It is possible for the AMP move state to become WAIT_CONFIRM_RSP
before the logical link complete handler runs, so must allow
that state in the handler.
This fixes an issue where the move to AMP fails when moving a
second channel onto an existing logical link. In this case
the move responses are received from the remote very close
together (because there is no logical link to create) and they
are processed (and the state changed to WAIT_CONFIRM_RSP) before
the logical link complete handler runs on the work queue.
Change-Id: I0fc33c3e447ec8bd0009db406622adfc1cd83429
CRs-fixed: 348299
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Take a reference on the hci_conn and do not de-reference l2cap_conn
while setting up the A2MP fixed channel. l2cap_conn is not reference
counted and may go away before the channel is set up.
This fixes scenario where the ACL disconnects (and l2cap_conn goes
away) while amp_conn_ind worker is running or is on the workqueue
waiting to run.
Change-Id: I10fc6d9b146fcc5e010f26a046f7e0570f2b93dd
CRs-fixed: 347079
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Increase the L2CAP move timeout to allow adequate time for both
controllers to exit sniff mode and exchange move signals. This
fixes an issue where sending a move request to move a channel
from AMP back to BR-EDR and both controllers need to exit sniff
first the move response is not received before the move timeout
expires and the channel is disconnected. This value needs to be
at least 4X the sniff interval.
Change-Id: I31d5b3fc52489a5e78818aa3bec654cb777f66f1
CRs-fixed: 341368
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix sending alert from the proximity client when the
received RSSI of the remote device equals the threshold
set on the client.
CRs-fixed: 344936
Change-Id: I598d7d66b492cb76754280d657b6e6d55dd0903b
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
This improves compatbility with a lot of headset / chipset
combinations. Ideally this should not be needed.
Change-Id: I8b676701e12e416aa7d60801b9d353b15d102709
Signed-off-by: hyungseoung.yoo <hyungseoung.yoo@samsung.com>
Signed-off-by: Jaikumar Ganesh <jaikumarg@android.com>
For non SSP devices, MEDIUM_SECURITY has to be used for pairing. This
can be determined and set while receiving remote supported features
event for BT2.0 devices.
Change-Id: I24558d40be01c4232fff4a871e2b57e390d4128a
CRs-fixed: 345945
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Fix issue where if a SCO connection is initiated during an AMP
OBEX transfer the fallback to BR-EDR fails and the OBEX connection
is disconnected.
When moving a channel back to BR-EDR L2CAP must allow for receiving
a Move Channel Response with Pending status before receiving the
Response with Success status.
Change-Id: I017bf607fa8ab5d0d582d61538c9a0e5ec25cd26
CRs-fixed: 341363
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix issue where if there are two OBEX connections on an AMP link and one
of them is moved back to BR-EDR (or disconnected) the remaining connection
ceases to transfer any data, times out, and disconnects.
The l2cap_data pointer of the AMP hci_conn structure should not be cleared
whenever an L2CAP channel on AMP is deleted, it should only be cleared
when the last L2CAP channel on the AMP is deleted. This allows multiple
L2CAP channels to be open concurrently on AMP.
CRs-fixed: 344557
Change-Id: Ifb15a7156437a6ab7a7a76c3dae4b1cd901c796f
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Fix issue where the attempt to move a second OBEX connection onto an
AMP link fails and the connection is disconnected.
When handling a Move when there is an existing Best Effort Logical Link
L2CAP must check for the WAIT_MOVE_CONFIRM and WAIT_MOVE_RSP_SUCESS
states when the logical link completes. In these scenarios the logical
link completes before the Move Confirm or Move Response Success is
received and L2CAP must continue to wait for the confirm or response.
CRs-fixed: 344557
Change-Id: I3e0786f780fa48592bb45ec2e81ae1ffa4a6ab80
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
This feature is required for implementing Low energy
proximity client immediate alert service. The proximtiy
client registers with the kernel for receiving RSSI updates
of the remote device. The kernel starts polling for RSSI
value using READ_RSSI HCI command and When it reaches
a particular threshold set by the proximity client,
updates are sent to the client.
Change-Id: I723dd140ad3bf02978c57b3ab127bb6768f28cca
CRs-fixed: 344936
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).
However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.
Change-Id: I9751454d450345b648d34445324b04ebfceae4b4
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
CRs-fixed: 343392
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
In hci_conn_security ( which is used during L2CAP connection
establishment ) test for HCI_CONN_ENCRYPT_PEND state also
sets this state, which is bogus and leads to connection time-out
on L2CAP sockets in certain situations (especially when
using non-ssp devices )
Change-Id: I4b962ef332c03485912f9e8e7b501d86b375daca
Signed-off-by: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
[mathewm@codeaurora.org: Resolved conflict]
CRs-fixed: 343392
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Connection security level is modified based on remote device's
extended feature. Deciding SSP capability of remote device
by EIR response is incorrect, because few BT2.1 devices do not
send EIR and few BT2.1 devices which send EIR do not support
SSP. SSP capability of remote device has to be decided based on
remote_extended_features event. This patch makes sure that
MEDIUM_SECURITY is set for non ssp devices' pairing process.
Change-Id: I328a35a30895f2ab6abaaeec51b364ecd633e642
CRs-fixed: 339166
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
HCI_INQUIRY flags wasn't cleared thereby causing successive inquiry scans
triggered via IOCTLs to fail as connection timeout. As a consequence
successive device scans triggered by Bluez tool (hcitool) failed.
Now HCI_INQUIRY flags are cleared irrespective of device type being BR/EDR
or LE.
Change-Id: Ic5e4804b52f18a46940f38d1e14e8c6825fa97bb
Signed-off-by: Royston Rodrigues <roystonr@codeaurora.org>
Expose Bluetooth remote features to the userspace. A2DP profile
setup in the userspace would need this information to
determine if the remote side supports EDR ACL link or not.
Change-Id: Ib6713707baaf30ffe872247313b2185ae2897385
Signed-off-by: Sunny Kapdi <sunnyk@codeaurora.org>
When a Bluetooth device is powered down while RFCOMM connections are
open, there are race conditions where RFCOMM tries to use an HCI
connection after the data structures have been deleted. Since the
powerdown procedure runs in process context, it is possible to lock
sockets before accessing them to close connections. This change adds
that locking, which will serialize socket access between processors
during powerdown.
Change-Id: I587720799b35d9ee6e66340bdeda8a2b9e2ea7b5
CRs-fixed: 336893
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
In case both side have no MITM requirements, we need
to use Just Works Association Model. We should not
display PassKey in this case and just YES/NO option
should be displayed
Change-Id: I447aa84a0d021e8834138062a26a9380d3b9b2d9
Signed-off-by: AnubhavGupta <anubhavg@codeaurora.org>
When AUTH_REQUESTED command status is error status, do the bonding
cleanup, so that there will not be any problem for next time
pairing process and in user space.
Change-Id: I0150382be902279b856099c840598c5be91d03ac
CRs-fixed: 331126
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Because traffic between the local GATT client(s) and
remote servers are subject to different controls than
remote clients and the local server, all on the shared
fixed CID, it is important to manage the traffic on
seperate sockets.
Change-Id: I62385143c86522f4b123b32592b69f2a0ae6dc76
CRs-fixed: 336029
Signed-off-by: Brian Gix <bgix@codeaurora.org>
We only support a 23 octet MTU, so auto-respond to all
MTU change requests with the 23 octet response.
Change-Id: Ic69d5f068759d983f8cd98b329acbb9d3a481c49
CRs-fixed: 336025
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Some rebalancing of refcnts due to issues found during testing:
Refcnt was not being released on security completion, if local side
was paired but the remote side had deleted the pairing info, and then
the re-pair failed to complete successfully.
Additionally, the refcnt was not held-released properly if pairing
was initiated due to the client socket being opened with security
level elevated from the start.
Change-Id: I120fed4dc74035d280781ca949a23d4cbcfa3f3e
CRs-fixed: 335993
Signed-off-by: Brian Gix <bgix@codeaurora.org>
An application may call recv() on a disconnected socket if the
connection has unexpectedly dropped. In this case, the socket may
still exist, but it will be in an error state and the L2CAP connection
will be mostly torn down.
A crash was observed when the ERTM code attempted to send an ACK when
the L2CAP connection was not up. If the error state is detected and
ERTM queue processing is skipped, then the crash is avoided and the
recv() call just returns an error in userspace.
CRs-fixed: 336000
Change-Id: I540d774c5d42f0df856b13b6e634e6ba31d86492
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
For every incoming connection, both l2cap_connect_ind and
sco_connect_ind are called. One will always have a mismatched link
type (which is expected), the incoming link will be either L2CAP or
SCO but both connect_ind functions get called anyway. If the incoming
link is an L2CAP link, sco_connect_ind should return 0 so it doesn't
set any mask bits. Similarly, an incoming SCO link should make
l2cap_connect_ind return 0.
CRs-fixed: 336437
Change-Id: I4722d64ef65988d7898b178f05c4e6709ead1362
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Even after the device is down, some hci commands are getting queued in
some scenarios, since there is no command queue purge mechanism in the
initialization sequence, so the immediate device up initialization
sequence is messed up with unexpected commands.
The current change blocks some of the hci commands to get queued if the
device is down and also purges the queue in the beginning of the next
device initialization sequence.
CRs-fixed: 336160
Change-Id: Ice5a38da47af11babd5b9dd33b9d711ef96e6732
Signed-off-by: Bhasker Neti <bneti@codeaurora.org>
The L2CAP specification has two ways to support streaming mode: Allow
fallback to ERTM or basic mode when the remote device requests one of
those modes, or make the connection fail unless both sides agree on
streaming mode.
The current code does not properly support either method. This change
makes a streaming mode connection fail if the remote device does not
also request streaming mode.
CRs-fixed: 336291
Change-Id: Id26f963a5e15d18e85a2faf2f8f01848e2a73fa4
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
If encryption fails during socket setup, the L2CAP channel should not
be marked as Ready until after re-pairing takes place.
Change-Id: I57a07ae72d4a57584c9367db9a832f4560629ac7
CRs-fixed: 335988
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Increased the LE supervision timeout to 10 seconds
so that concurrent operations can be performed with LE
connection.
Change-Id: I34cc53d1a0eb8943de11fc35580a27b037b87b2f
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
Found incoming connection issue with IOT devices when link enters
sniff mode during pairing process. The current change avoids link
entering sniff mode when link key is not available for connection.
Change-Id: I26fbbccec8d7b3faa91cba8f976fb0e44d7f5344
CRs-Fixed: 331520
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
Ensure the full A2MP Get Info Response message is pulled from the
skb when the status is not SUCCESS. Also fix similiar scenario in
Get AMP Assoc and remove unneeded check for mismatched id's.
Change-Id: Ia676d89238113e24f06aaa5d9e955afcc4de0307
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Need to allocate headroom in ACL data packets destined for the
Qualcomm PAL that are be transmitted via an HCI socket.
The Qualcomm PAL uses extra headroom in skbs to be transmitted to
save a copy when passing to the WLAN driver. This headroom is
allocated by L2CAP. This same headroom must be added for skbs to
be transmitted directly by HCI socket layer. HCI sockets are used
to transmit data during Bluetooth qualification testing.
CRs-fixed: 332866
Change-Id: I173a16c6cb3882bf4155be051e3b3375ea240369
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
It is possible to redundently request Discovery
operations. This fix cleans up some stored state to
prevent MGMT event overload when discovery finally completes.
Change-Id: I2ffb5c0749df95e40cd39e8c64c87a62a93fb896
CRs-fixed: 329657
Signed-off-by: Brian Gix <bgix@codeaurora.org>
On ACL connection complete with a remote device, the remote
device lmp version should be available with Controller. The
current change is to read this information from controller to
host and update to bluez userspace through management APIs.
Change-Id: Ie152ed98fa0a6cf9ab170a6bb8c6a05b5b9dfcb0
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
When doing L2CAP configuration, use the correct retransmit and monitor
timeouts when configuring (or reconfiguring) AMP channels. The host
stack needs to use the timeouts read from incoming configuration
responses, and write appropriate timeouts when sending configuration
responses.
Change-Id: I1271ade93dbfee58a1cac115280704a327e901b2
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
This change prevents running timers from being re-initialized
which causes system instablility. Also prevents starting a
discovery operation when already in progress.
CRs-fixed: 328673
Change-Id: Icda36a25fdcb40dab4f95f9cc39ca124b299e308
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Added Flush Timeout parameter setting for l2cap channel. Bluetooth
profiles using l2cap can set this parameter to flush out the data
when it cannot be sent over the air with in timeout duration.
Change-Id: I60420c5be3a790aff26bc30e8089fdca47a99222
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
As a preventative measure, timers on dynamic memory structures must be
not running, or stopped, prior to freeing. Since it is safe to delete
timers whether running or not, all timers are deleted.
CRs-fixed: 328673
Change-Id: I255d99cb2419fad07caf445920050cf2d05ffe4d
Signed-off-by: Brian Gix <bgix@codeaurora.org>
When an incoming HCI logical link event came in at the same time
a socket structure was deleted, it was possible to end up with a stale
pointer to the socket. The socket and associated HCI channel struct
need to be properly reference counted so they are not freed
prematurely.
CRs-Fixed: 325023
Change-Id: Ia5724a9ce2000acd60a174c354be04029bac5324
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Upon properly initializing the incoming connection
link policy, the link is able to enter sniff mode.
CRs-fixed: 327571
Change-Id: Ib21c09234f823f011aad158ae232f3060085183e
Signed-off-by: Rahul Kashyap <rkashyap@codeaurora.org>
When connection initiated from the remote device the class of device
information is required to be updated to userspace through this
event.
Change-Id: I97d715a0b80e12d414ecf03d099955c8b12c82b4
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
Since l2cap_ertm_send() runs in process context, it may be preempted
by incoming data being processed in tasklet context. In order to
avoid race conditions where a packet is acknowledged before the
transmit queue is properly updated, ERTM state should be set up for
the next transmit before the packet is actually sent.
CRs-fixed: 326238
Change-Id: I3df0e93118a357dbd34ff26ad74d7c0c38bf5121
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Notifying Bluez userspace of a shutdown earlier prevents new commands from
being sent. The extra commands were interfering with reinitialization of
the device
Change-Id: I862a658585ffa69348fbb4bdfba96f3916d0e5ef
Signed-off-by: Bhasker Neti <bneti@codeaurora.org>
In ERTM, the outgoing data queue contains both unsent data and unacked
data, and sk_send_head points to the first unsent packet. When
disconnecting a socket, it's possible for a process to attempt a
socket send while a disconnection is in progress and the outgoing data
queue has been purged. When this purge happens, sk_send_head must also
be set to NULL because the packet it was pointing to has been freed.
Change-Id: I87b37a13583fac705241549dfc492950c7c0ec0b
CRs-fixed: 326238
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
After ACL disconnection and removal of pending acl
acknowledgement, we have to schedule HCI_TX task. This will
allow other active connection to send ACL packets.
Change-Id: I3ddf61a3c7ff149b05e963159e10af0ab6ef6143
Signed-off-by: AnubhavGupta <anubhavg@codeaurora.org>
Security level will be set to MEDIUM in case where the remote device
is 2.0 device. This would prevent it from going to 16 digit pairing
in case where the remote device sends the EIR and still doesn't
support SSP
CRs-fixed: 318469
Change-Id: I9d03b2b628cc188de44f44cfc3f8e81fbf3cb79d
Signed-off-by: Bhakthavatsala Raghavendra <braghave@codeaurora.org>
During normal ERTM sends and resends, buffers are copied or cloned.
If the copy/clone fails, take sensible action rather than causing a
kernel panic.
Change-Id: Ib491cfb38dab30014ed08571dbd721dad0cc3714
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
When the connection is not in BT_CONNECTED state it was possible
for code in hci_chan_modify() to attempt to access the hci_chan
structure after it had already been deleted by hci_chan_put().
Change-Id: I5ae352ac12aa3b456e7bcf30633015d98b03e44b
CRs-fixed: 319934
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Default RFC values should use le16 byte ordering. These values are
used only as a fallback when poorly-behaved remote devices do not send
a proper RFC option in an ERTM or streaming configuration response.
Change-Id: I51c9ae892f18229f568b354c92b64e3a8054b619
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Commit f4d7cd4a4c introduced the usage of kthread API.
kthread_stop is a blocking function which returns only when
the thread exits. In this case, the thread can't exit because it's
waiting for the write lock, which is being held by bnep_del_connection()
which is waiting for the thread to exit -- deadlock.
Use atomic_t/wake_up_process instead to signal to the thread to exit.
Change-Id: I538cd17c102cb31b3212c794086a9c2baedb4b14
Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
[skrovvid@codeaurora.org: kthread_should_stop api call is avoided]
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
