Home Explore Help
Sign In
ichrin
/
kernel_samsung_msm8974
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 28f60d33cb
Branches Tags
kernel_samsu...
/
net
/
bluetooth
/
amp.c

amp.c 50 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042 
  1. /*
    2. 

  2.    Copyright (c) 2010-2012 The Linux Foundation.  All rights reserved.
    3. 

  3. 

  4.    This program is free software; you can redistribute it and/or modify
    5. 

  5.    it under the terms of the GNU General Public License version 2 and
    6. 

  6.    only version 2 as published by the Free Software Foundation.
    7. 

  7. 

  8.    This program is distributed in the hope that it will be useful,
    9. 

  9.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11. 

  11.    GNU General Public License for more details.
    12. 

  12. */
    13. 

  13. 

  14. #include <linux/interrupt.h>
    15. 

  15. #include <linux/module.h>
    16. 

  16. #include <linux/types.h>
    17. 

  17. #include <linux/errno.h>
    18. 

  18. #include <linux/kernel.h>
    19. 

  19. 

  20. #include <linux/skbuff.h>
    21. 

  21. #include <linux/list.h>
    22. 

  22. #include <linux/workqueue.h>
    23. 

  23. #include <linux/timer.h>
    24. 

  24. 

  25. #include <linux/crypto.h>
    26. 

  26. #include <linux/scatterlist.h>
    27. 

  27. #include <linux/err.h>
    28. 

  28. #include <crypto/hash.h>
    29. 

  29. 

  30. #include <net/bluetooth/bluetooth.h>
    31. 

  31. #include <net/bluetooth/hci_core.h>
    32. 

  32. #include <net/bluetooth/l2cap.h>
    33. 

  33. #include <net/bluetooth/amp.h>
    34. 

  34. 

  35. static struct workqueue_struct *amp_workqueue;
    36. 

  36. 

  37. LIST_HEAD(amp_mgr_list);
    38. 

  38. DEFINE_RWLOCK(amp_mgr_list_lock);
    39. 

  39. 

  40. static int send_a2mp(struct socket *sock, u8 *data, int len);
    41. 

  41. 

  42. static void ctx_timeout(unsigned long data);
    43. 

  43. 

  44. static void launch_ctx(struct amp_mgr *mgr);
    45. 

  45. static int execute_ctx(struct amp_ctx *ctx, u8 evt_type, void *data);
    46. 

  46. static int kill_ctx(struct amp_ctx *ctx);
    47. 

  47. static int cancel_ctx(struct amp_ctx *ctx);
    48. 

  48. 

  49. static struct socket *open_fixed_channel(bdaddr_t *src, bdaddr_t *dst);
    50. 

  50. 

  51. static void remove_amp_mgr(struct amp_mgr *mgr)
    52. 

  52. {
    53. 

  53. 	BT_DBG("mgr %p", mgr);
    54. 

  54. 

  55. 	write_lock(&amp_mgr_list_lock);
    56. 

  56. 	list_del(&mgr->list);
    57. 

  57. 	write_unlock(&amp_mgr_list_lock);
    58. 

  58. 

  59. 	read_lock(&mgr->ctx_list_lock);
    60. 

  60. 	while (!list_empty(&mgr->ctx_list)) {
    61. 

  61. 		struct amp_ctx *ctx;
    62. 

  62. 		ctx = list_first_entry(&mgr->ctx_list, struct amp_ctx, list);
    63. 

  63. 		read_unlock(&mgr->ctx_list_lock);
    64. 

  64. 		BT_DBG("kill ctx %p", ctx);
    65. 

  65. 		kill_ctx(ctx);
    66. 

  66. 		read_lock(&mgr->ctx_list_lock);
    67. 

  67. 	}
    68. 

  68. 	read_unlock(&mgr->ctx_list_lock);
    69. 

  69. 

  70. 	kfree(mgr->ctrls);
    71. 

  71. 

  72. 	kfree(mgr);
    73. 

  73. }
    74. 

  74. 

  75. static struct amp_mgr *get_amp_mgr_sk(struct sock *sk)
    76. 

  76. {
    77. 

  77. 	struct amp_mgr *mgr;
    78. 

  78. 	struct amp_mgr *found = NULL;
    79. 

  79. 

  80. 	read_lock(&amp_mgr_list_lock);
    81. 

  81. 	list_for_each_entry(mgr, &amp_mgr_list, list) {
    82. 

  82. 		if ((mgr->a2mp_sock) && (mgr->a2mp_sock->sk == sk)) {
    83. 

  83. 			found = mgr;
    84. 

  84. 			break;
    85. 

  85. 		}
    86. 

  86. 	}
    87. 

  87. 	read_unlock(&amp_mgr_list_lock);
    88. 

  88. 	return found;
    89. 

  89. }
    90. 

  90. 

  91. static struct amp_mgr *get_create_amp_mgr(struct hci_conn *hcon,
    92. 

  92. 						struct sk_buff *skb)
    93. 

  93. {
    94. 

  94. 	struct amp_mgr *mgr;
    95. 

  95. 

  96. 	write_lock(&amp_mgr_list_lock);
    97. 

  97. 	list_for_each_entry(mgr, &amp_mgr_list, list) {
    98. 

  98. 		if (mgr->l2cap_conn == hcon->l2cap_data) {
    99. 

  99. 			BT_DBG("found %p", mgr);
    100. 

  100. 			write_unlock(&amp_mgr_list_lock);
    101. 

  101. 			goto gc_finished;
    102. 

  102. 		}
    103. 

  103. 	}
    104. 

  104. 	write_unlock(&amp_mgr_list_lock);
    105. 

  105. 

  106. 	mgr = kzalloc(sizeof(*mgr), GFP_ATOMIC);
    107. 

  107. 	if (!mgr)
    108. 

  108. 		return NULL;
    109. 

  109. 

  110. 	mgr->l2cap_conn = hcon->l2cap_data;
    111. 

  111. 	mgr->next_ident = 1;
    112. 

  112. 	INIT_LIST_HEAD(&mgr->ctx_list);
    113. 

  113. 	rwlock_init(&mgr->ctx_list_lock);
    114. 

  114. 	mgr->skb = skb;
    115. 

  115. 	BT_DBG("hcon %p mgr %p", hcon, mgr);
    116. 

  116. 	mgr->a2mp_sock = open_fixed_channel(&hcon->hdev->bdaddr, &hcon->dst);
    117. 

  117. 	if (!mgr->a2mp_sock) {
    118. 

  118. 		kfree(mgr);
    119. 

  119. 		return NULL;
    120. 

  120. 	}
    121. 

  121. 	write_lock(&amp_mgr_list_lock);
    122. 

  122. 	list_add(&(mgr->list), &amp_mgr_list);
    123. 

  123. 	write_unlock(&amp_mgr_list_lock);
    124. 

  124. 

  125. gc_finished:
    126. 

  126. 	return mgr;
    127. 

  127. }
    128. 

  128. 

  129. static struct amp_ctrl *get_ctrl(struct amp_mgr *mgr, u8 remote_id)
    130. 

  130. {
    131. 

  131. 	if ((mgr->ctrls) && (mgr->ctrls->id == remote_id))
    132. 

  132. 		return mgr->ctrls;
    133. 

  133. 	else
    134. 

  134. 		return NULL;
    135. 

  135. }
    136. 

  136. 

  137. static struct amp_ctrl *get_create_ctrl(struct amp_mgr *mgr, u8 id)
    138. 

  138. {
    139. 

  139. 	struct amp_ctrl *ctrl;
    140. 

  140. 

  141. 	BT_DBG("mgr %p, id %d", mgr, id);
    142. 

  142. 	if ((mgr->ctrls) && (mgr->ctrls->id == id))
    143. 

  143. 		ctrl = mgr->ctrls;
    144. 

  144. 	else {
    145. 

  145. 		kfree(mgr->ctrls);
    146. 

  146. 		ctrl = kzalloc(sizeof(struct amp_ctrl), GFP_ATOMIC);
    147. 

  147. 		if (ctrl) {
    148. 

  148. 			ctrl->mgr = mgr;
    149. 

  149. 			ctrl->id = id;
    150. 

  150. 		}
    151. 

  151. 		mgr->ctrls = ctrl;
    152. 

  152. 	}
    153. 

  153. 

  154. 	return ctrl;
    155. 

  155. }
    156. 

  156. 

  157. static struct amp_ctx *create_ctx(u8 type, u8 state)
    158. 

  158. {
    159. 

  159. 	struct amp_ctx *ctx = NULL;
    160. 

  160. 

  161. 	ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
    162. 

  162. 	if (ctx) {
    163. 

  163. 		ctx->type = type;
    164. 

  164. 		ctx->state = state;
    165. 

  165. 		init_timer(&(ctx->timer));
    166. 

  166. 		ctx->timer.function = ctx_timeout;
    167. 

  167. 		ctx->timer.data = (unsigned long) ctx;
    168. 

  168. 	}
    169. 

  169. 	BT_DBG("ctx %p, type %d", ctx, type);
    170. 

  170. 	return ctx;
    171. 

  171. }
    172. 

  172. 

  173. static inline void start_ctx(struct amp_mgr *mgr, struct amp_ctx *ctx)
    174. 

  174. {
    175. 

  175. 	BT_DBG("ctx %p", ctx);
    176. 

  176. 	write_lock(&mgr->ctx_list_lock);
    177. 

  177. 	list_add(&ctx->list, &mgr->ctx_list);
    178. 

  178. 	write_unlock(&mgr->ctx_list_lock);
    179. 

  179. 	ctx->mgr = mgr;
    180. 

  180. 	execute_ctx(ctx, AMP_INIT, 0);
    181. 

  181. }
    182. 

  182. 

  183. static void destroy_ctx(struct amp_ctx *ctx)
    184. 

  184. {
    185. 

  185. 	struct amp_mgr *mgr = ctx->mgr;
    186. 

  186. 

  187. 	BT_DBG("ctx %p deferred %p", ctx, ctx->deferred);
    188. 

  188. 	del_timer(&ctx->timer);
    189. 

  189. 	write_lock(&mgr->ctx_list_lock);
    190. 

  190. 	list_del(&ctx->list);
    191. 

  191. 	write_unlock(&mgr->ctx_list_lock);
    192. 

  192. 	if (ctx->deferred)
    193. 

  193. 		execute_ctx(ctx->deferred, AMP_INIT, 0);
    194. 

  194. 	kfree(ctx);
    195. 

  195. }
    196. 

  196. 

  197. static struct amp_ctx *get_ctx_mgr(struct amp_mgr *mgr, u8 type)
    198. 

  198. {
    199. 

  199. 	struct amp_ctx *fnd = NULL;
    200. 

  200. 	struct amp_ctx *ctx;
    201. 

  201. 

  202. 	read_lock(&mgr->ctx_list_lock);
    203. 

  203. 	list_for_each_entry(ctx, &mgr->ctx_list, list) {
    204. 

  204. 		if (ctx->type == type) {
    205. 

  205. 			fnd = ctx;
    206. 

  206. 			break;
    207. 

  207. 		}
    208. 

  208. 	}
    209. 

  209. 	read_unlock(&mgr->ctx_list_lock);
    210. 

  210. 	return fnd;
    211. 

  211. }
    212. 

  212. 

  213. static struct amp_ctx *get_ctx_type(struct amp_ctx *cur, u8 type)
    214. 

  214. {
    215. 

  215. 	struct amp_mgr *mgr = cur->mgr;
    216. 

  216. 	struct amp_ctx *fnd = NULL;
    217. 

  217. 	struct amp_ctx *ctx;
    218. 

  218. 

  219. 	read_lock(&mgr->ctx_list_lock);
    220. 

  220. 	list_for_each_entry(ctx, &mgr->ctx_list, list) {
    221. 

  221. 		if ((ctx->type == type) && (ctx != cur)) {
    222. 

  222. 			fnd = ctx;
    223. 

  223. 			break;
    224. 

  224. 		}
    225. 

  225. 	}
    226. 

  226. 	read_unlock(&mgr->ctx_list_lock);
    227. 

  227. 	return fnd;
    228. 

  228. }
    229. 

  229. 

  230. static struct amp_ctx *get_ctx_a2mp(struct amp_mgr *mgr, u8 ident)
    231. 

  231. {
    232. 

  232. 	struct amp_ctx *fnd = NULL;
    233. 

  233. 	struct amp_ctx *ctx;
    234. 

  234. 

  235. 	read_lock(&mgr->ctx_list_lock);
    236. 

  236. 	list_for_each_entry(ctx, &mgr->ctx_list, list) {
    237. 

  237. 		if ((ctx->evt_type & AMP_A2MP_RSP) &&
    238. 

  238. 				(ctx->rsp_ident == ident)) {
    239. 

  239. 			fnd = ctx;
    240. 

  240. 			break;
    241. 

  241. 		}
    242. 

  242. 	}
    243. 

  243. 	read_unlock(&mgr->ctx_list_lock);
    244. 

  244. 	return fnd;
    245. 

  245. }
    246. 

  246. 

  247. static struct amp_ctx *get_ctx_hdev(struct hci_dev *hdev, u8 evt_type,
    248. 

  248. 					u16 evt_value)
    249. 

  249. {
    250. 

  250. 	struct amp_mgr *mgr;
    251. 

  251. 	struct amp_ctx *fnd = NULL;
    252. 

  252. 

  253. 	read_lock(&amp_mgr_list_lock);
    254. 

  254. 	list_for_each_entry(mgr, &amp_mgr_list, list) {
    255. 

  255. 		struct amp_ctx *ctx;
    256. 

  256. 		read_lock(&mgr->ctx_list_lock);
    257. 

  257. 		list_for_each_entry(ctx, &mgr->ctx_list, list) {
    258. 

  258. 			struct hci_dev *ctx_hdev;
    259. 

  259. 			ctx_hdev = hci_dev_get(ctx->id);
    260. 

  260. 			if ((ctx_hdev == hdev) && (ctx->evt_type & evt_type)) {
    261. 

  261. 				switch (evt_type) {
    262. 

  262. 				case AMP_HCI_CMD_STATUS:
    263. 

  263. 				case AMP_HCI_CMD_CMPLT:
    264. 

  264. 					if (ctx->opcode == evt_value)
    265. 

  265. 						fnd = ctx;
    266. 

  266. 					break;
    267. 

  267. 				case AMP_HCI_EVENT:
    268. 

  268. 					if (ctx->evt_code == (u8) evt_value)
    269. 

  269. 						fnd = ctx;
    270. 

  270. 					break;
    271. 

  271. 				}
    272. 

  272. 			}
    273. 

  273. 			if (ctx_hdev)
    274. 

  274. 				hci_dev_put(ctx_hdev);
    275. 

  275. 

  276. 			if (fnd)
    277. 

  277. 				break;
    278. 

  278. 		}
    279. 

  279. 		read_unlock(&mgr->ctx_list_lock);
    280. 

  280. 	}
    281. 

  281. 	read_unlock(&amp_mgr_list_lock);
    282. 

  282. 	return fnd;
    283. 

  283. }
    284. 

  284. 

  285. static inline u8 next_ident(struct amp_mgr *mgr)
    286. 

  286. {
    287. 

  287. 	if (++mgr->next_ident == 0)
    288. 

  288. 		mgr->next_ident = 1;
    289. 

  289. 	return mgr->next_ident;
    290. 

  290. }
    291. 

  291. 

  292. static inline void send_a2mp_cmd2(struct amp_mgr *mgr, u8 ident, u8 code,
    293. 

  293. 				u16 len, void *data, u16 len2, void *data2)
    294. 

  294. {
    295. 

  295. 	struct a2mp_cmd_hdr *hdr;
    296. 

  296. 	int plen;
    297. 

  297. 	u8 *p, *cmd;
    298. 

  298. 

  299. 	BT_DBG("ident %d code 0x%02x", ident, code);
    300. 

  300. 	if (!mgr->a2mp_sock)
    301. 

  301. 		return;
    302. 

  302. 	plen = sizeof(*hdr) + len + len2;
    303. 

  303. 	cmd = kzalloc(plen, GFP_ATOMIC);
    304. 

  304. 	if (!cmd)
    305. 

  305. 		return;
    306. 

  306. 	hdr = (struct a2mp_cmd_hdr *) cmd;
    307. 

  307. 	hdr->code  = code;
    308. 

  308. 	hdr->ident = ident;
    309. 

  309. 	hdr->len   = cpu_to_le16(len+len2);
    310. 

  310. 	p = cmd + sizeof(*hdr);
    311. 

  311. 	memcpy(p, data, len);
    312. 

  312. 	p += len;
    313. 

  313. 	memcpy(p, data2, len2);
    314. 

  314. 	send_a2mp(mgr->a2mp_sock, cmd, plen);
    315. 

  315. 	kfree(cmd);
    316. 

  316. }
    317. 

  317. 

  318. static inline void send_a2mp_cmd(struct amp_mgr *mgr, u8 ident,
    319. 

  319. 				u8 code, u16 len, void *data)
    320. 

  320. {
    321. 

  321. 	send_a2mp_cmd2(mgr, ident, code, len, data, 0, NULL);
    322. 

  322. }
    323. 

  323. 

  324. static inline int command_rej(struct amp_mgr *mgr, struct sk_buff *skb)
    325. 

  325. {
    326. 

  326. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    327. 

  327. 	struct a2mp_cmd_rej *rej;
    328. 

  328. 	struct amp_ctx *ctx;
    329. 

  329. 

  330. 	BT_DBG("ident %d code %d", hdr->ident, hdr->code);
    331. 

  331. 	rej = (struct a2mp_cmd_rej *) skb_pull(skb, sizeof(*hdr));
    332. 

  332. 	if (skb->len < sizeof(*rej))
    333. 

  333. 		return -EINVAL;
    334. 

  334. 	BT_DBG("reason %d", le16_to_cpu(rej->reason));
    335. 

  335. 	ctx = get_ctx_a2mp(mgr, hdr->ident);
    336. 

  336. 	if (ctx)
    337. 

  337. 		kill_ctx(ctx);
    338. 

  338. 	skb_pull(skb, sizeof(*rej));
    339. 

  339. 	return 0;
    340. 

  340. }
    341. 

  341. 

  342. static int send_a2mp_cl(struct amp_mgr *mgr, u8 ident, u8 code, u16 len,
    343. 

  343. 			void *msg)
    344. 

  344. {
    345. 

  345. 	struct a2mp_cl clist[16];
    346. 

  346. 	struct a2mp_cl *cl;
    347. 

  347. 	struct hci_dev *hdev;
    348. 

  348. 	int num_ctrls = 1, id;
    349. 

  349. 

  350. 	cl = clist;
    351. 

  351. 	cl->id  = 0;
    352. 

  352. 	cl->type = 0;
    353. 

  353. 	cl->status = 1;
    354. 

  354. 

  355. 	for (id = 0; id < 16; ++id) {
    356. 

  356. 		hdev = hci_dev_get(id);
    357. 

  357. 		if (hdev) {
    358. 

  358. 			if ((hdev->amp_type != HCI_BREDR) &&
    359. 

  359. 			test_bit(HCI_UP, &hdev->flags)) {
    360. 

  360. 				(cl + num_ctrls)->id  = hdev->id;
    361. 

  361. 				(cl + num_ctrls)->type = hdev->amp_type;
    362. 

  362. 				(cl + num_ctrls)->status = hdev->amp_status;
    363. 

  363. 				++num_ctrls;
    364. 

  364. 			}
    365. 

  365. 			hci_dev_put(hdev);
    366. 

  366. 		}
    367. 

  367. 	}
    368. 

  368. 	send_a2mp_cmd2(mgr, ident, code, len, msg,
    369. 

  369. 						num_ctrls*sizeof(*cl), clist);
    370. 

  370. 

  371. 	return 0;
    372. 

  372. }
    373. 

  373. 

  374. static void send_a2mp_change_notify(void)
    375. 

  375. {
    376. 

  376. 	struct amp_mgr *mgr;
    377. 

  377. 

  378. 	list_for_each_entry(mgr, &amp_mgr_list, list) {
    379. 

  379. 		if (mgr->discovered)
    380. 

  380. 			send_a2mp_cl(mgr, next_ident(mgr),
    381. 

  381. 					A2MP_CHANGE_NOTIFY, 0, NULL);
    382. 

  382. 	}
    383. 

  383. }
    384. 

  384. 

  385. static inline int discover_req(struct amp_mgr *mgr, struct sk_buff *skb)
    386. 

  386. {
    387. 

  387. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    388. 

  388. 	struct a2mp_discover_req *req;
    389. 

  389. 	u16 *efm;
    390. 

  390. 	struct a2mp_discover_rsp rsp;
    391. 

  391. 

  392. 	req = (struct a2mp_discover_req *) skb_pull(skb, sizeof(*hdr));
    393. 

  393. 	if (skb->len < sizeof(*req))
    394. 

  394. 		return -EINVAL;
    395. 

  395. 	efm = (u16 *) skb_pull(skb, sizeof(*req));
    396. 

  396. 

  397. 	BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(req->mtu),
    398. 

  398. 		le16_to_cpu(req->ext_feat));
    399. 

  399. 

  400. 	while (le16_to_cpu(req->ext_feat) & 0x8000) {
    401. 

  401. 		if (skb->len < sizeof(*efm))
    402. 

  402. 			return -EINVAL;
    403. 

  403. 		req->ext_feat = *efm;
    404. 

  404. 		BT_DBG("efm 0x%4.4x", le16_to_cpu(req->ext_feat));
    405. 

  405. 		efm = (u16 *) skb_pull(skb, sizeof(*efm));
    406. 

  406. 	}
    407. 

  407. 

  408. 	rsp.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
    409. 

  409. 	rsp.ext_feat = 0;
    410. 

  410. 

  411. 	mgr->discovered = 1;
    412. 

  412. 

  413. 	return send_a2mp_cl(mgr, hdr->ident, A2MP_DISCOVER_RSP,
    414. 

  414. 				sizeof(rsp), &rsp);
    415. 

  415. }
    416. 

  416. 

  417. static inline int change_notify(struct amp_mgr *mgr, struct sk_buff *skb)
    418. 

  418. {
    419. 

  419. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    420. 

  420. 	struct a2mp_cl *cl;
    421. 

  421. 

  422. 	cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*hdr));
    423. 

  423. 	while (skb->len >= sizeof(*cl)) {
    424. 

  424. 		struct amp_ctrl *ctrl;
    425. 

  425. 		if (cl->id != 0) {
    426. 

  426. 			ctrl = get_create_ctrl(mgr, cl->id);
    427. 

  427. 			if (ctrl != NULL) {
    428. 

  428. 				ctrl->type = cl->type;
    429. 

  429. 				ctrl->status = cl->status;
    430. 

  430. 			}
    431. 

  431. 		}
    432. 

  432. 		cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*cl));
    433. 

  433. 	}
    434. 

  434. 

  435. 	/* TODO find controllers in manager that were not on received */
    436. 

  436. 	/*      controller list and destroy them */
    437. 

  437. 	send_a2mp_cmd(mgr, hdr->ident, A2MP_CHANGE_RSP, 0, NULL);
    438. 

  438. 

  439. 	return 0;
    440. 

  440. }
    441. 

  441. 

  442. static inline int getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb)
    443. 

  443. {
    444. 

  444. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    445. 

  445. 	u8 *data;
    446. 

  446. 	int id;
    447. 

  447. 	struct hci_dev *hdev;
    448. 

  448. 	struct a2mp_getinfo_rsp rsp;
    449. 

  449. 

  450. 	data = (u8 *) skb_pull(skb, sizeof(*hdr));
    451. 

  451. 	if (le16_to_cpu(hdr->len) < sizeof(*data))
    452. 

  452. 		return -EINVAL;
    453. 

  453. 	if (skb->len < sizeof(*data))
    454. 

  454. 		return -EINVAL;
    455. 

  455. 	id = *data;
    456. 

  456. 	skb_pull(skb, sizeof(*data));
    457. 

  457. 	rsp.id = id;
    458. 

  458. 	rsp.status = 1;
    459. 

  459. 

  460. 	BT_DBG("id %d", id);
    461. 

  461. 	hdev = hci_dev_get(id);
    462. 

  462. 

  463. 	if (hdev && hdev->amp_type != HCI_BREDR) {
    464. 

  464. 		rsp.status = 0;
    465. 

  465. 		rsp.total_bw = cpu_to_le32(hdev->amp_total_bw);
    466. 

  466. 		rsp.max_bw = cpu_to_le32(hdev->amp_max_bw);
    467. 

  467. 		rsp.min_latency = cpu_to_le32(hdev->amp_min_latency);
    468. 

  468. 		rsp.pal_cap = cpu_to_le16(hdev->amp_pal_cap);
    469. 

  469. 		rsp.assoc_size = cpu_to_le16(hdev->amp_assoc_size);
    470. 

  470. 	}
    471. 

  471. 

  472. 	send_a2mp_cmd(mgr, hdr->ident, A2MP_GETINFO_RSP, sizeof(rsp), &rsp);
    473. 

  473. 

  474. 	if (hdev)
    475. 

  475. 		hci_dev_put(hdev);
    476. 

  476. 

  477. 	return 0;
    478. 

  478. }
    479. 

  479. 

  480. static void create_physical(struct l2cap_conn *conn, struct sock *sk)
    481. 

  481. {
    482. 

  482. 	struct amp_mgr *mgr;
    483. 

  483. 	struct amp_ctx *ctx = NULL;
    484. 

  484. 

  485. 	BT_DBG("conn %p", conn);
    486. 

  486. 	mgr = get_create_amp_mgr(conn->hcon, NULL);
    487. 

  487. 	if (!mgr)
    488. 

  488. 		goto cp_finished;
    489. 

  489. 	BT_DBG("mgr %p", mgr);
    490. 

  490. 	ctx = create_ctx(AMP_CREATEPHYSLINK, AMP_CPL_INIT);
    491. 

  491. 	if (!ctx)
    492. 

  492. 		goto cp_finished;
    493. 

  493. 	ctx->sk = sk;
    494. 

  494. 	sock_hold(sk);
    495. 

  495. 	start_ctx(mgr, ctx);
    496. 

  496. 	return;
    497. 

  497. 

  498. cp_finished:
    499. 

  499. 	l2cap_amp_physical_complete(-ENOMEM, 0, 0, sk);
    500. 

  500. }
    501. 

  501. 

  502. static void accept_physical(struct l2cap_conn *lcon, u8 id, struct sock *sk)
    503. 

  503. {
    504. 

  504. 	struct amp_mgr *mgr;
    505. 

  505. 	struct hci_dev *hdev;
    506. 

  506. 	struct hci_conn *conn;
    507. 

  507. 	struct amp_ctx *aplctx = NULL;
    508. 

  508. 	u8 remote_id = 0;
    509. 

  509. 	int result = -EINVAL;
    510. 

  510. 

  511. 	BT_DBG("lcon %p", lcon);
    512. 

  512. 	hdev = hci_dev_get(id);
    513. 

  513. 	if (!hdev)
    514. 

  514. 		goto ap_finished;
    515. 

  515. 	BT_DBG("hdev %p", hdev);
    516. 

  516. 	mgr = get_create_amp_mgr(lcon->hcon, NULL);
    517. 

  517. 	if (!mgr)
    518. 

  518. 		goto ap_finished;
    519. 

  519. 	BT_DBG("mgr %p", mgr);
    520. 

  520. 	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
    521. 

  521. 					&mgr->l2cap_conn->hcon->dst);
    522. 

  522. 	if (conn) {
    523. 

  523. 		BT_DBG("conn %p", hdev);
    524. 

  524. 		result = 0;
    525. 

  525. 		remote_id = conn->dst_id;
    526. 

  526. 		goto ap_finished;
    527. 

  527. 	}
    528. 

  528. 	aplctx = get_ctx_mgr(mgr, AMP_ACCEPTPHYSLINK);
    529. 

  529. 	if (!aplctx)
    530. 

  530. 		goto ap_finished;
    531. 

  531. 	aplctx->sk = sk;
    532. 

  532. 	sock_hold(sk);
    533. 

  533. 	return;
    534. 

  534. 

  535. ap_finished:
    536. 

  536. 	if (hdev)
    537. 

  537. 		hci_dev_put(hdev);
    538. 

  538. 	l2cap_amp_physical_complete(result, id, remote_id, sk);
    539. 

  539. }
    540. 

  540. 

  541. static int getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb)
    542. 

  542. {
    543. 

  543. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    544. 

  544. 	struct amp_ctx *ctx;
    545. 

  545. 	struct a2mp_getampassoc_req *req;
    546. 

  546. 

  547. 	if (hdr->len < sizeof(*req))
    548. 

  548. 		return -EINVAL;
    549. 

  549. 	req = (struct a2mp_getampassoc_req *) skb_pull(skb, sizeof(*hdr));
    550. 

  550. 	skb_pull(skb, sizeof(*req));
    551. 

  551. 

  552. 	ctx = create_ctx(AMP_GETAMPASSOC, AMP_GAA_INIT);
    553. 

  553. 	if (!ctx)
    554. 

  554. 		return -ENOMEM;
    555. 

  555. 	ctx->id = req->id;
    556. 

  556. 	ctx->d.gaa.req_ident = hdr->ident;
    557. 

  557. 	ctx->hdev = hci_dev_get(ctx->id);
    558. 

  558. 	if (ctx->hdev)
    559. 

  559. 		ctx->d.gaa.assoc = kmalloc(ctx->hdev->amp_assoc_size,
    560. 

  560. 						GFP_ATOMIC);
    561. 

  561. 	start_ctx(mgr, ctx);
    562. 

  562. 	return 0;
    563. 

  563. }
    564. 

  564. 

  565. static u8 getampassoc_handler(struct amp_ctx *ctx, u8 evt_type, void *data)
    566. 

  566. {
    567. 

  567. 	struct sk_buff *skb = (struct sk_buff *) data;
    568. 

  568. 	struct hci_cp_read_local_amp_assoc cp;
    569. 

  569. 	struct hci_rp_read_local_amp_assoc *rp;
    570. 

  570. 	struct a2mp_getampassoc_rsp rsp;
    571. 

  571. 	u16 rem_len;
    572. 

  572. 	u16 frag_len;
    573. 

  573. 

  574. 	rsp.status = 1;
    575. 

  575. 	if ((evt_type == AMP_KILLED) || (!ctx->hdev) || (!ctx->d.gaa.assoc))
    576. 

  576. 		goto gaa_finished;
    577. 

  577. 

  578. 	switch (ctx->state) {
    579. 

  579. 	case AMP_GAA_INIT:
    580. 

  580. 		ctx->state = AMP_GAA_RLAA_COMPLETE;
    581. 

  581. 		ctx->evt_type = AMP_HCI_CMD_CMPLT;
    582. 

  582. 		ctx->opcode = HCI_OP_READ_LOCAL_AMP_ASSOC;
    583. 

  583. 		ctx->d.gaa.len_so_far = 0;
    584. 

  584. 		cp.phy_handle = 0;
    585. 

  585. 		cp.len_so_far = 0;
    586. 

  586. 		cp.max_len = ctx->hdev->amp_assoc_size;
    587. 

  587. 		hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(cp), &cp);
    588. 

  588. 		break;
    589. 

  589. 

  590. 	case AMP_GAA_RLAA_COMPLETE:
    591. 

  591. 		if (skb->len < 4)
    592. 

  592. 			goto gaa_finished;
    593. 

  593. 		rp = (struct hci_rp_read_local_amp_assoc *) skb->data;
    594. 

  594. 		if (rp->status)
    595. 

  595. 			goto gaa_finished;
    596. 

  596. 		rem_len = le16_to_cpu(rp->rem_len);
    597. 

  597. 		skb_pull(skb, 4);
    598. 

  598. 		frag_len = skb->len;
    599. 

  599. 

  600. 		if (ctx->d.gaa.len_so_far + rem_len <=
    601. 

  601. 				ctx->hdev->amp_assoc_size) {
    602. 

  602. 			struct hci_cp_read_local_amp_assoc cp;
    603. 

  603. 			u8 *assoc = ctx->d.gaa.assoc + ctx->d.gaa.len_so_far;
    604. 

  604. 			memcpy(assoc, rp->frag, frag_len);
    605. 

  605. 			ctx->d.gaa.len_so_far += rem_len;
    606. 

  606. 			rem_len -= frag_len;
    607. 

  607. 			if (rem_len == 0) {
    608. 

  608. 				rsp.status = 0;
    609. 

  609. 				goto gaa_finished;
    610. 

  610. 			}
    611. 

  611. 			/* more assoc data to read */
    612. 

  612. 			cp.phy_handle = 0;
    613. 

  613. 			cp.len_so_far = ctx->d.gaa.len_so_far;
    614. 

  614. 			cp.max_len = ctx->hdev->amp_assoc_size;
    615. 

  615. 			hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(cp), &cp);
    616. 

  616. 		}
    617. 

  617. 		break;
    618. 

  618. 

  619. 	default:
    620. 

  620. 		goto gaa_finished;
    621. 

  621. 		break;
    622. 

  622. 	}
    623. 

  623. 	return 0;
    624. 

  624. 

  625. gaa_finished:
    626. 

  626. 	rsp.id = ctx->id;
    627. 

  627. 	send_a2mp_cmd2(ctx->mgr, ctx->d.gaa.req_ident, A2MP_GETAMPASSOC_RSP,
    628. 

  628. 			sizeof(rsp), &rsp,
    629. 

  629. 			ctx->d.gaa.len_so_far, ctx->d.gaa.assoc);
    630. 

  630. 	kfree(ctx->d.gaa.assoc);
    631. 

  631. 	if (ctx->hdev)
    632. 

  632. 		hci_dev_put(ctx->hdev);
    633. 

  633. 	return 1;
    634. 

  634. }
    635. 

  635. 

  636. struct hmac_sha256_result {
    637. 

  637. 	struct completion completion;
    638. 

  638. 	int err;
    639. 

  639. };
    640. 

  640. 

  641. static void hmac_sha256_final(struct crypto_async_request *req, int err)
    642. 

  642. {
    643. 

  643. 	struct hmac_sha256_result *r = req->data;
    644. 

  644. 	if (err == -EINPROGRESS)
    645. 

  645. 		return;
    646. 

  646. 	r->err = err;
    647. 

  647. 	complete(&r->completion);
    648. 

  648. }
    649. 

  649. 

  650. int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize,
    651. 

  651. 		u8 *output, u8 outlen)
    652. 

  652. {
    653. 

  653. 	int ret = 0;
    654. 

  654. 	struct crypto_ahash *tfm;
    655. 

  655. 	struct scatterlist sg;
    656. 

  656. 	struct ahash_request *req;
    657. 

  657. 	struct hmac_sha256_result tresult;
    658. 

  658. 	void *hash_buff = NULL;
    659. 

  659. 

  660. 	unsigned char hash_result[64];
    661. 

  661. 	int i;
    662. 

  662. 

  663. 	memset(output, 0, outlen);
    664. 

  664. 

  665. 	init_completion(&tresult.completion);
    666. 

  666. 

  667. 	tfm = crypto_alloc_ahash("hmac(sha256)", CRYPTO_ALG_TYPE_AHASH,
    668. 

  668. 				CRYPTO_ALG_TYPE_AHASH_MASK);
    669. 

  669. 	if (IS_ERR(tfm)) {
    670. 

  670. 		BT_DBG("crypto_alloc_ahash failed");
    671. 

  671. 		ret = PTR_ERR(tfm);
    672. 

  672. 		goto err_tfm;
    673. 

  673. 	}
    674. 

  674. 

  675. 	req = ahash_request_alloc(tfm, GFP_KERNEL);
    676. 

  676. 	if (!req) {
    677. 

  677. 		BT_DBG("failed to allocate request for hmac(sha256)");
    678. 

  678. 		ret = -ENOMEM;
    679. 

  679. 		goto err_req;
    680. 

  680. 	}
    681. 

  681. 

  682. 	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
    683. 

  683. 					hmac_sha256_final, &tresult);
    684. 

  684. 

  685. 	hash_buff = kzalloc(psize, GFP_KERNEL);
    686. 

  686. 	if (!hash_buff) {
    687. 

  687. 		BT_DBG("failed to kzalloc hash_buff");
    688. 

  688. 		ret = -ENOMEM;
    689. 

  689. 		goto err_hash_buf;
    690. 

  690. 	}
    691. 

  691. 

  692. 	memset(hash_result, 0, 64);
    693. 

  693. 	memcpy(hash_buff, plaintext, psize);
    694. 

  694. 	sg_init_one(&sg, hash_buff, psize);
    695. 

  695. 

  696. 	if (ksize) {
    697. 

  697. 		crypto_ahash_clear_flags(tfm, ~0);
    698. 

  698. 		ret = crypto_ahash_setkey(tfm, key, ksize);
    699. 

  699. 

  700. 		if (ret) {
    701. 

  701. 			BT_DBG("crypto_ahash_setkey failed");
    702. 

  702. 			goto err_setkey;
    703. 

  703. 		}
    704. 

  704. 	}
    705. 

  705. 

  706. 	ahash_request_set_crypt(req, &sg, hash_result, psize);
    707. 

  707. 	ret = crypto_ahash_digest(req);
    708. 

  708. 

  709. 	BT_DBG("ret 0x%x", ret);
    710. 

  710. 

  711. 	switch (ret) {
    712. 

  712. 	case 0:
    713. 

  713. 		for (i = 0; i < outlen; i++)
    714. 

  714. 			output[i] = hash_result[i];
    715. 

  715. 		break;
    716. 

  716. 	case -EINPROGRESS:
    717. 

  717. 	case -EBUSY:
    718. 

  718. 		ret = wait_for_completion_interruptible(&tresult.completion);
    719. 

  719. 		if (!ret && !tresult.err) {
    720. 

  720. 			INIT_COMPLETION(tresult.completion);
    721. 

  721. 			break;
    722. 

  722. 		} else {
    723. 

  723. 			BT_DBG("wait_for_completion_interruptible failed");
    724. 

  724. 			if (!ret)
    725. 

  725. 				ret = tresult.err;
    726. 

  726. 			goto out;
    727. 

  727. 		}
    728. 

  728. 	default:
    729. 

  729. 		goto out;
    730. 

  730. 	}
    731. 

  731. 

  732. out:
    733. 

  733. err_setkey:
    734. 

  734. 	kfree(hash_buff);
    735. 

  735. err_hash_buf:
    736. 

  736. 	ahash_request_free(req);
    737. 

  737. err_req:
    738. 

  738. 	crypto_free_ahash(tfm);
    739. 

  739. err_tfm:
    740. 

  740. 	return ret;
    741. 

  741. }
    742. 

  742. 

  743. static void show_key(u8 *k)
    744. 

  744. {
    745. 

  745. 	int i = 0;
    746. 

  746. 	for (i = 0; i < 32; i += 8)
    747. 

  747. 		BT_DBG("    %02x %02x %02x %02x %02x %02x %02x %02x",
    748. 

  748. 				*(k+i+0), *(k+i+1), *(k+i+2), *(k+i+3),
    749. 

  749. 				*(k+i+4), *(k+i+5), *(k+i+6), *(k+i+7));
    750. 

  750. }
    751. 

  751. 

  752. static int physlink_security(struct hci_conn *conn, u8 *data, u8 *len, u8 *type)
    753. 

  753. {
    754. 

  754. 	u8 bt2_key[32];
    755. 

  755. 	u8 gamp_key[32];
    756. 

  756. 	u8 b802_key[32];
    757. 

  757. 	int result;
    758. 

  758. 

  759. 	if (!hci_conn_check_link_mode(conn))
    760. 

  760. 		return -EACCES;
    761. 

  761. 

  762. 	BT_DBG("key_type %d", conn->key_type);
    763. 

  763. 	if (conn->key_type < 3)
    764. 

  764. 		return -EACCES;
    765. 

  765. 

  766. 	*type = conn->key_type;
    767. 

  767. 	*len = 32;
    768. 

  768. 	memcpy(&bt2_key[0], conn->link_key, 16);
    769. 

  769. 	memcpy(&bt2_key[16], conn->link_key, 16);
    770. 

  770. 	result = hmac_sha256(bt2_key, 32, "gamp", 4, gamp_key, 32);
    771. 

  771. 	if (result)
    772. 

  772. 		goto ps_finished;
    773. 

  773. 

  774. 	if (conn->key_type == 3) {
    775. 

  775. 		BT_DBG("gamp_key");
    776. 

  776. 		show_key(gamp_key);
    777. 

  777. 		memcpy(data, gamp_key, 32);
    778. 

  778. 		goto ps_finished;
    779. 

  779. 	}
    780. 

  780. 

  781. 	result = hmac_sha256(gamp_key, 32, "802b", 4, b802_key, 32);
    782. 

  782. 	if (result)
    783. 

  783. 		goto ps_finished;
    784. 

  784. 

  785. 	BT_DBG("802b_key");
    786. 

  786. 	show_key(b802_key);
    787. 

  787. 	memcpy(data, b802_key, 32);
    788. 

  788. 

  789. ps_finished:
    790. 

  790. 	return result;
    791. 

  791. }
    792. 

  792. 

  793. static u8 amp_next_handle;
    794. 

  794. static inline u8 physlink_handle(struct hci_dev *hdev)
    795. 

  795. {
    796. 

  796. 	/* TODO amp_next_handle should be part of hci_dev */
    797. 

  797. 	if (amp_next_handle == 0)
    798. 

  798. 		amp_next_handle = 1;
    799. 

  799. 	return amp_next_handle++;
    800. 

  800. }
    801. 

  801. 

  802. /* Start an Accept Physical Link sequence */
    803. 

  803. static int createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb)
    804. 

  804. {
    805. 

  805. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    806. 

  806. 	struct amp_ctx *ctx = NULL;
    807. 

  807. 	struct a2mp_createphyslink_req *req;
    808. 

  808. 

  809. 	if (hdr->len < sizeof(*req))
    810. 

  810. 		return -EINVAL;
    811. 

  811. 	req = (struct a2mp_createphyslink_req *) skb_pull(skb, sizeof(*hdr));
    812. 

  812. 	skb_pull(skb, sizeof(*req));
    813. 

  813. 	BT_DBG("local_id %d, remote_id %d", req->local_id, req->remote_id);
    814. 

  814. 

  815. 	/* initialize the context */
    816. 

  816. 	ctx = create_ctx(AMP_ACCEPTPHYSLINK, AMP_APL_INIT);
    817. 

  817. 	if (!ctx)
    818. 

  818. 		return -ENOMEM;
    819. 

  819. 	ctx->d.apl.req_ident = hdr->ident;
    820. 

  820. 	ctx->d.apl.remote_id = req->local_id;
    821. 

  821. 	ctx->id = req->remote_id;
    822. 

  822. 

  823. 	/* add the supplied remote assoc to the context */
    824. 

  824. 	ctx->d.apl.remote_assoc = kmalloc(skb->len, GFP_ATOMIC);
    825. 

  825. 	if (ctx->d.apl.remote_assoc)
    826. 

  826. 		memcpy(ctx->d.apl.remote_assoc, skb->data, skb->len);
    827. 

  827. 	ctx->d.apl.len_so_far = 0;
    828. 

  828. 	ctx->d.apl.rem_len = skb->len;
    829. 

  829. 	skb_pull(skb, skb->len);
    830. 

  830. 	ctx->hdev = hci_dev_get(ctx->id);
    831. 

  831. 	start_ctx(mgr, ctx);
    832. 

  832. 	return 0;
    833. 

  833. }
    834. 

  834. 

  835. static u8 acceptphyslink_handler(struct amp_ctx *ctx, u8 evt_type, void *data)
    836. 

  836. {
    837. 

  837. 	struct sk_buff *skb = data;
    838. 

  838. 	struct hci_cp_accept_phys_link acp;
    839. 

  839. 	struct hci_cp_write_remote_amp_assoc wcp;
    840. 

  840. 	struct hci_rp_write_remote_amp_assoc *wrp;
    841. 

  841. 	struct hci_ev_cmd_status *cs = data;
    842. 

  842. 	struct hci_ev_phys_link_complete *ev;
    843. 

  843. 	struct a2mp_createphyslink_rsp rsp;
    844. 

  844. 	struct amp_ctx *cplctx;
    845. 

  845. 	struct amp_ctx *aplctx;
    846. 

  846. 	u16 frag_len;
    847. 

  847. 	struct hci_conn *conn;
    848. 

  848. 	int result;
    849. 

  849. 

  850. 	BT_DBG("state %d", ctx->state);
    851. 

  851. 	result = -EINVAL;
    852. 

  852. 	rsp.status = 1;        /* Invalid Controller ID */
    853. 

  853. 	if (!ctx->hdev || !test_bit(HCI_UP, &ctx->hdev->flags))
    854. 

  854. 		goto apl_finished;
    855. 

  855. 	if (evt_type == AMP_KILLED) {
    856. 

  856. 		result = -EAGAIN;
    857. 

  857. 		rsp.status = 4;        /* Disconnect request received */
    858. 

  858. 		goto apl_finished;
    859. 

  859. 	}
    860. 

  860. 	if (!ctx->d.apl.remote_assoc) {
    861. 

  861. 		result = -ENOMEM;
    862. 

  862. 		rsp.status = 2;        /* Unable to Start */
    863. 

  863. 		goto apl_finished;
    864. 

  864. 	}
    865. 

  865. 

  866. 	switch (ctx->state) {
    867. 

  867. 	case AMP_APL_INIT:
    868. 

  868. 		BT_DBG("local_id %d, remote_id %d",
    869. 

  869. 			ctx->id, ctx->d.apl.remote_id);
    870. 

  870. 		conn = hci_conn_hash_lookup_id(ctx->hdev,
    871. 

  871. 					&ctx->mgr->l2cap_conn->hcon->dst,
    872. 

  872. 					ctx->d.apl.remote_id);
    873. 

  873. 		if (conn) {
    874. 

  874. 			result = -EEXIST;
    875. 

  875. 			rsp.status = 5;   /* Already Exists */
    876. 

  876. 			goto apl_finished;
    877. 

  877. 		}
    878. 

  878. 

  879. 		aplctx = get_ctx_type(ctx, AMP_ACCEPTPHYSLINK);
    880. 

  880. 		if ((aplctx) &&
    881. 

  881. 			(aplctx->d.cpl.remote_id == ctx->d.apl.remote_id)) {
    882. 

  882. 			BT_DBG("deferred to %p", aplctx);
    883. 

  883. 			aplctx->deferred = ctx;
    884. 

  884. 			break;
    885. 

  885. 		}
    886. 

  886. 

  887. 		cplctx = get_ctx_type(ctx, AMP_CREATEPHYSLINK);
    888. 

  888. 		if ((cplctx) &&
    889. 

  889. 			(cplctx->d.cpl.remote_id == ctx->d.apl.remote_id)) {
    890. 

  890. 			struct hci_conn *bcon = ctx->mgr->l2cap_conn->hcon;
    891. 

  891. 			BT_DBG("local %s remote %s",
    892. 

  892. 				batostr(&bcon->hdev->bdaddr),
    893. 

  893. 				batostr(&bcon->dst));
    894. 

  894. 			if ((cplctx->state < AMP_CPL_PL_COMPLETE) ||
    895. 

  895. 				(bacmp(&bcon->hdev->bdaddr, &bcon->dst) < 0)) {
    896. 

  896. 				BT_DBG("COLLISION LOSER");
    897. 

  897. 				cplctx->deferred = ctx;
    898. 

  898. 				cancel_ctx(cplctx);
    899. 

  899. 				break;
    900. 

  900. 			} else {
    901. 

  901. 				BT_DBG("COLLISION WINNER");
    902. 

  902. 				result = -EISCONN;
    903. 

  903. 				rsp.status = 3;    /* Collision */
    904. 

  904. 				goto apl_finished;
    905. 

  905. 			}
    906. 

  906. 		}
    907. 

  907. 

  908. 		result = physlink_security(ctx->mgr->l2cap_conn->hcon, acp.data,
    909. 

  909. 						&acp.key_len, &acp.type);
    910. 

  910. 		if (result) {
    911. 

  911. 			BT_DBG("SECURITY");
    912. 

  912. 			rsp.status = 6;    /* Security Violation */
    913. 

  913. 			goto apl_finished;
    914. 

  914. 		}
    915. 

  915. 

  916. 		ctx->d.apl.phy_handle = physlink_handle(ctx->hdev);
    917. 

  917. 		ctx->state = AMP_APL_APL_STATUS;
    918. 

  918. 		ctx->evt_type = AMP_HCI_CMD_STATUS;
    919. 

  919. 		ctx->opcode = HCI_OP_ACCEPT_PHYS_LINK;
    920. 

  920. 		acp.phy_handle = ctx->d.apl.phy_handle;
    921. 

  921. 		hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(acp), &acp);
    922. 

  922. 		break;
    923. 

  923. 

  924. 	case AMP_APL_APL_STATUS:
    925. 

  925. 		if (cs->status != 0)
    926. 

  926. 			goto apl_finished;
    927. 

  927. 		/* PAL will accept link, send a2mp response */
    928. 

  928. 		rsp.local_id = ctx->id;
    929. 

  929. 		rsp.remote_id = ctx->d.apl.remote_id;
    930. 

  930. 		rsp.status = 0;
    931. 

  931. 		send_a2mp_cmd(ctx->mgr, ctx->d.apl.req_ident,
    932. 

  932. 				A2MP_CREATEPHYSLINK_RSP, sizeof(rsp), &rsp);
    933. 

  933. 

  934. 		/* send the first assoc fragment */
    935. 

  935. 		wcp.phy_handle = ctx->d.apl.phy_handle;
    936. 

  936. 		wcp.len_so_far = cpu_to_le16(ctx->d.apl.len_so_far);
    937. 

  937. 		wcp.rem_len = cpu_to_le16(ctx->d.apl.rem_len);
    938. 

  938. 		frag_len = min_t(u16, 248, ctx->d.apl.rem_len);
    939. 

  939. 		memcpy(wcp.frag, ctx->d.apl.remote_assoc, frag_len);
    940. 

  940. 		ctx->state = AMP_APL_WRA_COMPLETE;
    941. 

  941. 		ctx->evt_type = AMP_HCI_CMD_CMPLT;
    942. 

  942. 		ctx->opcode = HCI_OP_WRITE_REMOTE_AMP_ASSOC;
    943. 

  943. 		hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
    944. 

  944. 		break;
    945. 

  945. 

  946. 	case AMP_APL_WRA_COMPLETE:
    947. 

  947. 		/* received write remote amp assoc command complete event */
    948. 

  948. 		wrp = (struct hci_rp_write_remote_amp_assoc *) skb->data;
    949. 

  949. 		if (wrp->status != 0)
    950. 

  950. 			goto apl_finished;
    951. 

  951. 		if (wrp->phy_handle != ctx->d.apl.phy_handle)
    952. 

  952. 			goto apl_finished;
    953. 

  953. 		/* update progress */
    954. 

  954. 		frag_len = min_t(u16, 248, ctx->d.apl.rem_len);
    955. 

  955. 		ctx->d.apl.len_so_far += frag_len;
    956. 

  956. 		ctx->d.apl.rem_len -= frag_len;
    957. 

  957. 		if (ctx->d.apl.rem_len > 0) {
    958. 

  958. 			u8 *assoc;
    959. 

  959. 			/* another assoc fragment to send */
    960. 

  960. 			wcp.phy_handle = ctx->d.apl.phy_handle;
    961. 

  961. 			wcp.len_so_far = cpu_to_le16(ctx->d.apl.len_so_far);
    962. 

  962. 			wcp.rem_len = cpu_to_le16(ctx->d.apl.rem_len);
    963. 

  963. 			frag_len = min_t(u16, 248, ctx->d.apl.rem_len);
    964. 

  964. 			assoc = ctx->d.apl.remote_assoc + ctx->d.apl.len_so_far;
    965. 

  965. 			memcpy(wcp.frag, assoc, frag_len);
    966. 

  966. 			hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
    967. 

  967. 			break;
    968. 

  968. 		}
    969. 

  969. 		/* wait for physical link complete event */
    970. 

  970. 		ctx->state = AMP_APL_PL_COMPLETE;
    971. 

  971. 		ctx->evt_type = AMP_HCI_EVENT;
    972. 

  972. 		ctx->evt_code = HCI_EV_PHYS_LINK_COMPLETE;
    973. 

  973. 		break;
    974. 

  974. 

  975. 	case AMP_APL_PL_COMPLETE:
    976. 

  976. 		/* physical link complete event received */
    977. 

  977. 		if (skb->len < sizeof(*ev))
    978. 

  978. 			goto apl_finished;
    979. 

  979. 		ev = (struct hci_ev_phys_link_complete *) skb->data;
    980. 

  980. 		if (ev->phy_handle != ctx->d.apl.phy_handle)
    981. 

  981. 			break;
    982. 

  982. 		if (ev->status != 0)
    983. 

  983. 			goto apl_finished;
    984. 

  984. 		conn = hci_conn_hash_lookup_handle(ctx->hdev, ev->phy_handle);
    985. 

  985. 		if (!conn)
    986. 

  986. 			goto apl_finished;
    987. 

  987. 		result = 0;
    988. 

  988. 		BT_DBG("PL_COMPLETE phy_handle %x", ev->phy_handle);
    989. 

  989. 		conn->dst_id = ctx->d.apl.remote_id;
    990. 

  990. 		bacpy(&conn->dst, &ctx->mgr->l2cap_conn->hcon->dst);
    991. 

  991. 		goto apl_finished;
    992. 

  992. 		break;
    993. 

  993. 

  994. 	default:
    995. 

  995. 		goto apl_finished;
    996. 

  996. 		break;
    997. 

  997. 	}
    998. 

  998. 	return 0;
    999. 

  999. 

  1000. apl_finished:
    1001. 

  1001. 	if (ctx->sk)
    1002. 

  1002. 		l2cap_amp_physical_complete(result, ctx->id,
    1003. 

  1003. 					ctx->d.apl.remote_id, ctx->sk);
    1004. 

  1004. 	if ((result) && (ctx->state < AMP_APL_PL_COMPLETE)) {
    1005. 

  1005. 		rsp.local_id = ctx->id;
    1006. 

  1006. 		rsp.remote_id = ctx->d.apl.remote_id;
    1007. 

  1007. 		send_a2mp_cmd(ctx->mgr, ctx->d.apl.req_ident,
    1008. 

  1008. 				A2MP_CREATEPHYSLINK_RSP, sizeof(rsp), &rsp);
    1009. 

  1009. 	}
    1010. 

  1010. 	kfree(ctx->d.apl.remote_assoc);
    1011. 

  1011. 	if (ctx->sk)
    1012. 

  1012. 		sock_put(ctx->sk);
    1013. 

  1013. 	if (ctx->hdev)
    1014. 

  1014. 		hci_dev_put(ctx->hdev);
    1015. 

  1015. 	return 1;
    1016. 

  1016. }
    1017. 

  1017. 

  1018. static void cancel_cpl_ctx(struct amp_ctx *ctx, u8 reason)
    1019. 

  1019. {
    1020. 

  1020. 	struct hci_cp_disconn_phys_link dcp;
    1021. 

  1021. 

  1022. 	ctx->state = AMP_CPL_PL_CANCEL;
    1023. 

  1023. 	ctx->evt_type = AMP_HCI_EVENT;
    1024. 

  1024. 	ctx->evt_code = HCI_EV_DISCONN_PHYS_LINK_COMPLETE;
    1025. 

  1025. 	dcp.phy_handle = ctx->d.cpl.phy_handle;
    1026. 

  1026. 	dcp.reason = reason;
    1027. 

  1027. 	hci_send_cmd(ctx->hdev, HCI_OP_DISCONN_PHYS_LINK, sizeof(dcp), &dcp);
    1028. 

  1028. }
    1029. 

  1029. 

  1030. static u8 createphyslink_handler(struct amp_ctx *ctx, u8 evt_type, void *data)
    1031. 

  1031. {
    1032. 

  1032. 	struct amp_ctrl *ctrl;
    1033. 

  1033. 	struct sk_buff *skb = data;
    1034. 

  1034. 	struct a2mp_cmd_hdr *hdr;
    1035. 

  1035. 	struct hci_ev_cmd_status *cs = data;
    1036. 

  1036. 	struct amp_ctx *cplctx;
    1037. 

  1037. 	struct a2mp_discover_req dreq;
    1038. 

  1038. 	struct a2mp_discover_rsp *drsp;
    1039. 

  1039. 	u16 *efm;
    1040. 

  1040. 	struct a2mp_getinfo_req greq;
    1041. 

  1041. 	struct a2mp_getinfo_rsp *grsp;
    1042. 

  1042. 	struct a2mp_cl *cl;
    1043. 

  1043. 	struct a2mp_getampassoc_req areq;
    1044. 

  1044. 	struct a2mp_getampassoc_rsp *arsp;
    1045. 

  1045. 	struct hci_cp_create_phys_link cp;
    1046. 

  1046. 	struct hci_cp_write_remote_amp_assoc wcp;
    1047. 

  1047. 	struct hci_rp_write_remote_amp_assoc *wrp;
    1048. 

  1048. 	struct hci_ev_channel_selected *cev;
    1049. 

  1049. 	struct hci_cp_read_local_amp_assoc rcp;
    1050. 

  1050. 	struct hci_rp_read_local_amp_assoc *rrp;
    1051. 

  1051. 	struct a2mp_createphyslink_req creq;
    1052. 

  1052. 	struct a2mp_createphyslink_rsp *crsp;
    1053. 

  1053. 	struct hci_ev_phys_link_complete *pev;
    1054. 

  1054. 	struct hci_ev_disconn_phys_link_complete *dev;
    1055. 

  1055. 	u8 *assoc, *rassoc, *lassoc;
    1056. 

  1056. 	u16 frag_len;
    1057. 

  1057. 	u16 rem_len;
    1058. 

  1058. 	int result = -EAGAIN;
    1059. 

  1059. 	struct hci_conn *conn;
    1060. 

  1060. 

  1061. 	BT_DBG("state %d", ctx->state);
    1062. 

  1062. 	if (evt_type == AMP_KILLED)
    1063. 

  1063. 		goto cpl_finished;
    1064. 

  1064. 

  1065. 	if (evt_type == AMP_CANCEL) {
    1066. 

  1066. 		if ((ctx->state < AMP_CPL_CPL_STATUS) ||
    1067. 

  1067. 			((ctx->state == AMP_CPL_PL_COMPLETE) &&
    1068. 

  1068. 			!(ctx->evt_type & AMP_HCI_EVENT)))
    1069. 

  1069. 			goto cpl_finished;
    1070. 

  1070. 

  1071. 		cancel_cpl_ctx(ctx, 0x16);
    1072. 

  1072. 		return 0;
    1073. 

  1073. 	}
    1074. 

  1074. 

  1075. 	switch (ctx->state) {
    1076. 

  1076. 	case AMP_CPL_INIT:
    1077. 

  1077. 		cplctx = get_ctx_type(ctx, AMP_CREATEPHYSLINK);
    1078. 

  1078. 		if (cplctx) {
    1079. 

  1079. 			BT_DBG("deferred to %p", cplctx);
    1080. 

  1080. 			cplctx->deferred = ctx;
    1081. 

  1081. 			break;
    1082. 

  1082. 		}
    1083. 

  1083. 		ctx->state = AMP_CPL_DISC_RSP;
    1084. 

  1084. 		ctx->evt_type = AMP_A2MP_RSP;
    1085. 

  1085. 		ctx->rsp_ident = next_ident(ctx->mgr);
    1086. 

  1086. 		dreq.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
    1087. 

  1087. 		dreq.ext_feat = 0;
    1088. 

  1088. 		send_a2mp_cmd(ctx->mgr, ctx->rsp_ident, A2MP_DISCOVER_REQ,
    1089. 

  1089. 							sizeof(dreq), &dreq);
    1090. 

  1090. 		break;
    1091. 

  1091. 

  1092. 	case AMP_CPL_DISC_RSP:
    1093. 

  1093. 		drsp = (struct a2mp_discover_rsp *) skb_pull(skb, sizeof(*hdr));
    1094. 

  1094. 		if (skb->len < (sizeof(*drsp))) {
    1095. 

  1095. 			result = -EINVAL;
    1096. 

  1096. 			goto cpl_finished;
    1097. 

  1097. 		}
    1098. 

  1098. 

  1099. 		efm = (u16 *) skb_pull(skb, sizeof(*drsp));
    1100. 

  1100. 		BT_DBG("mtu %d efm 0x%4.4x", le16_to_cpu(drsp->mtu),
    1101. 

  1101. 						le16_to_cpu(drsp->ext_feat));
    1102. 

  1102. 

  1103. 		while (le16_to_cpu(drsp->ext_feat) & 0x8000) {
    1104. 

  1104. 			if (skb->len < sizeof(*efm)) {
    1105. 

  1105. 				result = -EINVAL;
    1106. 

  1106. 				goto cpl_finished;
    1107. 

  1107. 			}
    1108. 

  1108. 			drsp->ext_feat = *efm;
    1109. 

  1109. 			BT_DBG("efm 0x%4.4x", le16_to_cpu(drsp->ext_feat));
    1110. 

  1110. 			efm = (u16 *) skb_pull(skb, sizeof(*efm));
    1111. 

  1111. 		}
    1112. 

  1112. 		cl = (struct a2mp_cl *) efm;
    1113. 

  1113. 

  1114. 		/* find the first remote and local controller with the
    1115. 

  1115. 		 * same type
    1116. 

  1116. 		 */
    1117. 

  1117. 		greq.id = 0;
    1118. 

  1118. 		result = -ENODEV;
    1119. 

  1119. 		while (skb->len >= sizeof(*cl)) {
    1120. 

  1120. 			if ((cl->id != 0) && (greq.id == 0)) {
    1121. 

  1121. 				struct hci_dev *hdev;
    1122. 

  1122. 				hdev = hci_dev_get_type(cl->type);
    1123. 

  1123. 				if (hdev) {
    1124. 

  1124. 					struct hci_conn *conn;
    1125. 

  1125. 					ctx->hdev = hdev;
    1126. 

  1126. 					ctx->id = hdev->id;
    1127. 

  1127. 					ctx->d.cpl.remote_id = cl->id;
    1128. 

  1128. 					conn = hci_conn_hash_lookup_ba(hdev,
    1129. 

  1129. 					    ACL_LINK,
    1130. 

  1130. 					    &ctx->mgr->l2cap_conn->hcon->dst);
    1131. 

  1131. 					if (conn) {
    1132. 

  1132. 						BT_DBG("PL_COMPLETE exists %x",
    1133. 

  1133. 							(int) conn->handle);
    1134. 

  1134. 						result = 0;
    1135. 

  1135. 					}
    1136. 

  1136. 					ctrl = get_create_ctrl(ctx->mgr,
    1137. 

  1137. 								cl->id);
    1138. 

  1138. 					if (ctrl) {
    1139. 

  1139. 						ctrl->type = cl->type;
    1140. 

  1140. 						ctrl->status = cl->status;
    1141. 

  1141. 					}
    1142. 

  1142. 					greq.id = cl->id;
    1143. 

  1143. 				}
    1144. 

  1144. 			}
    1145. 

  1145. 			cl = (struct a2mp_cl *) skb_pull(skb, sizeof(*cl));
    1146. 

  1146. 		}
    1147. 

  1147. 		if ((!greq.id) || (!result))
    1148. 

  1148. 			goto cpl_finished;
    1149. 

  1149. 		ctx->state = AMP_CPL_GETINFO_RSP;
    1150. 

  1150. 		ctx->evt_type = AMP_A2MP_RSP;
    1151. 

  1151. 		ctx->rsp_ident = next_ident(ctx->mgr);
    1152. 

  1152. 		send_a2mp_cmd(ctx->mgr, ctx->rsp_ident, A2MP_GETINFO_REQ,
    1153. 

  1153. 							sizeof(greq), &greq);
    1154. 

  1154. 		break;
    1155. 

  1155. 

  1156. 	case AMP_CPL_GETINFO_RSP:
    1157. 

  1157. 		if (skb->len < sizeof(*grsp))
    1158. 

  1158. 			goto cpl_finished;
    1159. 

  1159. 		grsp = (struct a2mp_getinfo_rsp *) skb_pull(skb, sizeof(*hdr));
    1160. 

  1160. 		skb_pull(skb, sizeof(*grsp));
    1161. 

  1161. 		if (grsp->status)
    1162. 

  1162. 			goto cpl_finished;
    1163. 

  1163. 		if (grsp->id != ctx->d.cpl.remote_id)
    1164. 

  1164. 			goto cpl_finished;
    1165. 

  1165. 		ctrl = get_ctrl(ctx->mgr, grsp->id);
    1166. 

  1166. 		if (!ctrl)
    1167. 

  1167. 			goto cpl_finished;
    1168. 

  1168. 		ctrl->status = grsp->status;
    1169. 

  1169. 		ctrl->total_bw = le32_to_cpu(grsp->total_bw);
    1170. 

  1170. 		ctrl->max_bw = le32_to_cpu(grsp->max_bw);
    1171. 

  1171. 		ctrl->min_latency = le32_to_cpu(grsp->min_latency);
    1172. 

  1172. 		ctrl->pal_cap = le16_to_cpu(grsp->pal_cap);
    1173. 

  1173. 		ctrl->max_assoc_size = le16_to_cpu(grsp->assoc_size);
    1174. 

  1174. 

  1175. 		ctx->d.cpl.max_len = ctrl->max_assoc_size;
    1176. 

  1176. 

  1177. 		/* setup up GAA request */
    1178. 

  1178. 		areq.id = ctx->d.cpl.remote_id;
    1179. 

  1179. 

  1180. 		/* advance context state */
    1181. 

  1181. 		ctx->state = AMP_CPL_GAA_RSP;
    1182. 

  1182. 		ctx->evt_type = AMP_A2MP_RSP;
    1183. 

  1183. 		ctx->rsp_ident = next_ident(ctx->mgr);
    1184. 

  1184. 		send_a2mp_cmd(ctx->mgr, ctx->rsp_ident, A2MP_GETAMPASSOC_REQ,
    1185. 

  1185. 							sizeof(areq), &areq);
    1186. 

  1186. 		break;
    1187. 

  1187. 

  1188. 	case AMP_CPL_GAA_RSP:
    1189. 

  1189. 		if (skb->len < sizeof(*arsp))
    1190. 

  1190. 			goto cpl_finished;
    1191. 

  1191. 		hdr = (void *) skb->data;
    1192. 

  1192. 		arsp = (void *) skb_pull(skb, sizeof(*hdr));
    1193. 

  1193. 		if (arsp->status != 0)
    1194. 

  1194. 			goto cpl_finished;
    1195. 

  1195. 

  1196. 		/* store away remote assoc */
    1197. 

  1197. 		assoc = (u8 *) skb_pull(skb, sizeof(*arsp));
    1198. 

  1198. 		ctx->d.cpl.len_so_far = 0;
    1199. 

  1199. 		ctx->d.cpl.rem_len = hdr->len - sizeof(*arsp);
    1200. 

  1200. 		skb_pull(skb, ctx->d.cpl.rem_len);
    1201. 

  1201. 		rassoc = kmalloc(ctx->d.cpl.rem_len, GFP_ATOMIC);
    1202. 

  1202. 		if (!rassoc)
    1203. 

  1203. 			goto cpl_finished;
    1204. 

  1204. 		memcpy(rassoc, assoc, ctx->d.cpl.rem_len);
    1205. 

  1205. 		ctx->d.cpl.remote_assoc = rassoc;
    1206. 

  1206. 

  1207. 		/* set up CPL command */
    1208. 

  1208. 		ctx->d.cpl.phy_handle = physlink_handle(ctx->hdev);
    1209. 

  1209. 		cp.phy_handle = ctx->d.cpl.phy_handle;
    1210. 

  1210. 		if (physlink_security(ctx->mgr->l2cap_conn->hcon, cp.data,
    1211. 

  1211. 					&cp.key_len, &cp.type)) {
    1212. 

  1212. 			result = -EPERM;
    1213. 

  1213. 			goto cpl_finished;
    1214. 

  1214. 		}
    1215. 

  1215. 

  1216. 		/* advance context state */
    1217. 

  1217. 		ctx->state = AMP_CPL_CPL_STATUS;
    1218. 

  1218. 		ctx->evt_type = AMP_HCI_CMD_STATUS;
    1219. 

  1219. 		ctx->opcode = HCI_OP_CREATE_PHYS_LINK;
    1220. 

  1220. 		hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(cp), &cp);
    1221. 

  1221. 		break;
    1222. 

  1222. 

  1223. 	case AMP_CPL_CPL_STATUS:
    1224. 

  1224. 		/* received create physical link command status */
    1225. 

  1225. 		if (cs->status != 0)
    1226. 

  1226. 			goto cpl_finished;
    1227. 

  1227. 		/* send the first assoc fragment */
    1228. 

  1228. 		wcp.phy_handle = ctx->d.cpl.phy_handle;
    1229. 

  1229. 		wcp.len_so_far = ctx->d.cpl.len_so_far;
    1230. 

  1230. 		wcp.rem_len = cpu_to_le16(ctx->d.cpl.rem_len);
    1231. 

  1231. 		frag_len = min_t(u16, 248, ctx->d.cpl.rem_len);
    1232. 

  1232. 		memcpy(wcp.frag, ctx->d.cpl.remote_assoc, frag_len);
    1233. 

  1233. 		ctx->state = AMP_CPL_WRA_COMPLETE;
    1234. 

  1234. 		ctx->evt_type = AMP_HCI_CMD_CMPLT;
    1235. 

  1235. 		ctx->opcode = HCI_OP_WRITE_REMOTE_AMP_ASSOC;
    1236. 

  1236. 		hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
    1237. 

  1237. 		break;
    1238. 

  1238. 

  1239. 	case AMP_CPL_WRA_COMPLETE:
    1240. 

  1240. 		/* received write remote amp assoc command complete event */
    1241. 

  1241. 		if (skb->len < sizeof(*wrp))
    1242. 

  1242. 			goto cpl_finished;
    1243. 

  1243. 		wrp = (struct hci_rp_write_remote_amp_assoc *) skb->data;
    1244. 

  1244. 		if (wrp->status != 0)
    1245. 

  1245. 			goto cpl_finished;
    1246. 

  1246. 		if (wrp->phy_handle != ctx->d.cpl.phy_handle)
    1247. 

  1247. 			goto cpl_finished;
    1248. 

  1248. 

  1249. 		/* update progress */
    1250. 

  1250. 		frag_len = min_t(u16, 248, ctx->d.cpl.rem_len);
    1251. 

  1251. 		ctx->d.cpl.len_so_far += frag_len;
    1252. 

  1252. 		ctx->d.cpl.rem_len -= frag_len;
    1253. 

  1253. 		if (ctx->d.cpl.rem_len > 0) {
    1254. 

  1254. 			/* another assoc fragment to send */
    1255. 

  1255. 			wcp.phy_handle = ctx->d.cpl.phy_handle;
    1256. 

  1256. 			wcp.len_so_far = cpu_to_le16(ctx->d.cpl.len_so_far);
    1257. 

  1257. 			wcp.rem_len = cpu_to_le16(ctx->d.cpl.rem_len);
    1258. 

  1258. 			frag_len = min_t(u16, 248, ctx->d.cpl.rem_len);
    1259. 

  1259. 			memcpy(wcp.frag,
    1260. 

  1260. 				ctx->d.cpl.remote_assoc + ctx->d.cpl.len_so_far,
    1261. 

  1261. 				frag_len);
    1262. 

  1262. 			hci_send_cmd(ctx->hdev, ctx->opcode, 5+frag_len, &wcp);
    1263. 

  1263. 			break;
    1264. 

  1264. 		}
    1265. 

  1265. 		/* now wait for channel selected event */
    1266. 

  1266. 		ctx->state = AMP_CPL_CHANNEL_SELECT;
    1267. 

  1267. 		ctx->evt_type = AMP_HCI_EVENT;
    1268. 

  1268. 		ctx->evt_code = HCI_EV_CHANNEL_SELECTED;
    1269. 

  1269. 		break;
    1270. 

  1270. 

  1271. 	case AMP_CPL_CHANNEL_SELECT:
    1272. 

  1272. 		/* received channel selection event */
    1273. 

  1273. 		if (skb->len < sizeof(*cev))
    1274. 

  1274. 			goto cpl_finished;
    1275. 

  1275. 		cev = (void *) skb->data;
    1276. 

  1276. /* TODO - PK This check is valid but Libra PAL returns 0 for handle during
    1277. 

  1277. 			Create Physical Link collision scenario
    1278. 

  1278. 		if (cev->phy_handle != ctx->d.cpl.phy_handle)
    1279. 

  1279. 			goto cpl_finished;
    1280. 

  1280. */
    1281. 

  1281. 

  1282. 		/* request the first local assoc fragment */
    1283. 

  1283. 		rcp.phy_handle = ctx->d.cpl.phy_handle;
    1284. 

  1284. 		rcp.len_so_far = 0;
    1285. 

  1285. 		rcp.max_len = ctx->d.cpl.max_len;
    1286. 

  1286. 		lassoc = kmalloc(ctx->d.cpl.max_len, GFP_ATOMIC);
    1287. 

  1287. 		if (!lassoc)
    1288. 

  1288. 			goto cpl_finished;
    1289. 

  1289. 		ctx->d.cpl.local_assoc = lassoc;
    1290. 

  1290. 		ctx->d.cpl.len_so_far = 0;
    1291. 

  1291. 		ctx->state = AMP_CPL_RLA_COMPLETE;
    1292. 

  1292. 		ctx->evt_type = AMP_HCI_CMD_CMPLT;
    1293. 

  1293. 		ctx->opcode = HCI_OP_READ_LOCAL_AMP_ASSOC;
    1294. 

  1294. 		hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(rcp), &rcp);
    1295. 

  1295. 		break;
    1296. 

  1296. 

  1297. 	case AMP_CPL_RLA_COMPLETE:
    1298. 

  1298. 		/* received read local amp assoc command complete event */
    1299. 

  1299. 		if (skb->len < 4)
    1300. 

  1300. 			goto cpl_finished;
    1301. 

  1301. 		rrp = (struct hci_rp_read_local_amp_assoc *) skb->data;
    1302. 

  1302. 		if (rrp->status)
    1303. 

  1303. 			goto cpl_finished;
    1304. 

  1304. 		if (rrp->phy_handle != ctx->d.cpl.phy_handle)
    1305. 

  1305. 			goto cpl_finished;
    1306. 

  1306. 		rem_len = le16_to_cpu(rrp->rem_len);
    1307. 

  1307. 		skb_pull(skb, 4);
    1308. 

  1308. 		frag_len = skb->len;
    1309. 

  1309. 

  1310. 		if (ctx->d.cpl.len_so_far + rem_len > ctx->d.cpl.max_len)
    1311. 

  1311. 			goto cpl_finished;
    1312. 

  1312. 

  1313. 		/* save this fragment in context */
    1314. 

  1314. 		lassoc = ctx->d.cpl.local_assoc + ctx->d.cpl.len_so_far;
    1315. 

  1315. 		memcpy(lassoc, rrp->frag, frag_len);
    1316. 

  1316. 		ctx->d.cpl.len_so_far += frag_len;
    1317. 

  1317. 		rem_len -= frag_len;
    1318. 

  1318. 		if (rem_len > 0) {
    1319. 

  1319. 			/* request another local assoc fragment */
    1320. 

  1320. 			rcp.phy_handle = ctx->d.cpl.phy_handle;
    1321. 

  1321. 			rcp.len_so_far = ctx->d.cpl.len_so_far;
    1322. 

  1322. 			rcp.max_len = ctx->d.cpl.max_len;
    1323. 

  1323. 			hci_send_cmd(ctx->hdev, ctx->opcode, sizeof(rcp), &rcp);
    1324. 

  1324. 		} else {
    1325. 

  1325. 			creq.local_id = ctx->id;
    1326. 

  1326. 			creq.remote_id = ctx->d.cpl.remote_id;
    1327. 

  1327. 			/* wait for A2MP rsp AND phys link complete event */
    1328. 

  1328. 			ctx->state = AMP_CPL_PL_COMPLETE;
    1329. 

  1329. 			ctx->evt_type = AMP_A2MP_RSP | AMP_HCI_EVENT;
    1330. 

  1330. 			ctx->rsp_ident = next_ident(ctx->mgr);
    1331. 

  1331. 			ctx->evt_code = HCI_EV_PHYS_LINK_COMPLETE;
    1332. 

  1332. 			send_a2mp_cmd2(ctx->mgr, ctx->rsp_ident,
    1333. 

  1333. 				A2MP_CREATEPHYSLINK_REQ, sizeof(creq), &creq,
    1334. 

  1334. 				ctx->d.cpl.len_so_far, ctx->d.cpl.local_assoc);
    1335. 

  1335. 		}
    1336. 

  1336. 		break;
    1337. 

  1337. 

  1338. 	case AMP_CPL_PL_COMPLETE:
    1339. 

  1339. 		if (evt_type == AMP_A2MP_RSP) {
    1340. 

  1340. 			/* create physical link response received */
    1341. 

  1341. 			ctx->evt_type &= ~AMP_A2MP_RSP;
    1342. 

  1342. 			if (skb->len < sizeof(*crsp))
    1343. 

  1343. 				goto cpl_finished;
    1344. 

  1344. 			crsp = (void *) skb_pull(skb, sizeof(*hdr));
    1345. 

  1345. 			if ((crsp->local_id != ctx->d.cpl.remote_id) ||
    1346. 

  1346. 				(crsp->remote_id != ctx->id) ||
    1347. 

  1347. 				(crsp->status != 0)) {
    1348. 

  1348. 				cancel_cpl_ctx(ctx, 0x13);
    1349. 

  1349. 				break;
    1350. 

  1350. 			}
    1351. 

  1351. 

  1352. 			/* notify Qualcomm PAL */
    1353. 

  1353. 			if (ctx->hdev->manufacturer == 0x001d)
    1354. 

  1354. 				hci_send_cmd(ctx->hdev,
    1355. 

  1355. 					hci_opcode_pack(0x3f, 0x00), 0, NULL);
    1356. 

  1356. 		}
    1357. 

  1357. 		if (evt_type == AMP_HCI_EVENT) {
    1358. 

  1358. 			ctx->evt_type &= ~AMP_HCI_EVENT;
    1359. 

  1359. 			/* physical link complete event received */
    1360. 

  1360. 			if (skb->len < sizeof(*pev))
    1361. 

  1361. 				goto cpl_finished;
    1362. 

  1362. 			pev = (void *) skb->data;
    1363. 

  1363. 			if (pev->phy_handle != ctx->d.cpl.phy_handle)
    1364. 

  1364. 				break;
    1365. 

  1365. 			if (pev->status != 0)
    1366. 

  1366. 				goto cpl_finished;
    1367. 

  1367. 		}
    1368. 

  1368. 		if (ctx->evt_type)
    1369. 

  1369. 			break;
    1370. 

  1370. 		conn = hci_conn_hash_lookup_handle(ctx->hdev,
    1371. 

  1371. 							ctx->d.cpl.phy_handle);
    1372. 

  1372. 		if (!conn)
    1373. 

  1373. 			goto cpl_finished;
    1374. 

  1374. 		result = 0;
    1375. 

  1375. 		BT_DBG("PL_COMPLETE phy_handle %x", ctx->d.cpl.phy_handle);
    1376. 

  1376. 		bacpy(&conn->dst, &ctx->mgr->l2cap_conn->hcon->dst);
    1377. 

  1377. 		conn->dst_id = ctx->d.cpl.remote_id;
    1378. 

  1378. 		conn->out = 1;
    1379. 

  1379. 		goto cpl_finished;
    1380. 

  1380. 		break;
    1381. 

  1381. 

  1382. 	case AMP_CPL_PL_CANCEL:
    1383. 

  1383. 		dev = (void *) skb->data;
    1384. 

  1384. 		BT_DBG("PL_COMPLETE cancelled %x", dev->phy_handle);
    1385. 

  1385. 		result = -EISCONN;
    1386. 

  1386. 		goto cpl_finished;
    1387. 

  1387. 		break;
    1388. 

  1388. 

  1389. 	default:
    1390. 

  1390. 		goto cpl_finished;
    1391. 

  1391. 		break;
    1392. 

  1392. 	}
    1393. 

  1393. 	return 0;
    1394. 

  1394. 

  1395. cpl_finished:
    1396. 

  1396. 	l2cap_amp_physical_complete(result, ctx->id, ctx->d.cpl.remote_id,
    1397. 

  1397. 					ctx->sk);
    1398. 

  1398. 	if (ctx->sk)
    1399. 

  1399. 		sock_put(ctx->sk);
    1400. 

  1400. 	if (ctx->hdev)
    1401. 

  1401. 		hci_dev_put(ctx->hdev);
    1402. 

  1402. 	kfree(ctx->d.cpl.remote_assoc);
    1403. 

  1403. 	kfree(ctx->d.cpl.local_assoc);
    1404. 

  1404. 	return 1;
    1405. 

  1405. }
    1406. 

  1406. 

  1407. static int disconnphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb)
    1408. 

  1408. {
    1409. 

  1409. 	struct a2mp_cmd_hdr *hdr = (void *) skb->data;
    1410. 

  1410. 	struct a2mp_disconnphyslink_req *req;
    1411. 

  1411. 	struct a2mp_disconnphyslink_rsp rsp;
    1412. 

  1412. 	struct hci_dev *hdev;
    1413. 

  1413. 	struct hci_conn *conn;
    1414. 

  1414. 	struct amp_ctx *aplctx;
    1415. 

  1415. 

  1416. 	BT_DBG("mgr %p skb %p", mgr, skb);
    1417. 

  1417. 	if (hdr->len < sizeof(*req))
    1418. 

  1418. 		return -EINVAL;
    1419. 

  1419. 	req = (void *) skb_pull(skb, sizeof(*hdr));
    1420. 

  1420. 	skb_pull(skb, sizeof(*req));
    1421. 

  1421. 

  1422. 	rsp.local_id = req->remote_id;
    1423. 

  1423. 	rsp.remote_id = req->local_id;
    1424. 

  1424. 	rsp.status = 0;
    1425. 

  1425. 	BT_DBG("local_id %d remote_id %d",
    1426. 

  1426. 		(int) rsp.local_id, (int) rsp.remote_id);
    1427. 

  1427. 	hdev = hci_dev_get(rsp.local_id);
    1428. 

  1428. 	if (!hdev) {
    1429. 

  1429. 		rsp.status = 1; /* Invalid Controller ID */
    1430. 

  1430. 		goto dpl_finished;
    1431. 

  1431. 	}
    1432. 

  1432. 	BT_DBG("hdev %p", hdev);
    1433. 

  1433. 	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
    1434. 

  1434. 					&mgr->l2cap_conn->hcon->dst);
    1435. 

  1435. 	if (!conn) {
    1436. 

  1436. 		aplctx = get_ctx_mgr(mgr, AMP_ACCEPTPHYSLINK);
    1437. 

  1437. 		if (aplctx) {
    1438. 

  1438. 			kill_ctx(aplctx);
    1439. 

  1439. 			rsp.status = 0;
    1440. 

  1440. 			goto dpl_finished;
    1441. 

  1441. 		}
    1442. 

  1442. 		rsp.status = 2;  /* No Physical Link exists */
    1443. 

  1443. 		goto dpl_finished;
    1444. 

  1444. 	}
    1445. 

  1445. 	BT_DBG("conn %p", conn);
    1446. 

  1446. 	hci_disconnect(conn, 0x13);
    1447. 

  1447. 

  1448. dpl_finished:
    1449. 

  1449. 	send_a2mp_cmd(mgr, hdr->ident,
    1450. 

  1450. 				A2MP_DISCONNPHYSLINK_RSP, sizeof(rsp), &rsp);
    1451. 

  1451. 	if (hdev)
    1452. 

  1452. 		hci_dev_put(hdev);
    1453. 

  1453. 	return 0;
    1454. 

  1454. }
    1455. 

  1455. 

  1456. static int execute_ctx(struct amp_ctx *ctx, u8 evt_type, void *data)
    1457. 

  1457. {
    1458. 

  1458. 	struct amp_mgr *mgr = ctx->mgr;
    1459. 

  1459. 	u8 finished = 0;
    1460. 

  1460. 

  1461. 	if (!mgr->connected)
    1462. 

  1462. 		return 0;
    1463. 

  1463. 

  1464. 	switch (ctx->type) {
    1465. 

  1465. 	case AMP_GETAMPASSOC:
    1466. 

  1466. 		finished = getampassoc_handler(ctx, evt_type, data);
    1467. 

  1467. 		break;
    1468. 

  1468. 	case AMP_CREATEPHYSLINK:
    1469. 

  1469. 		finished = createphyslink_handler(ctx, evt_type, data);
    1470. 

  1470. 		break;
    1471. 

  1471. 	case AMP_ACCEPTPHYSLINK:
    1472. 

  1472. 		finished = acceptphyslink_handler(ctx, evt_type, data);
    1473. 

  1473. 		break;
    1474. 

  1474. 	}
    1475. 

  1475. 

  1476. 	if (!finished)
    1477. 

  1477. 		mod_timer(&(ctx->timer), jiffies +
    1478. 

  1478. 			msecs_to_jiffies(A2MP_RSP_TIMEOUT));
    1479. 

  1479. 	else
    1480. 

  1480. 		destroy_ctx(ctx);
    1481. 

  1481. 	return finished;
    1482. 

  1482. }
    1483. 

  1483. 

  1484. static int cancel_ctx(struct amp_ctx *ctx)
    1485. 

  1485. {
    1486. 

  1486. 	return execute_ctx(ctx, AMP_CANCEL, 0);
    1487. 

  1487. }
    1488. 

  1488. 

  1489. static int kill_ctx(struct amp_ctx *ctx)
    1490. 

  1490. {
    1491. 

  1491. 	return execute_ctx(ctx, AMP_KILLED, 0);
    1492. 

  1492. }
    1493. 

  1493. 

  1494. static void ctx_timeout_worker(struct work_struct *w)
    1495. 

  1495. {
    1496. 

  1496. 	struct amp_work_ctx_timeout *work = (struct amp_work_ctx_timeout *) w;
    1497. 

  1497. 	struct amp_ctx *ctx = work->ctx;
    1498. 

  1498. 	kill_ctx(ctx);
    1499. 

  1499. 	kfree(work);
    1500. 

  1500. }
    1501. 

  1501. 

  1502. static void ctx_timeout(unsigned long data)
    1503. 

  1503. {
    1504. 

  1504. 	struct amp_ctx *ctx = (struct amp_ctx *) data;
    1505. 

  1505. 	struct amp_work_ctx_timeout *work;
    1506. 

  1506. 

  1507. 	BT_DBG("ctx %p", ctx);
    1508. 

  1508. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1509. 

  1509. 	if (work) {
    1510. 

  1510. 		INIT_WORK((struct work_struct *) work, ctx_timeout_worker);
    1511. 

  1511. 		work->ctx = ctx;
    1512. 

  1512. 		if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
    1513. 

  1513. 			kfree(work);
    1514. 

  1514. 	}
    1515. 

  1515. }
    1516. 

  1516. 

  1517. static void launch_ctx(struct amp_mgr *mgr)
    1518. 

  1518. {
    1519. 

  1519. 	struct amp_ctx *ctx = NULL;
    1520. 

  1520. 

  1521. 	BT_DBG("mgr %p", mgr);
    1522. 

  1522. 	read_lock(&mgr->ctx_list_lock);
    1523. 

  1523. 	if (!list_empty(&mgr->ctx_list))
    1524. 

  1524. 		ctx = list_first_entry(&mgr->ctx_list, struct amp_ctx, list);
    1525. 

  1525. 	read_unlock(&mgr->ctx_list_lock);
    1526. 

  1526. 	BT_DBG("ctx %p", ctx);
    1527. 

  1527. 	if (ctx)
    1528. 

  1528. 		execute_ctx(ctx, AMP_INIT, NULL);
    1529. 

  1529. }
    1530. 

  1530. 

  1531. static inline int a2mp_rsp(struct amp_mgr *mgr, struct sk_buff *skb)
    1532. 

  1532. {
    1533. 

  1533. 	struct amp_ctx *ctx;
    1534. 

  1534. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    1535. 

  1535. 	u16 hdr_len = le16_to_cpu(hdr->len);
    1536. 

  1536. 

  1537. 	/* find context waiting for A2MP rsp with this rsp's identifier */
    1538. 

  1538. 	BT_DBG("ident %d code %d", hdr->ident, hdr->code);
    1539. 

  1539. 	ctx = get_ctx_a2mp(mgr, hdr->ident);
    1540. 

  1540. 	if (ctx) {
    1541. 

  1541. 		execute_ctx(ctx, AMP_A2MP_RSP, skb);
    1542. 

  1542. 	} else {
    1543. 

  1543. 		BT_DBG("context not found");
    1544. 

  1544. 		skb_pull(skb, sizeof(*hdr));
    1545. 

  1545. 		if (hdr_len > skb->len)
    1546. 

  1546. 			hdr_len = skb->len;
    1547. 

  1547. 		skb_pull(skb, hdr_len);
    1548. 

  1548. 	}
    1549. 

  1549. 	return 0;
    1550. 

  1550. }
    1551. 

  1551. 

  1552. /* L2CAP-A2MP interface */
    1553. 

  1553. 

  1554. static void a2mp_receive(struct sock *sk, struct sk_buff *skb)
    1555. 

  1555. {
    1556. 

  1556. 	struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    1557. 

  1557. 	int len;
    1558. 

  1558. 	int err = 0;
    1559. 

  1559. 	struct amp_mgr *mgr;
    1560. 

  1560. 

  1561. 	mgr = get_amp_mgr_sk(sk);
    1562. 

  1562. 	if (!mgr)
    1563. 

  1563. 		goto a2mp_finished;
    1564. 

  1564. 

  1565. 	len = skb->len;
    1566. 

  1566. 	while (len >= sizeof(*hdr)) {
    1567. 

  1567. 		struct a2mp_cmd_hdr *hdr = (struct a2mp_cmd_hdr *) skb->data;
    1568. 

  1568. 		u16 clen = le16_to_cpu(hdr->len);
    1569. 

  1569. 

  1570. 		BT_DBG("code 0x%02x id %d len %d", hdr->code, hdr->ident, clen);
    1571. 

  1571. 		if (clen > len || !hdr->ident) {
    1572. 

  1572. 			err = -EINVAL;
    1573. 

  1573. 			break;
    1574. 

  1574. 		}
    1575. 

  1575. 		switch (hdr->code) {
    1576. 

  1576. 		case A2MP_COMMAND_REJ:
    1577. 

  1577. 			command_rej(mgr, skb);
    1578. 

  1578. 			break;
    1579. 

  1579. 		case A2MP_DISCOVER_REQ:
    1580. 

  1580. 			err = discover_req(mgr, skb);
    1581. 

  1581. 			break;
    1582. 

  1582. 		case A2MP_CHANGE_NOTIFY:
    1583. 

  1583. 			err = change_notify(mgr, skb);
    1584. 

  1584. 			break;
    1585. 

  1585. 		case A2MP_GETINFO_REQ:
    1586. 

  1586. 			err = getinfo_req(mgr, skb);
    1587. 

  1587. 			break;
    1588. 

  1588. 		case A2MP_GETAMPASSOC_REQ:
    1589. 

  1589. 			err = getampassoc_req(mgr, skb);
    1590. 

  1590. 			break;
    1591. 

  1591. 		case A2MP_CREATEPHYSLINK_REQ:
    1592. 

  1592. 			err = createphyslink_req(mgr, skb);
    1593. 

  1593. 			break;
    1594. 

  1594. 		case A2MP_DISCONNPHYSLINK_REQ:
    1595. 

  1595. 			err = disconnphyslink_req(mgr, skb);
    1596. 

  1596. 			break;
    1597. 

  1597. 		case A2MP_CHANGE_RSP:
    1598. 

  1598. 		case A2MP_DISCOVER_RSP:
    1599. 

  1599. 		case A2MP_GETINFO_RSP:
    1600. 

  1600. 		case A2MP_GETAMPASSOC_RSP:
    1601. 

  1601. 		case A2MP_CREATEPHYSLINK_RSP:
    1602. 

  1602. 		case A2MP_DISCONNPHYSLINK_RSP:
    1603. 

  1603. 			err = a2mp_rsp(mgr, skb);
    1604. 

  1604. 			break;
    1605. 

  1605. 		default:
    1606. 

  1606. 			BT_ERR("Unknown A2MP signaling command 0x%2.2x",
    1607. 

  1607. 				hdr->code);
    1608. 

  1608. 			skb_pull(skb, sizeof(*hdr));
    1609. 

  1609. 			err = -EINVAL;
    1610. 

  1610. 			break;
    1611. 

  1611. 		}
    1612. 

  1612. 		len = skb->len;
    1613. 

  1613. 	}
    1614. 

  1614. 

  1615. a2mp_finished:
    1616. 

  1616. 	if (err && mgr) {
    1617. 

  1617. 		struct a2mp_cmd_rej rej;
    1618. 

  1618. 		rej.reason = cpu_to_le16(0);
    1619. 

  1619. 		send_a2mp_cmd(mgr, hdr->ident, A2MP_COMMAND_REJ,
    1620. 

  1620. 							sizeof(rej), &rej);
    1621. 

  1621. 	}
    1622. 

  1622. }
    1623. 

  1623. 

  1624. /* L2CAP-A2MP interface */
    1625. 

  1625. 

  1626. static int send_a2mp(struct socket *sock, u8 *data, int len)
    1627. 

  1627. {
    1628. 

  1628. 	struct kvec iv = { data, len };
    1629. 

  1629. 	struct msghdr msg;
    1630. 

  1630. 

  1631. 	memset(&msg, 0, sizeof(msg));
    1632. 

  1632. 

  1633. 	return kernel_sendmsg(sock, &msg, &iv, 1, len);
    1634. 

  1634. }
    1635. 

  1635. 

  1636. static void data_ready_worker(struct work_struct *w)
    1637. 

  1637. {
    1638. 

  1638. 	struct amp_work_data_ready *work = (struct amp_work_data_ready *) w;
    1639. 

  1639. 	struct sock *sk = work->sk;
    1640. 

  1640. 	struct sk_buff *skb;
    1641. 

  1641. 

  1642. 	/* skb_dequeue() is thread-safe */
    1643. 

  1643. 	while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
    1644. 

  1644. 		a2mp_receive(sk, skb);
    1645. 

  1645. 		kfree_skb(skb);
    1646. 

  1646. 	}
    1647. 

  1647. 	sock_put(work->sk);
    1648. 

  1648. 	kfree(work);
    1649. 

  1649. }
    1650. 

  1650. 

  1651. static void data_ready(struct sock *sk, int bytes)
    1652. 

  1652. {
    1653. 

  1653. 	struct amp_work_data_ready *work;
    1654. 

  1654. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1655. 

  1655. 	if (work) {
    1656. 

  1656. 		INIT_WORK((struct work_struct *) work, data_ready_worker);
    1657. 

  1657. 		sock_hold(sk);
    1658. 

  1658. 		work->sk = sk;
    1659. 

  1659. 		work->bytes = bytes;
    1660. 

  1660. 		if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
    1661. 

  1661. 			kfree(work);
    1662. 

  1662. 			sock_put(sk);
    1663. 

  1663. 		}
    1664. 

  1664. 	}
    1665. 

  1665. }
    1666. 

  1666. 

  1667. static void state_change_worker(struct work_struct *w)
    1668. 

  1668. {
    1669. 

  1669. 	struct amp_work_state_change *work = (struct amp_work_state_change *) w;
    1670. 

  1670. 	struct amp_mgr *mgr;
    1671. 

  1671. 	switch (work->sk->sk_state) {
    1672. 

  1672. 	case BT_CONNECTED:
    1673. 

  1673. 		/* socket is up */
    1674. 

  1674. 		BT_DBG("CONNECTED");
    1675. 

  1675. 		mgr = get_amp_mgr_sk(work->sk);
    1676. 

  1676. 		if (mgr) {
    1677. 

  1677. 			mgr->connected = 1;
    1678. 

  1678. 			if (mgr->skb) {
    1679. 

  1679. 				l2cap_recv_deferred_frame(work->sk, mgr->skb);
    1680. 

  1680. 				mgr->skb = NULL;
    1681. 

  1681. 			}
    1682. 

  1682. 			launch_ctx(mgr);
    1683. 

  1683. 		}
    1684. 

  1684. 		break;
    1685. 

  1685. 

  1686. 	case BT_CLOSED:
    1687. 

  1687. 		/* connection is gone */
    1688. 

  1688. 		BT_DBG("CLOSED");
    1689. 

  1689. 		mgr = get_amp_mgr_sk(work->sk);
    1690. 

  1690. 		if (mgr) {
    1691. 

  1691. 			if (!sock_flag(work->sk, SOCK_DEAD))
    1692. 

  1692. 				sock_release(mgr->a2mp_sock);
    1693. 

  1693. 			mgr->a2mp_sock = NULL;
    1694. 

  1694. 			remove_amp_mgr(mgr);
    1695. 

  1695. 		}
    1696. 

  1696. 		break;
    1697. 

  1697. 

  1698. 	default:
    1699. 

  1699. 		/* something else happened */
    1700. 

  1700. 		break;
    1701. 

  1701. 	}
    1702. 

  1702. 	sock_put(work->sk);
    1703. 

  1703. 	kfree(work);
    1704. 

  1704. }
    1705. 

  1705. 

  1706. static void state_change(struct sock *sk)
    1707. 

  1707. {
    1708. 

  1708. 	struct amp_work_state_change *work;
    1709. 

  1709. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1710. 

  1710. 	if (work) {
    1711. 

  1711. 		INIT_WORK((struct work_struct *) work, state_change_worker);
    1712. 

  1712. 		sock_hold(sk);
    1713. 

  1713. 		work->sk = sk;
    1714. 

  1714. 		if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
    1715. 

  1715. 			kfree(work);
    1716. 

  1716. 			sock_put(sk);
    1717. 

  1717. 		}
    1718. 

  1718. 	}
    1719. 

  1719. }
    1720. 

  1720. 

  1721. static struct socket *open_fixed_channel(bdaddr_t *src, bdaddr_t *dst)
    1722. 

  1722. {
    1723. 

  1723. 	int err;
    1724. 

  1724. 	struct socket *sock;
    1725. 

  1725. 	struct sockaddr_l2 addr;
    1726. 

  1726. 	struct sock *sk;
    1727. 

  1727. 	struct l2cap_options opts = {L2CAP_A2MP_DEFAULT_MTU,
    1728. 

  1728. 			L2CAP_A2MP_DEFAULT_MTU, L2CAP_DEFAULT_FLUSH_TO,
    1729. 

  1729. 			L2CAP_MODE_ERTM, 1, 0xFF, 1};
    1730. 

  1730. 

  1731. 

  1732. 	err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET,
    1733. 

  1733. 					BTPROTO_L2CAP, &sock);
    1734. 

  1734. 

  1735. 	if (err) {
    1736. 

  1736. 		BT_ERR("sock_create_kern failed %d", err);
    1737. 

  1737. 		return NULL;
    1738. 

  1738. 	}
    1739. 

  1739. 

  1740. 	sk = sock->sk;
    1741. 

  1741. 	sk->sk_data_ready = data_ready;
    1742. 

  1742. 	sk->sk_state_change = state_change;
    1743. 

  1743. 

  1744. 	memset(&addr, 0, sizeof(addr));
    1745. 

  1745. 	bacpy(&addr.l2_bdaddr, src);
    1746. 

  1746. 	addr.l2_family = AF_BLUETOOTH;
    1747. 

  1747. 	addr.l2_cid = L2CAP_CID_A2MP;
    1748. 

  1748. 	err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
    1749. 

  1749. 	if (err) {
    1750. 

  1750. 		BT_ERR("kernel_bind failed %d", err);
    1751. 

  1751. 		sock_release(sock);
    1752. 

  1752. 		return NULL;
    1753. 

  1753. 	}
    1754. 

  1754. 

  1755. 	l2cap_fixed_channel_config(sk, &opts);
    1756. 

  1756. 

  1757. 	memset(&addr, 0, sizeof(addr));
    1758. 

  1758. 	bacpy(&addr.l2_bdaddr, dst);
    1759. 

  1759. 	addr.l2_family = AF_BLUETOOTH;
    1760. 

  1760. 	addr.l2_cid = L2CAP_CID_A2MP;
    1761. 

  1761. 	err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr),
    1762. 

  1762. 							O_NONBLOCK);
    1763. 

  1763. 	if ((err == 0) || (err == -EINPROGRESS))
    1764. 

  1764. 		return sock;
    1765. 

  1765. 	else {
    1766. 

  1766. 		BT_ERR("kernel_connect failed %d", err);
    1767. 

  1767. 		sock_release(sock);
    1768. 

  1768. 		return NULL;
    1769. 

  1769. 	}
    1770. 

  1770. }
    1771. 

  1771. 

  1772. static void conn_ind_worker(struct work_struct *w)
    1773. 

  1773. {
    1774. 

  1774. 	struct amp_work_conn_ind *work = (struct amp_work_conn_ind *) w;
    1775. 

  1775. 	struct hci_conn *hcon = work->hcon;
    1776. 

  1776. 	struct sk_buff *skb = work->skb;
    1777. 

  1777. 	struct amp_mgr *mgr;
    1778. 

  1778. 

  1779. 	mgr = get_create_amp_mgr(hcon, skb);
    1780. 

  1780. 	BT_DBG("mgr %p", mgr);
    1781. 

  1781. 	hci_conn_put(hcon);
    1782. 

  1782. 	kfree(work);
    1783. 

  1783. }
    1784. 

  1784. 

  1785. static void create_physical_worker(struct work_struct *w)
    1786. 

  1786. {
    1787. 

  1787. 	struct amp_work_create_physical *work =
    1788. 

  1788. 		(struct amp_work_create_physical *) w;
    1789. 

  1789. 

  1790. 	create_physical(work->conn, work->sk);
    1791. 

  1791. 	sock_put(work->sk);
    1792. 

  1792. 	kfree(work);
    1793. 

  1793. }
    1794. 

  1794. 

  1795. static void accept_physical_worker(struct work_struct *w)
    1796. 

  1796. {
    1797. 

  1797. 	struct amp_work_accept_physical *work =
    1798. 

  1798. 		(struct amp_work_accept_physical *) w;
    1799. 

  1799. 

  1800. 	accept_physical(work->conn, work->id, work->sk);
    1801. 

  1801. 	sock_put(work->sk);
    1802. 

  1802. 	kfree(work);
    1803. 

  1803. }
    1804. 

  1804. 

  1805. /* L2CAP Fixed Channel interface */
    1806. 

  1806. 

  1807. void amp_conn_ind(struct hci_conn *hcon, struct sk_buff *skb)
    1808. 

  1808. {
    1809. 

  1809. 	struct amp_work_conn_ind *work;
    1810. 

  1810. 	BT_DBG("hcon %p, skb %p", hcon, skb);
    1811. 

  1811. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1812. 

  1812. 	if (work) {
    1813. 

  1813. 		INIT_WORK((struct work_struct *) work, conn_ind_worker);
    1814. 

  1814. 		hci_conn_hold(hcon);
    1815. 

  1815. 		work->hcon = hcon;
    1816. 

  1816. 		work->skb = skb;
    1817. 

  1817. 		if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
    1818. 

  1818. 			hci_conn_put(hcon);
    1819. 

  1819. 			kfree(work);
    1820. 

  1820. 		}
    1821. 

  1821. 	}
    1822. 

  1822. }
    1823. 

  1823. 

  1824. /* L2CAP Physical Link interface */
    1825. 

  1825. 

  1826. void amp_create_physical(struct l2cap_conn *conn, struct sock *sk)
    1827. 

  1827. {
    1828. 

  1828. 	struct amp_work_create_physical *work;
    1829. 

  1829. 	BT_DBG("conn %p", conn);
    1830. 

  1830. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1831. 

  1831. 	if (work) {
    1832. 

  1832. 		INIT_WORK((struct work_struct *) work, create_physical_worker);
    1833. 

  1833. 		work->conn = conn;
    1834. 

  1834. 		work->sk = sk;
    1835. 

  1835. 		sock_hold(sk);
    1836. 

  1836. 		if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
    1837. 

  1837. 			sock_put(sk);
    1838. 

  1838. 			kfree(work);
    1839. 

  1839. 		}
    1840. 

  1840. 	}
    1841. 

  1841. }
    1842. 

  1842. 

  1843. void amp_accept_physical(struct l2cap_conn *conn, u8 id, struct sock *sk)
    1844. 

  1844. {
    1845. 

  1845. 	struct amp_work_accept_physical *work;
    1846. 

  1846. 	BT_DBG("conn %p", conn);
    1847. 

  1847. 

  1848. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1849. 

  1849. 	if (work) {
    1850. 

  1850. 		INIT_WORK((struct work_struct *) work, accept_physical_worker);
    1851. 

  1851. 		work->conn = conn;
    1852. 

  1852. 		work->sk = sk;
    1853. 

  1853. 		work->id = id;
    1854. 

  1854. 		sock_hold(sk);
    1855. 

  1855. 		if (!queue_work(amp_workqueue, (struct work_struct *) work)) {
    1856. 

  1856. 			sock_put(sk);
    1857. 

  1857. 			kfree(work);
    1858. 

  1858. 		}
    1859. 

  1859. 	}
    1860. 

  1860. }
    1861. 

  1861. 

  1862. /* HCI interface */
    1863. 

  1863. 

  1864. static void amp_cmd_cmplt_worker(struct work_struct *w)
    1865. 

  1865. {
    1866. 

  1866. 	struct amp_work_cmd_cmplt *work = (struct amp_work_cmd_cmplt *) w;
    1867. 

  1867. 	struct hci_dev *hdev = work->hdev;
    1868. 

  1868. 	u16 opcode = work->opcode;
    1869. 

  1869. 	struct sk_buff *skb = work->skb;
    1870. 

  1870. 	struct amp_ctx *ctx;
    1871. 

  1871. 

  1872. 	ctx = get_ctx_hdev(hdev, AMP_HCI_CMD_CMPLT, opcode);
    1873. 

  1873. 	if (ctx)
    1874. 

  1874. 		execute_ctx(ctx, AMP_HCI_CMD_CMPLT, skb);
    1875. 

  1875. 	kfree_skb(skb);
    1876. 

  1876. 	kfree(w);
    1877. 

  1877. }
    1878. 

  1878. 

  1879. static void amp_cmd_cmplt_evt(struct hci_dev *hdev, u16 opcode,
    1880. 

  1880. 				struct sk_buff *skb)
    1881. 

  1881. {
    1882. 

  1882. 	struct amp_work_cmd_cmplt *work;
    1883. 

  1883. 	struct sk_buff *skbc;
    1884. 

  1884. 	BT_DBG("hdev %p opcode 0x%x skb %p len %d",
    1885. 

  1885. 		hdev, opcode, skb, skb->len);
    1886. 

  1886. 	skbc = skb_clone(skb, GFP_ATOMIC);
    1887. 

  1887. 	if (!skbc)
    1888. 

  1888. 		return;
    1889. 

  1889. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1890. 

  1890. 	if (work) {
    1891. 

  1891. 		INIT_WORK((struct work_struct *) work, amp_cmd_cmplt_worker);
    1892. 

  1892. 		work->hdev = hdev;
    1893. 

  1893. 		work->opcode = opcode;
    1894. 

  1894. 		work->skb = skbc;
    1895. 

  1895. 		if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
    1896. 

  1896. 			kfree(work);
    1897. 

  1897. 	}
    1898. 

  1898. }
    1899. 

  1899. 

  1900. static void amp_cmd_status_worker(struct work_struct *w)
    1901. 

  1901. {
    1902. 

  1902. 	struct amp_work_cmd_status *work = (struct amp_work_cmd_status *) w;
    1903. 

  1903. 	struct hci_dev *hdev = work->hdev;
    1904. 

  1904. 	u16 opcode = work->opcode;
    1905. 

  1905. 	u8 status = work->status;
    1906. 

  1906. 	struct amp_ctx *ctx;
    1907. 

  1907. 

  1908. 	ctx = get_ctx_hdev(hdev, AMP_HCI_CMD_STATUS, opcode);
    1909. 

  1909. 	if (ctx)
    1910. 

  1910. 		execute_ctx(ctx, AMP_HCI_CMD_STATUS, &status);
    1911. 

  1911. 	kfree(w);
    1912. 

  1912. }
    1913. 

  1913. 

  1914. static void amp_cmd_status_evt(struct hci_dev *hdev, u16 opcode, u8 status)
    1915. 

  1915. {
    1916. 

  1916. 	struct amp_work_cmd_status *work;
    1917. 

  1917. 	BT_DBG("hdev %p opcode 0x%x status %d", hdev, opcode, status);
    1918. 

  1918. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1919. 

  1919. 	if (work) {
    1920. 

  1920. 		INIT_WORK((struct work_struct *) work, amp_cmd_status_worker);
    1921. 

  1921. 		work->hdev = hdev;
    1922. 

  1922. 		work->opcode = opcode;
    1923. 

  1923. 		work->status = status;
    1924. 

  1924. 		if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
    1925. 

  1925. 			kfree(work);
    1926. 

  1926. 	}
    1927. 

  1927. }
    1928. 

  1928. 

  1929. static void amp_event_worker(struct work_struct *w)
    1930. 

  1930. {
    1931. 

  1931. 	struct amp_work_event *work = (struct amp_work_event *) w;
    1932. 

  1932. 	struct hci_dev *hdev = work->hdev;
    1933. 

  1933. 	u8 event = work->event;
    1934. 

  1934. 	struct sk_buff *skb = work->skb;
    1935. 

  1935. 	struct amp_ctx *ctx;
    1936. 

  1936. 

  1937. 	if (event == HCI_EV_AMP_STATUS_CHANGE) {
    1938. 

  1938. 		struct hci_ev_amp_status_change *ev;
    1939. 

  1939. 		if (skb->len < sizeof(*ev))
    1940. 

  1940. 			goto amp_event_finished;
    1941. 

  1941. 		ev = (void *) skb->data;
    1942. 

  1942. 		if (ev->status != 0)
    1943. 

  1943. 			goto amp_event_finished;
    1944. 

  1944. 		if (ev->amp_status == hdev->amp_status)
    1945. 

  1945. 			goto amp_event_finished;
    1946. 

  1946. 		hdev->amp_status = ev->amp_status;
    1947. 

  1947. 		send_a2mp_change_notify();
    1948. 

  1948. 		goto amp_event_finished;
    1949. 

  1949. 	}
    1950. 

  1950. 	ctx = get_ctx_hdev(hdev, AMP_HCI_EVENT, (u16) event);
    1951. 

  1951. 	if (ctx)
    1952. 

  1952. 		execute_ctx(ctx, AMP_HCI_EVENT, skb);
    1953. 

  1953. 

  1954. amp_event_finished:
    1955. 

  1955. 	kfree_skb(skb);
    1956. 

  1956. 	kfree(w);
    1957. 

  1957. }
    1958. 

  1958. 

  1959. static void amp_evt(struct hci_dev *hdev, u8 event, struct sk_buff *skb)
    1960. 

  1960. {
    1961. 

  1961. 	struct amp_work_event *work;
    1962. 

  1962. 	struct sk_buff *skbc;
    1963. 

  1963. 	BT_DBG("hdev %p event 0x%x skb %p", hdev, event, skb);
    1964. 

  1964. 	skbc = skb_clone(skb, GFP_ATOMIC);
    1965. 

  1965. 	if (!skbc)
    1966. 

  1966. 		return;
    1967. 

  1967. 	work = kmalloc(sizeof(*work), GFP_ATOMIC);
    1968. 

  1968. 	if (work) {
    1969. 

  1969. 		INIT_WORK((struct work_struct *) work, amp_event_worker);
    1970. 

  1970. 		work->hdev = hdev;
    1971. 

  1971. 		work->event = event;
    1972. 

  1972. 		work->skb = skbc;
    1973. 

  1973. 		if (queue_work(amp_workqueue, (struct work_struct *) work) == 0)
    1974. 

  1974. 			kfree(work);
    1975. 

  1975. 	}
    1976. 

  1976. }
    1977. 

  1977. 

  1978. static void amp_dev_event_worker(struct work_struct *w)
    1979. 

  1979. {
    1980. 

  1980. 	send_a2mp_change_notify();
    1981. 

  1981. 	kfree(w);
    1982. 

  1982. }
    1983. 

  1983. 

  1984. static int amp_dev_event(struct notifier_block *this, unsigned long event,
    1985. 

  1985. 			void *ptr)
    1986. 

  1986. {
    1987. 

  1987. 	struct hci_dev *hdev = (struct hci_dev *) ptr;
    1988. 

  1988. 	struct amp_work_event *work;
    1989. 

  1989. 

  1990. 	if (hdev->amp_type == HCI_BREDR)
    1991. 

  1991. 		return NOTIFY_DONE;
    1992. 

  1992. 

  1993. 	switch (event) {
    1994. 

  1994. 	case HCI_DEV_UNREG:
    1995. 

  1995. 	case HCI_DEV_REG:
    1996. 

  1996. 	case HCI_DEV_UP:
    1997. 

  1997. 	case HCI_DEV_DOWN:
    1998. 

  1998. 		BT_DBG("hdev %p event %ld", hdev, event);
    1999. 

  1999. 		work = kmalloc(sizeof(*work), GFP_ATOMIC);
    2000. 

  2000. 		if (work) {
    2001. 

  2001. 			INIT_WORK((struct work_struct *) work,
    2002. 

  2002. 				amp_dev_event_worker);
    2003. 

  2003. 			if (queue_work(amp_workqueue,
    2004. 

  2004. 				(struct work_struct *) work) == 0)
    2005. 

  2005. 				kfree(work);
    2006. 

  2006. 		}
    2007. 

  2007. 	}
    2008. 

  2008. 	return NOTIFY_DONE;
    2009. 

  2009. }
    2010. 

  2010. 

  2011. 

  2012. /* L2CAP module init continued */
    2013. 

  2013. 

  2014. static struct notifier_block amp_notifier = {
    2015. 

  2015. 	.notifier_call = amp_dev_event
    2016. 

  2016. };
    2017. 

  2017. 

  2018. static struct amp_mgr_cb hci_amp = {
    2019. 

  2019. 	.amp_cmd_complete_event = amp_cmd_cmplt_evt,
    2020. 

  2020. 	.amp_cmd_status_event = amp_cmd_status_evt,
    2021. 

  2021. 	.amp_event = amp_evt
    2022. 

  2022. };
    2023. 

  2023. 

  2024. int amp_init(void)
    2025. 

  2025. {
    2026. 

  2026. 	hci_register_amp(&hci_amp);
    2027. 

  2027. 	hci_register_notifier(&amp_notifier);
    2028. 

  2028. 	amp_next_handle = 1;
    2029. 

  2029. 	amp_workqueue = create_singlethread_workqueue("a2mp");
    2030. 

  2030. 	if (!amp_workqueue)
    2031. 

  2031. 		return -EPERM;
    2032. 

  2032. 	return 0;
    2033. 

  2033. }
    2034. 

  2034. 

  2035. void amp_exit(void)
    2036. 

  2036. {
    2037. 

  2037. 	hci_unregister_amp(&hci_amp);
    2038. 

  2038. 	hci_unregister_notifier(&amp_notifier);
    2039. 

  2039. 	flush_workqueue(amp_workqueue);
    2040. 

  2040. 	destroy_workqueue(amp_workqueue);
    2041. 

  2041. }
    2042. 

  2042.