projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: convert force_active variable to flag in l2cap chan
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
bb58f747 59int disable_ertm;
a5fd6f30 60int enable_hs;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 63static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
218bb9df
GP		 76static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
77
0139418c 78/* ---- L2CAP channels ---- */
71ba0e56
GP		 79
80static inline void chan_hold(struct l2cap_chan *c)
81{
82 atomic_inc(&c->refcnt);
83}
84
85static inline void chan_put(struct l2cap_chan *c)
86{
87 if (atomic_dec_and_test(&c->refcnt))
88 kfree(c);
89}
90
baa7e1fa 91static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 92{
48454079 93 struct l2cap_chan *c;
baa7e1fa
GP		 94
95 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 96 if (c->dcid == cid)
baa7e1fa 97 return c;
0139418c 98 }
baa7e1fa
GP		 99 return NULL;
100
0139418c
MH		 101}
102
baa7e1fa 103static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 104{
48454079 105 struct l2cap_chan *c;
baa7e1fa
GP		 106
107 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 108 if (c->scid == cid)
baa7e1fa 109 return c;
0139418c 110 }
baa7e1fa 111 return NULL;
0139418c
MH		 112}
113
114/* Find channel with given SCID.
115 * Returns locked socket */
baa7e1fa 116static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 117{
48454079 118 struct l2cap_chan *c;
baa7e1fa
GP		 119
120 read_lock(&conn->chan_lock);
121 c = __l2cap_get_chan_by_scid(conn, cid);
48454079
GP		 122 if (c)
123 bh_lock_sock(c->sk);
baa7e1fa 124 read_unlock(&conn->chan_lock);
48454079 125 return c;
0139418c
MH		 126}
127
baa7e1fa 128static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 129{
48454079 130 struct l2cap_chan *c;
baa7e1fa
GP		 131
132 list_for_each_entry(c, &conn->chan_l, list) {
fc7f8a7e 133 if (c->ident == ident)
baa7e1fa 134 return c;
0139418c 135 }
baa7e1fa 136 return NULL;
0139418c
MH		 137}
138
baa7e1fa 139static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 140{
48454079 141 struct l2cap_chan *c;
baa7e1fa
GP		 142
143 read_lock(&conn->chan_lock);
144 c = __l2cap_get_chan_by_ident(conn, ident);
48454079
GP		 145 if (c)
146 bh_lock_sock(c->sk);
baa7e1fa 147 read_unlock(&conn->chan_lock);
48454079 148 return c;
0139418c
MH		 149}
150
23691d75 151static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 152{
23691d75 153 struct l2cap_chan *c;
9e4425ff 154
23691d75
GP		 155 list_for_each_entry(c, &chan_list, global_l) {
156 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
9e4425ff
GP		 157 goto found;
158 }
159
23691d75 160 c = NULL;
9e4425ff 161found:
23691d75 162 return c;
9e4425ff
GP		 163}
164
165int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
166{
73b2ec18
GP		 167 int err;
168
23691d75 169 write_lock_bh(&chan_list_lock);
9e4425ff 170
23691d75 171 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 172 err = -EADDRINUSE;
173 goto done;
9e4425ff
GP		 174 }
175
73b2ec18
GP		 176 if (psm) {
177 chan->psm = psm;
178 chan->sport = psm;
179 err = 0;
180 } else {
181 u16 p;
182
183 err = -EINVAL;
184 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 185 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 186 chan->psm = cpu_to_le16(p);
187 chan->sport = cpu_to_le16(p);
188 err = 0;
189 break;
190 }
191 }
9e4425ff 192
73b2ec18 193done:
23691d75 194 write_unlock_bh(&chan_list_lock);
73b2ec18 195 return err;
9e4425ff
GP		 196}
197
198int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
199{
23691d75 200 write_lock_bh(&chan_list_lock);
9e4425ff
GP		 201
202 chan->scid = scid;
203
23691d75 204 write_unlock_bh(&chan_list_lock);
9e4425ff
GP		 205
206 return 0;
207}
208
baa7e1fa 209static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 210{
8db4dc46 211 u16 cid = L2CAP_CID_DYN_START;
0139418c 212
8db4dc46 213 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 214 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 215 return cid;
216 }
217
218 return 0;
219}
220
c9b66675 221static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout)
ab07801d 222{
774e5651 223 BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout);
89bc500e 224
942ecc9c 225 if (!mod_timer(timer, jiffies + msecs_to_jiffies(timeout)))
774e5651 226 chan_hold(chan);
ab07801d
GP		 227}
228
c9b66675 229static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer)
ab07801d 230{
774e5651 231 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d 232
774e5651
MM		 233 if (timer_pending(timer) && del_timer(timer))
234 chan_put(chan);
ab07801d
GP		 235}
236
89bc500e
GP		 237static void l2cap_state_change(struct l2cap_chan *chan, int state)
238{
239 chan->state = state;
240 chan->ops->state_change(chan->data, state);
241}
242
ab07801d
GP		 243static void l2cap_chan_timeout(unsigned long arg)
244{
245 struct l2cap_chan *chan = (struct l2cap_chan *) arg;
246 struct sock *sk = chan->sk;
247 int reason;
248
89bc500e 249 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d
GP		 250
251 bh_lock_sock(sk);
252
253 if (sock_owned_by_user(sk)) {
254 /* sk is owned by user. Try again later */
c9b66675 255 __set_chan_timer(chan, HZ / 5);
ab07801d 256 bh_unlock_sock(sk);
71ba0e56 257 chan_put(chan);
ab07801d
GP		 258 return;
259 }
260
89bc500e 261 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 262 reason = ECONNREFUSED;
89bc500e 263 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 264 chan->sec_level != BT_SECURITY_SDP)
265 reason = ECONNREFUSED;
266 else
267 reason = ETIMEDOUT;
268
0f852724 269 l2cap_chan_close(chan, reason);
ab07801d
GP		 270
271 bh_unlock_sock(sk);
272
ba3bd0ee 273 chan->ops->close(chan->data);
71ba0e56 274 chan_put(chan);
ab07801d
GP		 275}
276
23691d75 277struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 278{
279 struct l2cap_chan *chan;
280
281 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
282 if (!chan)
283 return NULL;
284
285 chan->sk = sk;
286
23691d75
GP		 287 write_lock_bh(&chan_list_lock);
288 list_add(&chan->global_l, &chan_list);
289 write_unlock_bh(&chan_list_lock);
290
ab07801d
GP		 291 setup_timer(&chan->chan_timer, l2cap_chan_timeout, (unsigned long) chan);
292
89bc500e
GP		 293 chan->state = BT_OPEN;
294
71ba0e56
GP		 295 atomic_set(&chan->refcnt, 1);
296
48454079
GP		 297 return chan;
298}
299
23691d75 300void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 301{
23691d75
GP		 302 write_lock_bh(&chan_list_lock);
303 list_del(&chan->global_l);
304 write_unlock_bh(&chan_list_lock);
305
71ba0e56 306 chan_put(chan);
6ff5abbf
GP		 307}
308
48454079 309static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 310{
af05b30b 311 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 312 chan->psm, chan->dcid);
0139418c 313
2950f21a
MH		 314 conn->disc_reason = 0x13;
315
8c1d787b 316 chan->conn = conn;
0139418c 317
715ec005 318 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
b62f328b
VT		 319 if (conn->hcon->type == LE_LINK) {
320 /* LE connection */
0c1bc5c6 321 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 322 chan->scid = L2CAP_CID_LE_DATA;
323 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 324 } else {
325 /* Alloc CID for connection-oriented socket */
fe4128e0 326 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 327 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 328 }
715ec005 329 } else if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
0139418c 330 /* Connectionless socket */
fe4128e0
GP		 331 chan->scid = L2CAP_CID_CONN_LESS;
332 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 333 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 334 } else {
335 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 336 chan->scid = L2CAP_CID_SIGNALING;
337 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 338 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 339 }
340
71ba0e56 341 chan_hold(chan);
baa7e1fa
GP		 342
343 list_add(&chan->list, &conn->chan_l);
0139418c
MH		 344}
345
8e87d142 346/* Delete channel.
0139418c 347 * Must be called on the locked socket. */
4519de9a 348static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 349{
48454079 350 struct sock *sk = chan->sk;
8c1d787b 351 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 352 struct sock *parent = bt_sk(sk)->parent;
353
c9b66675 354 __clear_chan_timer(chan);
0139418c 355
49208c9c 356 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 357
8e87d142 358 if (conn) {
baa7e1fa
GP		 359 /* Delete from channel list */
360 write_lock_bh(&conn->chan_lock);
361 list_del(&chan->list);
362 write_unlock_bh(&conn->chan_lock);
71ba0e56 363 chan_put(chan);
baa7e1fa 364
8c1d787b 365 chan->conn = NULL;
0139418c
MH		 366 hci_conn_put(conn->hcon);
367 }
368
89bc500e 369 l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 370 sock_set_flag(sk, SOCK_ZAPPED);
371
372 if (err)
373 sk->sk_err = err;
374
375 if (parent) {
376 bt_accept_unlink(sk);
377 parent->sk_data_ready(parent, 0);
378 } else
379 sk->sk_state_change(sk);
c13ffa62 380
c1360a1c
GP		 381 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
382 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 383 return;
2ead70b8 384
58d35f87 385 skb_queue_purge(&chan->tx_q);
c13ffa62 386
0c1bc5c6 387 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 388 struct srej_list *l, *tmp;
389
1a09bcb9
GP		 390 __clear_retrans_timer(chan);
391 __clear_monitor_timer(chan);
392 __clear_ack_timer(chan);
c13ffa62 393
f1c6775b 394 skb_queue_purge(&chan->srej_q);
c13ffa62 395
39d5a3ee 396 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 397 list_del(&l->list);
398 kfree(l);
399 }
400 }
0139418c
MH		 401}
402
4519de9a
GP		 403static void l2cap_chan_cleanup_listen(struct sock *parent)
404{
405 struct sock *sk;
406
407 BT_DBG("parent %p", parent);
408
409 /* Close not yet accepted channels */
0f852724 410 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 411 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
c9b66675 412 __clear_chan_timer(chan);
0f852724 413 lock_sock(sk);
ba3bd0ee 414 l2cap_chan_close(chan, ECONNRESET);
0f852724 415 release_sock(sk);
ba3bd0ee 416 chan->ops->close(chan->data);
0f852724 417 }
4519de9a
GP		 418}
419
0f852724 420void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 421{
422 struct l2cap_conn *conn = chan->conn;
423 struct sock *sk = chan->sk;
424
89bc500e 425 BT_DBG("chan %p state %d socket %p", chan, chan->state, sk->sk_socket);
4519de9a 426
89bc500e 427 switch (chan->state) {
4519de9a
GP		 428 case BT_LISTEN:
429 l2cap_chan_cleanup_listen(sk);
89bc500e
GP		 430
431 l2cap_state_change(chan, BT_CLOSED);
432 sock_set_flag(sk, SOCK_ZAPPED);
4519de9a
GP		 433 break;
434
435 case BT_CONNECTED:
436 case BT_CONFIG:
715ec005 437 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 438 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 439 __clear_chan_timer(chan);
440 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 441 l2cap_send_disconn_req(conn, chan, reason);
442 } else
443 l2cap_chan_del(chan, reason);
444 break;
445
446 case BT_CONNECT2:
715ec005 447 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 448 conn->hcon->type == ACL_LINK) {
449 struct l2cap_conn_rsp rsp;
450 __u16 result;
451
452 if (bt_sk(sk)->defer_setup)
453 result = L2CAP_CR_SEC_BLOCK;
454 else
455 result = L2CAP_CR_BAD_PSM;
89bc500e 456 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 457
458 rsp.scid = cpu_to_le16(chan->dcid);
459 rsp.dcid = cpu_to_le16(chan->scid);
460 rsp.result = cpu_to_le16(result);
461 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
462 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
463 sizeof(rsp), &rsp);
464 }
465
466 l2cap_chan_del(chan, reason);
467 break;
468
469 case BT_CONNECT:
470 case BT_DISCONN:
471 l2cap_chan_del(chan, reason);
472 break;
473
474 default:
475 sock_set_flag(sk, SOCK_ZAPPED);
476 break;
477 }
478}
479
4343478f 480static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 481{
715ec005 482 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 483 switch (chan->sec_level) {
8556edd3
JH		 484 case BT_SECURITY_HIGH:
485 return HCI_AT_DEDICATED_BONDING_MITM;
486 case BT_SECURITY_MEDIUM:
487 return HCI_AT_DEDICATED_BONDING;
488 default:
489 return HCI_AT_NO_BONDING;
490 }
fe4128e0 491 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 492 if (chan->sec_level == BT_SECURITY_LOW)
493 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 494
4343478f 495 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 496 return HCI_AT_NO_BONDING_MITM;
00ae4af9 497 else
8556edd3 498 return HCI_AT_NO_BONDING;
00ae4af9 499 } else {
4343478f 500 switch (chan->sec_level) {
00ae4af9 501 case BT_SECURITY_HIGH:
8556edd3 502 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 503 case BT_SECURITY_MEDIUM:
8556edd3 504 return HCI_AT_GENERAL_BONDING;
00ae4af9 505 default:
8556edd3 506 return HCI_AT_NO_BONDING;
00ae4af9 507 }
0684e5f9 508 }
8556edd3
JH		 509}
510
511/* Service level security */
4343478f 512static inline int l2cap_check_security(struct l2cap_chan *chan)
8556edd3 513{
8c1d787b 514 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 515 __u8 auth_type;
516
4343478f 517 auth_type = l2cap_get_auth_type(chan);
79d554a6 518
4343478f 519 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 520}
521
b5ad8b7f 522static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 523{
524 u8 id;
525
526 /* Get next available identificator.
527 * 1 - 128 are used by kernel.
528 * 129 - 199 are reserved.
529 * 200 - 254 are used by utilities like l2ping, etc.
530 */
531
532 spin_lock_bh(&conn->lock);
533
534 if (++conn->tx_ident > 128)
535 conn->tx_ident = 1;
536
537 id = conn->tx_ident;
538
539 spin_unlock_bh(&conn->lock);
540
541 return id;
542}
543
4519de9a 544static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 545{
546 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 547 u8 flags;
4e8402a3
MH		 548
549 BT_DBG("code 0x%2.2x", code);
550
551 if (!skb)
9a9c6a34 552 return;
4e8402a3 553
e702112f
AE		 554 if (lmp_no_flush_capable(conn->hcon->hdev))
555 flags = ACL_START_NO_FLUSH;
556 else
557 flags = ACL_START;
558
14b12d0b
JG		 559 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
560
e702112f 561 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 562}
563
525cd185 564static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
1c2acffb
GP		 565{
566 struct sk_buff *skb;
567 struct l2cap_hdr *lh;
8c1d787b 568 struct l2cap_conn *conn = chan->conn;
fcc203c3 569 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 570 u8 flags;
fcc203c3 571
89bc500e 572 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 573 return;
574
47d1ec61 575 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3 576 hlen += 2;
1c2acffb 577
49208c9c 578 BT_DBG("chan %p, control 0x%2.2x", chan, control);
1c2acffb 579
fcc203c3 580 count = min_t(unsigned int, conn->mtu, hlen);
1c2acffb
GP		 581 control |= L2CAP_CTRL_FRAME_TYPE;
582
e2ab4353 583 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
9e917af1 584 control |= L2CAP_CTRL_FINAL;
9e917af1 585
e2ab4353 586 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
f0946ccf 587 control |= L2CAP_CTRL_POLL;
f0946ccf 588
1c2acffb
GP		 589 skb = bt_skb_alloc(count, GFP_ATOMIC);
590 if (!skb)
9a9c6a34 591 return;
1c2acffb
GP		 592
593 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 594 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 595 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 596 put_unaligned_le16(control, skb_put(skb, 2));
597
47d1ec61 598 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 599 u16 fcs = crc16(0, (u8 *)lh, count - 2);
600 put_unaligned_le16(fcs, skb_put(skb, 2));
601 }
602
e702112f
AE		 603 if (lmp_no_flush_capable(conn->hcon->hdev))
604 flags = ACL_START_NO_FLUSH;
605 else
606 flags = ACL_START;
607
15770b1a 608 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b 609
8c1d787b 610 hci_send_acl(chan->conn->hcon, skb, flags);
1c2acffb
GP		 611}
612
525cd185 613static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
7e743090 614{
e2ab4353 615 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
7e743090 616 control |= L2CAP_SUPER_RCV_NOT_READY;
e2ab4353 617 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 618 } else
7e743090
GP		 619 control |= L2CAP_SUPER_RCV_READY;
620
42e5c802 621 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2ab25cdd 622
525cd185 623 l2cap_send_sframe(chan, control);
7e743090
GP		 624}
625
b4450035 626static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 627{
c1360a1c 628 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 629}
630
fc7f8a7e 631static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 632{
8c1d787b 633 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 634
635 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 636 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
637 return;
638
4343478f
GP		 639 if (l2cap_check_security(chan) &&
640 __l2cap_no_conn_pending(chan)) {
b1235d79 641 struct l2cap_conn_req req;
fe4128e0
GP		 642 req.scid = cpu_to_le16(chan->scid);
643 req.psm = chan->psm;
79d554a6 644
fc7f8a7e 645 chan->ident = l2cap_get_ident(conn);
c1360a1c 646 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
79d554a6 647
fc7f8a7e
GP		 648 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
649 sizeof(req), &req);
b1235d79 650 }
79d554a6
MH		 651 } else {
652 struct l2cap_info_req req;
653 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
654
655 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
656 conn->info_ident = l2cap_get_ident(conn);
657
658 mod_timer(&conn->info_timer, jiffies +
659 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
660
661 l2cap_send_cmd(conn, conn->info_ident,
662 L2CAP_INFO_REQ, sizeof(req), &req);
663 }
664}
665
cf6c2c0b
GP		 666static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
667{
668 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 669 if (!disable_ertm)
cf6c2c0b
GP		 670 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
671
672 switch (mode) {
673 case L2CAP_MODE_ERTM:
674 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
675 case L2CAP_MODE_STREAMING:
676 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
677 default:
678 return 0x00;
679 }
680}
681
4519de9a 682static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 683{
e92c8e70 684 struct sock *sk;
22121fc9
GP		 685 struct l2cap_disconn_req req;
686
c13ffa62
GP		 687 if (!conn)
688 return;
689
e92c8e70
GP		 690 sk = chan->sk;
691
0c1bc5c6 692 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 693 __clear_retrans_timer(chan);
694 __clear_monitor_timer(chan);
695 __clear_ack_timer(chan);
c13ffa62
GP		 696 }
697
fe4128e0
GP		 698 req.dcid = cpu_to_le16(chan->dcid);
699 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 700 l2cap_send_cmd(conn, l2cap_get_ident(conn),
701 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 702
89bc500e 703 l2cap_state_change(chan, BT_DISCONN);
9b108fc0 704 sk->sk_err = err;
22121fc9
GP		 705}
706
1da177e4 707/* ---- L2CAP connections ---- */
4e8402a3
MH		 708static void l2cap_conn_start(struct l2cap_conn *conn)
709{
820ffdb3 710 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 711
712 BT_DBG("conn %p", conn);
713
baa7e1fa 714 read_lock(&conn->chan_lock);
4e8402a3 715
820ffdb3 716 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 717 struct sock *sk = chan->sk;
baa7e1fa 718
4e8402a3
MH		 719 bh_lock_sock(sk);
720
715ec005 721 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
79d554a6
MH		 722 bh_unlock_sock(sk);
723 continue;
724 }
725
89bc500e 726 if (chan->state == BT_CONNECT) {
47731de7 727 struct l2cap_conn_req req;
79d554a6 728
4343478f 729 if (!l2cap_check_security(chan) ||
b4450035 730 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 731 bh_unlock_sock(sk);
732 continue;
733 }
79d554a6 734
c1360a1c
GP		 735 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
736 && test_bit(CONF_STATE2_DEVICE,
737 &chan->conf_state)) {
0f852724 738 /* l2cap_chan_close() calls list_del(chan)
820ffdb3 739 * so release the lock */
2461daac 740 read_unlock(&conn->chan_lock);
89bc500e 741 l2cap_chan_close(chan, ECONNRESET);
2461daac 742 read_lock(&conn->chan_lock);
47731de7
GP		 743 bh_unlock_sock(sk);
744 continue;
b1235d79 745 }
47731de7 746
fe4128e0
GP		 747 req.scid = cpu_to_le16(chan->scid);
748 req.psm = chan->psm;
47731de7 749
fc7f8a7e 750 chan->ident = l2cap_get_ident(conn);
c1360a1c 751 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
47731de7 752
fc7f8a7e
GP		 753 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
754 sizeof(req), &req);
47731de7 755
89bc500e 756 } else if (chan->state == BT_CONNECT2) {
79d554a6 757 struct l2cap_conn_rsp rsp;
e9aeb2dd 758 char buf[128];
fe4128e0
GP		 759 rsp.scid = cpu_to_le16(chan->dcid);
760 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 761
4343478f 762 if (l2cap_check_security(chan)) {
f66dc81f
MH		 763 if (bt_sk(sk)->defer_setup) {
764 struct sock *parent = bt_sk(sk)->parent;
765 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
766 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 767 if (parent)
768 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 769
770 } else {
89bc500e 771 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 772 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
773 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
774 }
79d554a6
MH		 775 } else {
776 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
777 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
778 }
779
fc7f8a7e
GP		 780 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
781 sizeof(rsp), &rsp);
e9aeb2dd 782
c1360a1c 783 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd
GP		 784 rsp.result != L2CAP_CR_SUCCESS) {
785 bh_unlock_sock(sk);
786 continue;
787 }
788
c1360a1c 789 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 790 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 791 l2cap_build_conf_req(chan, buf), buf);
792 chan->num_conf_req++;
4e8402a3
MH		 793 }
794
795 bh_unlock_sock(sk);
796 }
797
baa7e1fa 798 read_unlock(&conn->chan_lock);
4e8402a3
MH		 799}
800
b62f328b
VT		 801/* Find socket with cid and source bdaddr.
802 * Returns closest match, locked.
803 */
23691d75 804static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 805{
23691d75 806 struct l2cap_chan *c, *c1 = NULL;
b62f328b 807
23691d75 808 read_lock(&chan_list_lock);
b62f328b 809
23691d75
GP		 810 list_for_each_entry(c, &chan_list, global_l) {
811 struct sock *sk = c->sk;
fe4128e0 812
89bc500e 813 if (state && c->state != state)
b62f328b
VT		 814 continue;
815
23691d75 816 if (c->scid == cid) {
b62f328b 817 /* Exact match. */
23691d75
GP		 818 if (!bacmp(&bt_sk(sk)->src, src)) {
819 read_unlock(&chan_list_lock);
820 return c;
821 }
b62f328b
VT		 822
823 /* Closest match */
824 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 825 c1 = c;
b62f328b
VT		 826 }
827 }
280f294f 828
23691d75 829 read_unlock(&chan_list_lock);
b62f328b 830
23691d75 831 return c1;
b62f328b
VT		 832}
833
834static void l2cap_le_conn_ready(struct l2cap_conn *conn)
835{
c916fbe4 836 struct sock *parent, *sk;
23691d75 837 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 838
839 BT_DBG("");
840
841 /* Check if we have socket listening on cid */
23691d75 842 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 843 conn->src);
23691d75 844 if (!pchan)
b62f328b
VT		 845 return;
846
23691d75
GP		 847 parent = pchan->sk;
848
62f3a2cf
GP		 849 bh_lock_sock(parent);
850
b62f328b
VT		 851 /* Check for backlog size */
852 if (sk_acceptq_is_full(parent)) {
853 BT_DBG("backlog full %d", parent->sk_ack_backlog);
854 goto clean;
855 }
856
80808e43
GP		 857 chan = pchan->ops->new_connection(pchan->data);
858 if (!chan)
b62f328b
VT		 859 goto clean;
860
80808e43 861 sk = chan->sk;
5d41ce1d 862
baa7e1fa 863 write_lock_bh(&conn->chan_lock);
b62f328b
VT		 864
865 hci_conn_hold(conn->hcon);
866
b62f328b
VT		 867 bacpy(&bt_sk(sk)->src, conn->src);
868 bacpy(&bt_sk(sk)->dst, conn->dst);
869
d1010240
GP		 870 bt_accept_enqueue(parent, sk);
871
48454079
GP		 872 __l2cap_chan_add(conn, chan);
873
c9b66675 874 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 875
89bc500e 876 l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 877 parent->sk_data_ready(parent, 0);
878
baa7e1fa 879 write_unlock_bh(&conn->chan_lock);
b62f328b
VT		 880
881clean:
882 bh_unlock_sock(parent);
883}
884
f1cb9af5
VCG		 885static void l2cap_chan_ready(struct sock *sk)
886{
887 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
888 struct sock *parent = bt_sk(sk)->parent;
889
890 BT_DBG("sk %p, parent %p", sk, parent);
891
892 chan->conf_state = 0;
893 __clear_chan_timer(chan);
894
43f3dc41 895 l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 896 sk->sk_state_change(sk);
897
898 if (parent)
899 parent->sk_data_ready(parent, 0);
900}
901
4e8402a3
MH		 902static void l2cap_conn_ready(struct l2cap_conn *conn)
903{
48454079 904 struct l2cap_chan *chan;
4e8402a3 905
79d554a6 906 BT_DBG("conn %p", conn);
4e8402a3 907
b62f328b
VT		 908 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
909 l2cap_le_conn_ready(conn);
910
160dc6ac
VCG		 911 if (conn->hcon->out && conn->hcon->type == LE_LINK)
912 smp_conn_security(conn, conn->hcon->pending_sec_level);
913
baa7e1fa 914 read_lock(&conn->chan_lock);
4e8402a3 915
baa7e1fa 916 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 917 struct sock *sk = chan->sk;
baa7e1fa 918
79d554a6 919 bh_lock_sock(sk);
4e8402a3 920
63128451 921 if (conn->hcon->type == LE_LINK) {
b501d6a1 922 if (smp_conn_security(conn, chan->sec_level))
f1cb9af5 923 l2cap_chan_ready(sk);
acd7d370 924
63128451 925 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 926 __clear_chan_timer(chan);
89bc500e 927 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 928 sk->sk_state_change(sk);
b501d6a1 929
89bc500e 930 } else if (chan->state == BT_CONNECT)
fc7f8a7e 931 l2cap_do_start(chan);
4e8402a3 932
79d554a6 933 bh_unlock_sock(sk);
4e8402a3 934 }
79d554a6 935
baa7e1fa 936 read_unlock(&conn->chan_lock);
4e8402a3
MH		 937}
938
939/* Notify sockets that we cannot guaranty reliability anymore */
940static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
941{
48454079 942 struct l2cap_chan *chan;
4e8402a3
MH		 943
944 BT_DBG("conn %p", conn);
945
baa7e1fa 946 read_lock(&conn->chan_lock);
4e8402a3 947
baa7e1fa 948 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 949 struct sock *sk = chan->sk;
baa7e1fa 950
ecf61bdb 951 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
4e8402a3
MH		 952 sk->sk_err = err;
953 }
954
baa7e1fa 955 read_unlock(&conn->chan_lock);
4e8402a3
MH		 956}
957
958static void l2cap_info_timeout(unsigned long arg)
959{
960 struct l2cap_conn *conn = (void *) arg;
961
984947dc 962 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 963 conn->info_ident = 0;
984947dc 964
4e8402a3
MH		 965 l2cap_conn_start(conn);
966}
967
5d3de7df
VCG		 968static void l2cap_conn_del(struct hci_conn *hcon, int err)
969{
970 struct l2cap_conn *conn = hcon->l2cap_data;
971 struct l2cap_chan *chan, *l;
972 struct sock *sk;
973
974 if (!conn)
975 return;
976
977 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
978
979 kfree_skb(conn->rx_skb);
980
981 /* Kill channels */
982 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
983 sk = chan->sk;
984 bh_lock_sock(sk);
985 l2cap_chan_del(chan, err);
986 bh_unlock_sock(sk);
987 chan->ops->close(chan->data);
988 }
989
990 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
991 del_timer_sync(&conn->info_timer);
992
d26a2345 993 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) {
5d3de7df 994 del_timer(&conn->security_timer);
8aab4757 995 smp_chan_destroy(conn);
d26a2345 996 }
5d3de7df
VCG		 997
998 hcon->l2cap_data = NULL;
999 kfree(conn);
1000}
1001
1002static void security_timeout(unsigned long arg)
1003{
1004 struct l2cap_conn *conn = (void *) arg;
1005
1006 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1007}
1008
1da177e4
LT		 1009static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1010{
0139418c 1011 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 1012
0139418c 1013 if (conn || status)
1da177e4
LT		 1014 return conn;
1015
0139418c
MH		 1016 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
1017 if (!conn)
1da177e4 1018 return NULL;
1da177e4
LT		 1019
1020 hcon->l2cap_data = conn;
1021 conn->hcon = hcon;
1022
0139418c
MH		 1023 BT_DBG("hcon %p conn %p", hcon, conn);
1024
acd7d370
VT		 1025 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1026 conn->mtu = hcon->hdev->le_mtu;
1027 else
1028 conn->mtu = hcon->hdev->acl_mtu;
1029
1da177e4
LT		 1030 conn->src = &hcon->hdev->bdaddr;
1031 conn->dst = &hcon->dst;
1032
4e8402a3
MH		 1033 conn->feat_mask = 0;
1034
1da177e4 1035 spin_lock_init(&conn->lock);
baa7e1fa
GP		 1036 rwlock_init(&conn->chan_lock);
1037
1038 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1039
5d3de7df
VCG		 1040 if (hcon->type == LE_LINK)
1041 setup_timer(&conn->security_timer, security_timeout,
1042 (unsigned long) conn);
1043 else
b62f328b 1044 setup_timer(&conn->info_timer, l2cap_info_timeout,
45054dc1
DY		 1045 (unsigned long) conn);
1046
2950f21a
MH		 1047 conn->disc_reason = 0x13;
1048
1da177e4
LT		 1049 return conn;
1050}
1051
48454079 1052static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1da177e4 1053{
baa7e1fa 1054 write_lock_bh(&conn->chan_lock);
48454079 1055 __l2cap_chan_add(conn, chan);
baa7e1fa 1056 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 1057}
1058
1da177e4 1059/* ---- Socket interface ---- */
1da177e4
LT		 1060
1061/* Find socket with psm and source bdaddr.
1062 * Returns closest match.
1063 */
23691d75 1064static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1065{
23691d75 1066 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1067
23691d75 1068 read_lock(&chan_list_lock);
e0f0cb56 1069
23691d75
GP		 1070 list_for_each_entry(c, &chan_list, global_l) {
1071 struct sock *sk = c->sk;
fe4128e0 1072
89bc500e 1073 if (state && c->state != state)
1da177e4
LT		 1074 continue;
1075
23691d75 1076 if (c->psm == psm) {
1da177e4 1077 /* Exact match. */
23691d75 1078 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1079 read_unlock(&chan_list_lock);
23691d75
GP		 1080 return c;
1081 }
1da177e4
LT		 1082
1083 /* Closest match */
1084 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1085 c1 = c;
1da177e4
LT		 1086 }
1087 }
1da177e4 1088
23691d75 1089 read_unlock(&chan_list_lock);
e0f0cb56 1090
23691d75 1091 return c1;
1da177e4
LT		 1092}
1093
77a74c7e 1094int l2cap_chan_connect(struct l2cap_chan *chan)
1da177e4 1095{
5d41ce1d 1096 struct sock *sk = chan->sk;
1da177e4
LT		 1097 bdaddr_t *src = &bt_sk(sk)->src;
1098 bdaddr_t *dst = &bt_sk(sk)->dst;
1099 struct l2cap_conn *conn;
1100 struct hci_conn *hcon;
1101 struct hci_dev *hdev;
09ab6f4c 1102 __u8 auth_type;
44d0e48e 1103 int err;
1da177e4 1104
f29972de 1105 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1106 chan->psm);
1da177e4 1107
af05b30b
GP		 1108 hdev = hci_get_route(dst, src);
1109 if (!hdev)
1da177e4
LT		 1110 return -EHOSTUNREACH;
1111
1112 hci_dev_lock_bh(hdev);
1113
4343478f 1114 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1115
fe4128e0 1116 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1117 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1118 chan->sec_level, auth_type);
acd7d370
VT		 1119 else
1120 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1121 chan->sec_level, auth_type);
acd7d370 1122
30e76272
VT		 1123 if (IS_ERR(hcon)) {
1124 err = PTR_ERR(hcon);
1da177e4 1125 goto done;
30e76272 1126 }
1da177e4
LT		 1127
1128 conn = l2cap_conn_add(hcon, 0);
1129 if (!conn) {
1130 hci_conn_put(hcon);
30e76272 1131 err = -ENOMEM;
1da177e4
LT		 1132 goto done;
1133 }
1134
1da177e4
LT		 1135 /* Update source addr of the socket */
1136 bacpy(src, conn->src);
1137
48454079
GP		 1138 l2cap_chan_add(conn, chan);
1139
89bc500e 1140 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1141 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1142
1143 if (hcon->state == BT_CONNECTED) {
715ec005 1144 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1145 __clear_chan_timer(chan);
4343478f 1146 if (l2cap_check_security(chan))
89bc500e 1147 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1148 } else
fc7f8a7e 1149 l2cap_do_start(chan);
1da177e4
LT		 1150 }
1151
30e76272
VT		 1152 err = 0;
1153
1da177e4
LT		 1154done:
1155 hci_dev_unlock_bh(hdev);
1156 hci_dev_put(hdev);
1157 return err;
1158}
1159
dcba0dba 1160int __l2cap_wait_ack(struct sock *sk)
6161c038 1161{
8c1d787b 1162 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1163 DECLARE_WAITQUEUE(wait, current);
1164 int err = 0;
1165 int timeo = HZ/5;
1166
2b0b05dd 1167 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1168 set_current_state(TASK_INTERRUPTIBLE);
1169 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1170 if (!timeo)
1171 timeo = HZ/5;
1172
1173 if (signal_pending(current)) {
1174 err = sock_intr_errno(timeo);
1175 break;
1176 }
1177
1178 release_sock(sk);
1179 timeo = schedule_timeout(timeo);
1180 lock_sock(sk);
a71a0cf4 1181 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1182
1183 err = sock_error(sk);
1184 if (err)
1185 break;
1186 }
1187 set_current_state(TASK_RUNNING);
2b0b05dd 1188 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1189 return err;
1190}
1191
e90bac06
GP		 1192static void l2cap_monitor_timeout(unsigned long arg)
1193{
525cd185
GP		 1194 struct l2cap_chan *chan = (void *) arg;
1195 struct sock *sk = chan->sk;
e90bac06 1196
525cd185 1197 BT_DBG("chan %p", chan);
0e98958d 1198
e686219a 1199 bh_lock_sock(sk);
2c03a7a4 1200 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1201 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
b13f5860 1202 bh_unlock_sock(sk);
e90bac06
GP		 1203 return;
1204 }
1205
6a026610 1206 chan->retry_count++;
1a09bcb9 1207 __set_monitor_timer(chan);
e90bac06 1208
525cd185 1209 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1210 bh_unlock_sock(sk);
e90bac06
GP		 1211}
1212
1213static void l2cap_retrans_timeout(unsigned long arg)
1214{
525cd185
GP		 1215 struct l2cap_chan *chan = (void *) arg;
1216 struct sock *sk = chan->sk;
e90bac06 1217
49208c9c 1218 BT_DBG("chan %p", chan);
0e98958d 1219
e686219a 1220 bh_lock_sock(sk);
6a026610 1221 chan->retry_count = 1;
1a09bcb9 1222 __set_monitor_timer(chan);
e90bac06 1223
e2ab4353 1224 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1225
525cd185 1226 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1227 bh_unlock_sock(sk);
e90bac06
GP		 1228}
1229
42e5c802 1230static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1231{
1c2acffb 1232 struct sk_buff *skb;
1da177e4 1233
58d35f87 1234 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1235 chan->unacked_frames) {
42e5c802 1236 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1237 break;
1da177e4 1238
58d35f87 1239 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1240 kfree_skb(skb);
1da177e4 1241
6a026610 1242 chan->unacked_frames--;
1c2acffb 1243 }
1da177e4 1244
6a026610 1245 if (!chan->unacked_frames)
1a09bcb9 1246 __clear_retrans_timer(chan);
1c2acffb 1247}
1da177e4 1248
67c9e840 1249static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1c2acffb 1250{
8c1d787b 1251 struct hci_conn *hcon = chan->conn->hcon;
e702112f 1252 u16 flags;
1c2acffb 1253
4343478f 1254 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1da177e4 1255
d57b0e8b
AE		 1256 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
1257 lmp_no_flush_capable(hcon->hdev))
e702112f
AE		 1258 flags = ACL_START_NO_FLUSH;
1259 else
1260 flags = ACL_START;
1261
15770b1a 1262 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
e702112f 1263 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1264}
1265
67c9e840 1266static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1267{
ccbb84af 1268 struct sk_buff *skb;
fcc203c3 1269 u16 control, fcs;
6840ed07 1270
58d35f87 1271 while ((skb = skb_dequeue(&chan->tx_q))) {
ccbb84af 1272 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
42e5c802 1273 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
ccbb84af 1274 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1275
47d1ec61 1276 if (chan->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1277 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1278 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1279 }
1280
4343478f 1281 l2cap_do_send(chan, skb);
6840ed07 1282
42e5c802 1283 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
6840ed07 1284 }
6840ed07
GP		 1285}
1286
525cd185 1287static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 1288{
8f17154f
GP		 1289 struct sk_buff *skb, *tx_skb;
1290 u16 control, fcs;
8f17154f 1291
58d35f87 1292 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1293 if (!skb)
1294 return;
8f17154f 1295
f11d676d
GP		 1296 do {
1297 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1298 break;
8f17154f 1299
58d35f87 1300 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1301 return;
8f17154f 1302
58d35f87 1303 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
8f17154f 1304
2c03a7a4
GP		 1305 if (chan->remote_max_tx &&
1306 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1307 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1308 return;
1309 }
1310
1311 tx_skb = skb_clone(skb, GFP_ATOMIC);
1312 bt_cb(skb)->retries++;
1313 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
a429b519 1314 control &= L2CAP_CTRL_SAR;
3cb123d1 1315
e2ab4353 1316 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
3cb123d1 1317 control |= L2CAP_CTRL_FINAL;
95ffa978 1318
42e5c802 1319 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
f11d676d 1320 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
3cb123d1 1321
f11d676d
GP		 1322 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1323
47d1ec61 1324 if (chan->fcs == L2CAP_FCS_CRC16) {
f11d676d
GP		 1325 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1326 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1327 }
1328
4343478f 1329 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1330}
1331
67c9e840 1332static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1333{
1334 struct sk_buff *skb, *tx_skb;
fcc203c3 1335 u16 control, fcs;
9a9c6a34 1336 int nsent = 0;
1c2acffb 1337
89bc500e 1338 if (chan->state != BT_CONNECTED)
c13ffa62 1339 return -ENOTCONN;
e90bac06 1340
58d35f87 1341 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1342
2c03a7a4
GP		 1343 if (chan->remote_max_tx &&
1344 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1345 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1346 break;
1347 }
1348
e420aba3
AE		 1349 tx_skb = skb_clone(skb, GFP_ATOMIC);
1350
e90bac06
GP		 1351 bt_cb(skb)->retries++;
1352
1c2acffb 1353 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
95ffa978
GP		 1354 control &= L2CAP_CTRL_SAR;
1355
e2ab4353 1356 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
d5392c8f 1357 control |= L2CAP_CTRL_FINAL;
e2ab4353 1358
42e5c802
GP		 1359 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1360 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1c2acffb
GP		 1361 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1362
e90bac06 1363
47d1ec61 1364 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1365 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1366 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1367 }
1368
4343478f 1369 l2cap_do_send(chan, tx_skb);
9a9c6a34 1370
1a09bcb9 1371 __set_retrans_timer(chan);
1c2acffb 1372
42e5c802
GP		 1373 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1374 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1c2acffb 1375
23e9fde2 1376 if (bt_cb(skb)->retries == 1)
6a026610 1377 chan->unacked_frames++;
23e9fde2 1378
6a026610 1379 chan->frames_sent++;
1c2acffb 1380
58d35f87
GP		 1381 if (skb_queue_is_last(&chan->tx_q, skb))
1382 chan->tx_send_head = NULL;
1c2acffb 1383 else
58d35f87 1384 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
9e917af1
GP		 1385
1386 nsent++;
1c2acffb
GP		 1387 }
1388
9e917af1
GP		 1389 return nsent;
1390}
1391
525cd185 1392static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1393{
dfc909be
GP		 1394 int ret;
1395
58d35f87
GP		 1396 if (!skb_queue_empty(&chan->tx_q))
1397 chan->tx_send_head = chan->tx_q.next;
dfc909be 1398
42e5c802 1399 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1400 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1401 return ret;
1402}
1403
525cd185 1404static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1405{
9e917af1
GP		 1406 u16 control = 0;
1407
42e5c802 1408 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
9e917af1 1409
e2ab4353 1410 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
9e917af1 1411 control |= L2CAP_SUPER_RCV_NOT_READY;
e2ab4353 1412 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1413 l2cap_send_sframe(chan, control);
9a9c6a34 1414 return;
9e917af1 1415 }
dfc909be 1416
525cd185 1417 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1418 return;
1419
1420 control |= L2CAP_SUPER_RCV_READY;
525cd185 1421 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1422}
1423
525cd185 1424static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1425{
1426 struct srej_list *tail;
1427 u16 control;
1428
1429 control = L2CAP_SUPER_SELECT_REJECT;
1430 control |= L2CAP_CTRL_FINAL;
1431
39d5a3ee 1432 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
99b0d4b7
GP		 1433 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1434
525cd185 1435 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1436}
1437
1c2acffb
GP		 1438static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1439{
8c1d787b 1440 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1c2acffb
GP		 1441 struct sk_buff **frag;
1442 int err, sent = 0;
1da177e4 1443
59203a21 1444 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1445 return -EFAULT;
1da177e4
LT		 1446
1447 sent += count;
1448 len -= count;
1449
1450 /* Continuation fragments (no L2CAP header) */
1451 frag = &skb_shinfo(skb)->frag_list;
1452 while (len) {
1453 count = min_t(unsigned int, conn->mtu, len);
1454
1455 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1456 if (!*frag)
0175d629 1457 return err;
1c2acffb
GP		 1458 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1459 return -EFAULT;
1da177e4
LT		 1460
1461 sent += count;
1462 len -= count;
1463
1464 frag = &(*frag)->next;
1465 }
1da177e4
LT		 1466
1467 return sent;
1c2acffb 1468}
1da177e4 1469
67c9e840 1470static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1471{
fe4128e0 1472 struct sock *sk = chan->sk;
8c1d787b 1473 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1474 struct sk_buff *skb;
1475 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1476 struct l2cap_hdr *lh;
1477
1478 BT_DBG("sk %p len %d", sk, (int)len);
1479
1480 count = min_t(unsigned int, (conn->mtu - hlen), len);
1481 skb = bt_skb_send_alloc(sk, count + hlen,
1482 msg->msg_flags & MSG_DONTWAIT, &err);
1483 if (!skb)
0175d629 1484 return ERR_PTR(err);
1c2acffb
GP		 1485
1486 /* Create L2CAP header */
1487 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1488 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1489 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1490 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb
GP		 1491
1492 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1493 if (unlikely(err < 0)) {
1494 kfree_skb(skb);
1495 return ERR_PTR(err);
1496 }
1497 return skb;
1498}
1499
67c9e840 1500static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1501{
fe4128e0 1502 struct sock *sk = chan->sk;
8c1d787b 1503 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1504 struct sk_buff *skb;
1505 int err, count, hlen = L2CAP_HDR_SIZE;
1506 struct l2cap_hdr *lh;
1507
1508 BT_DBG("sk %p len %d", sk, (int)len);
1509
1510 count = min_t(unsigned int, (conn->mtu - hlen), len);
1511 skb = bt_skb_send_alloc(sk, count + hlen,
1512 msg->msg_flags & MSG_DONTWAIT, &err);
1513 if (!skb)
0175d629 1514 return ERR_PTR(err);
1c2acffb
GP		 1515
1516 /* Create L2CAP header */
1517 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1518 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1519 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1520
1521 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1522 if (unlikely(err < 0)) {
1523 kfree_skb(skb);
1524 return ERR_PTR(err);
1525 }
1526 return skb;
1527}
1528
ab0ff76d
LAD		 1529static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1530 struct msghdr *msg, size_t len,
1531 u16 control, u16 sdulen)
1c2acffb 1532{
47d1ec61 1533 struct sock *sk = chan->sk;
8c1d787b 1534 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1535 struct sk_buff *skb;
1536 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1537 struct l2cap_hdr *lh;
1538
1539 BT_DBG("sk %p len %d", sk, (int)len);
1540
0ee0d208
GP		 1541 if (!conn)
1542 return ERR_PTR(-ENOTCONN);
1543
c74e560c
GP		 1544 if (sdulen)
1545 hlen += 2;
1546
47d1ec61 1547 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1548 hlen += 2;
1549
1c2acffb
GP		 1550 count = min_t(unsigned int, (conn->mtu - hlen), len);
1551 skb = bt_skb_send_alloc(sk, count + hlen,
1552 msg->msg_flags & MSG_DONTWAIT, &err);
1553 if (!skb)
0175d629 1554 return ERR_PTR(err);
1c2acffb
GP		 1555
1556 /* Create L2CAP header */
1557 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1558 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1559 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1560 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1561 if (sdulen)
1562 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1563
1564 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1565 if (unlikely(err < 0)) {
1566 kfree_skb(skb);
1567 return ERR_PTR(err);
1568 }
e90bac06 1569
47d1ec61 1570 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1571 put_unaligned_le16(0, skb_put(skb, 2));
1572
e90bac06 1573 bt_cb(skb)->retries = 0;
1c2acffb 1574 return skb;
1da177e4
LT		 1575}
1576
67c9e840 1577static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1578{
c74e560c
GP		 1579 struct sk_buff *skb;
1580 struct sk_buff_head sar_queue;
1581 u16 control;
1582 size_t size = 0;
1583
ff12fd64 1584 skb_queue_head_init(&sar_queue);
c74e560c 1585 control = L2CAP_SDU_START;
47d1ec61 1586 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1587 if (IS_ERR(skb))
1588 return PTR_ERR(skb);
1589
1590 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1591 len -= chan->remote_mps;
1592 size += chan->remote_mps;
c74e560c
GP		 1593
1594 while (len > 0) {
1595 size_t buflen;
1596
2c03a7a4 1597 if (len > chan->remote_mps) {
44651b85 1598 control = L2CAP_SDU_CONTINUE;
2c03a7a4 1599 buflen = chan->remote_mps;
c74e560c 1600 } else {
44651b85 1601 control = L2CAP_SDU_END;
c74e560c
GP		 1602 buflen = len;
1603 }
1604
47d1ec61 1605 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1606 if (IS_ERR(skb)) {
1607 skb_queue_purge(&sar_queue);
1608 return PTR_ERR(skb);
1609 }
1610
1611 __skb_queue_tail(&sar_queue, skb);
1612 len -= buflen;
1613 size += buflen;
c74e560c 1614 }
58d35f87
GP		 1615 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1616 if (chan->tx_send_head == NULL)
1617 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1618
1619 return size;
1620}
1621
9a91a04a
GP		 1622int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1623{
9a91a04a
GP		 1624 struct sk_buff *skb;
1625 u16 control;
1626 int err;
1627
1628 /* Connectionless channel */
715ec005 1629 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
9a91a04a
GP		 1630 skb = l2cap_create_connless_pdu(chan, msg, len);
1631 if (IS_ERR(skb))
1632 return PTR_ERR(skb);
1633
1634 l2cap_do_send(chan, skb);
1635 return len;
1636 }
1637
1638 switch (chan->mode) {
1639 case L2CAP_MODE_BASIC:
1640 /* Check outgoing MTU */
1641 if (len > chan->omtu)
1642 return -EMSGSIZE;
1643
1644 /* Create a basic PDU */
1645 skb = l2cap_create_basic_pdu(chan, msg, len);
1646 if (IS_ERR(skb))
1647 return PTR_ERR(skb);
1648
1649 l2cap_do_send(chan, skb);
1650 err = len;
1651 break;
1652
1653 case L2CAP_MODE_ERTM:
1654 case L2CAP_MODE_STREAMING:
1655 /* Entire SDU fits into one PDU */
1656 if (len <= chan->remote_mps) {
1657 control = L2CAP_SDU_UNSEGMENTED;
1658 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1659 0);
1660 if (IS_ERR(skb))
1661 return PTR_ERR(skb);
1662
1663 __skb_queue_tail(&chan->tx_q, skb);
1664
1665 if (chan->tx_send_head == NULL)
1666 chan->tx_send_head = skb;
1667
1668 } else {
1669 /* Segment SDU into multiples PDUs */
1670 err = l2cap_sar_segment_sdu(chan, msg, len);
1671 if (err < 0)
1672 return err;
1673 }
1674
1675 if (chan->mode == L2CAP_MODE_STREAMING) {
1676 l2cap_streaming_send(chan);
1677 err = len;
1678 break;
1679 }
1680
e2ab4353
GP		 1681 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1682 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1683 err = len;
1684 break;
1685 }
1686
1687 err = l2cap_ertm_send(chan);
1688 if (err >= 0)
1689 err = len;
1690
1691 break;
1692
1693 default:
1694 BT_DBG("bad state %1.1x", chan->mode);
1695 err = -EBADFD;
1696 }
1697
1698 return err;
1699}
1700
1da177e4
LT		 1701/* Copy frame to all raw sockets on that connection */
1702static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1703{
1da177e4 1704 struct sk_buff *nskb;
48454079 1705 struct l2cap_chan *chan;
1da177e4
LT		 1706
1707 BT_DBG("conn %p", conn);
1708
baa7e1fa
GP		 1709 read_lock(&conn->chan_lock);
1710 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1711 struct sock *sk = chan->sk;
715ec005 1712 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1713 continue;
1714
1715 /* Don't send frame to the socket it came from */
1716 if (skb->sk == sk)
1717 continue;
af05b30b
GP		 1718 nskb = skb_clone(skb, GFP_ATOMIC);
1719 if (!nskb)
1da177e4
LT		 1720 continue;
1721
23070494 1722 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1723 kfree_skb(nskb);
1724 }
baa7e1fa 1725 read_unlock(&conn->chan_lock);
1da177e4
LT		 1726}
1727
1728/* ---- L2CAP signalling commands ---- */
1729static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1730 u8 code, u8 ident, u16 dlen, void *data)
1731{
1732 struct sk_buff *skb, **frag;
1733 struct l2cap_cmd_hdr *cmd;
1734 struct l2cap_hdr *lh;
1735 int len, count;
1736
af05b30b
GP		 1737 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1738 conn, code, ident, dlen);
1da177e4
LT		 1739
1740 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1741 count = min_t(unsigned int, conn->mtu, len);
1742
1743 skb = bt_skb_alloc(count, GFP_ATOMIC);
1744 if (!skb)
1745 return NULL;
1746
1747 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1748 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1749
1750 if (conn->hcon->type == LE_LINK)
1751 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1752 else
1753 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1754
1755 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1756 cmd->code = code;
1757 cmd->ident = ident;
aca3192c 1758 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1759
1760 if (dlen) {
1761 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1762 memcpy(skb_put(skb, count), data, count);
1763 data += count;
1764 }
1765
1766 len -= skb->len;
1767
1768 /* Continuation fragments (no L2CAP header) */
1769 frag = &skb_shinfo(skb)->frag_list;
1770 while (len) {
1771 count = min_t(unsigned int, conn->mtu, len);
1772
1773 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1774 if (!*frag)
1775 goto fail;
1776
1777 memcpy(skb_put(*frag, count), data, count);
1778
1779 len -= count;
1780 data += count;
1781
1782 frag = &(*frag)->next;
1783 }
1784
1785 return skb;
1786
1787fail:
1788 kfree_skb(skb);
1789 return NULL;
1790}
1791
1792static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1793{
1794 struct l2cap_conf_opt *opt = *ptr;
1795 int len;
1796
1797 len = L2CAP_CONF_OPT_SIZE + opt->len;
1798 *ptr += len;
1799
1800 *type = opt->type;
1801 *olen = opt->len;
1802
1803 switch (opt->len) {
1804 case 1:
1805 *val = *((u8 *) opt->val);
1806 break;
1807
1808 case 2:
bfaaeb3e 1809 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1810 break;
1811
1812 case 4:
bfaaeb3e 1813 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1814 break;
1815
1816 default:
1817 *val = (unsigned long) opt->val;
1818 break;
1819 }
1820
1821 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1822 return len;
1823}
1824
1da177e4
LT		 1825static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1826{
1827 struct l2cap_conf_opt *opt = *ptr;
1828
1829 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1830
1831 opt->type = type;
1832 opt->len = len;
1833
1834 switch (len) {
1835 case 1:
1836 *((u8 *) opt->val) = val;
1837 break;
1838
1839 case 2:
4f8b691c 1840 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1841 break;
1842
1843 case 4:
4f8b691c 1844 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1845 break;
1846
1847 default:
1848 memcpy(opt->val, (void *) val, len);
1849 break;
1850 }
1851
1852 *ptr += L2CAP_CONF_OPT_SIZE + len;
1853}
1854
c1b4f43b
GP		 1855static void l2cap_ack_timeout(unsigned long arg)
1856{
525cd185 1857 struct l2cap_chan *chan = (void *) arg;
c1b4f43b 1858
525cd185
GP		 1859 bh_lock_sock(chan->sk);
1860 l2cap_send_ack(chan);
1861 bh_unlock_sock(chan->sk);
c1b4f43b
GP		 1862}
1863
525cd185 1864static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 1865{
525cd185
GP		 1866 struct sock *sk = chan->sk;
1867
42e5c802 1868 chan->expected_ack_seq = 0;
6a026610 1869 chan->unacked_frames = 0;
42e5c802 1870 chan->buffer_seq = 0;
6a026610
GP		 1871 chan->num_acked = 0;
1872 chan->frames_sent = 0;
0565c1c2 1873
e92c8e70
GP		 1874 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1875 (unsigned long) chan);
1876 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1877 (unsigned long) chan);
1878 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
0565c1c2 1879
f1c6775b 1880 skb_queue_head_init(&chan->srej_q);
1890d36b 1881
39d5a3ee
GP		 1882 INIT_LIST_HEAD(&chan->srej_l);
1883
218bb9df
GP		 1884
1885 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1886}
1887
f2fcfcd6
GP		 1888static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1889{
1890 switch (mode) {
1891 case L2CAP_MODE_STREAMING:
1892 case L2CAP_MODE_ERTM:
1893 if (l2cap_mode_supported(mode, remote_feat_mask))
1894 return mode;
1895 /* fall through */
1896 default:
1897 return L2CAP_MODE_BASIC;
1898 }
1899}
1900
710f9b0a 1901static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1902{
1da177e4 1903 struct l2cap_conf_req *req = data;
0c1bc5c6 1904 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4
LT		 1905 void *ptr = req->data;
1906
49208c9c 1907 BT_DBG("chan %p", chan);
1da177e4 1908
73ffa904 1909 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 1910 goto done;
1911
0c1bc5c6 1912 switch (chan->mode) {
f2fcfcd6
GP		 1913 case L2CAP_MODE_STREAMING:
1914 case L2CAP_MODE_ERTM:
c1360a1c 1915 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 1916 break;
85eb53c6 1917
2ba13ed6 1918 /* fall through */
f2fcfcd6 1919 default:
8c1d787b 1920 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 1921 break;
1922 }
1923
1924done:
0c1bc5c6
GP		 1925 if (chan->imtu != L2CAP_DEFAULT_MTU)
1926 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 1927
0c1bc5c6 1928 switch (chan->mode) {
65c7c491 1929 case L2CAP_MODE_BASIC:
8c1d787b
GP		 1930 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1931 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 1932 break;
1933
62547752
GP		 1934 rfc.mode = L2CAP_MODE_BASIC;
1935 rfc.txwin_size = 0;
1936 rfc.max_transmit = 0;
1937 rfc.retrans_timeout = 0;
1938 rfc.monitor_timeout = 0;
1939 rfc.max_pdu_size = 0;
1940
63406504
GP		 1941 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1942 (unsigned long) &rfc);
65c7c491
MH		 1943 break;
1944
1945 case L2CAP_MODE_ERTM:
1946 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61
GP		 1947 rfc.txwin_size = chan->tx_win;
1948 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 1949 rfc.retrans_timeout = 0;
1950 rfc.monitor_timeout = 0;
c74e560c 1951 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1952 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1953 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
f2fcfcd6 1954
63406504
GP		 1955 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1956 (unsigned long) &rfc);
1957
8c1d787b 1958 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1959 break;
1960
47d1ec61 1961 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 1962 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 1963 chan->fcs = L2CAP_FCS_NONE;
1964 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1965 }
f2fcfcd6
GP		 1966 break;
1967
1968 case L2CAP_MODE_STREAMING:
1969 rfc.mode = L2CAP_MODE_STREAMING;
1970 rfc.txwin_size = 0;
1971 rfc.max_transmit = 0;
1972 rfc.retrans_timeout = 0;
1973 rfc.monitor_timeout = 0;
c74e560c 1974 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1975 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1976 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
65c7c491 1977
63406504
GP		 1978 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1979 (unsigned long) &rfc);
1980
8c1d787b 1981 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1982 break;
1983
47d1ec61 1984 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 1985 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 1986 chan->fcs = L2CAP_FCS_NONE;
1987 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1988 }
65c7c491
MH		 1989 break;
1990 }
1da177e4 1991
fe4128e0 1992 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 1993 req->flags = cpu_to_le16(0);
1da177e4
LT		 1994
1995 return ptr - data;
1996}
1997
73ffa904 1998static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1999{
5dee9e7c
MH		 2000 struct l2cap_conf_rsp *rsp = data;
2001 void *ptr = rsp->data;
73ffa904
GP		 2002 void *req = chan->conf_req;
2003 int len = chan->conf_len;
5dee9e7c
MH		 2004 int type, hint, olen;
2005 unsigned long val;
6464f35f 2006 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 2007 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2008 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 2009
73ffa904 2010 BT_DBG("chan %p", chan);
820ae1b8 2011
5dee9e7c
MH		 2012 while (len >= L2CAP_CONF_OPT_SIZE) {
2013 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2014
589d2746 2015 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2016 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2017
2018 switch (type) {
2019 case L2CAP_CONF_MTU:
861d6882 2020 mtu = val;
5dee9e7c
MH		 2021 break;
2022
2023 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2024 chan->flush_to = val;
5dee9e7c
MH		 2025 break;
2026
2027 case L2CAP_CONF_QOS:
2028 break;
2029
6464f35f
MH		 2030 case L2CAP_CONF_RFC:
2031 if (olen == sizeof(rfc))
2032 memcpy(&rfc, (void *) val, olen);
2033 break;
2034
fcc203c3
GP		 2035 case L2CAP_CONF_FCS:
2036 if (val == L2CAP_FCS_NONE)
c1360a1c 2037 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
fcc203c3
GP		 2038
2039 break;
2040
5dee9e7c
MH		 2041 default:
2042 if (hint)
2043 break;
2044
2045 result = L2CAP_CONF_UNKNOWN;
2046 *((u8 *) ptr++) = type;
2047 break;
2048 }
2049 }
2050
73ffa904 2051 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2052 goto done;
2053
0c1bc5c6 2054 switch (chan->mode) {
f2fcfcd6
GP		 2055 case L2CAP_MODE_STREAMING:
2056 case L2CAP_MODE_ERTM:
c1360a1c 2057 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2058 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2059 chan->conn->feat_mask);
85eb53c6
GP		 2060 break;
2061 }
2062
0c1bc5c6 2063 if (chan->mode != rfc.mode)
f2fcfcd6 2064 return -ECONNREFUSED;
742e519b 2065
f2fcfcd6 2066 break;
f2fcfcd6
GP		 2067 }
2068
2069done:
0c1bc5c6 2070 if (chan->mode != rfc.mode) {
f2fcfcd6 2071 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2072 rfc.mode = chan->mode;
f2fcfcd6 2073
73ffa904 2074 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2075 return -ECONNREFUSED;
2076
2077 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2078 sizeof(rfc), (unsigned long) &rfc);
2079 }
2080
2081
5dee9e7c
MH		 2082 if (result == L2CAP_CONF_SUCCESS) {
2083 /* Configure output options and let the other side know
2084 * which ones we don't like. */
2085
f2fcfcd6
GP		 2086 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2087 result = L2CAP_CONF_UNACCEPT;
2088 else {
0c1bc5c6 2089 chan->omtu = mtu;
c1360a1c 2090 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2091 }
0c1bc5c6 2092 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2093
f2fcfcd6
GP		 2094 switch (rfc.mode) {
2095 case L2CAP_MODE_BASIC:
47d1ec61 2096 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2097 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2098 break;
2099
2100 case L2CAP_MODE_ERTM:
2c03a7a4
GP		 2101 chan->remote_tx_win = rfc.txwin_size;
2102 chan->remote_max_tx = rfc.max_transmit;
86b1b263 2103
8c1d787b
GP		 2104 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2105 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2106
2c03a7a4 2107 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2108
10467e9e
GP		 2109 rfc.retrans_timeout =
2110 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2111 rfc.monitor_timeout =
2112 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2113
c1360a1c 2114 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2115
2116 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2117 sizeof(rfc), (unsigned long) &rfc);
2118
f2fcfcd6
GP		 2119 break;
2120
2121 case L2CAP_MODE_STREAMING:
8c1d787b
GP		 2122 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2123 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2124
2c03a7a4 2125 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2126
c1360a1c 2127 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2128
2129 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2130 sizeof(rfc), (unsigned long) &rfc);
2131
f2fcfcd6
GP		 2132 break;
2133
2134 default:
5dee9e7c 2135 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2136
6464f35f 2137 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2138 rfc.mode = chan->mode;
f2fcfcd6 2139 }
6464f35f 2140
f2fcfcd6 2141 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2142 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2143 }
fe4128e0 2144 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2145 rsp->result = cpu_to_le16(result);
2146 rsp->flags = cpu_to_le16(0x0000);
2147
2148 return ptr - data;
1da177e4
LT		 2149}
2150
b4450035 2151static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2152{
f2fcfcd6
GP		 2153 struct l2cap_conf_req *req = data;
2154 void *ptr = req->data;
2155 int type, olen;
2156 unsigned long val;
2157 struct l2cap_conf_rfc rfc;
2158
fe4128e0 2159 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2160
2161 while (len >= L2CAP_CONF_OPT_SIZE) {
2162 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2163
2164 switch (type) {
2165 case L2CAP_CONF_MTU:
2166 if (val < L2CAP_DEFAULT_MIN_MTU) {
2167 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2168 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2169 } else
0c1bc5c6
GP		 2170 chan->imtu = val;
2171 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2172 break;
2173
2174 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2175 chan->flush_to = val;
f2fcfcd6 2176 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2177 2, chan->flush_to);
f2fcfcd6
GP		 2178 break;
2179
2180 case L2CAP_CONF_RFC:
2181 if (olen == sizeof(rfc))
2182 memcpy(&rfc, (void *)val, olen);
2183
c1360a1c 2184 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2185 rfc.mode != chan->mode)
f2fcfcd6
GP		 2186 return -ECONNREFUSED;
2187
47d1ec61 2188 chan->fcs = 0;
f2fcfcd6
GP		 2189
2190 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2191 sizeof(rfc), (unsigned long) &rfc);
2192 break;
2193 }
2194 }
2195
0c1bc5c6 2196 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2197 return -ECONNREFUSED;
2198
0c1bc5c6 2199 chan->mode = rfc.mode;
6c2ea7a8 2200
f2fcfcd6
GP		 2201 if (*result == L2CAP_CONF_SUCCESS) {
2202 switch (rfc.mode) {
2203 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2204 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2205 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2206 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2207 break;
2208 case L2CAP_MODE_STREAMING:
47d1ec61 2209 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2210 }
2211 }
2212
fe4128e0 2213 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2214 req->flags = cpu_to_le16(0x0000);
2215
2216 return ptr - data;
2217}
2218
fe4128e0 2219static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2220{
2221 struct l2cap_conf_rsp *rsp = data;
2222 void *ptr = rsp->data;
1da177e4 2223
fe4128e0 2224 BT_DBG("chan %p", chan);
1da177e4 2225
fe4128e0 2226 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2227 rsp->result = cpu_to_le16(result);
aca3192c 2228 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2229
2230 return ptr - data;
2231}
2232
8c1d787b 2233void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2234{
2235 struct l2cap_conn_rsp rsp;
8c1d787b 2236 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2237 u8 buf[128];
2238
fe4128e0
GP		 2239 rsp.scid = cpu_to_le16(chan->dcid);
2240 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2241 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2242 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2243 l2cap_send_cmd(conn, chan->ident,
2244 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2245
c1360a1c 2246 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2247 return;
2248
710f9b0a
GP		 2249 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2250 l2cap_build_conf_req(chan, buf), buf);
2251 chan->num_conf_req++;
2252}
2253
47d1ec61 2254static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2255{
7b1c0049
GP		 2256 int type, olen;
2257 unsigned long val;
2258 struct l2cap_conf_rfc rfc;
2259
47d1ec61 2260 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2261
0c1bc5c6 2262 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2263 return;
2264
2265 while (len >= L2CAP_CONF_OPT_SIZE) {
2266 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2267
2268 switch (type) {
2269 case L2CAP_CONF_RFC:
2270 if (olen == sizeof(rfc))
2271 memcpy(&rfc, (void *)val, olen);
2272 goto done;
2273 }
2274 }
2275
2276done:
2277 switch (rfc.mode) {
2278 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2279 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2280 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2281 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2282 break;
2283 case L2CAP_MODE_STREAMING:
47d1ec61 2284 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2285 }
2286}
2287
4e8402a3
MH		 2288static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2289{
e2fd318e 2290 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2291
e2fd318e 2292 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2293 return 0;
2294
2295 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2296 cmd->ident == conn->info_ident) {
4e8402a3 2297 del_timer(&conn->info_timer);
984947dc
MH		 2298
2299 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2300 conn->info_ident = 0;
984947dc 2301
4e8402a3
MH		 2302 l2cap_conn_start(conn);
2303 }
2304
2305 return 0;
2306}
2307
1da177e4
LT		 2308static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2309{
1da177e4
LT		 2310 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2311 struct l2cap_conn_rsp rsp;
23691d75 2312 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2313 struct sock *parent, *sk = NULL;
e7c29cb1 2314 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2315
2316 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2317 __le16 psm = req->psm;
1da177e4
LT		 2318
2319 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2320
2321 /* Check if we have socket listening on psm */
23691d75
GP		 2322 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2323 if (!pchan) {
1da177e4
LT		 2324 result = L2CAP_CR_BAD_PSM;
2325 goto sendresp;
2326 }
2327
23691d75
GP		 2328 parent = pchan->sk;
2329
e0f0cb56
GP		 2330 bh_lock_sock(parent);
2331
e7c29cb1
MH		 2332 /* Check if the ACL is secure enough (if not SDP) */
2333 if (psm != cpu_to_le16(0x0001) &&
2334 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2335 conn->disc_reason = 0x05;
e7c29cb1
MH		 2336 result = L2CAP_CR_SEC_BLOCK;
2337 goto response;
2338 }
2339
1da177e4
LT		 2340 result = L2CAP_CR_NO_MEM;
2341
2342 /* Check for backlog size */
2343 if (sk_acceptq_is_full(parent)) {
8e87d142 2344 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2345 goto response;
2346 }
2347
80808e43
GP		 2348 chan = pchan->ops->new_connection(pchan->data);
2349 if (!chan)
1da177e4
LT		 2350 goto response;
2351
80808e43
GP		 2352 sk = chan->sk;
2353
baa7e1fa 2354 write_lock_bh(&conn->chan_lock);
1da177e4
LT		 2355
2356 /* Check if we already have channel with that dcid */
baa7e1fa
GP		 2357 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2358 write_unlock_bh(&conn->chan_lock);
1da177e4 2359 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2360 chan->ops->close(chan->data);
1da177e4
LT		 2361 goto response;
2362 }
2363
2364 hci_conn_hold(conn->hcon);
2365
1da177e4
LT		 2366 bacpy(&bt_sk(sk)->src, conn->src);
2367 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2368 chan->psm = psm;
2369 chan->dcid = scid;
1da177e4 2370
d1010240
GP		 2371 bt_accept_enqueue(parent, sk);
2372
48454079
GP		 2373 __l2cap_chan_add(conn, chan);
2374
fe4128e0 2375 dcid = chan->scid;
1da177e4 2376
c9b66675 2377 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2378
fc7f8a7e 2379 chan->ident = cmd->ident;
1da177e4 2380
984947dc 2381 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
4343478f 2382 if (l2cap_check_security(chan)) {
f66dc81f 2383 if (bt_sk(sk)->defer_setup) {
89bc500e 2384 l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2385 result = L2CAP_CR_PEND;
2386 status = L2CAP_CS_AUTHOR_PEND;
2387 parent->sk_data_ready(parent, 0);
2388 } else {
89bc500e 2389 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2390 result = L2CAP_CR_SUCCESS;
2391 status = L2CAP_CS_NO_INFO;
2392 }
79d554a6 2393 } else {
89bc500e 2394 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2395 result = L2CAP_CR_PEND;
2396 status = L2CAP_CS_AUTHEN_PEND;
2397 }
2398 } else {
89bc500e 2399 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2400 result = L2CAP_CR_PEND;
2401 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2402 }
2403
baa7e1fa 2404 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2405
2406response:
2407 bh_unlock_sock(parent);
2408
2409sendresp:
aca3192c
YH		 2410 rsp.scid = cpu_to_le16(scid);
2411 rsp.dcid = cpu_to_le16(dcid);
2412 rsp.result = cpu_to_le16(result);
2413 rsp.status = cpu_to_le16(status);
1da177e4 2414 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2415
2416 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2417 struct l2cap_info_req info;
2418 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2419
2420 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2421 conn->info_ident = l2cap_get_ident(conn);
2422
2423 mod_timer(&conn->info_timer, jiffies +
2424 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2425
2426 l2cap_send_cmd(conn, conn->info_ident,
2427 L2CAP_INFO_REQ, sizeof(info), &info);
2428 }
2429
c1360a1c 2430 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2431 result == L2CAP_CR_SUCCESS) {
2432 u8 buf[128];
c1360a1c 2433 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2434 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2435 l2cap_build_conf_req(chan, buf), buf);
2436 chan->num_conf_req++;
e9aeb2dd
GP		 2437 }
2438
1da177e4
LT		 2439 return 0;
2440}
2441
2442static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2443{
2444 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2445 u16 scid, dcid, result, status;
48454079 2446 struct l2cap_chan *chan;
1da177e4
LT		 2447 struct sock *sk;
2448 u8 req[128];
2449
2450 scid = __le16_to_cpu(rsp->scid);
2451 dcid = __le16_to_cpu(rsp->dcid);
2452 result = __le16_to_cpu(rsp->result);
2453 status = __le16_to_cpu(rsp->status);
2454
2455 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2456
2457 if (scid) {
baa7e1fa 2458 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2459 if (!chan)
57d3b22b 2460 return -EFAULT;
1da177e4 2461 } else {
baa7e1fa 2462 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
48454079 2463 if (!chan)
57d3b22b 2464 return -EFAULT;
1da177e4
LT		 2465 }
2466
48454079
GP		 2467 sk = chan->sk;
2468
1da177e4
LT		 2469 switch (result) {
2470 case L2CAP_CR_SUCCESS:
89bc500e 2471 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2472 chan->ident = 0;
fe4128e0 2473 chan->dcid = dcid;
c1360a1c 2474 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2475
c1360a1c 2476 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2477 break;
2478
1da177e4 2479 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2480 l2cap_build_conf_req(chan, req), req);
2481 chan->num_conf_req++;
1da177e4
LT		 2482 break;
2483
2484 case L2CAP_CR_PEND:
c1360a1c 2485 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2486 break;
2487
2488 default:
a49184c2
AE		 2489 /* don't delete l2cap channel if sk is owned by user */
2490 if (sock_owned_by_user(sk)) {
89bc500e 2491 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2492 __clear_chan_timer(chan);
2493 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2494 break;
2495 }
2496
48454079 2497 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2498 break;
2499 }
2500
2501 bh_unlock_sock(sk);
2502 return 0;
2503}
2504
47d1ec61 2505static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2506{
2507 /* FCS is enabled only in ERTM or streaming mode, if one or both
2508 * sides request it.
2509 */
0c1bc5c6 2510 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2511 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2512 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2513 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2514}
2515
88219a0f 2516static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2517{
2518 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2519 u16 dcid, flags;
2520 u8 rsp[64];
48454079 2521 struct l2cap_chan *chan;
1da177e4 2522 struct sock *sk;
5dee9e7c 2523 int len;
1da177e4
LT		 2524
2525 dcid = __le16_to_cpu(req->dcid);
2526 flags = __le16_to_cpu(req->flags);
2527
2528 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2529
baa7e1fa 2530 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2531 if (!chan)
1da177e4
LT		 2532 return -ENOENT;
2533
48454079
GP		 2534 sk = chan->sk;
2535
033b1142 2536 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2537 struct l2cap_cmd_rej_cid rej;
2538
2539 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2540 rej.scid = cpu_to_le16(chan->scid);
2541 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2542
df6bd743
GP		 2543 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2544 sizeof(rej), &rej);
354f60a9 2545 goto unlock;
df6bd743 2546 }
354f60a9 2547
5dee9e7c 2548 /* Reject if config buffer is too small. */
88219a0f 2549 len = cmd_len - sizeof(*req);
7ac28817 2550 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2551 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2552 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2553 L2CAP_CONF_REJECT, flags), rsp);
2554 goto unlock;
2555 }
2556
2557 /* Store config. */
73ffa904
GP		 2558 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2559 chan->conf_len += len;
1da177e4
LT		 2560
2561 if (flags & 0x0001) {
2562 /* Incomplete config. Send empty response. */
2563 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2564 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2565 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2566 goto unlock;
2567 }
2568
2569 /* Complete config. */
73ffa904 2570 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2571 if (len < 0) {
e92c8e70 2572 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2573 goto unlock;
f2fcfcd6 2574 }
1da177e4 2575
5dee9e7c 2576 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2577 chan->num_conf_rsp++;
5dee9e7c 2578
5dee9e7c 2579 /* Reset config buffer. */
73ffa904 2580 chan->conf_len = 0;
5dee9e7c 2581
c1360a1c 2582 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2583 goto unlock;
2584
c1360a1c 2585 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2586 set_default_fcs(chan);
fcc203c3 2587
89bc500e 2588 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2589
42e5c802
GP		 2590 chan->next_tx_seq = 0;
2591 chan->expected_tx_seq = 0;
58d35f87 2592 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2593 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2594 l2cap_ertm_init(chan);
0565c1c2 2595
1da177e4 2596 l2cap_chan_ready(sk);
876d9484
MH		 2597 goto unlock;
2598 }
2599
c1360a1c 2600 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2601 u8 buf[64];
1da177e4 2602 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2603 l2cap_build_conf_req(chan, buf), buf);
2604 chan->num_conf_req++;
1da177e4
LT		 2605 }
2606
2607unlock:
2608 bh_unlock_sock(sk);
2609 return 0;
2610}
2611
2612static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2613{
2614 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2615 u16 scid, flags, result;
48454079 2616 struct l2cap_chan *chan;
1da177e4 2617 struct sock *sk;
7b1c0049 2618 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2619
2620 scid = __le16_to_cpu(rsp->scid);
2621 flags = __le16_to_cpu(rsp->flags);
2622 result = __le16_to_cpu(rsp->result);
2623
af05b30b
GP		 2624 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2625 scid, flags, result);
1da177e4 2626
baa7e1fa 2627 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2628 if (!chan)
1da177e4
LT		 2629 return 0;
2630
48454079
GP		 2631 sk = chan->sk;
2632
1da177e4
LT		 2633 switch (result) {
2634 case L2CAP_CONF_SUCCESS:
47d1ec61 2635 l2cap_conf_rfc_get(chan, rsp->data, len);
1da177e4
LT		 2636 break;
2637
2638 case L2CAP_CONF_UNACCEPT:
73ffa904 2639 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2640 char req[64];
2641
c2c77ec8 2642 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2643 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2644 goto done;
2645 }
2646
f2fcfcd6
GP		 2647 /* throw out any old stored conf requests */
2648 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2649 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2650 req, &result);
f2fcfcd6 2651 if (len < 0) {
e92c8e70 2652 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2653 goto done;
2654 }
2655
2656 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2657 L2CAP_CONF_REQ, len, req);
73ffa904 2658 chan->num_conf_req++;
f2fcfcd6
GP		 2659 if (result != L2CAP_CONF_SUCCESS)
2660 goto done;
2661 break;
1da177e4
LT		 2662 }
2663
8e87d142 2664 default:
b1235d79 2665 sk->sk_err = ECONNRESET;
c9b66675 2666 __set_chan_timer(chan, HZ * 5);
e92c8e70 2667 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 2668 goto done;
2669 }
2670
2671 if (flags & 0x01)
2672 goto done;
2673
c1360a1c 2674 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 2675
c1360a1c 2676 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 2677 set_default_fcs(chan);
fcc203c3 2678
89bc500e 2679 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 2680 chan->next_tx_seq = 0;
2681 chan->expected_tx_seq = 0;
58d35f87 2682 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2683 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2684 l2cap_ertm_init(chan);
0565c1c2 2685
1da177e4
LT		 2686 l2cap_chan_ready(sk);
2687 }
2688
2689done:
2690 bh_unlock_sock(sk);
2691 return 0;
2692}
2693
2694static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2695{
2696 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2697 struct l2cap_disconn_rsp rsp;
2698 u16 dcid, scid;
48454079 2699 struct l2cap_chan *chan;
1da177e4
LT		 2700 struct sock *sk;
2701
2702 scid = __le16_to_cpu(req->scid);
2703 dcid = __le16_to_cpu(req->dcid);
2704
2705 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2706
baa7e1fa 2707 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2708 if (!chan)
1da177e4
LT		 2709 return 0;
2710
48454079
GP		 2711 sk = chan->sk;
2712
fe4128e0
GP		 2713 rsp.dcid = cpu_to_le16(chan->scid);
2714 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 2715 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2716
2717 sk->sk_shutdown = SHUTDOWN_MASK;
2718
a49184c2
AE		 2719 /* don't delete l2cap channel if sk is owned by user */
2720 if (sock_owned_by_user(sk)) {
89bc500e 2721 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2722 __clear_chan_timer(chan);
2723 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2724 bh_unlock_sock(sk);
2725 return 0;
2726 }
2727
48454079 2728 l2cap_chan_del(chan, ECONNRESET);
1da177e4
LT		 2729 bh_unlock_sock(sk);
2730
ba3bd0ee 2731 chan->ops->close(chan->data);
1da177e4
LT		 2732 return 0;
2733}
2734
2735static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2736{
2737 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2738 u16 dcid, scid;
48454079 2739 struct l2cap_chan *chan;
1da177e4
LT		 2740 struct sock *sk;
2741
2742 scid = __le16_to_cpu(rsp->scid);
2743 dcid = __le16_to_cpu(rsp->dcid);
2744
2745 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2746
baa7e1fa 2747 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2748 if (!chan)
1da177e4
LT		 2749 return 0;
2750
48454079
GP		 2751 sk = chan->sk;
2752
a49184c2
AE		 2753 /* don't delete l2cap channel if sk is owned by user */
2754 if (sock_owned_by_user(sk)) {
89bc500e 2755 l2cap_state_change(chan,BT_DISCONN);
c9b66675
GP		 2756 __clear_chan_timer(chan);
2757 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2758 bh_unlock_sock(sk);
2759 return 0;
2760 }
2761
48454079 2762 l2cap_chan_del(chan, 0);
1da177e4
LT		 2763 bh_unlock_sock(sk);
2764
ba3bd0ee 2765 chan->ops->close(chan->data);
1da177e4
LT		 2766 return 0;
2767}
2768
2769static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2770{
2771 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2772 u16 type;
2773
2774 type = __le16_to_cpu(req->type);
2775
2776 BT_DBG("type 0x%4.4x", type);
2777
f0709e03
MH		 2778 if (type == L2CAP_IT_FEAT_MASK) {
2779 u8 buf[8];
44dd46de 2780 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2781 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2782 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2783 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2784 if (!disable_ertm)
fcc203c3
GP		 2785 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2786 | L2CAP_FEAT_FCS;
a5fd6f30
AE		 2787 if (enable_hs)
2788 feat_mask |= L2CAP_FEAT_EXT_FLOW;
2789
1b7bf4ed 2790 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2791 l2cap_send_cmd(conn, cmd->ident,
2792 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2793 } else if (type == L2CAP_IT_FIXED_CHAN) {
2794 u8 buf[12];
2795 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2796 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2797 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2798 memcpy(buf + 4, l2cap_fixed_chan, 8);
2799 l2cap_send_cmd(conn, cmd->ident,
2800 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2801 } else {
2802 struct l2cap_info_rsp rsp;
2803 rsp.type = cpu_to_le16(type);
2804 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2805 l2cap_send_cmd(conn, cmd->ident,
2806 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2807 }
1da177e4
LT		 2808
2809 return 0;
2810}
2811
2812static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2813{
2814 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2815 u16 type, result;
2816
2817 type = __le16_to_cpu(rsp->type);
2818 result = __le16_to_cpu(rsp->result);
2819
2820 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2821
e90165be
AE		 2822 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2823 if (cmd->ident != conn->info_ident ||
2824 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2825 return 0;
2826
4e8402a3
MH		 2827 del_timer(&conn->info_timer);
2828
adb08ede
VT		 2829 if (result != L2CAP_IR_SUCCESS) {
2830 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2831 conn->info_ident = 0;
2832
2833 l2cap_conn_start(conn);
2834
2835 return 0;
2836 }
2837
984947dc 2838 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2839 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2840
47ec1dcd 2841 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2842 struct l2cap_info_req req;
2843 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2844
2845 conn->info_ident = l2cap_get_ident(conn);
2846
2847 l2cap_send_cmd(conn, conn->info_ident,
2848 L2CAP_INFO_REQ, sizeof(req), &req);
2849 } else {
2850 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2851 conn->info_ident = 0;
2852
2853 l2cap_conn_start(conn);
2854 }
2855 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2856 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2857 conn->info_ident = 0;
984947dc
MH		 2858
2859 l2cap_conn_start(conn);
2860 }
4e8402a3 2861
1da177e4
LT		 2862 return 0;
2863}
2864
e2174ca4 2865static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 2866 u16 to_multiplier)
2867{
2868 u16 max_latency;
2869
2870 if (min > max || min < 6 || max > 3200)
2871 return -EINVAL;
2872
2873 if (to_multiplier < 10 || to_multiplier > 3200)
2874 return -EINVAL;
2875
2876 if (max >= to_multiplier * 8)
2877 return -EINVAL;
2878
2879 max_latency = (to_multiplier * 8 / max) - 1;
2880 if (latency > 499 || latency > max_latency)
2881 return -EINVAL;
2882
2883 return 0;
2884}
2885
2886static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2887 struct l2cap_cmd_hdr *cmd, u8 *data)
2888{
2889 struct hci_conn *hcon = conn->hcon;
2890 struct l2cap_conn_param_update_req *req;
2891 struct l2cap_conn_param_update_rsp rsp;
2892 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 2893 int err;
de73115a
CT		 2894
2895 if (!(hcon->link_mode & HCI_LM_MASTER))
2896 return -EINVAL;
2897
2898 cmd_len = __le16_to_cpu(cmd->len);
2899 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2900 return -EPROTO;
2901
2902 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 2903 min = __le16_to_cpu(req->min);
2904 max = __le16_to_cpu(req->max);
de73115a
CT		 2905 latency = __le16_to_cpu(req->latency);
2906 to_multiplier = __le16_to_cpu(req->to_multiplier);
2907
2908 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2909 min, max, latency, to_multiplier);
2910
2911 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 2912
2913 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2914 if (err)
de73115a
CT		 2915 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2916 else
2917 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2918
2919 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2920 sizeof(rsp), &rsp);
2921
2ce603eb
CT		 2922 if (!err)
2923 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2924
de73115a
CT		 2925 return 0;
2926}
2927
3300d9a9
CT		 2928static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2929 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2930{
2931 int err = 0;
2932
2933 switch (cmd->code) {
2934 case L2CAP_COMMAND_REJ:
2935 l2cap_command_rej(conn, cmd, data);
2936 break;
2937
2938 case L2CAP_CONN_REQ:
2939 err = l2cap_connect_req(conn, cmd, data);
2940 break;
2941
2942 case L2CAP_CONN_RSP:
2943 err = l2cap_connect_rsp(conn, cmd, data);
2944 break;
2945
2946 case L2CAP_CONF_REQ:
2947 err = l2cap_config_req(conn, cmd, cmd_len, data);
2948 break;
2949
2950 case L2CAP_CONF_RSP:
2951 err = l2cap_config_rsp(conn, cmd, data);
2952 break;
2953
2954 case L2CAP_DISCONN_REQ:
2955 err = l2cap_disconnect_req(conn, cmd, data);
2956 break;
2957
2958 case L2CAP_DISCONN_RSP:
2959 err = l2cap_disconnect_rsp(conn, cmd, data);
2960 break;
2961
2962 case L2CAP_ECHO_REQ:
2963 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
2964 break;
2965
2966 case L2CAP_ECHO_RSP:
2967 break;
2968
2969 case L2CAP_INFO_REQ:
2970 err = l2cap_information_req(conn, cmd, data);
2971 break;
2972
2973 case L2CAP_INFO_RSP:
2974 err = l2cap_information_rsp(conn, cmd, data);
2975 break;
2976
2977 default:
2978 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
2979 err = -EINVAL;
2980 break;
2981 }
2982
2983 return err;
2984}
2985
2986static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
2987 struct l2cap_cmd_hdr *cmd, u8 *data)
2988{
2989 switch (cmd->code) {
2990 case L2CAP_COMMAND_REJ:
2991 return 0;
2992
2993 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 2994 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 2995
2996 case L2CAP_CONN_PARAM_UPDATE_RSP:
2997 return 0;
2998
2999 default:
3000 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3001 return -EINVAL;
3002 }
3003}
3004
3005static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3006 struct sk_buff *skb)
1da177e4
LT		 3007{
3008 u8 *data = skb->data;
3009 int len = skb->len;
3010 struct l2cap_cmd_hdr cmd;
3300d9a9 3011 int err;
1da177e4
LT		 3012
3013 l2cap_raw_recv(conn, skb);
3014
3015 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3016 u16 cmd_len;
1da177e4
LT		 3017 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3018 data += L2CAP_CMD_HDR_SIZE;
3019 len -= L2CAP_CMD_HDR_SIZE;
3020
88219a0f 3021 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3022
88219a0f 3023 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3024
88219a0f 3025 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3026 BT_DBG("corrupted command");
3027 break;
3028 }
3029
3300d9a9
CT		 3030 if (conn->hcon->type == LE_LINK)
3031 err = l2cap_le_sig_cmd(conn, &cmd, data);
3032 else
3033 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3034
3035 if (err) {
e2fd318e 3036 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3037
3038 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3039
3040 /* FIXME: Map err to a valid reason */
e2fd318e 3041 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3042 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3043 }
3044
88219a0f
AV		 3045 data += cmd_len;
3046 len -= cmd_len;
1da177e4
LT		 3047 }
3048
3049 kfree_skb(skb);
3050}
3051
47d1ec61 3052static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3053{
3054 u16 our_fcs, rcv_fcs;
3055 int hdr_size = L2CAP_HDR_SIZE + 2;
3056
47d1ec61 3057 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 3058 skb_trim(skb, skb->len - 2);
3059 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3060 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3061
3062 if (our_fcs != rcv_fcs)
7a560e5c 3063 return -EBADMSG;
fcc203c3
GP		 3064 }
3065 return 0;
3066}
3067
525cd185 3068static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3069{
d5392c8f
GP		 3070 u16 control = 0;
3071
6a026610 3072 chan->frames_sent = 0;
d5392c8f 3073
42e5c802 3074 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
d5392c8f 3075
e2ab4353 3076 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
64988868 3077 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185 3078 l2cap_send_sframe(chan, control);
e2ab4353 3079 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3080 }
3081
e2ab4353 3082 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3083 l2cap_retransmit_frames(chan);
d5392c8f 3084
525cd185 3085 l2cap_ertm_send(chan);
d5392c8f 3086
e2ab4353 3087 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3088 chan->frames_sent == 0) {
d5392c8f 3089 control |= L2CAP_SUPER_RCV_READY;
525cd185 3090 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3091 }
3092}
3093
42e5c802 3094static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
8f17154f
GP		 3095{
3096 struct sk_buff *next_skb;
bfbacc11 3097 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3098
3099 bt_cb(skb)->tx_seq = tx_seq;
3100 bt_cb(skb)->sar = sar;
3101
f1c6775b 3102 next_skb = skb_peek(&chan->srej_q);
8f17154f 3103 if (!next_skb) {
f1c6775b 3104 __skb_queue_tail(&chan->srej_q, skb);
9b53350d 3105 return 0;
8f17154f
GP		 3106 }
3107
42e5c802 3108 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
bfbacc11
JPRV		 3109 if (tx_seq_offset < 0)
3110 tx_seq_offset += 64;
3111
8f17154f 3112 do {
9b53350d
JPRV		 3113 if (bt_cb(next_skb)->tx_seq == tx_seq)
3114 return -EINVAL;
3115
bfbacc11 3116 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
42e5c802 3117 chan->buffer_seq) % 64;
bfbacc11
JPRV		 3118 if (next_tx_seq_offset < 0)
3119 next_tx_seq_offset += 64;
3120
3121 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3122 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3123 return 0;
8f17154f
GP		 3124 }
3125
f1c6775b 3126 if (skb_queue_is_last(&chan->srej_q, next_skb))
8f17154f
GP		 3127 break;
3128
f1c6775b 3129 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
8f17154f 3130
f1c6775b 3131 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3132
3133 return 0;
8f17154f
GP		 3134}
3135
84084a31
MM		 3136static void append_skb_frag(struct sk_buff *skb,
3137 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3138{
84084a31
MM		 3139 /* skb->len reflects data in skb as well as all fragments
3140 * skb->data_len reflects only data in fragments
3141 */
3142 if (!skb_has_frag_list(skb))
3143 skb_shinfo(skb)->frag_list = new_frag;
3144
3145 new_frag->next = NULL;
3146
3147 (*last_frag)->next = new_frag;
3148 *last_frag = new_frag;
3149
3150 skb->len += new_frag->len;
3151 skb->data_len += new_frag->len;
3152 skb->truesize += new_frag->truesize;
3153}
3154
3155static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3156{
3157 int err = -EINVAL;
18778a63
GP		 3158
3159 switch (control & L2CAP_CTRL_SAR) {
3160 case L2CAP_SDU_UNSEGMENTED:
84084a31
MM		 3161 if (chan->sdu)
3162 break;
18778a63 3163
84084a31
MM		 3164 err = chan->ops->recv(chan->data, skb);
3165 break;
18778a63
GP		 3166
3167 case L2CAP_SDU_START:
84084a31
MM		 3168 if (chan->sdu)
3169 break;
18778a63 3170
6f61fd47 3171 chan->sdu_len = get_unaligned_le16(skb->data);
84084a31 3172 skb_pull(skb, 2);
18778a63 3173
84084a31
MM		 3174 if (chan->sdu_len > chan->imtu) {
3175 err = -EMSGSIZE;
3176 break;
3177 }
1890d36b 3178
84084a31
MM		 3179 if (skb->len >= chan->sdu_len)
3180 break;
18778a63 3181
84084a31
MM		 3182 chan->sdu = skb;
3183 chan->sdu_last_frag = skb;
18778a63 3184
84084a31
MM		 3185 skb = NULL;
3186 err = 0;
18778a63
GP		 3187 break;
3188
3189 case L2CAP_SDU_CONTINUE:
6f61fd47 3190 if (!chan->sdu)
84084a31 3191 break;
18778a63 3192
84084a31
MM		 3193 append_skb_frag(chan->sdu, skb,
3194 &chan->sdu_last_frag);
3195 skb = NULL;
18778a63 3196
84084a31
MM		 3197 if (chan->sdu->len >= chan->sdu_len)
3198 break;
4178ba46 3199
84084a31 3200 err = 0;
18778a63
GP		 3201 break;
3202
3203 case L2CAP_SDU_END:
6f61fd47 3204 if (!chan->sdu)
84084a31 3205 break;
18778a63 3206
84084a31
MM		 3207 append_skb_frag(chan->sdu, skb,
3208 &chan->sdu_last_frag);
3209 skb = NULL;
4178ba46 3210
84084a31
MM		 3211 if (chan->sdu->len != chan->sdu_len)
3212 break;
18778a63 3213
84084a31 3214 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3215
84084a31
MM		 3216 if (!err) {
3217 /* Reassembly complete */
3218 chan->sdu = NULL;
3219 chan->sdu_last_frag = NULL;
3220 chan->sdu_len = 0;
1890d36b 3221 }
18778a63
GP		 3222 break;
3223 }
3224
84084a31
MM		 3225 if (err) {
3226 kfree_skb(skb);
3227 kfree_skb(chan->sdu);
3228 chan->sdu = NULL;
3229 chan->sdu_last_frag = NULL;
3230 chan->sdu_len = 0;
3231 }
18778a63 3232
84084a31 3233 return err;
18778a63
GP		 3234}
3235
26f880d2 3236static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3237{
712132eb 3238 u16 control;
712132eb 3239
26f880d2 3240 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3241
26f880d2
MM		 3242 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3243
3244 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3245 control |= L2CAP_SUPER_RCV_NOT_READY;
3246 l2cap_send_sframe(chan, control);
3247
3248 set_bit(CONN_RNR_SENT, &chan->conn_state);
3249
3250 __clear_ack_timer(chan);
3251}
3252
3253static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3254{
3255 u16 control;
712132eb 3256
e2ab4353 3257 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3258 goto done;
3259
42e5c802 3260 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
712132eb 3261 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
525cd185 3262 l2cap_send_sframe(chan, control);
6a026610 3263 chan->retry_count = 1;
712132eb 3264
1a09bcb9
GP		 3265 __clear_retrans_timer(chan);
3266 __set_monitor_timer(chan);
712132eb 3267
e2ab4353 3268 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3269
3270done:
e2ab4353
GP		 3271 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3272 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3273
49208c9c 3274 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3275}
3276
e328140f 3277void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3278{
e328140f
MM		 3279 if (chan->mode == L2CAP_MODE_ERTM) {
3280 if (busy)
3281 l2cap_ertm_enter_local_busy(chan);
3282 else
3283 l2cap_ertm_exit_local_busy(chan);
1890d36b 3284 }
1890d36b
GP		 3285}
3286
525cd185 3287static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
8f17154f
GP		 3288{
3289 struct sk_buff *skb;
afefdbc4 3290 u16 control;
8f17154f 3291
e328140f
MM		 3292 while ((skb = skb_peek(&chan->srej_q)) &&
3293 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3294 int err;
3295
8f17154f
GP		 3296 if (bt_cb(skb)->tx_seq != tx_seq)
3297 break;
3298
f1c6775b 3299 skb = skb_dequeue(&chan->srej_q);
afefdbc4 3300 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
84084a31 3301 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3302
3303 if (err < 0) {
3304 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3305 break;
3306 }
3307
42e5c802
GP		 3308 chan->buffer_seq_srej =
3309 (chan->buffer_seq_srej + 1) % 64;
8ff50ec0 3310 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3311 }
3312}
3313
525cd185 3314static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3315{
8f17154f
GP		 3316 struct srej_list *l, *tmp;
3317 u16 control;
3318
39d5a3ee 3319 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3320 if (l->tx_seq == tx_seq) {
3321 list_del(&l->list);
3322 kfree(l);
3323 return;
3324 }
3325 control = L2CAP_SUPER_SELECT_REJECT;
3326 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3327 l2cap_send_sframe(chan, control);
8f17154f 3328 list_del(&l->list);
39d5a3ee 3329 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3330 }
3331}
3332
525cd185 3333static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3334{
8f17154f
GP		 3335 struct srej_list *new;
3336 u16 control;
3337
42e5c802 3338 while (tx_seq != chan->expected_tx_seq) {
8f17154f 3339 control = L2CAP_SUPER_SELECT_REJECT;
42e5c802 3340 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3341 l2cap_send_sframe(chan, control);
8f17154f
GP		 3342
3343 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
42e5c802
GP		 3344 new->tx_seq = chan->expected_tx_seq;
3345 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
39d5a3ee 3346 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3347 }
42e5c802 3348 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f
GP		 3349}
3350
525cd185 3351static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
1c2acffb 3352{
1c2acffb 3353 u8 tx_seq = __get_txseq(rx_control);
9f121a5a 3354 u8 req_seq = __get_reqseq(rx_control);
8f17154f 3355 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
f6337c77 3356 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3357 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3358 int err = 0;
3359
525cd185
GP		 3360 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3361 tx_seq, rx_control);
1c2acffb 3362
9b16dc65 3363 if (L2CAP_CTRL_FINAL & rx_control &&
e2ab4353 3364 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3365 __clear_monitor_timer(chan);
6a026610 3366 if (chan->unacked_frames > 0)
1a09bcb9 3367 __set_retrans_timer(chan);
e2ab4353 3368 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3369 }
3370
42e5c802
GP		 3371 chan->expected_ack_seq = req_seq;
3372 l2cap_drop_acked_frames(chan);
9f121a5a 3373
42e5c802 3374 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3375 if (tx_seq_offset < 0)
3376 tx_seq_offset += 64;
3377
3378 /* invalid tx_seq */
47d1ec61 3379 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3380 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3381 goto drop;
3382 }
3383
e2ab4353 3384 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1890d36b
GP		 3385 goto drop;
3386
02f1b641
MM		 3387 if (tx_seq == chan->expected_tx_seq)
3388 goto expected;
3389
e2ab4353 3390 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3391 struct srej_list *first;
30afb5b2 3392
39d5a3ee 3393 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3394 struct srej_list, list);
3395 if (tx_seq == first->tx_seq) {
42e5c802 3396 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3397 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3398
3399 list_del(&first->list);
3400 kfree(first);
3401
39d5a3ee 3402 if (list_empty(&chan->srej_l)) {
42e5c802 3403 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3404 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3405 l2cap_send_ack(chan);
49208c9c 3406 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3407 }
3408 } else {
3409 struct srej_list *l;
9b53350d
JPRV		 3410
3411 /* duplicated tx_seq */
42e5c802 3412 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3413 goto drop;
8f17154f 3414
39d5a3ee 3415 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3416 if (l->tx_seq == tx_seq) {
525cd185 3417 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3418 return 0;
3419 }
3420 }
525cd185 3421 l2cap_send_srejframe(chan, tx_seq);
30afb5b2
GP		 3422 }
3423 } else {
9b53350d 3424 expected_tx_seq_offset =
42e5c802 3425 (chan->expected_tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3426 if (expected_tx_seq_offset < 0)
3427 expected_tx_seq_offset += 64;
3428
3429 /* duplicated tx_seq */
3430 if (tx_seq_offset < expected_tx_seq_offset)
3431 goto drop;
3432
e2ab4353 3433 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3434
49208c9c 3435 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3436
39d5a3ee 3437 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3438 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3439
f1c6775b 3440 __skb_queue_head_init(&chan->srej_q);
42e5c802 3441 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3442
e2ab4353 3443 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 3444
525cd185 3445 l2cap_send_srejframe(chan, tx_seq);
7fe9b298 3446
1a09bcb9 3447 __clear_ack_timer(chan);
1c2acffb 3448 }
30afb5b2
GP		 3449 return 0;
3450
8f17154f 3451expected:
42e5c802 3452 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f 3453
e2ab4353 3454 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 3455 bt_cb(skb)->tx_seq = tx_seq;
3456 bt_cb(skb)->sar = sar;
f1c6775b 3457 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3458 return 0;
3459 }
3460
84084a31 3461 err = l2cap_reassemble_sdu(chan, skb, rx_control);
fadd192e 3462 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
e328140f
MM		 3463 if (err < 0) {
3464 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3465 return err;
3466 }
2ece3684 3467
4ec10d97 3468 if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3469 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3470 l2cap_retransmit_frames(chan);
4ec10d97
GP		 3471 }
3472
1a09bcb9 3473 __set_ack_timer(chan);
c1b4f43b 3474
6a026610
GP		 3475 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3476 if (chan->num_acked == num_to_ack - 1)
525cd185 3477 l2cap_send_ack(chan);
9e917af1 3478
8f17154f 3479 return 0;
9b53350d
JPRV		 3480
3481drop:
3482 kfree_skb(skb);
3483 return 0;
1c2acffb
GP		 3484}
3485
525cd185 3486static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
1c2acffb 3487{
49208c9c 3488 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
0e98958d
GP		 3489 rx_control);
3490
42e5c802
GP		 3491 chan->expected_ack_seq = __get_reqseq(rx_control);
3492 l2cap_drop_acked_frames(chan);
1c2acffb 3493
e072745f 3494 if (rx_control & L2CAP_CTRL_POLL) {
e2ab4353
GP		 3495 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3496 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3497 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3498 (chan->unacked_frames > 0))
1a09bcb9 3499 __set_retrans_timer(chan);
05fbd89d 3500
e2ab4353 3501 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 3502 l2cap_send_srejtail(chan);
05fbd89d 3503 } else {
525cd185 3504 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 3505 }
1d8f5d16 3506
e072745f 3507 } else if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3508 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 3509
e2ab4353 3510 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3511 l2cap_retransmit_frames(chan);
2246b2f1 3512
e072745f 3513 } else {
e2ab4353 3514 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3515 (chan->unacked_frames > 0))
1a09bcb9 3516 __set_retrans_timer(chan);
1c2acffb 3517
e2ab4353
GP		 3518 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
3519 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 3520 l2cap_send_ack(chan);
894718a6 3521 else
525cd185 3522 l2cap_ertm_send(chan);
e072745f
GP		 3523 }
3524}
2246b2f1 3525
525cd185 3526static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3527{
e072745f 3528 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3529
525cd185 3530 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3531
e2ab4353 3532 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 3533
42e5c802
GP		 3534 chan->expected_ack_seq = tx_seq;
3535 l2cap_drop_acked_frames(chan);
e072745f
GP		 3536
3537 if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3538 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3539 l2cap_retransmit_frames(chan);
e072745f 3540 } else {
525cd185 3541 l2cap_retransmit_frames(chan);
30afb5b2 3542
e2ab4353
GP		 3543 if (test_bit(CONN_WAIT_F, &chan->conn_state))
3544 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 3545 }
3546}
525cd185 3547static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3548{
e072745f 3549 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3550
525cd185 3551 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3552
e2ab4353 3553 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 3554
e072745f 3555 if (rx_control & L2CAP_CTRL_POLL) {
42e5c802
GP		 3556 chan->expected_ack_seq = tx_seq;
3557 l2cap_drop_acked_frames(chan);
3cb123d1 3558
e2ab4353 3559 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 3560 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 3561
525cd185 3562 l2cap_ertm_send(chan);
dfc909be 3563
e2ab4353 3564 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3565 chan->srej_save_reqseq = tx_seq;
e2ab4353 3566 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3567 }
e072745f 3568 } else if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3569 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 3570 chan->srej_save_reqseq == tx_seq)
e2ab4353 3571 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 3572 else
525cd185 3573 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 3574 } else {
525cd185 3575 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 3576 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3577 chan->srej_save_reqseq = tx_seq;
e2ab4353 3578 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3579 }
e072745f
GP		 3580 }
3581}
3582
525cd185 3583static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3584{
e072745f
GP		 3585 u8 tx_seq = __get_reqseq(rx_control);
3586
525cd185 3587 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3588
e2ab4353 3589 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 3590 chan->expected_ack_seq = tx_seq;
3591 l2cap_drop_acked_frames(chan);
e072745f 3592
3cb123d1 3593 if (rx_control & L2CAP_CTRL_POLL)
e2ab4353 3594 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 3595
e2ab4353 3596 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 3597 __clear_retrans_timer(chan);
a2e12a2a 3598 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3599 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 3600 return;
e072745f 3601 }
99b0d4b7
GP		 3602
3603 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3604 l2cap_send_srejtail(chan);
99b0d4b7 3605 else
525cd185 3606 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
e072745f
GP		 3607}
3608
525cd185 3609static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
e072745f 3610{
525cd185 3611 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
e072745f 3612
9b16dc65 3613 if (L2CAP_CTRL_FINAL & rx_control &&
e2ab4353 3614 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3615 __clear_monitor_timer(chan);
6a026610 3616 if (chan->unacked_frames > 0)
1a09bcb9 3617 __set_retrans_timer(chan);
e2ab4353 3618 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 3619 }
3620
3621 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3622 case L2CAP_SUPER_RCV_READY:
525cd185 3623 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 3624 break;
3625
e072745f 3626 case L2CAP_SUPER_REJECT:
525cd185 3627 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 3628 break;
2246b2f1 3629
e072745f 3630 case L2CAP_SUPER_SELECT_REJECT:
525cd185 3631 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 3632 break;
3633
3634 case L2CAP_SUPER_RCV_NOT_READY:
525cd185 3635 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 3636 break;
3637 }
3638
faaebd19 3639 kfree_skb(skb);
1c2acffb
GP		 3640 return 0;
3641}
3642
218bb9df
GP		 3643static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3644{
525cd185 3645 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
218bb9df
GP		 3646 u16 control;
3647 u8 req_seq;
3648 int len, next_tx_seq_offset, req_seq_offset;
3649
3650 control = get_unaligned_le16(skb->data);
3651 skb_pull(skb, 2);
3652 len = skb->len;
3653
3654 /*
3655 * We can just drop the corrupted I-frame here.
3656 * Receiver will miss it and start proper recovery
3657 * procedures and ask retransmission.
3658 */
47d1ec61 3659 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 3660 goto drop;
3661
3662 if (__is_sar_start(control) && __is_iframe(control))
3663 len -= 2;
3664
47d1ec61 3665 if (chan->fcs == L2CAP_FCS_CRC16)
218bb9df
GP		 3666 len -= 2;
3667
47d1ec61 3668 if (len > chan->mps) {
8c1d787b 3669 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3670 goto drop;
3671 }
3672
3673 req_seq = __get_reqseq(control);
42e5c802 3674 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3675 if (req_seq_offset < 0)
3676 req_seq_offset += 64;
3677
3678 next_tx_seq_offset =
42e5c802 3679 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3680 if (next_tx_seq_offset < 0)
3681 next_tx_seq_offset += 64;
3682
3683 /* check for invalid req-seq */
3684 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 3685 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3686 goto drop;
3687 }
3688
3689 if (__is_iframe(control)) {
3690 if (len < 0) {
8c1d787b 3691 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3692 goto drop;
3693 }
3694
525cd185 3695 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 3696 } else {
3697 if (len != 0) {
3698 BT_ERR("%d", len);
8c1d787b 3699 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3700 goto drop;
3701 }
3702
525cd185 3703 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 3704 }
3705
3706 return 0;
3707
3708drop:
3709 kfree_skb(skb);
3710 return 0;
3711}
3712
1da177e4
LT		 3713static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3714{
48454079 3715 struct l2cap_chan *chan;
bf734843 3716 struct sock *sk = NULL;
51893f88 3717 u16 control;
218bb9df
GP		 3718 u8 tx_seq;
3719 int len;
1da177e4 3720
baa7e1fa 3721 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 3722 if (!chan) {
1da177e4
LT		 3723 BT_DBG("unknown cid 0x%4.4x", cid);
3724 goto drop;
3725 }
3726
48454079 3727 sk = chan->sk;
6840ed07 3728
49208c9c 3729 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 3730
89bc500e 3731 if (chan->state != BT_CONNECTED)
1da177e4
LT		 3732 goto drop;
3733
0c1bc5c6 3734 switch (chan->mode) {
1c2acffb
GP		 3735 case L2CAP_MODE_BASIC:
3736 /* If socket recv buffers overflows we drop data here
3737 * which is *bad* because L2CAP has to be reliable.
3738 * But we don't have any other choice. L2CAP doesn't
3739 * provide flow control mechanism. */
1da177e4 3740
0c1bc5c6 3741 if (chan->imtu < skb->len)
1c2acffb 3742 goto drop;
1da177e4 3743
23070494 3744 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 3745 goto done;
3746 break;
3747
3748 case L2CAP_MODE_ERTM:
218bb9df
GP		 3749 if (!sock_owned_by_user(sk)) {
3750 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3751 } else {
218bb9df 3752 if (sk_add_backlog(sk, skb))
277ffbe3 3753 goto drop;
277ffbe3 3754 }
1c2acffb 3755
fcafde2e 3756 goto done;
1c2acffb 3757
6840ed07
GP		 3758 case L2CAP_MODE_STREAMING:
3759 control = get_unaligned_le16(skb->data);
3760 skb_pull(skb, 2);
3761 len = skb->len;
3762
47d1ec61 3763 if (l2cap_check_fcs(chan, skb))
26000089
GP		 3764 goto drop;
3765
6840ed07
GP		 3766 if (__is_sar_start(control))
3767 len -= 2;
3768
47d1ec61 3769 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 3770 len -= 2;
3771
47d1ec61 3772 if (len > chan->mps || len < 0 || __is_sframe(control))
6840ed07
GP		 3773 goto drop;
3774
3775 tx_seq = __get_txseq(control);
3776
84084a31
MM		 3777 if (chan->expected_tx_seq != tx_seq) {
3778 /* Frame(s) missing - must discard partial SDU */
3779 kfree_skb(chan->sdu);
3780 chan->sdu = NULL;
3781 chan->sdu_last_frag = NULL;
3782 chan->sdu_len = 0;
6840ed07 3783
84084a31
MM		 3784 /* TODO: Notify userland of missing data */
3785 }
3786
3787 chan->expected_tx_seq = (tx_seq + 1) % 64;
3788
3789 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
3790 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 3791
3792 goto done;
3793
1c2acffb 3794 default:
0c1bc5c6 3795 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 3796 break;
3797 }
1da177e4
LT		 3798
3799drop:
3800 kfree_skb(skb);
3801
3802done:
0139418c
MH		 3803 if (sk)
3804 bh_unlock_sock(sk);
3805
1da177e4
LT		 3806 return 0;
3807}
3808
8e036fc3 3809static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 3810{
6dcae1ea 3811 struct sock *sk = NULL;
23691d75 3812 struct l2cap_chan *chan;
1da177e4 3813
23691d75
GP		 3814 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3815 if (!chan)
1da177e4
LT		 3816 goto drop;
3817
23691d75
GP		 3818 sk = chan->sk;
3819
e0f0cb56
GP		 3820 bh_lock_sock(sk);
3821
1da177e4
LT		 3822 BT_DBG("sk %p, len %d", sk, skb->len);
3823
89bc500e 3824 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 3825 goto drop;
3826
e13e21dc 3827 if (chan->imtu < skb->len)
1da177e4
LT		 3828 goto drop;
3829
23070494 3830 if (!chan->ops->recv(chan->data, skb))
1da177e4
LT		 3831 goto done;
3832
3833drop:
3834 kfree_skb(skb);
3835
3836done:
af05b30b
GP		 3837 if (sk)
3838 bh_unlock_sock(sk);
1da177e4
LT		 3839 return 0;
3840}
3841
9f69bda6
GP		 3842static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3843{
6dcae1ea 3844 struct sock *sk = NULL;
23691d75 3845 struct l2cap_chan *chan;
9f69bda6 3846
23691d75
GP		 3847 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3848 if (!chan)
9f69bda6
GP		 3849 goto drop;
3850
23691d75
GP		 3851 sk = chan->sk;
3852
9f69bda6
GP		 3853 bh_lock_sock(sk);
3854
3855 BT_DBG("sk %p, len %d", sk, skb->len);
3856
89bc500e 3857 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 3858 goto drop;
3859
e13e21dc 3860 if (chan->imtu < skb->len)
9f69bda6
GP		 3861 goto drop;
3862
23070494 3863 if (!chan->ops->recv(chan->data, skb))
9f69bda6
GP		 3864 goto done;
3865
3866drop:
3867 kfree_skb(skb);
3868
3869done:
3870 if (sk)
3871 bh_unlock_sock(sk);
3872 return 0;
3873}
3874
1da177e4
LT		 3875static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3876{
3877 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3878 u16 cid, len;
3879 __le16 psm;
1da177e4
LT		 3880
3881 skb_pull(skb, L2CAP_HDR_SIZE);
3882 cid = __le16_to_cpu(lh->cid);
3883 len = __le16_to_cpu(lh->len);
3884
1c2acffb
GP		 3885 if (len != skb->len) {
3886 kfree_skb(skb);
3887 return;
3888 }
3889
1da177e4
LT		 3890 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3891
3892 switch (cid) {
3300d9a9 3893 case L2CAP_CID_LE_SIGNALING:
8db4dc46 3894 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3895 l2cap_sig_channel(conn, skb);
3896 break;
3897
8db4dc46 3898 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3899 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3900 skb_pull(skb, 2);
3901 l2cap_conless_channel(conn, psm, skb);
3902 break;
3903
9f69bda6
GP		 3904 case L2CAP_CID_LE_DATA:
3905 l2cap_att_channel(conn, cid, skb);
3906 break;
3907
b501d6a1
AB		 3908 case L2CAP_CID_SMP:
3909 if (smp_sig_channel(conn, skb))
3910 l2cap_conn_del(conn->hcon, EACCES);
3911 break;
3912
1da177e4
LT		 3913 default:
3914 l2cap_data_channel(conn, cid, skb);
3915 break;
3916 }
3917}
3918
3919/* ---- L2CAP interface with lower layer (HCI) ---- */
3920
3921static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3922{
3923 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 3924 struct l2cap_chan *c;
1da177e4
LT		 3925
3926 if (type != ACL_LINK)
963cf687 3927 return -EINVAL;
1da177e4
LT		 3928
3929 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3930
3931 /* Find listening sockets and check their link_mode */
23691d75
GP		 3932 read_lock(&chan_list_lock);
3933 list_for_each_entry(c, &chan_list, global_l) {
3934 struct sock *sk = c->sk;
4343478f 3935
89bc500e 3936 if (c->state != BT_LISTEN)
1da177e4
LT		 3937 continue;
3938
3939 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 3940 lm1 |= HCI_LM_ACCEPT;
23691d75 3941 if (c->role_switch)
2af6b9d5 3942 lm1 |= HCI_LM_MASTER;
1da177e4 3943 exact++;
2af6b9d5
MH		 3944 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3945 lm2 |= HCI_LM_ACCEPT;
23691d75 3946 if (c->role_switch)
2af6b9d5
MH		 3947 lm2 |= HCI_LM_MASTER;
3948 }
1da177e4 3949 }
23691d75 3950 read_unlock(&chan_list_lock);
1da177e4
LT		 3951
3952 return exact ? lm1 : lm2;
3953}
3954
3955static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3956{
0139418c
MH		 3957 struct l2cap_conn *conn;
3958
1da177e4
LT		 3959 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3960
acd7d370 3961 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 3962 return -EINVAL;
1da177e4
LT		 3963
3964 if (!status) {
1da177e4
LT		 3965 conn = l2cap_conn_add(hcon, status);
3966 if (conn)
3967 l2cap_conn_ready(conn);
0139418c 3968 } else
e175072f 3969 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 3970
3971 return 0;
3972}
3973
2950f21a
MH		 3974static int l2cap_disconn_ind(struct hci_conn *hcon)
3975{
3976 struct l2cap_conn *conn = hcon->l2cap_data;
3977
3978 BT_DBG("hcon %p", hcon);
3979
b5694506 3980 if ((hcon->type != ACL_LINK && hcon->type != LE_LINK) || !conn)
2950f21a
MH		 3981 return 0x13;
3982
3983 return conn->disc_reason;
3984}
3985
3986static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 3987{
3988 BT_DBG("hcon %p reason %d", hcon, reason);
3989
acd7d370 3990 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 3991 return -EINVAL;
1da177e4 3992
e175072f 3993 l2cap_conn_del(hcon, bt_to_errno(reason));
0139418c 3994
1da177e4
LT		 3995 return 0;
3996}
3997
4343478f 3998static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 3999{
715ec005 4000 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4001 return;
4002
f62e4323 4003 if (encrypt == 0x00) {
4343478f 4004 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675
GP		 4005 __clear_chan_timer(chan);
4006 __set_chan_timer(chan, HZ * 5);
4343478f 4007 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4008 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4009 } else {
4343478f 4010 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4011 __clear_chan_timer(chan);
f62e4323
MH		 4012 }
4013}
4014
8c1b2355 4015static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4016{
0139418c 4017 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4018 struct l2cap_chan *chan;
1da177e4 4019
0139418c 4020 if (!conn)
1da177e4 4021 return 0;
0139418c 4022
1da177e4
LT		 4023 BT_DBG("conn %p", conn);
4024
160dc6ac
VCG		 4025 if (hcon->type == LE_LINK) {
4026 smp_distribute_keys(conn, 0);
4027 del_timer(&conn->security_timer);
4028 }
4029
baa7e1fa 4030 read_lock(&conn->chan_lock);
1da177e4 4031
baa7e1fa 4032 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4033 struct sock *sk = chan->sk;
baa7e1fa 4034
1da177e4
LT		 4035 bh_lock_sock(sk);
4036
f1cb9af5
VCG		 4037 BT_DBG("chan->scid %d", chan->scid);
4038
4039 if (chan->scid == L2CAP_CID_LE_DATA) {
4040 if (!status && encrypt) {
4041 chan->sec_level = hcon->sec_level;
4042 l2cap_chan_ready(sk);
4043 }
4044
4045 bh_unlock_sock(sk);
4046 continue;
4047 }
4048
c1360a1c 4049 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6a8d3010
MH		 4050 bh_unlock_sock(sk);
4051 continue;
4052 }
4053
89bc500e
GP		 4054 if (!status && (chan->state == BT_CONNECTED ||
4055 chan->state == BT_CONFIG)) {
4343478f 4056 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4057 bh_unlock_sock(sk);
4058 continue;
4059 }
4060
89bc500e 4061 if (chan->state == BT_CONNECT) {
b1235d79
MH		 4062 if (!status) {
4063 struct l2cap_conn_req req;
fe4128e0
GP		 4064 req.scid = cpu_to_le16(chan->scid);
4065 req.psm = chan->psm;
1da177e4 4066
fc7f8a7e 4067 chan->ident = l2cap_get_ident(conn);
c1360a1c 4068 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4 4069
fc7f8a7e 4070 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4071 L2CAP_CONN_REQ, sizeof(req), &req);
4072 } else {
c9b66675
GP		 4073 __clear_chan_timer(chan);
4074 __set_chan_timer(chan, HZ / 10);
b1235d79 4075 }
89bc500e 4076 } else if (chan->state == BT_CONNECT2) {
b1235d79 4077 struct l2cap_conn_rsp rsp;
df3c3931 4078 __u16 res, stat;
1da177e4 4079
b1235d79 4080 if (!status) {
df3c3931
JH		 4081 if (bt_sk(sk)->defer_setup) {
4082 struct sock *parent = bt_sk(sk)->parent;
4083 res = L2CAP_CR_PEND;
4084 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4085 if (parent)
4086 parent->sk_data_ready(parent, 0);
df3c3931 4087 } else {
05558911 4088 l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4089 res = L2CAP_CR_SUCCESS;
4090 stat = L2CAP_CS_NO_INFO;
4091 }
b1235d79 4092 } else {
89bc500e 4093 l2cap_state_change(chan, BT_DISCONN);
c9b66675 4094 __set_chan_timer(chan, HZ / 10);
df3c3931
JH		 4095 res = L2CAP_CR_SEC_BLOCK;
4096 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4097 }
4098
fe4128e0
GP		 4099 rsp.scid = cpu_to_le16(chan->dcid);
4100 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4101 rsp.result = cpu_to_le16(res);
4102 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4103 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4104 sizeof(rsp), &rsp);
b1235d79 4105 }
1da177e4
LT		 4106
4107 bh_unlock_sock(sk);
4108 }
4109
baa7e1fa 4110 read_unlock(&conn->chan_lock);
b1235d79 4111
1da177e4
LT		 4112 return 0;
4113}
4114
4115static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4116{
4117 struct l2cap_conn *conn = hcon->l2cap_data;
4118
5a08ecce
AE		 4119 if (!conn)
4120 conn = l2cap_conn_add(hcon, 0);
4121
4122 if (!conn)
1da177e4
LT		 4123 goto drop;
4124
4125 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4126
e702112f 4127 if (!(flags & ACL_CONT)) {
1da177e4 4128 struct l2cap_hdr *hdr;
48454079 4129 struct l2cap_chan *chan;
89794813 4130 u16 cid;
1da177e4
LT		 4131 int len;
4132
4133 if (conn->rx_len) {
4134 BT_ERR("Unexpected start frame (len %d)", skb->len);
4135 kfree_skb(conn->rx_skb);
4136 conn->rx_skb = NULL;
4137 conn->rx_len = 0;
4138 l2cap_conn_unreliable(conn, ECOMM);
4139 }
4140
aae7fe22
AE		 4141 /* Start fragment always begin with Basic L2CAP header */
4142 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4143 BT_ERR("Frame is too short (len %d)", skb->len);
4144 l2cap_conn_unreliable(conn, ECOMM);
4145 goto drop;
4146 }
4147
4148 hdr = (struct l2cap_hdr *) skb->data;
4149 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4150 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4151
4152 if (len == skb->len) {
4153 /* Complete frame received */
4154 l2cap_recv_frame(conn, skb);
4155 return 0;
4156 }
4157
4158 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4159
4160 if (skb->len > len) {
4161 BT_ERR("Frame is too long (len %d, expected len %d)",
4162 skb->len, len);
4163 l2cap_conn_unreliable(conn, ECOMM);
4164 goto drop;
4165 }
4166
baa7e1fa 4167 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4168
48454079
GP		 4169 if (chan && chan->sk) {
4170 struct sock *sk = chan->sk;
89794813 4171
0c1bc5c6 4172 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4173 BT_ERR("Frame exceeding recv MTU (len %d, "
4174 "MTU %d)", len,
0c1bc5c6 4175 chan->imtu);
48454079
GP		 4176 bh_unlock_sock(sk);
4177 l2cap_conn_unreliable(conn, ECOMM);
4178 goto drop;
4179 }
89794813 4180 bh_unlock_sock(sk);
48454079 4181 }
89794813 4182
1da177e4 4183 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4184 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4185 if (!conn->rx_skb)
1da177e4
LT		 4186 goto drop;
4187
d626f62b 4188 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4189 skb->len);
1da177e4
LT		 4190 conn->rx_len = len - skb->len;
4191 } else {
4192 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4193
4194 if (!conn->rx_len) {
4195 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4196 l2cap_conn_unreliable(conn, ECOMM);
4197 goto drop;
4198 }
4199
4200 if (skb->len > conn->rx_len) {
4201 BT_ERR("Fragment is too long (len %d, expected %d)",
4202 skb->len, conn->rx_len);
4203 kfree_skb(conn->rx_skb);
4204 conn->rx_skb = NULL;
4205 conn->rx_len = 0;
4206 l2cap_conn_unreliable(conn, ECOMM);
4207 goto drop;
4208 }
4209
d626f62b 4210 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4211 skb->len);
1da177e4
LT		 4212 conn->rx_len -= skb->len;
4213
4214 if (!conn->rx_len) {
4215 /* Complete frame received */
4216 l2cap_recv_frame(conn, conn->rx_skb);
4217 conn->rx_skb = NULL;
4218 }
4219 }
4220
4221drop:
4222 kfree_skb(skb);
4223 return 0;
4224}
4225
aef7d97c 4226static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4227{
23691d75 4228 struct l2cap_chan *c;
1da177e4 4229
23691d75 4230 read_lock_bh(&chan_list_lock);
1da177e4 4231
23691d75
GP		 4232 list_for_each_entry(c, &chan_list, global_l) {
4233 struct sock *sk = c->sk;
101545f6 4234
903d343e 4235 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4236 batostr(&bt_sk(sk)->src),
4237 batostr(&bt_sk(sk)->dst),
89bc500e 4238 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4239 c->scid, c->dcid, c->imtu, c->omtu,
4240 c->sec_level, c->mode);
05558911 4241}
1da177e4 4242
23691d75 4243 read_unlock_bh(&chan_list_lock);
1da177e4 4244
aef7d97c 4245 return 0;
1da177e4
LT		 4246}
4247
aef7d97c
MH		 4248static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4249{
4250 return single_open(file, l2cap_debugfs_show, inode->i_private);
4251}
4252
4253static const struct file_operations l2cap_debugfs_fops = {
4254 .open = l2cap_debugfs_open,
4255 .read = seq_read,
4256 .llseek = seq_lseek,
4257 .release = single_release,
4258};
4259
4260static struct dentry *l2cap_debugfs;
1da177e4 4261
1da177e4
LT		 4262static struct hci_proto l2cap_hci_proto = {
4263 .name = "L2CAP",
4264 .id = HCI_PROTO_L2CAP,
4265 .connect_ind = l2cap_connect_ind,
4266 .connect_cfm = l2cap_connect_cfm,
4267 .disconn_ind = l2cap_disconn_ind,
2950f21a 4268 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 4269 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 4270 .recv_acldata = l2cap_recv_acldata
4271};
4272
64274518 4273int __init l2cap_init(void)
1da177e4
LT		 4274{
4275 int err;
be9d1227 4276
bb58f747 4277 err = l2cap_init_sockets();
1da177e4
LT		 4278 if (err < 0)
4279 return err;
4280
1da177e4
LT		 4281 err = hci_register_proto(&l2cap_hci_proto);
4282 if (err < 0) {
4283 BT_ERR("L2CAP protocol registration failed");
4284 bt_sock_unregister(BTPROTO_L2CAP);
4285 goto error;
4286 }
4287
aef7d97c
MH		 4288 if (bt_debugfs) {
4289 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4290 bt_debugfs, NULL, &l2cap_debugfs_fops);
4291 if (!l2cap_debugfs)
4292 BT_ERR("Failed to create L2CAP debug file");
4293 }
1da177e4 4294
1da177e4
LT		 4295 return 0;
4296
4297error:
bb58f747 4298 l2cap_cleanup_sockets();
1da177e4
LT		 4299 return err;
4300}
4301
64274518 4302void l2cap_exit(void)
1da177e4 4303{
aef7d97c 4304 debugfs_remove(l2cap_debugfs);
1da177e4 4305
1da177e4
LT		 4306 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4307 BT_ERR("L2CAP protocol unregistration failed");
4308
bb58f747 4309 l2cap_cleanup_sockets();
1da177e4
LT		 4310}
4311
d1c4a17d
GP		 4312module_param(disable_ertm, bool, 0644);
4313MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
a5fd6f30
AE		 4314
4315module_param(enable_hs, bool, 0644);
4316MODULE_PARM_DESC(enable_hs, "Enable High Speed");
kernel source for telekom puls (alcatel/mediatek)