xref: /openbmc/linux/net/bluetooth/6lowpan.c (revision 2c684d89)
1 /*
2    Copyright (c) 2013-2014 Intel Corp.
3 
4    This program is free software; you can redistribute it and/or modify
5    it under the terms of the GNU General Public License version 2 and
6    only version 2 as published by the Free Software Foundation.
7 
8    This program is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11    GNU General Public License for more details.
12 */
13 
14 #include <linux/if_arp.h>
15 #include <linux/netdevice.h>
16 #include <linux/etherdevice.h>
17 #include <linux/module.h>
18 #include <linux/debugfs.h>
19 
20 #include <net/ipv6.h>
21 #include <net/ip6_route.h>
22 #include <net/addrconf.h>
23 
24 #include <net/bluetooth/bluetooth.h>
25 #include <net/bluetooth/hci_core.h>
26 #include <net/bluetooth/l2cap.h>
27 
28 #include <net/6lowpan.h> /* for the compression support */
29 
30 #define VERSION "0.1"
31 
32 static struct dentry *lowpan_enable_debugfs;
33 static struct dentry *lowpan_control_debugfs;
34 
35 #define IFACE_NAME_TEMPLATE "bt%d"
36 
37 struct skb_cb {
38 	struct in6_addr addr;
39 	struct in6_addr gw;
40 	struct l2cap_chan *chan;
41 	int status;
42 };
43 #define lowpan_cb(skb) ((struct skb_cb *)((skb)->cb))
44 
45 /* The devices list contains those devices that we are acting
46  * as a proxy. The BT 6LoWPAN device is a virtual device that
47  * connects to the Bluetooth LE device. The real connection to
48  * BT device is done via l2cap layer. There exists one
49  * virtual device / one BT 6LoWPAN network (=hciX device).
50  * The list contains struct lowpan_dev elements.
51  */
52 static LIST_HEAD(bt_6lowpan_devices);
53 static DEFINE_SPINLOCK(devices_lock);
54 
55 static bool enable_6lowpan;
56 
57 /* We are listening incoming connections via this channel
58  */
59 static struct l2cap_chan *listen_chan;
60 
61 struct lowpan_peer {
62 	struct list_head list;
63 	struct rcu_head rcu;
64 	struct l2cap_chan *chan;
65 
66 	/* peer addresses in various formats */
67 	unsigned char eui64_addr[EUI64_ADDR_LEN];
68 	struct in6_addr peer_addr;
69 };
70 
71 struct lowpan_dev {
72 	struct list_head list;
73 
74 	struct hci_dev *hdev;
75 	struct net_device *netdev;
76 	struct list_head peers;
77 	atomic_t peer_count; /* number of items in peers list */
78 
79 	struct work_struct delete_netdev;
80 	struct delayed_work notify_peers;
81 };
82 
83 static inline struct lowpan_dev *lowpan_dev(const struct net_device *netdev)
84 {
85 	return (struct lowpan_dev *)lowpan_priv(netdev)->priv;
86 }
87 
88 static inline void peer_add(struct lowpan_dev *dev, struct lowpan_peer *peer)
89 {
90 	list_add_rcu(&peer->list, &dev->peers);
91 	atomic_inc(&dev->peer_count);
92 }
93 
94 static inline bool peer_del(struct lowpan_dev *dev, struct lowpan_peer *peer)
95 {
96 	list_del_rcu(&peer->list);
97 	kfree_rcu(peer, rcu);
98 
99 	module_put(THIS_MODULE);
100 
101 	if (atomic_dec_and_test(&dev->peer_count)) {
102 		BT_DBG("last peer");
103 		return true;
104 	}
105 
106 	return false;
107 }
108 
109 static inline struct lowpan_peer *peer_lookup_ba(struct lowpan_dev *dev,
110 						 bdaddr_t *ba, __u8 type)
111 {
112 	struct lowpan_peer *peer;
113 
114 	BT_DBG("peers %d addr %pMR type %d", atomic_read(&dev->peer_count),
115 	       ba, type);
116 
117 	rcu_read_lock();
118 
119 	list_for_each_entry_rcu(peer, &dev->peers, list) {
120 		BT_DBG("dst addr %pMR dst type %d",
121 		       &peer->chan->dst, peer->chan->dst_type);
122 
123 		if (bacmp(&peer->chan->dst, ba))
124 			continue;
125 
126 		if (type == peer->chan->dst_type) {
127 			rcu_read_unlock();
128 			return peer;
129 		}
130 	}
131 
132 	rcu_read_unlock();
133 
134 	return NULL;
135 }
136 
137 static inline struct lowpan_peer *__peer_lookup_chan(struct lowpan_dev *dev,
138 						     struct l2cap_chan *chan)
139 {
140 	struct lowpan_peer *peer;
141 
142 	list_for_each_entry_rcu(peer, &dev->peers, list) {
143 		if (peer->chan == chan)
144 			return peer;
145 	}
146 
147 	return NULL;
148 }
149 
150 static inline struct lowpan_peer *__peer_lookup_conn(struct lowpan_dev *dev,
151 						     struct l2cap_conn *conn)
152 {
153 	struct lowpan_peer *peer;
154 
155 	list_for_each_entry_rcu(peer, &dev->peers, list) {
156 		if (peer->chan->conn == conn)
157 			return peer;
158 	}
159 
160 	return NULL;
161 }
162 
163 static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_dev *dev,
164 						  struct in6_addr *daddr,
165 						  struct sk_buff *skb)
166 {
167 	struct lowpan_peer *peer;
168 	struct in6_addr *nexthop;
169 	struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
170 	int count = atomic_read(&dev->peer_count);
171 
172 	BT_DBG("peers %d addr %pI6c rt %p", count, daddr, rt);
173 
174 	/* If we have multiple 6lowpan peers, then check where we should
175 	 * send the packet. If only one peer exists, then we can send the
176 	 * packet right away.
177 	 */
178 	if (count == 1) {
179 		rcu_read_lock();
180 		peer = list_first_or_null_rcu(&dev->peers, struct lowpan_peer,
181 					      list);
182 		rcu_read_unlock();
183 		return peer;
184 	}
185 
186 	if (!rt) {
187 		nexthop = &lowpan_cb(skb)->gw;
188 
189 		if (ipv6_addr_any(nexthop))
190 			return NULL;
191 	} else {
192 		nexthop = rt6_nexthop(rt, daddr);
193 
194 		/* We need to remember the address because it is needed
195 		 * by bt_xmit() when sending the packet. In bt_xmit(), the
196 		 * destination routing info is not set.
197 		 */
198 		memcpy(&lowpan_cb(skb)->gw, nexthop, sizeof(struct in6_addr));
199 	}
200 
201 	BT_DBG("gw %pI6c", nexthop);
202 
203 	rcu_read_lock();
204 
205 	list_for_each_entry_rcu(peer, &dev->peers, list) {
206 		BT_DBG("dst addr %pMR dst type %d ip %pI6c",
207 		       &peer->chan->dst, peer->chan->dst_type,
208 		       &peer->peer_addr);
209 
210 		if (!ipv6_addr_cmp(&peer->peer_addr, nexthop)) {
211 			rcu_read_unlock();
212 			return peer;
213 		}
214 	}
215 
216 	rcu_read_unlock();
217 
218 	return NULL;
219 }
220 
221 static struct lowpan_peer *lookup_peer(struct l2cap_conn *conn)
222 {
223 	struct lowpan_dev *entry;
224 	struct lowpan_peer *peer = NULL;
225 
226 	rcu_read_lock();
227 
228 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
229 		peer = __peer_lookup_conn(entry, conn);
230 		if (peer)
231 			break;
232 	}
233 
234 	rcu_read_unlock();
235 
236 	return peer;
237 }
238 
239 static struct lowpan_dev *lookup_dev(struct l2cap_conn *conn)
240 {
241 	struct lowpan_dev *entry;
242 	struct lowpan_dev *dev = NULL;
243 
244 	rcu_read_lock();
245 
246 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
247 		if (conn->hcon->hdev == entry->hdev) {
248 			dev = entry;
249 			break;
250 		}
251 	}
252 
253 	rcu_read_unlock();
254 
255 	return dev;
256 }
257 
258 static int give_skb_to_upper(struct sk_buff *skb, struct net_device *dev)
259 {
260 	struct sk_buff *skb_cp;
261 
262 	skb_cp = skb_copy(skb, GFP_ATOMIC);
263 	if (!skb_cp)
264 		return NET_RX_DROP;
265 
266 	return netif_rx_ni(skb_cp);
267 }
268 
269 static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev,
270 			   struct l2cap_chan *chan)
271 {
272 	const u8 *saddr, *daddr;
273 	struct lowpan_dev *dev;
274 	struct lowpan_peer *peer;
275 
276 	dev = lowpan_dev(netdev);
277 
278 	rcu_read_lock();
279 	peer = __peer_lookup_chan(dev, chan);
280 	rcu_read_unlock();
281 	if (!peer)
282 		return -EINVAL;
283 
284 	saddr = peer->eui64_addr;
285 	daddr = dev->netdev->dev_addr;
286 
287 	return lowpan_header_decompress(skb, netdev, daddr, saddr);
288 }
289 
290 static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
291 		    struct l2cap_chan *chan)
292 {
293 	struct sk_buff *local_skb;
294 	int ret;
295 
296 	if (!netif_running(dev))
297 		goto drop;
298 
299 	if (dev->type != ARPHRD_6LOWPAN || !skb->len)
300 		goto drop;
301 
302 	skb_reset_network_header(skb);
303 
304 	skb = skb_share_check(skb, GFP_ATOMIC);
305 	if (!skb)
306 		goto drop;
307 
308 	/* check that it's our buffer */
309 	if (lowpan_is_ipv6(*skb_network_header(skb))) {
310 		/* Copy the packet so that the IPv6 header is
311 		 * properly aligned.
312 		 */
313 		local_skb = skb_copy_expand(skb, NET_SKB_PAD - 1,
314 					    skb_tailroom(skb), GFP_ATOMIC);
315 		if (!local_skb)
316 			goto drop;
317 
318 		local_skb->protocol = htons(ETH_P_IPV6);
319 		local_skb->pkt_type = PACKET_HOST;
320 
321 		skb_set_transport_header(local_skb, sizeof(struct ipv6hdr));
322 
323 		if (give_skb_to_upper(local_skb, dev) != NET_RX_SUCCESS) {
324 			kfree_skb(local_skb);
325 			goto drop;
326 		}
327 
328 		dev->stats.rx_bytes += skb->len;
329 		dev->stats.rx_packets++;
330 
331 		consume_skb(local_skb);
332 		consume_skb(skb);
333 	} else if (lowpan_is_iphc(*skb_network_header(skb))) {
334 		local_skb = skb_clone(skb, GFP_ATOMIC);
335 		if (!local_skb)
336 			goto drop;
337 
338 		ret = iphc_decompress(local_skb, dev, chan);
339 		if (ret < 0) {
340 			kfree_skb(local_skb);
341 			goto drop;
342 		}
343 
344 		local_skb->protocol = htons(ETH_P_IPV6);
345 		local_skb->pkt_type = PACKET_HOST;
346 		local_skb->dev = dev;
347 
348 		if (give_skb_to_upper(local_skb, dev)
349 				!= NET_RX_SUCCESS) {
350 			kfree_skb(local_skb);
351 			goto drop;
352 		}
353 
354 		dev->stats.rx_bytes += skb->len;
355 		dev->stats.rx_packets++;
356 
357 		consume_skb(local_skb);
358 		consume_skb(skb);
359 	} else {
360 		goto drop;
361 	}
362 
363 	return NET_RX_SUCCESS;
364 
365 drop:
366 	dev->stats.rx_dropped++;
367 	return NET_RX_DROP;
368 }
369 
370 /* Packet from BT LE device */
371 static int chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
372 {
373 	struct lowpan_dev *dev;
374 	struct lowpan_peer *peer;
375 	int err;
376 
377 	peer = lookup_peer(chan->conn);
378 	if (!peer)
379 		return -ENOENT;
380 
381 	dev = lookup_dev(chan->conn);
382 	if (!dev || !dev->netdev)
383 		return -ENOENT;
384 
385 	err = recv_pkt(skb, dev->netdev, chan);
386 	if (err) {
387 		BT_DBG("recv pkt %d", err);
388 		err = -EAGAIN;
389 	}
390 
391 	return err;
392 }
393 
394 static u8 get_addr_type_from_eui64(u8 byte)
395 {
396 	/* Is universal(0) or local(1) bit */
397 	return ((byte & 0x02) ? BDADDR_LE_RANDOM : BDADDR_LE_PUBLIC);
398 }
399 
400 static void copy_to_bdaddr(struct in6_addr *ip6_daddr, bdaddr_t *addr)
401 {
402 	u8 *eui64 = ip6_daddr->s6_addr + 8;
403 
404 	addr->b[0] = eui64[7];
405 	addr->b[1] = eui64[6];
406 	addr->b[2] = eui64[5];
407 	addr->b[3] = eui64[2];
408 	addr->b[4] = eui64[1];
409 	addr->b[5] = eui64[0];
410 }
411 
412 static void convert_dest_bdaddr(struct in6_addr *ip6_daddr,
413 				bdaddr_t *addr, u8 *addr_type)
414 {
415 	copy_to_bdaddr(ip6_daddr, addr);
416 
417 	/* We need to toggle the U/L bit that we got from IPv6 address
418 	 * so that we get the proper address and type of the BD address.
419 	 */
420 	addr->b[5] ^= 0x02;
421 
422 	*addr_type = get_addr_type_from_eui64(addr->b[5]);
423 }
424 
425 static int setup_header(struct sk_buff *skb, struct net_device *netdev,
426 			bdaddr_t *peer_addr, u8 *peer_addr_type)
427 {
428 	struct in6_addr ipv6_daddr;
429 	struct lowpan_dev *dev;
430 	struct lowpan_peer *peer;
431 	bdaddr_t addr, *any = BDADDR_ANY;
432 	u8 *daddr = any->b;
433 	int err, status = 0;
434 
435 	dev = lowpan_dev(netdev);
436 
437 	memcpy(&ipv6_daddr, &lowpan_cb(skb)->addr, sizeof(ipv6_daddr));
438 
439 	if (ipv6_addr_is_multicast(&ipv6_daddr)) {
440 		lowpan_cb(skb)->chan = NULL;
441 	} else {
442 		u8 addr_type;
443 
444 		/* Get destination BT device from skb.
445 		 * If there is no such peer then discard the packet.
446 		 */
447 		convert_dest_bdaddr(&ipv6_daddr, &addr, &addr_type);
448 
449 		BT_DBG("dest addr %pMR type %d IP %pI6c", &addr,
450 		       addr_type, &ipv6_daddr);
451 
452 		peer = peer_lookup_ba(dev, &addr, addr_type);
453 		if (!peer) {
454 			/* The packet might be sent to 6lowpan interface
455 			 * because of routing (either via default route
456 			 * or user set route) so get peer according to
457 			 * the destination address.
458 			 */
459 			peer = peer_lookup_dst(dev, &ipv6_daddr, skb);
460 			if (!peer) {
461 				BT_DBG("no such peer %pMR found", &addr);
462 				return -ENOENT;
463 			}
464 		}
465 
466 		daddr = peer->eui64_addr;
467 		*peer_addr = addr;
468 		*peer_addr_type = addr_type;
469 		lowpan_cb(skb)->chan = peer->chan;
470 
471 		status = 1;
472 	}
473 
474 	lowpan_header_compress(skb, netdev, daddr, dev->netdev->dev_addr);
475 
476 	err = dev_hard_header(skb, netdev, ETH_P_IPV6, NULL, NULL, 0);
477 	if (err < 0)
478 		return err;
479 
480 	return status;
481 }
482 
483 static int header_create(struct sk_buff *skb, struct net_device *netdev,
484 			 unsigned short type, const void *_daddr,
485 			 const void *_saddr, unsigned int len)
486 {
487 	struct ipv6hdr *hdr;
488 
489 	if (type != ETH_P_IPV6)
490 		return -EINVAL;
491 
492 	hdr = ipv6_hdr(skb);
493 
494 	memcpy(&lowpan_cb(skb)->addr, &hdr->daddr, sizeof(struct in6_addr));
495 
496 	return 0;
497 }
498 
499 /* Packet to BT LE device */
500 static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb,
501 		    struct net_device *netdev)
502 {
503 	struct msghdr msg;
504 	struct kvec iv;
505 	int err;
506 
507 	/* Remember the skb so that we can send EAGAIN to the caller if
508 	 * we run out of credits.
509 	 */
510 	chan->data = skb;
511 
512 	iv.iov_base = skb->data;
513 	iv.iov_len = skb->len;
514 
515 	memset(&msg, 0, sizeof(msg));
516 	iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, &iv, 1, skb->len);
517 
518 	err = l2cap_chan_send(chan, &msg, skb->len);
519 	if (err > 0) {
520 		netdev->stats.tx_bytes += err;
521 		netdev->stats.tx_packets++;
522 		return 0;
523 	}
524 
525 	if (!err)
526 		err = lowpan_cb(skb)->status;
527 
528 	if (err < 0) {
529 		if (err == -EAGAIN)
530 			netdev->stats.tx_dropped++;
531 		else
532 			netdev->stats.tx_errors++;
533 	}
534 
535 	return err;
536 }
537 
538 static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
539 {
540 	struct sk_buff *local_skb;
541 	struct lowpan_dev *entry;
542 	int err = 0;
543 
544 	rcu_read_lock();
545 
546 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
547 		struct lowpan_peer *pentry;
548 		struct lowpan_dev *dev;
549 
550 		if (entry->netdev != netdev)
551 			continue;
552 
553 		dev = lowpan_dev(entry->netdev);
554 
555 		list_for_each_entry_rcu(pentry, &dev->peers, list) {
556 			int ret;
557 
558 			local_skb = skb_clone(skb, GFP_ATOMIC);
559 
560 			BT_DBG("xmit %s to %pMR type %d IP %pI6c chan %p",
561 			       netdev->name,
562 			       &pentry->chan->dst, pentry->chan->dst_type,
563 			       &pentry->peer_addr, pentry->chan);
564 			ret = send_pkt(pentry->chan, local_skb, netdev);
565 			if (ret < 0)
566 				err = ret;
567 
568 			kfree_skb(local_skb);
569 		}
570 	}
571 
572 	rcu_read_unlock();
573 
574 	return err;
575 }
576 
577 static netdev_tx_t bt_xmit(struct sk_buff *skb, struct net_device *netdev)
578 {
579 	int err = 0;
580 	bdaddr_t addr;
581 	u8 addr_type;
582 
583 	/* We must take a copy of the skb before we modify/replace the ipv6
584 	 * header as the header could be used elsewhere
585 	 */
586 	skb = skb_unshare(skb, GFP_ATOMIC);
587 	if (!skb)
588 		return NET_XMIT_DROP;
589 
590 	/* Return values from setup_header()
591 	 *  <0 - error, packet is dropped
592 	 *   0 - this is a multicast packet
593 	 *   1 - this is unicast packet
594 	 */
595 	err = setup_header(skb, netdev, &addr, &addr_type);
596 	if (err < 0) {
597 		kfree_skb(skb);
598 		return NET_XMIT_DROP;
599 	}
600 
601 	if (err) {
602 		if (lowpan_cb(skb)->chan) {
603 			BT_DBG("xmit %s to %pMR type %d IP %pI6c chan %p",
604 			       netdev->name, &addr, addr_type,
605 			       &lowpan_cb(skb)->addr, lowpan_cb(skb)->chan);
606 			err = send_pkt(lowpan_cb(skb)->chan, skb, netdev);
607 		} else {
608 			err = -ENOENT;
609 		}
610 	} else {
611 		/* We need to send the packet to every device behind this
612 		 * interface.
613 		 */
614 		err = send_mcast_pkt(skb, netdev);
615 	}
616 
617 	dev_kfree_skb(skb);
618 
619 	if (err)
620 		BT_DBG("ERROR: xmit failed (%d)", err);
621 
622 	return err < 0 ? NET_XMIT_DROP : err;
623 }
624 
625 static struct lock_class_key bt_tx_busylock;
626 static struct lock_class_key bt_netdev_xmit_lock_key;
627 
628 static void bt_set_lockdep_class_one(struct net_device *dev,
629 				     struct netdev_queue *txq,
630 				     void *_unused)
631 {
632 	lockdep_set_class(&txq->_xmit_lock, &bt_netdev_xmit_lock_key);
633 }
634 
635 static int bt_dev_init(struct net_device *dev)
636 {
637 	netdev_for_each_tx_queue(dev, bt_set_lockdep_class_one, NULL);
638 	dev->qdisc_tx_busylock = &bt_tx_busylock;
639 
640 	return 0;
641 }
642 
643 static const struct net_device_ops netdev_ops = {
644 	.ndo_init		= bt_dev_init,
645 	.ndo_start_xmit		= bt_xmit,
646 };
647 
648 static struct header_ops header_ops = {
649 	.create	= header_create,
650 };
651 
652 static void netdev_setup(struct net_device *dev)
653 {
654 	dev->hard_header_len	= 0;
655 	dev->needed_tailroom	= 0;
656 	dev->flags		= IFF_RUNNING | IFF_POINTOPOINT |
657 				  IFF_MULTICAST;
658 	dev->watchdog_timeo	= 0;
659 
660 	dev->netdev_ops		= &netdev_ops;
661 	dev->header_ops		= &header_ops;
662 	dev->destructor		= free_netdev;
663 }
664 
665 static struct device_type bt_type = {
666 	.name	= "bluetooth",
667 };
668 
669 static void set_addr(u8 *eui, u8 *addr, u8 addr_type)
670 {
671 	/* addr is the BT address in little-endian format */
672 	eui[0] = addr[5];
673 	eui[1] = addr[4];
674 	eui[2] = addr[3];
675 	eui[3] = 0xFF;
676 	eui[4] = 0xFE;
677 	eui[5] = addr[2];
678 	eui[6] = addr[1];
679 	eui[7] = addr[0];
680 
681 	/* Universal/local bit set, BT 6lowpan draft ch. 3.2.1 */
682 	if (addr_type == BDADDR_LE_PUBLIC)
683 		eui[0] &= ~0x02;
684 	else
685 		eui[0] |= 0x02;
686 
687 	BT_DBG("type %d addr %*phC", addr_type, 8, eui);
688 }
689 
690 static void set_dev_addr(struct net_device *netdev, bdaddr_t *addr,
691 		         u8 addr_type)
692 {
693 	netdev->addr_assign_type = NET_ADDR_PERM;
694 	set_addr(netdev->dev_addr, addr->b, addr_type);
695 }
696 
697 static void ifup(struct net_device *netdev)
698 {
699 	int err;
700 
701 	rtnl_lock();
702 	err = dev_open(netdev);
703 	if (err < 0)
704 		BT_INFO("iface %s cannot be opened (%d)", netdev->name, err);
705 	rtnl_unlock();
706 }
707 
708 static void ifdown(struct net_device *netdev)
709 {
710 	int err;
711 
712 	rtnl_lock();
713 	err = dev_close(netdev);
714 	if (err < 0)
715 		BT_INFO("iface %s cannot be closed (%d)", netdev->name, err);
716 	rtnl_unlock();
717 }
718 
719 static void do_notify_peers(struct work_struct *work)
720 {
721 	struct lowpan_dev *dev = container_of(work, struct lowpan_dev,
722 					      notify_peers.work);
723 
724 	netdev_notify_peers(dev->netdev); /* send neighbour adv at startup */
725 }
726 
727 static bool is_bt_6lowpan(struct hci_conn *hcon)
728 {
729 	if (hcon->type != LE_LINK)
730 		return false;
731 
732 	if (!enable_6lowpan)
733 		return false;
734 
735 	return true;
736 }
737 
738 static struct l2cap_chan *chan_create(void)
739 {
740 	struct l2cap_chan *chan;
741 
742 	chan = l2cap_chan_create();
743 	if (!chan)
744 		return NULL;
745 
746 	l2cap_chan_set_defaults(chan);
747 
748 	chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
749 	chan->mode = L2CAP_MODE_LE_FLOWCTL;
750 	chan->imtu = 1280;
751 
752 	return chan;
753 }
754 
755 static void set_ip_addr_bits(u8 addr_type, u8 *addr)
756 {
757 	if (addr_type == BDADDR_LE_PUBLIC)
758 		*addr |= 0x02;
759 	else
760 		*addr &= ~0x02;
761 }
762 
763 static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
764 					struct lowpan_dev *dev)
765 {
766 	struct lowpan_peer *peer;
767 
768 	peer = kzalloc(sizeof(*peer), GFP_ATOMIC);
769 	if (!peer)
770 		return NULL;
771 
772 	peer->chan = chan;
773 	memset(&peer->peer_addr, 0, sizeof(struct in6_addr));
774 
775 	/* RFC 2464 ch. 5 */
776 	peer->peer_addr.s6_addr[0] = 0xFE;
777 	peer->peer_addr.s6_addr[1] = 0x80;
778 	set_addr((u8 *)&peer->peer_addr.s6_addr + 8, chan->dst.b,
779 		 chan->dst_type);
780 
781 	memcpy(&peer->eui64_addr, (u8 *)&peer->peer_addr.s6_addr + 8,
782 	       EUI64_ADDR_LEN);
783 
784 	/* IPv6 address needs to have the U/L bit set properly so toggle
785 	 * it back here.
786 	 */
787 	set_ip_addr_bits(chan->dst_type, (u8 *)&peer->peer_addr.s6_addr + 8);
788 
789 	spin_lock(&devices_lock);
790 	INIT_LIST_HEAD(&peer->list);
791 	peer_add(dev, peer);
792 	spin_unlock(&devices_lock);
793 
794 	/* Notifying peers about us needs to be done without locks held */
795 	INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers);
796 	schedule_delayed_work(&dev->notify_peers, msecs_to_jiffies(100));
797 
798 	return peer->chan;
799 }
800 
801 static int setup_netdev(struct l2cap_chan *chan, struct lowpan_dev **dev)
802 {
803 	struct net_device *netdev;
804 	int err = 0;
805 
806 	netdev = alloc_netdev(LOWPAN_PRIV_SIZE(sizeof(struct lowpan_dev)),
807 			      IFACE_NAME_TEMPLATE, NET_NAME_UNKNOWN,
808 			      netdev_setup);
809 	if (!netdev)
810 		return -ENOMEM;
811 
812 	set_dev_addr(netdev, &chan->src, chan->src_type);
813 
814 	netdev->netdev_ops = &netdev_ops;
815 	SET_NETDEV_DEV(netdev, &chan->conn->hcon->hdev->dev);
816 	SET_NETDEV_DEVTYPE(netdev, &bt_type);
817 
818 	*dev = lowpan_dev(netdev);
819 	(*dev)->netdev = netdev;
820 	(*dev)->hdev = chan->conn->hcon->hdev;
821 	INIT_LIST_HEAD(&(*dev)->peers);
822 
823 	spin_lock(&devices_lock);
824 	INIT_LIST_HEAD(&(*dev)->list);
825 	list_add_rcu(&(*dev)->list, &bt_6lowpan_devices);
826 	spin_unlock(&devices_lock);
827 
828 	lowpan_netdev_setup(netdev, LOWPAN_LLTYPE_BTLE);
829 
830 	err = register_netdev(netdev);
831 	if (err < 0) {
832 		BT_INFO("register_netdev failed %d", err);
833 		spin_lock(&devices_lock);
834 		list_del_rcu(&(*dev)->list);
835 		spin_unlock(&devices_lock);
836 		free_netdev(netdev);
837 		goto out;
838 	}
839 
840 	BT_DBG("ifindex %d peer bdaddr %pMR type %d my addr %pMR type %d",
841 	       netdev->ifindex, &chan->dst, chan->dst_type,
842 	       &chan->src, chan->src_type);
843 	set_bit(__LINK_STATE_PRESENT, &netdev->state);
844 
845 	return 0;
846 
847 out:
848 	return err;
849 }
850 
851 static inline void chan_ready_cb(struct l2cap_chan *chan)
852 {
853 	struct lowpan_dev *dev;
854 
855 	dev = lookup_dev(chan->conn);
856 
857 	BT_DBG("chan %p conn %p dev %p", chan, chan->conn, dev);
858 
859 	if (!dev) {
860 		if (setup_netdev(chan, &dev) < 0) {
861 			l2cap_chan_del(chan, -ENOENT);
862 			return;
863 		}
864 	}
865 
866 	if (!try_module_get(THIS_MODULE))
867 		return;
868 
869 	add_peer_chan(chan, dev);
870 	ifup(dev->netdev);
871 }
872 
873 static inline struct l2cap_chan *chan_new_conn_cb(struct l2cap_chan *pchan)
874 {
875 	struct l2cap_chan *chan;
876 
877 	chan = chan_create();
878 	if (!chan)
879 		return NULL;
880 
881 	chan->ops = pchan->ops;
882 
883 	BT_DBG("chan %p pchan %p", chan, pchan);
884 
885 	return chan;
886 }
887 
888 static void delete_netdev(struct work_struct *work)
889 {
890 	struct lowpan_dev *entry = container_of(work, struct lowpan_dev,
891 						delete_netdev);
892 
893 	unregister_netdev(entry->netdev);
894 
895 	/* The entry pointer is deleted by the netdev destructor. */
896 }
897 
898 static void chan_close_cb(struct l2cap_chan *chan)
899 {
900 	struct lowpan_dev *entry;
901 	struct lowpan_dev *dev = NULL;
902 	struct lowpan_peer *peer;
903 	int err = -ENOENT;
904 	bool last = false, remove = true;
905 
906 	BT_DBG("chan %p conn %p", chan, chan->conn);
907 
908 	if (chan->conn && chan->conn->hcon) {
909 		if (!is_bt_6lowpan(chan->conn->hcon))
910 			return;
911 
912 		/* If conn is set, then the netdev is also there and we should
913 		 * not remove it.
914 		 */
915 		remove = false;
916 	}
917 
918 	spin_lock(&devices_lock);
919 
920 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
921 		dev = lowpan_dev(entry->netdev);
922 		peer = __peer_lookup_chan(dev, chan);
923 		if (peer) {
924 			last = peer_del(dev, peer);
925 			err = 0;
926 
927 			BT_DBG("dev %p removing %speer %p", dev,
928 			       last ? "last " : "1 ", peer);
929 			BT_DBG("chan %p orig refcnt %d", chan,
930 			       atomic_read(&chan->kref.refcount));
931 
932 			l2cap_chan_put(chan);
933 			break;
934 		}
935 	}
936 
937 	if (!err && last && dev && !atomic_read(&dev->peer_count)) {
938 		spin_unlock(&devices_lock);
939 
940 		cancel_delayed_work_sync(&dev->notify_peers);
941 
942 		ifdown(dev->netdev);
943 
944 		if (remove) {
945 			INIT_WORK(&entry->delete_netdev, delete_netdev);
946 			schedule_work(&entry->delete_netdev);
947 		}
948 	} else {
949 		spin_unlock(&devices_lock);
950 	}
951 
952 	return;
953 }
954 
955 static void chan_state_change_cb(struct l2cap_chan *chan, int state, int err)
956 {
957 	BT_DBG("chan %p conn %p state %s err %d", chan, chan->conn,
958 	       state_to_string(state), err);
959 }
960 
961 static struct sk_buff *chan_alloc_skb_cb(struct l2cap_chan *chan,
962 					 unsigned long hdr_len,
963 					 unsigned long len, int nb)
964 {
965 	/* Note that we must allocate using GFP_ATOMIC here as
966 	 * this function is called originally from netdev hard xmit
967 	 * function in atomic context.
968 	 */
969 	return bt_skb_alloc(hdr_len + len, GFP_ATOMIC);
970 }
971 
972 static void chan_suspend_cb(struct l2cap_chan *chan)
973 {
974 	struct sk_buff *skb = chan->data;
975 
976 	BT_DBG("chan %p conn %p skb %p", chan, chan->conn, skb);
977 
978 	if (!skb)
979 		return;
980 
981 	lowpan_cb(skb)->status = -EAGAIN;
982 }
983 
984 static void chan_resume_cb(struct l2cap_chan *chan)
985 {
986 	struct sk_buff *skb = chan->data;
987 
988 	BT_DBG("chan %p conn %p skb %p", chan, chan->conn, skb);
989 
990 	if (!skb)
991 		return;
992 
993 	lowpan_cb(skb)->status = 0;
994 }
995 
996 static long chan_get_sndtimeo_cb(struct l2cap_chan *chan)
997 {
998 	return L2CAP_CONN_TIMEOUT;
999 }
1000 
1001 static const struct l2cap_ops bt_6lowpan_chan_ops = {
1002 	.name			= "L2CAP 6LoWPAN channel",
1003 	.new_connection		= chan_new_conn_cb,
1004 	.recv			= chan_recv_cb,
1005 	.close			= chan_close_cb,
1006 	.state_change		= chan_state_change_cb,
1007 	.ready			= chan_ready_cb,
1008 	.resume			= chan_resume_cb,
1009 	.suspend		= chan_suspend_cb,
1010 	.get_sndtimeo		= chan_get_sndtimeo_cb,
1011 	.alloc_skb		= chan_alloc_skb_cb,
1012 
1013 	.teardown		= l2cap_chan_no_teardown,
1014 	.defer			= l2cap_chan_no_defer,
1015 	.set_shutdown		= l2cap_chan_no_set_shutdown,
1016 };
1017 
1018 static inline __u8 bdaddr_type(__u8 type)
1019 {
1020 	if (type == ADDR_LE_DEV_PUBLIC)
1021 		return BDADDR_LE_PUBLIC;
1022 	else
1023 		return BDADDR_LE_RANDOM;
1024 }
1025 
1026 static int bt_6lowpan_connect(bdaddr_t *addr, u8 dst_type)
1027 {
1028 	struct l2cap_chan *chan;
1029 	int err;
1030 
1031 	chan = chan_create();
1032 	if (!chan)
1033 		return -EINVAL;
1034 
1035 	chan->ops = &bt_6lowpan_chan_ops;
1036 
1037 	err = l2cap_chan_connect(chan, cpu_to_le16(L2CAP_PSM_IPSP), 0,
1038 				 addr, dst_type);
1039 
1040 	BT_DBG("chan %p err %d", chan, err);
1041 	if (err < 0)
1042 		l2cap_chan_put(chan);
1043 
1044 	return err;
1045 }
1046 
1047 static int bt_6lowpan_disconnect(struct l2cap_conn *conn, u8 dst_type)
1048 {
1049 	struct lowpan_peer *peer;
1050 
1051 	BT_DBG("conn %p dst type %d", conn, dst_type);
1052 
1053 	peer = lookup_peer(conn);
1054 	if (!peer)
1055 		return -ENOENT;
1056 
1057 	BT_DBG("peer %p chan %p", peer, peer->chan);
1058 
1059 	l2cap_chan_close(peer->chan, ENOENT);
1060 
1061 	return 0;
1062 }
1063 
1064 static struct l2cap_chan *bt_6lowpan_listen(void)
1065 {
1066 	bdaddr_t *addr = BDADDR_ANY;
1067 	struct l2cap_chan *chan;
1068 	int err;
1069 
1070 	if (!enable_6lowpan)
1071 		return NULL;
1072 
1073 	chan = chan_create();
1074 	if (!chan)
1075 		return NULL;
1076 
1077 	chan->ops = &bt_6lowpan_chan_ops;
1078 	chan->state = BT_LISTEN;
1079 	chan->src_type = BDADDR_LE_PUBLIC;
1080 
1081 	atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1082 
1083 	BT_DBG("chan %p src type %d", chan, chan->src_type);
1084 
1085 	err = l2cap_add_psm(chan, addr, cpu_to_le16(L2CAP_PSM_IPSP));
1086 	if (err) {
1087 		l2cap_chan_put(chan);
1088 		BT_ERR("psm cannot be added err %d", err);
1089 		return NULL;
1090 	}
1091 
1092 	return chan;
1093 }
1094 
1095 static int get_l2cap_conn(char *buf, bdaddr_t *addr, u8 *addr_type,
1096 			  struct l2cap_conn **conn)
1097 {
1098 	struct hci_conn *hcon;
1099 	struct hci_dev *hdev;
1100 	bdaddr_t *src = BDADDR_ANY;
1101 	int n;
1102 
1103 	n = sscanf(buf, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu",
1104 		   &addr->b[5], &addr->b[4], &addr->b[3],
1105 		   &addr->b[2], &addr->b[1], &addr->b[0],
1106 		   addr_type);
1107 
1108 	if (n < 7)
1109 		return -EINVAL;
1110 
1111 	hdev = hci_get_route(addr, src);
1112 	if (!hdev)
1113 		return -ENOENT;
1114 
1115 	hci_dev_lock(hdev);
1116 	hcon = hci_conn_hash_lookup_le(hdev, addr, *addr_type);
1117 	hci_dev_unlock(hdev);
1118 
1119 	if (!hcon)
1120 		return -ENOENT;
1121 
1122 	*conn = (struct l2cap_conn *)hcon->l2cap_data;
1123 
1124 	BT_DBG("conn %p dst %pMR type %d", *conn, &hcon->dst, hcon->dst_type);
1125 
1126 	return 0;
1127 }
1128 
1129 static void disconnect_all_peers(void)
1130 {
1131 	struct lowpan_dev *entry;
1132 	struct lowpan_peer *peer, *tmp_peer, *new_peer;
1133 	struct list_head peers;
1134 
1135 	INIT_LIST_HEAD(&peers);
1136 
1137 	/* We make a separate list of peers as the close_cb() will
1138 	 * modify the device peers list so it is better not to mess
1139 	 * with the same list at the same time.
1140 	 */
1141 
1142 	rcu_read_lock();
1143 
1144 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
1145 		list_for_each_entry_rcu(peer, &entry->peers, list) {
1146 			new_peer = kmalloc(sizeof(*new_peer), GFP_ATOMIC);
1147 			if (!new_peer)
1148 				break;
1149 
1150 			new_peer->chan = peer->chan;
1151 			INIT_LIST_HEAD(&new_peer->list);
1152 
1153 			list_add(&new_peer->list, &peers);
1154 		}
1155 	}
1156 
1157 	rcu_read_unlock();
1158 
1159 	spin_lock(&devices_lock);
1160 	list_for_each_entry_safe(peer, tmp_peer, &peers, list) {
1161 		l2cap_chan_close(peer->chan, ENOENT);
1162 
1163 		list_del_rcu(&peer->list);
1164 		kfree_rcu(peer, rcu);
1165 	}
1166 	spin_unlock(&devices_lock);
1167 }
1168 
1169 struct set_enable {
1170 	struct work_struct work;
1171 	bool flag;
1172 };
1173 
1174 static void do_enable_set(struct work_struct *work)
1175 {
1176 	struct set_enable *set_enable = container_of(work,
1177 						     struct set_enable, work);
1178 
1179 	if (!set_enable->flag || enable_6lowpan != set_enable->flag)
1180 		/* Disconnect existing connections if 6lowpan is
1181 		 * disabled
1182 		 */
1183 		disconnect_all_peers();
1184 
1185 	enable_6lowpan = set_enable->flag;
1186 
1187 	if (listen_chan) {
1188 		l2cap_chan_close(listen_chan, 0);
1189 		l2cap_chan_put(listen_chan);
1190 	}
1191 
1192 	listen_chan = bt_6lowpan_listen();
1193 
1194 	kfree(set_enable);
1195 }
1196 
1197 static int lowpan_enable_set(void *data, u64 val)
1198 {
1199 	struct set_enable *set_enable;
1200 
1201 	set_enable = kzalloc(sizeof(*set_enable), GFP_KERNEL);
1202 	if (!set_enable)
1203 		return -ENOMEM;
1204 
1205 	set_enable->flag = !!val;
1206 	INIT_WORK(&set_enable->work, do_enable_set);
1207 
1208 	schedule_work(&set_enable->work);
1209 
1210 	return 0;
1211 }
1212 
1213 static int lowpan_enable_get(void *data, u64 *val)
1214 {
1215 	*val = enable_6lowpan;
1216 	return 0;
1217 }
1218 
1219 DEFINE_SIMPLE_ATTRIBUTE(lowpan_enable_fops, lowpan_enable_get,
1220 			lowpan_enable_set, "%llu\n");
1221 
1222 static ssize_t lowpan_control_write(struct file *fp,
1223 				    const char __user *user_buffer,
1224 				    size_t count,
1225 				    loff_t *position)
1226 {
1227 	char buf[32];
1228 	size_t buf_size = min(count, sizeof(buf) - 1);
1229 	int ret;
1230 	bdaddr_t addr;
1231 	u8 addr_type;
1232 	struct l2cap_conn *conn = NULL;
1233 
1234 	if (copy_from_user(buf, user_buffer, buf_size))
1235 		return -EFAULT;
1236 
1237 	buf[buf_size] = '\0';
1238 
1239 	if (memcmp(buf, "connect ", 8) == 0) {
1240 		ret = get_l2cap_conn(&buf[8], &addr, &addr_type, &conn);
1241 		if (ret == -EINVAL)
1242 			return ret;
1243 
1244 		if (listen_chan) {
1245 			l2cap_chan_close(listen_chan, 0);
1246 			l2cap_chan_put(listen_chan);
1247 			listen_chan = NULL;
1248 		}
1249 
1250 		if (conn) {
1251 			struct lowpan_peer *peer;
1252 
1253 			if (!is_bt_6lowpan(conn->hcon))
1254 				return -EINVAL;
1255 
1256 			peer = lookup_peer(conn);
1257 			if (peer) {
1258 				BT_DBG("6LoWPAN connection already exists");
1259 				return -EALREADY;
1260 			}
1261 
1262 			BT_DBG("conn %p dst %pMR type %d user %d", conn,
1263 			       &conn->hcon->dst, conn->hcon->dst_type,
1264 			       addr_type);
1265 		}
1266 
1267 		ret = bt_6lowpan_connect(&addr, addr_type);
1268 		if (ret < 0)
1269 			return ret;
1270 
1271 		return count;
1272 	}
1273 
1274 	if (memcmp(buf, "disconnect ", 11) == 0) {
1275 		ret = get_l2cap_conn(&buf[11], &addr, &addr_type, &conn);
1276 		if (ret < 0)
1277 			return ret;
1278 
1279 		ret = bt_6lowpan_disconnect(conn, addr_type);
1280 		if (ret < 0)
1281 			return ret;
1282 
1283 		return count;
1284 	}
1285 
1286 	return count;
1287 }
1288 
1289 static int lowpan_control_show(struct seq_file *f, void *ptr)
1290 {
1291 	struct lowpan_dev *entry;
1292 	struct lowpan_peer *peer;
1293 
1294 	spin_lock(&devices_lock);
1295 
1296 	list_for_each_entry(entry, &bt_6lowpan_devices, list) {
1297 		list_for_each_entry(peer, &entry->peers, list)
1298 			seq_printf(f, "%pMR (type %u)\n",
1299 				   &peer->chan->dst, peer->chan->dst_type);
1300 	}
1301 
1302 	spin_unlock(&devices_lock);
1303 
1304 	return 0;
1305 }
1306 
1307 static int lowpan_control_open(struct inode *inode, struct file *file)
1308 {
1309 	return single_open(file, lowpan_control_show, inode->i_private);
1310 }
1311 
1312 static const struct file_operations lowpan_control_fops = {
1313 	.open		= lowpan_control_open,
1314 	.read		= seq_read,
1315 	.write		= lowpan_control_write,
1316 	.llseek		= seq_lseek,
1317 	.release	= single_release,
1318 };
1319 
1320 static void disconnect_devices(void)
1321 {
1322 	struct lowpan_dev *entry, *tmp, *new_dev;
1323 	struct list_head devices;
1324 
1325 	INIT_LIST_HEAD(&devices);
1326 
1327 	/* We make a separate list of devices because the unregister_netdev()
1328 	 * will call device_event() which will also want to modify the same
1329 	 * devices list.
1330 	 */
1331 
1332 	rcu_read_lock();
1333 
1334 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
1335 		new_dev = kmalloc(sizeof(*new_dev), GFP_ATOMIC);
1336 		if (!new_dev)
1337 			break;
1338 
1339 		new_dev->netdev = entry->netdev;
1340 		INIT_LIST_HEAD(&new_dev->list);
1341 
1342 		list_add_rcu(&new_dev->list, &devices);
1343 	}
1344 
1345 	rcu_read_unlock();
1346 
1347 	list_for_each_entry_safe(entry, tmp, &devices, list) {
1348 		ifdown(entry->netdev);
1349 		BT_DBG("Unregistering netdev %s %p",
1350 		       entry->netdev->name, entry->netdev);
1351 		unregister_netdev(entry->netdev);
1352 		kfree(entry);
1353 	}
1354 }
1355 
1356 static int device_event(struct notifier_block *unused,
1357 			unsigned long event, void *ptr)
1358 {
1359 	struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
1360 	struct lowpan_dev *entry;
1361 
1362 	if (netdev->type != ARPHRD_6LOWPAN)
1363 		return NOTIFY_DONE;
1364 
1365 	switch (event) {
1366 	case NETDEV_UNREGISTER:
1367 		spin_lock(&devices_lock);
1368 		list_for_each_entry(entry, &bt_6lowpan_devices, list) {
1369 			if (entry->netdev == netdev) {
1370 				BT_DBG("Unregistered netdev %s %p",
1371 				       netdev->name, netdev);
1372 				list_del(&entry->list);
1373 				break;
1374 			}
1375 		}
1376 		spin_unlock(&devices_lock);
1377 		break;
1378 	}
1379 
1380 	return NOTIFY_DONE;
1381 }
1382 
1383 static struct notifier_block bt_6lowpan_dev_notifier = {
1384 	.notifier_call = device_event,
1385 };
1386 
1387 static int __init bt_6lowpan_init(void)
1388 {
1389 	lowpan_enable_debugfs = debugfs_create_file("6lowpan_enable", 0644,
1390 						    bt_debugfs, NULL,
1391 						    &lowpan_enable_fops);
1392 	lowpan_control_debugfs = debugfs_create_file("6lowpan_control", 0644,
1393 						     bt_debugfs, NULL,
1394 						     &lowpan_control_fops);
1395 
1396 	return register_netdevice_notifier(&bt_6lowpan_dev_notifier);
1397 }
1398 
1399 static void __exit bt_6lowpan_exit(void)
1400 {
1401 	debugfs_remove(lowpan_enable_debugfs);
1402 	debugfs_remove(lowpan_control_debugfs);
1403 
1404 	if (listen_chan) {
1405 		l2cap_chan_close(listen_chan, 0);
1406 		l2cap_chan_put(listen_chan);
1407 	}
1408 
1409 	disconnect_devices();
1410 
1411 	unregister_netdevice_notifier(&bt_6lowpan_dev_notifier);
1412 }
1413 
1414 module_init(bt_6lowpan_init);
1415 module_exit(bt_6lowpan_exit);
1416 
1417 MODULE_AUTHOR("Jukka Rissanen <jukka.rissanen@linux.intel.com>");
1418 MODULE_DESCRIPTION("Bluetooth 6LoWPAN");
1419 MODULE_VERSION(VERSION);
1420 MODULE_LICENSE("GPL");
1421