
static void cancel_cpl_ctx(struct amp_ctx *ctx, u8 reason)
{
struct hci_cp_disconn_phys_link dcp;
ctx->state = AMP_CPL_PL_CANCEL;
ctx->evt_type = AMP_HCI_EVENT;
ctx->evt_code = HCI_EV_DISCONN_PHYS_LINK_COMPLETE;
dcp.phy_handle = ctx->d.cpl.phy_handle;
dcp.reason = reason;
hci_send_cmd(ctx->hdev, HCI_OP_DISCONN_PHYS_LINK, sizeof(dcp), &dcp);
}
static u8 createphyslink_handler(struct amp_ctx *ctx, u8 evt_type, void *data)
{
struct amp_ctrl *ctrl;
struct sk_buff *skb = data;
struct a2mp_cmd_hdr *hdr;
struct hci_ev_cmd_status *cs = data;
struct amp_ctx *cplctx;
struct a2mp_discover_req dreq;
struct a2mp_discover_rsp *drsp;
u16 *efm;
struct a2mp_getinfo_req greq;
struct a2mp_getinfo_rsp *grsp;
struct a2mp_cl *cl;
struct a2mp_getampassoc_req areq;
struct a2mp_getampassoc_rsp *arsp;
struct hci_cp_create_phys_link cp;
struct hci_cp_write_remote_amp_assoc wcp;
struct hci_rp_write_remote_amp_assoc *wrp;
struct hci_ev_channel_selected *cev;
struct hci_cp_read_local_amp_assoc rcp;
struct hci_rp_read_local_amp_assoc *rrp;
struct a2mp_createphyslink_req creq;
struct a2mp_createphyslink_rsp *crsp;
struct hci_ev_phys_link_complete *pev;
struct hci_ev_disconn_phys_link_complete *dev;
u8 *assoc, *rassoc, *lassoc;
u16 frag_len;
u16 rem_len;
int result = -EAGAIN;
struct hci_conn *conn;
BT_DBG("state %d", ctx->state);
if (evt_type == AMP_KILLED)
goto cpl_finished;
if (evt_type == AMP_CANCEL) {
if ((ctx->state < AMP_CPL_CPL_STATUS) ||
((ctx->state == AMP_CPL_PL_COMPLETE) &&
!(ctx->evt_type & AMP_HCI_EVENT)))
goto cpl_finished;
cancel_cpl_ctx(ctx, 0x16);
return 0;
}
switch (ctx->state) {
case AMP_CPL_INIT:
cplctx = get_ctx_type(ctx, AMP_CREATEPHYSLINK);
if (cplctx) {
BT_DBG("deferred to %p", cplctx);
cplctx->deferred = ctx;
break;
}
ctx->state = AMP_CPL_DISC_RSP;
ctx->evt_type = AMP_A2MP_RSP;
ctx->rsp_ident = next_ident(ctx->mgr);
dreq.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
dreq.ext_feat = 0;
send_a2mp_cmd(ctx->mgr, ctx->rsp_ident, A2MP_DISCOVER_REQ,
sizeof(dreq), &dreq);
break;
case AMP_CPL_DISC_RSP:
drsp = (struct a2mp_discover_rsp *) skb_pull(skb, sizeof(*hdr));
if (skb->len < (sizeof(*drsp))) {
result = -EINVAL;
goto cpl_finished;
}
efm = (u16 *) skb_pull(skb, sizeof(*drsp));
BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(drsp->mtu),
le16_to_cpu(drsp->ext_feat));
while (le16_to_cpu(drsp->ext_feat) & 0x8000) {
if (skb->len < sizeof(*efm)) {
result = -EINVAL;
goto cpl_finished;
}
drsp->ext_feat = *efm;
BT_DBG("efm 0x%4.4x", le16_to_cpu(drsp->ext_feat));
efm = (u16 *) skb_pull(skb, sizeof(*efm));
}
cl = (struct a2mp_cl *) efm;
/* find the first remote and local controller with the
* same type
*/
greq.id = 0;
result = -ENODEV;
while (skb->len >= sizeof(*cl)) {
if ((cl->id != 0) && (greq.id == 0)) {
struct hci_dev *hdev;
hdev = hci_dev_get_type(cl->type);
if (hdev) {
struct hci_conn *conn;
ctx->hdev = hdev;
ctx->id = hdev->id;
ctx->d.cpl.remote_id = cl->id;
conn = hci_conn_hash_lookup_ba(hdev,
ACL_LINK,
&ctx->mgr->l2cap_conn->hcon->dst);
if (conn) {
BT_DBG("PL_COMPLETE exists %x",
(int) conn->handle);
result = 0;
}
ctrl = get_create_ctrl(ctx->mgr,
cl->id);
if (ctrl) {
ctrl->type = cl->type;
ctrl->status = cl->status;
}
greq.id = cl->id;
}
}
cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*cl));
}
if ((!greq.id) || (!result))
goto cpl_finished;
ctx->state = AMP_CPL_GETINFO_RSP;
ctx->evt_type = AMP_A2MP_RSP;
ctx->rsp_ident = next_ident(ctx->mgr);
send_a2mp_cmd(ctx->mgr, ctx->rsp_ident, A2MP_GETINFO_REQ,
sizeof(greq), &greq);
break;
case AMP_CPL_GETINFO_RSP:
if (skb->len < sizeof(*grsp))
goto cpl_finished;
grsp = (struct a2mp_getinfo_rsp *) skb_pull(skb, sizeof(*hdr));
skb_pull(skb, sizeof(*grsp));
if (grsp->status)
goto cpl_finished;
if (grsp->id != ctx->d.cpl.remote_id)
goto cpl_finished;
ctrl = get_ctrl(ctx->mgr, grsp->id);
if (!ctrl)
goto cpl_finished;
ctrl->status = grsp->status;
ctrl->total_bw = le32_to_cpu(grsp->total_bw);
ctrl->max_bw = le32_to_cpu(grsp->max_bw);
ctrl->min_latency = le32_to_cpu(grsp->min_latency);
ctrl->pal_cap = le16_to_cpu(grsp->pal_cap);
ctrl->max_assoc_size = le16_to_cpu(grsp->assoc_size);
ctx->d.cpl.max_len = ctrl->max_assoc_size;
/* setup up GAA request */
areq.id = ctx->d.cpl.remote_id;
/* advance context state */
ctx->state = AMP_CPL_GAA_RSP;
ctx->evt_type = AMP_A2MP_RSP;
ctx->rsp_ident = next_ident(ctx->mgr);
send_a2mp_cmd(ctx->mgr, ctx->rsp_ident, A2MP_GETAMPASSOC_REQ,
sizeof(areq), &areq);
break;
case AMP_CPL_GAA_RSP:
if (skb->len < sizeof(*arsp))
goto cpl_finished;
hdr = (void *) skb->data;
arsp = (void *) skb_pull(skb, sizeof(*hdr));
if (arsp->status != 0)
goto cpl_finished;
/* store away remote assoc */
assoc = (u8 *) skb_pull(skb, sizeof(*arsp));
ctx->d.cpl.len_so_far = 0;
ctx->d.cpl.rem_len = hdr->len - sizeof(*arsp);
skb_pull(skb, ctx->d.cpl.rem_len);
rassoc = kmalloc(ctx->d.cpl.rem_len, GFP_ATOMIC);
if (!rassoc)
goto cpl_finished;
memcpy(rassoc, assoc, ctx->d.cpl.rem_len);
ctx->d.cpl.remote_assoc = rassoc;
/* set up CPL command */
ctx->d.cpl.phy_handle = physlink_handle(ctx->hdev);
cp.phy_handle = ctx->d.cpl.phy_handle;
if (physlink_security(ctx->mgr->l2cap_conn->hcon, cp.data,
&cp.key_len, &cp.type)) {
result = -EPERM;
goto cpl_finished;
}
/* advance context state */
ctx->state = AMP_CPL_CPL_STATUS;
ctx->evt_type = AMP_HCI_CMD_STATUS;
ctx->opcode = HCI_OP_CREATE_PHYS_LINK;
hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(cp), &cp);
break;
case AMP_CPL_CPL_STATUS:
/* received create physical link command status */
if (cs->status != 0)
goto cpl_finished;
/* send the first assoc fragment */
wcp.phy_handle = ctx->d.cpl.phy_handle;
wcp.len_so_far = ctx->d.cpl.len_so_far;
wcp.rem_len = cpu_to_le16(ctx->d.cpl.rem_len);
frag_len = min_t(u16, 248, ctx->d.cpl.rem_len);
memcpy(wcp.frag, ctx->d.cpl.remote_assoc, frag_len);
ctx->state = AMP_CPL_WRA_COMPLETE;
ctx->evt_type = AMP_HCI_CMD_CMPLT;
ctx->opcode = HCI_OP_WRITE_REMOTE_AMP_ASSOC;
hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
break;
case AMP_CPL_WRA_COMPLETE:
/* received write remote amp assoc command complete event */
if (skb->len < sizeof(*wrp))
goto cpl_finished;
wrp = (struct hci_rp_write_remote_amp_assoc *) skb->data;
if (wrp->status != 0)
goto cpl_finished;
if (wrp->phy_handle != ctx->d.cpl.phy_handle)
goto cpl_finished;
/* update progress */
frag_len = min_t(u16, 248, ctx->d.cpl.rem_len);
ctx->d.cpl.len_so_far += frag_len;
ctx->d.cpl.rem_len -= frag_len;
if (ctx->d.cpl.rem_len > 0) {
/* another assoc fragment to send */
wcp.phy_handle = ctx->d.cpl.phy_handle;
wcp.len_so_far = cpu_to_le16(ctx->d.cpl.len_so_far);
wcp.rem_len = cpu_to_le16(ctx->d.cpl.rem_len);
frag_len = min_t(u16, 248, ctx->d.cpl.rem_len);
memcpy(wcp.frag,
ctx->d.cpl.remote_assoc + ctx->d.cpl.len_so_far,
frag_len);
hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
break;
}
/* now wait for channel selected event */
ctx->state = AMP_CPL_CHANNEL_SELECT;
ctx->evt_type = AMP_HCI_EVENT;
ctx->evt_code = HCI_EV_CHANNEL_SELECTED;
break;
case AMP_CPL_CHANNEL_SELECT:
/* received channel selection event */
if (skb->len < sizeof(*cev))
goto cpl_finished;
cev = (void *) skb->data;
/* TODO - PK This check is valid but Libra PAL returns 0 for handle during
Create Physical Link collision scenario
if (cev->phy_handle != ctx->d.cpl.phy_handle)
goto cpl_finished;
*/
/* request the first local assoc fragment */
rcp.phy_handle = ctx->d.cpl.phy_handle;
rcp.len_so_far = 0;
rcp.max_len = ctx->d.cpl.max_len;
lassoc = kmalloc(ctx->d.cpl.max_len, GFP_ATOMIC);
if (!lassoc)
goto cpl_finished;
ctx->d.cpl.local_assoc = lassoc;
ctx->d.cpl.len_so_far = 0;
ctx->state = AMP_CPL_RLA_COMPLETE;
ctx->evt_type = AMP_HCI_CMD_CMPLT;
ctx->opcode = HCI_OP_READ_LOCAL_AMP_ASSOC;
hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(rcp), &rcp);
break;
case AMP_CPL_RLA_COMPLETE:
/* received read local amp assoc command complete event */
if (skb->len < 4)
goto cpl_finished;
rrp = (struct hci_rp_read_local_amp_assoc *) skb->data;
if (rrp->status)
goto cpl_finished;
if (rrp->phy_handle != ctx->d.cpl.phy_handle)
goto cpl_finished;
rem_len = le16_to_cpu(rrp->rem_len);
skb_pull(skb, 4);
frag_len = skb->len;
if (ctx->d.cpl.len_so_far + rem_len > ctx->d.cpl.max_len)
goto cpl_finished;
/* save this fragment in context */
lassoc = ctx->d.cpl.local_assoc + ctx->d.cpl.len_so_far;
memcpy(lassoc, rrp->frag, frag_len);
ctx->d.cpl.len_so_far += frag_len;
rem_len -= frag_len;
if (rem_len > 0) {
/* request another local assoc fragment */
rcp.phy_handle = ctx->d.cpl.phy_handle;
rcp.len_so_far = ctx->d.cpl.len_so_far;
rcp.max_len = ctx->d.cpl.max_len;
hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(rcp), &rcp);
} else {
creq.local_id = ctx->id;
creq.remote_id = ctx->d.cpl.remote_id;
/* wait for A2MP rsp AND phys link complete event */
ctx->state = AMP_CPL_PL_COMPLETE;
ctx->evt_type = AMP_A2MP_RSP | AMP_HCI_EVENT;
ctx->rsp_ident = next_ident(ctx->mgr);
ctx->evt_code = HCI_EV_PHYS_LINK_COMPLETE;
send_a2mp_cmd2(ctx->mgr, ctx->rsp_ident,
A2MP_CREATEPHYSLINK_REQ, sizeof(creq), &creq,
ctx->d.cpl.len_so_far, ctx->d.cpl.local_assoc);
}
break;
case AMP_CPL_PL_COMPLETE:
if (evt_type == AMP_A2MP_RSP) {
/* create physical link response received */
ctx->evt_type &= ~AMP_A2MP_RSP;
if (skb->len < sizeof(*crsp))
goto cpl_finished;
crsp = (void *) skb_pull(skb, sizeof(*hdr));
if ((crsp->local_id != ctx->d.cpl.remote_id) ||
(crsp->remote_id != ctx->id) ||
(crsp->status != 0)) {
cancel_cpl_ctx(ctx, 0x13);
break;
}
/* notify Qualcomm PAL */
if (ctx->hdev->manufacturer == 0x001d)
hci_send_cmd(ctx->hdev,
hci_opcode_pack(0x3f, 0x00), 0, NULL);
}
if (evt_type == AMP_HCI_EVENT) {
ctx->evt_type &= ~AMP_HCI_EVENT;
/* physical link complete event received */
if (skb->len < sizeof(*pev))
goto cpl_finished;
pev = (void *) skb->data;
if (pev->phy_handle != ctx->d.cpl.phy_handle)
break;
if (pev->status != 0)
goto cpl_finished;
}
if (ctx->evt_type)
break;
conn = hci_conn_hash_lookup_handle(ctx->hdev,
ctx->d.cpl.phy_handle);
if (!conn)
goto cpl_finished;
result = 0;
BT_DBG("PL_COMPLETE phy_handle %x", ctx->d.cpl.phy_handle);
bacpy(&conn->dst, &ctx->mgr->l2cap_conn->hcon->dst);
conn->dst_id = ctx->d.cpl.remote_id;
conn->out = 1;
goto cpl_finished;
break;
case AMP_CPL_PL_CANCEL:
dev = (void *) skb->data;
BT_DBG("PL_COMPLETE cancelled %x", dev->phy_handle);
result = -EISCONN;
goto cpl_finished;
break;
default:
goto cpl_finished;
break;
}
return 0;
cpl_finished:
l2cap_amp_physical_complete(result, ctx->id, ctx->d.cpl.remote_id,
ctx->sk);
if (ctx->sk)
sock_put(ctx->sk);
if (ctx->hdev)
hci_dev_put(ctx->hdev);
kfree(ctx->d.cpl.remote_assoc);
kfree(ctx->d.cpl.local_assoc);
return 1;
}
static int disconnphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (void *) skb->data;
struct a2mp_disconnphyslink_req *req;
struct a2mp_disconnphyslink_rsp rsp;
struct hci_dev *hdev;
struct hci_conn *conn;
struct amp_ctx *aplctx;
BT_DBG("mgr %p skb %p", mgr, skb);
if (hdr->len < sizeof(*req))
return -EINVAL;
req = (void *) skb_pull(skb, sizeof(*hdr));
skb_pull(skb, sizeof(*req));
rsp.local_id = req->remote_id;
rsp.remote_id = req->local_id;
rsp.status = 0;
BT_DBG("local_id %d remote_id %d",
(int) rsp.local_id, (int) rsp.remote_id);
hdev = hci_dev_get(rsp.local_id);
if (!hdev) {
rsp.status = 1; /* Invalid Controller ID */
goto dpl_finished;
}
BT_DBG("hdev %p", hdev);
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
&mgr->l2cap_conn->hcon->dst);
if (!conn) {
aplctx = get_ctx_mgr(mgr, AMP_ACCEPTPHYSLINK);
if (aplctx) {
kill_ctx(aplctx);
rsp.status = 0;
goto dpl_finished;
}
rsp.status = 2; /* No Physical Link exists */
goto dpl_finished;
}
BT_DBG("conn %p", conn);
hci_disconnect(conn, 0x13);
dpl_finished:
send_a2mp_cmd(mgr, hdr->ident,
A2MP_DISCONNPHYSLINK_RSP, sizeof(rsp), &rsp);
if (hdev)
hci_dev_put(hdev);
return 0;
}
static int execute_ctx(struct amp_ctx *ctx, u8 evt_type, void *data)
{
struct amp_mgr *mgr = ctx->mgr;
u8 finished = 0;
if (!mgr->connected)
return 0;
switch (ctx->type) {
case AMP_GETAMPASSOC:
finished = getampassoc_handler(ctx, evt_type, data);
break;
case AMP_CREATEPHYSLINK:
finished = createphyslink_handler(ctx, evt_type, data);
break;
case AMP_ACCEPTPHYSLINK:
finished = acceptphyslink_handler(ctx, evt_type, data);
break;
}
if (!finished)
mod_timer(&(ctx->timer), jiffies +
msecs_to_jiffies(A2MP_RSP_TIMEOUT));
else
destroy_ctx(ctx);
return finished;
}
static int cancel_ctx(struct amp_ctx *ctx)
{
return execute_ctx(ctx, AMP_CANCEL, 0);
}
static int kill_ctx(struct amp_ctx *ctx)
{
return execute_ctx(ctx, AMP_KILLED, 0);
}
static void ctx_timeout_worker(struct work_struct *w)
{
struct amp_work_ctx_timeout *work = (struct amp_work_ctx_timeout *) w;
struct amp_ctx *ctx = work->ctx;
kill_ctx(ctx);
kfree(work);
}
static void ctx_timeout(unsigned long data)
{
struct amp_ctx *ctx = (struct amp_ctx *) data;
struct amp_work_ctx_timeout *work;
BT_DBG("ctx %p", ctx);
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, ctx_timeout_worker);
work->ctx = ctx;
if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
kfree(work);
}
}
static void launch_ctx(struct amp_mgr *mgr)
{
struct amp_ctx *ctx = NULL;
BT_DBG("mgr %p", mgr);
read_lock(&mgr->ctx_list_lock);
if (!list_empty(&mgr->ctx_list))
ctx = list_first_entry(&mgr->ctx_list, struct amp_ctx, list);
read_unlock(&mgr->ctx_list_lock);
BT_DBG("ctx %p", ctx);
if (ctx)
execute_ctx(ctx, AMP_INIT, NULL);
}
static inline int a2mp_rsp(struct amp_mgr *mgr, struct sk_buff *skb)
{
struct amp_ctx *ctx;
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
u16 hdr_len = le16_to_cpu(hdr->len);
/* find context waiting for A2MP rsp with this rsp's identifier */
BT_DBG("ident %d code %d", hdr->ident, hdr->code);
ctx = get_ctx_a2mp(mgr, hdr->ident);
if (ctx) {
execute_ctx(ctx, AMP_A2MP_RSP, skb);
} else {
BT_DBG("context not found");
skb_pull(skb, sizeof(*hdr));
if (hdr_len > skb->len)
hdr_len = skb->len;
skb_pull(skb, hdr_len);
}
return 0;
}
/* L2CAP-A2MP interface */
static void a2mp_receive(struct sock *sk, struct sk_buff *skb)
{
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
int len;
int err = 0;
struct amp_mgr *mgr;
mgr = get_amp_mgr_sk(sk);
if (!mgr)
goto a2mp_finished;
len = skb->len;
while (len >= sizeof(*hdr)) {
struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
u16 clen = le16_to_cpu(hdr->len);
BT_DBG("code 0x%02x id %d len %d", hdr->code, hdr->ident, clen);
if (clen > len || !hdr->ident) {
err = -EINVAL;
break;
}
switch (hdr->code) {
case A2MP_COMMAND_REJ:
command_rej(mgr, skb);
break;
case A2MP_DISCOVER_REQ:
err = discover_req(mgr, skb);
break;
case A2MP_CHANGE_NOTIFY:
err = change_notify(mgr, skb);
break;
case A2MP_GETINFO_REQ:
err = getinfo_req(mgr, skb);
break;
case A2MP_GETAMPASSOC_REQ:
err = getampassoc_req(mgr, skb);
break;
case A2MP_CREATEPHYSLINK_REQ:
err = createphyslink_req(mgr, skb);
break;
case A2MP_DISCONNPHYSLINK_REQ:
err = disconnphyslink_req(mgr, skb);
break;
case A2MP_CHANGE_RSP:
case A2MP_DISCOVER_RSP:
case A2MP_GETINFO_RSP:
case A2MP_GETAMPASSOC_RSP:
case A2MP_CREATEPHYSLINK_RSP:
case A2MP_DISCONNPHYSLINK_RSP:
err = a2mp_rsp(mgr, skb);
break;
default:
BT_ERR("Unknown A2MP signaling command 0x%2.2x",
hdr->code);
skb_pull(skb, sizeof(*hdr));
err = -EINVAL;
break;
}
len = skb->len;
}
a2mp_finished:
if (err && mgr) {
struct a2mp_cmd_rej rej;
rej.reason = cpu_to_le16(0);
send_a2mp_cmd(mgr, hdr->ident, A2MP_COMMAND_REJ,
sizeof(rej), &rej);
}
}
/* L2CAP-A2MP interface */
static int send_a2mp(struct socket *sock, u8 *data, int len)
{
struct kvec iv = { data, len };
struct msghdr msg;
memset(&msg, 0, sizeof(msg));
return kernel_sendmsg(sock, &msg, &iv, 1, len);
}
static void data_ready_worker(struct work_struct *w)
{
struct amp_work_data_ready *work = (struct amp_work_data_ready *) w;
struct sock *sk = work->sk;
struct sk_buff *skb;
/* skb_dequeue() is thread-safe */
while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
a2mp_receive(sk, skb);
kfree_skb(skb);
}
sock_put(work->sk);
kfree(work);
}
static void data_ready(struct sock *sk, int bytes)
{
struct amp_work_data_ready *work;
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, data_ready_worker);
sock_hold(sk);
work->sk = sk;
work->bytes = bytes;
if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
kfree(work);
sock_put(sk);
}
}
}
static void state_change_worker(struct work_struct *w)
{
struct amp_work_state_change *work = (struct amp_work_state_change *) w;
struct amp_mgr *mgr;
switch (work->sk->sk_state) {
case BT_CONNECTED:
/* socket is up */
BT_DBG("CONNECTED");
mgr = get_amp_mgr_sk(work->sk);
if (mgr) {
mgr->connected = 1;
if (mgr->skb) {
l2cap_recv_deferred_frame(work->sk, mgr->skb);
mgr->skb = NULL;
}
launch_ctx(mgr);
}
break;
case BT_CLOSED:
/* connection is gone */
BT_DBG("CLOSED");
mgr = get_amp_mgr_sk(work->sk);
if (mgr) {
if (!sock_flag(work->sk, SOCK_DEAD))
sock_release(mgr->a2mp_sock);
mgr->a2mp_sock = NULL;
remove_amp_mgr(mgr);
}
break;
default:
/* something else happened */
break;
}
sock_put(work->sk);
kfree(work);
}
static void state_change(struct sock *sk)
{
struct amp_work_state_change *work;
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, state_change_worker);
sock_hold(sk);
work->sk = sk;
if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
kfree(work);
sock_put(sk);
}
}
}
static struct socket *open_fixed_channel(bdaddr_t *src, bdaddr_t *dst)
{
int err;
struct socket *sock;
struct sockaddr_l2 addr;
struct sock *sk;
struct l2cap_options opts = {L2CAP_A2MP_DEFAULT_MTU,
L2CAP_A2MP_DEFAULT_MTU, L2CAP_DEFAULT_FLUSH_TO,
L2CAP_MODE_ERTM, 1, 0xFF, 1};
err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET,
BTPROTO_L2CAP, &sock);
if (err) {
BT_ERR("sock_create_kern failed %d", err);
return NULL;
}
sk = sock->sk;
sk->sk_data_ready = data_ready;
sk->sk_state_change = state_change;
memset(&addr, 0, sizeof(addr));
bacpy(&addr.l2_bdaddr, src);
addr.l2_family = AF_BLUETOOTH;
addr.l2_cid = L2CAP_CID_A2MP;
err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
if (err) {
BT_ERR("kernel_bind failed %d", err);
sock_release(sock);
return NULL;
}
l2cap_fixed_channel_config(sk, &opts);
memset(&addr, 0, sizeof(addr));
bacpy(&addr.l2_bdaddr, dst);
addr.l2_family = AF_BLUETOOTH;
addr.l2_cid = L2CAP_CID_A2MP;
err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr),
O_NONBLOCK);
if ((err == 0) || (err == -EINPROGRESS))
return sock;
else {
BT_ERR("kernel_connect failed %d", err);
sock_release(sock);
return NULL;
}
}
static void conn_ind_worker(struct work_struct *w)
{
struct amp_work_conn_ind *work = (struct amp_work_conn_ind *) w;
struct hci_conn *hcon = work->hcon;
struct sk_buff *skb = work->skb;
struct amp_mgr *mgr;
mgr = get_create_amp_mgr(hcon, skb);
BT_DBG("mgr %p", mgr);
hci_conn_put(hcon);
kfree(work);
}
static void create_physical_worker(struct work_struct *w)
{
struct amp_work_create_physical *work =
(struct amp_work_create_physical *) w;
create_physical(work->conn, work->sk);
sock_put(work->sk);
kfree(work);
}
static void accept_physical_worker(struct work_struct *w)
{
struct amp_work_accept_physical *work =
(struct amp_work_accept_physical *) w;
accept_physical(work->conn, work->id, work->sk);
sock_put(work->sk);
kfree(work);
}
/* L2CAP Fixed Channel interface */
void amp_conn_ind(struct hci_conn *hcon, struct sk_buff *skb)
{
struct amp_work_conn_ind *work;
BT_DBG("hcon %p, skb %p", hcon, skb);
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, conn_ind_worker);
hci_conn_hold(hcon);
work->hcon = hcon;
work->skb = skb;
if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
hci_conn_put(hcon);
kfree(work);
}
}
}
/* L2CAP Physical Link interface */
void amp_create_physical(struct l2cap_conn *conn, struct sock *sk)
{
struct amp_work_create_physical *work;
BT_DBG("conn %p", conn);
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, create_physical_worker);
work->conn = conn;
work->sk = sk;
sock_hold(sk);
if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
sock_put(sk);
kfree(work);
}
}
}
void amp_accept_physical(struct l2cap_conn *conn, u8 id, struct sock *sk)
{
struct amp_work_accept_physical *work;
BT_DBG("conn %p", conn);
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, accept_physical_worker);
work->conn = conn;
work->sk = sk;
work->id = id;
sock_hold(sk);
if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
sock_put(sk);
kfree(work);
}
}
}
/* HCI interface */
static void amp_cmd_cmplt_worker(struct work_struct *w)
{
struct amp_work_cmd_cmplt *work = (struct amp_work_cmd_cmplt *) w;
struct hci_dev *hdev = work->hdev;
u16 opcode = work->opcode;
struct sk_buff *skb = work->skb;
struct amp_ctx *ctx;
ctx = get_ctx_hdev(hdev, AMP_HCI_CMD_CMPLT, opcode);
if (ctx)
execute_ctx(ctx, AMP_HCI_CMD_CMPLT, skb);
kfree_skb(skb);
kfree(w);
}
static void amp_cmd_cmplt_evt(struct hci_dev *hdev, u16 opcode,
struct sk_buff *skb)
{
struct amp_work_cmd_cmplt *work;
struct sk_buff *skbc;
BT_DBG("hdev %p opcode 0x%x skb %p len %d",
hdev, opcode, skb, skb->len);
skbc = skb_clone(skb, GFP_ATOMIC);
if (!skbc)
return;
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, amp_cmd_cmplt_worker);
work->hdev = hdev;
work->opcode = opcode;
work->skb = skbc;
if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
kfree(work);
}
}
static void amp_cmd_status_worker(struct work_struct *w)
{
struct amp_work_cmd_status *work = (struct amp_work_cmd_status *) w;
struct hci_dev *hdev = work->hdev;
u16 opcode = work->opcode;
u8 status = work->status;
struct amp_ctx *ctx;
ctx = get_ctx_hdev(hdev, AMP_HCI_CMD_STATUS, opcode);
if (ctx)
execute_ctx(ctx, AMP_HCI_CMD_STATUS, &status);
kfree(w);
}
static void amp_cmd_status_evt(struct hci_dev *hdev, u16 opcode, u8 status)
{
struct amp_work_cmd_status *work;
BT_DBG("hdev %p opcode 0x%x status %d", hdev, opcode, status);
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, amp_cmd_status_worker);
work->hdev = hdev;
work->opcode = opcode;
work->status = status;
if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
kfree(work);
}
}
static void amp_event_worker(struct work_struct *w)
{
struct amp_work_event *work = (struct amp_work_event *) w;
struct hci_dev *hdev = work->hdev;
u8 event = work->event;
struct sk_buff *skb = work->skb;
struct amp_ctx *ctx;
if (event == HCI_EV_AMP_STATUS_CHANGE) {
struct hci_ev_amp_status_change *ev;
if (skb->len < sizeof(*ev))
goto amp_event_finished;
ev = (void *) skb->data;
if (ev->status != 0)
goto amp_event_finished;
if (ev->amp_status == hdev->amp_status)
goto amp_event_finished;
hdev->amp_status = ev->amp_status;
send_a2mp_change_notify();
goto amp_event_finished;
}
ctx = get_ctx_hdev(hdev, AMP_HCI_EVENT, (u16) event);
if (ctx)
execute_ctx(ctx, AMP_HCI_EVENT, skb);
amp_event_finished:
kfree_skb(skb);
kfree(w);
}
static void amp_evt(struct hci_dev *hdev, u8 event, struct sk_buff *skb)
{
struct amp_work_event *work;
struct sk_buff *skbc;
BT_DBG("hdev %p event 0x%x skb %p", hdev, event, skb);
skbc = skb_clone(skb, GFP_ATOMIC);
if (!skbc)
return;
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work, amp_event_worker);
work->hdev = hdev;
work->event = event;
work->skb = skbc;
if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
kfree(work);
}
}
static void amp_dev_event_worker(struct work_struct *w)
{
send_a2mp_change_notify();
kfree(w);
}
static int amp_dev_event(struct notifier_block *this, unsigned long event,
void *ptr)
{
struct hci_dev *hdev = (struct hci_dev *) ptr;
struct amp_work_event *work;
if (hdev->amp_type == HCI_BREDR)
return NOTIFY_DONE;
switch (event) {
case HCI_DEV_UNREG:
case HCI_DEV_REG:
case HCI_DEV_UP:
case HCI_DEV_DOWN:
BT_DBG("hdev %p event %ld", hdev, event);
work = kmalloc(sizeof(*work), GFP_ATOMIC);
if (work) {
INIT_WORK((struct work_struct *) work,
amp_dev_event_worker);
if (queue_work(amp_workqueue,
(struct work_struct *) work) == 0)
kfree(work);
}
}
return NOTIFY_DONE;
}
/* L2CAP module init continued */
static struct notifier_block amp_notifier = {
.notifier_call = amp_dev_event
};
static struct amp_mgr_cb hci_amp = {
.amp_cmd_complete_event = amp_cmd_cmplt_evt,
.amp_cmd_status_event = amp_cmd_status_evt,
.amp_event = amp_evt
};
int amp_init(void)
{
hci_register_amp(&hci_amp);
hci_register_notifier(&amp_notifier);
amp_next_handle = 1;
amp_workqueue = create_singlethread_workqueue("a2mp");
if (!amp_workqueue)
return -EPERM;
return 0;
}
void amp_exit(void)
{
hci_unregister_amp(&hci_amp);
hci_unregister_notifier(&amp_notifier);
flush_workqueue(amp_workqueue);
destroy_workqueue(amp_workqueue);
}