projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor l2cap_ertm_send
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
422e925b 7 Copyright (c) 2012 Code Aurora Forum. All rights reserved.
1da177e4
LT		 8
9 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License version 2 as
13 published by the Free Software Foundation;
14
15 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
18 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 19 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
20 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
21 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 22 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23
8e87d142
YH		 24 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
25 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 26 SOFTWARE IS DISCLAIMED.
27*/
28
bb58f747 29/* Bluetooth L2CAP core. */
1da177e4 30
1da177e4
LT		 31#include <linux/module.h>
32
33#include <linux/types.h>
4fc268d2 34#include <linux/capability.h>
1da177e4
LT		 35#include <linux/errno.h>
36#include <linux/kernel.h>
1da177e4
LT		 37#include <linux/sched.h>
38#include <linux/slab.h>
39#include <linux/poll.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/interrupt.h>
43#include <linux/socket.h>
44#include <linux/skbuff.h>
1da177e4 45#include <linux/list.h>
be9d1227 46#include <linux/device.h>
aef7d97c
MH		 47#include <linux/debugfs.h>
48#include <linux/seq_file.h>
af05b30b 49#include <linux/uaccess.h>
fcc203c3 50#include <linux/crc16.h>
1da177e4
LT		 51#include <net/sock.h>
52
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
b191e031 60bool disable_ertm = 1;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
c5daa683 74 struct l2cap_chan *chan, int err);
1da177e4 75
608bcc6d
MM		 76static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
77 struct sk_buff_head *skbs, u8 event);
78
0139418c 79/* ---- L2CAP channels ---- */
71ba0e56 80
baa7e1fa 81static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 82{
3df91ea2 83 struct l2cap_chan *c;
3d57dc68 84
3df91ea2
AE		 85 list_for_each_entry(c, &conn->chan_l, list) {
86 if (c->dcid == cid)
87 return c;
0139418c 88 }
3df91ea2 89 return NULL;
0139418c
MH		 90}
91
baa7e1fa 92static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 93{
3df91ea2 94 struct l2cap_chan *c;
3d57dc68 95
3df91ea2
AE		 96 list_for_each_entry(c, &conn->chan_l, list) {
97 if (c->scid == cid)
98 return c;
0139418c 99 }
3df91ea2 100 return NULL;
0139418c
MH		 101}
102
103/* Find channel with given SCID.
ef191ade 104 * Returns locked channel. */
baa7e1fa 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 106{
48454079 107 struct l2cap_chan *c;
baa7e1fa 108
3df91ea2 109 mutex_lock(&conn->chan_lock);
baa7e1fa 110 c = __l2cap_get_chan_by_scid(conn, cid);
ef191ade
MM		 111 if (c)
112 l2cap_chan_lock(c);
3df91ea2
AE		 113 mutex_unlock(&conn->chan_lock);
114
48454079 115 return c;
0139418c
MH		 116}
117
baa7e1fa 118static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 119{
3df91ea2 120 struct l2cap_chan *c;
3d57dc68 121
3df91ea2
AE		 122 list_for_each_entry(c, &conn->chan_l, list) {
123 if (c->ident == ident)
124 return c;
0139418c 125 }
3df91ea2 126 return NULL;
0139418c
MH		 127}
128
23691d75 129static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 130{
23691d75 131 struct l2cap_chan *c;
9e4425ff 132
23691d75
GP		 133 list_for_each_entry(c, &chan_list, global_l) {
134 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 135 return c;
9e4425ff 136 }
250938cb 137 return NULL;
9e4425ff
GP		 138}
139
140int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
141{
73b2ec18
GP		 142 int err;
143
333055f2 144 write_lock(&chan_list_lock);
9e4425ff 145
23691d75 146 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 147 err = -EADDRINUSE;
148 goto done;
9e4425ff
GP		 149 }
150
73b2ec18
GP		 151 if (psm) {
152 chan->psm = psm;
153 chan->sport = psm;
154 err = 0;
155 } else {
156 u16 p;
157
158 err = -EINVAL;
159 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 160 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 161 chan->psm = cpu_to_le16(p);
162 chan->sport = cpu_to_le16(p);
163 err = 0;
164 break;
165 }
166 }
9e4425ff 167
73b2ec18 168done:
333055f2 169 write_unlock(&chan_list_lock);
73b2ec18 170 return err;
9e4425ff
GP		 171}
172
173int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
174{
333055f2 175 write_lock(&chan_list_lock);
9e4425ff
GP		 176
177 chan->scid = scid;
178
333055f2 179 write_unlock(&chan_list_lock);
9e4425ff
GP		 180
181 return 0;
182}
183
baa7e1fa 184static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 185{
8db4dc46 186 u16 cid = L2CAP_CID_DYN_START;
0139418c 187
8db4dc46 188 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 189 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 190 return cid;
191 }
192
193 return 0;
194}
195
0e587be7 196static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 197{
42d2d87c 198 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 199 state_to_string(state));
200
89bc500e
GP		 201 chan->state = state;
202 chan->ops->state_change(chan->data, state);
203}
204
0e587be7
AE		 205static void l2cap_state_change(struct l2cap_chan *chan, int state)
206{
207 struct sock *sk = chan->sk;
208
209 lock_sock(sk);
210 __l2cap_state_change(chan, state);
211 release_sock(sk);
212}
213
2e0052e4
AE		 214static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
215{
216 struct sock *sk = chan->sk;
217
218 sk->sk_err = err;
219}
220
221static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
222{
223 struct sock *sk = chan->sk;
224
225 lock_sock(sk);
226 __l2cap_chan_set_err(chan, err);
227 release_sock(sk);
228}
229
608bcc6d
MM		 230static struct sk_buff *l2cap_ertm_seq_in_queue(struct sk_buff_head *head,
231 u16 seq)
232{
233 struct sk_buff *skb;
234
235 skb_queue_walk(head, skb) {
236 if (bt_cb(skb)->control.txseq == seq)
237 return skb;
238 }
239
240 return NULL;
241}
242
3c588192
MM		 243/* ---- L2CAP sequence number lists ---- */
244
245/* For ERTM, ordered lists of sequence numbers must be tracked for
246 * SREJ requests that are received and for frames that are to be
247 * retransmitted. These seq_list functions implement a singly-linked
248 * list in an array, where membership in the list can also be checked
249 * in constant time. Items can also be added to the tail of the list
250 * and removed from the head in constant time, without further memory
251 * allocs or frees.
252 */
253
254static int l2cap_seq_list_init(struct l2cap_seq_list *seq_list, u16 size)
255{
256 size_t alloc_size, i;
257
258 /* Allocated size is a power of 2 to map sequence numbers
259 * (which may be up to 14 bits) in to a smaller array that is
260 * sized for the negotiated ERTM transmit windows.
261 */
262 alloc_size = roundup_pow_of_two(size);
263
264 seq_list->list = kmalloc(sizeof(u16) * alloc_size, GFP_KERNEL);
265 if (!seq_list->list)
266 return -ENOMEM;
267
268 seq_list->mask = alloc_size - 1;
269 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
270 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
271 for (i = 0; i < alloc_size; i++)
272 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
273
274 return 0;
275}
276
277static inline void l2cap_seq_list_free(struct l2cap_seq_list *seq_list)
278{
279 kfree(seq_list->list);
280}
281
282static inline bool l2cap_seq_list_contains(struct l2cap_seq_list *seq_list,
283 u16 seq)
284{
285 /* Constant-time check for list membership */
286 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR;
287}
288
289static u16 l2cap_seq_list_remove(struct l2cap_seq_list *seq_list, u16 seq)
290{
291 u16 mask = seq_list->mask;
292
293 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) {
294 /* In case someone tries to pop the head of an empty list */
295 return L2CAP_SEQ_LIST_CLEAR;
296 } else if (seq_list->head == seq) {
297 /* Head can be removed in constant time */
298 seq_list->head = seq_list->list[seq & mask];
299 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
300
301 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) {
302 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
303 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
304 }
305 } else {
306 /* Walk the list to find the sequence number */
307 u16 prev = seq_list->head;
308 while (seq_list->list[prev & mask] != seq) {
309 prev = seq_list->list[prev & mask];
310 if (prev == L2CAP_SEQ_LIST_TAIL)
311 return L2CAP_SEQ_LIST_CLEAR;
312 }
313
314 /* Unlink the number from the list and clear it */
315 seq_list->list[prev & mask] = seq_list->list[seq & mask];
316 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
317 if (seq_list->tail == seq)
318 seq_list->tail = prev;
319 }
320 return seq;
321}
322
323static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list)
324{
325 /* Remove the head in constant time */
326 return l2cap_seq_list_remove(seq_list, seq_list->head);
327}
328
329static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list)
330{
f522ae36 331 u16 i;
3c588192 332
f522ae36
GP		 333 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR)
334 return;
335
336 for (i = 0; i <= seq_list->mask; i++)
337 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
338
339 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
340 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
3c588192
MM		 341}
342
343static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
344{
345 u16 mask = seq_list->mask;
346
347 /* All appends happen in constant time */
348
f522ae36
GP		 349 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR)
350 return;
3c588192 351
f522ae36
GP		 352 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR)
353 seq_list->head = seq;
354 else
355 seq_list->list[seq_list->tail & mask] = seq;
356
357 seq_list->tail = seq;
358 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL;
3c588192
MM		 359}
360
721c4181 361static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 362{
721c4181
GP		 363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work);
3df91ea2 365 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 366 int reason;
367
e05dcc32 368 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 369
3df91ea2 370 mutex_lock(&conn->chan_lock);
6be36555 371 l2cap_chan_lock(chan);
ab07801d 372
89bc500e 373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 374 reason = ECONNREFUSED;
89bc500e 375 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 376 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED;
378 else
379 reason = ETIMEDOUT;
380
0f852724 381 l2cap_chan_close(chan, reason);
ab07801d 382
6be36555 383 l2cap_chan_unlock(chan);
ab07801d 384
ba3bd0ee 385 chan->ops->close(chan->data);
3df91ea2
AE		 386 mutex_unlock(&conn->chan_lock);
387
371fd835 388 l2cap_chan_put(chan);
ab07801d
GP		 389}
390
eef1d9b6 391struct l2cap_chan *l2cap_chan_create(void)
48454079
GP		 392{
393 struct l2cap_chan *chan;
394
395 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
396 if (!chan)
397 return NULL;
398
c03b355e
AE		 399 mutex_init(&chan->lock);
400
333055f2 401 write_lock(&chan_list_lock);
23691d75 402 list_add(&chan->global_l, &chan_list);
333055f2 403 write_unlock(&chan_list_lock);
23691d75 404
721c4181 405 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 406
89bc500e
GP		 407 chan->state = BT_OPEN;
408
71ba0e56
GP		 409 atomic_set(&chan->refcnt, 1);
410
2827011f
MM		 411 /* This flag is cleared in l2cap_chan_ready() */
412 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
413
eef1d9b6 414 BT_DBG("chan %p", chan);
abc545b8 415
48454079
GP		 416 return chan;
417}
418
23691d75 419void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 420{
333055f2 421 write_lock(&chan_list_lock);
23691d75 422 list_del(&chan->global_l);
333055f2 423 write_unlock(&chan_list_lock);
23691d75 424
371fd835 425 l2cap_chan_put(chan);
6ff5abbf
GP		 426}
427
bd4b1653
AE		 428void l2cap_chan_set_defaults(struct l2cap_chan *chan)
429{
430 chan->fcs = L2CAP_FCS_CRC16;
431 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
434 chan->sec_level = BT_SECURITY_LOW;
435
436 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
437}
438
14a28491 439static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 440{
af05b30b 441 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
097db76c 442 __le16_to_cpu(chan->psm), chan->dcid);
0139418c 443
9f5a0d7b 444 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 445
8c1d787b 446 chan->conn = conn;
0139418c 447
5491120e
AE		 448 switch (chan->chan_type) {
449 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 450 if (conn->hcon->type == LE_LINK) {
451 /* LE connection */
0c1bc5c6 452 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 453 chan->scid = L2CAP_CID_LE_DATA;
454 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 455 } else {
456 /* Alloc CID for connection-oriented socket */
fe4128e0 457 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 458 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 459 }
5491120e
AE		 460 break;
461
462 case L2CAP_CHAN_CONN_LESS:
0139418c 463 /* Connectionless socket */
fe4128e0
GP		 464 chan->scid = L2CAP_CID_CONN_LESS;
465 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 466 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 467 break;
468
469 default:
0139418c 470 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 471 chan->scid = L2CAP_CID_SIGNALING;
472 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 473 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 474 }
475
8f7975b1
AE		 476 chan->local_id = L2CAP_BESTEFFORT_ID;
477 chan->local_stype = L2CAP_SERV_BESTEFFORT;
478 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
479 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
480 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
481 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
482
371fd835 483 l2cap_chan_hold(chan);
baa7e1fa 484
3df91ea2 485 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 486}
487
14a28491 488static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
643162a8
AE		 489{
490 mutex_lock(&conn->chan_lock);
491 __l2cap_chan_add(conn, chan);
3df91ea2 492 mutex_unlock(&conn->chan_lock);
0139418c
MH		 493}
494
4519de9a 495static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 496{
48454079 497 struct sock *sk = chan->sk;
8c1d787b 498 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 499 struct sock *parent = bt_sk(sk)->parent;
500
c9b66675 501 __clear_chan_timer(chan);
0139418c 502
49208c9c 503 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 504
8e87d142 505 if (conn) {
baa7e1fa 506 /* Delete from channel list */
3df91ea2 507 list_del(&chan->list);
3d57dc68 508
371fd835 509 l2cap_chan_put(chan);
baa7e1fa 510
8c1d787b 511 chan->conn = NULL;
0139418c
MH		 512 hci_conn_put(conn->hcon);
513 }
514
6be36555
AE		 515 lock_sock(sk);
516
0e587be7 517 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 518 sock_set_flag(sk, SOCK_ZAPPED);
519
520 if (err)
2e0052e4 521 __l2cap_chan_set_err(chan, err);
0139418c
MH		 522
523 if (parent) {
524 bt_accept_unlink(sk);
525 parent->sk_data_ready(parent, 0);
526 } else
527 sk->sk_state_change(sk);
c13ffa62 528
6be36555
AE		 529 release_sock(sk);
530
2827011f 531 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
6ff5abbf 532 return;
2ead70b8 533
58d35f87 534 skb_queue_purge(&chan->tx_q);
c13ffa62 535
0c1bc5c6 536 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 537 struct srej_list *l, *tmp;
538
1a09bcb9
GP		 539 __clear_retrans_timer(chan);
540 __clear_monitor_timer(chan);
541 __clear_ack_timer(chan);
c13ffa62 542
f1c6775b 543 skb_queue_purge(&chan->srej_q);
c13ffa62 544
3c588192
MM		 545 l2cap_seq_list_free(&chan->srej_list);
546 l2cap_seq_list_free(&chan->retrans_list);
39d5a3ee 547 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 548 list_del(&l->list);
549 kfree(l);
550 }
551 }
0139418c
MH		 552}
553
4519de9a
GP		 554static void l2cap_chan_cleanup_listen(struct sock *parent)
555{
556 struct sock *sk;
557
558 BT_DBG("parent %p", parent);
559
560 /* Close not yet accepted channels */
0f852724 561 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 562 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 563
6be36555 564 l2cap_chan_lock(chan);
c9b66675 565 __clear_chan_timer(chan);
ba3bd0ee 566 l2cap_chan_close(chan, ECONNRESET);
6be36555 567 l2cap_chan_unlock(chan);
3df91ea2 568
ba3bd0ee 569 chan->ops->close(chan->data);
0f852724 570 }
4519de9a
GP		 571}
572
0f852724 573void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 574{
575 struct l2cap_conn *conn = chan->conn;
576 struct sock *sk = chan->sk;
577
e05dcc32
AE		 578 BT_DBG("chan %p state %s sk %p", chan,
579 state_to_string(chan->state), sk);
4519de9a 580
89bc500e 581 switch (chan->state) {
4519de9a 582 case BT_LISTEN:
6be36555 583 lock_sock(sk);
4519de9a 584 l2cap_chan_cleanup_listen(sk);
89bc500e 585
0e587be7 586 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 587 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 588 release_sock(sk);
4519de9a
GP		 589 break;
590
591 case BT_CONNECTED:
592 case BT_CONFIG:
715ec005 593 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 594 conn->hcon->type == ACL_LINK) {
c9b66675 595 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 596 l2cap_send_disconn_req(conn, chan, reason);
597 } else
598 l2cap_chan_del(chan, reason);
599 break;
600
601 case BT_CONNECT2:
715ec005 602 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 603 conn->hcon->type == ACL_LINK) {
604 struct l2cap_conn_rsp rsp;
605 __u16 result;
606
c5daa683 607 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
4519de9a
GP		 608 result = L2CAP_CR_SEC_BLOCK;
609 else
610 result = L2CAP_CR_BAD_PSM;
89bc500e 611 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 612
613 rsp.scid = cpu_to_le16(chan->dcid);
614 rsp.dcid = cpu_to_le16(chan->scid);
615 rsp.result = cpu_to_le16(result);
616 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
617 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
618 sizeof(rsp), &rsp);
619 }
620
621 l2cap_chan_del(chan, reason);
622 break;
623
624 case BT_CONNECT:
625 case BT_DISCONN:
626 l2cap_chan_del(chan, reason);
627 break;
628
629 default:
6be36555 630 lock_sock(sk);
4519de9a 631 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 632 release_sock(sk);
4519de9a
GP		 633 break;
634 }
635}
636
4343478f 637static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 638{
715ec005 639 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 640 switch (chan->sec_level) {
8556edd3
JH		 641 case BT_SECURITY_HIGH:
642 return HCI_AT_DEDICATED_BONDING_MITM;
643 case BT_SECURITY_MEDIUM:
644 return HCI_AT_DEDICATED_BONDING;
645 default:
646 return HCI_AT_NO_BONDING;
647 }
fe4128e0 648 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 649 if (chan->sec_level == BT_SECURITY_LOW)
650 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 651
4343478f 652 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 653 return HCI_AT_NO_BONDING_MITM;
00ae4af9 654 else
8556edd3 655 return HCI_AT_NO_BONDING;
00ae4af9 656 } else {
4343478f 657 switch (chan->sec_level) {
00ae4af9 658 case BT_SECURITY_HIGH:
8556edd3 659 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 660 case BT_SECURITY_MEDIUM:
8556edd3 661 return HCI_AT_GENERAL_BONDING;
00ae4af9 662 default:
8556edd3 663 return HCI_AT_NO_BONDING;
00ae4af9 664 }
0684e5f9 665 }
8556edd3
JH		 666}
667
668/* Service level security */
d45fc423 669int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 670{
8c1d787b 671 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 672 __u8 auth_type;
673
4343478f 674 auth_type = l2cap_get_auth_type(chan);
79d554a6 675
4343478f 676 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 677}
678
b5ad8b7f 679static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 680{
681 u8 id;
682
683 /* Get next available identificator.
684 * 1 - 128 are used by kernel.
685 * 129 - 199 are reserved.
686 * 200 - 254 are used by utilities like l2ping, etc.
687 */
688
333055f2 689 spin_lock(&conn->lock);
4e8402a3
MH		 690
691 if (++conn->tx_ident > 128)
692 conn->tx_ident = 1;
693
694 id = conn->tx_ident;
695
333055f2 696 spin_unlock(&conn->lock);
4e8402a3
MH		 697
698 return id;
699}
700
4519de9a 701static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 702{
703 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 704 u8 flags;
4e8402a3
MH		 705
706 BT_DBG("code 0x%2.2x", code);
707
708 if (!skb)
9a9c6a34 709 return;
4e8402a3 710
e702112f
AE		 711 if (lmp_no_flush_capable(conn->hcon->hdev))
712 flags = ACL_START_NO_FLUSH;
713 else
714 flags = ACL_START;
715
14b12d0b 716 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 717 skb->priority = HCI_PRIO_MAX;
14b12d0b 718
73d80deb
LAD		 719 hci_send_acl(conn->hchan, skb, flags);
720}
721
722static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
723{
724 struct hci_conn *hcon = chan->conn->hcon;
725 u16 flags;
726
727 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
728 skb->priority);
729
730 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
731 lmp_no_flush_capable(hcon->hdev))
732 flags = ACL_START_NO_FLUSH;
733 else
734 flags = ACL_START;
14b12d0b 735
73d80deb
LAD		 736 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
737 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 738}
739
b76bbd66
MM		 740static void __unpack_enhanced_control(u16 enh, struct l2cap_ctrl *control)
741{
742 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT;
743 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT;
744
745 if (enh & L2CAP_CTRL_FRAME_TYPE) {
746 /* S-Frame */
747 control->sframe = 1;
748 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT;
749 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT;
750
751 control->sar = 0;
752 control->txseq = 0;
753 } else {
754 /* I-Frame */
755 control->sframe = 0;
756 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT;
757 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT;
758
759 control->poll = 0;
760 control->super = 0;
761 }
762}
763
b76bbd66
MM		 764static void __unpack_extended_control(u32 ext, struct l2cap_ctrl *control)
765{
766 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT;
767 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT;
768
769 if (ext & L2CAP_EXT_CTRL_FRAME_TYPE) {
770 /* S-Frame */
771 control->sframe = 1;
772 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT;
773 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT;
774
775 control->sar = 0;
776 control->txseq = 0;
777 } else {
778 /* I-Frame */
779 control->sframe = 0;
780 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT;
781 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT;
782
783 control->poll = 0;
784 control->super = 0;
785 }
786}
787
788static inline void __unpack_control(struct l2cap_chan *chan,
789 struct sk_buff *skb)
790{
791 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
792 __unpack_extended_control(get_unaligned_le32(skb->data),
793 &bt_cb(skb)->control);
794 } else {
795 __unpack_enhanced_control(get_unaligned_le16(skb->data),
796 &bt_cb(skb)->control);
797 }
798}
799
b5c6aaed
MM		 800static u32 __pack_extended_control(struct l2cap_ctrl *control)
801{
802 u32 packed;
803
804 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT;
805 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT;
806
807 if (control->sframe) {
808 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT;
809 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT;
810 packed |= L2CAP_EXT_CTRL_FRAME_TYPE;
811 } else {
812 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT;
813 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT;
814 }
815
816 return packed;
817}
818
819static u16 __pack_enhanced_control(struct l2cap_ctrl *control)
820{
821 u16 packed;
822
823 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT;
824 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT;
825
826 if (control->sframe) {
827 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT;
828 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT;
829 packed |= L2CAP_CTRL_FRAME_TYPE;
830 } else {
831 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT;
832 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT;
833 }
834
835 return packed;
836}
837
b76bbd66
MM		 838static inline void __pack_control(struct l2cap_chan *chan,
839 struct l2cap_ctrl *control,
840 struct sk_buff *skb)
841{
842 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
843 put_unaligned_le32(__pack_extended_control(control),
844 skb->data + L2CAP_HDR_SIZE);
845 } else {
846 put_unaligned_le16(__pack_enhanced_control(control),
847 skb->data + L2CAP_HDR_SIZE);
848 }
849}
850
b5c6aaed
MM		 851static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
852{
853 struct sk_buff *skb;
854 struct l2cap_hdr *lh;
855 struct l2cap_conn *conn = chan->conn;
856 int count, hlen;
857
858 if (chan->state != BT_CONNECTED)
859 return;
860
861 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
862 hlen = L2CAP_EXT_HDR_SIZE;
863 else
864 hlen = L2CAP_ENH_HDR_SIZE;
865
866 if (chan->fcs == L2CAP_FCS_CRC16)
867 hlen += L2CAP_FCS_SIZE;
868
869 BT_DBG("chan %p, control 0x%8.8x", chan, control);
870
871 count = min_t(unsigned int, conn->mtu, hlen);
872
873 control |= __set_sframe(chan);
874
875 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
876 control |= __set_ctrl_final(chan);
877
878 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
879 control |= __set_ctrl_poll(chan);
880
881 skb = bt_skb_alloc(count, GFP_ATOMIC);
882 if (!skb)
883 return;
884
885 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
886 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
887 lh->cid = cpu_to_le16(chan->dcid);
888
889 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
890
891 if (chan->fcs == L2CAP_FCS_CRC16) {
892 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
893 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
894 }
895
896 skb->priority = HCI_PRIO_MAX;
897 l2cap_do_send(chan, skb);
898}
899
900static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
901{
902 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
903 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
904 set_bit(CONN_RNR_SENT, &chan->conn_state);
905 } else
906 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
907
908 control |= __set_reqseq(chan, chan->buffer_seq);
909
910 l2cap_send_sframe(chan, control);
911}
912
b4450035 913static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 914{
c1360a1c 915 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 916}
917
9b27f350
AE		 918static void l2cap_send_conn_req(struct l2cap_chan *chan)
919{
920 struct l2cap_conn *conn = chan->conn;
921 struct l2cap_conn_req req;
922
923 req.scid = cpu_to_le16(chan->scid);
924 req.psm = chan->psm;
925
926 chan->ident = l2cap_get_ident(conn);
927
928 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
929
930 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
931}
932
9f0caeb1
VCG		 933static void l2cap_chan_ready(struct l2cap_chan *chan)
934{
935 struct sock *sk = chan->sk;
936 struct sock *parent;
937
938 lock_sock(sk);
939
940 parent = bt_sk(sk)->parent;
941
942 BT_DBG("sk %p, parent %p", sk, parent);
943
2827011f 944 /* This clears all conf flags, including CONF_NOT_COMPLETE */
9f0caeb1
VCG		 945 chan->conf_state = 0;
946 __clear_chan_timer(chan);
947
948 __l2cap_state_change(chan, BT_CONNECTED);
949 sk->sk_state_change(sk);
950
951 if (parent)
952 parent->sk_data_ready(parent, 0);
953
954 release_sock(sk);
955}
956
fc7f8a7e 957static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 958{
8c1d787b 959 struct l2cap_conn *conn = chan->conn;
79d554a6 960
9f0caeb1
VCG		 961 if (conn->hcon->type == LE_LINK) {
962 l2cap_chan_ready(chan);
963 return;
964 }
965
79d554a6 966 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 967 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
968 return;
969
d45fc423 970 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 971 __l2cap_no_conn_pending(chan))
972 l2cap_send_conn_req(chan);
79d554a6
MH		 973 } else {
974 struct l2cap_info_req req;
975 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
976
977 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
978 conn->info_ident = l2cap_get_ident(conn);
979
ba13ccd9 980 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 981
982 l2cap_send_cmd(conn, conn->info_ident,
983 L2CAP_INFO_REQ, sizeof(req), &req);
984 }
985}
986
cf6c2c0b
GP		 987static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
988{
989 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 990 if (!disable_ertm)
cf6c2c0b
GP		 991 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
992
993 switch (mode) {
994 case L2CAP_MODE_ERTM:
995 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
996 case L2CAP_MODE_STREAMING:
997 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
998 default:
999 return 0x00;
1000 }
1001}
1002
4519de9a 1003static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 1004{
6be36555 1005 struct sock *sk = chan->sk;
22121fc9
GP		 1006 struct l2cap_disconn_req req;
1007
c13ffa62
GP		 1008 if (!conn)
1009 return;
1010
0c1bc5c6 1011 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 1012 __clear_retrans_timer(chan);
1013 __clear_monitor_timer(chan);
1014 __clear_ack_timer(chan);
c13ffa62
GP		 1015 }
1016
fe4128e0
GP		 1017 req.dcid = cpu_to_le16(chan->dcid);
1018 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 1019 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1020 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 1021
6be36555 1022 lock_sock(sk);
0e587be7 1023 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 1024 __l2cap_chan_set_err(chan, err);
6be36555 1025 release_sock(sk);
22121fc9
GP		 1026}
1027
1da177e4 1028/* ---- L2CAP connections ---- */
4e8402a3
MH		 1029static void l2cap_conn_start(struct l2cap_conn *conn)
1030{
3df91ea2 1031 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 1032
1033 BT_DBG("conn %p", conn);
1034
3df91ea2 1035 mutex_lock(&conn->chan_lock);
4e8402a3 1036
3df91ea2 1037 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 1038 struct sock *sk = chan->sk;
baa7e1fa 1039
6be36555 1040 l2cap_chan_lock(chan);
4e8402a3 1041
715ec005 1042 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1043 l2cap_chan_unlock(chan);
79d554a6
MH		 1044 continue;
1045 }
1046
89bc500e 1047 if (chan->state == BT_CONNECT) {
d45fc423 1048 if (!l2cap_chan_check_security(chan) ||
b4450035 1049 !__l2cap_no_conn_pending(chan)) {
6be36555 1050 l2cap_chan_unlock(chan);
47731de7
GP		 1051 continue;
1052 }
79d554a6 1053
c1360a1c
GP		 1054 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1055 && test_bit(CONF_STATE2_DEVICE,
1056 &chan->conf_state)) {
89bc500e 1057 l2cap_chan_close(chan, ECONNRESET);
6be36555 1058 l2cap_chan_unlock(chan);
47731de7 1059 continue;
b1235d79 1060 }
47731de7 1061
9b27f350 1062 l2cap_send_conn_req(chan);
47731de7 1063
89bc500e 1064 } else if (chan->state == BT_CONNECT2) {
79d554a6 1065 struct l2cap_conn_rsp rsp;
e9aeb2dd 1066 char buf[128];
fe4128e0
GP		 1067 rsp.scid = cpu_to_le16(chan->dcid);
1068 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 1069
d45fc423 1070 if (l2cap_chan_check_security(chan)) {
6be36555 1071 lock_sock(sk);
c5daa683
GP		 1072 if (test_bit(BT_SK_DEFER_SETUP,
1073 &bt_sk(sk)->flags)) {
f66dc81f
MH		 1074 struct sock *parent = bt_sk(sk)->parent;
1075 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1076 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 1077 if (parent)
1078 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 1079
1080 } else {
0e587be7 1081 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 1082 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1083 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1084 }
6be36555 1085 release_sock(sk);
79d554a6
MH		 1086 } else {
1087 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1088 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
1089 }
1090
fc7f8a7e
GP		 1091 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1092 sizeof(rsp), &rsp);
e9aeb2dd 1093
c1360a1c 1094 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 1095 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 1096 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 1097 continue;
1098 }
1099
c1360a1c 1100 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 1101 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 1102 l2cap_build_conf_req(chan, buf), buf);
1103 chan->num_conf_req++;
4e8402a3
MH		 1104 }
1105
6be36555 1106 l2cap_chan_unlock(chan);
4e8402a3
MH		 1107 }
1108
3df91ea2 1109 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1110}
1111
c2287681 1112/* Find socket with cid and source/destination bdaddr.
b62f328b
VT		 1113 * Returns closest match, locked.
1114 */
d9b88702 1115static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
c2287681
IY		 1116 bdaddr_t *src,
1117 bdaddr_t *dst)
b62f328b 1118{
23691d75 1119 struct l2cap_chan *c, *c1 = NULL;
b62f328b 1120
23691d75 1121 read_lock(&chan_list_lock);
b62f328b 1122
23691d75
GP		 1123 list_for_each_entry(c, &chan_list, global_l) {
1124 struct sock *sk = c->sk;
fe4128e0 1125
89bc500e 1126 if (state && c->state != state)
b62f328b
VT		 1127 continue;
1128
23691d75 1129 if (c->scid == cid) {
c2287681
IY		 1130 int src_match, dst_match;
1131 int src_any, dst_any;
1132
b62f328b 1133 /* Exact match. */
c2287681
IY		 1134 src_match = !bacmp(&bt_sk(sk)->src, src);
1135 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1136 if (src_match && dst_match) {
23691d75
GP		 1137 read_unlock(&chan_list_lock);
1138 return c;
1139 }
b62f328b
VT		 1140
1141 /* Closest match */
c2287681
IY		 1142 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1143 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1144 if ((src_match && dst_any) || (src_any && dst_match) ||
1145 (src_any && dst_any))
23691d75 1146 c1 = c;
b62f328b
VT		 1147 }
1148 }
280f294f 1149
23691d75 1150 read_unlock(&chan_list_lock);
b62f328b 1151
23691d75 1152 return c1;
b62f328b
VT		 1153}
1154
1155static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1156{
c916fbe4 1157 struct sock *parent, *sk;
23691d75 1158 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 1159
1160 BT_DBG("");
1161
1162 /* Check if we have socket listening on cid */
23691d75 1163 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
c2287681 1164 conn->src, conn->dst);
23691d75 1165 if (!pchan)
b62f328b
VT		 1166 return;
1167
23691d75
GP		 1168 parent = pchan->sk;
1169
aa2ac881 1170 lock_sock(parent);
62f3a2cf 1171
b62f328b
VT		 1172 /* Check for backlog size */
1173 if (sk_acceptq_is_full(parent)) {
1174 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1175 goto clean;
1176 }
1177
80808e43
GP		 1178 chan = pchan->ops->new_connection(pchan->data);
1179 if (!chan)
b62f328b
VT		 1180 goto clean;
1181
80808e43 1182 sk = chan->sk;
5d41ce1d 1183
b62f328b
VT		 1184 hci_conn_hold(conn->hcon);
1185
b62f328b
VT		 1186 bacpy(&bt_sk(sk)->src, conn->src);
1187 bacpy(&bt_sk(sk)->dst, conn->dst);
1188
d1010240
GP		 1189 bt_accept_enqueue(parent, sk);
1190
3d57dc68 1191 l2cap_chan_add(conn, chan);
48454079 1192
c9b66675 1193 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 1194
0e587be7 1195 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 1196 parent->sk_data_ready(parent, 0);
1197
b62f328b 1198clean:
aa2ac881 1199 release_sock(parent);
b62f328b
VT		 1200}
1201
4e8402a3
MH		 1202static void l2cap_conn_ready(struct l2cap_conn *conn)
1203{
48454079 1204 struct l2cap_chan *chan;
4e8402a3 1205
79d554a6 1206 BT_DBG("conn %p", conn);
4e8402a3 1207
b62f328b
VT		 1208 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
1209 l2cap_le_conn_ready(conn);
1210
160dc6ac
VCG		 1211 if (conn->hcon->out && conn->hcon->type == LE_LINK)
1212 smp_conn_security(conn, conn->hcon->pending_sec_level);
1213
3df91ea2 1214 mutex_lock(&conn->chan_lock);
4e8402a3 1215
3df91ea2 1216 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 1217
6be36555 1218 l2cap_chan_lock(chan);
4e8402a3 1219
63128451 1220 if (conn->hcon->type == LE_LINK) {
b501d6a1 1221 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 1222 l2cap_chan_ready(chan);
acd7d370 1223
63128451 1224 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1225 struct sock *sk = chan->sk;
c9b66675 1226 __clear_chan_timer(chan);
6be36555 1227 lock_sock(sk);
0e587be7 1228 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1229 sk->sk_state_change(sk);
6be36555 1230 release_sock(sk);
b501d6a1 1231
89bc500e 1232 } else if (chan->state == BT_CONNECT)
fc7f8a7e 1233 l2cap_do_start(chan);
4e8402a3 1234
6be36555 1235 l2cap_chan_unlock(chan);
4e8402a3 1236 }
79d554a6 1237
3df91ea2 1238 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1239}
1240
1241/* Notify sockets that we cannot guaranty reliability anymore */
1242static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1243{
48454079 1244 struct l2cap_chan *chan;
4e8402a3
MH		 1245
1246 BT_DBG("conn %p", conn);
1247
3df91ea2 1248 mutex_lock(&conn->chan_lock);
4e8402a3 1249
3df91ea2 1250 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 1251 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 1252 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 1253 }
1254
3df91ea2 1255 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1256}
1257
f878fcad 1258static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 1259{
f878fcad 1260 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1261 info_timer.work);
4e8402a3 1262
984947dc 1263 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1264 conn->info_ident = 0;
984947dc 1265
4e8402a3
MH		 1266 l2cap_conn_start(conn);
1267}
1268
5d3de7df
VCG		 1269static void l2cap_conn_del(struct hci_conn *hcon, int err)
1270{
1271 struct l2cap_conn *conn = hcon->l2cap_data;
1272 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1273
1274 if (!conn)
1275 return;
1276
1277 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1278
1279 kfree_skb(conn->rx_skb);
1280
3df91ea2
AE		 1281 mutex_lock(&conn->chan_lock);
1282
5d3de7df
VCG		 1283 /* Kill channels */
1284 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
61d6ef3e 1285 l2cap_chan_hold(chan);
6be36555
AE		 1286 l2cap_chan_lock(chan);
1287
5d3de7df 1288 l2cap_chan_del(chan, err);
6be36555
AE		 1289
1290 l2cap_chan_unlock(chan);
1291
5d3de7df 1292 chan->ops->close(chan->data);
61d6ef3e 1293 l2cap_chan_put(chan);
5d3de7df
VCG		 1294 }
1295
3df91ea2
AE		 1296 mutex_unlock(&conn->chan_lock);
1297
73d80deb
LAD		 1298 hci_chan_del(conn->hchan);
1299
5d3de7df 1300 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1301 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1302
51a8efd7 1303 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1304 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1305 smp_chan_destroy(conn);
d26a2345 1306 }
5d3de7df
VCG		 1307
1308 hcon->l2cap_data = NULL;
1309 kfree(conn);
1310}
1311
6c9d42a1 1312static void security_timeout(struct work_struct *work)
5d3de7df 1313{
6c9d42a1
GP		 1314 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1315 security_timer.work);
5d3de7df
VCG		 1316
1317 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1318}
1319
1da177e4
LT		 1320static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1321{
0139418c 1322 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1323 struct hci_chan *hchan;
1da177e4 1324
0139418c 1325 if (conn || status)
1da177e4
LT		 1326 return conn;
1327
73d80deb
LAD		 1328 hchan = hci_chan_create(hcon);
1329 if (!hchan)
1330 return NULL;
1331
0139418c 1332 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1333 if (!conn) {
1334 hci_chan_del(hchan);
1da177e4 1335 return NULL;
73d80deb 1336 }
1da177e4
LT		 1337
1338 hcon->l2cap_data = conn;
1339 conn->hcon = hcon;
73d80deb 1340 conn->hchan = hchan;
1da177e4 1341
73d80deb 1342 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1343
acd7d370
VT		 1344 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1345 conn->mtu = hcon->hdev->le_mtu;
1346 else
1347 conn->mtu = hcon->hdev->acl_mtu;
1348
1da177e4
LT		 1349 conn->src = &hcon->hdev->bdaddr;
1350 conn->dst = &hcon->dst;
1351
4e8402a3
MH		 1352 conn->feat_mask = 0;
1353
1da177e4 1354 spin_lock_init(&conn->lock);
3df91ea2 1355 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1356
1357 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1358
5d3de7df 1359 if (hcon->type == LE_LINK)
6c9d42a1 1360 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1361 else
030013d8 1362 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1363
9f5a0d7b 1364 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1365
1da177e4
LT		 1366 return conn;
1367}
1368
1da177e4 1369/* ---- Socket interface ---- */
1da177e4 1370
c2287681 1371/* Find socket with psm and source / destination bdaddr.
1da177e4
LT		 1372 * Returns closest match.
1373 */
c2287681
IY		 1374static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1375 bdaddr_t *src,
1376 bdaddr_t *dst)
1da177e4 1377{
23691d75 1378 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1379
23691d75 1380 read_lock(&chan_list_lock);
e0f0cb56 1381
23691d75
GP		 1382 list_for_each_entry(c, &chan_list, global_l) {
1383 struct sock *sk = c->sk;
fe4128e0 1384
89bc500e 1385 if (state && c->state != state)
1da177e4
LT		 1386 continue;
1387
23691d75 1388 if (c->psm == psm) {
c2287681
IY		 1389 int src_match, dst_match;
1390 int src_any, dst_any;
1391
1da177e4 1392 /* Exact match. */
c2287681
IY		 1393 src_match = !bacmp(&bt_sk(sk)->src, src);
1394 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1395 if (src_match && dst_match) {
a7567b20 1396 read_unlock(&chan_list_lock);
23691d75
GP		 1397 return c;
1398 }
1da177e4
LT		 1399
1400 /* Closest match */
c2287681
IY		 1401 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1402 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1403 if ((src_match && dst_any) || (src_any && dst_match) ||
1404 (src_any && dst_any))
23691d75 1405 c1 = c;
1da177e4
LT		 1406 }
1407 }
1da177e4 1408
23691d75 1409 read_unlock(&chan_list_lock);
e0f0cb56 1410
23691d75 1411 return c1;
1da177e4
LT		 1412}
1413
8e9f9892
AG		 1414int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1415 bdaddr_t *dst, u8 dst_type)
1da177e4 1416{
5d41ce1d 1417 struct sock *sk = chan->sk;
1da177e4 1418 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1419 struct l2cap_conn *conn;
1420 struct hci_conn *hcon;
1421 struct hci_dev *hdev;
09ab6f4c 1422 __u8 auth_type;
44d0e48e 1423 int err;
1da177e4 1424
8e9f9892
AG		 1425 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst),
1426 dst_type, __le16_to_cpu(chan->psm));
1da177e4 1427
af05b30b
GP		 1428 hdev = hci_get_route(dst, src);
1429 if (!hdev)
1da177e4
LT		 1430 return -EHOSTUNREACH;
1431
09fd0de5 1432 hci_dev_lock(hdev);
1da177e4 1433
6be36555 1434 l2cap_chan_lock(chan);
03a00194
GP		 1435
1436 /* PSM must be odd and lsb of upper byte must be 0 */
1437 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1438 chan->chan_type != L2CAP_CHAN_RAW) {
1439 err = -EINVAL;
1440 goto done;
1441 }
1442
1443 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1444 err = -EINVAL;
1445 goto done;
1446 }
1447
1448 switch (chan->mode) {
1449 case L2CAP_MODE_BASIC:
1450 break;
1451 case L2CAP_MODE_ERTM:
1452 case L2CAP_MODE_STREAMING:
1453 if (!disable_ertm)
1454 break;
1455 /* fall through */
1456 default:
1457 err = -ENOTSUPP;
1458 goto done;
1459 }
1460
6be36555
AE		 1461 lock_sock(sk);
1462
03a00194
GP		 1463 switch (sk->sk_state) {
1464 case BT_CONNECT:
1465 case BT_CONNECT2:
1466 case BT_CONFIG:
1467 /* Already connecting */
1468 err = 0;
6be36555 1469 release_sock(sk);
03a00194
GP		 1470 goto done;
1471
1472 case BT_CONNECTED:
1473 /* Already connected */
1474 err = -EISCONN;
6be36555 1475 release_sock(sk);
03a00194
GP		 1476 goto done;
1477
1478 case BT_OPEN:
1479 case BT_BOUND:
1480 /* Can connect */
1481 break;
1482
1483 default:
1484 err = -EBADFD;
6be36555 1485 release_sock(sk);
03a00194
GP		 1486 goto done;
1487 }
1488
1489 /* Set destination address and psm */
9219b2a0 1490 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1491
1492 release_sock(sk);
1493
03a00194
GP		 1494 chan->psm = psm;
1495 chan->dcid = cid;
1da177e4 1496
4343478f 1497 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1498
fe4128e0 1499 if (chan->dcid == L2CAP_CID_LE_DATA)
8e9f9892 1500 hcon = hci_connect(hdev, LE_LINK, dst, dst_type,
b12f62cf 1501 chan->sec_level, auth_type);
acd7d370 1502 else
8e9f9892 1503 hcon = hci_connect(hdev, ACL_LINK, dst, dst_type,
b12f62cf 1504 chan->sec_level, auth_type);
acd7d370 1505
30e76272
VT		 1506 if (IS_ERR(hcon)) {
1507 err = PTR_ERR(hcon);
1da177e4 1508 goto done;
30e76272 1509 }
1da177e4
LT		 1510
1511 conn = l2cap_conn_add(hcon, 0);
1512 if (!conn) {
1513 hci_conn_put(hcon);
30e76272 1514 err = -ENOMEM;
1da177e4
LT		 1515 goto done;
1516 }
1517
9f0caeb1
VCG		 1518 if (hcon->type == LE_LINK) {
1519 err = 0;
1520
1521 if (!list_empty(&conn->chan_l)) {
1522 err = -EBUSY;
1523 hci_conn_put(hcon);
1524 }
1525
1526 if (err)
1527 goto done;
1528 }
1529
1da177e4
LT		 1530 /* Update source addr of the socket */
1531 bacpy(src, conn->src);
1532
6be36555 1533 l2cap_chan_unlock(chan);
48454079 1534 l2cap_chan_add(conn, chan);
6be36555 1535 l2cap_chan_lock(chan);
48454079 1536
6be36555 1537 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1538 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1539
1540 if (hcon->state == BT_CONNECTED) {
715ec005 1541 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1542 __clear_chan_timer(chan);
d45fc423 1543 if (l2cap_chan_check_security(chan))
6be36555 1544 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1545 } else
fc7f8a7e 1546 l2cap_do_start(chan);
1da177e4
LT		 1547 }
1548
30e76272
VT		 1549 err = 0;
1550
1da177e4 1551done:
6be36555 1552 l2cap_chan_unlock(chan);
09fd0de5 1553 hci_dev_unlock(hdev);
1da177e4
LT		 1554 hci_dev_put(hdev);
1555 return err;
1556}
1557
dcba0dba 1558int __l2cap_wait_ack(struct sock *sk)
6161c038 1559{
8c1d787b 1560 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1561 DECLARE_WAITQUEUE(wait, current);
1562 int err = 0;
1563 int timeo = HZ/5;
1564
2b0b05dd 1565 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1566 set_current_state(TASK_INTERRUPTIBLE);
1567 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1568 if (!timeo)
1569 timeo = HZ/5;
1570
1571 if (signal_pending(current)) {
1572 err = sock_intr_errno(timeo);
1573 break;
1574 }
1575
1576 release_sock(sk);
1577 timeo = schedule_timeout(timeo);
1578 lock_sock(sk);
a71a0cf4 1579 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1580
1581 err = sock_error(sk);
1582 if (err)
1583 break;
1584 }
1585 set_current_state(TASK_RUNNING);
2b0b05dd 1586 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1587 return err;
1588}
1589
721c4181 1590static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1591{
721c4181
GP		 1592 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1593 monitor_timer.work);
e90bac06 1594
525cd185 1595 BT_DBG("chan %p", chan);
0e98958d 1596
6be36555
AE		 1597 l2cap_chan_lock(chan);
1598
2c03a7a4 1599 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1600 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1601 l2cap_chan_unlock(chan);
8d7e1c7f 1602 l2cap_chan_put(chan);
e90bac06
GP		 1603 return;
1604 }
1605
6a026610 1606 chan->retry_count++;
1a09bcb9 1607 __set_monitor_timer(chan);
e90bac06 1608
525cd185 1609 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1610 l2cap_chan_unlock(chan);
8d7e1c7f 1611 l2cap_chan_put(chan);
e90bac06
GP		 1612}
1613
721c4181 1614static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1615{
721c4181
GP		 1616 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1617 retrans_timer.work);
e90bac06 1618
49208c9c 1619 BT_DBG("chan %p", chan);
0e98958d 1620
6be36555
AE		 1621 l2cap_chan_lock(chan);
1622
6a026610 1623 chan->retry_count = 1;
1a09bcb9 1624 __set_monitor_timer(chan);
e90bac06 1625
e2ab4353 1626 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1627
525cd185 1628 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1629
1630 l2cap_chan_unlock(chan);
8d7e1c7f 1631 l2cap_chan_put(chan);
e90bac06
GP		 1632}
1633
42e5c802 1634static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1635{
1c2acffb 1636 struct sk_buff *skb;
1da177e4 1637
58d35f87 1638 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1639 chan->unacked_frames) {
3ce3514f 1640 if (bt_cb(skb)->control.txseq == chan->expected_ack_seq)
1c2acffb 1641 break;
1da177e4 1642
58d35f87 1643 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1644 kfree_skb(skb);
1da177e4 1645
6a026610 1646 chan->unacked_frames--;
1c2acffb 1647 }
1da177e4 1648
6a026610 1649 if (!chan->unacked_frames)
1a09bcb9 1650 __clear_retrans_timer(chan);
1c2acffb 1651}
1da177e4 1652
3733937d
MM		 1653static int l2cap_streaming_send(struct l2cap_chan *chan,
1654 struct sk_buff_head *skbs)
6840ed07 1655{
ccbb84af 1656 struct sk_buff *skb;
3733937d 1657 struct l2cap_ctrl *control;
6840ed07 1658
3733937d
MM		 1659 BT_DBG("chan %p, skbs %p", chan, skbs);
1660
1661 if (chan->state != BT_CONNECTED)
1662 return -ENOTCONN;
1663
1664 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1665
1666 while (!skb_queue_empty(&chan->tx_q)) {
1667
1668 skb = skb_dequeue(&chan->tx_q);
1669
1670 bt_cb(skb)->control.retries = 1;
1671 control = &bt_cb(skb)->control;
1672
1673 control->reqseq = 0;
1674 control->txseq = chan->next_tx_seq;
1675
1676 __pack_control(chan, control, skb);
6840ed07 1677
47d1ec61 1678 if (chan->fcs == L2CAP_FCS_CRC16) {
3733937d
MM		 1679 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1680 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1681 }
1682
4343478f 1683 l2cap_do_send(chan, skb);
6840ed07 1684
3733937d
MM		 1685 BT_DBG("Sent txseq %d", (int)control->txseq);
1686
836be934 1687 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
3733937d 1688 chan->frames_sent++;
6840ed07 1689 }
3733937d
MM		 1690
1691 return 0;
6840ed07
GP		 1692}
1693
fb45de7d 1694static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1695{
8f17154f 1696 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1697 u16 fcs;
1698 u32 control;
8f17154f 1699
58d35f87 1700 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1701 if (!skb)
1702 return;
8f17154f 1703
3ce3514f 1704 while (bt_cb(skb)->control.txseq != tx_seq) {
58d35f87 1705 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1706 return;
8f17154f 1707
d1726b6d
SJ		 1708 skb = skb_queue_next(&chan->tx_q, skb);
1709 }
8f17154f 1710
3ce3514f
MM		 1711 if (bt_cb(skb)->control.retries == chan->remote_max_tx &&
1712 chan->remote_max_tx) {
8c1d787b 1713 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1714 return;
1715 }
1716
1717 tx_skb = skb_clone(skb, GFP_ATOMIC);
3ce3514f 1718 bt_cb(skb)->control.retries++;
88843ab0
AE		 1719
1720 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1721 control &= __get_sar_mask(chan);
3cb123d1 1722
e2ab4353 1723 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1724 control |= __set_ctrl_final(chan);
95ffa978 1725
0b209fae 1726 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1727 control |= __set_txseq(chan, tx_seq);
3cb123d1 1728
88843ab0 1729 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1730
47d1ec61 1731 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1732 fcs = crc16(0, (u8 *)tx_skb->data,
1733 tx_skb->len - L2CAP_FCS_SIZE);
1734 put_unaligned_le16(fcs,
1735 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1736 }
1737
4343478f 1738 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1739}
1740
67c9e840 1741static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1742{
1743 struct sk_buff *skb, *tx_skb;
18a48e76
MM		 1744 struct l2cap_ctrl *control;
1745 int sent = 0;
1746
1747 BT_DBG("chan %p", chan);
1c2acffb 1748
89bc500e 1749 if (chan->state != BT_CONNECTED)
c13ffa62 1750 return -ENOTCONN;
e90bac06 1751
94122bbe
MM		 1752 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1753 return 0;
1754
18a48e76
MM		 1755 while (chan->tx_send_head &&
1756 chan->unacked_frames < chan->remote_tx_win &&
1757 chan->tx_state == L2CAP_TX_STATE_XMIT) {
e420aba3 1758
18a48e76 1759 skb = chan->tx_send_head;
e90bac06 1760
18a48e76
MM		 1761 bt_cb(skb)->control.retries = 1;
1762 control = &bt_cb(skb)->control;
95ffa978 1763
e2ab4353 1764 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
18a48e76 1765 control->final = 1;
e2ab4353 1766
18a48e76
MM		 1767 control->reqseq = chan->buffer_seq;
1768 chan->last_acked_seq = chan->buffer_seq;
1769 control->txseq = chan->next_tx_seq;
1c2acffb 1770
18a48e76 1771 __pack_control(chan, control, skb);
e90bac06 1772
47d1ec61 1773 if (chan->fcs == L2CAP_FCS_CRC16) {
18a48e76
MM		 1774 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1775 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1776 }
1777
18a48e76
MM		 1778 /* Clone after data has been modified. Data is assumed to be
1779 read-only (for locking purposes) on cloned sk_buffs.
1780 */
1781 tx_skb = skb_clone(skb, GFP_KERNEL);
9a9c6a34 1782
18a48e76
MM		 1783 if (!tx_skb)
1784 break;
1c2acffb 1785
18a48e76 1786 __set_retrans_timer(chan);
836be934
AE		 1787
1788 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
18a48e76 1789 chan->unacked_frames++;
6a026610 1790 chan->frames_sent++;
18a48e76 1791 sent++;
1c2acffb 1792
58d35f87
GP		 1793 if (skb_queue_is_last(&chan->tx_q, skb))
1794 chan->tx_send_head = NULL;
1c2acffb 1795 else
58d35f87 1796 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
18a48e76
MM		 1797
1798 l2cap_do_send(chan, tx_skb);
1799 BT_DBG("Sent txseq %d", (int)control->txseq);
1c2acffb
GP		 1800 }
1801
18a48e76
MM		 1802 BT_DBG("Sent %d, %d unacked, %d in ERTM queue", sent,
1803 (int) chan->unacked_frames, skb_queue_len(&chan->tx_q));
1804
1805 return sent;
9e917af1
GP		 1806}
1807
525cd185 1808static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1809{
dfc909be
GP		 1810 int ret;
1811
58d35f87
GP		 1812 if (!skb_queue_empty(&chan->tx_q))
1813 chan->tx_send_head = chan->tx_q.next;
dfc909be 1814
42e5c802 1815 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1816 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1817 return ret;
1818}
1819
b17e73bb 1820static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1821{
88843ab0 1822 u32 control = 0;
9e917af1 1823
0b209fae 1824 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1825
e2ab4353 1826 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1827 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1828 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1829 l2cap_send_sframe(chan, control);
9a9c6a34 1830 return;
9e917af1 1831 }
dfc909be 1832
525cd185 1833 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1834 return;
1835
ab784b73 1836 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1837 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1838}
1839
b17e73bb
SJ		 1840static void l2cap_send_ack(struct l2cap_chan *chan)
1841{
1842 __clear_ack_timer(chan);
1843 __l2cap_send_ack(chan);
1844}
1845
525cd185 1846static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1847{
1848 struct srej_list *tail;
88843ab0 1849 u32 control;
99b0d4b7 1850
ab784b73 1851 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1852 control |= __set_ctrl_final(chan);
99b0d4b7 1853
39d5a3ee 1854 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1855 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1856
525cd185 1857 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1858}
1859
04124681
GP		 1860static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1861 struct msghdr *msg, int len,
1862 int count, struct sk_buff *skb)
1c2acffb 1863{
0952a57a 1864 struct l2cap_conn *conn = chan->conn;
1c2acffb 1865 struct sk_buff **frag;
90338947 1866 int sent = 0;
1da177e4 1867
59203a21 1868 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1869 return -EFAULT;
1da177e4
LT		 1870
1871 sent += count;
1872 len -= count;
1873
1874 /* Continuation fragments (no L2CAP header) */
1875 frag = &skb_shinfo(skb)->frag_list;
1876 while (len) {
fbe00700
GP		 1877 struct sk_buff *tmp;
1878
1da177e4
LT		 1879 count = min_t(unsigned int, conn->mtu, len);
1880
fbe00700
GP		 1881 tmp = chan->ops->alloc_skb(chan, count,
1882 msg->msg_flags & MSG_DONTWAIT);
1883 if (IS_ERR(tmp))
1884 return PTR_ERR(tmp);
1885
1886 *frag = tmp;
2f7719ce 1887
1c2acffb
GP		 1888 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1889 return -EFAULT;
1da177e4 1890
5e59b791
LAD		 1891 (*frag)->priority = skb->priority;
1892
1da177e4
LT		 1893 sent += count;
1894 len -= count;
1895
2d0ed3d5
GP		 1896 skb->len += (*frag)->len;
1897 skb->data_len += (*frag)->len;
1898
1da177e4
LT		 1899 frag = &(*frag)->next;
1900 }
1da177e4
LT		 1901
1902 return sent;
1c2acffb 1903}
1da177e4 1904
5e59b791
LAD		 1905static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1906 struct msghdr *msg, size_t len,
1907 u32 priority)
1c2acffb 1908{
8c1d787b 1909 struct l2cap_conn *conn = chan->conn;
1c2acffb 1910 struct sk_buff *skb;
03a51213 1911 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1912 struct l2cap_hdr *lh;
1913
6d5922b0 1914 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1915
1916 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1917
1918 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1919 msg->msg_flags & MSG_DONTWAIT);
1920 if (IS_ERR(skb))
1921 return skb;
1c2acffb 1922
5e59b791
LAD		 1923 skb->priority = priority;
1924
1c2acffb
GP		 1925 /* Create L2CAP header */
1926 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1927 lh->cid = cpu_to_le16(chan->dcid);
daf6a78c
AE		 1928 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE);
1929 put_unaligned(chan->psm, skb_put(skb, L2CAP_PSMLEN_SIZE));
1c2acffb 1930
0952a57a 1931 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1932 if (unlikely(err < 0)) {
1933 kfree_skb(skb);
1934 return ERR_PTR(err);
1935 }
1936 return skb;
1937}
1938
5e59b791
LAD		 1939static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1940 struct msghdr *msg, size_t len,
1941 u32 priority)
1c2acffb 1942{
8c1d787b 1943 struct l2cap_conn *conn = chan->conn;
1c2acffb 1944 struct sk_buff *skb;
f2ba7fae 1945 int err, count;
1c2acffb
GP		 1946 struct l2cap_hdr *lh;
1947
6d5922b0 1948 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1949
f2ba7fae 1950 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
2f7719ce 1951
f2ba7fae 1952 skb = chan->ops->alloc_skb(chan, count + L2CAP_HDR_SIZE,
90338947
GP		 1953 msg->msg_flags & MSG_DONTWAIT);
1954 if (IS_ERR(skb))
1955 return skb;
1c2acffb 1956
5e59b791
LAD		 1957 skb->priority = priority;
1958
1c2acffb
GP		 1959 /* Create L2CAP header */
1960 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1961 lh->cid = cpu_to_le16(chan->dcid);
6ff9b5ef 1962 lh->len = cpu_to_le16(len);
1c2acffb 1963
0952a57a 1964 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1965 if (unlikely(err < 0)) {
1966 kfree_skb(skb);
1967 return ERR_PTR(err);
1968 }
1969 return skb;
1970}
1971
ab0ff76d
LAD		 1972static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1973 struct msghdr *msg, size_t len,
94122bbe 1974 u16 sdulen)
1c2acffb 1975{
8c1d787b 1976 struct l2cap_conn *conn = chan->conn;
1c2acffb 1977 struct sk_buff *skb;
e4ca6d98 1978 int err, count, hlen;
1c2acffb
GP		 1979 struct l2cap_hdr *lh;
1980
6d5922b0 1981 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1982
0ee0d208
GP		 1983 if (!conn)
1984 return ERR_PTR(-ENOTCONN);
1985
e4ca6d98
AE		 1986 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1987 hlen = L2CAP_EXT_HDR_SIZE;
1988 else
1989 hlen = L2CAP_ENH_HDR_SIZE;
1990
c74e560c 1991 if (sdulen)
03a51213 1992 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1993
47d1ec61 1994 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1995 hlen += L2CAP_FCS_SIZE;
fcc203c3 1996
1c2acffb 1997 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1998
1999 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 2000 msg->msg_flags & MSG_DONTWAIT);
2001 if (IS_ERR(skb))
2002 return skb;
1c2acffb
GP		 2003
2004 /* Create L2CAP header */
2005 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 2006 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 2007 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0 2008
18a48e76
MM		 2009 /* Control header is populated later */
2010 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2011 put_unaligned_le32(0, skb_put(skb, L2CAP_EXT_CTRL_SIZE));
2012 else
2013 put_unaligned_le16(0, skb_put(skb, L2CAP_ENH_CTRL_SIZE));
88843ab0 2014
c74e560c 2015 if (sdulen)
03a51213 2016 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 2017
0952a57a 2018 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 2019 if (unlikely(err < 0)) {
2020 kfree_skb(skb);
2021 return ERR_PTR(err);
2022 }
e90bac06 2023
18a48e76 2024 bt_cb(skb)->control.fcs = chan->fcs;
3ce3514f 2025 bt_cb(skb)->control.retries = 0;
1c2acffb 2026 return skb;
1da177e4
LT		 2027}
2028
94122bbe
MM		 2029static int l2cap_segment_sdu(struct l2cap_chan *chan,
2030 struct sk_buff_head *seg_queue,
2031 struct msghdr *msg, size_t len)
c74e560c 2032{
c74e560c 2033 struct sk_buff *skb;
94122bbe
MM		 2034 u16 sdu_len;
2035 size_t pdu_len;
2036 int err = 0;
2037 u8 sar;
c74e560c 2038
94122bbe 2039 BT_DBG("chan %p, msg %p, len %d", chan, msg, (int)len);
c74e560c 2040
94122bbe
MM		 2041 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2042 * so fragmented skbs are not used. The HCI layer's handling
2043 * of fragmented skbs is not compatible with ERTM's queueing.
2044 */
c74e560c 2045
94122bbe
MM		 2046 /* PDU size is derived from the HCI MTU */
2047 pdu_len = chan->conn->mtu;
c74e560c 2048
94122bbe
MM		 2049 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD);
2050
2051 /* Adjust for largest possible L2CAP overhead. */
2052 pdu_len -= L2CAP_EXT_HDR_SIZE + L2CAP_FCS_SIZE;
2053
2054 /* Remote device may have requested smaller PDUs */
2055 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2056
2057 if (len <= pdu_len) {
2058 sar = L2CAP_SAR_UNSEGMENTED;
2059 sdu_len = 0;
2060 pdu_len = len;
2061 } else {
2062 sar = L2CAP_SAR_START;
2063 sdu_len = len;
2064 pdu_len -= L2CAP_SDULEN_SIZE;
2065 }
2066
2067 while (len > 0) {
2068 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
c74e560c 2069
c74e560c 2070 if (IS_ERR(skb)) {
94122bbe 2071 __skb_queue_purge(seg_queue);
c74e560c
GP		 2072 return PTR_ERR(skb);
2073 }
2074
94122bbe
MM		 2075 bt_cb(skb)->control.sar = sar;
2076 __skb_queue_tail(seg_queue, skb);
2077
2078 len -= pdu_len;
2079 if (sdu_len) {
2080 sdu_len = 0;
2081 pdu_len += L2CAP_SDULEN_SIZE;
2082 }
2083
2084 if (len <= pdu_len) {
2085 sar = L2CAP_SAR_END;
2086 pdu_len = len;
2087 } else {
2088 sar = L2CAP_SAR_CONTINUE;
2089 }
c74e560c 2090 }
c74e560c 2091
94122bbe 2092 return err;
c74e560c
GP		 2093}
2094
5e59b791
LAD		 2095int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2096 u32 priority)
9a91a04a 2097{
9a91a04a 2098 struct sk_buff *skb;
9a91a04a 2099 int err;
94122bbe 2100 struct sk_buff_head seg_queue;
9a91a04a
GP		 2101
2102 /* Connectionless channel */
715ec005 2103 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 2104 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 2105 if (IS_ERR(skb))
2106 return PTR_ERR(skb);
2107
2108 l2cap_do_send(chan, skb);
2109 return len;
2110 }
2111
2112 switch (chan->mode) {
2113 case L2CAP_MODE_BASIC:
2114 /* Check outgoing MTU */
2115 if (len > chan->omtu)
2116 return -EMSGSIZE;
2117
2118 /* Create a basic PDU */
5e59b791 2119 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 2120 if (IS_ERR(skb))
2121 return PTR_ERR(skb);
2122
2123 l2cap_do_send(chan, skb);
2124 err = len;
2125 break;
2126
2127 case L2CAP_MODE_ERTM:
2128 case L2CAP_MODE_STREAMING:
94122bbe
MM		 2129 /* Check outgoing MTU */
2130 if (len > chan->omtu) {
2131 err = -EMSGSIZE;
2132 break;
2133 }
9a91a04a 2134
94122bbe 2135 __skb_queue_head_init(&seg_queue);
9a91a04a 2136
94122bbe
MM		 2137 /* Do segmentation before calling in to the state machine,
2138 * since it's possible to block while waiting for memory
2139 * allocation.
2140 */
2141 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
9a91a04a 2142
94122bbe
MM		 2143 /* The channel could have been closed while segmenting,
2144 * check that it is still connected.
2145 */
2146 if (chan->state != BT_CONNECTED) {
2147 __skb_queue_purge(&seg_queue);
2148 err = -ENOTCONN;
9a91a04a
GP		 2149 }
2150
94122bbe 2151 if (err)
9a91a04a 2152 break;
9a91a04a 2153
3733937d 2154 if (chan->mode == L2CAP_MODE_ERTM)
608bcc6d
MM		 2155 err = l2cap_tx(chan, 0, &seg_queue,
2156 L2CAP_EV_DATA_REQUEST);
3733937d
MM		 2157 else
2158 err = l2cap_streaming_send(chan, &seg_queue);
9a91a04a 2159
608bcc6d 2160 if (!err)
9a91a04a
GP		 2161 err = len;
2162
94122bbe
MM		 2163 /* If the skbs were not queued for sending, they'll still be in
2164 * seg_queue and need to be purged.
2165 */
2166 __skb_queue_purge(&seg_queue);
9a91a04a
GP		 2167 break;
2168
2169 default:
2170 BT_DBG("bad state %1.1x", chan->mode);
2171 err = -EBADFD;
2172 }
2173
2174 return err;
2175}
2176
608bcc6d
MM		 2177static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2178{
2179 struct sk_buff *acked_skb;
2180 u16 ackseq;
2181
2182 BT_DBG("chan %p, reqseq %d", chan, reqseq);
2183
2184 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2185 return;
2186
2187 BT_DBG("expected_ack_seq %d, unacked_frames %d",
2188 chan->expected_ack_seq, chan->unacked_frames);
2189
2190 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2191 ackseq = __next_seq(chan, ackseq)) {
2192
2193 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2194 if (acked_skb) {
2195 skb_unlink(acked_skb, &chan->tx_q);
2196 kfree_skb(acked_skb);
2197 chan->unacked_frames--;
2198 }
2199 }
2200
2201 chan->expected_ack_seq = reqseq;
2202
2203 if (chan->unacked_frames == 0)
2204 __clear_retrans_timer(chan);
2205
2206 BT_DBG("unacked_frames %d", (int) chan->unacked_frames);
2207}
2208
2209static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2210{
2211 BT_DBG("chan %p", chan);
2212
2213 chan->expected_tx_seq = chan->buffer_seq;
2214 l2cap_seq_list_clear(&chan->srej_list);
2215 skb_queue_purge(&chan->srej_q);
2216 chan->rx_state = L2CAP_RX_STATE_RECV;
2217}
2218
2219static int l2cap_tx_state_xmit(struct l2cap_chan *chan,
2220 struct l2cap_ctrl *control,
2221 struct sk_buff_head *skbs, u8 event)
2222{
2223 int err = 0;
2224
2225 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2226 event);
2227
2228 switch (event) {
2229 case L2CAP_EV_DATA_REQUEST:
2230 if (chan->tx_send_head == NULL)
2231 chan->tx_send_head = skb_peek(skbs);
2232
2233 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2234 l2cap_ertm_send(chan);
2235 break;
2236 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2237 BT_DBG("Enter LOCAL_BUSY");
2238 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2239
2240 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2241 /* The SREJ_SENT state must be aborted if we are to
2242 * enter the LOCAL_BUSY state.
2243 */
2244 l2cap_abort_rx_srej_sent(chan);
2245 }
2246
2247 l2cap_send_ack(chan);
2248
2249 break;
2250 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2251 BT_DBG("Exit LOCAL_BUSY");
2252 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2253
2254 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2255 struct l2cap_ctrl local_control;
2256
2257 memset(&local_control, 0, sizeof(local_control));
2258 local_control.sframe = 1;
2259 local_control.super = L2CAP_SUPER_RR;
2260 local_control.poll = 1;
2261 local_control.reqseq = chan->buffer_seq;
2262 l2cap_send_sframe(chan, 0);
2263
2264 chan->retry_count = 1;
2265 __set_monitor_timer(chan);
2266 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2267 }
2268 break;
2269 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2270 l2cap_process_reqseq(chan, control->reqseq);
2271 break;
2272 case L2CAP_EV_EXPLICIT_POLL:
2273 l2cap_send_rr_or_rnr(chan, 1);
2274 chan->retry_count = 1;
2275 __set_monitor_timer(chan);
2276 __clear_ack_timer(chan);
2277 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2278 break;
2279 case L2CAP_EV_RETRANS_TO:
2280 l2cap_send_rr_or_rnr(chan, 1);
2281 chan->retry_count = 1;
2282 __set_monitor_timer(chan);
2283 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2284 break;
2285 case L2CAP_EV_RECV_FBIT:
2286 /* Nothing to process */
2287 break;
2288 default:
2289 break;
2290 }
2291
2292 return err;
2293}
2294
2295static int l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2296 struct l2cap_ctrl *control,
2297 struct sk_buff_head *skbs, u8 event)
2298{
2299 int err = 0;
2300
2301 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2302 event);
2303
2304 switch (event) {
2305 case L2CAP_EV_DATA_REQUEST:
2306 if (chan->tx_send_head == NULL)
2307 chan->tx_send_head = skb_peek(skbs);
2308 /* Queue data, but don't send. */
2309 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2310 break;
2311 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2312 BT_DBG("Enter LOCAL_BUSY");
2313 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2314
2315 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2316 /* The SREJ_SENT state must be aborted if we are to
2317 * enter the LOCAL_BUSY state.
2318 */
2319 l2cap_abort_rx_srej_sent(chan);
2320 }
2321
2322 l2cap_send_ack(chan);
2323
2324 break;
2325 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2326 BT_DBG("Exit LOCAL_BUSY");
2327 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2328
2329 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2330 struct l2cap_ctrl local_control;
2331 memset(&local_control, 0, sizeof(local_control));
2332 local_control.sframe = 1;
2333 local_control.super = L2CAP_SUPER_RR;
2334 local_control.poll = 1;
2335 local_control.reqseq = chan->buffer_seq;
2336 l2cap_send_sframe(chan, 0);
2337
2338 chan->retry_count = 1;
2339 __set_monitor_timer(chan);
2340 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2341 }
2342 break;
2343 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2344 l2cap_process_reqseq(chan, control->reqseq);
2345
2346 /* Fall through */
2347
2348 case L2CAP_EV_RECV_FBIT:
2349 if (control && control->final) {
2350 __clear_monitor_timer(chan);
2351 if (chan->unacked_frames > 0)
2352 __set_retrans_timer(chan);
2353 chan->retry_count = 0;
2354 chan->tx_state = L2CAP_TX_STATE_XMIT;
2355 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2356 }
2357 break;
2358 case L2CAP_EV_EXPLICIT_POLL:
2359 /* Ignore */
2360 break;
2361 case L2CAP_EV_MONITOR_TO:
2362 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2363 l2cap_send_rr_or_rnr(chan, 1);
2364 __set_monitor_timer(chan);
2365 chan->retry_count++;
2366 } else {
2367 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
2368 }
2369 break;
2370 default:
2371 break;
2372 }
2373
2374 return err;
2375}
2376
2377static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2378 struct sk_buff_head *skbs, u8 event)
2379{
2380 int err = 0;
2381
2382 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2383 chan, control, skbs, event, chan->tx_state);
2384
2385 switch (chan->tx_state) {
2386 case L2CAP_TX_STATE_XMIT:
2387 err = l2cap_tx_state_xmit(chan, control, skbs, event);
2388 break;
2389 case L2CAP_TX_STATE_WAIT_F:
2390 err = l2cap_tx_state_wait_f(chan, control, skbs, event);
2391 break;
2392 default:
2393 /* Ignore event */
2394 break;
2395 }
2396
2397 return err;
2398}
2399
1da177e4
LT		 2400/* Copy frame to all raw sockets on that connection */
2401static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2402{
1da177e4 2403 struct sk_buff *nskb;
48454079 2404 struct l2cap_chan *chan;
1da177e4
LT		 2405
2406 BT_DBG("conn %p", conn);
2407
3df91ea2 2408 mutex_lock(&conn->chan_lock);
3d57dc68 2409
3df91ea2 2410 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 2411 struct sock *sk = chan->sk;
715ec005 2412 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 2413 continue;
2414
2415 /* Don't send frame to the socket it came from */
2416 if (skb->sk == sk)
2417 continue;
af05b30b
GP		 2418 nskb = skb_clone(skb, GFP_ATOMIC);
2419 if (!nskb)
1da177e4
LT		 2420 continue;
2421
23070494 2422 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 2423 kfree_skb(nskb);
2424 }
3d57dc68 2425
3df91ea2 2426 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2427}
2428
2429/* ---- L2CAP signalling commands ---- */
2430static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2431 u8 code, u8 ident, u16 dlen, void *data)
2432{
2433 struct sk_buff *skb, **frag;
2434 struct l2cap_cmd_hdr *cmd;
2435 struct l2cap_hdr *lh;
2436 int len, count;
2437
af05b30b
GP		 2438 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2439 conn, code, ident, dlen);
1da177e4
LT		 2440
2441 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2442 count = min_t(unsigned int, conn->mtu, len);
2443
2444 skb = bt_skb_alloc(count, GFP_ATOMIC);
2445 if (!skb)
2446 return NULL;
2447
2448 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 2449 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 2450
2451 if (conn->hcon->type == LE_LINK)
2452 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
2453 else
2454 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 2455
2456 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2457 cmd->code = code;
2458 cmd->ident = ident;
aca3192c 2459 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 2460
2461 if (dlen) {
2462 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2463 memcpy(skb_put(skb, count), data, count);
2464 data += count;
2465 }
2466
2467 len -= skb->len;
2468
2469 /* Continuation fragments (no L2CAP header) */
2470 frag = &skb_shinfo(skb)->frag_list;
2471 while (len) {
2472 count = min_t(unsigned int, conn->mtu, len);
2473
2474 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2475 if (!*frag)
2476 goto fail;
2477
2478 memcpy(skb_put(*frag, count), data, count);
2479
2480 len -= count;
2481 data += count;
2482
2483 frag = &(*frag)->next;
2484 }
2485
2486 return skb;
2487
2488fail:
2489 kfree_skb(skb);
2490 return NULL;
2491}
2492
2493static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2494{
2495 struct l2cap_conf_opt *opt = *ptr;
2496 int len;
2497
2498 len = L2CAP_CONF_OPT_SIZE + opt->len;
2499 *ptr += len;
2500
2501 *type = opt->type;
2502 *olen = opt->len;
2503
2504 switch (opt->len) {
2505 case 1:
2506 *val = *((u8 *) opt->val);
2507 break;
2508
2509 case 2:
bfaaeb3e 2510 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 2511 break;
2512
2513 case 4:
bfaaeb3e 2514 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 2515 break;
2516
2517 default:
2518 *val = (unsigned long) opt->val;
2519 break;
2520 }
2521
2522 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2523 return len;
2524}
2525
1da177e4
LT		 2526static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2527{
2528 struct l2cap_conf_opt *opt = *ptr;
2529
2530 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2531
2532 opt->type = type;
2533 opt->len = len;
2534
2535 switch (len) {
2536 case 1:
2537 *((u8 *) opt->val) = val;
2538 break;
2539
2540 case 2:
4f8b691c 2541 put_unaligned_le16(val, opt->val);
1da177e4
LT		 2542 break;
2543
2544 case 4:
4f8b691c 2545 put_unaligned_le32(val, opt->val);
1da177e4
LT		 2546 break;
2547
2548 default:
2549 memcpy(opt->val, (void *) val, len);
2550 break;
2551 }
2552
2553 *ptr += L2CAP_CONF_OPT_SIZE + len;
2554}
2555
f89cef09
AE		 2556static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2557{
2558 struct l2cap_conf_efs efs;
2559
1ec918ce 2560 switch (chan->mode) {
f89cef09
AE		 2561 case L2CAP_MODE_ERTM:
2562 efs.id = chan->local_id;
2563 efs.stype = chan->local_stype;
2564 efs.msdu = cpu_to_le16(chan->local_msdu);
2565 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2566 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2567 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2568 break;
2569
2570 case L2CAP_MODE_STREAMING:
2571 efs.id = 1;
2572 efs.stype = L2CAP_SERV_BESTEFFORT;
2573 efs.msdu = cpu_to_le16(chan->local_msdu);
2574 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2575 efs.acc_lat = 0;
2576 efs.flush_to = 0;
2577 break;
2578
2579 default:
2580 return;
2581 }
2582
2583 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2584 (unsigned long) &efs);
2585}
2586
721c4181 2587static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2588{
721c4181
GP		 2589 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2590 ack_timer.work);
c1b4f43b 2591
2fb9b3d4
GP		 2592 BT_DBG("chan %p", chan);
2593
6be36555
AE		 2594 l2cap_chan_lock(chan);
2595
b17e73bb 2596 __l2cap_send_ack(chan);
6be36555
AE		 2597
2598 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2599
2600 l2cap_chan_put(chan);
c1b4f43b
GP		 2601}
2602
3c588192 2603static inline int l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2604{
3c588192
MM		 2605 int err;
2606
105bdf9e
MM		 2607 chan->next_tx_seq = 0;
2608 chan->expected_tx_seq = 0;
42e5c802 2609 chan->expected_ack_seq = 0;
6a026610 2610 chan->unacked_frames = 0;
42e5c802 2611 chan->buffer_seq = 0;
6a026610
GP		 2612 chan->num_acked = 0;
2613 chan->frames_sent = 0;
105bdf9e
MM		 2614 chan->last_acked_seq = 0;
2615 chan->sdu = NULL;
2616 chan->sdu_last_frag = NULL;
2617 chan->sdu_len = 0;
2618
d34c34fb
MM		 2619 skb_queue_head_init(&chan->tx_q);
2620
105bdf9e
MM		 2621 if (chan->mode != L2CAP_MODE_ERTM)
2622 return 0;
2623
2624 chan->rx_state = L2CAP_RX_STATE_RECV;
2625 chan->tx_state = L2CAP_TX_STATE_XMIT;
0565c1c2 2626
721c4181
GP		 2627 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2628 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2629 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2630
f1c6775b 2631 skb_queue_head_init(&chan->srej_q);
1890d36b 2632
39d5a3ee 2633 INIT_LIST_HEAD(&chan->srej_l);
3c588192
MM		 2634 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
2635 if (err < 0)
2636 return err;
2637
9dc9affc
MM		 2638 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
2639 if (err < 0)
2640 l2cap_seq_list_free(&chan->srej_list);
2641
2642 return err;
0565c1c2
GP		 2643}
2644
f2fcfcd6
GP		 2645static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2646{
2647 switch (mode) {
2648 case L2CAP_MODE_STREAMING:
2649 case L2CAP_MODE_ERTM:
2650 if (l2cap_mode_supported(mode, remote_feat_mask))
2651 return mode;
2652 /* fall through */
2653 default:
2654 return L2CAP_MODE_BASIC;
2655 }
2656}
2657
6327eb98
AE		 2658static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2659{
2660 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2661}
2662
f89cef09
AE		 2663static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2664{
2665 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2666}
2667
6327eb98
AE		 2668static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2669{
2670 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2671 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2672 /* use extended control field */
2673 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2674 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2675 } else {
6327eb98
AE		 2676 chan->tx_win = min_t(u16, chan->tx_win,
2677 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2678 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2679 }
6327eb98
AE		 2680}
2681
710f9b0a 2682static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2683{
1da177e4 2684 struct l2cap_conf_req *req = data;
0c1bc5c6 2685 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2686 void *ptr = req->data;
c8f79162 2687 u16 size;
1da177e4 2688
49208c9c 2689 BT_DBG("chan %p", chan);
1da177e4 2690
73ffa904 2691 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2692 goto done;
2693
0c1bc5c6 2694 switch (chan->mode) {
f2fcfcd6
GP		 2695 case L2CAP_MODE_STREAMING:
2696 case L2CAP_MODE_ERTM:
c1360a1c 2697 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2698 break;
85eb53c6 2699
f89cef09
AE		 2700 if (__l2cap_efs_supported(chan))
2701 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2702
2ba13ed6 2703 /* fall through */
f2fcfcd6 2704 default:
8c1d787b 2705 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2706 break;
2707 }
2708
2709done:
0c1bc5c6
GP		 2710 if (chan->imtu != L2CAP_DEFAULT_MTU)
2711 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2712
0c1bc5c6 2713 switch (chan->mode) {
65c7c491 2714 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2715 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2716 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2717 break;
2718
62547752
GP		 2719 rfc.mode = L2CAP_MODE_BASIC;
2720 rfc.txwin_size = 0;
2721 rfc.max_transmit = 0;
2722 rfc.retrans_timeout = 0;
2723 rfc.monitor_timeout = 0;
2724 rfc.max_pdu_size = 0;
2725
63406504
GP		 2726 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2727 (unsigned long) &rfc);
65c7c491
MH		 2728 break;
2729
2730 case L2CAP_MODE_ERTM:
2731 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2732 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2733 rfc.retrans_timeout = 0;
2734 rfc.monitor_timeout = 0;
c8f79162
AE		 2735
2736 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2737 L2CAP_EXT_HDR_SIZE -
2738 L2CAP_SDULEN_SIZE -
2739 L2CAP_FCS_SIZE);
2740 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2741
6327eb98
AE		 2742 l2cap_txwin_setup(chan);
2743
2744 rfc.txwin_size = min_t(u16, chan->tx_win,
2745 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2746
63406504
GP		 2747 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2748 (unsigned long) &rfc);
2749
f89cef09
AE		 2750 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2751 l2cap_add_opt_efs(&ptr, chan);
2752
8c1d787b 2753 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2754 break;
2755
47d1ec61 2756 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2757 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2758 chan->fcs = L2CAP_FCS_NONE;
2759 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2760 }
6327eb98
AE		 2761
2762 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2763 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2764 chan->tx_win);
f2fcfcd6
GP		 2765 break;
2766
2767 case L2CAP_MODE_STREAMING:
2768 rfc.mode = L2CAP_MODE_STREAMING;
2769 rfc.txwin_size = 0;
2770 rfc.max_transmit = 0;
2771 rfc.retrans_timeout = 0;
2772 rfc.monitor_timeout = 0;
c8f79162
AE		 2773
2774 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2775 L2CAP_EXT_HDR_SIZE -
2776 L2CAP_SDULEN_SIZE -
2777 L2CAP_FCS_SIZE);
2778 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2779
63406504
GP		 2780 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2781 (unsigned long) &rfc);
2782
f89cef09
AE		 2783 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2784 l2cap_add_opt_efs(&ptr, chan);
2785
8c1d787b 2786 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2787 break;
2788
47d1ec61 2789 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2790 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2791 chan->fcs = L2CAP_FCS_NONE;
2792 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2793 }
65c7c491
MH		 2794 break;
2795 }
1da177e4 2796
fe4128e0 2797 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2798 req->flags = cpu_to_le16(0);
1da177e4
LT		 2799
2800 return ptr - data;
2801}
2802
73ffa904 2803static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2804{
5dee9e7c
MH		 2805 struct l2cap_conf_rsp *rsp = data;
2806 void *ptr = rsp->data;
73ffa904
GP		 2807 void *req = chan->conf_req;
2808 int len = chan->conf_len;
5dee9e7c
MH		 2809 int type, hint, olen;
2810 unsigned long val;
6464f35f 2811 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2812 struct l2cap_conf_efs efs;
2813 u8 remote_efs = 0;
861d6882 2814 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2815 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2816 u16 size;
1da177e4 2817
73ffa904 2818 BT_DBG("chan %p", chan);
820ae1b8 2819
5dee9e7c
MH		 2820 while (len >= L2CAP_CONF_OPT_SIZE) {
2821 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2822
589d2746 2823 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2824 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2825
2826 switch (type) {
2827 case L2CAP_CONF_MTU:
861d6882 2828 mtu = val;
5dee9e7c
MH		 2829 break;
2830
2831 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2832 chan->flush_to = val;
5dee9e7c
MH		 2833 break;
2834
2835 case L2CAP_CONF_QOS:
2836 break;
2837
6464f35f
MH		 2838 case L2CAP_CONF_RFC:
2839 if (olen == sizeof(rfc))
2840 memcpy(&rfc, (void *) val, olen);
2841 break;
2842
fcc203c3
GP		 2843 case L2CAP_CONF_FCS:
2844 if (val == L2CAP_FCS_NONE)
c1360a1c 2845 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2846 break;
fcc203c3 2847
42dceae2
AE		 2848 case L2CAP_CONF_EFS:
2849 remote_efs = 1;
2850 if (olen == sizeof(efs))
2851 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2852 break;
2853
6327eb98
AE		 2854 case L2CAP_CONF_EWS:
2855 if (!enable_hs)
2856 return -ECONNREFUSED;
fcc203c3 2857
6327eb98
AE		 2858 set_bit(FLAG_EXT_CTRL, &chan->flags);
2859 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2860 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2861 chan->remote_tx_win = val;
fcc203c3
GP		 2862 break;
2863
5dee9e7c
MH		 2864 default:
2865 if (hint)
2866 break;
2867
2868 result = L2CAP_CONF_UNKNOWN;
2869 *((u8 *) ptr++) = type;
2870 break;
2871 }
2872 }
2873
73ffa904 2874 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2875 goto done;
2876
0c1bc5c6 2877 switch (chan->mode) {
f2fcfcd6
GP		 2878 case L2CAP_MODE_STREAMING:
2879 case L2CAP_MODE_ERTM:
c1360a1c 2880 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2881 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2882 chan->conn->feat_mask);
85eb53c6
GP		 2883 break;
2884 }
2885
42dceae2
AE		 2886 if (remote_efs) {
2887 if (__l2cap_efs_supported(chan))
2888 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2889 else
2890 return -ECONNREFUSED;
2891 }
2892
0c1bc5c6 2893 if (chan->mode != rfc.mode)
f2fcfcd6 2894 return -ECONNREFUSED;
742e519b 2895
f2fcfcd6 2896 break;
f2fcfcd6
GP		 2897 }
2898
2899done:
0c1bc5c6 2900 if (chan->mode != rfc.mode) {
f2fcfcd6 2901 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2902 rfc.mode = chan->mode;
f2fcfcd6 2903
73ffa904 2904 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2905 return -ECONNREFUSED;
2906
2907 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2908 sizeof(rfc), (unsigned long) &rfc);
2909 }
2910
5dee9e7c
MH		 2911 if (result == L2CAP_CONF_SUCCESS) {
2912 /* Configure output options and let the other side know
2913 * which ones we don't like. */
2914
f2fcfcd6
GP		 2915 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2916 result = L2CAP_CONF_UNACCEPT;
2917 else {
0c1bc5c6 2918 chan->omtu = mtu;
c1360a1c 2919 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2920 }
0c1bc5c6 2921 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2922
42dceae2
AE		 2923 if (remote_efs) {
2924 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2925 efs.stype != L2CAP_SERV_NOTRAFIC &&
2926 efs.stype != chan->local_stype) {
2927
2928 result = L2CAP_CONF_UNACCEPT;
2929
2930 if (chan->num_conf_req >= 1)
2931 return -ECONNREFUSED;
2932
2933 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2934 sizeof(efs),
42dceae2 2935 (unsigned long) &efs);
0e8b207e 2936 } else {
3e6b3b95 2937 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2938 result = L2CAP_CONF_PENDING;
2939 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2940 }
2941 }
2942
f2fcfcd6
GP		 2943 switch (rfc.mode) {
2944 case L2CAP_MODE_BASIC:
47d1ec61 2945 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2946 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2947 break;
2948
2949 case L2CAP_MODE_ERTM:
6327eb98
AE		 2950 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2951 chan->remote_tx_win = rfc.txwin_size;
2952 else
2953 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2954
2c03a7a4 2955 chan->remote_max_tx = rfc.max_transmit;
1c762159 2956
c8f79162
AE		 2957 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2958 chan->conn->mtu -
2959 L2CAP_EXT_HDR_SIZE -
2960 L2CAP_SDULEN_SIZE -
2961 L2CAP_FCS_SIZE);
2962 rfc.max_pdu_size = cpu_to_le16(size);
2963 chan->remote_mps = size;
f2fcfcd6 2964
10467e9e 2965 rfc.retrans_timeout =
4fd21a88 2966 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
10467e9e 2967 rfc.monitor_timeout =
4fd21a88 2968 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2969
c1360a1c 2970 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2971
2972 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2973 sizeof(rfc), (unsigned long) &rfc);
2974
42dceae2
AE		 2975 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2976 chan->remote_id = efs.id;
2977 chan->remote_stype = efs.stype;
2978 chan->remote_msdu = le16_to_cpu(efs.msdu);
2979 chan->remote_flush_to =
2980 le32_to_cpu(efs.flush_to);
2981 chan->remote_acc_lat =
2982 le32_to_cpu(efs.acc_lat);
2983 chan->remote_sdu_itime =
2984 le32_to_cpu(efs.sdu_itime);
2985 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2986 sizeof(efs), (unsigned long) &efs);
2987 }
f2fcfcd6
GP		 2988 break;
2989
2990 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2991 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2992 chan->conn->mtu -
2993 L2CAP_EXT_HDR_SIZE -
2994 L2CAP_SDULEN_SIZE -
2995 L2CAP_FCS_SIZE);
2996 rfc.max_pdu_size = cpu_to_le16(size);
2997 chan->remote_mps = size;
f2fcfcd6 2998
c1360a1c 2999 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 3000
3001 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3002 sizeof(rfc), (unsigned long) &rfc);
3003
f2fcfcd6
GP		 3004 break;
3005
3006 default:
5dee9e7c 3007 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 3008
6464f35f 3009 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 3010 rfc.mode = chan->mode;
f2fcfcd6 3011 }
6464f35f 3012
f2fcfcd6 3013 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 3014 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 3015 }
fe4128e0 3016 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 3017 rsp->result = cpu_to_le16(result);
3018 rsp->flags = cpu_to_le16(0x0000);
3019
3020 return ptr - data;
1da177e4
LT		 3021}
3022
b4450035 3023static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 3024{
f2fcfcd6
GP		 3025 struct l2cap_conf_req *req = data;
3026 void *ptr = req->data;
3027 int type, olen;
3028 unsigned long val;
36e999a8 3029 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 3030 struct l2cap_conf_efs efs;
f2fcfcd6 3031
fe4128e0 3032 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 3033
3034 while (len >= L2CAP_CONF_OPT_SIZE) {
3035 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3036
3037 switch (type) {
3038 case L2CAP_CONF_MTU:
3039 if (val < L2CAP_DEFAULT_MIN_MTU) {
3040 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 3041 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 3042 } else
0c1bc5c6
GP		 3043 chan->imtu = val;
3044 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 3045 break;
3046
3047 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 3048 chan->flush_to = val;
f2fcfcd6 3049 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 3050 2, chan->flush_to);
f2fcfcd6
GP		 3051 break;
3052
3053 case L2CAP_CONF_RFC:
3054 if (olen == sizeof(rfc))
3055 memcpy(&rfc, (void *)val, olen);
3056
c1360a1c 3057 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 3058 rfc.mode != chan->mode)
f2fcfcd6
GP		 3059 return -ECONNREFUSED;
3060
47d1ec61 3061 chan->fcs = 0;
f2fcfcd6
GP		 3062
3063 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3064 sizeof(rfc), (unsigned long) &rfc);
3065 break;
6327eb98
AE		 3066
3067 case L2CAP_CONF_EWS:
3068 chan->tx_win = min_t(u16, val,
3069 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 3070 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
3071 chan->tx_win);
6327eb98 3072 break;
66af7aaf
AE		 3073
3074 case L2CAP_CONF_EFS:
3075 if (olen == sizeof(efs))
3076 memcpy(&efs, (void *)val, olen);
3077
3078 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3079 efs.stype != L2CAP_SERV_NOTRAFIC &&
3080 efs.stype != chan->local_stype)
3081 return -ECONNREFUSED;
3082
3083 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3084 sizeof(efs), (unsigned long) &efs);
3085 break;
f2fcfcd6
GP		 3086 }
3087 }
3088
0c1bc5c6 3089 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 3090 return -ECONNREFUSED;
3091
0c1bc5c6 3092 chan->mode = rfc.mode;
6c2ea7a8 3093
0e8b207e 3094 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 3095 switch (rfc.mode) {
3096 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3097 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3098 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3099 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 3100
3101 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3102 chan->local_msdu = le16_to_cpu(efs.msdu);
3103 chan->local_sdu_itime =
3104 le32_to_cpu(efs.sdu_itime);
3105 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3106 chan->local_flush_to =
3107 le32_to_cpu(efs.flush_to);
3108 }
f2fcfcd6 3109 break;
66af7aaf 3110
f2fcfcd6 3111 case L2CAP_MODE_STREAMING:
47d1ec61 3112 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 3113 }
3114 }
3115
fe4128e0 3116 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 3117 req->flags = cpu_to_le16(0x0000);
3118
3119 return ptr - data;
3120}
3121
fe4128e0 3122static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 3123{
3124 struct l2cap_conf_rsp *rsp = data;
3125 void *ptr = rsp->data;
1da177e4 3126
fe4128e0 3127 BT_DBG("chan %p", chan);
1da177e4 3128
fe4128e0 3129 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 3130 rsp->result = cpu_to_le16(result);
aca3192c 3131 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 3132
3133 return ptr - data;
3134}
3135
8c1d787b 3136void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 3137{
3138 struct l2cap_conn_rsp rsp;
8c1d787b 3139 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 3140 u8 buf[128];
3141
fe4128e0
GP		 3142 rsp.scid = cpu_to_le16(chan->dcid);
3143 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 3144 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
3145 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3146 l2cap_send_cmd(conn, chan->ident,
3147 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3148
c1360a1c 3149 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 3150 return;
3151
710f9b0a
GP		 3152 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3153 l2cap_build_conf_req(chan, buf), buf);
3154 chan->num_conf_req++;
3155}
3156
47d1ec61 3157static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 3158{
7b1c0049
GP		 3159 int type, olen;
3160 unsigned long val;
3161 struct l2cap_conf_rfc rfc;
3162
47d1ec61 3163 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 3164
0c1bc5c6 3165 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 3166 return;
3167
3168 while (len >= L2CAP_CONF_OPT_SIZE) {
3169 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3170
3171 switch (type) {
3172 case L2CAP_CONF_RFC:
3173 if (olen == sizeof(rfc))
3174 memcpy(&rfc, (void *)val, olen);
3175 goto done;
3176 }
3177 }
3178
36e999a8
MM		 3179 /* Use sane default values in case a misbehaving remote device
3180 * did not send an RFC option.
3181 */
3182 rfc.mode = chan->mode;
3183 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3184 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3185 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
3186
3187 BT_ERR("Expected RFC option was not found, using defaults");
3188
7b1c0049
GP		 3189done:
3190 switch (rfc.mode) {
3191 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3192 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3193 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3194 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3195 break;
3196 case L2CAP_MODE_STREAMING:
47d1ec61 3197 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3198 }
3199}
3200
4e8402a3
MH		 3201static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3202{
e2fd318e 3203 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 3204
e2fd318e 3205 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 3206 return 0;
3207
3208 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3209 cmd->ident == conn->info_ident) {
17cd3f37 3210 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 3211
3212 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3213 conn->info_ident = 0;
984947dc 3214
4e8402a3
MH		 3215 l2cap_conn_start(conn);
3216 }
3217
3218 return 0;
3219}
3220
1da177e4
LT		 3221static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3222{
1da177e4
LT		 3223 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3224 struct l2cap_conn_rsp rsp;
23691d75 3225 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 3226 struct sock *parent, *sk = NULL;
e7c29cb1 3227 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3228
3229 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 3230 __le16 psm = req->psm;
1da177e4 3231
097db76c 3232 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
1da177e4
LT		 3233
3234 /* Check if we have socket listening on psm */
c2287681 3235 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src, conn->dst);
23691d75 3236 if (!pchan) {
1da177e4
LT		 3237 result = L2CAP_CR_BAD_PSM;
3238 goto sendresp;
3239 }
3240
23691d75
GP		 3241 parent = pchan->sk;
3242
3df91ea2 3243 mutex_lock(&conn->chan_lock);
aa2ac881 3244 lock_sock(parent);
e0f0cb56 3245
e7c29cb1
MH		 3246 /* Check if the ACL is secure enough (if not SDP) */
3247 if (psm != cpu_to_le16(0x0001) &&
3248 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 3249 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 3250 result = L2CAP_CR_SEC_BLOCK;
3251 goto response;
3252 }
3253
1da177e4
LT		 3254 result = L2CAP_CR_NO_MEM;
3255
3256 /* Check for backlog size */
3257 if (sk_acceptq_is_full(parent)) {
8e87d142 3258 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 3259 goto response;
3260 }
3261
80808e43
GP		 3262 chan = pchan->ops->new_connection(pchan->data);
3263 if (!chan)
1da177e4
LT		 3264 goto response;
3265
80808e43
GP		 3266 sk = chan->sk;
3267
1da177e4 3268 /* Check if we already have channel with that dcid */
baa7e1fa 3269 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 3270 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 3271 chan->ops->close(chan->data);
1da177e4
LT		 3272 goto response;
3273 }
3274
3275 hci_conn_hold(conn->hcon);
3276
1da177e4
LT		 3277 bacpy(&bt_sk(sk)->src, conn->src);
3278 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 3279 chan->psm = psm;
3280 chan->dcid = scid;
1da177e4 3281
d1010240
GP		 3282 bt_accept_enqueue(parent, sk);
3283
6be36555 3284 __l2cap_chan_add(conn, chan);
48454079 3285
fe4128e0 3286 dcid = chan->scid;
1da177e4 3287
c9b66675 3288 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 3289
fc7f8a7e 3290 chan->ident = cmd->ident;
1da177e4 3291
984947dc 3292 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 3293 if (l2cap_chan_check_security(chan)) {
c5daa683 3294 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0e587be7 3295 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 3296 result = L2CAP_CR_PEND;
3297 status = L2CAP_CS_AUTHOR_PEND;
3298 parent->sk_data_ready(parent, 0);
3299 } else {
0e587be7 3300 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 3301 result = L2CAP_CR_SUCCESS;
3302 status = L2CAP_CS_NO_INFO;
3303 }
79d554a6 3304 } else {
0e587be7 3305 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3306 result = L2CAP_CR_PEND;
3307 status = L2CAP_CS_AUTHEN_PEND;
3308 }
3309 } else {
0e587be7 3310 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3311 result = L2CAP_CR_PEND;
3312 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3313 }
3314
1da177e4 3315response:
aa2ac881 3316 release_sock(parent);
3df91ea2 3317 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 3318
3319sendresp:
aca3192c
YH		 3320 rsp.scid = cpu_to_le16(scid);
3321 rsp.dcid = cpu_to_le16(dcid);
3322 rsp.result = cpu_to_le16(result);
3323 rsp.status = cpu_to_le16(status);
1da177e4 3324 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 3325
3326 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3327 struct l2cap_info_req info;
3328 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3329
3330 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3331 conn->info_ident = l2cap_get_ident(conn);
3332
ba13ccd9 3333 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 3334
3335 l2cap_send_cmd(conn, conn->info_ident,
3336 L2CAP_INFO_REQ, sizeof(info), &info);
3337 }
3338
c1360a1c 3339 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 3340 result == L2CAP_CR_SUCCESS) {
3341 u8 buf[128];
c1360a1c 3342 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 3343 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3344 l2cap_build_conf_req(chan, buf), buf);
3345 chan->num_conf_req++;
e9aeb2dd
GP		 3346 }
3347
1da177e4
LT		 3348 return 0;
3349}
3350
3351static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3352{
3353 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3354 u16 scid, dcid, result, status;
48454079 3355 struct l2cap_chan *chan;
1da177e4 3356 u8 req[128];
3df91ea2 3357 int err;
1da177e4
LT		 3358
3359 scid = __le16_to_cpu(rsp->scid);
3360 dcid = __le16_to_cpu(rsp->dcid);
3361 result = __le16_to_cpu(rsp->result);
3362 status = __le16_to_cpu(rsp->status);
3363
1b009c98
AE		 3364 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3365 dcid, scid, result, status);
1da177e4 3366
3df91ea2
AE		 3367 mutex_lock(&conn->chan_lock);
3368
1da177e4 3369 if (scid) {
3df91ea2
AE		 3370 chan = __l2cap_get_chan_by_scid(conn, scid);
3371 if (!chan) {
3372 err = -EFAULT;
3373 goto unlock;
3374 }
1da177e4 3375 } else {
3df91ea2
AE		 3376 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
3377 if (!chan) {
3378 err = -EFAULT;
3379 goto unlock;
3380 }
1da177e4
LT		 3381 }
3382
3df91ea2
AE		 3383 err = 0;
3384
6be36555 3385 l2cap_chan_lock(chan);
48454079 3386
1da177e4
LT		 3387 switch (result) {
3388 case L2CAP_CR_SUCCESS:
89bc500e 3389 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 3390 chan->ident = 0;
fe4128e0 3391 chan->dcid = dcid;
c1360a1c 3392 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 3393
c1360a1c 3394 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 3395 break;
3396
1da177e4 3397 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3398 l2cap_build_conf_req(chan, req), req);
3399 chan->num_conf_req++;
1da177e4
LT		 3400 break;
3401
3402 case L2CAP_CR_PEND:
c1360a1c 3403 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 3404 break;
3405
3406 default:
48454079 3407 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 3408 break;
3409 }
3410
6be36555 3411 l2cap_chan_unlock(chan);
3df91ea2
AE		 3412
3413unlock:
3414 mutex_unlock(&conn->chan_lock);
3415
3416 return err;
1da177e4
LT		 3417}
3418
47d1ec61 3419static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 3420{
3421 /* FCS is enabled only in ERTM or streaming mode, if one or both
3422 * sides request it.
3423 */
0c1bc5c6 3424 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 3425 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 3426 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 3427 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 3428}
3429
88219a0f 3430static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 3431{
3432 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3433 u16 dcid, flags;
3434 u8 rsp[64];
48454079 3435 struct l2cap_chan *chan;
3c588192 3436 int len, err = 0;
1da177e4
LT		 3437
3438 dcid = __le16_to_cpu(req->dcid);
3439 flags = __le16_to_cpu(req->flags);
3440
3441 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3442
baa7e1fa 3443 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 3444 if (!chan)
1da177e4
LT		 3445 return -ENOENT;
3446
033b1142 3447 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 3448 struct l2cap_cmd_rej_cid rej;
3449
3450 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
3451 rej.scid = cpu_to_le16(chan->scid);
3452 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 3453
df6bd743
GP		 3454 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3455 sizeof(rej), &rej);
354f60a9 3456 goto unlock;
df6bd743 3457 }
354f60a9 3458
5dee9e7c 3459 /* Reject if config buffer is too small. */
88219a0f 3460 len = cmd_len - sizeof(*req);
7ac28817 3461 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 3462 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3463 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 3464 L2CAP_CONF_REJECT, flags), rsp);
3465 goto unlock;
3466 }
3467
3468 /* Store config. */
73ffa904
GP		 3469 memcpy(chan->conf_req + chan->conf_len, req->data, len);
3470 chan->conf_len += len;
1da177e4
LT		 3471
3472 if (flags & 0x0001) {
3473 /* Incomplete config. Send empty response. */
3474 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3475 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 3476 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 3477 goto unlock;
3478 }
3479
3480 /* Complete config. */
73ffa904 3481 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 3482 if (len < 0) {
e92c8e70 3483 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 3484 goto unlock;
f2fcfcd6 3485 }
1da177e4 3486
5dee9e7c 3487 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 3488 chan->num_conf_rsp++;
5dee9e7c 3489
5dee9e7c 3490 /* Reset config buffer. */
73ffa904 3491 chan->conf_len = 0;
5dee9e7c 3492
c1360a1c 3493 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 3494 goto unlock;
3495
c1360a1c 3496 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 3497 set_default_fcs(chan);
fcc203c3 3498
89bc500e 3499 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 3500
105bdf9e
MM		 3501 if (chan->mode == L2CAP_MODE_ERTM ||
3502 chan->mode == L2CAP_MODE_STREAMING)
3c588192
MM		 3503 err = l2cap_ertm_init(chan);
3504
3505 if (err < 0)
3506 l2cap_send_disconn_req(chan->conn, chan, -err);
3507 else
3508 l2cap_chan_ready(chan);
0565c1c2 3509
876d9484
MH		 3510 goto unlock;
3511 }
3512
c1360a1c 3513 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 3514 u8 buf[64];
1da177e4 3515 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3516 l2cap_build_conf_req(chan, buf), buf);
3517 chan->num_conf_req++;
1da177e4
LT		 3518 }
3519
0e8b207e
AE		 3520 /* Got Conf Rsp PENDING from remote side and asume we sent
3521 Conf Rsp PENDING in the code above */
3522 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3523 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3524
3525 /* check compatibility */
3526
3527 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3528 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3529
3530 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3531 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 3532 L2CAP_CONF_SUCCESS, 0x0000), rsp);
3533 }
3534
1da177e4 3535unlock:
6be36555 3536 l2cap_chan_unlock(chan);
3c588192 3537 return err;
1da177e4
LT		 3538}
3539
3540static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3541{
3542 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3543 u16 scid, flags, result;
48454079 3544 struct l2cap_chan *chan;
61386cba 3545 int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
3c588192 3546 int err = 0;
1da177e4
LT		 3547
3548 scid = __le16_to_cpu(rsp->scid);
3549 flags = __le16_to_cpu(rsp->flags);
3550 result = __le16_to_cpu(rsp->result);
3551
61386cba
AE		 3552 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
3553 result, len);
1da177e4 3554
baa7e1fa 3555 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 3556 if (!chan)
1da177e4
LT		 3557 return 0;
3558
3559 switch (result) {
3560 case L2CAP_CONF_SUCCESS:
47d1ec61 3561 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 3562 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 3563 break;
3564
0e8b207e
AE		 3565 case L2CAP_CONF_PENDING:
3566 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
3567
3568 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3569 char buf[64];
3570
3571 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3572 buf, &result);
3573 if (len < 0) {
3574 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3575 goto done;
3576 }
3577
3578 /* check compatibility */
3579
3580 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3581 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3582
3583 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3584 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3585 L2CAP_CONF_SUCCESS, 0x0000), buf);
3586 }
3587 goto done;
3588
1da177e4 3589 case L2CAP_CONF_UNACCEPT:
73ffa904 3590 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3591 char req[64];
3592
c2c77ec8 3593 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3594 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3595 goto done;
3596 }
3597
f2fcfcd6
GP		 3598 /* throw out any old stored conf requests */
3599 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3600 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3601 req, &result);
f2fcfcd6 3602 if (len < 0) {
e92c8e70 3603 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3604 goto done;
3605 }
3606
3607 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3608 L2CAP_CONF_REQ, len, req);
73ffa904 3609 chan->num_conf_req++;
f2fcfcd6
GP		 3610 if (result != L2CAP_CONF_SUCCESS)
3611 goto done;
3612 break;
1da177e4
LT		 3613 }
3614
8e87d142 3615 default:
6be36555 3616 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3617
ba13ccd9 3618 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3619 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3620 goto done;
3621 }
3622
3623 if (flags & 0x01)
3624 goto done;
3625
c1360a1c 3626 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3627
c1360a1c 3628 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3629 set_default_fcs(chan);
fcc203c3 3630
89bc500e 3631 l2cap_state_change(chan, BT_CONNECTED);
105bdf9e
MM		 3632 if (chan->mode == L2CAP_MODE_ERTM ||
3633 chan->mode == L2CAP_MODE_STREAMING)
3c588192 3634 err = l2cap_ertm_init(chan);
0565c1c2 3635
3c588192
MM		 3636 if (err < 0)
3637 l2cap_send_disconn_req(chan->conn, chan, -err);
3638 else
3639 l2cap_chan_ready(chan);
1da177e4
LT		 3640 }
3641
3642done:
6be36555 3643 l2cap_chan_unlock(chan);
3c588192 3644 return err;
1da177e4
LT		 3645}
3646
3647static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3648{
3649 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3650 struct l2cap_disconn_rsp rsp;
3651 u16 dcid, scid;
48454079 3652 struct l2cap_chan *chan;
1da177e4
LT		 3653 struct sock *sk;
3654
3655 scid = __le16_to_cpu(req->scid);
3656 dcid = __le16_to_cpu(req->dcid);
3657
3658 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3659
3df91ea2
AE		 3660 mutex_lock(&conn->chan_lock);
3661
3662 chan = __l2cap_get_chan_by_scid(conn, dcid);
3663 if (!chan) {
3664 mutex_unlock(&conn->chan_lock);
1da177e4 3665 return 0;
3df91ea2 3666 }
1da177e4 3667
6be36555
AE		 3668 l2cap_chan_lock(chan);
3669
48454079
GP		 3670 sk = chan->sk;
3671
fe4128e0
GP		 3672 rsp.dcid = cpu_to_le16(chan->scid);
3673 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3674 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3675
6be36555 3676 lock_sock(sk);
1da177e4 3677 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3678 release_sock(sk);
1da177e4 3679
61d6ef3e 3680 l2cap_chan_hold(chan);
48454079 3681 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3682
3683 l2cap_chan_unlock(chan);
1da177e4 3684
ba3bd0ee 3685 chan->ops->close(chan->data);
61d6ef3e 3686 l2cap_chan_put(chan);
3df91ea2
AE		 3687
3688 mutex_unlock(&conn->chan_lock);
3689
1da177e4
LT		 3690 return 0;
3691}
3692
3693static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3694{
3695 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3696 u16 dcid, scid;
48454079 3697 struct l2cap_chan *chan;
1da177e4
LT		 3698
3699 scid = __le16_to_cpu(rsp->scid);
3700 dcid = __le16_to_cpu(rsp->dcid);
3701
3702 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3703
3df91ea2
AE		 3704 mutex_lock(&conn->chan_lock);
3705
3706 chan = __l2cap_get_chan_by_scid(conn, scid);
3707 if (!chan) {
3708 mutex_unlock(&conn->chan_lock);
1da177e4 3709 return 0;
3df91ea2 3710 }
1da177e4 3711
6be36555 3712 l2cap_chan_lock(chan);
48454079 3713
61d6ef3e 3714 l2cap_chan_hold(chan);
48454079 3715 l2cap_chan_del(chan, 0);
6be36555
AE		 3716
3717 l2cap_chan_unlock(chan);
1da177e4 3718
ba3bd0ee 3719 chan->ops->close(chan->data);
61d6ef3e 3720 l2cap_chan_put(chan);
3df91ea2
AE		 3721
3722 mutex_unlock(&conn->chan_lock);
3723
1da177e4
LT		 3724 return 0;
3725}
3726
3727static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3728{
3729 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3730 u16 type;
3731
3732 type = __le16_to_cpu(req->type);
3733
3734 BT_DBG("type 0x%4.4x", type);
3735
f0709e03
MH		 3736 if (type == L2CAP_IT_FEAT_MASK) {
3737 u8 buf[8];
44dd46de 3738 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3739 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3740 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3741 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3742 if (!disable_ertm)
fcc203c3
GP		 3743 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3744 | L2CAP_FEAT_FCS;
a5fd6f30 3745 if (enable_hs)
6327eb98
AE		 3746 feat_mask |= L2CAP_FEAT_EXT_FLOW
3747 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3748
1b7bf4ed 3749 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3750 l2cap_send_cmd(conn, cmd->ident,
3751 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3752 } else if (type == L2CAP_IT_FIXED_CHAN) {
3753 u8 buf[12];
3754 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3755
3756 if (enable_hs)
3757 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3758 else
3759 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3760
e1027a7c
MH		 3761 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3762 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3763 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3764 l2cap_send_cmd(conn, cmd->ident,
3765 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3766 } else {
3767 struct l2cap_info_rsp rsp;
3768 rsp.type = cpu_to_le16(type);
3769 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3770 l2cap_send_cmd(conn, cmd->ident,
3771 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3772 }
1da177e4
LT		 3773
3774 return 0;
3775}
3776
3777static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3778{
3779 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3780 u16 type, result;
3781
3782 type = __le16_to_cpu(rsp->type);
3783 result = __le16_to_cpu(rsp->result);
3784
3785 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3786
e90165be
AE		 3787 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3788 if (cmd->ident != conn->info_ident ||
3789 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3790 return 0;
3791
17cd3f37 3792 cancel_delayed_work(&conn->info_timer);
4e8402a3 3793
adb08ede
VT		 3794 if (result != L2CAP_IR_SUCCESS) {
3795 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3796 conn->info_ident = 0;
3797
3798 l2cap_conn_start(conn);
3799
3800 return 0;
3801 }
3802
978c93b9
AE		 3803 switch (type) {
3804 case L2CAP_IT_FEAT_MASK:
83985319 3805 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3806
47ec1dcd 3807 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3808 struct l2cap_info_req req;
3809 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3810
3811 conn->info_ident = l2cap_get_ident(conn);
3812
3813 l2cap_send_cmd(conn, conn->info_ident,
3814 L2CAP_INFO_REQ, sizeof(req), &req);
3815 } else {
3816 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3817 conn->info_ident = 0;
3818
3819 l2cap_conn_start(conn);
3820 }
978c93b9
AE		 3821 break;
3822
3823 case L2CAP_IT_FIXED_CHAN:
3824 conn->fixed_chan_mask = rsp->data[0];
984947dc 3825 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3826 conn->info_ident = 0;
984947dc
MH		 3827
3828 l2cap_conn_start(conn);
978c93b9 3829 break;
984947dc 3830 }
4e8402a3 3831
1da177e4
LT		 3832 return 0;
3833}
3834
f94ff6ff
MM		 3835static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3836 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3837 void *data)
3838{
3839 struct l2cap_create_chan_req *req = data;
3840 struct l2cap_create_chan_rsp rsp;
3841 u16 psm, scid;
3842
3843 if (cmd_len != sizeof(*req))
3844 return -EPROTO;
3845
3846 if (!enable_hs)
3847 return -EINVAL;
3848
3849 psm = le16_to_cpu(req->psm);
3850 scid = le16_to_cpu(req->scid);
3851
3852 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3853
3854 /* Placeholder: Always reject */
3855 rsp.dcid = 0;
3856 rsp.scid = cpu_to_le16(scid);
8ce0c498
AE		 3857 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
3858 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
f94ff6ff
MM		 3859
3860 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3861 sizeof(rsp), &rsp);
3862
3863 return 0;
3864}
3865
3866static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3867 struct l2cap_cmd_hdr *cmd, void *data)
3868{
3869 BT_DBG("conn %p", conn);
3870
3871 return l2cap_connect_rsp(conn, cmd, data);
3872}
3873
8d5a04a1
MM		 3874static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3875 u16 icid, u16 result)
3876{
3877 struct l2cap_move_chan_rsp rsp;
3878
3879 BT_DBG("icid %d, result %d", icid, result);
3880
3881 rsp.icid = cpu_to_le16(icid);
3882 rsp.result = cpu_to_le16(result);
3883
3884 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3885}
3886
3887static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3888 struct l2cap_chan *chan, u16 icid, u16 result)
3889{
3890 struct l2cap_move_chan_cfm cfm;
3891 u8 ident;
3892
3893 BT_DBG("icid %d, result %d", icid, result);
3894
3895 ident = l2cap_get_ident(conn);
3896 if (chan)
3897 chan->ident = ident;
3898
3899 cfm.icid = cpu_to_le16(icid);
3900 cfm.result = cpu_to_le16(result);
3901
3902 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3903}
3904
3905static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3906 u16 icid)
3907{
3908 struct l2cap_move_chan_cfm_rsp rsp;
3909
3910 BT_DBG("icid %d", icid);
3911
3912 rsp.icid = cpu_to_le16(icid);
3913 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3914}
3915
3916static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3917 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3918{
3919 struct l2cap_move_chan_req *req = data;
3920 u16 icid = 0;
3921 u16 result = L2CAP_MR_NOT_ALLOWED;
3922
3923 if (cmd_len != sizeof(*req))
3924 return -EPROTO;
3925
3926 icid = le16_to_cpu(req->icid);
3927
3928 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3929
3930 if (!enable_hs)
3931 return -EINVAL;
3932
3933 /* Placeholder: Always refuse */
3934 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3935
3936 return 0;
3937}
3938
3939static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3940 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3941{
3942 struct l2cap_move_chan_rsp *rsp = data;
3943 u16 icid, result;
3944
3945 if (cmd_len != sizeof(*rsp))
3946 return -EPROTO;
3947
3948 icid = le16_to_cpu(rsp->icid);
3949 result = le16_to_cpu(rsp->result);
3950
3951 BT_DBG("icid %d, result %d", icid, result);
3952
3953 /* Placeholder: Always unconfirmed */
3954 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3955
3956 return 0;
3957}
3958
3959static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3960 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3961{
3962 struct l2cap_move_chan_cfm *cfm = data;
3963 u16 icid, result;
3964
3965 if (cmd_len != sizeof(*cfm))
3966 return -EPROTO;
3967
3968 icid = le16_to_cpu(cfm->icid);
3969 result = le16_to_cpu(cfm->result);
3970
3971 BT_DBG("icid %d, result %d", icid, result);
3972
3973 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3974
3975 return 0;
3976}
3977
3978static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3979 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3980{
3981 struct l2cap_move_chan_cfm_rsp *rsp = data;
3982 u16 icid;
3983
3984 if (cmd_len != sizeof(*rsp))
3985 return -EPROTO;
3986
3987 icid = le16_to_cpu(rsp->icid);
3988
3989 BT_DBG("icid %d", icid);
3990
3991 return 0;
3992}
3993
e2174ca4 3994static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3995 u16 to_multiplier)
3996{
3997 u16 max_latency;
3998
3999 if (min > max || min < 6 || max > 3200)
4000 return -EINVAL;
4001
4002 if (to_multiplier < 10 || to_multiplier > 3200)
4003 return -EINVAL;
4004
4005 if (max >= to_multiplier * 8)
4006 return -EINVAL;
4007
4008 max_latency = (to_multiplier * 8 / max) - 1;
4009 if (latency > 499 || latency > max_latency)
4010 return -EINVAL;
4011
4012 return 0;
4013}
4014
4015static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4016 struct l2cap_cmd_hdr *cmd, u8 *data)
4017{
4018 struct hci_conn *hcon = conn->hcon;
4019 struct l2cap_conn_param_update_req *req;
4020 struct l2cap_conn_param_update_rsp rsp;
4021 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 4022 int err;
de73115a
CT		 4023
4024 if (!(hcon->link_mode & HCI_LM_MASTER))
4025 return -EINVAL;
4026
4027 cmd_len = __le16_to_cpu(cmd->len);
4028 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
4029 return -EPROTO;
4030
4031 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 4032 min = __le16_to_cpu(req->min);
4033 max = __le16_to_cpu(req->max);
de73115a
CT		 4034 latency = __le16_to_cpu(req->latency);
4035 to_multiplier = __le16_to_cpu(req->to_multiplier);
4036
4037 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4038 min, max, latency, to_multiplier);
4039
4040 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 4041
4042 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
4043 if (err)
de73115a
CT		 4044 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
4045 else
4046 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4047
4048 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4049 sizeof(rsp), &rsp);
4050
2ce603eb
CT		 4051 if (!err)
4052 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
4053
de73115a
CT		 4054 return 0;
4055}
4056
3300d9a9
CT		 4057static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4058 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
4059{
4060 int err = 0;
4061
4062 switch (cmd->code) {
4063 case L2CAP_COMMAND_REJ:
4064 l2cap_command_rej(conn, cmd, data);
4065 break;
4066
4067 case L2CAP_CONN_REQ:
4068 err = l2cap_connect_req(conn, cmd, data);
4069 break;
4070
4071 case L2CAP_CONN_RSP:
4072 err = l2cap_connect_rsp(conn, cmd, data);
4073 break;
4074
4075 case L2CAP_CONF_REQ:
4076 err = l2cap_config_req(conn, cmd, cmd_len, data);
4077 break;
4078
4079 case L2CAP_CONF_RSP:
4080 err = l2cap_config_rsp(conn, cmd, data);
4081 break;
4082
4083 case L2CAP_DISCONN_REQ:
4084 err = l2cap_disconnect_req(conn, cmd, data);
4085 break;
4086
4087 case L2CAP_DISCONN_RSP:
4088 err = l2cap_disconnect_rsp(conn, cmd, data);
4089 break;
4090
4091 case L2CAP_ECHO_REQ:
4092 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
4093 break;
4094
4095 case L2CAP_ECHO_RSP:
4096 break;
4097
4098 case L2CAP_INFO_REQ:
4099 err = l2cap_information_req(conn, cmd, data);
4100 break;
4101
4102 case L2CAP_INFO_RSP:
4103 err = l2cap_information_rsp(conn, cmd, data);
4104 break;
4105
f94ff6ff
MM		 4106 case L2CAP_CREATE_CHAN_REQ:
4107 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4108 break;
4109
4110 case L2CAP_CREATE_CHAN_RSP:
4111 err = l2cap_create_channel_rsp(conn, cmd, data);
4112 break;
4113
8d5a04a1
MM		 4114 case L2CAP_MOVE_CHAN_REQ:
4115 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4116 break;
4117
4118 case L2CAP_MOVE_CHAN_RSP:
4119 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
4120 break;
4121
4122 case L2CAP_MOVE_CHAN_CFM:
4123 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
4124 break;
4125
4126 case L2CAP_MOVE_CHAN_CFM_RSP:
4127 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
4128 break;
4129
3300d9a9
CT		 4130 default:
4131 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
4132 err = -EINVAL;
4133 break;
4134 }
4135
4136 return err;
4137}
4138
4139static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4140 struct l2cap_cmd_hdr *cmd, u8 *data)
4141{
4142 switch (cmd->code) {
4143 case L2CAP_COMMAND_REJ:
4144 return 0;
4145
4146 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 4147 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 4148
4149 case L2CAP_CONN_PARAM_UPDATE_RSP:
4150 return 0;
4151
4152 default:
4153 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
4154 return -EINVAL;
4155 }
4156}
4157
4158static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4159 struct sk_buff *skb)
1da177e4
LT		 4160{
4161 u8 *data = skb->data;
4162 int len = skb->len;
4163 struct l2cap_cmd_hdr cmd;
3300d9a9 4164 int err;
1da177e4
LT		 4165
4166 l2cap_raw_recv(conn, skb);
4167
4168 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 4169 u16 cmd_len;
1da177e4
LT		 4170 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
4171 data += L2CAP_CMD_HDR_SIZE;
4172 len -= L2CAP_CMD_HDR_SIZE;
4173
88219a0f 4174 cmd_len = le16_to_cpu(cmd.len);
1da177e4 4175
88219a0f 4176 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 4177
88219a0f 4178 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 4179 BT_DBG("corrupted command");
4180 break;
4181 }
4182
3300d9a9
CT		 4183 if (conn->hcon->type == LE_LINK)
4184 err = l2cap_le_sig_cmd(conn, &cmd, data);
4185 else
4186 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 4187
4188 if (err) {
e2fd318e 4189 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 4190
4191 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 4192
4193 /* FIXME: Map err to a valid reason */
e2fd318e 4194 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 4195 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
4196 }
4197
88219a0f
AV		 4198 data += cmd_len;
4199 len -= cmd_len;
1da177e4
LT		 4200 }
4201
4202 kfree_skb(skb);
4203}
4204
47d1ec61 4205static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 4206{
4207 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 4208 int hdr_size;
4209
4210 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
4211 hdr_size = L2CAP_EXT_HDR_SIZE;
4212 else
4213 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 4214
47d1ec61 4215 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 4216 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 4217 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
4218 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
4219
4220 if (our_fcs != rcv_fcs)
7a560e5c 4221 return -EBADMSG;
fcc203c3
GP		 4222 }
4223 return 0;
4224}
4225
525cd185 4226static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 4227{
88843ab0 4228 u32 control = 0;
d5392c8f 4229
6a026610 4230 chan->frames_sent = 0;
d5392c8f 4231
0b209fae 4232 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 4233
e2ab4353 4234 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 4235 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 4236 l2cap_send_sframe(chan, control);
e2ab4353 4237 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 4238 }
4239
e2ab4353 4240 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 4241 l2cap_retransmit_frames(chan);
d5392c8f 4242
525cd185 4243 l2cap_ertm_send(chan);
d5392c8f 4244
e2ab4353 4245 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 4246 chan->frames_sent == 0) {
ab784b73 4247 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 4248 l2cap_send_sframe(chan, control);
d5392c8f
GP		 4249 }
4250}
4251
fb45de7d 4252static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 4253{
4254 struct sk_buff *next_skb;
bfbacc11 4255 int tx_seq_offset, next_tx_seq_offset;
8f17154f 4256
3ce3514f
MM		 4257 bt_cb(skb)->control.txseq = tx_seq;
4258 bt_cb(skb)->control.sar = sar;
8f17154f 4259
f1c6775b 4260 next_skb = skb_peek(&chan->srej_q);
8f17154f 4261
836be934 4262 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 4263
039d9572 4264 while (next_skb) {
3ce3514f 4265 if (bt_cb(next_skb)->control.txseq == tx_seq)
9b53350d
JPRV		 4266 return -EINVAL;
4267
836be934 4268 next_tx_seq_offset = __seq_offset(chan,
3ce3514f 4269 bt_cb(next_skb)->control.txseq, chan->buffer_seq);
bfbacc11
JPRV		 4270
4271 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 4272 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 4273 return 0;
8f17154f
GP		 4274 }
4275
f1c6775b 4276 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 4277 next_skb = NULL;
4278 else
4279 next_skb = skb_queue_next(&chan->srej_q, next_skb);
4280 }
8f17154f 4281
f1c6775b 4282 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 4283
4284 return 0;
8f17154f
GP		 4285}
4286
84084a31
MM		 4287static void append_skb_frag(struct sk_buff *skb,
4288 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 4289{
84084a31
MM		 4290 /* skb->len reflects data in skb as well as all fragments
4291 * skb->data_len reflects only data in fragments
4292 */
4293 if (!skb_has_frag_list(skb))
4294 skb_shinfo(skb)->frag_list = new_frag;
4295
4296 new_frag->next = NULL;
4297
4298 (*last_frag)->next = new_frag;
4299 *last_frag = new_frag;
4300
4301 skb->len += new_frag->len;
4302 skb->data_len += new_frag->len;
4303 skb->truesize += new_frag->truesize;
4304}
4305
88843ab0 4306static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 4307{
4308 int err = -EINVAL;
18778a63 4309
7e0ef6ee
AE		 4310 switch (__get_ctrl_sar(chan, control)) {
4311 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 4312 if (chan->sdu)
4313 break;
18778a63 4314
84084a31
MM		 4315 err = chan->ops->recv(chan->data, skb);
4316 break;
18778a63 4317
7e0ef6ee 4318 case L2CAP_SAR_START:
84084a31
MM		 4319 if (chan->sdu)
4320 break;
18778a63 4321
6f61fd47 4322 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 4323 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 4324
84084a31
MM		 4325 if (chan->sdu_len > chan->imtu) {
4326 err = -EMSGSIZE;
4327 break;
4328 }
1890d36b 4329
84084a31
MM		 4330 if (skb->len >= chan->sdu_len)
4331 break;
18778a63 4332
84084a31
MM		 4333 chan->sdu = skb;
4334 chan->sdu_last_frag = skb;
18778a63 4335
84084a31
MM		 4336 skb = NULL;
4337 err = 0;
18778a63
GP		 4338 break;
4339
7e0ef6ee 4340 case L2CAP_SAR_CONTINUE:
6f61fd47 4341 if (!chan->sdu)
84084a31 4342 break;
18778a63 4343
84084a31
MM		 4344 append_skb_frag(chan->sdu, skb,
4345 &chan->sdu_last_frag);
4346 skb = NULL;
18778a63 4347
84084a31
MM		 4348 if (chan->sdu->len >= chan->sdu_len)
4349 break;
4178ba46 4350
84084a31 4351 err = 0;
18778a63
GP		 4352 break;
4353
7e0ef6ee 4354 case L2CAP_SAR_END:
6f61fd47 4355 if (!chan->sdu)
84084a31 4356 break;
18778a63 4357
84084a31
MM		 4358 append_skb_frag(chan->sdu, skb,
4359 &chan->sdu_last_frag);
4360 skb = NULL;
4178ba46 4361
84084a31
MM		 4362 if (chan->sdu->len != chan->sdu_len)
4363 break;
18778a63 4364
84084a31 4365 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 4366
84084a31
MM		 4367 if (!err) {
4368 /* Reassembly complete */
4369 chan->sdu = NULL;
4370 chan->sdu_last_frag = NULL;
4371 chan->sdu_len = 0;
1890d36b 4372 }
18778a63
GP		 4373 break;
4374 }
4375
84084a31
MM		 4376 if (err) {
4377 kfree_skb(skb);
4378 kfree_skb(chan->sdu);
4379 chan->sdu = NULL;
4380 chan->sdu_last_frag = NULL;
4381 chan->sdu_len = 0;
4382 }
18778a63 4383
84084a31 4384 return err;
18778a63
GP		 4385}
4386
26f880d2 4387static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 4388{
26f880d2 4389 BT_DBG("chan %p, Enter local busy", chan);
712132eb 4390
26f880d2 4391 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3c588192 4392 l2cap_seq_list_clear(&chan->srej_list);
26f880d2 4393
77f918bc 4394 __set_ack_timer(chan);
26f880d2
MM		 4395}
4396
4397static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
4398{
88843ab0 4399 u32 control;
712132eb 4400
e2ab4353 4401 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 4402 goto done;
4403
0b209fae 4404 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 4405 control |= __set_ctrl_poll(chan);
ab784b73 4406 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 4407 l2cap_send_sframe(chan, control);
6a026610 4408 chan->retry_count = 1;
712132eb 4409
1a09bcb9
GP		 4410 __clear_retrans_timer(chan);
4411 __set_monitor_timer(chan);
712132eb 4412
e2ab4353 4413 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 4414
4415done:
e2ab4353
GP		 4416 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
4417 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 4418
49208c9c 4419 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 4420}
4421
e328140f 4422void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 4423{
e328140f
MM		 4424 if (chan->mode == L2CAP_MODE_ERTM) {
4425 if (busy)
4426 l2cap_ertm_enter_local_busy(chan);
4427 else
4428 l2cap_ertm_exit_local_busy(chan);
1890d36b 4429 }
1890d36b
GP		 4430}
4431
fb45de7d 4432static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 4433{
4434 struct sk_buff *skb;
88843ab0 4435 u32 control;
8f17154f 4436
e328140f
MM		 4437 while ((skb = skb_peek(&chan->srej_q)) &&
4438 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4439 int err;
4440
3ce3514f 4441 if (bt_cb(skb)->control.txseq != tx_seq)
8f17154f
GP		 4442 break;
4443
f1c6775b 4444 skb = skb_dequeue(&chan->srej_q);
3ce3514f 4445 control = __set_ctrl_sar(chan, bt_cb(skb)->control.sar);
84084a31 4446 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 4447
4448 if (err < 0) {
4449 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4450 break;
4451 }
4452
836be934
AE		 4453 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
4454 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 4455 }
4456}
4457
fb45de7d 4458static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 4459{
8f17154f 4460 struct srej_list *l, *tmp;
88843ab0 4461 u32 control;
8f17154f 4462
39d5a3ee 4463 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 4464 if (l->tx_seq == tx_seq) {
4465 list_del(&l->list);
4466 kfree(l);
4467 return;
4468 }
ab784b73 4469 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 4470 control |= __set_reqseq(chan, l->tx_seq);
525cd185 4471 l2cap_send_sframe(chan, control);
8f17154f 4472 list_del(&l->list);
39d5a3ee 4473 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 4474 }
4475}
4476
aef89f21 4477static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 4478{
8f17154f 4479 struct srej_list *new;
88843ab0 4480 u32 control;
8f17154f 4481
42e5c802 4482 while (tx_seq != chan->expected_tx_seq) {
ab784b73 4483 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 4484 control |= __set_reqseq(chan, chan->expected_tx_seq);
3c588192 4485 l2cap_seq_list_append(&chan->srej_list, chan->expected_tx_seq);
525cd185 4486 l2cap_send_sframe(chan, control);
8f17154f
GP		 4487
4488 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 4489 if (!new)
4490 return -ENOMEM;
4491
42e5c802 4492 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 4493
4494 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
4495
39d5a3ee 4496 list_add_tail(&new->list, &chan->srej_l);
8f17154f 4497 }
836be934
AE		 4498
4499 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 4500
4501 return 0;
8f17154f
GP		 4502}
4503
88843ab0 4504static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 4505{
fb45de7d 4506 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 4507 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 4508 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 4509 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 4510 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 4511 int err = 0;
4512
88843ab0 4513 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 4514 tx_seq, rx_control);
1c2acffb 4515
03f6715d 4516 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4517 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4518 __clear_monitor_timer(chan);
6a026610 4519 if (chan->unacked_frames > 0)
1a09bcb9 4520 __set_retrans_timer(chan);
e2ab4353 4521 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 4522 }
4523
42e5c802
GP		 4524 chan->expected_ack_seq = req_seq;
4525 l2cap_drop_acked_frames(chan);
9f121a5a 4526
836be934 4527 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4528
4529 /* invalid tx_seq */
47d1ec61 4530 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 4531 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 4532 goto drop;
4533 }
4534
77f918bc
SJ		 4535 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4536 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
4537 l2cap_send_ack(chan);
1890d36b 4538 goto drop;
77f918bc 4539 }
1890d36b 4540
02f1b641
MM		 4541 if (tx_seq == chan->expected_tx_seq)
4542 goto expected;
4543
e2ab4353 4544 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 4545 struct srej_list *first;
30afb5b2 4546
39d5a3ee 4547 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 4548 struct srej_list, list);
4549 if (tx_seq == first->tx_seq) {
42e5c802 4550 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 4551 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 4552
4553 list_del(&first->list);
4554 kfree(first);
4555
39d5a3ee 4556 if (list_empty(&chan->srej_l)) {
42e5c802 4557 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 4558 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 4559 l2cap_send_ack(chan);
49208c9c 4560 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 4561 }
4562 } else {
4563 struct srej_list *l;
9b53350d
JPRV		 4564
4565 /* duplicated tx_seq */
42e5c802 4566 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 4567 goto drop;
8f17154f 4568
39d5a3ee 4569 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 4570 if (l->tx_seq == tx_seq) {
525cd185 4571 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 4572 return 0;
4573 }
4574 }
aef89f21
SJ		 4575
4576 err = l2cap_send_srejframe(chan, tx_seq);
4577 if (err < 0) {
4578 l2cap_send_disconn_req(chan->conn, chan, -err);
4579 return err;
4580 }
30afb5b2
GP		 4581 }
4582 } else {
836be934
AE		 4583 expected_tx_seq_offset = __seq_offset(chan,
4584 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4585
4586 /* duplicated tx_seq */
4587 if (tx_seq_offset < expected_tx_seq_offset)
4588 goto drop;
4589
e2ab4353 4590 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 4591
49208c9c 4592 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4593
39d5a3ee 4594 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4595 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4596
f1c6775b 4597 __skb_queue_head_init(&chan->srej_q);
42e5c802 4598 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4599
0ef3ef0f
SJ		 4600 /* Set P-bit only if there are some I-frames to ack. */
4601 if (__clear_ack_timer(chan))
4602 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4603
aef89f21
SJ		 4604 err = l2cap_send_srejframe(chan, tx_seq);
4605 if (err < 0) {
4606 l2cap_send_disconn_req(chan->conn, chan, -err);
4607 return err;
4608 }
1c2acffb 4609 }
30afb5b2
GP		 4610 return 0;
4611
8f17154f 4612expected:
836be934 4613 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4614
e2ab4353 4615 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3ce3514f
MM		 4616 bt_cb(skb)->control.txseq = tx_seq;
4617 bt_cb(skb)->control.sar = sar;
f1c6775b 4618 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4619 return 0;
4620 }
4621
84084a31 4622 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4623 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4624
e328140f
MM		 4625 if (err < 0) {
4626 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4627 return err;
4628 }
2ece3684 4629
03f6715d 4630 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4631 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4632 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4633 }
4634
c1b4f43b 4635
6a026610
GP		 4636 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4637 if (chan->num_acked == num_to_ack - 1)
525cd185 4638 l2cap_send_ack(chan);
4d611e4d
GP		 4639 else
4640 __set_ack_timer(chan);
9e917af1 4641
8f17154f 4642 return 0;
9b53350d
JPRV		 4643
4644drop:
4645 kfree_skb(skb);
4646 return 0;
1c2acffb
GP		 4647}
4648
88843ab0 4649static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4650{
88843ab0 4651 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4652 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4653
0b209fae 4654 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4655 l2cap_drop_acked_frames(chan);
1c2acffb 4656
e3781735 4657 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4658 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4659 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4660 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4661 (chan->unacked_frames > 0))
1a09bcb9 4662 __set_retrans_timer(chan);
05fbd89d 4663
e2ab4353 4664 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4665 l2cap_send_srejtail(chan);
05fbd89d 4666 } else {
525cd185 4667 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4668 }
1d8f5d16 4669
03f6715d 4670 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4671 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4672
e2ab4353 4673 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4674 l2cap_retransmit_frames(chan);
2246b2f1 4675
e072745f 4676 } else {
e2ab4353 4677 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4678 (chan->unacked_frames > 0))
1a09bcb9 4679 __set_retrans_timer(chan);
1c2acffb 4680
e2ab4353
GP		 4681 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4682 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4683 l2cap_send_ack(chan);
894718a6 4684 else
525cd185 4685 l2cap_ertm_send(chan);
e072745f
GP		 4686 }
4687}
2246b2f1 4688
88843ab0 4689static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4690{
0b209fae 4691 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4692
88843ab0 4693 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4694
e2ab4353 4695 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4696
42e5c802
GP		 4697 chan->expected_ack_seq = tx_seq;
4698 l2cap_drop_acked_frames(chan);
e072745f 4699
03f6715d 4700 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4701 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4702 l2cap_retransmit_frames(chan);
e072745f 4703 } else {
525cd185 4704 l2cap_retransmit_frames(chan);
30afb5b2 4705
e2ab4353
GP		 4706 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4707 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4708 }
4709}
88843ab0 4710static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4711{
0b209fae 4712 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4713
88843ab0 4714 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4715
e2ab4353 4716 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4717
e3781735 4718 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4719 chan->expected_ack_seq = tx_seq;
4720 l2cap_drop_acked_frames(chan);
3cb123d1 4721
e2ab4353 4722 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4723 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4724
525cd185 4725 l2cap_ertm_send(chan);
dfc909be 4726
e2ab4353 4727 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4728 chan->srej_save_reqseq = tx_seq;
e2ab4353 4729 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4730 }
03f6715d 4731 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4732 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4733 chan->srej_save_reqseq == tx_seq)
e2ab4353 4734 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4735 else
525cd185 4736 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4737 } else {
525cd185 4738 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4739 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4740 chan->srej_save_reqseq = tx_seq;
e2ab4353 4741 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4742 }
e072745f
GP		 4743 }
4744}
4745
88843ab0 4746static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4747{
0b209fae 4748 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4749
88843ab0 4750 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4751
e2ab4353 4752 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4753 chan->expected_ack_seq = tx_seq;
4754 l2cap_drop_acked_frames(chan);
e072745f 4755
e3781735 4756 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4757 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4758
e2ab4353 4759 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4760 __clear_retrans_timer(chan);
e3781735 4761 if (__is_ctrl_poll(chan, rx_control))
525cd185 4762 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4763 return;
e072745f 4764 }
99b0d4b7 4765
e3781735 4766 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4767 l2cap_send_srejtail(chan);
ab784b73
AE		 4768 } else {
4769 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4770 l2cap_send_sframe(chan, rx_control);
4771 }
e072745f
GP		 4772}
4773
88843ab0 4774static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4775{
88843ab0 4776 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4777
03f6715d 4778 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4779 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4780 __clear_monitor_timer(chan);
6a026610 4781 if (chan->unacked_frames > 0)
1a09bcb9 4782 __set_retrans_timer(chan);
e2ab4353 4783 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4784 }
4785
ab784b73
AE		 4786 switch (__get_ctrl_super(chan, rx_control)) {
4787 case L2CAP_SUPER_RR:
525cd185 4788 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4789 break;
4790
ab784b73 4791 case L2CAP_SUPER_REJ:
525cd185 4792 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4793 break;
2246b2f1 4794
ab784b73 4795 case L2CAP_SUPER_SREJ:
525cd185 4796 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4797 break;
4798
ab784b73 4799 case L2CAP_SUPER_RNR:
525cd185 4800 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4801 break;
4802 }
4803
faaebd19 4804 kfree_skb(skb);
1c2acffb
GP		 4805 return 0;
4806}
4807
cad8f1d0 4808static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4809{
88843ab0 4810 u32 control;
0b209fae 4811 u16 req_seq;
218bb9df
GP		 4812 int len, next_tx_seq_offset, req_seq_offset;
4813
b76bbd66
MM		 4814 __unpack_control(chan, skb);
4815
88843ab0
AE		 4816 control = __get_control(chan, skb->data);
4817 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4818 len = skb->len;
4819
4820 /*
4821 * We can just drop the corrupted I-frame here.
4822 * Receiver will miss it and start proper recovery
4823 * procedures and ask retransmission.
4824 */
47d1ec61 4825 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4826 goto drop;
4827
793c2f1c 4828 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4829 len -= L2CAP_SDULEN_SIZE;
218bb9df 4830
47d1ec61 4831 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4832 len -= L2CAP_FCS_SIZE;
218bb9df 4833
47d1ec61 4834 if (len > chan->mps) {
8c1d787b 4835 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4836 goto drop;
4837 }
4838
0b209fae 4839 req_seq = __get_reqseq(chan, control);
218bb9df 4840
836be934
AE		 4841 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4842
4843 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4844 chan->expected_ack_seq);
218bb9df
GP		 4845
4846 /* check for invalid req-seq */
4847 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4848 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4849 goto drop;
4850 }
4851
793c2f1c 4852 if (!__is_sframe(chan, control)) {
218bb9df 4853 if (len < 0) {
8c1d787b 4854 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4855 goto drop;
4856 }
4857
525cd185 4858 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4859 } else {
4860 if (len != 0) {
4861 BT_ERR("%d", len);
8c1d787b 4862 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4863 goto drop;
4864 }
4865
525cd185 4866 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4867 }
4868
4869 return 0;
4870
4871drop:
4872 kfree_skb(skb);
4873 return 0;
4874}
4875
1da177e4
LT		 4876static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4877{
48454079 4878 struct l2cap_chan *chan;
88843ab0 4879 u32 control;
fb45de7d 4880 u16 tx_seq;
218bb9df 4881 int len;
1da177e4 4882
baa7e1fa 4883 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4884 if (!chan) {
1da177e4 4885 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4886 /* Drop packet and return */
3379013b 4887 kfree_skb(skb);
6be36555 4888 return 0;
1da177e4
LT		 4889 }
4890
49208c9c 4891 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4892
89bc500e 4893 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4894 goto drop;
4895
0c1bc5c6 4896 switch (chan->mode) {
1c2acffb
GP		 4897 case L2CAP_MODE_BASIC:
4898 /* If socket recv buffers overflows we drop data here
4899 * which is *bad* because L2CAP has to be reliable.
4900 * But we don't have any other choice. L2CAP doesn't
4901 * provide flow control mechanism. */
1da177e4 4902
0c1bc5c6 4903 if (chan->imtu < skb->len)
1c2acffb 4904 goto drop;
1da177e4 4905
23070494 4906 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4907 goto done;
4908 break;
4909
4910 case L2CAP_MODE_ERTM:
5ef8cb9e 4911 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4912
fcafde2e 4913 goto done;
1c2acffb 4914
6840ed07 4915 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4916 control = __get_control(chan, skb->data);
4917 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4918 len = skb->len;
4919
47d1ec61 4920 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4921 goto drop;
4922
7e0ef6ee 4923 if (__is_sar_start(chan, control))
03a51213 4924 len -= L2CAP_SDULEN_SIZE;
6840ed07 4925
47d1ec61 4926 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4927 len -= L2CAP_FCS_SIZE;
fcc203c3 4928
793c2f1c 4929 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4930 goto drop;
4931
fb45de7d 4932 tx_seq = __get_txseq(chan, control);
6840ed07 4933
84084a31
MM		 4934 if (chan->expected_tx_seq != tx_seq) {
4935 /* Frame(s) missing - must discard partial SDU */
4936 kfree_skb(chan->sdu);
4937 chan->sdu = NULL;
4938 chan->sdu_last_frag = NULL;
4939 chan->sdu_len = 0;
6840ed07 4940
84084a31
MM		 4941 /* TODO: Notify userland of missing data */
4942 }
4943
836be934 4944 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4945
4946 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4947 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4948
4949 goto done;
4950
1c2acffb 4951 default:
0c1bc5c6 4952 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4953 break;
4954 }
1da177e4
LT		 4955
4956drop:
4957 kfree_skb(skb);
4958
4959done:
6be36555 4960 l2cap_chan_unlock(chan);
0139418c 4961
1da177e4
LT		 4962 return 0;
4963}
4964
8e036fc3 4965static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4966{
23691d75 4967 struct l2cap_chan *chan;
1da177e4 4968
c2287681 4969 chan = l2cap_global_chan_by_psm(0, psm, conn->src, conn->dst);
23691d75 4970 if (!chan)
1da177e4
LT		 4971 goto drop;
4972
5b4cedaa 4973 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4974
89bc500e 4975 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4976 goto drop;
4977
e13e21dc 4978 if (chan->imtu < skb->len)
1da177e4
LT		 4979 goto drop;
4980
23070494 4981 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4982 return 0;
1da177e4
LT		 4983
4984drop:
4985 kfree_skb(skb);
4986
1da177e4
LT		 4987 return 0;
4988}
4989
d9b88702
AE		 4990static inline int l2cap_att_channel(struct l2cap_conn *conn, u16 cid,
4991 struct sk_buff *skb)
9f69bda6 4992{
23691d75 4993 struct l2cap_chan *chan;
9f69bda6 4994
c2287681 4995 chan = l2cap_global_chan_by_scid(0, cid, conn->src, conn->dst);
23691d75 4996 if (!chan)
9f69bda6
GP		 4997 goto drop;
4998
5b4cedaa 4999 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 5000
89bc500e 5001 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 5002 goto drop;
5003
e13e21dc 5004 if (chan->imtu < skb->len)
9f69bda6
GP		 5005 goto drop;
5006
23070494 5007 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 5008 return 0;
9f69bda6
GP		 5009
5010drop:
5011 kfree_skb(skb);
5012
9f69bda6
GP		 5013 return 0;
5014}
5015
1da177e4
LT		 5016static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
5017{
5018 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 5019 u16 cid, len;
5020 __le16 psm;
1da177e4
LT		 5021
5022 skb_pull(skb, L2CAP_HDR_SIZE);
5023 cid = __le16_to_cpu(lh->cid);
5024 len = __le16_to_cpu(lh->len);
5025
1c2acffb
GP		 5026 if (len != skb->len) {
5027 kfree_skb(skb);
5028 return;
5029 }
5030
1da177e4
LT		 5031 BT_DBG("len %d, cid 0x%4.4x", len, cid);
5032
5033 switch (cid) {
3300d9a9 5034 case L2CAP_CID_LE_SIGNALING:
8db4dc46 5035 case L2CAP_CID_SIGNALING:
1da177e4
LT		 5036 l2cap_sig_channel(conn, skb);
5037 break;
5038
8db4dc46 5039 case L2CAP_CID_CONN_LESS:
097db76c 5040 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 5041 skb_pull(skb, 2);
5042 l2cap_conless_channel(conn, psm, skb);
5043 break;
5044
9f69bda6
GP		 5045 case L2CAP_CID_LE_DATA:
5046 l2cap_att_channel(conn, cid, skb);
5047 break;
5048
b501d6a1
AB		 5049 case L2CAP_CID_SMP:
5050 if (smp_sig_channel(conn, skb))
5051 l2cap_conn_del(conn->hcon, EACCES);
5052 break;
5053
1da177e4
LT		 5054 default:
5055 l2cap_data_channel(conn, cid, skb);
5056 break;
5057 }
5058}
5059
5060/* ---- L2CAP interface with lower layer (HCI) ---- */
5061
686ebf28 5062int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 5063{
5064 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 5065 struct l2cap_chan *c;
1da177e4 5066
1da177e4
LT		 5067 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
5068
5069 /* Find listening sockets and check their link_mode */
23691d75
GP		 5070 read_lock(&chan_list_lock);
5071 list_for_each_entry(c, &chan_list, global_l) {
5072 struct sock *sk = c->sk;
4343478f 5073
89bc500e 5074 if (c->state != BT_LISTEN)
1da177e4
LT		 5075 continue;
5076
5077 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 5078 lm1 |= HCI_LM_ACCEPT;
43bd0f32 5079 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 5080 lm1 |= HCI_LM_MASTER;
1da177e4 5081 exact++;
2af6b9d5
MH		 5082 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
5083 lm2 |= HCI_LM_ACCEPT;
43bd0f32 5084 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 5085 lm2 |= HCI_LM_MASTER;
5086 }
1da177e4 5087 }
23691d75 5088 read_unlock(&chan_list_lock);
1da177e4
LT		 5089
5090 return exact ? lm1 : lm2;
5091}
5092
686ebf28 5093int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 5094{
0139418c
MH		 5095 struct l2cap_conn *conn;
5096
1da177e4
LT		 5097 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
5098
1da177e4 5099 if (!status) {
1da177e4
LT		 5100 conn = l2cap_conn_add(hcon, status);
5101 if (conn)
5102 l2cap_conn_ready(conn);
0139418c 5103 } else
e175072f 5104 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 5105
5106 return 0;
5107}
5108
686ebf28 5109int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 5110{
5111 struct l2cap_conn *conn = hcon->l2cap_data;
5112
5113 BT_DBG("hcon %p", hcon);
5114
686ebf28 5115 if (!conn)
9f5a0d7b 5116 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 5117 return conn->disc_reason;
5118}
5119
686ebf28 5120int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 5121{
5122 BT_DBG("hcon %p reason %d", hcon, reason);
5123
e175072f 5124 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 5125 return 0;
5126}
5127
4343478f 5128static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 5129{
715ec005 5130 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 5131 return;
5132
f62e4323 5133 if (encrypt == 0x00) {
4343478f 5134 if (chan->sec_level == BT_SECURITY_MEDIUM) {
ba13ccd9 5135 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 5136 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 5137 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 5138 } else {
4343478f 5139 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 5140 __clear_chan_timer(chan);
f62e4323
MH		 5141 }
5142}
5143
686ebf28 5144int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 5145{
0139418c 5146 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 5147 struct l2cap_chan *chan;
1da177e4 5148
0139418c 5149 if (!conn)
1da177e4 5150 return 0;
0139418c 5151
1da177e4
LT		 5152 BT_DBG("conn %p", conn);
5153
160dc6ac 5154 if (hcon->type == LE_LINK) {
35d4adcc
HG		 5155 if (!status && encrypt)
5156 smp_distribute_keys(conn, 0);
17cd3f37 5157 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 5158 }
5159
3df91ea2 5160 mutex_lock(&conn->chan_lock);
1da177e4 5161
3df91ea2 5162 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 5163 l2cap_chan_lock(chan);
1da177e4 5164
f1cb9af5
VCG		 5165 BT_DBG("chan->scid %d", chan->scid);
5166
5167 if (chan->scid == L2CAP_CID_LE_DATA) {
5168 if (!status && encrypt) {
5169 chan->sec_level = hcon->sec_level;
cf4cd009 5170 l2cap_chan_ready(chan);
f1cb9af5
VCG		 5171 }
5172
6be36555 5173 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 5174 continue;
5175 }
5176
c1360a1c 5177 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 5178 l2cap_chan_unlock(chan);
6a8d3010
MH		 5179 continue;
5180 }
5181
89bc500e
GP		 5182 if (!status && (chan->state == BT_CONNECTED ||
5183 chan->state == BT_CONFIG)) {
a7d7723a
GP		 5184 struct sock *sk = chan->sk;
5185
c5daa683 5186 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 5187 sk->sk_state_change(sk);
5188
4343478f 5189 l2cap_check_encryption(chan, encrypt);
6be36555 5190 l2cap_chan_unlock(chan);
9719f8af
MH		 5191 continue;
5192 }
5193
89bc500e 5194 if (chan->state == BT_CONNECT) {
b1235d79 5195 if (!status) {
9b27f350 5196 l2cap_send_conn_req(chan);
b1235d79 5197 } else {
ba13ccd9 5198 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 5199 }
89bc500e 5200 } else if (chan->state == BT_CONNECT2) {
6be36555 5201 struct sock *sk = chan->sk;
b1235d79 5202 struct l2cap_conn_rsp rsp;
df3c3931 5203 __u16 res, stat;
1da177e4 5204
6be36555
AE		 5205 lock_sock(sk);
5206
b1235d79 5207 if (!status) {
c5daa683
GP		 5208 if (test_bit(BT_SK_DEFER_SETUP,
5209 &bt_sk(sk)->flags)) {
df3c3931
JH		 5210 struct sock *parent = bt_sk(sk)->parent;
5211 res = L2CAP_CR_PEND;
5212 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 5213 if (parent)
5214 parent->sk_data_ready(parent, 0);
df3c3931 5215 } else {
0e587be7 5216 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 5217 res = L2CAP_CR_SUCCESS;
5218 stat = L2CAP_CS_NO_INFO;
5219 }
b1235d79 5220 } else {
0e587be7 5221 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 5222 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 5223 res = L2CAP_CR_SEC_BLOCK;
5224 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 5225 }
5226
6be36555
AE		 5227 release_sock(sk);
5228
fe4128e0
GP		 5229 rsp.scid = cpu_to_le16(chan->dcid);
5230 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 5231 rsp.result = cpu_to_le16(res);
5232 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 5233 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5234 sizeof(rsp), &rsp);
b1235d79 5235 }
1da177e4 5236
6be36555 5237 l2cap_chan_unlock(chan);
1da177e4
LT		 5238 }
5239
3df91ea2 5240 mutex_unlock(&conn->chan_lock);
b1235d79 5241
1da177e4
LT		 5242 return 0;
5243}
5244
686ebf28 5245int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 5246{
5247 struct l2cap_conn *conn = hcon->l2cap_data;
5248
5a08ecce
AE		 5249 if (!conn)
5250 conn = l2cap_conn_add(hcon, 0);
5251
5252 if (!conn)
1da177e4
LT		 5253 goto drop;
5254
5255 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5256
e702112f 5257 if (!(flags & ACL_CONT)) {
1da177e4
LT		 5258 struct l2cap_hdr *hdr;
5259 int len;
5260
5261 if (conn->rx_len) {
5262 BT_ERR("Unexpected start frame (len %d)", skb->len);
5263 kfree_skb(conn->rx_skb);
5264 conn->rx_skb = NULL;
5265 conn->rx_len = 0;
5266 l2cap_conn_unreliable(conn, ECOMM);
5267 }
5268
aae7fe22
AE		 5269 /* Start fragment always begin with Basic L2CAP header */
5270 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 5271 BT_ERR("Frame is too short (len %d)", skb->len);
5272 l2cap_conn_unreliable(conn, ECOMM);
5273 goto drop;
5274 }
5275
5276 hdr = (struct l2cap_hdr *) skb->data;
5277 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
5278
5279 if (len == skb->len) {
5280 /* Complete frame received */
5281 l2cap_recv_frame(conn, skb);
5282 return 0;
5283 }
5284
5285 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
5286
5287 if (skb->len > len) {
5288 BT_ERR("Frame is too long (len %d, expected len %d)",
5289 skb->len, len);
5290 l2cap_conn_unreliable(conn, ECOMM);
5291 goto drop;
5292 }
5293
5294 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 5295 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
5296 if (!conn->rx_skb)
1da177e4
LT		 5297 goto drop;
5298
d626f62b 5299 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5300 skb->len);
1da177e4
LT		 5301 conn->rx_len = len - skb->len;
5302 } else {
5303 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5304
5305 if (!conn->rx_len) {
5306 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
5307 l2cap_conn_unreliable(conn, ECOMM);
5308 goto drop;
5309 }
5310
5311 if (skb->len > conn->rx_len) {
5312 BT_ERR("Fragment is too long (len %d, expected %d)",
5313 skb->len, conn->rx_len);
5314 kfree_skb(conn->rx_skb);
5315 conn->rx_skb = NULL;
5316 conn->rx_len = 0;
5317 l2cap_conn_unreliable(conn, ECOMM);
5318 goto drop;
5319 }
5320
d626f62b 5321 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5322 skb->len);
1da177e4
LT		 5323 conn->rx_len -= skb->len;
5324
5325 if (!conn->rx_len) {
5326 /* Complete frame received */
5327 l2cap_recv_frame(conn, conn->rx_skb);
5328 conn->rx_skb = NULL;
5329 }
5330 }
5331
5332drop:
5333 kfree_skb(skb);
5334 return 0;
5335}
5336
aef7d97c 5337static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 5338{
23691d75 5339 struct l2cap_chan *c;
1da177e4 5340
333055f2 5341 read_lock(&chan_list_lock);
1da177e4 5342
23691d75
GP		 5343 list_for_each_entry(c, &chan_list, global_l) {
5344 struct sock *sk = c->sk;
101545f6 5345
903d343e 5346 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 5347 batostr(&bt_sk(sk)->src),
5348 batostr(&bt_sk(sk)->dst),
89bc500e 5349 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 5350 c->scid, c->dcid, c->imtu, c->omtu,
5351 c->sec_level, c->mode);
61e1b4b7 5352 }
1da177e4 5353
333055f2 5354 read_unlock(&chan_list_lock);
1da177e4 5355
aef7d97c 5356 return 0;
1da177e4
LT		 5357}
5358
aef7d97c
MH		 5359static int l2cap_debugfs_open(struct inode *inode, struct file *file)
5360{
5361 return single_open(file, l2cap_debugfs_show, inode->i_private);
5362}
5363
5364static const struct file_operations l2cap_debugfs_fops = {
5365 .open = l2cap_debugfs_open,
5366 .read = seq_read,
5367 .llseek = seq_lseek,
5368 .release = single_release,
5369};
5370
5371static struct dentry *l2cap_debugfs;
1da177e4 5372
64274518 5373int __init l2cap_init(void)
1da177e4
LT		 5374{
5375 int err;
be9d1227 5376
bb58f747 5377 err = l2cap_init_sockets();
1da177e4
LT		 5378 if (err < 0)
5379 return err;
5380
aef7d97c
MH		 5381 if (bt_debugfs) {
5382 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
5383 bt_debugfs, NULL, &l2cap_debugfs_fops);
5384 if (!l2cap_debugfs)
5385 BT_ERR("Failed to create L2CAP debug file");
5386 }
1da177e4 5387
1da177e4 5388 return 0;
1da177e4
LT		 5389}
5390
64274518 5391void l2cap_exit(void)
1da177e4 5392{
aef7d97c 5393 debugfs_remove(l2cap_debugfs);
bb58f747 5394 l2cap_cleanup_sockets();
1da177e4
LT		 5395}
5396
d1c4a17d
GP		 5397module_param(disable_ertm, bool, 0644);
5398MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)