projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor l2cap_streaming_send
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
422e925b 7 Copyright (c) 2012 Code Aurora Forum. All rights reserved.
1da177e4
LT		 8
9 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License version 2 as
13 published by the Free Software Foundation;
14
15 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
16 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
18 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 19 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
20 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
21 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 22 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23
8e87d142
YH		 24 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
25 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 26 SOFTWARE IS DISCLAIMED.
27*/
28
bb58f747 29/* Bluetooth L2CAP core. */
1da177e4 30
1da177e4
LT		 31#include <linux/module.h>
32
33#include <linux/types.h>
4fc268d2 34#include <linux/capability.h>
1da177e4
LT		 35#include <linux/errno.h>
36#include <linux/kernel.h>
1da177e4
LT		 37#include <linux/sched.h>
38#include <linux/slab.h>
39#include <linux/poll.h>
40#include <linux/fcntl.h>
41#include <linux/init.h>
42#include <linux/interrupt.h>
43#include <linux/socket.h>
44#include <linux/skbuff.h>
1da177e4 45#include <linux/list.h>
be9d1227 46#include <linux/device.h>
aef7d97c
MH		 47#include <linux/debugfs.h>
48#include <linux/seq_file.h>
af05b30b 49#include <linux/uaccess.h>
fcc203c3 50#include <linux/crc16.h>
1da177e4
LT		 51#include <net/sock.h>
52
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
b191e031 60bool disable_ertm = 1;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
c5daa683 74 struct l2cap_chan *chan, int err);
1da177e4 75
608bcc6d
MM		 76static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
77 struct sk_buff_head *skbs, u8 event);
78
0139418c 79/* ---- L2CAP channels ---- */
71ba0e56 80
baa7e1fa 81static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 82{
3df91ea2 83 struct l2cap_chan *c;
3d57dc68 84
3df91ea2
AE		 85 list_for_each_entry(c, &conn->chan_l, list) {
86 if (c->dcid == cid)
87 return c;
0139418c 88 }
3df91ea2 89 return NULL;
0139418c
MH		 90}
91
baa7e1fa 92static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 93{
3df91ea2 94 struct l2cap_chan *c;
3d57dc68 95
3df91ea2
AE		 96 list_for_each_entry(c, &conn->chan_l, list) {
97 if (c->scid == cid)
98 return c;
0139418c 99 }
3df91ea2 100 return NULL;
0139418c
MH		 101}
102
103/* Find channel with given SCID.
ef191ade 104 * Returns locked channel. */
baa7e1fa 105static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 106{
48454079 107 struct l2cap_chan *c;
baa7e1fa 108
3df91ea2 109 mutex_lock(&conn->chan_lock);
baa7e1fa 110 c = __l2cap_get_chan_by_scid(conn, cid);
ef191ade
MM		 111 if (c)
112 l2cap_chan_lock(c);
3df91ea2
AE		 113 mutex_unlock(&conn->chan_lock);
114
48454079 115 return c;
0139418c
MH		 116}
117
baa7e1fa 118static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 119{
3df91ea2 120 struct l2cap_chan *c;
3d57dc68 121
3df91ea2
AE		 122 list_for_each_entry(c, &conn->chan_l, list) {
123 if (c->ident == ident)
124 return c;
0139418c 125 }
3df91ea2 126 return NULL;
0139418c
MH		 127}
128
23691d75 129static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 130{
23691d75 131 struct l2cap_chan *c;
9e4425ff 132
23691d75
GP		 133 list_for_each_entry(c, &chan_list, global_l) {
134 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 135 return c;
9e4425ff 136 }
250938cb 137 return NULL;
9e4425ff
GP		 138}
139
140int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
141{
73b2ec18
GP		 142 int err;
143
333055f2 144 write_lock(&chan_list_lock);
9e4425ff 145
23691d75 146 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 147 err = -EADDRINUSE;
148 goto done;
9e4425ff
GP		 149 }
150
73b2ec18
GP		 151 if (psm) {
152 chan->psm = psm;
153 chan->sport = psm;
154 err = 0;
155 } else {
156 u16 p;
157
158 err = -EINVAL;
159 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 160 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 161 chan->psm = cpu_to_le16(p);
162 chan->sport = cpu_to_le16(p);
163 err = 0;
164 break;
165 }
166 }
9e4425ff 167
73b2ec18 168done:
333055f2 169 write_unlock(&chan_list_lock);
73b2ec18 170 return err;
9e4425ff
GP		 171}
172
173int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
174{
333055f2 175 write_lock(&chan_list_lock);
9e4425ff
GP		 176
177 chan->scid = scid;
178
333055f2 179 write_unlock(&chan_list_lock);
9e4425ff
GP		 180
181 return 0;
182}
183
baa7e1fa 184static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 185{
8db4dc46 186 u16 cid = L2CAP_CID_DYN_START;
0139418c 187
8db4dc46 188 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 189 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 190 return cid;
191 }
192
193 return 0;
194}
195
0e587be7 196static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 197{
42d2d87c 198 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 199 state_to_string(state));
200
89bc500e
GP		 201 chan->state = state;
202 chan->ops->state_change(chan->data, state);
203}
204
0e587be7
AE		 205static void l2cap_state_change(struct l2cap_chan *chan, int state)
206{
207 struct sock *sk = chan->sk;
208
209 lock_sock(sk);
210 __l2cap_state_change(chan, state);
211 release_sock(sk);
212}
213
2e0052e4
AE		 214static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
215{
216 struct sock *sk = chan->sk;
217
218 sk->sk_err = err;
219}
220
221static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
222{
223 struct sock *sk = chan->sk;
224
225 lock_sock(sk);
226 __l2cap_chan_set_err(chan, err);
227 release_sock(sk);
228}
229
608bcc6d
MM		 230static struct sk_buff *l2cap_ertm_seq_in_queue(struct sk_buff_head *head,
231 u16 seq)
232{
233 struct sk_buff *skb;
234
235 skb_queue_walk(head, skb) {
236 if (bt_cb(skb)->control.txseq == seq)
237 return skb;
238 }
239
240 return NULL;
241}
242
3c588192
MM		 243/* ---- L2CAP sequence number lists ---- */
244
245/* For ERTM, ordered lists of sequence numbers must be tracked for
246 * SREJ requests that are received and for frames that are to be
247 * retransmitted. These seq_list functions implement a singly-linked
248 * list in an array, where membership in the list can also be checked
249 * in constant time. Items can also be added to the tail of the list
250 * and removed from the head in constant time, without further memory
251 * allocs or frees.
252 */
253
254static int l2cap_seq_list_init(struct l2cap_seq_list *seq_list, u16 size)
255{
256 size_t alloc_size, i;
257
258 /* Allocated size is a power of 2 to map sequence numbers
259 * (which may be up to 14 bits) in to a smaller array that is
260 * sized for the negotiated ERTM transmit windows.
261 */
262 alloc_size = roundup_pow_of_two(size);
263
264 seq_list->list = kmalloc(sizeof(u16) * alloc_size, GFP_KERNEL);
265 if (!seq_list->list)
266 return -ENOMEM;
267
268 seq_list->mask = alloc_size - 1;
269 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
270 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
271 for (i = 0; i < alloc_size; i++)
272 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
273
274 return 0;
275}
276
277static inline void l2cap_seq_list_free(struct l2cap_seq_list *seq_list)
278{
279 kfree(seq_list->list);
280}
281
282static inline bool l2cap_seq_list_contains(struct l2cap_seq_list *seq_list,
283 u16 seq)
284{
285 /* Constant-time check for list membership */
286 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR;
287}
288
289static u16 l2cap_seq_list_remove(struct l2cap_seq_list *seq_list, u16 seq)
290{
291 u16 mask = seq_list->mask;
292
293 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) {
294 /* In case someone tries to pop the head of an empty list */
295 return L2CAP_SEQ_LIST_CLEAR;
296 } else if (seq_list->head == seq) {
297 /* Head can be removed in constant time */
298 seq_list->head = seq_list->list[seq & mask];
299 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
300
301 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) {
302 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
303 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
304 }
305 } else {
306 /* Walk the list to find the sequence number */
307 u16 prev = seq_list->head;
308 while (seq_list->list[prev & mask] != seq) {
309 prev = seq_list->list[prev & mask];
310 if (prev == L2CAP_SEQ_LIST_TAIL)
311 return L2CAP_SEQ_LIST_CLEAR;
312 }
313
314 /* Unlink the number from the list and clear it */
315 seq_list->list[prev & mask] = seq_list->list[seq & mask];
316 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR;
317 if (seq_list->tail == seq)
318 seq_list->tail = prev;
319 }
320 return seq;
321}
322
323static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list)
324{
325 /* Remove the head in constant time */
326 return l2cap_seq_list_remove(seq_list, seq_list->head);
327}
328
329static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list)
330{
f522ae36 331 u16 i;
3c588192 332
f522ae36
GP		 333 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR)
334 return;
335
336 for (i = 0; i <= seq_list->mask; i++)
337 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR;
338
339 seq_list->head = L2CAP_SEQ_LIST_CLEAR;
340 seq_list->tail = L2CAP_SEQ_LIST_CLEAR;
3c588192
MM		 341}
342
343static void l2cap_seq_list_append(struct l2cap_seq_list *seq_list, u16 seq)
344{
345 u16 mask = seq_list->mask;
346
347 /* All appends happen in constant time */
348
f522ae36
GP		 349 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR)
350 return;
3c588192 351
f522ae36
GP		 352 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR)
353 seq_list->head = seq;
354 else
355 seq_list->list[seq_list->tail & mask] = seq;
356
357 seq_list->tail = seq;
358 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL;
3c588192
MM		 359}
360
721c4181 361static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 362{
721c4181
GP		 363 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
364 chan_timer.work);
3df91ea2 365 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 366 int reason;
367
e05dcc32 368 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 369
3df91ea2 370 mutex_lock(&conn->chan_lock);
6be36555 371 l2cap_chan_lock(chan);
ab07801d 372
89bc500e 373 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 374 reason = ECONNREFUSED;
89bc500e 375 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 376 chan->sec_level != BT_SECURITY_SDP)
377 reason = ECONNREFUSED;
378 else
379 reason = ETIMEDOUT;
380
0f852724 381 l2cap_chan_close(chan, reason);
ab07801d 382
6be36555 383 l2cap_chan_unlock(chan);
ab07801d 384
ba3bd0ee 385 chan->ops->close(chan->data);
3df91ea2
AE		 386 mutex_unlock(&conn->chan_lock);
387
371fd835 388 l2cap_chan_put(chan);
ab07801d
GP		 389}
390
eef1d9b6 391struct l2cap_chan *l2cap_chan_create(void)
48454079
GP		 392{
393 struct l2cap_chan *chan;
394
395 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
396 if (!chan)
397 return NULL;
398
c03b355e
AE		 399 mutex_init(&chan->lock);
400
333055f2 401 write_lock(&chan_list_lock);
23691d75 402 list_add(&chan->global_l, &chan_list);
333055f2 403 write_unlock(&chan_list_lock);
23691d75 404
721c4181 405 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 406
89bc500e
GP		 407 chan->state = BT_OPEN;
408
71ba0e56
GP		 409 atomic_set(&chan->refcnt, 1);
410
2827011f
MM		 411 /* This flag is cleared in l2cap_chan_ready() */
412 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
413
eef1d9b6 414 BT_DBG("chan %p", chan);
abc545b8 415
48454079
GP		 416 return chan;
417}
418
23691d75 419void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 420{
333055f2 421 write_lock(&chan_list_lock);
23691d75 422 list_del(&chan->global_l);
333055f2 423 write_unlock(&chan_list_lock);
23691d75 424
371fd835 425 l2cap_chan_put(chan);
6ff5abbf
GP		 426}
427
bd4b1653
AE		 428void l2cap_chan_set_defaults(struct l2cap_chan *chan)
429{
430 chan->fcs = L2CAP_FCS_CRC16;
431 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
432 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
433 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
434 chan->sec_level = BT_SECURITY_LOW;
435
436 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
437}
438
14a28491 439static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 440{
af05b30b 441 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
097db76c 442 __le16_to_cpu(chan->psm), chan->dcid);
0139418c 443
9f5a0d7b 444 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 445
8c1d787b 446 chan->conn = conn;
0139418c 447
5491120e
AE		 448 switch (chan->chan_type) {
449 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 450 if (conn->hcon->type == LE_LINK) {
451 /* LE connection */
0c1bc5c6 452 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 453 chan->scid = L2CAP_CID_LE_DATA;
454 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 455 } else {
456 /* Alloc CID for connection-oriented socket */
fe4128e0 457 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 458 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 459 }
5491120e
AE		 460 break;
461
462 case L2CAP_CHAN_CONN_LESS:
0139418c 463 /* Connectionless socket */
fe4128e0
GP		 464 chan->scid = L2CAP_CID_CONN_LESS;
465 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 466 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 467 break;
468
469 default:
0139418c 470 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 471 chan->scid = L2CAP_CID_SIGNALING;
472 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 473 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 474 }
475
8f7975b1
AE		 476 chan->local_id = L2CAP_BESTEFFORT_ID;
477 chan->local_stype = L2CAP_SERV_BESTEFFORT;
478 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
479 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
480 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
481 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
482
371fd835 483 l2cap_chan_hold(chan);
baa7e1fa 484
3df91ea2 485 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 486}
487
14a28491 488static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
643162a8
AE		 489{
490 mutex_lock(&conn->chan_lock);
491 __l2cap_chan_add(conn, chan);
3df91ea2 492 mutex_unlock(&conn->chan_lock);
0139418c
MH		 493}
494
4519de9a 495static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 496{
48454079 497 struct sock *sk = chan->sk;
8c1d787b 498 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 499 struct sock *parent = bt_sk(sk)->parent;
500
c9b66675 501 __clear_chan_timer(chan);
0139418c 502
49208c9c 503 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 504
8e87d142 505 if (conn) {
baa7e1fa 506 /* Delete from channel list */
3df91ea2 507 list_del(&chan->list);
3d57dc68 508
371fd835 509 l2cap_chan_put(chan);
baa7e1fa 510
8c1d787b 511 chan->conn = NULL;
0139418c
MH		 512 hci_conn_put(conn->hcon);
513 }
514
6be36555
AE		 515 lock_sock(sk);
516
0e587be7 517 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 518 sock_set_flag(sk, SOCK_ZAPPED);
519
520 if (err)
2e0052e4 521 __l2cap_chan_set_err(chan, err);
0139418c
MH		 522
523 if (parent) {
524 bt_accept_unlink(sk);
525 parent->sk_data_ready(parent, 0);
526 } else
527 sk->sk_state_change(sk);
c13ffa62 528
6be36555
AE		 529 release_sock(sk);
530
2827011f 531 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
6ff5abbf 532 return;
2ead70b8 533
58d35f87 534 skb_queue_purge(&chan->tx_q);
c13ffa62 535
0c1bc5c6 536 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 537 struct srej_list *l, *tmp;
538
1a09bcb9
GP		 539 __clear_retrans_timer(chan);
540 __clear_monitor_timer(chan);
541 __clear_ack_timer(chan);
c13ffa62 542
f1c6775b 543 skb_queue_purge(&chan->srej_q);
c13ffa62 544
3c588192
MM		 545 l2cap_seq_list_free(&chan->srej_list);
546 l2cap_seq_list_free(&chan->retrans_list);
39d5a3ee 547 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 548 list_del(&l->list);
549 kfree(l);
550 }
551 }
0139418c
MH		 552}
553
4519de9a
GP		 554static void l2cap_chan_cleanup_listen(struct sock *parent)
555{
556 struct sock *sk;
557
558 BT_DBG("parent %p", parent);
559
560 /* Close not yet accepted channels */
0f852724 561 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 562 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 563
6be36555 564 l2cap_chan_lock(chan);
c9b66675 565 __clear_chan_timer(chan);
ba3bd0ee 566 l2cap_chan_close(chan, ECONNRESET);
6be36555 567 l2cap_chan_unlock(chan);
3df91ea2 568
ba3bd0ee 569 chan->ops->close(chan->data);
0f852724 570 }
4519de9a
GP		 571}
572
0f852724 573void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 574{
575 struct l2cap_conn *conn = chan->conn;
576 struct sock *sk = chan->sk;
577
e05dcc32
AE		 578 BT_DBG("chan %p state %s sk %p", chan,
579 state_to_string(chan->state), sk);
4519de9a 580
89bc500e 581 switch (chan->state) {
4519de9a 582 case BT_LISTEN:
6be36555 583 lock_sock(sk);
4519de9a 584 l2cap_chan_cleanup_listen(sk);
89bc500e 585
0e587be7 586 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 587 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 588 release_sock(sk);
4519de9a
GP		 589 break;
590
591 case BT_CONNECTED:
592 case BT_CONFIG:
715ec005 593 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 594 conn->hcon->type == ACL_LINK) {
c9b66675 595 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 596 l2cap_send_disconn_req(conn, chan, reason);
597 } else
598 l2cap_chan_del(chan, reason);
599 break;
600
601 case BT_CONNECT2:
715ec005 602 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 603 conn->hcon->type == ACL_LINK) {
604 struct l2cap_conn_rsp rsp;
605 __u16 result;
606
c5daa683 607 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags))
4519de9a
GP		 608 result = L2CAP_CR_SEC_BLOCK;
609 else
610 result = L2CAP_CR_BAD_PSM;
89bc500e 611 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 612
613 rsp.scid = cpu_to_le16(chan->dcid);
614 rsp.dcid = cpu_to_le16(chan->scid);
615 rsp.result = cpu_to_le16(result);
616 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
617 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
618 sizeof(rsp), &rsp);
619 }
620
621 l2cap_chan_del(chan, reason);
622 break;
623
624 case BT_CONNECT:
625 case BT_DISCONN:
626 l2cap_chan_del(chan, reason);
627 break;
628
629 default:
6be36555 630 lock_sock(sk);
4519de9a 631 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 632 release_sock(sk);
4519de9a
GP		 633 break;
634 }
635}
636
4343478f 637static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 638{
715ec005 639 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 640 switch (chan->sec_level) {
8556edd3
JH		 641 case BT_SECURITY_HIGH:
642 return HCI_AT_DEDICATED_BONDING_MITM;
643 case BT_SECURITY_MEDIUM:
644 return HCI_AT_DEDICATED_BONDING;
645 default:
646 return HCI_AT_NO_BONDING;
647 }
fe4128e0 648 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 649 if (chan->sec_level == BT_SECURITY_LOW)
650 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 651
4343478f 652 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 653 return HCI_AT_NO_BONDING_MITM;
00ae4af9 654 else
8556edd3 655 return HCI_AT_NO_BONDING;
00ae4af9 656 } else {
4343478f 657 switch (chan->sec_level) {
00ae4af9 658 case BT_SECURITY_HIGH:
8556edd3 659 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 660 case BT_SECURITY_MEDIUM:
8556edd3 661 return HCI_AT_GENERAL_BONDING;
00ae4af9 662 default:
8556edd3 663 return HCI_AT_NO_BONDING;
00ae4af9 664 }
0684e5f9 665 }
8556edd3
JH		 666}
667
668/* Service level security */
d45fc423 669int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 670{
8c1d787b 671 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 672 __u8 auth_type;
673
4343478f 674 auth_type = l2cap_get_auth_type(chan);
79d554a6 675
4343478f 676 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 677}
678
b5ad8b7f 679static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 680{
681 u8 id;
682
683 /* Get next available identificator.
684 * 1 - 128 are used by kernel.
685 * 129 - 199 are reserved.
686 * 200 - 254 are used by utilities like l2ping, etc.
687 */
688
333055f2 689 spin_lock(&conn->lock);
4e8402a3
MH		 690
691 if (++conn->tx_ident > 128)
692 conn->tx_ident = 1;
693
694 id = conn->tx_ident;
695
333055f2 696 spin_unlock(&conn->lock);
4e8402a3
MH		 697
698 return id;
699}
700
4519de9a 701static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 702{
703 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 704 u8 flags;
4e8402a3
MH		 705
706 BT_DBG("code 0x%2.2x", code);
707
708 if (!skb)
9a9c6a34 709 return;
4e8402a3 710
e702112f
AE		 711 if (lmp_no_flush_capable(conn->hcon->hdev))
712 flags = ACL_START_NO_FLUSH;
713 else
714 flags = ACL_START;
715
14b12d0b 716 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 717 skb->priority = HCI_PRIO_MAX;
14b12d0b 718
73d80deb
LAD		 719 hci_send_acl(conn->hchan, skb, flags);
720}
721
722static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
723{
724 struct hci_conn *hcon = chan->conn->hcon;
725 u16 flags;
726
727 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
728 skb->priority);
729
730 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
731 lmp_no_flush_capable(hcon->hdev))
732 flags = ACL_START_NO_FLUSH;
733 else
734 flags = ACL_START;
14b12d0b 735
73d80deb
LAD		 736 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
737 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 738}
739
b76bbd66
MM		 740static void __unpack_enhanced_control(u16 enh, struct l2cap_ctrl *control)
741{
742 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT;
743 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT;
744
745 if (enh & L2CAP_CTRL_FRAME_TYPE) {
746 /* S-Frame */
747 control->sframe = 1;
748 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT;
749 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT;
750
751 control->sar = 0;
752 control->txseq = 0;
753 } else {
754 /* I-Frame */
755 control->sframe = 0;
756 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT;
757 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT;
758
759 control->poll = 0;
760 control->super = 0;
761 }
762}
763
b76bbd66
MM		 764static void __unpack_extended_control(u32 ext, struct l2cap_ctrl *control)
765{
766 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT;
767 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT;
768
769 if (ext & L2CAP_EXT_CTRL_FRAME_TYPE) {
770 /* S-Frame */
771 control->sframe = 1;
772 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT;
773 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT;
774
775 control->sar = 0;
776 control->txseq = 0;
777 } else {
778 /* I-Frame */
779 control->sframe = 0;
780 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT;
781 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT;
782
783 control->poll = 0;
784 control->super = 0;
785 }
786}
787
788static inline void __unpack_control(struct l2cap_chan *chan,
789 struct sk_buff *skb)
790{
791 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
792 __unpack_extended_control(get_unaligned_le32(skb->data),
793 &bt_cb(skb)->control);
794 } else {
795 __unpack_enhanced_control(get_unaligned_le16(skb->data),
796 &bt_cb(skb)->control);
797 }
798}
799
b5c6aaed
MM		 800static u32 __pack_extended_control(struct l2cap_ctrl *control)
801{
802 u32 packed;
803
804 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT;
805 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT;
806
807 if (control->sframe) {
808 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT;
809 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT;
810 packed |= L2CAP_EXT_CTRL_FRAME_TYPE;
811 } else {
812 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT;
813 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT;
814 }
815
816 return packed;
817}
818
819static u16 __pack_enhanced_control(struct l2cap_ctrl *control)
820{
821 u16 packed;
822
823 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT;
824 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT;
825
826 if (control->sframe) {
827 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT;
828 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT;
829 packed |= L2CAP_CTRL_FRAME_TYPE;
830 } else {
831 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT;
832 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT;
833 }
834
835 return packed;
836}
837
b76bbd66
MM		 838static inline void __pack_control(struct l2cap_chan *chan,
839 struct l2cap_ctrl *control,
840 struct sk_buff *skb)
841{
842 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
843 put_unaligned_le32(__pack_extended_control(control),
844 skb->data + L2CAP_HDR_SIZE);
845 } else {
846 put_unaligned_le16(__pack_enhanced_control(control),
847 skb->data + L2CAP_HDR_SIZE);
848 }
849}
850
b5c6aaed
MM		 851static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
852{
853 struct sk_buff *skb;
854 struct l2cap_hdr *lh;
855 struct l2cap_conn *conn = chan->conn;
856 int count, hlen;
857
858 if (chan->state != BT_CONNECTED)
859 return;
860
861 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
862 hlen = L2CAP_EXT_HDR_SIZE;
863 else
864 hlen = L2CAP_ENH_HDR_SIZE;
865
866 if (chan->fcs == L2CAP_FCS_CRC16)
867 hlen += L2CAP_FCS_SIZE;
868
869 BT_DBG("chan %p, control 0x%8.8x", chan, control);
870
871 count = min_t(unsigned int, conn->mtu, hlen);
872
873 control |= __set_sframe(chan);
874
875 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
876 control |= __set_ctrl_final(chan);
877
878 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
879 control |= __set_ctrl_poll(chan);
880
881 skb = bt_skb_alloc(count, GFP_ATOMIC);
882 if (!skb)
883 return;
884
885 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
886 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
887 lh->cid = cpu_to_le16(chan->dcid);
888
889 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
890
891 if (chan->fcs == L2CAP_FCS_CRC16) {
892 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
893 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
894 }
895
896 skb->priority = HCI_PRIO_MAX;
897 l2cap_do_send(chan, skb);
898}
899
900static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
901{
902 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
903 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
904 set_bit(CONN_RNR_SENT, &chan->conn_state);
905 } else
906 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
907
908 control |= __set_reqseq(chan, chan->buffer_seq);
909
910 l2cap_send_sframe(chan, control);
911}
912
b4450035 913static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 914{
c1360a1c 915 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 916}
917
9b27f350
AE		 918static void l2cap_send_conn_req(struct l2cap_chan *chan)
919{
920 struct l2cap_conn *conn = chan->conn;
921 struct l2cap_conn_req req;
922
923 req.scid = cpu_to_le16(chan->scid);
924 req.psm = chan->psm;
925
926 chan->ident = l2cap_get_ident(conn);
927
928 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
929
930 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
931}
932
9f0caeb1
VCG		 933static void l2cap_chan_ready(struct l2cap_chan *chan)
934{
935 struct sock *sk = chan->sk;
936 struct sock *parent;
937
938 lock_sock(sk);
939
940 parent = bt_sk(sk)->parent;
941
942 BT_DBG("sk %p, parent %p", sk, parent);
943
2827011f 944 /* This clears all conf flags, including CONF_NOT_COMPLETE */
9f0caeb1
VCG		 945 chan->conf_state = 0;
946 __clear_chan_timer(chan);
947
948 __l2cap_state_change(chan, BT_CONNECTED);
949 sk->sk_state_change(sk);
950
951 if (parent)
952 parent->sk_data_ready(parent, 0);
953
954 release_sock(sk);
955}
956
fc7f8a7e 957static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 958{
8c1d787b 959 struct l2cap_conn *conn = chan->conn;
79d554a6 960
9f0caeb1
VCG		 961 if (conn->hcon->type == LE_LINK) {
962 l2cap_chan_ready(chan);
963 return;
964 }
965
79d554a6 966 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 967 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
968 return;
969
d45fc423 970 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 971 __l2cap_no_conn_pending(chan))
972 l2cap_send_conn_req(chan);
79d554a6
MH		 973 } else {
974 struct l2cap_info_req req;
975 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
976
977 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
978 conn->info_ident = l2cap_get_ident(conn);
979
ba13ccd9 980 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 981
982 l2cap_send_cmd(conn, conn->info_ident,
983 L2CAP_INFO_REQ, sizeof(req), &req);
984 }
985}
986
cf6c2c0b
GP		 987static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
988{
989 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 990 if (!disable_ertm)
cf6c2c0b
GP		 991 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
992
993 switch (mode) {
994 case L2CAP_MODE_ERTM:
995 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
996 case L2CAP_MODE_STREAMING:
997 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
998 default:
999 return 0x00;
1000 }
1001}
1002
4519de9a 1003static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 1004{
6be36555 1005 struct sock *sk = chan->sk;
22121fc9
GP		 1006 struct l2cap_disconn_req req;
1007
c13ffa62
GP		 1008 if (!conn)
1009 return;
1010
0c1bc5c6 1011 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 1012 __clear_retrans_timer(chan);
1013 __clear_monitor_timer(chan);
1014 __clear_ack_timer(chan);
c13ffa62
GP		 1015 }
1016
fe4128e0
GP		 1017 req.dcid = cpu_to_le16(chan->dcid);
1018 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 1019 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1020 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 1021
6be36555 1022 lock_sock(sk);
0e587be7 1023 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 1024 __l2cap_chan_set_err(chan, err);
6be36555 1025 release_sock(sk);
22121fc9
GP		 1026}
1027
1da177e4 1028/* ---- L2CAP connections ---- */
4e8402a3
MH		 1029static void l2cap_conn_start(struct l2cap_conn *conn)
1030{
3df91ea2 1031 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 1032
1033 BT_DBG("conn %p", conn);
1034
3df91ea2 1035 mutex_lock(&conn->chan_lock);
4e8402a3 1036
3df91ea2 1037 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 1038 struct sock *sk = chan->sk;
baa7e1fa 1039
6be36555 1040 l2cap_chan_lock(chan);
4e8402a3 1041
715ec005 1042 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1043 l2cap_chan_unlock(chan);
79d554a6
MH		 1044 continue;
1045 }
1046
89bc500e 1047 if (chan->state == BT_CONNECT) {
d45fc423 1048 if (!l2cap_chan_check_security(chan) ||
b4450035 1049 !__l2cap_no_conn_pending(chan)) {
6be36555 1050 l2cap_chan_unlock(chan);
47731de7
GP		 1051 continue;
1052 }
79d554a6 1053
c1360a1c
GP		 1054 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1055 && test_bit(CONF_STATE2_DEVICE,
1056 &chan->conf_state)) {
89bc500e 1057 l2cap_chan_close(chan, ECONNRESET);
6be36555 1058 l2cap_chan_unlock(chan);
47731de7 1059 continue;
b1235d79 1060 }
47731de7 1061
9b27f350 1062 l2cap_send_conn_req(chan);
47731de7 1063
89bc500e 1064 } else if (chan->state == BT_CONNECT2) {
79d554a6 1065 struct l2cap_conn_rsp rsp;
e9aeb2dd 1066 char buf[128];
fe4128e0
GP		 1067 rsp.scid = cpu_to_le16(chan->dcid);
1068 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 1069
d45fc423 1070 if (l2cap_chan_check_security(chan)) {
6be36555 1071 lock_sock(sk);
c5daa683
GP		 1072 if (test_bit(BT_SK_DEFER_SETUP,
1073 &bt_sk(sk)->flags)) {
f66dc81f
MH		 1074 struct sock *parent = bt_sk(sk)->parent;
1075 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1076 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 1077 if (parent)
1078 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 1079
1080 } else {
0e587be7 1081 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 1082 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1083 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1084 }
6be36555 1085 release_sock(sk);
79d554a6
MH		 1086 } else {
1087 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
1088 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
1089 }
1090
fc7f8a7e
GP		 1091 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1092 sizeof(rsp), &rsp);
e9aeb2dd 1093
c1360a1c 1094 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 1095 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 1096 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 1097 continue;
1098 }
1099
c1360a1c 1100 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 1101 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 1102 l2cap_build_conf_req(chan, buf), buf);
1103 chan->num_conf_req++;
4e8402a3
MH		 1104 }
1105
6be36555 1106 l2cap_chan_unlock(chan);
4e8402a3
MH		 1107 }
1108
3df91ea2 1109 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1110}
1111
c2287681 1112/* Find socket with cid and source/destination bdaddr.
b62f328b
VT		 1113 * Returns closest match, locked.
1114 */
d9b88702 1115static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
c2287681
IY		 1116 bdaddr_t *src,
1117 bdaddr_t *dst)
b62f328b 1118{
23691d75 1119 struct l2cap_chan *c, *c1 = NULL;
b62f328b 1120
23691d75 1121 read_lock(&chan_list_lock);
b62f328b 1122
23691d75
GP		 1123 list_for_each_entry(c, &chan_list, global_l) {
1124 struct sock *sk = c->sk;
fe4128e0 1125
89bc500e 1126 if (state && c->state != state)
b62f328b
VT		 1127 continue;
1128
23691d75 1129 if (c->scid == cid) {
c2287681
IY		 1130 int src_match, dst_match;
1131 int src_any, dst_any;
1132
b62f328b 1133 /* Exact match. */
c2287681
IY		 1134 src_match = !bacmp(&bt_sk(sk)->src, src);
1135 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1136 if (src_match && dst_match) {
23691d75
GP		 1137 read_unlock(&chan_list_lock);
1138 return c;
1139 }
b62f328b
VT		 1140
1141 /* Closest match */
c2287681
IY		 1142 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1143 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1144 if ((src_match && dst_any) || (src_any && dst_match) ||
1145 (src_any && dst_any))
23691d75 1146 c1 = c;
b62f328b
VT		 1147 }
1148 }
280f294f 1149
23691d75 1150 read_unlock(&chan_list_lock);
b62f328b 1151
23691d75 1152 return c1;
b62f328b
VT		 1153}
1154
1155static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1156{
c916fbe4 1157 struct sock *parent, *sk;
23691d75 1158 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 1159
1160 BT_DBG("");
1161
1162 /* Check if we have socket listening on cid */
23691d75 1163 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
c2287681 1164 conn->src, conn->dst);
23691d75 1165 if (!pchan)
b62f328b
VT		 1166 return;
1167
23691d75
GP		 1168 parent = pchan->sk;
1169
aa2ac881 1170 lock_sock(parent);
62f3a2cf 1171
b62f328b
VT		 1172 /* Check for backlog size */
1173 if (sk_acceptq_is_full(parent)) {
1174 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1175 goto clean;
1176 }
1177
80808e43
GP		 1178 chan = pchan->ops->new_connection(pchan->data);
1179 if (!chan)
b62f328b
VT		 1180 goto clean;
1181
80808e43 1182 sk = chan->sk;
5d41ce1d 1183
b62f328b
VT		 1184 hci_conn_hold(conn->hcon);
1185
b62f328b
VT		 1186 bacpy(&bt_sk(sk)->src, conn->src);
1187 bacpy(&bt_sk(sk)->dst, conn->dst);
1188
d1010240
GP		 1189 bt_accept_enqueue(parent, sk);
1190
3d57dc68 1191 l2cap_chan_add(conn, chan);
48454079 1192
c9b66675 1193 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 1194
0e587be7 1195 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 1196 parent->sk_data_ready(parent, 0);
1197
b62f328b 1198clean:
aa2ac881 1199 release_sock(parent);
b62f328b
VT		 1200}
1201
4e8402a3
MH		 1202static void l2cap_conn_ready(struct l2cap_conn *conn)
1203{
48454079 1204 struct l2cap_chan *chan;
4e8402a3 1205
79d554a6 1206 BT_DBG("conn %p", conn);
4e8402a3 1207
b62f328b
VT		 1208 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
1209 l2cap_le_conn_ready(conn);
1210
160dc6ac
VCG		 1211 if (conn->hcon->out && conn->hcon->type == LE_LINK)
1212 smp_conn_security(conn, conn->hcon->pending_sec_level);
1213
3df91ea2 1214 mutex_lock(&conn->chan_lock);
4e8402a3 1215
3df91ea2 1216 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 1217
6be36555 1218 l2cap_chan_lock(chan);
4e8402a3 1219
63128451 1220 if (conn->hcon->type == LE_LINK) {
b501d6a1 1221 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 1222 l2cap_chan_ready(chan);
acd7d370 1223
63128451 1224 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 1225 struct sock *sk = chan->sk;
c9b66675 1226 __clear_chan_timer(chan);
6be36555 1227 lock_sock(sk);
0e587be7 1228 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1229 sk->sk_state_change(sk);
6be36555 1230 release_sock(sk);
b501d6a1 1231
89bc500e 1232 } else if (chan->state == BT_CONNECT)
fc7f8a7e 1233 l2cap_do_start(chan);
4e8402a3 1234
6be36555 1235 l2cap_chan_unlock(chan);
4e8402a3 1236 }
79d554a6 1237
3df91ea2 1238 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1239}
1240
1241/* Notify sockets that we cannot guaranty reliability anymore */
1242static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1243{
48454079 1244 struct l2cap_chan *chan;
4e8402a3
MH		 1245
1246 BT_DBG("conn %p", conn);
1247
3df91ea2 1248 mutex_lock(&conn->chan_lock);
4e8402a3 1249
3df91ea2 1250 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 1251 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 1252 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 1253 }
1254
3df91ea2 1255 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 1256}
1257
f878fcad 1258static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 1259{
f878fcad 1260 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1261 info_timer.work);
4e8402a3 1262
984947dc 1263 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1264 conn->info_ident = 0;
984947dc 1265
4e8402a3
MH		 1266 l2cap_conn_start(conn);
1267}
1268
5d3de7df
VCG		 1269static void l2cap_conn_del(struct hci_conn *hcon, int err)
1270{
1271 struct l2cap_conn *conn = hcon->l2cap_data;
1272 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1273
1274 if (!conn)
1275 return;
1276
1277 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1278
1279 kfree_skb(conn->rx_skb);
1280
3df91ea2
AE		 1281 mutex_lock(&conn->chan_lock);
1282
5d3de7df
VCG		 1283 /* Kill channels */
1284 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
61d6ef3e 1285 l2cap_chan_hold(chan);
6be36555
AE		 1286 l2cap_chan_lock(chan);
1287
5d3de7df 1288 l2cap_chan_del(chan, err);
6be36555
AE		 1289
1290 l2cap_chan_unlock(chan);
1291
5d3de7df 1292 chan->ops->close(chan->data);
61d6ef3e 1293 l2cap_chan_put(chan);
5d3de7df
VCG		 1294 }
1295
3df91ea2
AE		 1296 mutex_unlock(&conn->chan_lock);
1297
73d80deb
LAD		 1298 hci_chan_del(conn->hchan);
1299
5d3de7df 1300 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1301 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1302
51a8efd7 1303 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1304 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1305 smp_chan_destroy(conn);
d26a2345 1306 }
5d3de7df
VCG		 1307
1308 hcon->l2cap_data = NULL;
1309 kfree(conn);
1310}
1311
6c9d42a1 1312static void security_timeout(struct work_struct *work)
5d3de7df 1313{
6c9d42a1
GP		 1314 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1315 security_timer.work);
5d3de7df
VCG		 1316
1317 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1318}
1319
1da177e4
LT		 1320static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1321{
0139418c 1322 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1323 struct hci_chan *hchan;
1da177e4 1324
0139418c 1325 if (conn || status)
1da177e4
LT		 1326 return conn;
1327
73d80deb
LAD		 1328 hchan = hci_chan_create(hcon);
1329 if (!hchan)
1330 return NULL;
1331
0139418c 1332 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1333 if (!conn) {
1334 hci_chan_del(hchan);
1da177e4 1335 return NULL;
73d80deb 1336 }
1da177e4
LT		 1337
1338 hcon->l2cap_data = conn;
1339 conn->hcon = hcon;
73d80deb 1340 conn->hchan = hchan;
1da177e4 1341
73d80deb 1342 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1343
acd7d370
VT		 1344 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1345 conn->mtu = hcon->hdev->le_mtu;
1346 else
1347 conn->mtu = hcon->hdev->acl_mtu;
1348
1da177e4
LT		 1349 conn->src = &hcon->hdev->bdaddr;
1350 conn->dst = &hcon->dst;
1351
4e8402a3
MH		 1352 conn->feat_mask = 0;
1353
1da177e4 1354 spin_lock_init(&conn->lock);
3df91ea2 1355 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1356
1357 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1358
5d3de7df 1359 if (hcon->type == LE_LINK)
6c9d42a1 1360 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1361 else
030013d8 1362 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1363
9f5a0d7b 1364 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1365
1da177e4
LT		 1366 return conn;
1367}
1368
1da177e4 1369/* ---- Socket interface ---- */
1da177e4 1370
c2287681 1371/* Find socket with psm and source / destination bdaddr.
1da177e4
LT		 1372 * Returns closest match.
1373 */
c2287681
IY		 1374static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1375 bdaddr_t *src,
1376 bdaddr_t *dst)
1da177e4 1377{
23691d75 1378 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1379
23691d75 1380 read_lock(&chan_list_lock);
e0f0cb56 1381
23691d75
GP		 1382 list_for_each_entry(c, &chan_list, global_l) {
1383 struct sock *sk = c->sk;
fe4128e0 1384
89bc500e 1385 if (state && c->state != state)
1da177e4
LT		 1386 continue;
1387
23691d75 1388 if (c->psm == psm) {
c2287681
IY		 1389 int src_match, dst_match;
1390 int src_any, dst_any;
1391
1da177e4 1392 /* Exact match. */
c2287681
IY		 1393 src_match = !bacmp(&bt_sk(sk)->src, src);
1394 dst_match = !bacmp(&bt_sk(sk)->dst, dst);
1395 if (src_match && dst_match) {
a7567b20 1396 read_unlock(&chan_list_lock);
23691d75
GP		 1397 return c;
1398 }
1da177e4
LT		 1399
1400 /* Closest match */
c2287681
IY		 1401 src_any = !bacmp(&bt_sk(sk)->src, BDADDR_ANY);
1402 dst_any = !bacmp(&bt_sk(sk)->dst, BDADDR_ANY);
1403 if ((src_match && dst_any) || (src_any && dst_match) ||
1404 (src_any && dst_any))
23691d75 1405 c1 = c;
1da177e4
LT		 1406 }
1407 }
1da177e4 1408
23691d75 1409 read_unlock(&chan_list_lock);
e0f0cb56 1410
23691d75 1411 return c1;
1da177e4
LT		 1412}
1413
8e9f9892
AG		 1414int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1415 bdaddr_t *dst, u8 dst_type)
1da177e4 1416{
5d41ce1d 1417 struct sock *sk = chan->sk;
1da177e4 1418 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1419 struct l2cap_conn *conn;
1420 struct hci_conn *hcon;
1421 struct hci_dev *hdev;
09ab6f4c 1422 __u8 auth_type;
44d0e48e 1423 int err;
1da177e4 1424
8e9f9892
AG		 1425 BT_DBG("%s -> %s (type %u) psm 0x%2.2x", batostr(src), batostr(dst),
1426 dst_type, __le16_to_cpu(chan->psm));
1da177e4 1427
af05b30b
GP		 1428 hdev = hci_get_route(dst, src);
1429 if (!hdev)
1da177e4
LT		 1430 return -EHOSTUNREACH;
1431
09fd0de5 1432 hci_dev_lock(hdev);
1da177e4 1433
6be36555 1434 l2cap_chan_lock(chan);
03a00194
GP		 1435
1436 /* PSM must be odd and lsb of upper byte must be 0 */
1437 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1438 chan->chan_type != L2CAP_CHAN_RAW) {
1439 err = -EINVAL;
1440 goto done;
1441 }
1442
1443 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1444 err = -EINVAL;
1445 goto done;
1446 }
1447
1448 switch (chan->mode) {
1449 case L2CAP_MODE_BASIC:
1450 break;
1451 case L2CAP_MODE_ERTM:
1452 case L2CAP_MODE_STREAMING:
1453 if (!disable_ertm)
1454 break;
1455 /* fall through */
1456 default:
1457 err = -ENOTSUPP;
1458 goto done;
1459 }
1460
6be36555
AE		 1461 lock_sock(sk);
1462
03a00194
GP		 1463 switch (sk->sk_state) {
1464 case BT_CONNECT:
1465 case BT_CONNECT2:
1466 case BT_CONFIG:
1467 /* Already connecting */
1468 err = 0;
6be36555 1469 release_sock(sk);
03a00194
GP		 1470 goto done;
1471
1472 case BT_CONNECTED:
1473 /* Already connected */
1474 err = -EISCONN;
6be36555 1475 release_sock(sk);
03a00194
GP		 1476 goto done;
1477
1478 case BT_OPEN:
1479 case BT_BOUND:
1480 /* Can connect */
1481 break;
1482
1483 default:
1484 err = -EBADFD;
6be36555 1485 release_sock(sk);
03a00194
GP		 1486 goto done;
1487 }
1488
1489 /* Set destination address and psm */
9219b2a0 1490 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1491
1492 release_sock(sk);
1493
03a00194
GP		 1494 chan->psm = psm;
1495 chan->dcid = cid;
1da177e4 1496
4343478f 1497 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1498
fe4128e0 1499 if (chan->dcid == L2CAP_CID_LE_DATA)
8e9f9892 1500 hcon = hci_connect(hdev, LE_LINK, dst, dst_type,
b12f62cf 1501 chan->sec_level, auth_type);
acd7d370 1502 else
8e9f9892 1503 hcon = hci_connect(hdev, ACL_LINK, dst, dst_type,
b12f62cf 1504 chan->sec_level, auth_type);
acd7d370 1505
30e76272
VT		 1506 if (IS_ERR(hcon)) {
1507 err = PTR_ERR(hcon);
1da177e4 1508 goto done;
30e76272 1509 }
1da177e4
LT		 1510
1511 conn = l2cap_conn_add(hcon, 0);
1512 if (!conn) {
1513 hci_conn_put(hcon);
30e76272 1514 err = -ENOMEM;
1da177e4
LT		 1515 goto done;
1516 }
1517
9f0caeb1
VCG		 1518 if (hcon->type == LE_LINK) {
1519 err = 0;
1520
1521 if (!list_empty(&conn->chan_l)) {
1522 err = -EBUSY;
1523 hci_conn_put(hcon);
1524 }
1525
1526 if (err)
1527 goto done;
1528 }
1529
1da177e4
LT		 1530 /* Update source addr of the socket */
1531 bacpy(src, conn->src);
1532
6be36555 1533 l2cap_chan_unlock(chan);
48454079 1534 l2cap_chan_add(conn, chan);
6be36555 1535 l2cap_chan_lock(chan);
48454079 1536
6be36555 1537 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1538 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1539
1540 if (hcon->state == BT_CONNECTED) {
715ec005 1541 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1542 __clear_chan_timer(chan);
d45fc423 1543 if (l2cap_chan_check_security(chan))
6be36555 1544 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1545 } else
fc7f8a7e 1546 l2cap_do_start(chan);
1da177e4
LT		 1547 }
1548
30e76272
VT		 1549 err = 0;
1550
1da177e4 1551done:
6be36555 1552 l2cap_chan_unlock(chan);
09fd0de5 1553 hci_dev_unlock(hdev);
1da177e4
LT		 1554 hci_dev_put(hdev);
1555 return err;
1556}
1557
dcba0dba 1558int __l2cap_wait_ack(struct sock *sk)
6161c038 1559{
8c1d787b 1560 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1561 DECLARE_WAITQUEUE(wait, current);
1562 int err = 0;
1563 int timeo = HZ/5;
1564
2b0b05dd 1565 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1566 set_current_state(TASK_INTERRUPTIBLE);
1567 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1568 if (!timeo)
1569 timeo = HZ/5;
1570
1571 if (signal_pending(current)) {
1572 err = sock_intr_errno(timeo);
1573 break;
1574 }
1575
1576 release_sock(sk);
1577 timeo = schedule_timeout(timeo);
1578 lock_sock(sk);
a71a0cf4 1579 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1580
1581 err = sock_error(sk);
1582 if (err)
1583 break;
1584 }
1585 set_current_state(TASK_RUNNING);
2b0b05dd 1586 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1587 return err;
1588}
1589
721c4181 1590static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1591{
721c4181
GP		 1592 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1593 monitor_timer.work);
e90bac06 1594
525cd185 1595 BT_DBG("chan %p", chan);
0e98958d 1596
6be36555
AE		 1597 l2cap_chan_lock(chan);
1598
2c03a7a4 1599 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1600 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1601 l2cap_chan_unlock(chan);
8d7e1c7f 1602 l2cap_chan_put(chan);
e90bac06
GP		 1603 return;
1604 }
1605
6a026610 1606 chan->retry_count++;
1a09bcb9 1607 __set_monitor_timer(chan);
e90bac06 1608
525cd185 1609 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1610 l2cap_chan_unlock(chan);
8d7e1c7f 1611 l2cap_chan_put(chan);
e90bac06
GP		 1612}
1613
721c4181 1614static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1615{
721c4181
GP		 1616 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1617 retrans_timer.work);
e90bac06 1618
49208c9c 1619 BT_DBG("chan %p", chan);
0e98958d 1620
6be36555
AE		 1621 l2cap_chan_lock(chan);
1622
6a026610 1623 chan->retry_count = 1;
1a09bcb9 1624 __set_monitor_timer(chan);
e90bac06 1625
e2ab4353 1626 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1627
525cd185 1628 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1629
1630 l2cap_chan_unlock(chan);
8d7e1c7f 1631 l2cap_chan_put(chan);
e90bac06
GP		 1632}
1633
42e5c802 1634static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1635{
1c2acffb 1636 struct sk_buff *skb;
1da177e4 1637
58d35f87 1638 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1639 chan->unacked_frames) {
3ce3514f 1640 if (bt_cb(skb)->control.txseq == chan->expected_ack_seq)
1c2acffb 1641 break;
1da177e4 1642
58d35f87 1643 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1644 kfree_skb(skb);
1da177e4 1645
6a026610 1646 chan->unacked_frames--;
1c2acffb 1647 }
1da177e4 1648
6a026610 1649 if (!chan->unacked_frames)
1a09bcb9 1650 __clear_retrans_timer(chan);
1c2acffb 1651}
1da177e4 1652
3733937d
MM		 1653static int l2cap_streaming_send(struct l2cap_chan *chan,
1654 struct sk_buff_head *skbs)
6840ed07 1655{
ccbb84af 1656 struct sk_buff *skb;
3733937d 1657 struct l2cap_ctrl *control;
6840ed07 1658
3733937d
MM		 1659 BT_DBG("chan %p, skbs %p", chan, skbs);
1660
1661 if (chan->state != BT_CONNECTED)
1662 return -ENOTCONN;
1663
1664 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1665
1666 while (!skb_queue_empty(&chan->tx_q)) {
1667
1668 skb = skb_dequeue(&chan->tx_q);
1669
1670 bt_cb(skb)->control.retries = 1;
1671 control = &bt_cb(skb)->control;
1672
1673 control->reqseq = 0;
1674 control->txseq = chan->next_tx_seq;
1675
1676 __pack_control(chan, control, skb);
6840ed07 1677
47d1ec61 1678 if (chan->fcs == L2CAP_FCS_CRC16) {
3733937d
MM		 1679 u16 fcs = crc16(0, (u8 *) skb->data, skb->len);
1680 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 1681 }
1682
4343478f 1683 l2cap_do_send(chan, skb);
6840ed07 1684
3733937d
MM		 1685 BT_DBG("Sent txseq %d", (int)control->txseq);
1686
836be934 1687 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
3733937d 1688 chan->frames_sent++;
6840ed07 1689 }
3733937d
MM		 1690
1691 return 0;
6840ed07
GP		 1692}
1693
fb45de7d 1694static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1695{
8f17154f 1696 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1697 u16 fcs;
1698 u32 control;
8f17154f 1699
58d35f87 1700 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1701 if (!skb)
1702 return;
8f17154f 1703
3ce3514f 1704 while (bt_cb(skb)->control.txseq != tx_seq) {
58d35f87 1705 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1706 return;
8f17154f 1707
d1726b6d
SJ		 1708 skb = skb_queue_next(&chan->tx_q, skb);
1709 }
8f17154f 1710
3ce3514f
MM		 1711 if (bt_cb(skb)->control.retries == chan->remote_max_tx &&
1712 chan->remote_max_tx) {
8c1d787b 1713 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1714 return;
1715 }
1716
1717 tx_skb = skb_clone(skb, GFP_ATOMIC);
3ce3514f 1718 bt_cb(skb)->control.retries++;
88843ab0
AE		 1719
1720 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1721 control &= __get_sar_mask(chan);
3cb123d1 1722
e2ab4353 1723 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1724 control |= __set_ctrl_final(chan);
95ffa978 1725
0b209fae 1726 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1727 control |= __set_txseq(chan, tx_seq);
3cb123d1 1728
88843ab0 1729 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1730
47d1ec61 1731 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1732 fcs = crc16(0, (u8 *)tx_skb->data,
1733 tx_skb->len - L2CAP_FCS_SIZE);
1734 put_unaligned_le16(fcs,
1735 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1736 }
1737
4343478f 1738 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1739}
1740
67c9e840 1741static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1742{
1743 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1744 u16 fcs;
1745 u32 control;
9a9c6a34 1746 int nsent = 0;
1c2acffb 1747
89bc500e 1748 if (chan->state != BT_CONNECTED)
c13ffa62 1749 return -ENOTCONN;
e90bac06 1750
94122bbe
MM		 1751 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1752 return 0;
1753
58d35f87 1754 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1755
3ce3514f
MM		 1756 if (bt_cb(skb)->control.retries == chan->remote_max_tx &&
1757 chan->remote_max_tx) {
8c1d787b 1758 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1759 break;
1760 }
1761
e420aba3
AE		 1762 tx_skb = skb_clone(skb, GFP_ATOMIC);
1763
3ce3514f 1764 bt_cb(skb)->control.retries++;
e90bac06 1765
88843ab0 1766 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1767 control &= __get_sar_mask(chan);
95ffa978 1768
e2ab4353 1769 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1770 control |= __set_ctrl_final(chan);
e2ab4353 1771
0b209fae 1772 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1773 control |= __set_txseq(chan, chan->next_tx_seq);
94122bbe 1774 control |= __set_ctrl_sar(chan, bt_cb(skb)->control.sar);
1c2acffb 1775
88843ab0 1776 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1777
47d1ec61 1778 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1779 fcs = crc16(0, (u8 *)skb->data,
1780 tx_skb->len - L2CAP_FCS_SIZE);
1781 put_unaligned_le16(fcs, skb->data +
1782 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1783 }
1784
4343478f 1785 l2cap_do_send(chan, tx_skb);
9a9c6a34 1786
1a09bcb9 1787 __set_retrans_timer(chan);
1c2acffb 1788
3ce3514f 1789 bt_cb(skb)->control.txseq = chan->next_tx_seq;
836be934
AE		 1790
1791 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1792
3ce3514f 1793 if (bt_cb(skb)->control.retries == 1) {
6a026610 1794 chan->unacked_frames++;
930fa4ae
SJ		 1795
1796 if (!nsent++)
1797 __clear_ack_timer(chan);
8ed7a0ae 1798 }
23e9fde2 1799
6a026610 1800 chan->frames_sent++;
1c2acffb 1801
58d35f87
GP		 1802 if (skb_queue_is_last(&chan->tx_q, skb))
1803 chan->tx_send_head = NULL;
1c2acffb 1804 else
58d35f87 1805 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1806 }
1807
9e917af1
GP		 1808 return nsent;
1809}
1810
525cd185 1811static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1812{
dfc909be
GP		 1813 int ret;
1814
58d35f87
GP		 1815 if (!skb_queue_empty(&chan->tx_q))
1816 chan->tx_send_head = chan->tx_q.next;
dfc909be 1817
42e5c802 1818 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1819 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1820 return ret;
1821}
1822
b17e73bb 1823static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1824{
88843ab0 1825 u32 control = 0;
9e917af1 1826
0b209fae 1827 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1828
e2ab4353 1829 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1830 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1831 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1832 l2cap_send_sframe(chan, control);
9a9c6a34 1833 return;
9e917af1 1834 }
dfc909be 1835
525cd185 1836 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1837 return;
1838
ab784b73 1839 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1840 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1841}
1842
b17e73bb
SJ		 1843static void l2cap_send_ack(struct l2cap_chan *chan)
1844{
1845 __clear_ack_timer(chan);
1846 __l2cap_send_ack(chan);
1847}
1848
525cd185 1849static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1850{
1851 struct srej_list *tail;
88843ab0 1852 u32 control;
99b0d4b7 1853
ab784b73 1854 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1855 control |= __set_ctrl_final(chan);
99b0d4b7 1856
39d5a3ee 1857 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1858 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1859
525cd185 1860 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1861}
1862
04124681
GP		 1863static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1864 struct msghdr *msg, int len,
1865 int count, struct sk_buff *skb)
1c2acffb 1866{
0952a57a 1867 struct l2cap_conn *conn = chan->conn;
1c2acffb 1868 struct sk_buff **frag;
90338947 1869 int sent = 0;
1da177e4 1870
59203a21 1871 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1872 return -EFAULT;
1da177e4
LT		 1873
1874 sent += count;
1875 len -= count;
1876
1877 /* Continuation fragments (no L2CAP header) */
1878 frag = &skb_shinfo(skb)->frag_list;
1879 while (len) {
fbe00700
GP		 1880 struct sk_buff *tmp;
1881
1da177e4
LT		 1882 count = min_t(unsigned int, conn->mtu, len);
1883
fbe00700
GP		 1884 tmp = chan->ops->alloc_skb(chan, count,
1885 msg->msg_flags & MSG_DONTWAIT);
1886 if (IS_ERR(tmp))
1887 return PTR_ERR(tmp);
1888
1889 *frag = tmp;
2f7719ce 1890
1c2acffb
GP		 1891 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1892 return -EFAULT;
1da177e4 1893
5e59b791
LAD		 1894 (*frag)->priority = skb->priority;
1895
1da177e4
LT		 1896 sent += count;
1897 len -= count;
1898
2d0ed3d5
GP		 1899 skb->len += (*frag)->len;
1900 skb->data_len += (*frag)->len;
1901
1da177e4
LT		 1902 frag = &(*frag)->next;
1903 }
1da177e4
LT		 1904
1905 return sent;
1c2acffb 1906}
1da177e4 1907
5e59b791
LAD		 1908static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1909 struct msghdr *msg, size_t len,
1910 u32 priority)
1c2acffb 1911{
8c1d787b 1912 struct l2cap_conn *conn = chan->conn;
1c2acffb 1913 struct sk_buff *skb;
03a51213 1914 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1915 struct l2cap_hdr *lh;
1916
6d5922b0 1917 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1918
1919 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1920
1921 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1922 msg->msg_flags & MSG_DONTWAIT);
1923 if (IS_ERR(skb))
1924 return skb;
1c2acffb 1925
5e59b791
LAD		 1926 skb->priority = priority;
1927
1c2acffb
GP		 1928 /* Create L2CAP header */
1929 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1930 lh->cid = cpu_to_le16(chan->dcid);
daf6a78c
AE		 1931 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE);
1932 put_unaligned(chan->psm, skb_put(skb, L2CAP_PSMLEN_SIZE));
1c2acffb 1933
0952a57a 1934 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1935 if (unlikely(err < 0)) {
1936 kfree_skb(skb);
1937 return ERR_PTR(err);
1938 }
1939 return skb;
1940}
1941
5e59b791
LAD		 1942static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1943 struct msghdr *msg, size_t len,
1944 u32 priority)
1c2acffb 1945{
8c1d787b 1946 struct l2cap_conn *conn = chan->conn;
1c2acffb 1947 struct sk_buff *skb;
f2ba7fae 1948 int err, count;
1c2acffb
GP		 1949 struct l2cap_hdr *lh;
1950
6d5922b0 1951 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1952
f2ba7fae 1953 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len);
2f7719ce 1954
f2ba7fae 1955 skb = chan->ops->alloc_skb(chan, count + L2CAP_HDR_SIZE,
90338947
GP		 1956 msg->msg_flags & MSG_DONTWAIT);
1957 if (IS_ERR(skb))
1958 return skb;
1c2acffb 1959
5e59b791
LAD		 1960 skb->priority = priority;
1961
1c2acffb
GP		 1962 /* Create L2CAP header */
1963 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1964 lh->cid = cpu_to_le16(chan->dcid);
6ff9b5ef 1965 lh->len = cpu_to_le16(len);
1c2acffb 1966
0952a57a 1967 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1968 if (unlikely(err < 0)) {
1969 kfree_skb(skb);
1970 return ERR_PTR(err);
1971 }
1972 return skb;
1973}
1974
ab0ff76d
LAD		 1975static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1976 struct msghdr *msg, size_t len,
94122bbe 1977 u16 sdulen)
1c2acffb 1978{
8c1d787b 1979 struct l2cap_conn *conn = chan->conn;
1c2acffb 1980 struct sk_buff *skb;
e4ca6d98 1981 int err, count, hlen;
1c2acffb
GP		 1982 struct l2cap_hdr *lh;
1983
6d5922b0 1984 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1985
0ee0d208
GP		 1986 if (!conn)
1987 return ERR_PTR(-ENOTCONN);
1988
e4ca6d98
AE		 1989 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1990 hlen = L2CAP_EXT_HDR_SIZE;
1991 else
1992 hlen = L2CAP_ENH_HDR_SIZE;
1993
c74e560c 1994 if (sdulen)
03a51213 1995 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1996
47d1ec61 1997 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1998 hlen += L2CAP_FCS_SIZE;
fcc203c3 1999
1c2acffb 2000 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 2001
2002 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 2003 msg->msg_flags & MSG_DONTWAIT);
2004 if (IS_ERR(skb))
2005 return skb;
1c2acffb
GP		 2006
2007 /* Create L2CAP header */
2008 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 2009 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 2010 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0 2011
94122bbe 2012 __put_control(chan, 0, skb_put(skb, __ctrl_size(chan)));
88843ab0 2013
c74e560c 2014 if (sdulen)
03a51213 2015 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 2016
0952a57a 2017 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 2018 if (unlikely(err < 0)) {
2019 kfree_skb(skb);
2020 return ERR_PTR(err);
2021 }
e90bac06 2022
47d1ec61 2023 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 2024 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 2025
3ce3514f 2026 bt_cb(skb)->control.retries = 0;
1c2acffb 2027 return skb;
1da177e4
LT		 2028}
2029
94122bbe
MM		 2030static int l2cap_segment_sdu(struct l2cap_chan *chan,
2031 struct sk_buff_head *seg_queue,
2032 struct msghdr *msg, size_t len)
c74e560c 2033{
c74e560c 2034 struct sk_buff *skb;
94122bbe
MM		 2035 u16 sdu_len;
2036 size_t pdu_len;
2037 int err = 0;
2038 u8 sar;
c74e560c 2039
94122bbe 2040 BT_DBG("chan %p, msg %p, len %d", chan, msg, (int)len);
c74e560c 2041
94122bbe
MM		 2042 /* It is critical that ERTM PDUs fit in a single HCI fragment,
2043 * so fragmented skbs are not used. The HCI layer's handling
2044 * of fragmented skbs is not compatible with ERTM's queueing.
2045 */
c74e560c 2046
94122bbe
MM		 2047 /* PDU size is derived from the HCI MTU */
2048 pdu_len = chan->conn->mtu;
c74e560c 2049
94122bbe
MM		 2050 pdu_len = min_t(size_t, pdu_len, L2CAP_BREDR_MAX_PAYLOAD);
2051
2052 /* Adjust for largest possible L2CAP overhead. */
2053 pdu_len -= L2CAP_EXT_HDR_SIZE + L2CAP_FCS_SIZE;
2054
2055 /* Remote device may have requested smaller PDUs */
2056 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2057
2058 if (len <= pdu_len) {
2059 sar = L2CAP_SAR_UNSEGMENTED;
2060 sdu_len = 0;
2061 pdu_len = len;
2062 } else {
2063 sar = L2CAP_SAR_START;
2064 sdu_len = len;
2065 pdu_len -= L2CAP_SDULEN_SIZE;
2066 }
2067
2068 while (len > 0) {
2069 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
c74e560c 2070
c74e560c 2071 if (IS_ERR(skb)) {
94122bbe 2072 __skb_queue_purge(seg_queue);
c74e560c
GP		 2073 return PTR_ERR(skb);
2074 }
2075
94122bbe
MM		 2076 bt_cb(skb)->control.sar = sar;
2077 __skb_queue_tail(seg_queue, skb);
2078
2079 len -= pdu_len;
2080 if (sdu_len) {
2081 sdu_len = 0;
2082 pdu_len += L2CAP_SDULEN_SIZE;
2083 }
2084
2085 if (len <= pdu_len) {
2086 sar = L2CAP_SAR_END;
2087 pdu_len = len;
2088 } else {
2089 sar = L2CAP_SAR_CONTINUE;
2090 }
c74e560c 2091 }
c74e560c 2092
94122bbe 2093 return err;
c74e560c
GP		 2094}
2095
5e59b791
LAD		 2096int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
2097 u32 priority)
9a91a04a 2098{
9a91a04a 2099 struct sk_buff *skb;
9a91a04a 2100 int err;
94122bbe 2101 struct sk_buff_head seg_queue;
9a91a04a
GP		 2102
2103 /* Connectionless channel */
715ec005 2104 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 2105 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 2106 if (IS_ERR(skb))
2107 return PTR_ERR(skb);
2108
2109 l2cap_do_send(chan, skb);
2110 return len;
2111 }
2112
2113 switch (chan->mode) {
2114 case L2CAP_MODE_BASIC:
2115 /* Check outgoing MTU */
2116 if (len > chan->omtu)
2117 return -EMSGSIZE;
2118
2119 /* Create a basic PDU */
5e59b791 2120 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 2121 if (IS_ERR(skb))
2122 return PTR_ERR(skb);
2123
2124 l2cap_do_send(chan, skb);
2125 err = len;
2126 break;
2127
2128 case L2CAP_MODE_ERTM:
2129 case L2CAP_MODE_STREAMING:
94122bbe
MM		 2130 /* Check outgoing MTU */
2131 if (len > chan->omtu) {
2132 err = -EMSGSIZE;
2133 break;
2134 }
9a91a04a 2135
94122bbe 2136 __skb_queue_head_init(&seg_queue);
9a91a04a 2137
94122bbe
MM		 2138 /* Do segmentation before calling in to the state machine,
2139 * since it's possible to block while waiting for memory
2140 * allocation.
2141 */
2142 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
9a91a04a 2143
94122bbe
MM		 2144 /* The channel could have been closed while segmenting,
2145 * check that it is still connected.
2146 */
2147 if (chan->state != BT_CONNECTED) {
2148 __skb_queue_purge(&seg_queue);
2149 err = -ENOTCONN;
9a91a04a
GP		 2150 }
2151
94122bbe 2152 if (err)
9a91a04a 2153 break;
9a91a04a 2154
3733937d 2155 if (chan->mode == L2CAP_MODE_ERTM)
608bcc6d
MM		 2156 err = l2cap_tx(chan, 0, &seg_queue,
2157 L2CAP_EV_DATA_REQUEST);
3733937d
MM		 2158 else
2159 err = l2cap_streaming_send(chan, &seg_queue);
9a91a04a 2160
608bcc6d 2161 if (!err)
9a91a04a
GP		 2162 err = len;
2163
94122bbe
MM		 2164 /* If the skbs were not queued for sending, they'll still be in
2165 * seg_queue and need to be purged.
2166 */
2167 __skb_queue_purge(&seg_queue);
9a91a04a
GP		 2168 break;
2169
2170 default:
2171 BT_DBG("bad state %1.1x", chan->mode);
2172 err = -EBADFD;
2173 }
2174
2175 return err;
2176}
2177
608bcc6d
MM		 2178static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2179{
2180 struct sk_buff *acked_skb;
2181 u16 ackseq;
2182
2183 BT_DBG("chan %p, reqseq %d", chan, reqseq);
2184
2185 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2186 return;
2187
2188 BT_DBG("expected_ack_seq %d, unacked_frames %d",
2189 chan->expected_ack_seq, chan->unacked_frames);
2190
2191 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2192 ackseq = __next_seq(chan, ackseq)) {
2193
2194 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2195 if (acked_skb) {
2196 skb_unlink(acked_skb, &chan->tx_q);
2197 kfree_skb(acked_skb);
2198 chan->unacked_frames--;
2199 }
2200 }
2201
2202 chan->expected_ack_seq = reqseq;
2203
2204 if (chan->unacked_frames == 0)
2205 __clear_retrans_timer(chan);
2206
2207 BT_DBG("unacked_frames %d", (int) chan->unacked_frames);
2208}
2209
2210static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2211{
2212 BT_DBG("chan %p", chan);
2213
2214 chan->expected_tx_seq = chan->buffer_seq;
2215 l2cap_seq_list_clear(&chan->srej_list);
2216 skb_queue_purge(&chan->srej_q);
2217 chan->rx_state = L2CAP_RX_STATE_RECV;
2218}
2219
2220static int l2cap_tx_state_xmit(struct l2cap_chan *chan,
2221 struct l2cap_ctrl *control,
2222 struct sk_buff_head *skbs, u8 event)
2223{
2224 int err = 0;
2225
2226 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2227 event);
2228
2229 switch (event) {
2230 case L2CAP_EV_DATA_REQUEST:
2231 if (chan->tx_send_head == NULL)
2232 chan->tx_send_head = skb_peek(skbs);
2233
2234 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2235 l2cap_ertm_send(chan);
2236 break;
2237 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2238 BT_DBG("Enter LOCAL_BUSY");
2239 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2240
2241 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2242 /* The SREJ_SENT state must be aborted if we are to
2243 * enter the LOCAL_BUSY state.
2244 */
2245 l2cap_abort_rx_srej_sent(chan);
2246 }
2247
2248 l2cap_send_ack(chan);
2249
2250 break;
2251 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2252 BT_DBG("Exit LOCAL_BUSY");
2253 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2254
2255 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2256 struct l2cap_ctrl local_control;
2257
2258 memset(&local_control, 0, sizeof(local_control));
2259 local_control.sframe = 1;
2260 local_control.super = L2CAP_SUPER_RR;
2261 local_control.poll = 1;
2262 local_control.reqseq = chan->buffer_seq;
2263 l2cap_send_sframe(chan, 0);
2264
2265 chan->retry_count = 1;
2266 __set_monitor_timer(chan);
2267 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2268 }
2269 break;
2270 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2271 l2cap_process_reqseq(chan, control->reqseq);
2272 break;
2273 case L2CAP_EV_EXPLICIT_POLL:
2274 l2cap_send_rr_or_rnr(chan, 1);
2275 chan->retry_count = 1;
2276 __set_monitor_timer(chan);
2277 __clear_ack_timer(chan);
2278 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2279 break;
2280 case L2CAP_EV_RETRANS_TO:
2281 l2cap_send_rr_or_rnr(chan, 1);
2282 chan->retry_count = 1;
2283 __set_monitor_timer(chan);
2284 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2285 break;
2286 case L2CAP_EV_RECV_FBIT:
2287 /* Nothing to process */
2288 break;
2289 default:
2290 break;
2291 }
2292
2293 return err;
2294}
2295
2296static int l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2297 struct l2cap_ctrl *control,
2298 struct sk_buff_head *skbs, u8 event)
2299{
2300 int err = 0;
2301
2302 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2303 event);
2304
2305 switch (event) {
2306 case L2CAP_EV_DATA_REQUEST:
2307 if (chan->tx_send_head == NULL)
2308 chan->tx_send_head = skb_peek(skbs);
2309 /* Queue data, but don't send. */
2310 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2311 break;
2312 case L2CAP_EV_LOCAL_BUSY_DETECTED:
2313 BT_DBG("Enter LOCAL_BUSY");
2314 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2315
2316 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2317 /* The SREJ_SENT state must be aborted if we are to
2318 * enter the LOCAL_BUSY state.
2319 */
2320 l2cap_abort_rx_srej_sent(chan);
2321 }
2322
2323 l2cap_send_ack(chan);
2324
2325 break;
2326 case L2CAP_EV_LOCAL_BUSY_CLEAR:
2327 BT_DBG("Exit LOCAL_BUSY");
2328 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2329
2330 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2331 struct l2cap_ctrl local_control;
2332 memset(&local_control, 0, sizeof(local_control));
2333 local_control.sframe = 1;
2334 local_control.super = L2CAP_SUPER_RR;
2335 local_control.poll = 1;
2336 local_control.reqseq = chan->buffer_seq;
2337 l2cap_send_sframe(chan, 0);
2338
2339 chan->retry_count = 1;
2340 __set_monitor_timer(chan);
2341 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2342 }
2343 break;
2344 case L2CAP_EV_RECV_REQSEQ_AND_FBIT:
2345 l2cap_process_reqseq(chan, control->reqseq);
2346
2347 /* Fall through */
2348
2349 case L2CAP_EV_RECV_FBIT:
2350 if (control && control->final) {
2351 __clear_monitor_timer(chan);
2352 if (chan->unacked_frames > 0)
2353 __set_retrans_timer(chan);
2354 chan->retry_count = 0;
2355 chan->tx_state = L2CAP_TX_STATE_XMIT;
2356 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2357 }
2358 break;
2359 case L2CAP_EV_EXPLICIT_POLL:
2360 /* Ignore */
2361 break;
2362 case L2CAP_EV_MONITOR_TO:
2363 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2364 l2cap_send_rr_or_rnr(chan, 1);
2365 __set_monitor_timer(chan);
2366 chan->retry_count++;
2367 } else {
2368 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
2369 }
2370 break;
2371 default:
2372 break;
2373 }
2374
2375 return err;
2376}
2377
2378static int l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2379 struct sk_buff_head *skbs, u8 event)
2380{
2381 int err = 0;
2382
2383 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2384 chan, control, skbs, event, chan->tx_state);
2385
2386 switch (chan->tx_state) {
2387 case L2CAP_TX_STATE_XMIT:
2388 err = l2cap_tx_state_xmit(chan, control, skbs, event);
2389 break;
2390 case L2CAP_TX_STATE_WAIT_F:
2391 err = l2cap_tx_state_wait_f(chan, control, skbs, event);
2392 break;
2393 default:
2394 /* Ignore event */
2395 break;
2396 }
2397
2398 return err;
2399}
2400
1da177e4
LT		 2401/* Copy frame to all raw sockets on that connection */
2402static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2403{
1da177e4 2404 struct sk_buff *nskb;
48454079 2405 struct l2cap_chan *chan;
1da177e4
LT		 2406
2407 BT_DBG("conn %p", conn);
2408
3df91ea2 2409 mutex_lock(&conn->chan_lock);
3d57dc68 2410
3df91ea2 2411 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 2412 struct sock *sk = chan->sk;
715ec005 2413 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 2414 continue;
2415
2416 /* Don't send frame to the socket it came from */
2417 if (skb->sk == sk)
2418 continue;
af05b30b
GP		 2419 nskb = skb_clone(skb, GFP_ATOMIC);
2420 if (!nskb)
1da177e4
LT		 2421 continue;
2422
23070494 2423 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 2424 kfree_skb(nskb);
2425 }
3d57dc68 2426
3df91ea2 2427 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2428}
2429
2430/* ---- L2CAP signalling commands ---- */
2431static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2432 u8 code, u8 ident, u16 dlen, void *data)
2433{
2434 struct sk_buff *skb, **frag;
2435 struct l2cap_cmd_hdr *cmd;
2436 struct l2cap_hdr *lh;
2437 int len, count;
2438
af05b30b
GP		 2439 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2440 conn, code, ident, dlen);
1da177e4
LT		 2441
2442 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2443 count = min_t(unsigned int, conn->mtu, len);
2444
2445 skb = bt_skb_alloc(count, GFP_ATOMIC);
2446 if (!skb)
2447 return NULL;
2448
2449 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 2450 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 2451
2452 if (conn->hcon->type == LE_LINK)
2453 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
2454 else
2455 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 2456
2457 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2458 cmd->code = code;
2459 cmd->ident = ident;
aca3192c 2460 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 2461
2462 if (dlen) {
2463 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2464 memcpy(skb_put(skb, count), data, count);
2465 data += count;
2466 }
2467
2468 len -= skb->len;
2469
2470 /* Continuation fragments (no L2CAP header) */
2471 frag = &skb_shinfo(skb)->frag_list;
2472 while (len) {
2473 count = min_t(unsigned int, conn->mtu, len);
2474
2475 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2476 if (!*frag)
2477 goto fail;
2478
2479 memcpy(skb_put(*frag, count), data, count);
2480
2481 len -= count;
2482 data += count;
2483
2484 frag = &(*frag)->next;
2485 }
2486
2487 return skb;
2488
2489fail:
2490 kfree_skb(skb);
2491 return NULL;
2492}
2493
2494static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2495{
2496 struct l2cap_conf_opt *opt = *ptr;
2497 int len;
2498
2499 len = L2CAP_CONF_OPT_SIZE + opt->len;
2500 *ptr += len;
2501
2502 *type = opt->type;
2503 *olen = opt->len;
2504
2505 switch (opt->len) {
2506 case 1:
2507 *val = *((u8 *) opt->val);
2508 break;
2509
2510 case 2:
bfaaeb3e 2511 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 2512 break;
2513
2514 case 4:
bfaaeb3e 2515 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 2516 break;
2517
2518 default:
2519 *val = (unsigned long) opt->val;
2520 break;
2521 }
2522
2523 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2524 return len;
2525}
2526
1da177e4
LT		 2527static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2528{
2529 struct l2cap_conf_opt *opt = *ptr;
2530
2531 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2532
2533 opt->type = type;
2534 opt->len = len;
2535
2536 switch (len) {
2537 case 1:
2538 *((u8 *) opt->val) = val;
2539 break;
2540
2541 case 2:
4f8b691c 2542 put_unaligned_le16(val, opt->val);
1da177e4
LT		 2543 break;
2544
2545 case 4:
4f8b691c 2546 put_unaligned_le32(val, opt->val);
1da177e4
LT		 2547 break;
2548
2549 default:
2550 memcpy(opt->val, (void *) val, len);
2551 break;
2552 }
2553
2554 *ptr += L2CAP_CONF_OPT_SIZE + len;
2555}
2556
f89cef09
AE		 2557static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2558{
2559 struct l2cap_conf_efs efs;
2560
1ec918ce 2561 switch (chan->mode) {
f89cef09
AE		 2562 case L2CAP_MODE_ERTM:
2563 efs.id = chan->local_id;
2564 efs.stype = chan->local_stype;
2565 efs.msdu = cpu_to_le16(chan->local_msdu);
2566 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2567 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2568 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2569 break;
2570
2571 case L2CAP_MODE_STREAMING:
2572 efs.id = 1;
2573 efs.stype = L2CAP_SERV_BESTEFFORT;
2574 efs.msdu = cpu_to_le16(chan->local_msdu);
2575 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2576 efs.acc_lat = 0;
2577 efs.flush_to = 0;
2578 break;
2579
2580 default:
2581 return;
2582 }
2583
2584 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2585 (unsigned long) &efs);
2586}
2587
721c4181 2588static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2589{
721c4181
GP		 2590 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2591 ack_timer.work);
c1b4f43b 2592
2fb9b3d4
GP		 2593 BT_DBG("chan %p", chan);
2594
6be36555
AE		 2595 l2cap_chan_lock(chan);
2596
b17e73bb 2597 __l2cap_send_ack(chan);
6be36555
AE		 2598
2599 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2600
2601 l2cap_chan_put(chan);
c1b4f43b
GP		 2602}
2603
3c588192 2604static inline int l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2605{
3c588192
MM		 2606 int err;
2607
105bdf9e
MM		 2608 chan->next_tx_seq = 0;
2609 chan->expected_tx_seq = 0;
42e5c802 2610 chan->expected_ack_seq = 0;
6a026610 2611 chan->unacked_frames = 0;
42e5c802 2612 chan->buffer_seq = 0;
6a026610
GP		 2613 chan->num_acked = 0;
2614 chan->frames_sent = 0;
105bdf9e
MM		 2615 chan->last_acked_seq = 0;
2616 chan->sdu = NULL;
2617 chan->sdu_last_frag = NULL;
2618 chan->sdu_len = 0;
2619
d34c34fb
MM		 2620 skb_queue_head_init(&chan->tx_q);
2621
105bdf9e
MM		 2622 if (chan->mode != L2CAP_MODE_ERTM)
2623 return 0;
2624
2625 chan->rx_state = L2CAP_RX_STATE_RECV;
2626 chan->tx_state = L2CAP_TX_STATE_XMIT;
0565c1c2 2627
721c4181
GP		 2628 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2629 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2630 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2631
f1c6775b 2632 skb_queue_head_init(&chan->srej_q);
1890d36b 2633
39d5a3ee 2634 INIT_LIST_HEAD(&chan->srej_l);
3c588192
MM		 2635 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
2636 if (err < 0)
2637 return err;
2638
9dc9affc
MM		 2639 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
2640 if (err < 0)
2641 l2cap_seq_list_free(&chan->srej_list);
2642
2643 return err;
0565c1c2
GP		 2644}
2645
f2fcfcd6
GP		 2646static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2647{
2648 switch (mode) {
2649 case L2CAP_MODE_STREAMING:
2650 case L2CAP_MODE_ERTM:
2651 if (l2cap_mode_supported(mode, remote_feat_mask))
2652 return mode;
2653 /* fall through */
2654 default:
2655 return L2CAP_MODE_BASIC;
2656 }
2657}
2658
6327eb98
AE		 2659static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2660{
2661 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2662}
2663
f89cef09
AE		 2664static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2665{
2666 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2667}
2668
6327eb98
AE		 2669static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2670{
2671 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2672 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2673 /* use extended control field */
2674 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2675 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2676 } else {
6327eb98
AE		 2677 chan->tx_win = min_t(u16, chan->tx_win,
2678 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2679 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2680 }
6327eb98
AE		 2681}
2682
710f9b0a 2683static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2684{
1da177e4 2685 struct l2cap_conf_req *req = data;
0c1bc5c6 2686 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2687 void *ptr = req->data;
c8f79162 2688 u16 size;
1da177e4 2689
49208c9c 2690 BT_DBG("chan %p", chan);
1da177e4 2691
73ffa904 2692 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2693 goto done;
2694
0c1bc5c6 2695 switch (chan->mode) {
f2fcfcd6
GP		 2696 case L2CAP_MODE_STREAMING:
2697 case L2CAP_MODE_ERTM:
c1360a1c 2698 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2699 break;
85eb53c6 2700
f89cef09
AE		 2701 if (__l2cap_efs_supported(chan))
2702 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2703
2ba13ed6 2704 /* fall through */
f2fcfcd6 2705 default:
8c1d787b 2706 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2707 break;
2708 }
2709
2710done:
0c1bc5c6
GP		 2711 if (chan->imtu != L2CAP_DEFAULT_MTU)
2712 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2713
0c1bc5c6 2714 switch (chan->mode) {
65c7c491 2715 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2716 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2717 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2718 break;
2719
62547752
GP		 2720 rfc.mode = L2CAP_MODE_BASIC;
2721 rfc.txwin_size = 0;
2722 rfc.max_transmit = 0;
2723 rfc.retrans_timeout = 0;
2724 rfc.monitor_timeout = 0;
2725 rfc.max_pdu_size = 0;
2726
63406504
GP		 2727 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2728 (unsigned long) &rfc);
65c7c491
MH		 2729 break;
2730
2731 case L2CAP_MODE_ERTM:
2732 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2733 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2734 rfc.retrans_timeout = 0;
2735 rfc.monitor_timeout = 0;
c8f79162
AE		 2736
2737 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2738 L2CAP_EXT_HDR_SIZE -
2739 L2CAP_SDULEN_SIZE -
2740 L2CAP_FCS_SIZE);
2741 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2742
6327eb98
AE		 2743 l2cap_txwin_setup(chan);
2744
2745 rfc.txwin_size = min_t(u16, chan->tx_win,
2746 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2747
63406504
GP		 2748 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2749 (unsigned long) &rfc);
2750
f89cef09
AE		 2751 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2752 l2cap_add_opt_efs(&ptr, chan);
2753
8c1d787b 2754 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2755 break;
2756
47d1ec61 2757 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2758 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2759 chan->fcs = L2CAP_FCS_NONE;
2760 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2761 }
6327eb98
AE		 2762
2763 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2764 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2765 chan->tx_win);
f2fcfcd6
GP		 2766 break;
2767
2768 case L2CAP_MODE_STREAMING:
2769 rfc.mode = L2CAP_MODE_STREAMING;
2770 rfc.txwin_size = 0;
2771 rfc.max_transmit = 0;
2772 rfc.retrans_timeout = 0;
2773 rfc.monitor_timeout = 0;
c8f79162
AE		 2774
2775 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2776 L2CAP_EXT_HDR_SIZE -
2777 L2CAP_SDULEN_SIZE -
2778 L2CAP_FCS_SIZE);
2779 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2780
63406504
GP		 2781 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2782 (unsigned long) &rfc);
2783
f89cef09
AE		 2784 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2785 l2cap_add_opt_efs(&ptr, chan);
2786
8c1d787b 2787 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2788 break;
2789
47d1ec61 2790 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2791 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2792 chan->fcs = L2CAP_FCS_NONE;
2793 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2794 }
65c7c491
MH		 2795 break;
2796 }
1da177e4 2797
fe4128e0 2798 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2799 req->flags = cpu_to_le16(0);
1da177e4
LT		 2800
2801 return ptr - data;
2802}
2803
73ffa904 2804static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2805{
5dee9e7c
MH		 2806 struct l2cap_conf_rsp *rsp = data;
2807 void *ptr = rsp->data;
73ffa904
GP		 2808 void *req = chan->conf_req;
2809 int len = chan->conf_len;
5dee9e7c
MH		 2810 int type, hint, olen;
2811 unsigned long val;
6464f35f 2812 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2813 struct l2cap_conf_efs efs;
2814 u8 remote_efs = 0;
861d6882 2815 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2816 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2817 u16 size;
1da177e4 2818
73ffa904 2819 BT_DBG("chan %p", chan);
820ae1b8 2820
5dee9e7c
MH		 2821 while (len >= L2CAP_CONF_OPT_SIZE) {
2822 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2823
589d2746 2824 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2825 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2826
2827 switch (type) {
2828 case L2CAP_CONF_MTU:
861d6882 2829 mtu = val;
5dee9e7c
MH		 2830 break;
2831
2832 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2833 chan->flush_to = val;
5dee9e7c
MH		 2834 break;
2835
2836 case L2CAP_CONF_QOS:
2837 break;
2838
6464f35f
MH		 2839 case L2CAP_CONF_RFC:
2840 if (olen == sizeof(rfc))
2841 memcpy(&rfc, (void *) val, olen);
2842 break;
2843
fcc203c3
GP		 2844 case L2CAP_CONF_FCS:
2845 if (val == L2CAP_FCS_NONE)
c1360a1c 2846 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2847 break;
fcc203c3 2848
42dceae2
AE		 2849 case L2CAP_CONF_EFS:
2850 remote_efs = 1;
2851 if (olen == sizeof(efs))
2852 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2853 break;
2854
6327eb98
AE		 2855 case L2CAP_CONF_EWS:
2856 if (!enable_hs)
2857 return -ECONNREFUSED;
fcc203c3 2858
6327eb98
AE		 2859 set_bit(FLAG_EXT_CTRL, &chan->flags);
2860 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2861 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2862 chan->remote_tx_win = val;
fcc203c3
GP		 2863 break;
2864
5dee9e7c
MH		 2865 default:
2866 if (hint)
2867 break;
2868
2869 result = L2CAP_CONF_UNKNOWN;
2870 *((u8 *) ptr++) = type;
2871 break;
2872 }
2873 }
2874
73ffa904 2875 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2876 goto done;
2877
0c1bc5c6 2878 switch (chan->mode) {
f2fcfcd6
GP		 2879 case L2CAP_MODE_STREAMING:
2880 case L2CAP_MODE_ERTM:
c1360a1c 2881 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2882 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2883 chan->conn->feat_mask);
85eb53c6
GP		 2884 break;
2885 }
2886
42dceae2
AE		 2887 if (remote_efs) {
2888 if (__l2cap_efs_supported(chan))
2889 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2890 else
2891 return -ECONNREFUSED;
2892 }
2893
0c1bc5c6 2894 if (chan->mode != rfc.mode)
f2fcfcd6 2895 return -ECONNREFUSED;
742e519b 2896
f2fcfcd6 2897 break;
f2fcfcd6
GP		 2898 }
2899
2900done:
0c1bc5c6 2901 if (chan->mode != rfc.mode) {
f2fcfcd6 2902 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2903 rfc.mode = chan->mode;
f2fcfcd6 2904
73ffa904 2905 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2906 return -ECONNREFUSED;
2907
2908 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2909 sizeof(rfc), (unsigned long) &rfc);
2910 }
2911
5dee9e7c
MH		 2912 if (result == L2CAP_CONF_SUCCESS) {
2913 /* Configure output options and let the other side know
2914 * which ones we don't like. */
2915
f2fcfcd6
GP		 2916 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2917 result = L2CAP_CONF_UNACCEPT;
2918 else {
0c1bc5c6 2919 chan->omtu = mtu;
c1360a1c 2920 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2921 }
0c1bc5c6 2922 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2923
42dceae2
AE		 2924 if (remote_efs) {
2925 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2926 efs.stype != L2CAP_SERV_NOTRAFIC &&
2927 efs.stype != chan->local_stype) {
2928
2929 result = L2CAP_CONF_UNACCEPT;
2930
2931 if (chan->num_conf_req >= 1)
2932 return -ECONNREFUSED;
2933
2934 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2935 sizeof(efs),
42dceae2 2936 (unsigned long) &efs);
0e8b207e 2937 } else {
3e6b3b95 2938 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2939 result = L2CAP_CONF_PENDING;
2940 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2941 }
2942 }
2943
f2fcfcd6
GP		 2944 switch (rfc.mode) {
2945 case L2CAP_MODE_BASIC:
47d1ec61 2946 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2947 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2948 break;
2949
2950 case L2CAP_MODE_ERTM:
6327eb98
AE		 2951 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2952 chan->remote_tx_win = rfc.txwin_size;
2953 else
2954 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2955
2c03a7a4 2956 chan->remote_max_tx = rfc.max_transmit;
1c762159 2957
c8f79162
AE		 2958 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2959 chan->conn->mtu -
2960 L2CAP_EXT_HDR_SIZE -
2961 L2CAP_SDULEN_SIZE -
2962 L2CAP_FCS_SIZE);
2963 rfc.max_pdu_size = cpu_to_le16(size);
2964 chan->remote_mps = size;
f2fcfcd6 2965
10467e9e 2966 rfc.retrans_timeout =
4fd21a88 2967 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
10467e9e 2968 rfc.monitor_timeout =
4fd21a88 2969 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2970
c1360a1c 2971 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2972
2973 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2974 sizeof(rfc), (unsigned long) &rfc);
2975
42dceae2
AE		 2976 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2977 chan->remote_id = efs.id;
2978 chan->remote_stype = efs.stype;
2979 chan->remote_msdu = le16_to_cpu(efs.msdu);
2980 chan->remote_flush_to =
2981 le32_to_cpu(efs.flush_to);
2982 chan->remote_acc_lat =
2983 le32_to_cpu(efs.acc_lat);
2984 chan->remote_sdu_itime =
2985 le32_to_cpu(efs.sdu_itime);
2986 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2987 sizeof(efs), (unsigned long) &efs);
2988 }
f2fcfcd6
GP		 2989 break;
2990
2991 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2992 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2993 chan->conn->mtu -
2994 L2CAP_EXT_HDR_SIZE -
2995 L2CAP_SDULEN_SIZE -
2996 L2CAP_FCS_SIZE);
2997 rfc.max_pdu_size = cpu_to_le16(size);
2998 chan->remote_mps = size;
f2fcfcd6 2999
c1360a1c 3000 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 3001
3002 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3003 sizeof(rfc), (unsigned long) &rfc);
3004
f2fcfcd6
GP		 3005 break;
3006
3007 default:
5dee9e7c 3008 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 3009
6464f35f 3010 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 3011 rfc.mode = chan->mode;
f2fcfcd6 3012 }
6464f35f 3013
f2fcfcd6 3014 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 3015 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 3016 }
fe4128e0 3017 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 3018 rsp->result = cpu_to_le16(result);
3019 rsp->flags = cpu_to_le16(0x0000);
3020
3021 return ptr - data;
1da177e4
LT		 3022}
3023
b4450035 3024static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 3025{
f2fcfcd6
GP		 3026 struct l2cap_conf_req *req = data;
3027 void *ptr = req->data;
3028 int type, olen;
3029 unsigned long val;
36e999a8 3030 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 3031 struct l2cap_conf_efs efs;
f2fcfcd6 3032
fe4128e0 3033 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 3034
3035 while (len >= L2CAP_CONF_OPT_SIZE) {
3036 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3037
3038 switch (type) {
3039 case L2CAP_CONF_MTU:
3040 if (val < L2CAP_DEFAULT_MIN_MTU) {
3041 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 3042 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 3043 } else
0c1bc5c6
GP		 3044 chan->imtu = val;
3045 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 3046 break;
3047
3048 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 3049 chan->flush_to = val;
f2fcfcd6 3050 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 3051 2, chan->flush_to);
f2fcfcd6
GP		 3052 break;
3053
3054 case L2CAP_CONF_RFC:
3055 if (olen == sizeof(rfc))
3056 memcpy(&rfc, (void *)val, olen);
3057
c1360a1c 3058 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 3059 rfc.mode != chan->mode)
f2fcfcd6
GP		 3060 return -ECONNREFUSED;
3061
47d1ec61 3062 chan->fcs = 0;
f2fcfcd6
GP		 3063
3064 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
3065 sizeof(rfc), (unsigned long) &rfc);
3066 break;
6327eb98
AE		 3067
3068 case L2CAP_CONF_EWS:
3069 chan->tx_win = min_t(u16, val,
3070 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 3071 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
3072 chan->tx_win);
6327eb98 3073 break;
66af7aaf
AE		 3074
3075 case L2CAP_CONF_EFS:
3076 if (olen == sizeof(efs))
3077 memcpy(&efs, (void *)val, olen);
3078
3079 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3080 efs.stype != L2CAP_SERV_NOTRAFIC &&
3081 efs.stype != chan->local_stype)
3082 return -ECONNREFUSED;
3083
3084 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3085 sizeof(efs), (unsigned long) &efs);
3086 break;
f2fcfcd6
GP		 3087 }
3088 }
3089
0c1bc5c6 3090 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 3091 return -ECONNREFUSED;
3092
0c1bc5c6 3093 chan->mode = rfc.mode;
6c2ea7a8 3094
0e8b207e 3095 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 3096 switch (rfc.mode) {
3097 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3098 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3099 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3100 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 3101
3102 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3103 chan->local_msdu = le16_to_cpu(efs.msdu);
3104 chan->local_sdu_itime =
3105 le32_to_cpu(efs.sdu_itime);
3106 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3107 chan->local_flush_to =
3108 le32_to_cpu(efs.flush_to);
3109 }
f2fcfcd6 3110 break;
66af7aaf 3111
f2fcfcd6 3112 case L2CAP_MODE_STREAMING:
47d1ec61 3113 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 3114 }
3115 }
3116
fe4128e0 3117 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 3118 req->flags = cpu_to_le16(0x0000);
3119
3120 return ptr - data;
3121}
3122
fe4128e0 3123static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 3124{
3125 struct l2cap_conf_rsp *rsp = data;
3126 void *ptr = rsp->data;
1da177e4 3127
fe4128e0 3128 BT_DBG("chan %p", chan);
1da177e4 3129
fe4128e0 3130 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 3131 rsp->result = cpu_to_le16(result);
aca3192c 3132 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 3133
3134 return ptr - data;
3135}
3136
8c1d787b 3137void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 3138{
3139 struct l2cap_conn_rsp rsp;
8c1d787b 3140 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 3141 u8 buf[128];
3142
fe4128e0
GP		 3143 rsp.scid = cpu_to_le16(chan->dcid);
3144 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 3145 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
3146 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3147 l2cap_send_cmd(conn, chan->ident,
3148 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3149
c1360a1c 3150 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 3151 return;
3152
710f9b0a
GP		 3153 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3154 l2cap_build_conf_req(chan, buf), buf);
3155 chan->num_conf_req++;
3156}
3157
47d1ec61 3158static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 3159{
7b1c0049
GP		 3160 int type, olen;
3161 unsigned long val;
3162 struct l2cap_conf_rfc rfc;
3163
47d1ec61 3164 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 3165
0c1bc5c6 3166 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 3167 return;
3168
3169 while (len >= L2CAP_CONF_OPT_SIZE) {
3170 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
3171
3172 switch (type) {
3173 case L2CAP_CONF_RFC:
3174 if (olen == sizeof(rfc))
3175 memcpy(&rfc, (void *)val, olen);
3176 goto done;
3177 }
3178 }
3179
36e999a8
MM		 3180 /* Use sane default values in case a misbehaving remote device
3181 * did not send an RFC option.
3182 */
3183 rfc.mode = chan->mode;
3184 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
3185 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
3186 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
3187
3188 BT_ERR("Expected RFC option was not found, using defaults");
3189
7b1c0049
GP		 3190done:
3191 switch (rfc.mode) {
3192 case L2CAP_MODE_ERTM:
47d1ec61
GP		 3193 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3194 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3195 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3196 break;
3197 case L2CAP_MODE_STREAMING:
47d1ec61 3198 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 3199 }
3200}
3201
4e8402a3
MH		 3202static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3203{
e2fd318e 3204 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 3205
e2fd318e 3206 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 3207 return 0;
3208
3209 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
3210 cmd->ident == conn->info_ident) {
17cd3f37 3211 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 3212
3213 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3214 conn->info_ident = 0;
984947dc 3215
4e8402a3
MH		 3216 l2cap_conn_start(conn);
3217 }
3218
3219 return 0;
3220}
3221
1da177e4
LT		 3222static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3223{
1da177e4
LT		 3224 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
3225 struct l2cap_conn_rsp rsp;
23691d75 3226 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 3227 struct sock *parent, *sk = NULL;
e7c29cb1 3228 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3229
3230 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 3231 __le16 psm = req->psm;
1da177e4 3232
097db76c 3233 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
1da177e4
LT		 3234
3235 /* Check if we have socket listening on psm */
c2287681 3236 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src, conn->dst);
23691d75 3237 if (!pchan) {
1da177e4
LT		 3238 result = L2CAP_CR_BAD_PSM;
3239 goto sendresp;
3240 }
3241
23691d75
GP		 3242 parent = pchan->sk;
3243
3df91ea2 3244 mutex_lock(&conn->chan_lock);
aa2ac881 3245 lock_sock(parent);
e0f0cb56 3246
e7c29cb1
MH		 3247 /* Check if the ACL is secure enough (if not SDP) */
3248 if (psm != cpu_to_le16(0x0001) &&
3249 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 3250 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 3251 result = L2CAP_CR_SEC_BLOCK;
3252 goto response;
3253 }
3254
1da177e4
LT		 3255 result = L2CAP_CR_NO_MEM;
3256
3257 /* Check for backlog size */
3258 if (sk_acceptq_is_full(parent)) {
8e87d142 3259 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 3260 goto response;
3261 }
3262
80808e43
GP		 3263 chan = pchan->ops->new_connection(pchan->data);
3264 if (!chan)
1da177e4
LT		 3265 goto response;
3266
80808e43
GP		 3267 sk = chan->sk;
3268
1da177e4 3269 /* Check if we already have channel with that dcid */
baa7e1fa 3270 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 3271 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 3272 chan->ops->close(chan->data);
1da177e4
LT		 3273 goto response;
3274 }
3275
3276 hci_conn_hold(conn->hcon);
3277
1da177e4
LT		 3278 bacpy(&bt_sk(sk)->src, conn->src);
3279 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 3280 chan->psm = psm;
3281 chan->dcid = scid;
1da177e4 3282
d1010240
GP		 3283 bt_accept_enqueue(parent, sk);
3284
6be36555 3285 __l2cap_chan_add(conn, chan);
48454079 3286
fe4128e0 3287 dcid = chan->scid;
1da177e4 3288
c9b66675 3289 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 3290
fc7f8a7e 3291 chan->ident = cmd->ident;
1da177e4 3292
984947dc 3293 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 3294 if (l2cap_chan_check_security(chan)) {
c5daa683 3295 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
0e587be7 3296 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 3297 result = L2CAP_CR_PEND;
3298 status = L2CAP_CS_AUTHOR_PEND;
3299 parent->sk_data_ready(parent, 0);
3300 } else {
0e587be7 3301 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 3302 result = L2CAP_CR_SUCCESS;
3303 status = L2CAP_CS_NO_INFO;
3304 }
79d554a6 3305 } else {
0e587be7 3306 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3307 result = L2CAP_CR_PEND;
3308 status = L2CAP_CS_AUTHEN_PEND;
3309 }
3310 } else {
0e587be7 3311 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 3312 result = L2CAP_CR_PEND;
3313 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 3314 }
3315
1da177e4 3316response:
aa2ac881 3317 release_sock(parent);
3df91ea2 3318 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 3319
3320sendresp:
aca3192c
YH		 3321 rsp.scid = cpu_to_le16(scid);
3322 rsp.dcid = cpu_to_le16(dcid);
3323 rsp.result = cpu_to_le16(result);
3324 rsp.status = cpu_to_le16(status);
1da177e4 3325 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 3326
3327 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
3328 struct l2cap_info_req info;
3329 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3330
3331 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3332 conn->info_ident = l2cap_get_ident(conn);
3333
ba13ccd9 3334 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 3335
3336 l2cap_send_cmd(conn, conn->info_ident,
3337 L2CAP_INFO_REQ, sizeof(info), &info);
3338 }
3339
c1360a1c 3340 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 3341 result == L2CAP_CR_SUCCESS) {
3342 u8 buf[128];
c1360a1c 3343 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 3344 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3345 l2cap_build_conf_req(chan, buf), buf);
3346 chan->num_conf_req++;
e9aeb2dd
GP		 3347 }
3348
1da177e4
LT		 3349 return 0;
3350}
3351
3352static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3353{
3354 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3355 u16 scid, dcid, result, status;
48454079 3356 struct l2cap_chan *chan;
1da177e4 3357 u8 req[128];
3df91ea2 3358 int err;
1da177e4
LT		 3359
3360 scid = __le16_to_cpu(rsp->scid);
3361 dcid = __le16_to_cpu(rsp->dcid);
3362 result = __le16_to_cpu(rsp->result);
3363 status = __le16_to_cpu(rsp->status);
3364
1b009c98
AE		 3365 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
3366 dcid, scid, result, status);
1da177e4 3367
3df91ea2
AE		 3368 mutex_lock(&conn->chan_lock);
3369
1da177e4 3370 if (scid) {
3df91ea2
AE		 3371 chan = __l2cap_get_chan_by_scid(conn, scid);
3372 if (!chan) {
3373 err = -EFAULT;
3374 goto unlock;
3375 }
1da177e4 3376 } else {
3df91ea2
AE		 3377 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
3378 if (!chan) {
3379 err = -EFAULT;
3380 goto unlock;
3381 }
1da177e4
LT		 3382 }
3383
3df91ea2
AE		 3384 err = 0;
3385
6be36555 3386 l2cap_chan_lock(chan);
48454079 3387
1da177e4
LT		 3388 switch (result) {
3389 case L2CAP_CR_SUCCESS:
89bc500e 3390 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 3391 chan->ident = 0;
fe4128e0 3392 chan->dcid = dcid;
c1360a1c 3393 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 3394
c1360a1c 3395 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 3396 break;
3397
1da177e4 3398 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3399 l2cap_build_conf_req(chan, req), req);
3400 chan->num_conf_req++;
1da177e4
LT		 3401 break;
3402
3403 case L2CAP_CR_PEND:
c1360a1c 3404 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 3405 break;
3406
3407 default:
48454079 3408 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 3409 break;
3410 }
3411
6be36555 3412 l2cap_chan_unlock(chan);
3df91ea2
AE		 3413
3414unlock:
3415 mutex_unlock(&conn->chan_lock);
3416
3417 return err;
1da177e4
LT		 3418}
3419
47d1ec61 3420static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 3421{
3422 /* FCS is enabled only in ERTM or streaming mode, if one or both
3423 * sides request it.
3424 */
0c1bc5c6 3425 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 3426 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 3427 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 3428 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 3429}
3430
88219a0f 3431static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 3432{
3433 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3434 u16 dcid, flags;
3435 u8 rsp[64];
48454079 3436 struct l2cap_chan *chan;
3c588192 3437 int len, err = 0;
1da177e4
LT		 3438
3439 dcid = __le16_to_cpu(req->dcid);
3440 flags = __le16_to_cpu(req->flags);
3441
3442 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3443
baa7e1fa 3444 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 3445 if (!chan)
1da177e4
LT		 3446 return -ENOENT;
3447
033b1142 3448 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 3449 struct l2cap_cmd_rej_cid rej;
3450
3451 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
3452 rej.scid = cpu_to_le16(chan->scid);
3453 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 3454
df6bd743
GP		 3455 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3456 sizeof(rej), &rej);
354f60a9 3457 goto unlock;
df6bd743 3458 }
354f60a9 3459
5dee9e7c 3460 /* Reject if config buffer is too small. */
88219a0f 3461 len = cmd_len - sizeof(*req);
7ac28817 3462 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 3463 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3464 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 3465 L2CAP_CONF_REJECT, flags), rsp);
3466 goto unlock;
3467 }
3468
3469 /* Store config. */
73ffa904
GP		 3470 memcpy(chan->conf_req + chan->conf_len, req->data, len);
3471 chan->conf_len += len;
1da177e4
LT		 3472
3473 if (flags & 0x0001) {
3474 /* Incomplete config. Send empty response. */
3475 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 3476 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 3477 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 3478 goto unlock;
3479 }
3480
3481 /* Complete config. */
73ffa904 3482 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 3483 if (len < 0) {
e92c8e70 3484 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 3485 goto unlock;
f2fcfcd6 3486 }
1da177e4 3487
5dee9e7c 3488 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 3489 chan->num_conf_rsp++;
5dee9e7c 3490
5dee9e7c 3491 /* Reset config buffer. */
73ffa904 3492 chan->conf_len = 0;
5dee9e7c 3493
c1360a1c 3494 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 3495 goto unlock;
3496
c1360a1c 3497 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 3498 set_default_fcs(chan);
fcc203c3 3499
89bc500e 3500 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 3501
105bdf9e
MM		 3502 if (chan->mode == L2CAP_MODE_ERTM ||
3503 chan->mode == L2CAP_MODE_STREAMING)
3c588192
MM		 3504 err = l2cap_ertm_init(chan);
3505
3506 if (err < 0)
3507 l2cap_send_disconn_req(chan->conn, chan, -err);
3508 else
3509 l2cap_chan_ready(chan);
0565c1c2 3510
876d9484
MH		 3511 goto unlock;
3512 }
3513
c1360a1c 3514 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 3515 u8 buf[64];
1da177e4 3516 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 3517 l2cap_build_conf_req(chan, buf), buf);
3518 chan->num_conf_req++;
1da177e4
LT		 3519 }
3520
0e8b207e
AE		 3521 /* Got Conf Rsp PENDING from remote side and asume we sent
3522 Conf Rsp PENDING in the code above */
3523 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
3524 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3525
3526 /* check compatibility */
3527
3528 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3529 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3530
3531 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3532 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 3533 L2CAP_CONF_SUCCESS, 0x0000), rsp);
3534 }
3535
1da177e4 3536unlock:
6be36555 3537 l2cap_chan_unlock(chan);
3c588192 3538 return err;
1da177e4
LT		 3539}
3540
3541static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3542{
3543 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3544 u16 scid, flags, result;
48454079 3545 struct l2cap_chan *chan;
61386cba 3546 int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
3c588192 3547 int err = 0;
1da177e4
LT		 3548
3549 scid = __le16_to_cpu(rsp->scid);
3550 flags = __le16_to_cpu(rsp->flags);
3551 result = __le16_to_cpu(rsp->result);
3552
61386cba
AE		 3553 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
3554 result, len);
1da177e4 3555
baa7e1fa 3556 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 3557 if (!chan)
1da177e4
LT		 3558 return 0;
3559
3560 switch (result) {
3561 case L2CAP_CONF_SUCCESS:
47d1ec61 3562 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 3563 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 3564 break;
3565
0e8b207e
AE		 3566 case L2CAP_CONF_PENDING:
3567 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
3568
3569 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
3570 char buf[64];
3571
3572 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3573 buf, &result);
3574 if (len < 0) {
3575 l2cap_send_disconn_req(conn, chan, ECONNRESET);
3576 goto done;
3577 }
3578
3579 /* check compatibility */
3580
3581 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3582 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3583
3584 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3585 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3586 L2CAP_CONF_SUCCESS, 0x0000), buf);
3587 }
3588 goto done;
3589
1da177e4 3590 case L2CAP_CONF_UNACCEPT:
73ffa904 3591 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3592 char req[64];
3593
c2c77ec8 3594 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3595 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3596 goto done;
3597 }
3598
f2fcfcd6
GP		 3599 /* throw out any old stored conf requests */
3600 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3601 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3602 req, &result);
f2fcfcd6 3603 if (len < 0) {
e92c8e70 3604 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3605 goto done;
3606 }
3607
3608 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3609 L2CAP_CONF_REQ, len, req);
73ffa904 3610 chan->num_conf_req++;
f2fcfcd6
GP		 3611 if (result != L2CAP_CONF_SUCCESS)
3612 goto done;
3613 break;
1da177e4
LT		 3614 }
3615
8e87d142 3616 default:
6be36555 3617 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3618
ba13ccd9 3619 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3620 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3621 goto done;
3622 }
3623
3624 if (flags & 0x01)
3625 goto done;
3626
c1360a1c 3627 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3628
c1360a1c 3629 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3630 set_default_fcs(chan);
fcc203c3 3631
89bc500e 3632 l2cap_state_change(chan, BT_CONNECTED);
105bdf9e
MM		 3633 if (chan->mode == L2CAP_MODE_ERTM ||
3634 chan->mode == L2CAP_MODE_STREAMING)
3c588192 3635 err = l2cap_ertm_init(chan);
0565c1c2 3636
3c588192
MM		 3637 if (err < 0)
3638 l2cap_send_disconn_req(chan->conn, chan, -err);
3639 else
3640 l2cap_chan_ready(chan);
1da177e4
LT		 3641 }
3642
3643done:
6be36555 3644 l2cap_chan_unlock(chan);
3c588192 3645 return err;
1da177e4
LT		 3646}
3647
3648static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3649{
3650 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3651 struct l2cap_disconn_rsp rsp;
3652 u16 dcid, scid;
48454079 3653 struct l2cap_chan *chan;
1da177e4
LT		 3654 struct sock *sk;
3655
3656 scid = __le16_to_cpu(req->scid);
3657 dcid = __le16_to_cpu(req->dcid);
3658
3659 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3660
3df91ea2
AE		 3661 mutex_lock(&conn->chan_lock);
3662
3663 chan = __l2cap_get_chan_by_scid(conn, dcid);
3664 if (!chan) {
3665 mutex_unlock(&conn->chan_lock);
1da177e4 3666 return 0;
3df91ea2 3667 }
1da177e4 3668
6be36555
AE		 3669 l2cap_chan_lock(chan);
3670
48454079
GP		 3671 sk = chan->sk;
3672
fe4128e0
GP		 3673 rsp.dcid = cpu_to_le16(chan->scid);
3674 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3675 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3676
6be36555 3677 lock_sock(sk);
1da177e4 3678 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3679 release_sock(sk);
1da177e4 3680
61d6ef3e 3681 l2cap_chan_hold(chan);
48454079 3682 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3683
3684 l2cap_chan_unlock(chan);
1da177e4 3685
ba3bd0ee 3686 chan->ops->close(chan->data);
61d6ef3e 3687 l2cap_chan_put(chan);
3df91ea2
AE		 3688
3689 mutex_unlock(&conn->chan_lock);
3690
1da177e4
LT		 3691 return 0;
3692}
3693
3694static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3695{
3696 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3697 u16 dcid, scid;
48454079 3698 struct l2cap_chan *chan;
1da177e4
LT		 3699
3700 scid = __le16_to_cpu(rsp->scid);
3701 dcid = __le16_to_cpu(rsp->dcid);
3702
3703 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3704
3df91ea2
AE		 3705 mutex_lock(&conn->chan_lock);
3706
3707 chan = __l2cap_get_chan_by_scid(conn, scid);
3708 if (!chan) {
3709 mutex_unlock(&conn->chan_lock);
1da177e4 3710 return 0;
3df91ea2 3711 }
1da177e4 3712
6be36555 3713 l2cap_chan_lock(chan);
48454079 3714
61d6ef3e 3715 l2cap_chan_hold(chan);
48454079 3716 l2cap_chan_del(chan, 0);
6be36555
AE		 3717
3718 l2cap_chan_unlock(chan);
1da177e4 3719
ba3bd0ee 3720 chan->ops->close(chan->data);
61d6ef3e 3721 l2cap_chan_put(chan);
3df91ea2
AE		 3722
3723 mutex_unlock(&conn->chan_lock);
3724
1da177e4
LT		 3725 return 0;
3726}
3727
3728static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3729{
3730 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3731 u16 type;
3732
3733 type = __le16_to_cpu(req->type);
3734
3735 BT_DBG("type 0x%4.4x", type);
3736
f0709e03
MH		 3737 if (type == L2CAP_IT_FEAT_MASK) {
3738 u8 buf[8];
44dd46de 3739 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3740 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3741 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3742 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3743 if (!disable_ertm)
fcc203c3
GP		 3744 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3745 | L2CAP_FEAT_FCS;
a5fd6f30 3746 if (enable_hs)
6327eb98
AE		 3747 feat_mask |= L2CAP_FEAT_EXT_FLOW
3748 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3749
1b7bf4ed 3750 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3751 l2cap_send_cmd(conn, cmd->ident,
3752 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3753 } else if (type == L2CAP_IT_FIXED_CHAN) {
3754 u8 buf[12];
3755 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3756
3757 if (enable_hs)
3758 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3759 else
3760 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3761
e1027a7c
MH		 3762 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3763 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3764 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3765 l2cap_send_cmd(conn, cmd->ident,
3766 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3767 } else {
3768 struct l2cap_info_rsp rsp;
3769 rsp.type = cpu_to_le16(type);
3770 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3771 l2cap_send_cmd(conn, cmd->ident,
3772 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3773 }
1da177e4
LT		 3774
3775 return 0;
3776}
3777
3778static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3779{
3780 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3781 u16 type, result;
3782
3783 type = __le16_to_cpu(rsp->type);
3784 result = __le16_to_cpu(rsp->result);
3785
3786 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3787
e90165be
AE		 3788 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3789 if (cmd->ident != conn->info_ident ||
3790 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3791 return 0;
3792
17cd3f37 3793 cancel_delayed_work(&conn->info_timer);
4e8402a3 3794
adb08ede
VT		 3795 if (result != L2CAP_IR_SUCCESS) {
3796 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3797 conn->info_ident = 0;
3798
3799 l2cap_conn_start(conn);
3800
3801 return 0;
3802 }
3803
978c93b9
AE		 3804 switch (type) {
3805 case L2CAP_IT_FEAT_MASK:
83985319 3806 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3807
47ec1dcd 3808 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3809 struct l2cap_info_req req;
3810 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3811
3812 conn->info_ident = l2cap_get_ident(conn);
3813
3814 l2cap_send_cmd(conn, conn->info_ident,
3815 L2CAP_INFO_REQ, sizeof(req), &req);
3816 } else {
3817 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3818 conn->info_ident = 0;
3819
3820 l2cap_conn_start(conn);
3821 }
978c93b9
AE		 3822 break;
3823
3824 case L2CAP_IT_FIXED_CHAN:
3825 conn->fixed_chan_mask = rsp->data[0];
984947dc 3826 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3827 conn->info_ident = 0;
984947dc
MH		 3828
3829 l2cap_conn_start(conn);
978c93b9 3830 break;
984947dc 3831 }
4e8402a3 3832
1da177e4
LT		 3833 return 0;
3834}
3835
f94ff6ff
MM		 3836static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3837 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3838 void *data)
3839{
3840 struct l2cap_create_chan_req *req = data;
3841 struct l2cap_create_chan_rsp rsp;
3842 u16 psm, scid;
3843
3844 if (cmd_len != sizeof(*req))
3845 return -EPROTO;
3846
3847 if (!enable_hs)
3848 return -EINVAL;
3849
3850 psm = le16_to_cpu(req->psm);
3851 scid = le16_to_cpu(req->scid);
3852
3853 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3854
3855 /* Placeholder: Always reject */
3856 rsp.dcid = 0;
3857 rsp.scid = cpu_to_le16(scid);
8ce0c498
AE		 3858 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
3859 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
f94ff6ff
MM		 3860
3861 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3862 sizeof(rsp), &rsp);
3863
3864 return 0;
3865}
3866
3867static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3868 struct l2cap_cmd_hdr *cmd, void *data)
3869{
3870 BT_DBG("conn %p", conn);
3871
3872 return l2cap_connect_rsp(conn, cmd, data);
3873}
3874
8d5a04a1
MM		 3875static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3876 u16 icid, u16 result)
3877{
3878 struct l2cap_move_chan_rsp rsp;
3879
3880 BT_DBG("icid %d, result %d", icid, result);
3881
3882 rsp.icid = cpu_to_le16(icid);
3883 rsp.result = cpu_to_le16(result);
3884
3885 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3886}
3887
3888static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3889 struct l2cap_chan *chan, u16 icid, u16 result)
3890{
3891 struct l2cap_move_chan_cfm cfm;
3892 u8 ident;
3893
3894 BT_DBG("icid %d, result %d", icid, result);
3895
3896 ident = l2cap_get_ident(conn);
3897 if (chan)
3898 chan->ident = ident;
3899
3900 cfm.icid = cpu_to_le16(icid);
3901 cfm.result = cpu_to_le16(result);
3902
3903 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3904}
3905
3906static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3907 u16 icid)
3908{
3909 struct l2cap_move_chan_cfm_rsp rsp;
3910
3911 BT_DBG("icid %d", icid);
3912
3913 rsp.icid = cpu_to_le16(icid);
3914 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3915}
3916
3917static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3918 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3919{
3920 struct l2cap_move_chan_req *req = data;
3921 u16 icid = 0;
3922 u16 result = L2CAP_MR_NOT_ALLOWED;
3923
3924 if (cmd_len != sizeof(*req))
3925 return -EPROTO;
3926
3927 icid = le16_to_cpu(req->icid);
3928
3929 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3930
3931 if (!enable_hs)
3932 return -EINVAL;
3933
3934 /* Placeholder: Always refuse */
3935 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3936
3937 return 0;
3938}
3939
3940static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3941 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3942{
3943 struct l2cap_move_chan_rsp *rsp = data;
3944 u16 icid, result;
3945
3946 if (cmd_len != sizeof(*rsp))
3947 return -EPROTO;
3948
3949 icid = le16_to_cpu(rsp->icid);
3950 result = le16_to_cpu(rsp->result);
3951
3952 BT_DBG("icid %d, result %d", icid, result);
3953
3954 /* Placeholder: Always unconfirmed */
3955 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3956
3957 return 0;
3958}
3959
3960static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3961 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3962{
3963 struct l2cap_move_chan_cfm *cfm = data;
3964 u16 icid, result;
3965
3966 if (cmd_len != sizeof(*cfm))
3967 return -EPROTO;
3968
3969 icid = le16_to_cpu(cfm->icid);
3970 result = le16_to_cpu(cfm->result);
3971
3972 BT_DBG("icid %d, result %d", icid, result);
3973
3974 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3975
3976 return 0;
3977}
3978
3979static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3980 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3981{
3982 struct l2cap_move_chan_cfm_rsp *rsp = data;
3983 u16 icid;
3984
3985 if (cmd_len != sizeof(*rsp))
3986 return -EPROTO;
3987
3988 icid = le16_to_cpu(rsp->icid);
3989
3990 BT_DBG("icid %d", icid);
3991
3992 return 0;
3993}
3994
e2174ca4 3995static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3996 u16 to_multiplier)
3997{
3998 u16 max_latency;
3999
4000 if (min > max || min < 6 || max > 3200)
4001 return -EINVAL;
4002
4003 if (to_multiplier < 10 || to_multiplier > 3200)
4004 return -EINVAL;
4005
4006 if (max >= to_multiplier * 8)
4007 return -EINVAL;
4008
4009 max_latency = (to_multiplier * 8 / max) - 1;
4010 if (latency > 499 || latency > max_latency)
4011 return -EINVAL;
4012
4013 return 0;
4014}
4015
4016static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
4017 struct l2cap_cmd_hdr *cmd, u8 *data)
4018{
4019 struct hci_conn *hcon = conn->hcon;
4020 struct l2cap_conn_param_update_req *req;
4021 struct l2cap_conn_param_update_rsp rsp;
4022 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 4023 int err;
de73115a
CT		 4024
4025 if (!(hcon->link_mode & HCI_LM_MASTER))
4026 return -EINVAL;
4027
4028 cmd_len = __le16_to_cpu(cmd->len);
4029 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
4030 return -EPROTO;
4031
4032 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 4033 min = __le16_to_cpu(req->min);
4034 max = __le16_to_cpu(req->max);
de73115a
CT		 4035 latency = __le16_to_cpu(req->latency);
4036 to_multiplier = __le16_to_cpu(req->to_multiplier);
4037
4038 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
4039 min, max, latency, to_multiplier);
4040
4041 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 4042
4043 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
4044 if (err)
de73115a
CT		 4045 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
4046 else
4047 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
4048
4049 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
4050 sizeof(rsp), &rsp);
4051
2ce603eb
CT		 4052 if (!err)
4053 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
4054
de73115a
CT		 4055 return 0;
4056}
4057
3300d9a9
CT		 4058static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
4059 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
4060{
4061 int err = 0;
4062
4063 switch (cmd->code) {
4064 case L2CAP_COMMAND_REJ:
4065 l2cap_command_rej(conn, cmd, data);
4066 break;
4067
4068 case L2CAP_CONN_REQ:
4069 err = l2cap_connect_req(conn, cmd, data);
4070 break;
4071
4072 case L2CAP_CONN_RSP:
4073 err = l2cap_connect_rsp(conn, cmd, data);
4074 break;
4075
4076 case L2CAP_CONF_REQ:
4077 err = l2cap_config_req(conn, cmd, cmd_len, data);
4078 break;
4079
4080 case L2CAP_CONF_RSP:
4081 err = l2cap_config_rsp(conn, cmd, data);
4082 break;
4083
4084 case L2CAP_DISCONN_REQ:
4085 err = l2cap_disconnect_req(conn, cmd, data);
4086 break;
4087
4088 case L2CAP_DISCONN_RSP:
4089 err = l2cap_disconnect_rsp(conn, cmd, data);
4090 break;
4091
4092 case L2CAP_ECHO_REQ:
4093 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
4094 break;
4095
4096 case L2CAP_ECHO_RSP:
4097 break;
4098
4099 case L2CAP_INFO_REQ:
4100 err = l2cap_information_req(conn, cmd, data);
4101 break;
4102
4103 case L2CAP_INFO_RSP:
4104 err = l2cap_information_rsp(conn, cmd, data);
4105 break;
4106
f94ff6ff
MM		 4107 case L2CAP_CREATE_CHAN_REQ:
4108 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
4109 break;
4110
4111 case L2CAP_CREATE_CHAN_RSP:
4112 err = l2cap_create_channel_rsp(conn, cmd, data);
4113 break;
4114
8d5a04a1
MM		 4115 case L2CAP_MOVE_CHAN_REQ:
4116 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
4117 break;
4118
4119 case L2CAP_MOVE_CHAN_RSP:
4120 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
4121 break;
4122
4123 case L2CAP_MOVE_CHAN_CFM:
4124 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
4125 break;
4126
4127 case L2CAP_MOVE_CHAN_CFM_RSP:
4128 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
4129 break;
4130
3300d9a9
CT		 4131 default:
4132 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
4133 err = -EINVAL;
4134 break;
4135 }
4136
4137 return err;
4138}
4139
4140static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
4141 struct l2cap_cmd_hdr *cmd, u8 *data)
4142{
4143 switch (cmd->code) {
4144 case L2CAP_COMMAND_REJ:
4145 return 0;
4146
4147 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 4148 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 4149
4150 case L2CAP_CONN_PARAM_UPDATE_RSP:
4151 return 0;
4152
4153 default:
4154 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
4155 return -EINVAL;
4156 }
4157}
4158
4159static inline void l2cap_sig_channel(struct l2cap_conn *conn,
4160 struct sk_buff *skb)
1da177e4
LT		 4161{
4162 u8 *data = skb->data;
4163 int len = skb->len;
4164 struct l2cap_cmd_hdr cmd;
3300d9a9 4165 int err;
1da177e4
LT		 4166
4167 l2cap_raw_recv(conn, skb);
4168
4169 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 4170 u16 cmd_len;
1da177e4
LT		 4171 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
4172 data += L2CAP_CMD_HDR_SIZE;
4173 len -= L2CAP_CMD_HDR_SIZE;
4174
88219a0f 4175 cmd_len = le16_to_cpu(cmd.len);
1da177e4 4176
88219a0f 4177 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 4178
88219a0f 4179 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 4180 BT_DBG("corrupted command");
4181 break;
4182 }
4183
3300d9a9
CT		 4184 if (conn->hcon->type == LE_LINK)
4185 err = l2cap_le_sig_cmd(conn, &cmd, data);
4186 else
4187 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 4188
4189 if (err) {
e2fd318e 4190 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 4191
4192 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 4193
4194 /* FIXME: Map err to a valid reason */
e2fd318e 4195 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 4196 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
4197 }
4198
88219a0f
AV		 4199 data += cmd_len;
4200 len -= cmd_len;
1da177e4
LT		 4201 }
4202
4203 kfree_skb(skb);
4204}
4205
47d1ec61 4206static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 4207{
4208 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 4209 int hdr_size;
4210
4211 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
4212 hdr_size = L2CAP_EXT_HDR_SIZE;
4213 else
4214 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 4215
47d1ec61 4216 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 4217 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 4218 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
4219 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
4220
4221 if (our_fcs != rcv_fcs)
7a560e5c 4222 return -EBADMSG;
fcc203c3
GP		 4223 }
4224 return 0;
4225}
4226
525cd185 4227static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 4228{
88843ab0 4229 u32 control = 0;
d5392c8f 4230
6a026610 4231 chan->frames_sent = 0;
d5392c8f 4232
0b209fae 4233 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 4234
e2ab4353 4235 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 4236 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 4237 l2cap_send_sframe(chan, control);
e2ab4353 4238 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 4239 }
4240
e2ab4353 4241 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 4242 l2cap_retransmit_frames(chan);
d5392c8f 4243
525cd185 4244 l2cap_ertm_send(chan);
d5392c8f 4245
e2ab4353 4246 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 4247 chan->frames_sent == 0) {
ab784b73 4248 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 4249 l2cap_send_sframe(chan, control);
d5392c8f
GP		 4250 }
4251}
4252
fb45de7d 4253static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 4254{
4255 struct sk_buff *next_skb;
bfbacc11 4256 int tx_seq_offset, next_tx_seq_offset;
8f17154f 4257
3ce3514f
MM		 4258 bt_cb(skb)->control.txseq = tx_seq;
4259 bt_cb(skb)->control.sar = sar;
8f17154f 4260
f1c6775b 4261 next_skb = skb_peek(&chan->srej_q);
8f17154f 4262
836be934 4263 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 4264
039d9572 4265 while (next_skb) {
3ce3514f 4266 if (bt_cb(next_skb)->control.txseq == tx_seq)
9b53350d
JPRV		 4267 return -EINVAL;
4268
836be934 4269 next_tx_seq_offset = __seq_offset(chan,
3ce3514f 4270 bt_cb(next_skb)->control.txseq, chan->buffer_seq);
bfbacc11
JPRV		 4271
4272 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 4273 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 4274 return 0;
8f17154f
GP		 4275 }
4276
f1c6775b 4277 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 4278 next_skb = NULL;
4279 else
4280 next_skb = skb_queue_next(&chan->srej_q, next_skb);
4281 }
8f17154f 4282
f1c6775b 4283 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 4284
4285 return 0;
8f17154f
GP		 4286}
4287
84084a31
MM		 4288static void append_skb_frag(struct sk_buff *skb,
4289 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 4290{
84084a31
MM		 4291 /* skb->len reflects data in skb as well as all fragments
4292 * skb->data_len reflects only data in fragments
4293 */
4294 if (!skb_has_frag_list(skb))
4295 skb_shinfo(skb)->frag_list = new_frag;
4296
4297 new_frag->next = NULL;
4298
4299 (*last_frag)->next = new_frag;
4300 *last_frag = new_frag;
4301
4302 skb->len += new_frag->len;
4303 skb->data_len += new_frag->len;
4304 skb->truesize += new_frag->truesize;
4305}
4306
88843ab0 4307static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 4308{
4309 int err = -EINVAL;
18778a63 4310
7e0ef6ee
AE		 4311 switch (__get_ctrl_sar(chan, control)) {
4312 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 4313 if (chan->sdu)
4314 break;
18778a63 4315
84084a31
MM		 4316 err = chan->ops->recv(chan->data, skb);
4317 break;
18778a63 4318
7e0ef6ee 4319 case L2CAP_SAR_START:
84084a31
MM		 4320 if (chan->sdu)
4321 break;
18778a63 4322
6f61fd47 4323 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 4324 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 4325
84084a31
MM		 4326 if (chan->sdu_len > chan->imtu) {
4327 err = -EMSGSIZE;
4328 break;
4329 }
1890d36b 4330
84084a31
MM		 4331 if (skb->len >= chan->sdu_len)
4332 break;
18778a63 4333
84084a31
MM		 4334 chan->sdu = skb;
4335 chan->sdu_last_frag = skb;
18778a63 4336
84084a31
MM		 4337 skb = NULL;
4338 err = 0;
18778a63
GP		 4339 break;
4340
7e0ef6ee 4341 case L2CAP_SAR_CONTINUE:
6f61fd47 4342 if (!chan->sdu)
84084a31 4343 break;
18778a63 4344
84084a31
MM		 4345 append_skb_frag(chan->sdu, skb,
4346 &chan->sdu_last_frag);
4347 skb = NULL;
18778a63 4348
84084a31
MM		 4349 if (chan->sdu->len >= chan->sdu_len)
4350 break;
4178ba46 4351
84084a31 4352 err = 0;
18778a63
GP		 4353 break;
4354
7e0ef6ee 4355 case L2CAP_SAR_END:
6f61fd47 4356 if (!chan->sdu)
84084a31 4357 break;
18778a63 4358
84084a31
MM		 4359 append_skb_frag(chan->sdu, skb,
4360 &chan->sdu_last_frag);
4361 skb = NULL;
4178ba46 4362
84084a31
MM		 4363 if (chan->sdu->len != chan->sdu_len)
4364 break;
18778a63 4365
84084a31 4366 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 4367
84084a31
MM		 4368 if (!err) {
4369 /* Reassembly complete */
4370 chan->sdu = NULL;
4371 chan->sdu_last_frag = NULL;
4372 chan->sdu_len = 0;
1890d36b 4373 }
18778a63
GP		 4374 break;
4375 }
4376
84084a31
MM		 4377 if (err) {
4378 kfree_skb(skb);
4379 kfree_skb(chan->sdu);
4380 chan->sdu = NULL;
4381 chan->sdu_last_frag = NULL;
4382 chan->sdu_len = 0;
4383 }
18778a63 4384
84084a31 4385 return err;
18778a63
GP		 4386}
4387
26f880d2 4388static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 4389{
26f880d2 4390 BT_DBG("chan %p, Enter local busy", chan);
712132eb 4391
26f880d2 4392 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3c588192 4393 l2cap_seq_list_clear(&chan->srej_list);
26f880d2 4394
77f918bc 4395 __set_ack_timer(chan);
26f880d2
MM		 4396}
4397
4398static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
4399{
88843ab0 4400 u32 control;
712132eb 4401
e2ab4353 4402 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 4403 goto done;
4404
0b209fae 4405 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 4406 control |= __set_ctrl_poll(chan);
ab784b73 4407 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 4408 l2cap_send_sframe(chan, control);
6a026610 4409 chan->retry_count = 1;
712132eb 4410
1a09bcb9
GP		 4411 __clear_retrans_timer(chan);
4412 __set_monitor_timer(chan);
712132eb 4413
e2ab4353 4414 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 4415
4416done:
e2ab4353
GP		 4417 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
4418 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 4419
49208c9c 4420 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 4421}
4422
e328140f 4423void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 4424{
e328140f
MM		 4425 if (chan->mode == L2CAP_MODE_ERTM) {
4426 if (busy)
4427 l2cap_ertm_enter_local_busy(chan);
4428 else
4429 l2cap_ertm_exit_local_busy(chan);
1890d36b 4430 }
1890d36b
GP		 4431}
4432
fb45de7d 4433static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 4434{
4435 struct sk_buff *skb;
88843ab0 4436 u32 control;
8f17154f 4437
e328140f
MM		 4438 while ((skb = skb_peek(&chan->srej_q)) &&
4439 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4440 int err;
4441
3ce3514f 4442 if (bt_cb(skb)->control.txseq != tx_seq)
8f17154f
GP		 4443 break;
4444
f1c6775b 4445 skb = skb_dequeue(&chan->srej_q);
3ce3514f 4446 control = __set_ctrl_sar(chan, bt_cb(skb)->control.sar);
84084a31 4447 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 4448
4449 if (err < 0) {
4450 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4451 break;
4452 }
4453
836be934
AE		 4454 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
4455 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 4456 }
4457}
4458
fb45de7d 4459static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 4460{
8f17154f 4461 struct srej_list *l, *tmp;
88843ab0 4462 u32 control;
8f17154f 4463
39d5a3ee 4464 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 4465 if (l->tx_seq == tx_seq) {
4466 list_del(&l->list);
4467 kfree(l);
4468 return;
4469 }
ab784b73 4470 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 4471 control |= __set_reqseq(chan, l->tx_seq);
525cd185 4472 l2cap_send_sframe(chan, control);
8f17154f 4473 list_del(&l->list);
39d5a3ee 4474 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 4475 }
4476}
4477
aef89f21 4478static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 4479{
8f17154f 4480 struct srej_list *new;
88843ab0 4481 u32 control;
8f17154f 4482
42e5c802 4483 while (tx_seq != chan->expected_tx_seq) {
ab784b73 4484 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 4485 control |= __set_reqseq(chan, chan->expected_tx_seq);
3c588192 4486 l2cap_seq_list_append(&chan->srej_list, chan->expected_tx_seq);
525cd185 4487 l2cap_send_sframe(chan, control);
8f17154f
GP		 4488
4489 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 4490 if (!new)
4491 return -ENOMEM;
4492
42e5c802 4493 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 4494
4495 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
4496
39d5a3ee 4497 list_add_tail(&new->list, &chan->srej_l);
8f17154f 4498 }
836be934
AE		 4499
4500 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 4501
4502 return 0;
8f17154f
GP		 4503}
4504
88843ab0 4505static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 4506{
fb45de7d 4507 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 4508 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 4509 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 4510 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 4511 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 4512 int err = 0;
4513
88843ab0 4514 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 4515 tx_seq, rx_control);
1c2acffb 4516
03f6715d 4517 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4518 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4519 __clear_monitor_timer(chan);
6a026610 4520 if (chan->unacked_frames > 0)
1a09bcb9 4521 __set_retrans_timer(chan);
e2ab4353 4522 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 4523 }
4524
42e5c802
GP		 4525 chan->expected_ack_seq = req_seq;
4526 l2cap_drop_acked_frames(chan);
9f121a5a 4527
836be934 4528 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4529
4530 /* invalid tx_seq */
47d1ec61 4531 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 4532 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 4533 goto drop;
4534 }
4535
77f918bc
SJ		 4536 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
4537 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
4538 l2cap_send_ack(chan);
1890d36b 4539 goto drop;
77f918bc 4540 }
1890d36b 4541
02f1b641
MM		 4542 if (tx_seq == chan->expected_tx_seq)
4543 goto expected;
4544
e2ab4353 4545 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 4546 struct srej_list *first;
30afb5b2 4547
39d5a3ee 4548 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 4549 struct srej_list, list);
4550 if (tx_seq == first->tx_seq) {
42e5c802 4551 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 4552 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 4553
4554 list_del(&first->list);
4555 kfree(first);
4556
39d5a3ee 4557 if (list_empty(&chan->srej_l)) {
42e5c802 4558 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 4559 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 4560 l2cap_send_ack(chan);
49208c9c 4561 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 4562 }
4563 } else {
4564 struct srej_list *l;
9b53350d
JPRV		 4565
4566 /* duplicated tx_seq */
42e5c802 4567 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 4568 goto drop;
8f17154f 4569
39d5a3ee 4570 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 4571 if (l->tx_seq == tx_seq) {
525cd185 4572 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 4573 return 0;
4574 }
4575 }
aef89f21
SJ		 4576
4577 err = l2cap_send_srejframe(chan, tx_seq);
4578 if (err < 0) {
4579 l2cap_send_disconn_req(chan->conn, chan, -err);
4580 return err;
4581 }
30afb5b2
GP		 4582 }
4583 } else {
836be934
AE		 4584 expected_tx_seq_offset = __seq_offset(chan,
4585 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 4586
4587 /* duplicated tx_seq */
4588 if (tx_seq_offset < expected_tx_seq_offset)
4589 goto drop;
4590
e2ab4353 4591 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 4592
49208c9c 4593 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4594
39d5a3ee 4595 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4596 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4597
f1c6775b 4598 __skb_queue_head_init(&chan->srej_q);
42e5c802 4599 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4600
0ef3ef0f
SJ		 4601 /* Set P-bit only if there are some I-frames to ack. */
4602 if (__clear_ack_timer(chan))
4603 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4604
aef89f21
SJ		 4605 err = l2cap_send_srejframe(chan, tx_seq);
4606 if (err < 0) {
4607 l2cap_send_disconn_req(chan->conn, chan, -err);
4608 return err;
4609 }
1c2acffb 4610 }
30afb5b2
GP		 4611 return 0;
4612
8f17154f 4613expected:
836be934 4614 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4615
e2ab4353 4616 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3ce3514f
MM		 4617 bt_cb(skb)->control.txseq = tx_seq;
4618 bt_cb(skb)->control.sar = sar;
f1c6775b 4619 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4620 return 0;
4621 }
4622
84084a31 4623 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4624 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4625
e328140f
MM		 4626 if (err < 0) {
4627 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4628 return err;
4629 }
2ece3684 4630
03f6715d 4631 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4632 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4633 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4634 }
4635
c1b4f43b 4636
6a026610
GP		 4637 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4638 if (chan->num_acked == num_to_ack - 1)
525cd185 4639 l2cap_send_ack(chan);
4d611e4d
GP		 4640 else
4641 __set_ack_timer(chan);
9e917af1 4642
8f17154f 4643 return 0;
9b53350d
JPRV		 4644
4645drop:
4646 kfree_skb(skb);
4647 return 0;
1c2acffb
GP		 4648}
4649
88843ab0 4650static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4651{
88843ab0 4652 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4653 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4654
0b209fae 4655 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4656 l2cap_drop_acked_frames(chan);
1c2acffb 4657
e3781735 4658 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4659 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4660 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4661 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4662 (chan->unacked_frames > 0))
1a09bcb9 4663 __set_retrans_timer(chan);
05fbd89d 4664
e2ab4353 4665 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4666 l2cap_send_srejtail(chan);
05fbd89d 4667 } else {
525cd185 4668 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4669 }
1d8f5d16 4670
03f6715d 4671 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4672 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4673
e2ab4353 4674 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4675 l2cap_retransmit_frames(chan);
2246b2f1 4676
e072745f 4677 } else {
e2ab4353 4678 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4679 (chan->unacked_frames > 0))
1a09bcb9 4680 __set_retrans_timer(chan);
1c2acffb 4681
e2ab4353
GP		 4682 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4683 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4684 l2cap_send_ack(chan);
894718a6 4685 else
525cd185 4686 l2cap_ertm_send(chan);
e072745f
GP		 4687 }
4688}
2246b2f1 4689
88843ab0 4690static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4691{
0b209fae 4692 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4693
88843ab0 4694 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4695
e2ab4353 4696 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4697
42e5c802
GP		 4698 chan->expected_ack_seq = tx_seq;
4699 l2cap_drop_acked_frames(chan);
e072745f 4700
03f6715d 4701 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4702 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4703 l2cap_retransmit_frames(chan);
e072745f 4704 } else {
525cd185 4705 l2cap_retransmit_frames(chan);
30afb5b2 4706
e2ab4353
GP		 4707 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4708 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4709 }
4710}
88843ab0 4711static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4712{
0b209fae 4713 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4714
88843ab0 4715 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4716
e2ab4353 4717 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4718
e3781735 4719 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4720 chan->expected_ack_seq = tx_seq;
4721 l2cap_drop_acked_frames(chan);
3cb123d1 4722
e2ab4353 4723 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4724 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4725
525cd185 4726 l2cap_ertm_send(chan);
dfc909be 4727
e2ab4353 4728 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4729 chan->srej_save_reqseq = tx_seq;
e2ab4353 4730 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4731 }
03f6715d 4732 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4733 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4734 chan->srej_save_reqseq == tx_seq)
e2ab4353 4735 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4736 else
525cd185 4737 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4738 } else {
525cd185 4739 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4740 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4741 chan->srej_save_reqseq = tx_seq;
e2ab4353 4742 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4743 }
e072745f
GP		 4744 }
4745}
4746
88843ab0 4747static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4748{
0b209fae 4749 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4750
88843ab0 4751 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4752
e2ab4353 4753 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4754 chan->expected_ack_seq = tx_seq;
4755 l2cap_drop_acked_frames(chan);
e072745f 4756
e3781735 4757 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4758 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4759
e2ab4353 4760 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4761 __clear_retrans_timer(chan);
e3781735 4762 if (__is_ctrl_poll(chan, rx_control))
525cd185 4763 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4764 return;
e072745f 4765 }
99b0d4b7 4766
e3781735 4767 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4768 l2cap_send_srejtail(chan);
ab784b73
AE		 4769 } else {
4770 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4771 l2cap_send_sframe(chan, rx_control);
4772 }
e072745f
GP		 4773}
4774
88843ab0 4775static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4776{
88843ab0 4777 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4778
03f6715d 4779 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4780 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4781 __clear_monitor_timer(chan);
6a026610 4782 if (chan->unacked_frames > 0)
1a09bcb9 4783 __set_retrans_timer(chan);
e2ab4353 4784 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4785 }
4786
ab784b73
AE		 4787 switch (__get_ctrl_super(chan, rx_control)) {
4788 case L2CAP_SUPER_RR:
525cd185 4789 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4790 break;
4791
ab784b73 4792 case L2CAP_SUPER_REJ:
525cd185 4793 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4794 break;
2246b2f1 4795
ab784b73 4796 case L2CAP_SUPER_SREJ:
525cd185 4797 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4798 break;
4799
ab784b73 4800 case L2CAP_SUPER_RNR:
525cd185 4801 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4802 break;
4803 }
4804
faaebd19 4805 kfree_skb(skb);
1c2acffb
GP		 4806 return 0;
4807}
4808
cad8f1d0 4809static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4810{
88843ab0 4811 u32 control;
0b209fae 4812 u16 req_seq;
218bb9df
GP		 4813 int len, next_tx_seq_offset, req_seq_offset;
4814
b76bbd66
MM		 4815 __unpack_control(chan, skb);
4816
88843ab0
AE		 4817 control = __get_control(chan, skb->data);
4818 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4819 len = skb->len;
4820
4821 /*
4822 * We can just drop the corrupted I-frame here.
4823 * Receiver will miss it and start proper recovery
4824 * procedures and ask retransmission.
4825 */
47d1ec61 4826 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4827 goto drop;
4828
793c2f1c 4829 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4830 len -= L2CAP_SDULEN_SIZE;
218bb9df 4831
47d1ec61 4832 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4833 len -= L2CAP_FCS_SIZE;
218bb9df 4834
47d1ec61 4835 if (len > chan->mps) {
8c1d787b 4836 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4837 goto drop;
4838 }
4839
0b209fae 4840 req_seq = __get_reqseq(chan, control);
218bb9df 4841
836be934
AE		 4842 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4843
4844 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4845 chan->expected_ack_seq);
218bb9df
GP		 4846
4847 /* check for invalid req-seq */
4848 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4849 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4850 goto drop;
4851 }
4852
793c2f1c 4853 if (!__is_sframe(chan, control)) {
218bb9df 4854 if (len < 0) {
8c1d787b 4855 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4856 goto drop;
4857 }
4858
525cd185 4859 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4860 } else {
4861 if (len != 0) {
4862 BT_ERR("%d", len);
8c1d787b 4863 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4864 goto drop;
4865 }
4866
525cd185 4867 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4868 }
4869
4870 return 0;
4871
4872drop:
4873 kfree_skb(skb);
4874 return 0;
4875}
4876
1da177e4
LT		 4877static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4878{
48454079 4879 struct l2cap_chan *chan;
88843ab0 4880 u32 control;
fb45de7d 4881 u16 tx_seq;
218bb9df 4882 int len;
1da177e4 4883
baa7e1fa 4884 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4885 if (!chan) {
1da177e4 4886 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4887 /* Drop packet and return */
3379013b 4888 kfree_skb(skb);
6be36555 4889 return 0;
1da177e4
LT		 4890 }
4891
49208c9c 4892 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4893
89bc500e 4894 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4895 goto drop;
4896
0c1bc5c6 4897 switch (chan->mode) {
1c2acffb
GP		 4898 case L2CAP_MODE_BASIC:
4899 /* If socket recv buffers overflows we drop data here
4900 * which is *bad* because L2CAP has to be reliable.
4901 * But we don't have any other choice. L2CAP doesn't
4902 * provide flow control mechanism. */
1da177e4 4903
0c1bc5c6 4904 if (chan->imtu < skb->len)
1c2acffb 4905 goto drop;
1da177e4 4906
23070494 4907 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4908 goto done;
4909 break;
4910
4911 case L2CAP_MODE_ERTM:
5ef8cb9e 4912 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4913
fcafde2e 4914 goto done;
1c2acffb 4915
6840ed07 4916 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4917 control = __get_control(chan, skb->data);
4918 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4919 len = skb->len;
4920
47d1ec61 4921 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4922 goto drop;
4923
7e0ef6ee 4924 if (__is_sar_start(chan, control))
03a51213 4925 len -= L2CAP_SDULEN_SIZE;
6840ed07 4926
47d1ec61 4927 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4928 len -= L2CAP_FCS_SIZE;
fcc203c3 4929
793c2f1c 4930 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4931 goto drop;
4932
fb45de7d 4933 tx_seq = __get_txseq(chan, control);
6840ed07 4934
84084a31
MM		 4935 if (chan->expected_tx_seq != tx_seq) {
4936 /* Frame(s) missing - must discard partial SDU */
4937 kfree_skb(chan->sdu);
4938 chan->sdu = NULL;
4939 chan->sdu_last_frag = NULL;
4940 chan->sdu_len = 0;
6840ed07 4941
84084a31
MM		 4942 /* TODO: Notify userland of missing data */
4943 }
4944
836be934 4945 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4946
4947 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4948 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4949
4950 goto done;
4951
1c2acffb 4952 default:
0c1bc5c6 4953 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4954 break;
4955 }
1da177e4
LT		 4956
4957drop:
4958 kfree_skb(skb);
4959
4960done:
6be36555 4961 l2cap_chan_unlock(chan);
0139418c 4962
1da177e4
LT		 4963 return 0;
4964}
4965
8e036fc3 4966static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4967{
23691d75 4968 struct l2cap_chan *chan;
1da177e4 4969
c2287681 4970 chan = l2cap_global_chan_by_psm(0, psm, conn->src, conn->dst);
23691d75 4971 if (!chan)
1da177e4
LT		 4972 goto drop;
4973
5b4cedaa 4974 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4975
89bc500e 4976 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4977 goto drop;
4978
e13e21dc 4979 if (chan->imtu < skb->len)
1da177e4
LT		 4980 goto drop;
4981
23070494 4982 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4983 return 0;
1da177e4
LT		 4984
4985drop:
4986 kfree_skb(skb);
4987
1da177e4
LT		 4988 return 0;
4989}
4990
d9b88702
AE		 4991static inline int l2cap_att_channel(struct l2cap_conn *conn, u16 cid,
4992 struct sk_buff *skb)
9f69bda6 4993{
23691d75 4994 struct l2cap_chan *chan;
9f69bda6 4995
c2287681 4996 chan = l2cap_global_chan_by_scid(0, cid, conn->src, conn->dst);
23691d75 4997 if (!chan)
9f69bda6
GP		 4998 goto drop;
4999
5b4cedaa 5000 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 5001
89bc500e 5002 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 5003 goto drop;
5004
e13e21dc 5005 if (chan->imtu < skb->len)
9f69bda6
GP		 5006 goto drop;
5007
23070494 5008 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 5009 return 0;
9f69bda6
GP		 5010
5011drop:
5012 kfree_skb(skb);
5013
9f69bda6
GP		 5014 return 0;
5015}
5016
1da177e4
LT		 5017static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
5018{
5019 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 5020 u16 cid, len;
5021 __le16 psm;
1da177e4
LT		 5022
5023 skb_pull(skb, L2CAP_HDR_SIZE);
5024 cid = __le16_to_cpu(lh->cid);
5025 len = __le16_to_cpu(lh->len);
5026
1c2acffb
GP		 5027 if (len != skb->len) {
5028 kfree_skb(skb);
5029 return;
5030 }
5031
1da177e4
LT		 5032 BT_DBG("len %d, cid 0x%4.4x", len, cid);
5033
5034 switch (cid) {
3300d9a9 5035 case L2CAP_CID_LE_SIGNALING:
8db4dc46 5036 case L2CAP_CID_SIGNALING:
1da177e4
LT		 5037 l2cap_sig_channel(conn, skb);
5038 break;
5039
8db4dc46 5040 case L2CAP_CID_CONN_LESS:
097db76c 5041 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 5042 skb_pull(skb, 2);
5043 l2cap_conless_channel(conn, psm, skb);
5044 break;
5045
9f69bda6
GP		 5046 case L2CAP_CID_LE_DATA:
5047 l2cap_att_channel(conn, cid, skb);
5048 break;
5049
b501d6a1
AB		 5050 case L2CAP_CID_SMP:
5051 if (smp_sig_channel(conn, skb))
5052 l2cap_conn_del(conn->hcon, EACCES);
5053 break;
5054
1da177e4
LT		 5055 default:
5056 l2cap_data_channel(conn, cid, skb);
5057 break;
5058 }
5059}
5060
5061/* ---- L2CAP interface with lower layer (HCI) ---- */
5062
686ebf28 5063int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 5064{
5065 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 5066 struct l2cap_chan *c;
1da177e4 5067
1da177e4
LT		 5068 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
5069
5070 /* Find listening sockets and check their link_mode */
23691d75
GP		 5071 read_lock(&chan_list_lock);
5072 list_for_each_entry(c, &chan_list, global_l) {
5073 struct sock *sk = c->sk;
4343478f 5074
89bc500e 5075 if (c->state != BT_LISTEN)
1da177e4
LT		 5076 continue;
5077
5078 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 5079 lm1 |= HCI_LM_ACCEPT;
43bd0f32 5080 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 5081 lm1 |= HCI_LM_MASTER;
1da177e4 5082 exact++;
2af6b9d5
MH		 5083 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
5084 lm2 |= HCI_LM_ACCEPT;
43bd0f32 5085 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 5086 lm2 |= HCI_LM_MASTER;
5087 }
1da177e4 5088 }
23691d75 5089 read_unlock(&chan_list_lock);
1da177e4
LT		 5090
5091 return exact ? lm1 : lm2;
5092}
5093
686ebf28 5094int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 5095{
0139418c
MH		 5096 struct l2cap_conn *conn;
5097
1da177e4
LT		 5098 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
5099
1da177e4 5100 if (!status) {
1da177e4
LT		 5101 conn = l2cap_conn_add(hcon, status);
5102 if (conn)
5103 l2cap_conn_ready(conn);
0139418c 5104 } else
e175072f 5105 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 5106
5107 return 0;
5108}
5109
686ebf28 5110int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 5111{
5112 struct l2cap_conn *conn = hcon->l2cap_data;
5113
5114 BT_DBG("hcon %p", hcon);
5115
686ebf28 5116 if (!conn)
9f5a0d7b 5117 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 5118 return conn->disc_reason;
5119}
5120
686ebf28 5121int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 5122{
5123 BT_DBG("hcon %p reason %d", hcon, reason);
5124
e175072f 5125 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 5126 return 0;
5127}
5128
4343478f 5129static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 5130{
715ec005 5131 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 5132 return;
5133
f62e4323 5134 if (encrypt == 0x00) {
4343478f 5135 if (chan->sec_level == BT_SECURITY_MEDIUM) {
ba13ccd9 5136 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 5137 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 5138 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 5139 } else {
4343478f 5140 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 5141 __clear_chan_timer(chan);
f62e4323
MH		 5142 }
5143}
5144
686ebf28 5145int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 5146{
0139418c 5147 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 5148 struct l2cap_chan *chan;
1da177e4 5149
0139418c 5150 if (!conn)
1da177e4 5151 return 0;
0139418c 5152
1da177e4
LT		 5153 BT_DBG("conn %p", conn);
5154
160dc6ac 5155 if (hcon->type == LE_LINK) {
35d4adcc
HG		 5156 if (!status && encrypt)
5157 smp_distribute_keys(conn, 0);
17cd3f37 5158 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 5159 }
5160
3df91ea2 5161 mutex_lock(&conn->chan_lock);
1da177e4 5162
3df91ea2 5163 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 5164 l2cap_chan_lock(chan);
1da177e4 5165
f1cb9af5
VCG		 5166 BT_DBG("chan->scid %d", chan->scid);
5167
5168 if (chan->scid == L2CAP_CID_LE_DATA) {
5169 if (!status && encrypt) {
5170 chan->sec_level = hcon->sec_level;
cf4cd009 5171 l2cap_chan_ready(chan);
f1cb9af5
VCG		 5172 }
5173
6be36555 5174 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 5175 continue;
5176 }
5177
c1360a1c 5178 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 5179 l2cap_chan_unlock(chan);
6a8d3010
MH		 5180 continue;
5181 }
5182
89bc500e
GP		 5183 if (!status && (chan->state == BT_CONNECTED ||
5184 chan->state == BT_CONFIG)) {
a7d7723a
GP		 5185 struct sock *sk = chan->sk;
5186
c5daa683 5187 clear_bit(BT_SK_SUSPEND, &bt_sk(sk)->flags);
a7d7723a
GP		 5188 sk->sk_state_change(sk);
5189
4343478f 5190 l2cap_check_encryption(chan, encrypt);
6be36555 5191 l2cap_chan_unlock(chan);
9719f8af
MH		 5192 continue;
5193 }
5194
89bc500e 5195 if (chan->state == BT_CONNECT) {
b1235d79 5196 if (!status) {
9b27f350 5197 l2cap_send_conn_req(chan);
b1235d79 5198 } else {
ba13ccd9 5199 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 5200 }
89bc500e 5201 } else if (chan->state == BT_CONNECT2) {
6be36555 5202 struct sock *sk = chan->sk;
b1235d79 5203 struct l2cap_conn_rsp rsp;
df3c3931 5204 __u16 res, stat;
1da177e4 5205
6be36555
AE		 5206 lock_sock(sk);
5207
b1235d79 5208 if (!status) {
c5daa683
GP		 5209 if (test_bit(BT_SK_DEFER_SETUP,
5210 &bt_sk(sk)->flags)) {
df3c3931
JH		 5211 struct sock *parent = bt_sk(sk)->parent;
5212 res = L2CAP_CR_PEND;
5213 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 5214 if (parent)
5215 parent->sk_data_ready(parent, 0);
df3c3931 5216 } else {
0e587be7 5217 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 5218 res = L2CAP_CR_SUCCESS;
5219 stat = L2CAP_CS_NO_INFO;
5220 }
b1235d79 5221 } else {
0e587be7 5222 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 5223 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 5224 res = L2CAP_CR_SEC_BLOCK;
5225 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 5226 }
5227
6be36555
AE		 5228 release_sock(sk);
5229
fe4128e0
GP		 5230 rsp.scid = cpu_to_le16(chan->dcid);
5231 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 5232 rsp.result = cpu_to_le16(res);
5233 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 5234 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
5235 sizeof(rsp), &rsp);
b1235d79 5236 }
1da177e4 5237
6be36555 5238 l2cap_chan_unlock(chan);
1da177e4
LT		 5239 }
5240
3df91ea2 5241 mutex_unlock(&conn->chan_lock);
b1235d79 5242
1da177e4
LT		 5243 return 0;
5244}
5245
686ebf28 5246int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 5247{
5248 struct l2cap_conn *conn = hcon->l2cap_data;
5249
5a08ecce
AE		 5250 if (!conn)
5251 conn = l2cap_conn_add(hcon, 0);
5252
5253 if (!conn)
1da177e4
LT		 5254 goto drop;
5255
5256 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
5257
e702112f 5258 if (!(flags & ACL_CONT)) {
1da177e4
LT		 5259 struct l2cap_hdr *hdr;
5260 int len;
5261
5262 if (conn->rx_len) {
5263 BT_ERR("Unexpected start frame (len %d)", skb->len);
5264 kfree_skb(conn->rx_skb);
5265 conn->rx_skb = NULL;
5266 conn->rx_len = 0;
5267 l2cap_conn_unreliable(conn, ECOMM);
5268 }
5269
aae7fe22
AE		 5270 /* Start fragment always begin with Basic L2CAP header */
5271 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 5272 BT_ERR("Frame is too short (len %d)", skb->len);
5273 l2cap_conn_unreliable(conn, ECOMM);
5274 goto drop;
5275 }
5276
5277 hdr = (struct l2cap_hdr *) skb->data;
5278 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
5279
5280 if (len == skb->len) {
5281 /* Complete frame received */
5282 l2cap_recv_frame(conn, skb);
5283 return 0;
5284 }
5285
5286 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
5287
5288 if (skb->len > len) {
5289 BT_ERR("Frame is too long (len %d, expected len %d)",
5290 skb->len, len);
5291 l2cap_conn_unreliable(conn, ECOMM);
5292 goto drop;
5293 }
5294
5295 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 5296 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
5297 if (!conn->rx_skb)
1da177e4
LT		 5298 goto drop;
5299
d626f62b 5300 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5301 skb->len);
1da177e4
LT		 5302 conn->rx_len = len - skb->len;
5303 } else {
5304 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
5305
5306 if (!conn->rx_len) {
5307 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
5308 l2cap_conn_unreliable(conn, ECOMM);
5309 goto drop;
5310 }
5311
5312 if (skb->len > conn->rx_len) {
5313 BT_ERR("Fragment is too long (len %d, expected %d)",
5314 skb->len, conn->rx_len);
5315 kfree_skb(conn->rx_skb);
5316 conn->rx_skb = NULL;
5317 conn->rx_len = 0;
5318 l2cap_conn_unreliable(conn, ECOMM);
5319 goto drop;
5320 }
5321
d626f62b 5322 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 5323 skb->len);
1da177e4
LT		 5324 conn->rx_len -= skb->len;
5325
5326 if (!conn->rx_len) {
5327 /* Complete frame received */
5328 l2cap_recv_frame(conn, conn->rx_skb);
5329 conn->rx_skb = NULL;
5330 }
5331 }
5332
5333drop:
5334 kfree_skb(skb);
5335 return 0;
5336}
5337
aef7d97c 5338static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 5339{
23691d75 5340 struct l2cap_chan *c;
1da177e4 5341
333055f2 5342 read_lock(&chan_list_lock);
1da177e4 5343
23691d75
GP		 5344 list_for_each_entry(c, &chan_list, global_l) {
5345 struct sock *sk = c->sk;
101545f6 5346
903d343e 5347 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 5348 batostr(&bt_sk(sk)->src),
5349 batostr(&bt_sk(sk)->dst),
89bc500e 5350 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 5351 c->scid, c->dcid, c->imtu, c->omtu,
5352 c->sec_level, c->mode);
61e1b4b7 5353 }
1da177e4 5354
333055f2 5355 read_unlock(&chan_list_lock);
1da177e4 5356
aef7d97c 5357 return 0;
1da177e4
LT		 5358}
5359
aef7d97c
MH		 5360static int l2cap_debugfs_open(struct inode *inode, struct file *file)
5361{
5362 return single_open(file, l2cap_debugfs_show, inode->i_private);
5363}
5364
5365static const struct file_operations l2cap_debugfs_fops = {
5366 .open = l2cap_debugfs_open,
5367 .read = seq_read,
5368 .llseek = seq_lseek,
5369 .release = single_release,
5370};
5371
5372static struct dentry *l2cap_debugfs;
1da177e4 5373
64274518 5374int __init l2cap_init(void)
1da177e4
LT		 5375{
5376 int err;
be9d1227 5377
bb58f747 5378 err = l2cap_init_sockets();
1da177e4
LT		 5379 if (err < 0)
5380 return err;
5381
aef7d97c
MH		 5382 if (bt_debugfs) {
5383 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
5384 bt_debugfs, NULL, &l2cap_debugfs_fops);
5385 if (!l2cap_debugfs)
5386 BT_ERR("Failed to create L2CAP debug file");
5387 }
1da177e4 5388
1da177e4 5389 return 0;
1da177e4
LT		 5390}
5391
64274518 5392void l2cap_exit(void)
1da177e4 5393{
aef7d97c 5394 debugfs_remove(l2cap_debugfs);
bb58f747 5395 l2cap_cleanup_sockets();
1da177e4
LT		 5396}
5397
d1c4a17d
GP		 5398module_param(disable_ertm, bool, 0644);
5399MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)