projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Create __l2cap_chan_close()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
57
bb58f747 58int disable_ertm;
f0709e03 59
47ec1dcd 60static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 61static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 62
1890d36b
GP		 63static struct workqueue_struct *_busy_wq;
64
23691d75
GP		 65LIST_HEAD(chan_list);
66DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1890d36b
GP		 68static void l2cap_busy_work(struct work_struct *work);
69
1da177e4
LT		 70static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
71 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 72static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
73 void *data);
710f9b0a 74static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 75static void l2cap_send_disconn_req(struct l2cap_conn *conn,
76 struct l2cap_chan *chan, int err);
1da177e4 77
218bb9df
GP		 78static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
79
0139418c 80/* ---- L2CAP channels ---- */
baa7e1fa 81static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 82{
48454079 83 struct l2cap_chan *c;
baa7e1fa
GP		 84
85 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 86 if (c->dcid == cid)
baa7e1fa 87 return c;
0139418c 88 }
baa7e1fa
GP		 89 return NULL;
90
0139418c
MH		 91}
92
baa7e1fa 93static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 94{
48454079 95 struct l2cap_chan *c;
baa7e1fa
GP		 96
97 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 98 if (c->scid == cid)
baa7e1fa 99 return c;
0139418c 100 }
baa7e1fa 101 return NULL;
0139418c
MH		 102}
103
104/* Find channel with given SCID.
105 * Returns locked socket */
baa7e1fa 106static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 107{
48454079 108 struct l2cap_chan *c;
baa7e1fa
GP		 109
110 read_lock(&conn->chan_lock);
111 c = __l2cap_get_chan_by_scid(conn, cid);
48454079
GP		 112 if (c)
113 bh_lock_sock(c->sk);
baa7e1fa 114 read_unlock(&conn->chan_lock);
48454079 115 return c;
0139418c
MH		 116}
117
baa7e1fa 118static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 119{
48454079 120 struct l2cap_chan *c;
baa7e1fa
GP		 121
122 list_for_each_entry(c, &conn->chan_l, list) {
fc7f8a7e 123 if (c->ident == ident)
baa7e1fa 124 return c;
0139418c 125 }
baa7e1fa 126 return NULL;
0139418c
MH		 127}
128
baa7e1fa 129static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 130{
48454079 131 struct l2cap_chan *c;
baa7e1fa
GP		 132
133 read_lock(&conn->chan_lock);
134 c = __l2cap_get_chan_by_ident(conn, ident);
48454079
GP		 135 if (c)
136 bh_lock_sock(c->sk);
baa7e1fa 137 read_unlock(&conn->chan_lock);
48454079 138 return c;
0139418c
MH		 139}
140
23691d75 141static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 142{
23691d75 143 struct l2cap_chan *c;
9e4425ff 144
23691d75
GP		 145 list_for_each_entry(c, &chan_list, global_l) {
146 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
9e4425ff
GP		 147 goto found;
148 }
149
23691d75 150 c = NULL;
9e4425ff 151found:
23691d75 152 return c;
9e4425ff
GP		 153}
154
155int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
156{
73b2ec18
GP		 157 int err;
158
23691d75 159 write_lock_bh(&chan_list_lock);
9e4425ff 160
23691d75 161 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 162 err = -EADDRINUSE;
163 goto done;
9e4425ff
GP		 164 }
165
73b2ec18
GP		 166 if (psm) {
167 chan->psm = psm;
168 chan->sport = psm;
169 err = 0;
170 } else {
171 u16 p;
172
173 err = -EINVAL;
174 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 175 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 176 chan->psm = cpu_to_le16(p);
177 chan->sport = cpu_to_le16(p);
178 err = 0;
179 break;
180 }
181 }
9e4425ff 182
73b2ec18 183done:
23691d75 184 write_unlock_bh(&chan_list_lock);
73b2ec18 185 return err;
9e4425ff
GP		 186}
187
188int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
189{
23691d75 190 write_lock_bh(&chan_list_lock);
9e4425ff
GP		 191
192 chan->scid = scid;
193
23691d75 194 write_unlock_bh(&chan_list_lock);
9e4425ff
GP		 195
196 return 0;
197}
198
baa7e1fa 199static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 200{
8db4dc46 201 u16 cid = L2CAP_CID_DYN_START;
0139418c 202
8db4dc46 203 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 204 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 205 return cid;
206 }
207
208 return 0;
209}
210
23691d75 211struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 212{
213 struct l2cap_chan *chan;
214
215 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
216 if (!chan)
217 return NULL;
218
219 chan->sk = sk;
220
23691d75
GP		 221 write_lock_bh(&chan_list_lock);
222 list_add(&chan->global_l, &chan_list);
223 write_unlock_bh(&chan_list_lock);
224
48454079
GP		 225 return chan;
226}
227
23691d75 228void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 229{
23691d75
GP		 230 write_lock_bh(&chan_list_lock);
231 list_del(&chan->global_l);
232 write_unlock_bh(&chan_list_lock);
233
6ff5abbf
GP		 234 kfree(chan);
235}
236
48454079 237static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 238{
48454079 239 struct sock *sk = chan->sk;
0139418c 240
af05b30b 241 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 242 chan->psm, chan->dcid);
0139418c 243
2950f21a
MH		 244 conn->disc_reason = 0x13;
245
8c1d787b 246 chan->conn = conn;
0139418c 247
bd3c9e25 248 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
b62f328b
VT		 249 if (conn->hcon->type == LE_LINK) {
250 /* LE connection */
0c1bc5c6 251 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 252 chan->scid = L2CAP_CID_LE_DATA;
253 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 254 } else {
255 /* Alloc CID for connection-oriented socket */
fe4128e0 256 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 257 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 258 }
0139418c
MH		 259 } else if (sk->sk_type == SOCK_DGRAM) {
260 /* Connectionless socket */
fe4128e0
GP		 261 chan->scid = L2CAP_CID_CONN_LESS;
262 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 263 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 264 } else {
265 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 266 chan->scid = L2CAP_CID_SIGNALING;
267 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 268 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 269 }
270
baa7e1fa
GP		 271 sock_hold(sk);
272
273 list_add(&chan->list, &conn->chan_l);
0139418c
MH		 274}
275
8e87d142 276/* Delete channel.
0139418c 277 * Must be called on the locked socket. */
4519de9a 278static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 279{
48454079 280 struct sock *sk = chan->sk;
8c1d787b 281 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 282 struct sock *parent = bt_sk(sk)->parent;
283
284 l2cap_sock_clear_timer(sk);
285
49208c9c 286 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 287
8e87d142 288 if (conn) {
baa7e1fa
GP		 289 /* Delete from channel list */
290 write_lock_bh(&conn->chan_lock);
291 list_del(&chan->list);
292 write_unlock_bh(&conn->chan_lock);
293 __sock_put(sk);
294
8c1d787b 295 chan->conn = NULL;
0139418c
MH		 296 hci_conn_put(conn->hcon);
297 }
298
b1235d79 299 sk->sk_state = BT_CLOSED;
0139418c
MH		 300 sock_set_flag(sk, SOCK_ZAPPED);
301
302 if (err)
303 sk->sk_err = err;
304
305 if (parent) {
306 bt_accept_unlink(sk);
307 parent->sk_data_ready(parent, 0);
308 } else
309 sk->sk_state_change(sk);
c13ffa62 310
b4450035
GP		 311 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE &&
312 chan->conf_state & L2CAP_CONF_INPUT_DONE))
6ff5abbf 313 return;
2ead70b8 314
58d35f87 315 skb_queue_purge(&chan->tx_q);
c13ffa62 316
0c1bc5c6 317 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 318 struct srej_list *l, *tmp;
319
e92c8e70
GP		 320 del_timer(&chan->retrans_timer);
321 del_timer(&chan->monitor_timer);
322 del_timer(&chan->ack_timer);
c13ffa62 323
f1c6775b
GP		 324 skb_queue_purge(&chan->srej_q);
325 skb_queue_purge(&chan->busy_q);
c13ffa62 326
39d5a3ee 327 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 328 list_del(&l->list);
329 kfree(l);
330 }
331 }
0139418c
MH		 332}
333
4519de9a
GP		 334/* Must be called on unlocked socket. */
335static void l2cap_chan_close(struct sock *sk)
336{
337 l2cap_sock_clear_timer(sk);
338 lock_sock(sk);
339 __l2cap_chan_close(l2cap_pi(sk)->chan, ECONNRESET);
340 release_sock(sk);
341 l2cap_sock_kill(sk);
342}
343
344static void l2cap_chan_cleanup_listen(struct sock *parent)
345{
346 struct sock *sk;
347
348 BT_DBG("parent %p", parent);
349
350 /* Close not yet accepted channels */
351 while ((sk = bt_accept_dequeue(parent, NULL)))
352 l2cap_chan_close(sk);
353
354 parent->sk_state = BT_CLOSED;
355 sock_set_flag(parent, SOCK_ZAPPED);
356}
357
358void __l2cap_chan_close(struct l2cap_chan *chan, int reason)
359{
360 struct l2cap_conn *conn = chan->conn;
361 struct sock *sk = chan->sk;
362
363 BT_DBG("chan %p state %d socket %p", chan, sk->sk_state, sk->sk_socket);
364
365 switch (sk->sk_state) {
366 case BT_LISTEN:
367 l2cap_chan_cleanup_listen(sk);
368 break;
369
370 case BT_CONNECTED:
371 case BT_CONFIG:
372 if ((sk->sk_type == SOCK_SEQPACKET ||
373 sk->sk_type == SOCK_STREAM) &&
374 conn->hcon->type == ACL_LINK) {
375 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
376 l2cap_send_disconn_req(conn, chan, reason);
377 } else
378 l2cap_chan_del(chan, reason);
379 break;
380
381 case BT_CONNECT2:
382 if ((sk->sk_type == SOCK_SEQPACKET ||
383 sk->sk_type == SOCK_STREAM) &&
384 conn->hcon->type == ACL_LINK) {
385 struct l2cap_conn_rsp rsp;
386 __u16 result;
387
388 if (bt_sk(sk)->defer_setup)
389 result = L2CAP_CR_SEC_BLOCK;
390 else
391 result = L2CAP_CR_BAD_PSM;
392
393 rsp.scid = cpu_to_le16(chan->dcid);
394 rsp.dcid = cpu_to_le16(chan->scid);
395 rsp.result = cpu_to_le16(result);
396 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
397 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
398 sizeof(rsp), &rsp);
399 }
400
401 l2cap_chan_del(chan, reason);
402 break;
403
404 case BT_CONNECT:
405 case BT_DISCONN:
406 l2cap_chan_del(chan, reason);
407 break;
408
409 default:
410 sock_set_flag(sk, SOCK_ZAPPED);
411 break;
412 }
413}
414
4343478f 415static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 416{
4343478f
GP		 417 struct sock *sk = chan->sk;
418
8556edd3 419 if (sk->sk_type == SOCK_RAW) {
4343478f 420 switch (chan->sec_level) {
8556edd3
JH		 421 case BT_SECURITY_HIGH:
422 return HCI_AT_DEDICATED_BONDING_MITM;
423 case BT_SECURITY_MEDIUM:
424 return HCI_AT_DEDICATED_BONDING;
425 default:
426 return HCI_AT_NO_BONDING;
427 }
fe4128e0 428 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 429 if (chan->sec_level == BT_SECURITY_LOW)
430 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 431
4343478f 432 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 433 return HCI_AT_NO_BONDING_MITM;
00ae4af9 434 else
8556edd3 435 return HCI_AT_NO_BONDING;
00ae4af9 436 } else {
4343478f 437 switch (chan->sec_level) {
00ae4af9 438 case BT_SECURITY_HIGH:
8556edd3 439 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 440 case BT_SECURITY_MEDIUM:
8556edd3 441 return HCI_AT_GENERAL_BONDING;
00ae4af9 442 default:
8556edd3 443 return HCI_AT_NO_BONDING;
00ae4af9 444 }
0684e5f9 445 }
8556edd3
JH		 446}
447
448/* Service level security */
4343478f 449static inline int l2cap_check_security(struct l2cap_chan *chan)
8556edd3 450{
8c1d787b 451 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 452 __u8 auth_type;
453
4343478f 454 auth_type = l2cap_get_auth_type(chan);
79d554a6 455
4343478f 456 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 457}
458
68983259 459u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 460{
461 u8 id;
462
463 /* Get next available identificator.
464 * 1 - 128 are used by kernel.
465 * 129 - 199 are reserved.
466 * 200 - 254 are used by utilities like l2ping, etc.
467 */
468
469 spin_lock_bh(&conn->lock);
470
471 if (++conn->tx_ident > 128)
472 conn->tx_ident = 1;
473
474 id = conn->tx_ident;
475
476 spin_unlock_bh(&conn->lock);
477
478 return id;
479}
480
4519de9a 481static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 482{
483 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 484 u8 flags;
4e8402a3
MH		 485
486 BT_DBG("code 0x%2.2x", code);
487
488 if (!skb)
9a9c6a34 489 return;
4e8402a3 490
e702112f
AE		 491 if (lmp_no_flush_capable(conn->hcon->hdev))
492 flags = ACL_START_NO_FLUSH;
493 else
494 flags = ACL_START;
495
496 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 497}
498
525cd185 499static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
1c2acffb
GP		 500{
501 struct sk_buff *skb;
502 struct l2cap_hdr *lh;
525cd185 503 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
8c1d787b 504 struct l2cap_conn *conn = chan->conn;
c13ffa62 505 struct sock *sk = (struct sock *)pi;
fcc203c3 506 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 507 u8 flags;
fcc203c3 508
c13ffa62
GP		 509 if (sk->sk_state != BT_CONNECTED)
510 return;
511
47d1ec61 512 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3 513 hlen += 2;
1c2acffb 514
49208c9c 515 BT_DBG("chan %p, control 0x%2.2x", chan, control);
1c2acffb 516
fcc203c3 517 count = min_t(unsigned int, conn->mtu, hlen);
1c2acffb
GP		 518 control |= L2CAP_CTRL_FRAME_TYPE;
519
525cd185 520 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
9e917af1 521 control |= L2CAP_CTRL_FINAL;
525cd185 522 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
9e917af1
GP		 523 }
524
525cd185 525 if (chan->conn_state & L2CAP_CONN_SEND_PBIT) {
f0946ccf 526 control |= L2CAP_CTRL_POLL;
525cd185 527 chan->conn_state &= ~L2CAP_CONN_SEND_PBIT;
f0946ccf
GP		 528 }
529
1c2acffb
GP		 530 skb = bt_skb_alloc(count, GFP_ATOMIC);
531 if (!skb)
9a9c6a34 532 return;
1c2acffb
GP		 533
534 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 535 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 536 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 537 put_unaligned_le16(control, skb_put(skb, 2));
538
47d1ec61 539 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 540 u16 fcs = crc16(0, (u8 *)lh, count - 2);
541 put_unaligned_le16(fcs, skb_put(skb, 2));
542 }
543
e702112f
AE		 544 if (lmp_no_flush_capable(conn->hcon->hdev))
545 flags = ACL_START_NO_FLUSH;
546 else
547 flags = ACL_START;
548
8c1d787b 549 hci_send_acl(chan->conn->hcon, skb, flags);
1c2acffb
GP		 550}
551
525cd185 552static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
7e743090 553{
525cd185 554 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
7e743090 555 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185 556 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1890d36b 557 } else
7e743090
GP		 558 control |= L2CAP_SUPER_RCV_READY;
559
42e5c802 560 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2ab25cdd 561
525cd185 562 l2cap_send_sframe(chan, control);
7e743090
GP		 563}
564
b4450035 565static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 566{
b4450035 567 return !(chan->conf_state & L2CAP_CONF_CONNECT_PEND);
e501d055
AE		 568}
569
fc7f8a7e 570static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 571{
8c1d787b 572 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 573
574 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 575 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
576 return;
577
4343478f
GP		 578 if (l2cap_check_security(chan) &&
579 __l2cap_no_conn_pending(chan)) {
b1235d79 580 struct l2cap_conn_req req;
fe4128e0
GP		 581 req.scid = cpu_to_le16(chan->scid);
582 req.psm = chan->psm;
79d554a6 583
fc7f8a7e 584 chan->ident = l2cap_get_ident(conn);
b4450035 585 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
79d554a6 586
fc7f8a7e
GP		 587 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
588 sizeof(req), &req);
b1235d79 589 }
79d554a6
MH		 590 } else {
591 struct l2cap_info_req req;
592 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
593
594 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
595 conn->info_ident = l2cap_get_ident(conn);
596
597 mod_timer(&conn->info_timer, jiffies +
598 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
599
600 l2cap_send_cmd(conn, conn->info_ident,
601 L2CAP_INFO_REQ, sizeof(req), &req);
602 }
603}
604
cf6c2c0b
GP		 605static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
606{
607 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 608 if (!disable_ertm)
cf6c2c0b
GP		 609 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
610
611 switch (mode) {
612 case L2CAP_MODE_ERTM:
613 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
614 case L2CAP_MODE_STREAMING:
615 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
616 default:
617 return 0x00;
618 }
619}
620
4519de9a 621static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 622{
e92c8e70 623 struct sock *sk;
22121fc9
GP		 624 struct l2cap_disconn_req req;
625
c13ffa62
GP		 626 if (!conn)
627 return;
628
e92c8e70
GP		 629 sk = chan->sk;
630
0c1bc5c6 631 if (chan->mode == L2CAP_MODE_ERTM) {
e92c8e70
GP		 632 del_timer(&chan->retrans_timer);
633 del_timer(&chan->monitor_timer);
634 del_timer(&chan->ack_timer);
c13ffa62
GP		 635 }
636
fe4128e0
GP		 637 req.dcid = cpu_to_le16(chan->dcid);
638 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 639 l2cap_send_cmd(conn, l2cap_get_ident(conn),
640 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62
GP		 641
642 sk->sk_state = BT_DISCONN;
9b108fc0 643 sk->sk_err = err;
22121fc9
GP		 644}
645
1da177e4 646/* ---- L2CAP connections ---- */
4e8402a3
MH		 647static void l2cap_conn_start(struct l2cap_conn *conn)
648{
820ffdb3 649 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 650
651 BT_DBG("conn %p", conn);
652
baa7e1fa 653 read_lock(&conn->chan_lock);
4e8402a3 654
820ffdb3 655 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 656 struct sock *sk = chan->sk;
baa7e1fa 657
4e8402a3
MH		 658 bh_lock_sock(sk);
659
bd3c9e25
GP		 660 if (sk->sk_type != SOCK_SEQPACKET &&
661 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 662 bh_unlock_sock(sk);
663 continue;
664 }
665
666 if (sk->sk_state == BT_CONNECT) {
47731de7 667 struct l2cap_conn_req req;
79d554a6 668
4343478f 669 if (!l2cap_check_security(chan) ||
b4450035 670 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 671 bh_unlock_sock(sk);
672 continue;
673 }
79d554a6 674
0c1bc5c6 675 if (!l2cap_mode_supported(chan->mode,
47731de7 676 conn->feat_mask)
b4450035 677 && chan->conf_state &
47731de7 678 L2CAP_CONF_STATE2_DEVICE) {
4519de9a 679 /* __l2cap_chan_close() calls list_del(chan)
820ffdb3
GP		 680 * so release the lock */
681 read_unlock_bh(&conn->chan_lock);
4519de9a 682 __l2cap_chan_close(chan, ECONNRESET);
820ffdb3 683 read_lock_bh(&conn->chan_lock);
47731de7
GP		 684 bh_unlock_sock(sk);
685 continue;
b1235d79 686 }
47731de7 687
fe4128e0
GP		 688 req.scid = cpu_to_le16(chan->scid);
689 req.psm = chan->psm;
47731de7 690
fc7f8a7e 691 chan->ident = l2cap_get_ident(conn);
b4450035 692 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
47731de7 693
fc7f8a7e
GP		 694 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
695 sizeof(req), &req);
47731de7 696
79d554a6
MH		 697 } else if (sk->sk_state == BT_CONNECT2) {
698 struct l2cap_conn_rsp rsp;
e9aeb2dd 699 char buf[128];
fe4128e0
GP		 700 rsp.scid = cpu_to_le16(chan->dcid);
701 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 702
4343478f 703 if (l2cap_check_security(chan)) {
f66dc81f
MH		 704 if (bt_sk(sk)->defer_setup) {
705 struct sock *parent = bt_sk(sk)->parent;
706 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
707 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
708 parent->sk_data_ready(parent, 0);
709
710 } else {
711 sk->sk_state = BT_CONFIG;
712 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
713 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
714 }
79d554a6
MH		 715 } else {
716 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
717 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
718 }
719
fc7f8a7e
GP		 720 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
721 sizeof(rsp), &rsp);
e9aeb2dd 722
b4450035 723 if (chan->conf_state & L2CAP_CONF_REQ_SENT ||
e9aeb2dd
GP		 724 rsp.result != L2CAP_CR_SUCCESS) {
725 bh_unlock_sock(sk);
726 continue;
727 }
728
b4450035 729 chan->conf_state |= L2CAP_CONF_REQ_SENT;
e9aeb2dd 730 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 731 l2cap_build_conf_req(chan, buf), buf);
732 chan->num_conf_req++;
4e8402a3
MH		 733 }
734
735 bh_unlock_sock(sk);
736 }
737
baa7e1fa 738 read_unlock(&conn->chan_lock);
4e8402a3
MH		 739}
740
b62f328b
VT		 741/* Find socket with cid and source bdaddr.
742 * Returns closest match, locked.
743 */
23691d75 744static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 745{
23691d75 746 struct l2cap_chan *c, *c1 = NULL;
b62f328b 747
23691d75 748 read_lock(&chan_list_lock);
b62f328b 749
23691d75
GP		 750 list_for_each_entry(c, &chan_list, global_l) {
751 struct sock *sk = c->sk;
fe4128e0 752
b62f328b
VT		 753 if (state && sk->sk_state != state)
754 continue;
755
23691d75 756 if (c->scid == cid) {
b62f328b 757 /* Exact match. */
23691d75
GP		 758 if (!bacmp(&bt_sk(sk)->src, src)) {
759 read_unlock(&chan_list_lock);
760 return c;
761 }
b62f328b
VT		 762
763 /* Closest match */
764 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 765 c1 = c;
b62f328b
VT		 766 }
767 }
280f294f 768
23691d75 769 read_unlock(&chan_list_lock);
b62f328b 770
23691d75 771 return c1;
b62f328b
VT		 772}
773
774static void l2cap_le_conn_ready(struct l2cap_conn *conn)
775{
c916fbe4 776 struct sock *parent, *sk;
23691d75 777 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 778
779 BT_DBG("");
780
781 /* Check if we have socket listening on cid */
23691d75 782 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 783 conn->src);
23691d75 784 if (!pchan)
b62f328b
VT		 785 return;
786
23691d75
GP		 787 parent = pchan->sk;
788
62f3a2cf
GP		 789 bh_lock_sock(parent);
790
b62f328b
VT		 791 /* Check for backlog size */
792 if (sk_acceptq_is_full(parent)) {
793 BT_DBG("backlog full %d", parent->sk_ack_backlog);
794 goto clean;
795 }
796
797 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
798 if (!sk)
799 goto clean;
800
23691d75 801 chan = l2cap_chan_create(sk);
48454079
GP		 802 if (!chan) {
803 l2cap_sock_kill(sk);
804 goto clean;
805 }
806
5d41ce1d
GP		 807 l2cap_pi(sk)->chan = chan;
808
baa7e1fa 809 write_lock_bh(&conn->chan_lock);
b62f328b
VT		 810
811 hci_conn_hold(conn->hcon);
812
813 l2cap_sock_init(sk, parent);
baa7e1fa 814
b62f328b
VT		 815 bacpy(&bt_sk(sk)->src, conn->src);
816 bacpy(&bt_sk(sk)->dst, conn->dst);
817
d1010240
GP		 818 bt_accept_enqueue(parent, sk);
819
48454079
GP		 820 __l2cap_chan_add(conn, chan);
821
b62f328b
VT		 822 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
823
824 sk->sk_state = BT_CONNECTED;
825 parent->sk_data_ready(parent, 0);
826
baa7e1fa 827 write_unlock_bh(&conn->chan_lock);
b62f328b
VT		 828
829clean:
830 bh_unlock_sock(parent);
831}
832
4e8402a3
MH		 833static void l2cap_conn_ready(struct l2cap_conn *conn)
834{
48454079 835 struct l2cap_chan *chan;
4e8402a3 836
79d554a6 837 BT_DBG("conn %p", conn);
4e8402a3 838
b62f328b
VT		 839 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
840 l2cap_le_conn_ready(conn);
841
baa7e1fa 842 read_lock(&conn->chan_lock);
4e8402a3 843
baa7e1fa 844 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 845 struct sock *sk = chan->sk;
baa7e1fa 846
79d554a6 847 bh_lock_sock(sk);
4e8402a3 848
acd7d370
VT		 849 if (conn->hcon->type == LE_LINK) {
850 l2cap_sock_clear_timer(sk);
851 sk->sk_state = BT_CONNECTED;
852 sk->sk_state_change(sk);
853 }
854
bd3c9e25
GP		 855 if (sk->sk_type != SOCK_SEQPACKET &&
856 sk->sk_type != SOCK_STREAM) {
79d554a6
MH		 857 l2cap_sock_clear_timer(sk);
858 sk->sk_state = BT_CONNECTED;
859 sk->sk_state_change(sk);
860 } else if (sk->sk_state == BT_CONNECT)
fc7f8a7e 861 l2cap_do_start(chan);
4e8402a3 862
79d554a6 863 bh_unlock_sock(sk);
4e8402a3 864 }
79d554a6 865
baa7e1fa 866 read_unlock(&conn->chan_lock);
4e8402a3
MH		 867}
868
869/* Notify sockets that we cannot guaranty reliability anymore */
870static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
871{
48454079 872 struct l2cap_chan *chan;
4e8402a3
MH		 873
874 BT_DBG("conn %p", conn);
875
baa7e1fa 876 read_lock(&conn->chan_lock);
4e8402a3 877
baa7e1fa 878 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 879 struct sock *sk = chan->sk;
baa7e1fa 880
4343478f 881 if (chan->force_reliable)
4e8402a3
MH		 882 sk->sk_err = err;
883 }
884
baa7e1fa 885 read_unlock(&conn->chan_lock);
4e8402a3
MH		 886}
887
888static void l2cap_info_timeout(unsigned long arg)
889{
890 struct l2cap_conn *conn = (void *) arg;
891
984947dc 892 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 893 conn->info_ident = 0;
984947dc 894
4e8402a3
MH		 895 l2cap_conn_start(conn);
896}
897
1da177e4
LT		 898static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
899{
0139418c 900 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 901
0139418c 902 if (conn || status)
1da177e4
LT		 903 return conn;
904
0139418c
MH		 905 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
906 if (!conn)
1da177e4 907 return NULL;
1da177e4
LT		 908
909 hcon->l2cap_data = conn;
910 conn->hcon = hcon;
911
0139418c
MH		 912 BT_DBG("hcon %p conn %p", hcon, conn);
913
acd7d370
VT		 914 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
915 conn->mtu = hcon->hdev->le_mtu;
916 else
917 conn->mtu = hcon->hdev->acl_mtu;
918
1da177e4
LT		 919 conn->src = &hcon->hdev->bdaddr;
920 conn->dst = &hcon->dst;
921
4e8402a3
MH		 922 conn->feat_mask = 0;
923
1da177e4 924 spin_lock_init(&conn->lock);
baa7e1fa
GP		 925 rwlock_init(&conn->chan_lock);
926
927 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 928
b62f328b
VT		 929 if (hcon->type != LE_LINK)
930 setup_timer(&conn->info_timer, l2cap_info_timeout,
45054dc1
DY		 931 (unsigned long) conn);
932
2950f21a
MH		 933 conn->disc_reason = 0x13;
934
1da177e4
LT		 935 return conn;
936}
937
0139418c 938static void l2cap_conn_del(struct hci_conn *hcon, int err)
1da177e4 939{
0139418c 940 struct l2cap_conn *conn = hcon->l2cap_data;
baa7e1fa 941 struct l2cap_chan *chan, *l;
1da177e4
LT		 942 struct sock *sk;
943
0139418c
MH		 944 if (!conn)
945 return;
1da177e4
LT		 946
947 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
948
7585b97a 949 kfree_skb(conn->rx_skb);
1da177e4
LT		 950
951 /* Kill channels */
baa7e1fa 952 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
48454079 953 sk = chan->sk;
1da177e4 954 bh_lock_sock(sk);
48454079 955 l2cap_chan_del(chan, err);
1da177e4
LT		 956 bh_unlock_sock(sk);
957 l2cap_sock_kill(sk);
958 }
959
8e8440f5
DY		 960 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
961 del_timer_sync(&conn->info_timer);
3ab22731 962
1da177e4
LT		 963 hcon->l2cap_data = NULL;
964 kfree(conn);
1da177e4
LT		 965}
966
48454079 967static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1da177e4 968{
baa7e1fa 969 write_lock_bh(&conn->chan_lock);
48454079 970 __l2cap_chan_add(conn, chan);
baa7e1fa 971 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 972}
973
1da177e4 974/* ---- Socket interface ---- */
1da177e4
LT		 975
976/* Find socket with psm and source bdaddr.
977 * Returns closest match.
978 */
23691d75 979static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 980{
23691d75 981 struct l2cap_chan *c, *c1 = NULL;
1da177e4 982
23691d75 983 read_lock(&chan_list_lock);
e0f0cb56 984
23691d75
GP		 985 list_for_each_entry(c, &chan_list, global_l) {
986 struct sock *sk = c->sk;
fe4128e0 987
1da177e4
LT		 988 if (state && sk->sk_state != state)
989 continue;
990
23691d75 991 if (c->psm == psm) {
1da177e4 992 /* Exact match. */
23691d75 993 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 994 read_unlock(&chan_list_lock);
23691d75
GP		 995 return c;
996 }
1da177e4
LT		 997
998 /* Closest match */
999 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1000 c1 = c;
1da177e4
LT		 1001 }
1002 }
1da177e4 1003
23691d75 1004 read_unlock(&chan_list_lock);
e0f0cb56 1005
23691d75 1006 return c1;
1da177e4
LT		 1007}
1008
77a74c7e 1009int l2cap_chan_connect(struct l2cap_chan *chan)
1da177e4 1010{
5d41ce1d 1011 struct sock *sk = chan->sk;
1da177e4
LT		 1012 bdaddr_t *src = &bt_sk(sk)->src;
1013 bdaddr_t *dst = &bt_sk(sk)->dst;
1014 struct l2cap_conn *conn;
1015 struct hci_conn *hcon;
1016 struct hci_dev *hdev;
09ab6f4c 1017 __u8 auth_type;
44d0e48e 1018 int err;
1da177e4 1019
f29972de 1020 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1021 chan->psm);
1da177e4 1022
af05b30b
GP		 1023 hdev = hci_get_route(dst, src);
1024 if (!hdev)
1da177e4
LT		 1025 return -EHOSTUNREACH;
1026
1027 hci_dev_lock_bh(hdev);
1028
4343478f 1029 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1030
fe4128e0 1031 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1032 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1033 chan->sec_level, auth_type);
acd7d370
VT		 1034 else
1035 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1036 chan->sec_level, auth_type);
acd7d370 1037
30e76272
VT		 1038 if (IS_ERR(hcon)) {
1039 err = PTR_ERR(hcon);
1da177e4 1040 goto done;
30e76272 1041 }
1da177e4
LT		 1042
1043 conn = l2cap_conn_add(hcon, 0);
1044 if (!conn) {
1045 hci_conn_put(hcon);
30e76272 1046 err = -ENOMEM;
1da177e4
LT		 1047 goto done;
1048 }
1049
1da177e4
LT		 1050 /* Update source addr of the socket */
1051 bacpy(src, conn->src);
1052
48454079
GP		 1053 l2cap_chan_add(conn, chan);
1054
1da177e4
LT		 1055 sk->sk_state = BT_CONNECT;
1056 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1057
1058 if (hcon->state == BT_CONNECTED) {
bd3c9e25
GP		 1059 if (sk->sk_type != SOCK_SEQPACKET &&
1060 sk->sk_type != SOCK_STREAM) {
1da177e4 1061 l2cap_sock_clear_timer(sk);
4343478f 1062 if (l2cap_check_security(chan))
d00ef24f 1063 sk->sk_state = BT_CONNECTED;
79d554a6 1064 } else
fc7f8a7e 1065 l2cap_do_start(chan);
1da177e4
LT		 1066 }
1067
30e76272
VT		 1068 err = 0;
1069
1da177e4
LT		 1070done:
1071 hci_dev_unlock_bh(hdev);
1072 hci_dev_put(hdev);
1073 return err;
1074}
1075
dcba0dba 1076int __l2cap_wait_ack(struct sock *sk)
6161c038 1077{
8c1d787b 1078 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1079 DECLARE_WAITQUEUE(wait, current);
1080 int err = 0;
1081 int timeo = HZ/5;
1082
2b0b05dd 1083 add_wait_queue(sk_sleep(sk), &wait);
8c1d787b 1084 while ((chan->unacked_frames > 0 && chan->conn)) {
6161c038
GP		 1085 set_current_state(TASK_INTERRUPTIBLE);
1086
1087 if (!timeo)
1088 timeo = HZ/5;
1089
1090 if (signal_pending(current)) {
1091 err = sock_intr_errno(timeo);
1092 break;
1093 }
1094
1095 release_sock(sk);
1096 timeo = schedule_timeout(timeo);
1097 lock_sock(sk);
1098
1099 err = sock_error(sk);
1100 if (err)
1101 break;
1102 }
1103 set_current_state(TASK_RUNNING);
2b0b05dd 1104 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1105 return err;
1106}
1107
e90bac06
GP		 1108static void l2cap_monitor_timeout(unsigned long arg)
1109{
525cd185
GP		 1110 struct l2cap_chan *chan = (void *) arg;
1111 struct sock *sk = chan->sk;
e90bac06 1112
525cd185 1113 BT_DBG("chan %p", chan);
0e98958d 1114
e686219a 1115 bh_lock_sock(sk);
2c03a7a4 1116 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1117 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
b13f5860 1118 bh_unlock_sock(sk);
e90bac06
GP		 1119 return;
1120 }
1121
6a026610 1122 chan->retry_count++;
e90bac06
GP		 1123 __mod_monitor_timer();
1124
525cd185 1125 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1126 bh_unlock_sock(sk);
e90bac06
GP		 1127}
1128
1129static void l2cap_retrans_timeout(unsigned long arg)
1130{
525cd185
GP		 1131 struct l2cap_chan *chan = (void *) arg;
1132 struct sock *sk = chan->sk;
e90bac06 1133
49208c9c 1134 BT_DBG("chan %p", chan);
0e98958d 1135
e686219a 1136 bh_lock_sock(sk);
6a026610 1137 chan->retry_count = 1;
e90bac06
GP		 1138 __mod_monitor_timer();
1139
525cd185 1140 chan->conn_state |= L2CAP_CONN_WAIT_F;
e90bac06 1141
525cd185 1142 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1143 bh_unlock_sock(sk);
e90bac06
GP		 1144}
1145
42e5c802 1146static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1147{
1c2acffb 1148 struct sk_buff *skb;
1da177e4 1149
58d35f87 1150 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1151 chan->unacked_frames) {
42e5c802 1152 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1153 break;
1da177e4 1154
58d35f87 1155 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1156 kfree_skb(skb);
1da177e4 1157
6a026610 1158 chan->unacked_frames--;
1c2acffb 1159 }
1da177e4 1160
6a026610 1161 if (!chan->unacked_frames)
e92c8e70 1162 del_timer(&chan->retrans_timer);
1c2acffb 1163}
1da177e4 1164
4343478f 1165void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1c2acffb 1166{
8c1d787b 1167 struct hci_conn *hcon = chan->conn->hcon;
e702112f 1168 u16 flags;
1c2acffb 1169
4343478f 1170 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1da177e4 1171
4343478f 1172 if (!chan->flushable && lmp_no_flush_capable(hcon->hdev))
e702112f
AE		 1173 flags = ACL_START_NO_FLUSH;
1174 else
1175 flags = ACL_START;
1176
1177 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1178}
1179
42e5c802 1180void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1181{
ccbb84af 1182 struct sk_buff *skb;
fcc203c3 1183 u16 control, fcs;
6840ed07 1184
58d35f87 1185 while ((skb = skb_dequeue(&chan->tx_q))) {
ccbb84af 1186 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
42e5c802 1187 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
ccbb84af 1188 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1189
47d1ec61 1190 if (chan->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1191 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1192 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1193 }
1194
4343478f 1195 l2cap_do_send(chan, skb);
6840ed07 1196
42e5c802 1197 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
6840ed07 1198 }
6840ed07
GP		 1199}
1200
525cd185 1201static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 1202{
8f17154f
GP		 1203 struct sk_buff *skb, *tx_skb;
1204 u16 control, fcs;
8f17154f 1205
58d35f87 1206 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1207 if (!skb)
1208 return;
8f17154f 1209
f11d676d
GP		 1210 do {
1211 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1212 break;
8f17154f 1213
58d35f87 1214 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1215 return;
8f17154f 1216
58d35f87 1217 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
8f17154f 1218
2c03a7a4
GP		 1219 if (chan->remote_max_tx &&
1220 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1221 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1222 return;
1223 }
1224
1225 tx_skb = skb_clone(skb, GFP_ATOMIC);
1226 bt_cb(skb)->retries++;
1227 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
a429b519 1228 control &= L2CAP_CTRL_SAR;
3cb123d1 1229
525cd185 1230 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
3cb123d1 1231 control |= L2CAP_CTRL_FINAL;
525cd185 1232 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
3cb123d1 1233 }
95ffa978 1234
42e5c802 1235 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
f11d676d 1236 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
3cb123d1 1237
f11d676d
GP		 1238 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1239
47d1ec61 1240 if (chan->fcs == L2CAP_FCS_CRC16) {
f11d676d
GP		 1241 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1242 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1243 }
1244
4343478f 1245 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1246}
1247
525cd185 1248int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1249{
1250 struct sk_buff *skb, *tx_skb;
525cd185 1251 struct sock *sk = chan->sk;
fcc203c3 1252 u16 control, fcs;
9a9c6a34 1253 int nsent = 0;
1c2acffb 1254
c13ffa62
GP		 1255 if (sk->sk_state != BT_CONNECTED)
1256 return -ENOTCONN;
e90bac06 1257
58d35f87 1258 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1259
2c03a7a4
GP		 1260 if (chan->remote_max_tx &&
1261 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1262 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1263 break;
1264 }
1265
e420aba3
AE		 1266 tx_skb = skb_clone(skb, GFP_ATOMIC);
1267
e90bac06
GP		 1268 bt_cb(skb)->retries++;
1269
1c2acffb 1270 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
95ffa978
GP		 1271 control &= L2CAP_CTRL_SAR;
1272
525cd185 1273 if (chan->conn_state & L2CAP_CONN_SEND_FBIT) {
d5392c8f 1274 control |= L2CAP_CTRL_FINAL;
525cd185 1275 chan->conn_state &= ~L2CAP_CONN_SEND_FBIT;
d5392c8f 1276 }
42e5c802
GP		 1277 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1278 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1c2acffb
GP		 1279 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1280
e90bac06 1281
47d1ec61 1282 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1283 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1284 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1285 }
1286
4343478f 1287 l2cap_do_send(chan, tx_skb);
9a9c6a34 1288
e90bac06 1289 __mod_retrans_timer();
1c2acffb 1290
42e5c802
GP		 1291 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1292 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1c2acffb 1293
23e9fde2 1294 if (bt_cb(skb)->retries == 1)
6a026610 1295 chan->unacked_frames++;
23e9fde2 1296
6a026610 1297 chan->frames_sent++;
1c2acffb 1298
58d35f87
GP		 1299 if (skb_queue_is_last(&chan->tx_q, skb))
1300 chan->tx_send_head = NULL;
1c2acffb 1301 else
58d35f87 1302 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
9e917af1
GP		 1303
1304 nsent++;
1c2acffb
GP		 1305 }
1306
9e917af1
GP		 1307 return nsent;
1308}
1309
525cd185 1310static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1311{
dfc909be
GP		 1312 int ret;
1313
58d35f87
GP		 1314 if (!skb_queue_empty(&chan->tx_q))
1315 chan->tx_send_head = chan->tx_q.next;
dfc909be 1316
42e5c802 1317 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1318 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1319 return ret;
1320}
1321
525cd185 1322static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1323{
9e917af1
GP		 1324 u16 control = 0;
1325
42e5c802 1326 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
9e917af1 1327
525cd185 1328 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
9e917af1 1329 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185
GP		 1330 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1331 l2cap_send_sframe(chan, control);
9a9c6a34 1332 return;
9e917af1 1333 }
dfc909be 1334
525cd185 1335 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1336 return;
1337
1338 control |= L2CAP_SUPER_RCV_READY;
525cd185 1339 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1340}
1341
525cd185 1342static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1343{
1344 struct srej_list *tail;
1345 u16 control;
1346
1347 control = L2CAP_SUPER_SELECT_REJECT;
1348 control |= L2CAP_CTRL_FINAL;
1349
39d5a3ee 1350 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
99b0d4b7
GP		 1351 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1352
525cd185 1353 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1354}
1355
1c2acffb
GP		 1356static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1357{
8c1d787b 1358 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1c2acffb
GP		 1359 struct sk_buff **frag;
1360 int err, sent = 0;
1da177e4 1361
59203a21 1362 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1363 return -EFAULT;
1da177e4
LT		 1364
1365 sent += count;
1366 len -= count;
1367
1368 /* Continuation fragments (no L2CAP header) */
1369 frag = &skb_shinfo(skb)->frag_list;
1370 while (len) {
1371 count = min_t(unsigned int, conn->mtu, len);
1372
1373 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1374 if (!*frag)
0175d629 1375 return err;
1c2acffb
GP		 1376 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1377 return -EFAULT;
1da177e4
LT		 1378
1379 sent += count;
1380 len -= count;
1381
1382 frag = &(*frag)->next;
1383 }
1da177e4
LT		 1384
1385 return sent;
1c2acffb 1386}
1da177e4 1387
fe4128e0 1388struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1389{
fe4128e0 1390 struct sock *sk = chan->sk;
8c1d787b 1391 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1392 struct sk_buff *skb;
1393 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1394 struct l2cap_hdr *lh;
1395
1396 BT_DBG("sk %p len %d", sk, (int)len);
1397
1398 count = min_t(unsigned int, (conn->mtu - hlen), len);
1399 skb = bt_skb_send_alloc(sk, count + hlen,
1400 msg->msg_flags & MSG_DONTWAIT, &err);
1401 if (!skb)
0175d629 1402 return ERR_PTR(err);
1c2acffb
GP		 1403
1404 /* Create L2CAP header */
1405 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1406 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1407 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1408 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb
GP		 1409
1410 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1411 if (unlikely(err < 0)) {
1412 kfree_skb(skb);
1413 return ERR_PTR(err);
1414 }
1415 return skb;
1416}
1417
fe4128e0 1418struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1419{
fe4128e0 1420 struct sock *sk = chan->sk;
8c1d787b 1421 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1422 struct sk_buff *skb;
1423 int err, count, hlen = L2CAP_HDR_SIZE;
1424 struct l2cap_hdr *lh;
1425
1426 BT_DBG("sk %p len %d", sk, (int)len);
1427
1428 count = min_t(unsigned int, (conn->mtu - hlen), len);
1429 skb = bt_skb_send_alloc(sk, count + hlen,
1430 msg->msg_flags & MSG_DONTWAIT, &err);
1431 if (!skb)
0175d629 1432 return ERR_PTR(err);
1c2acffb
GP		 1433
1434 /* Create L2CAP header */
1435 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1436 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1437 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1438
1439 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1440 if (unlikely(err < 0)) {
1441 kfree_skb(skb);
1442 return ERR_PTR(err);
1443 }
1444 return skb;
1445}
1446
47d1ec61 1447struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1c2acffb 1448{
47d1ec61 1449 struct sock *sk = chan->sk;
8c1d787b 1450 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1451 struct sk_buff *skb;
1452 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1453 struct l2cap_hdr *lh;
1454
1455 BT_DBG("sk %p len %d", sk, (int)len);
1456
0ee0d208
GP		 1457 if (!conn)
1458 return ERR_PTR(-ENOTCONN);
1459
c74e560c
GP		 1460 if (sdulen)
1461 hlen += 2;
1462
47d1ec61 1463 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1464 hlen += 2;
1465
1c2acffb
GP		 1466 count = min_t(unsigned int, (conn->mtu - hlen), len);
1467 skb = bt_skb_send_alloc(sk, count + hlen,
1468 msg->msg_flags & MSG_DONTWAIT, &err);
1469 if (!skb)
0175d629 1470 return ERR_PTR(err);
1c2acffb
GP		 1471
1472 /* Create L2CAP header */
1473 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1474 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1475 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1476 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1477 if (sdulen)
1478 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1479
1480 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1481 if (unlikely(err < 0)) {
1482 kfree_skb(skb);
1483 return ERR_PTR(err);
1484 }
e90bac06 1485
47d1ec61 1486 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1487 put_unaligned_le16(0, skb_put(skb, 2));
1488
e90bac06 1489 bt_cb(skb)->retries = 0;
1c2acffb 1490 return skb;
1da177e4
LT		 1491}
1492
2c03a7a4 1493int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1494{
c74e560c
GP		 1495 struct sk_buff *skb;
1496 struct sk_buff_head sar_queue;
1497 u16 control;
1498 size_t size = 0;
1499
ff12fd64 1500 skb_queue_head_init(&sar_queue);
c74e560c 1501 control = L2CAP_SDU_START;
47d1ec61 1502 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1503 if (IS_ERR(skb))
1504 return PTR_ERR(skb);
1505
1506 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1507 len -= chan->remote_mps;
1508 size += chan->remote_mps;
c74e560c
GP		 1509
1510 while (len > 0) {
1511 size_t buflen;
1512
2c03a7a4 1513 if (len > chan->remote_mps) {
44651b85 1514 control = L2CAP_SDU_CONTINUE;
2c03a7a4 1515 buflen = chan->remote_mps;
c74e560c 1516 } else {
44651b85 1517 control = L2CAP_SDU_END;
c74e560c
GP		 1518 buflen = len;
1519 }
1520
47d1ec61 1521 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1522 if (IS_ERR(skb)) {
1523 skb_queue_purge(&sar_queue);
1524 return PTR_ERR(skb);
1525 }
1526
1527 __skb_queue_tail(&sar_queue, skb);
1528 len -= buflen;
1529 size += buflen;
c74e560c 1530 }
58d35f87
GP		 1531 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1532 if (chan->tx_send_head == NULL)
1533 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1534
1535 return size;
1536}
1537
1da177e4
LT		 1538static void l2cap_chan_ready(struct sock *sk)
1539{
1540 struct sock *parent = bt_sk(sk)->parent;
b4450035 1541 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
1da177e4
LT		 1542
1543 BT_DBG("sk %p, parent %p", sk, parent);
1544
b4450035 1545 chan->conf_state = 0;
1da177e4
LT		 1546 l2cap_sock_clear_timer(sk);
1547
1548 if (!parent) {
1549 /* Outgoing channel.
1550 * Wake up socket sleeping on connect.
1551 */
1552 sk->sk_state = BT_CONNECTED;
1553 sk->sk_state_change(sk);
1554 } else {
1555 /* Incoming channel.
1556 * Wake up socket sleeping on accept.
1557 */
1558 parent->sk_data_ready(parent, 0);
1559 }
1560}
1561
1562/* Copy frame to all raw sockets on that connection */
1563static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1564{
1da177e4 1565 struct sk_buff *nskb;
48454079 1566 struct l2cap_chan *chan;
1da177e4
LT		 1567
1568 BT_DBG("conn %p", conn);
1569
baa7e1fa
GP		 1570 read_lock(&conn->chan_lock);
1571 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1572 struct sock *sk = chan->sk;
1da177e4
LT		 1573 if (sk->sk_type != SOCK_RAW)
1574 continue;
1575
1576 /* Don't send frame to the socket it came from */
1577 if (skb->sk == sk)
1578 continue;
af05b30b
GP		 1579 nskb = skb_clone(skb, GFP_ATOMIC);
1580 if (!nskb)
1da177e4
LT		 1581 continue;
1582
1583 if (sock_queue_rcv_skb(sk, nskb))
1584 kfree_skb(nskb);
1585 }
baa7e1fa 1586 read_unlock(&conn->chan_lock);
1da177e4
LT		 1587}
1588
1589/* ---- L2CAP signalling commands ---- */
1590static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1591 u8 code, u8 ident, u16 dlen, void *data)
1592{
1593 struct sk_buff *skb, **frag;
1594 struct l2cap_cmd_hdr *cmd;
1595 struct l2cap_hdr *lh;
1596 int len, count;
1597
af05b30b
GP		 1598 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1599 conn, code, ident, dlen);
1da177e4
LT		 1600
1601 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1602 count = min_t(unsigned int, conn->mtu, len);
1603
1604 skb = bt_skb_alloc(count, GFP_ATOMIC);
1605 if (!skb)
1606 return NULL;
1607
1608 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1609 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1610
1611 if (conn->hcon->type == LE_LINK)
1612 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1613 else
1614 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1615
1616 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1617 cmd->code = code;
1618 cmd->ident = ident;
aca3192c 1619 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1620
1621 if (dlen) {
1622 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1623 memcpy(skb_put(skb, count), data, count);
1624 data += count;
1625 }
1626
1627 len -= skb->len;
1628
1629 /* Continuation fragments (no L2CAP header) */
1630 frag = &skb_shinfo(skb)->frag_list;
1631 while (len) {
1632 count = min_t(unsigned int, conn->mtu, len);
1633
1634 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1635 if (!*frag)
1636 goto fail;
1637
1638 memcpy(skb_put(*frag, count), data, count);
1639
1640 len -= count;
1641 data += count;
1642
1643 frag = &(*frag)->next;
1644 }
1645
1646 return skb;
1647
1648fail:
1649 kfree_skb(skb);
1650 return NULL;
1651}
1652
1653static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1654{
1655 struct l2cap_conf_opt *opt = *ptr;
1656 int len;
1657
1658 len = L2CAP_CONF_OPT_SIZE + opt->len;
1659 *ptr += len;
1660
1661 *type = opt->type;
1662 *olen = opt->len;
1663
1664 switch (opt->len) {
1665 case 1:
1666 *val = *((u8 *) opt->val);
1667 break;
1668
1669 case 2:
bfaaeb3e 1670 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1671 break;
1672
1673 case 4:
bfaaeb3e 1674 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1675 break;
1676
1677 default:
1678 *val = (unsigned long) opt->val;
1679 break;
1680 }
1681
1682 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1683 return len;
1684}
1685
1da177e4
LT		 1686static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1687{
1688 struct l2cap_conf_opt *opt = *ptr;
1689
1690 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1691
1692 opt->type = type;
1693 opt->len = len;
1694
1695 switch (len) {
1696 case 1:
1697 *((u8 *) opt->val) = val;
1698 break;
1699
1700 case 2:
4f8b691c 1701 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1702 break;
1703
1704 case 4:
4f8b691c 1705 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1706 break;
1707
1708 default:
1709 memcpy(opt->val, (void *) val, len);
1710 break;
1711 }
1712
1713 *ptr += L2CAP_CONF_OPT_SIZE + len;
1714}
1715
c1b4f43b
GP		 1716static void l2cap_ack_timeout(unsigned long arg)
1717{
525cd185 1718 struct l2cap_chan *chan = (void *) arg;
c1b4f43b 1719
525cd185
GP		 1720 bh_lock_sock(chan->sk);
1721 l2cap_send_ack(chan);
1722 bh_unlock_sock(chan->sk);
c1b4f43b
GP		 1723}
1724
525cd185 1725static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 1726{
525cd185
GP		 1727 struct sock *sk = chan->sk;
1728
42e5c802 1729 chan->expected_ack_seq = 0;
6a026610 1730 chan->unacked_frames = 0;
42e5c802 1731 chan->buffer_seq = 0;
6a026610
GP		 1732 chan->num_acked = 0;
1733 chan->frames_sent = 0;
0565c1c2 1734
e92c8e70
GP		 1735 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1736 (unsigned long) chan);
1737 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1738 (unsigned long) chan);
1739 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
0565c1c2 1740
f1c6775b
GP		 1741 skb_queue_head_init(&chan->srej_q);
1742 skb_queue_head_init(&chan->busy_q);
1890d36b 1743
39d5a3ee
GP		 1744 INIT_LIST_HEAD(&chan->srej_l);
1745
311bb895 1746 INIT_WORK(&chan->busy_work, l2cap_busy_work);
218bb9df
GP		 1747
1748 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1749}
1750
f2fcfcd6
GP		 1751static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1752{
1753 switch (mode) {
1754 case L2CAP_MODE_STREAMING:
1755 case L2CAP_MODE_ERTM:
1756 if (l2cap_mode_supported(mode, remote_feat_mask))
1757 return mode;
1758 /* fall through */
1759 default:
1760 return L2CAP_MODE_BASIC;
1761 }
1762}
1763
710f9b0a 1764static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1765{
1da177e4 1766 struct l2cap_conf_req *req = data;
0c1bc5c6 1767 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4
LT		 1768 void *ptr = req->data;
1769
49208c9c 1770 BT_DBG("chan %p", chan);
1da177e4 1771
73ffa904 1772 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 1773 goto done;
1774
0c1bc5c6 1775 switch (chan->mode) {
f2fcfcd6
GP		 1776 case L2CAP_MODE_STREAMING:
1777 case L2CAP_MODE_ERTM:
b4450035 1778 if (chan->conf_state & L2CAP_CONF_STATE2_DEVICE)
85eb53c6 1779 break;
85eb53c6 1780
2ba13ed6 1781 /* fall through */
f2fcfcd6 1782 default:
8c1d787b 1783 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 1784 break;
1785 }
1786
1787done:
0c1bc5c6
GP		 1788 if (chan->imtu != L2CAP_DEFAULT_MTU)
1789 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 1790
0c1bc5c6 1791 switch (chan->mode) {
65c7c491 1792 case L2CAP_MODE_BASIC:
8c1d787b
GP		 1793 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1794 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 1795 break;
1796
62547752
GP		 1797 rfc.mode = L2CAP_MODE_BASIC;
1798 rfc.txwin_size = 0;
1799 rfc.max_transmit = 0;
1800 rfc.retrans_timeout = 0;
1801 rfc.monitor_timeout = 0;
1802 rfc.max_pdu_size = 0;
1803
63406504
GP		 1804 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1805 (unsigned long) &rfc);
65c7c491
MH		 1806 break;
1807
1808 case L2CAP_MODE_ERTM:
1809 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61
GP		 1810 rfc.txwin_size = chan->tx_win;
1811 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 1812 rfc.retrans_timeout = 0;
1813 rfc.monitor_timeout = 0;
c74e560c 1814 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1815 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1816 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
f2fcfcd6 1817
63406504
GP		 1818 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1819 (unsigned long) &rfc);
1820
8c1d787b 1821 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1822 break;
1823
47d1ec61 1824 if (chan->fcs == L2CAP_FCS_NONE ||
b4450035 1825 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
47d1ec61
GP		 1826 chan->fcs = L2CAP_FCS_NONE;
1827 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1828 }
f2fcfcd6
GP		 1829 break;
1830
1831 case L2CAP_MODE_STREAMING:
1832 rfc.mode = L2CAP_MODE_STREAMING;
1833 rfc.txwin_size = 0;
1834 rfc.max_transmit = 0;
1835 rfc.retrans_timeout = 0;
1836 rfc.monitor_timeout = 0;
c74e560c 1837 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1838 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1839 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
65c7c491 1840
63406504
GP		 1841 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1842 (unsigned long) &rfc);
1843
8c1d787b 1844 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1845 break;
1846
47d1ec61 1847 if (chan->fcs == L2CAP_FCS_NONE ||
b4450035 1848 chan->conf_state & L2CAP_CONF_NO_FCS_RECV) {
47d1ec61
GP		 1849 chan->fcs = L2CAP_FCS_NONE;
1850 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1851 }
65c7c491
MH		 1852 break;
1853 }
1da177e4 1854
fe4128e0 1855 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 1856 req->flags = cpu_to_le16(0);
1da177e4
LT		 1857
1858 return ptr - data;
1859}
1860
73ffa904 1861static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1862{
5dee9e7c
MH		 1863 struct l2cap_conf_rsp *rsp = data;
1864 void *ptr = rsp->data;
73ffa904
GP		 1865 void *req = chan->conf_req;
1866 int len = chan->conf_len;
5dee9e7c
MH		 1867 int type, hint, olen;
1868 unsigned long val;
6464f35f 1869 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1870 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1871 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1872
73ffa904 1873 BT_DBG("chan %p", chan);
820ae1b8 1874
5dee9e7c
MH		 1875 while (len >= L2CAP_CONF_OPT_SIZE) {
1876 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 1877
589d2746 1878 hint = type & L2CAP_CONF_HINT;
47ec1dcd 1879 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 1880
1881 switch (type) {
1882 case L2CAP_CONF_MTU:
861d6882 1883 mtu = val;
5dee9e7c
MH		 1884 break;
1885
1886 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 1887 chan->flush_to = val;
5dee9e7c
MH		 1888 break;
1889
1890 case L2CAP_CONF_QOS:
1891 break;
1892
6464f35f
MH		 1893 case L2CAP_CONF_RFC:
1894 if (olen == sizeof(rfc))
1895 memcpy(&rfc, (void *) val, olen);
1896 break;
1897
fcc203c3
GP		 1898 case L2CAP_CONF_FCS:
1899 if (val == L2CAP_FCS_NONE)
b4450035 1900 chan->conf_state |= L2CAP_CONF_NO_FCS_RECV;
fcc203c3
GP		 1901
1902 break;
1903
5dee9e7c
MH		 1904 default:
1905 if (hint)
1906 break;
1907
1908 result = L2CAP_CONF_UNKNOWN;
1909 *((u8 *) ptr++) = type;
1910 break;
1911 }
1912 }
1913
73ffa904 1914 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 1915 goto done;
1916
0c1bc5c6 1917 switch (chan->mode) {
f2fcfcd6
GP		 1918 case L2CAP_MODE_STREAMING:
1919 case L2CAP_MODE_ERTM:
b4450035 1920 if (!(chan->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
0c1bc5c6 1921 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 1922 chan->conn->feat_mask);
85eb53c6
GP		 1923 break;
1924 }
1925
0c1bc5c6 1926 if (chan->mode != rfc.mode)
f2fcfcd6 1927 return -ECONNREFUSED;
742e519b 1928
f2fcfcd6 1929 break;
f2fcfcd6
GP		 1930 }
1931
1932done:
0c1bc5c6 1933 if (chan->mode != rfc.mode) {
f2fcfcd6 1934 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 1935 rfc.mode = chan->mode;
f2fcfcd6 1936
73ffa904 1937 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 1938 return -ECONNREFUSED;
1939
1940 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1941 sizeof(rfc), (unsigned long) &rfc);
1942 }
1943
1944
5dee9e7c
MH		 1945 if (result == L2CAP_CONF_SUCCESS) {
1946 /* Configure output options and let the other side know
1947 * which ones we don't like. */
1948
f2fcfcd6
GP		 1949 if (mtu < L2CAP_DEFAULT_MIN_MTU)
1950 result = L2CAP_CONF_UNACCEPT;
1951 else {
0c1bc5c6 1952 chan->omtu = mtu;
b4450035 1953 chan->conf_state |= L2CAP_CONF_MTU_DONE;
f2fcfcd6 1954 }
0c1bc5c6 1955 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 1956
f2fcfcd6
GP		 1957 switch (rfc.mode) {
1958 case L2CAP_MODE_BASIC:
47d1ec61 1959 chan->fcs = L2CAP_FCS_NONE;
b4450035 1960 chan->conf_state |= L2CAP_CONF_MODE_DONE;
f2fcfcd6
GP		 1961 break;
1962
1963 case L2CAP_MODE_ERTM:
2c03a7a4
GP		 1964 chan->remote_tx_win = rfc.txwin_size;
1965 chan->remote_max_tx = rfc.max_transmit;
86b1b263 1966
8c1d787b
GP		 1967 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1968 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 1969
2c03a7a4 1970 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 1971
10467e9e
GP		 1972 rfc.retrans_timeout =
1973 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
1974 rfc.monitor_timeout =
1975 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 1976
b4450035 1977 chan->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 1978
1979 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1980 sizeof(rfc), (unsigned long) &rfc);
1981
f2fcfcd6
GP		 1982 break;
1983
1984 case L2CAP_MODE_STREAMING:
8c1d787b
GP		 1985 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
1986 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 1987
2c03a7a4 1988 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 1989
b4450035 1990 chan->conf_state |= L2CAP_CONF_MODE_DONE;
68ae6639
GP		 1991
1992 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
1993 sizeof(rfc), (unsigned long) &rfc);
1994
f2fcfcd6
GP		 1995 break;
1996
1997 default:
5dee9e7c 1998 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 1999
6464f35f 2000 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2001 rfc.mode = chan->mode;
f2fcfcd6 2002 }
6464f35f 2003
f2fcfcd6 2004 if (result == L2CAP_CONF_SUCCESS)
b4450035 2005 chan->conf_state |= L2CAP_CONF_OUTPUT_DONE;
f2fcfcd6 2006 }
fe4128e0 2007 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2008 rsp->result = cpu_to_le16(result);
2009 rsp->flags = cpu_to_le16(0x0000);
2010
2011 return ptr - data;
1da177e4
LT		 2012}
2013
b4450035 2014static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2015{
f2fcfcd6
GP		 2016 struct l2cap_conf_req *req = data;
2017 void *ptr = req->data;
2018 int type, olen;
2019 unsigned long val;
2020 struct l2cap_conf_rfc rfc;
2021
fe4128e0 2022 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2023
2024 while (len >= L2CAP_CONF_OPT_SIZE) {
2025 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2026
2027 switch (type) {
2028 case L2CAP_CONF_MTU:
2029 if (val < L2CAP_DEFAULT_MIN_MTU) {
2030 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2031 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2032 } else
0c1bc5c6
GP		 2033 chan->imtu = val;
2034 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2035 break;
2036
2037 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2038 chan->flush_to = val;
f2fcfcd6 2039 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2040 2, chan->flush_to);
f2fcfcd6
GP		 2041 break;
2042
2043 case L2CAP_CONF_RFC:
2044 if (olen == sizeof(rfc))
2045 memcpy(&rfc, (void *)val, olen);
2046
b4450035 2047 if ((chan->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
0c1bc5c6 2048 rfc.mode != chan->mode)
f2fcfcd6
GP		 2049 return -ECONNREFUSED;
2050
47d1ec61 2051 chan->fcs = 0;
f2fcfcd6
GP		 2052
2053 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2054 sizeof(rfc), (unsigned long) &rfc);
2055 break;
2056 }
2057 }
2058
0c1bc5c6 2059 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2060 return -ECONNREFUSED;
2061
0c1bc5c6 2062 chan->mode = rfc.mode;
6c2ea7a8 2063
f2fcfcd6
GP		 2064 if (*result == L2CAP_CONF_SUCCESS) {
2065 switch (rfc.mode) {
2066 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2067 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2068 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2069 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2070 break;
2071 case L2CAP_MODE_STREAMING:
47d1ec61 2072 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2073 }
2074 }
2075
fe4128e0 2076 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2077 req->flags = cpu_to_le16(0x0000);
2078
2079 return ptr - data;
2080}
2081
fe4128e0 2082static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2083{
2084 struct l2cap_conf_rsp *rsp = data;
2085 void *ptr = rsp->data;
1da177e4 2086
fe4128e0 2087 BT_DBG("chan %p", chan);
1da177e4 2088
fe4128e0 2089 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2090 rsp->result = cpu_to_le16(result);
aca3192c 2091 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2092
2093 return ptr - data;
2094}
2095
8c1d787b 2096void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2097{
2098 struct l2cap_conn_rsp rsp;
8c1d787b 2099 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2100 u8 buf[128];
2101
fe4128e0
GP		 2102 rsp.scid = cpu_to_le16(chan->dcid);
2103 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2104 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2105 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2106 l2cap_send_cmd(conn, chan->ident,
2107 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2108
b4450035 2109 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
710f9b0a
GP		 2110 return;
2111
b4450035 2112 chan->conf_state |= L2CAP_CONF_REQ_SENT;
710f9b0a
GP		 2113 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2114 l2cap_build_conf_req(chan, buf), buf);
2115 chan->num_conf_req++;
2116}
2117
47d1ec61 2118static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2119{
7b1c0049
GP		 2120 int type, olen;
2121 unsigned long val;
2122 struct l2cap_conf_rfc rfc;
2123
47d1ec61 2124 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2125
0c1bc5c6 2126 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2127 return;
2128
2129 while (len >= L2CAP_CONF_OPT_SIZE) {
2130 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2131
2132 switch (type) {
2133 case L2CAP_CONF_RFC:
2134 if (olen == sizeof(rfc))
2135 memcpy(&rfc, (void *)val, olen);
2136 goto done;
2137 }
2138 }
2139
2140done:
2141 switch (rfc.mode) {
2142 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2143 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2144 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2145 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2146 break;
2147 case L2CAP_MODE_STREAMING:
47d1ec61 2148 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2149 }
2150}
2151
4e8402a3
MH		 2152static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2153{
2154 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2155
2156 if (rej->reason != 0x0000)
2157 return 0;
2158
2159 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2160 cmd->ident == conn->info_ident) {
4e8402a3 2161 del_timer(&conn->info_timer);
984947dc
MH		 2162
2163 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2164 conn->info_ident = 0;
984947dc 2165
4e8402a3
MH		 2166 l2cap_conn_start(conn);
2167 }
2168
2169 return 0;
2170}
2171
1da177e4
LT		 2172static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2173{
1da177e4
LT		 2174 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2175 struct l2cap_conn_rsp rsp;
23691d75 2176 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2177 struct sock *parent, *sk = NULL;
e7c29cb1 2178 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2179
2180 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2181 __le16 psm = req->psm;
1da177e4
LT		 2182
2183 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2184
2185 /* Check if we have socket listening on psm */
23691d75
GP		 2186 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2187 if (!pchan) {
1da177e4
LT		 2188 result = L2CAP_CR_BAD_PSM;
2189 goto sendresp;
2190 }
2191
23691d75
GP		 2192 parent = pchan->sk;
2193
e0f0cb56
GP		 2194 bh_lock_sock(parent);
2195
e7c29cb1
MH		 2196 /* Check if the ACL is secure enough (if not SDP) */
2197 if (psm != cpu_to_le16(0x0001) &&
2198 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2199 conn->disc_reason = 0x05;
e7c29cb1
MH		 2200 result = L2CAP_CR_SEC_BLOCK;
2201 goto response;
2202 }
2203
1da177e4
LT		 2204 result = L2CAP_CR_NO_MEM;
2205
2206 /* Check for backlog size */
2207 if (sk_acceptq_is_full(parent)) {
8e87d142 2208 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2209 goto response;
2210 }
2211
3b1e0a65 2212 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1da177e4
LT		 2213 if (!sk)
2214 goto response;
2215
23691d75 2216 chan = l2cap_chan_create(sk);
48454079
GP		 2217 if (!chan) {
2218 l2cap_sock_kill(sk);
2219 goto response;
2220 }
2221
5d41ce1d
GP		 2222 l2cap_pi(sk)->chan = chan;
2223
baa7e1fa 2224 write_lock_bh(&conn->chan_lock);
1da177e4
LT		 2225
2226 /* Check if we already have channel with that dcid */
baa7e1fa
GP		 2227 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2228 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2229 sock_set_flag(sk, SOCK_ZAPPED);
2230 l2cap_sock_kill(sk);
2231 goto response;
2232 }
2233
2234 hci_conn_hold(conn->hcon);
2235
2236 l2cap_sock_init(sk, parent);
2237 bacpy(&bt_sk(sk)->src, conn->src);
2238 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2239 chan->psm = psm;
2240 chan->dcid = scid;
1da177e4 2241
d1010240
GP		 2242 bt_accept_enqueue(parent, sk);
2243
48454079
GP		 2244 __l2cap_chan_add(conn, chan);
2245
fe4128e0 2246 dcid = chan->scid;
1da177e4
LT		 2247
2248 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2249
fc7f8a7e 2250 chan->ident = cmd->ident;
1da177e4 2251
984947dc 2252 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
4343478f 2253 if (l2cap_check_security(chan)) {
f66dc81f
MH		 2254 if (bt_sk(sk)->defer_setup) {
2255 sk->sk_state = BT_CONNECT2;
2256 result = L2CAP_CR_PEND;
2257 status = L2CAP_CS_AUTHOR_PEND;
2258 parent->sk_data_ready(parent, 0);
2259 } else {
2260 sk->sk_state = BT_CONFIG;
2261 result = L2CAP_CR_SUCCESS;
2262 status = L2CAP_CS_NO_INFO;
2263 }
79d554a6
MH		 2264 } else {
2265 sk->sk_state = BT_CONNECT2;
2266 result = L2CAP_CR_PEND;
2267 status = L2CAP_CS_AUTHEN_PEND;
2268 }
2269 } else {
2270 sk->sk_state = BT_CONNECT2;
2271 result = L2CAP_CR_PEND;
2272 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2273 }
2274
baa7e1fa 2275 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2276
2277response:
2278 bh_unlock_sock(parent);
2279
2280sendresp:
aca3192c
YH		 2281 rsp.scid = cpu_to_le16(scid);
2282 rsp.dcid = cpu_to_le16(dcid);
2283 rsp.result = cpu_to_le16(result);
2284 rsp.status = cpu_to_le16(status);
1da177e4 2285 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2286
2287 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2288 struct l2cap_info_req info;
2289 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2290
2291 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2292 conn->info_ident = l2cap_get_ident(conn);
2293
2294 mod_timer(&conn->info_timer, jiffies +
2295 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2296
2297 l2cap_send_cmd(conn, conn->info_ident,
2298 L2CAP_INFO_REQ, sizeof(info), &info);
2299 }
2300
b4450035 2301 if (chan && !(chan->conf_state & L2CAP_CONF_REQ_SENT) &&
e9aeb2dd
GP		 2302 result == L2CAP_CR_SUCCESS) {
2303 u8 buf[128];
b4450035 2304 chan->conf_state |= L2CAP_CONF_REQ_SENT;
e9aeb2dd 2305 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2306 l2cap_build_conf_req(chan, buf), buf);
2307 chan->num_conf_req++;
e9aeb2dd
GP		 2308 }
2309
1da177e4
LT		 2310 return 0;
2311}
2312
2313static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2314{
2315 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2316 u16 scid, dcid, result, status;
48454079 2317 struct l2cap_chan *chan;
1da177e4
LT		 2318 struct sock *sk;
2319 u8 req[128];
2320
2321 scid = __le16_to_cpu(rsp->scid);
2322 dcid = __le16_to_cpu(rsp->dcid);
2323 result = __le16_to_cpu(rsp->result);
2324 status = __le16_to_cpu(rsp->status);
2325
2326 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2327
2328 if (scid) {
baa7e1fa 2329 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2330 if (!chan)
57d3b22b 2331 return -EFAULT;
1da177e4 2332 } else {
baa7e1fa 2333 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
48454079 2334 if (!chan)
57d3b22b 2335 return -EFAULT;
1da177e4
LT		 2336 }
2337
48454079
GP		 2338 sk = chan->sk;
2339
1da177e4
LT		 2340 switch (result) {
2341 case L2CAP_CR_SUCCESS:
2342 sk->sk_state = BT_CONFIG;
fc7f8a7e 2343 chan->ident = 0;
fe4128e0 2344 chan->dcid = dcid;
b4450035 2345 chan->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
6a8d3010 2346
b4450035 2347 if (chan->conf_state & L2CAP_CONF_REQ_SENT)
e9aeb2dd
GP		 2348 break;
2349
b4450035 2350 chan->conf_state |= L2CAP_CONF_REQ_SENT;
e9aeb2dd 2351
1da177e4 2352 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2353 l2cap_build_conf_req(chan, req), req);
2354 chan->num_conf_req++;
1da177e4
LT		 2355 break;
2356
2357 case L2CAP_CR_PEND:
b4450035 2358 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4
LT		 2359 break;
2360
2361 default:
a49184c2
AE		 2362 /* don't delete l2cap channel if sk is owned by user */
2363 if (sock_owned_by_user(sk)) {
2364 sk->sk_state = BT_DISCONN;
2365 l2cap_sock_clear_timer(sk);
2366 l2cap_sock_set_timer(sk, HZ / 5);
2367 break;
2368 }
2369
48454079 2370 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2371 break;
2372 }
2373
2374 bh_unlock_sock(sk);
2375 return 0;
2376}
2377
47d1ec61 2378static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60 2379{
47d1ec61
GP		 2380 struct l2cap_pinfo *pi = l2cap_pi(chan->sk);
2381
8c462b60
MM		 2382 /* FCS is enabled only in ERTM or streaming mode, if one or both
2383 * sides request it.
2384 */
0c1bc5c6 2385 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2386 chan->fcs = L2CAP_FCS_NONE;
b4450035 2387 else if (!(pi->chan->conf_state & L2CAP_CONF_NO_FCS_RECV))
47d1ec61 2388 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2389}
2390
88219a0f 2391static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2392{
2393 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2394 u16 dcid, flags;
2395 u8 rsp[64];
48454079 2396 struct l2cap_chan *chan;
1da177e4 2397 struct sock *sk;
5dee9e7c 2398 int len;
1da177e4
LT		 2399
2400 dcid = __le16_to_cpu(req->dcid);
2401 flags = __le16_to_cpu(req->flags);
2402
2403 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2404
baa7e1fa 2405 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2406 if (!chan)
1da177e4
LT		 2407 return -ENOENT;
2408
48454079
GP		 2409 sk = chan->sk;
2410
df6bd743
GP		 2411 if (sk->sk_state != BT_CONFIG) {
2412 struct l2cap_cmd_rej rej;
2413
2414 rej.reason = cpu_to_le16(0x0002);
2415 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2416 sizeof(rej), &rej);
354f60a9 2417 goto unlock;
df6bd743 2418 }
354f60a9 2419
5dee9e7c 2420 /* Reject if config buffer is too small. */
88219a0f 2421 len = cmd_len - sizeof(*req);
73ffa904 2422 if (chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2423 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2424 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2425 L2CAP_CONF_REJECT, flags), rsp);
2426 goto unlock;
2427 }
2428
2429 /* Store config. */
73ffa904
GP		 2430 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2431 chan->conf_len += len;
1da177e4
LT		 2432
2433 if (flags & 0x0001) {
2434 /* Incomplete config. Send empty response. */
2435 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2436 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2437 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2438 goto unlock;
2439 }
2440
2441 /* Complete config. */
73ffa904 2442 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2443 if (len < 0) {
e92c8e70 2444 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2445 goto unlock;
f2fcfcd6 2446 }
1da177e4 2447
5dee9e7c 2448 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2449 chan->num_conf_rsp++;
5dee9e7c 2450
5dee9e7c 2451 /* Reset config buffer. */
73ffa904 2452 chan->conf_len = 0;
5dee9e7c 2453
b4450035 2454 if (!(chan->conf_state & L2CAP_CONF_OUTPUT_DONE))
876d9484
MH		 2455 goto unlock;
2456
b4450035 2457 if (chan->conf_state & L2CAP_CONF_INPUT_DONE) {
47d1ec61 2458 set_default_fcs(chan);
fcc203c3 2459
1da177e4 2460 sk->sk_state = BT_CONNECTED;
e90bac06 2461
42e5c802
GP		 2462 chan->next_tx_seq = 0;
2463 chan->expected_tx_seq = 0;
58d35f87 2464 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2465 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2466 l2cap_ertm_init(chan);
0565c1c2 2467
1da177e4 2468 l2cap_chan_ready(sk);
876d9484
MH		 2469 goto unlock;
2470 }
2471
b4450035 2472 if (!(chan->conf_state & L2CAP_CONF_REQ_SENT)) {
79d554a6 2473 u8 buf[64];
b4450035 2474 chan->conf_state |= L2CAP_CONF_REQ_SENT;
1da177e4 2475 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2476 l2cap_build_conf_req(chan, buf), buf);
2477 chan->num_conf_req++;
1da177e4
LT		 2478 }
2479
2480unlock:
2481 bh_unlock_sock(sk);
2482 return 0;
2483}
2484
2485static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2486{
2487 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2488 u16 scid, flags, result;
48454079 2489 struct l2cap_chan *chan;
1da177e4 2490 struct sock *sk;
7b1c0049 2491 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2492
2493 scid = __le16_to_cpu(rsp->scid);
2494 flags = __le16_to_cpu(rsp->flags);
2495 result = __le16_to_cpu(rsp->result);
2496
af05b30b
GP		 2497 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2498 scid, flags, result);
1da177e4 2499
baa7e1fa 2500 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2501 if (!chan)
1da177e4
LT		 2502 return 0;
2503
48454079
GP		 2504 sk = chan->sk;
2505
1da177e4
LT		 2506 switch (result) {
2507 case L2CAP_CONF_SUCCESS:
47d1ec61 2508 l2cap_conf_rfc_get(chan, rsp->data, len);
1da177e4
LT		 2509 break;
2510
2511 case L2CAP_CONF_UNACCEPT:
73ffa904 2512 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2513 char req[64];
2514
c2c77ec8 2515 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2516 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2517 goto done;
2518 }
2519
f2fcfcd6
GP		 2520 /* throw out any old stored conf requests */
2521 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2522 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2523 req, &result);
f2fcfcd6 2524 if (len < 0) {
e92c8e70 2525 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2526 goto done;
2527 }
2528
2529 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2530 L2CAP_CONF_REQ, len, req);
73ffa904 2531 chan->num_conf_req++;
f2fcfcd6
GP		 2532 if (result != L2CAP_CONF_SUCCESS)
2533 goto done;
2534 break;
1da177e4
LT		 2535 }
2536
8e87d142 2537 default:
b1235d79 2538 sk->sk_err = ECONNRESET;
1da177e4 2539 l2cap_sock_set_timer(sk, HZ * 5);
e92c8e70 2540 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 2541 goto done;
2542 }
2543
2544 if (flags & 0x01)
2545 goto done;
2546
b4450035 2547 chan->conf_state |= L2CAP_CONF_INPUT_DONE;
1da177e4 2548
b4450035 2549 if (chan->conf_state & L2CAP_CONF_OUTPUT_DONE) {
47d1ec61 2550 set_default_fcs(chan);
fcc203c3 2551
1da177e4 2552 sk->sk_state = BT_CONNECTED;
42e5c802
GP		 2553 chan->next_tx_seq = 0;
2554 chan->expected_tx_seq = 0;
58d35f87 2555 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2556 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2557 l2cap_ertm_init(chan);
0565c1c2 2558
1da177e4
LT		 2559 l2cap_chan_ready(sk);
2560 }
2561
2562done:
2563 bh_unlock_sock(sk);
2564 return 0;
2565}
2566
2567static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2568{
2569 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2570 struct l2cap_disconn_rsp rsp;
2571 u16 dcid, scid;
48454079 2572 struct l2cap_chan *chan;
1da177e4
LT		 2573 struct sock *sk;
2574
2575 scid = __le16_to_cpu(req->scid);
2576 dcid = __le16_to_cpu(req->dcid);
2577
2578 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2579
baa7e1fa 2580 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2581 if (!chan)
1da177e4
LT		 2582 return 0;
2583
48454079
GP		 2584 sk = chan->sk;
2585
fe4128e0
GP		 2586 rsp.dcid = cpu_to_le16(chan->scid);
2587 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 2588 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2589
2590 sk->sk_shutdown = SHUTDOWN_MASK;
2591
a49184c2
AE		 2592 /* don't delete l2cap channel if sk is owned by user */
2593 if (sock_owned_by_user(sk)) {
2594 sk->sk_state = BT_DISCONN;
2595 l2cap_sock_clear_timer(sk);
2596 l2cap_sock_set_timer(sk, HZ / 5);
2597 bh_unlock_sock(sk);
2598 return 0;
2599 }
2600
48454079 2601 l2cap_chan_del(chan, ECONNRESET);
1da177e4
LT		 2602 bh_unlock_sock(sk);
2603
2604 l2cap_sock_kill(sk);
2605 return 0;
2606}
2607
2608static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2609{
2610 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2611 u16 dcid, scid;
48454079 2612 struct l2cap_chan *chan;
1da177e4
LT		 2613 struct sock *sk;
2614
2615 scid = __le16_to_cpu(rsp->scid);
2616 dcid = __le16_to_cpu(rsp->dcid);
2617
2618 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2619
baa7e1fa 2620 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2621 if (!chan)
1da177e4
LT		 2622 return 0;
2623
48454079
GP		 2624 sk = chan->sk;
2625
a49184c2
AE		 2626 /* don't delete l2cap channel if sk is owned by user */
2627 if (sock_owned_by_user(sk)) {
2628 sk->sk_state = BT_DISCONN;
2629 l2cap_sock_clear_timer(sk);
2630 l2cap_sock_set_timer(sk, HZ / 5);
2631 bh_unlock_sock(sk);
2632 return 0;
2633 }
2634
48454079 2635 l2cap_chan_del(chan, 0);
1da177e4
LT		 2636 bh_unlock_sock(sk);
2637
2638 l2cap_sock_kill(sk);
2639 return 0;
2640}
2641
2642static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2643{
2644 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2645 u16 type;
2646
2647 type = __le16_to_cpu(req->type);
2648
2649 BT_DBG("type 0x%4.4x", type);
2650
f0709e03
MH		 2651 if (type == L2CAP_IT_FEAT_MASK) {
2652 u8 buf[8];
44dd46de 2653 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2654 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2655 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2656 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2657 if (!disable_ertm)
fcc203c3
GP		 2658 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2659 | L2CAP_FEAT_FCS;
1b7bf4ed 2660 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2661 l2cap_send_cmd(conn, cmd->ident,
2662 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2663 } else if (type == L2CAP_IT_FIXED_CHAN) {
2664 u8 buf[12];
2665 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2666 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2667 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2668 memcpy(buf + 4, l2cap_fixed_chan, 8);
2669 l2cap_send_cmd(conn, cmd->ident,
2670 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2671 } else {
2672 struct l2cap_info_rsp rsp;
2673 rsp.type = cpu_to_le16(type);
2674 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2675 l2cap_send_cmd(conn, cmd->ident,
2676 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2677 }
1da177e4
LT		 2678
2679 return 0;
2680}
2681
2682static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2683{
2684 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2685 u16 type, result;
2686
2687 type = __le16_to_cpu(rsp->type);
2688 result = __le16_to_cpu(rsp->result);
2689
2690 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2691
e90165be
AE		 2692 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2693 if (cmd->ident != conn->info_ident ||
2694 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2695 return 0;
2696
4e8402a3
MH		 2697 del_timer(&conn->info_timer);
2698
adb08ede
VT		 2699 if (result != L2CAP_IR_SUCCESS) {
2700 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2701 conn->info_ident = 0;
2702
2703 l2cap_conn_start(conn);
2704
2705 return 0;
2706 }
2707
984947dc 2708 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2709 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2710
47ec1dcd 2711 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2712 struct l2cap_info_req req;
2713 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2714
2715 conn->info_ident = l2cap_get_ident(conn);
2716
2717 l2cap_send_cmd(conn, conn->info_ident,
2718 L2CAP_INFO_REQ, sizeof(req), &req);
2719 } else {
2720 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2721 conn->info_ident = 0;
2722
2723 l2cap_conn_start(conn);
2724 }
2725 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2726 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2727 conn->info_ident = 0;
984947dc
MH		 2728
2729 l2cap_conn_start(conn);
2730 }
4e8402a3 2731
1da177e4
LT		 2732 return 0;
2733}
2734
e2174ca4 2735static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 2736 u16 to_multiplier)
2737{
2738 u16 max_latency;
2739
2740 if (min > max || min < 6 || max > 3200)
2741 return -EINVAL;
2742
2743 if (to_multiplier < 10 || to_multiplier > 3200)
2744 return -EINVAL;
2745
2746 if (max >= to_multiplier * 8)
2747 return -EINVAL;
2748
2749 max_latency = (to_multiplier * 8 / max) - 1;
2750 if (latency > 499 || latency > max_latency)
2751 return -EINVAL;
2752
2753 return 0;
2754}
2755
2756static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2757 struct l2cap_cmd_hdr *cmd, u8 *data)
2758{
2759 struct hci_conn *hcon = conn->hcon;
2760 struct l2cap_conn_param_update_req *req;
2761 struct l2cap_conn_param_update_rsp rsp;
2762 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 2763 int err;
de73115a
CT		 2764
2765 if (!(hcon->link_mode & HCI_LM_MASTER))
2766 return -EINVAL;
2767
2768 cmd_len = __le16_to_cpu(cmd->len);
2769 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2770 return -EPROTO;
2771
2772 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 2773 min = __le16_to_cpu(req->min);
2774 max = __le16_to_cpu(req->max);
de73115a
CT		 2775 latency = __le16_to_cpu(req->latency);
2776 to_multiplier = __le16_to_cpu(req->to_multiplier);
2777
2778 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2779 min, max, latency, to_multiplier);
2780
2781 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 2782
2783 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2784 if (err)
de73115a
CT		 2785 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2786 else
2787 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2788
2789 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2790 sizeof(rsp), &rsp);
2791
2ce603eb
CT		 2792 if (!err)
2793 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2794
de73115a
CT		 2795 return 0;
2796}
2797
3300d9a9
CT		 2798static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2799 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2800{
2801 int err = 0;
2802
2803 switch (cmd->code) {
2804 case L2CAP_COMMAND_REJ:
2805 l2cap_command_rej(conn, cmd, data);
2806 break;
2807
2808 case L2CAP_CONN_REQ:
2809 err = l2cap_connect_req(conn, cmd, data);
2810 break;
2811
2812 case L2CAP_CONN_RSP:
2813 err = l2cap_connect_rsp(conn, cmd, data);
2814 break;
2815
2816 case L2CAP_CONF_REQ:
2817 err = l2cap_config_req(conn, cmd, cmd_len, data);
2818 break;
2819
2820 case L2CAP_CONF_RSP:
2821 err = l2cap_config_rsp(conn, cmd, data);
2822 break;
2823
2824 case L2CAP_DISCONN_REQ:
2825 err = l2cap_disconnect_req(conn, cmd, data);
2826 break;
2827
2828 case L2CAP_DISCONN_RSP:
2829 err = l2cap_disconnect_rsp(conn, cmd, data);
2830 break;
2831
2832 case L2CAP_ECHO_REQ:
2833 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
2834 break;
2835
2836 case L2CAP_ECHO_RSP:
2837 break;
2838
2839 case L2CAP_INFO_REQ:
2840 err = l2cap_information_req(conn, cmd, data);
2841 break;
2842
2843 case L2CAP_INFO_RSP:
2844 err = l2cap_information_rsp(conn, cmd, data);
2845 break;
2846
2847 default:
2848 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
2849 err = -EINVAL;
2850 break;
2851 }
2852
2853 return err;
2854}
2855
2856static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
2857 struct l2cap_cmd_hdr *cmd, u8 *data)
2858{
2859 switch (cmd->code) {
2860 case L2CAP_COMMAND_REJ:
2861 return 0;
2862
2863 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 2864 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 2865
2866 case L2CAP_CONN_PARAM_UPDATE_RSP:
2867 return 0;
2868
2869 default:
2870 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
2871 return -EINVAL;
2872 }
2873}
2874
2875static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2876 struct sk_buff *skb)
1da177e4
LT		 2877{
2878 u8 *data = skb->data;
2879 int len = skb->len;
2880 struct l2cap_cmd_hdr cmd;
3300d9a9 2881 int err;
1da177e4
LT		 2882
2883 l2cap_raw_recv(conn, skb);
2884
2885 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 2886 u16 cmd_len;
1da177e4
LT		 2887 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
2888 data += L2CAP_CMD_HDR_SIZE;
2889 len -= L2CAP_CMD_HDR_SIZE;
2890
88219a0f 2891 cmd_len = le16_to_cpu(cmd.len);
1da177e4 2892
88219a0f 2893 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 2894
88219a0f 2895 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 2896 BT_DBG("corrupted command");
2897 break;
2898 }
2899
3300d9a9
CT		 2900 if (conn->hcon->type == LE_LINK)
2901 err = l2cap_le_sig_cmd(conn, &cmd, data);
2902 else
2903 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 2904
2905 if (err) {
2906 struct l2cap_cmd_rej rej;
2c6d1a2e
GP		 2907
2908 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 2909
2910 /* FIXME: Map err to a valid reason */
aca3192c 2911 rej.reason = cpu_to_le16(0);
1da177e4
LT		 2912 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
2913 }
2914
88219a0f
AV		 2915 data += cmd_len;
2916 len -= cmd_len;
1da177e4
LT		 2917 }
2918
2919 kfree_skb(skb);
2920}
2921
47d1ec61 2922static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 2923{
2924 u16 our_fcs, rcv_fcs;
2925 int hdr_size = L2CAP_HDR_SIZE + 2;
2926
47d1ec61 2927 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 2928 skb_trim(skb, skb->len - 2);
2929 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
2930 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
2931
2932 if (our_fcs != rcv_fcs)
7a560e5c 2933 return -EBADMSG;
fcc203c3
GP		 2934 }
2935 return 0;
2936}
2937
525cd185 2938static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 2939{
d5392c8f
GP		 2940 u16 control = 0;
2941
6a026610 2942 chan->frames_sent = 0;
d5392c8f 2943
42e5c802 2944 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
d5392c8f 2945
525cd185 2946 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
64988868 2947 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185
GP		 2948 l2cap_send_sframe(chan, control);
2949 chan->conn_state |= L2CAP_CONN_RNR_SENT;
d5392c8f
GP		 2950 }
2951
525cd185
GP		 2952 if (chan->conn_state & L2CAP_CONN_REMOTE_BUSY)
2953 l2cap_retransmit_frames(chan);
d5392c8f 2954
525cd185 2955 l2cap_ertm_send(chan);
d5392c8f 2956
525cd185 2957 if (!(chan->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
6a026610 2958 chan->frames_sent == 0) {
d5392c8f 2959 control |= L2CAP_SUPER_RCV_READY;
525cd185 2960 l2cap_send_sframe(chan, control);
d5392c8f
GP		 2961 }
2962}
2963
42e5c802 2964static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
8f17154f
GP		 2965{
2966 struct sk_buff *next_skb;
bfbacc11 2967 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 2968
2969 bt_cb(skb)->tx_seq = tx_seq;
2970 bt_cb(skb)->sar = sar;
2971
f1c6775b 2972 next_skb = skb_peek(&chan->srej_q);
8f17154f 2973 if (!next_skb) {
f1c6775b 2974 __skb_queue_tail(&chan->srej_q, skb);
9b53350d 2975 return 0;
8f17154f
GP		 2976 }
2977
42e5c802 2978 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
bfbacc11
JPRV		 2979 if (tx_seq_offset < 0)
2980 tx_seq_offset += 64;
2981
8f17154f 2982 do {
9b53350d
JPRV		 2983 if (bt_cb(next_skb)->tx_seq == tx_seq)
2984 return -EINVAL;
2985
bfbacc11 2986 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
42e5c802 2987 chan->buffer_seq) % 64;
bfbacc11
JPRV		 2988 if (next_tx_seq_offset < 0)
2989 next_tx_seq_offset += 64;
2990
2991 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 2992 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 2993 return 0;
8f17154f
GP		 2994 }
2995
f1c6775b 2996 if (skb_queue_is_last(&chan->srej_q, next_skb))
8f17154f
GP		 2997 break;
2998
f1c6775b 2999 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
8f17154f 3000
f1c6775b 3001 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3002
3003 return 0;
8f17154f
GP		 3004}
3005
525cd185 3006static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
18778a63 3007{
18778a63 3008 struct sk_buff *_skb;
1890d36b 3009 int err;
18778a63
GP		 3010
3011 switch (control & L2CAP_CTRL_SAR) {
3012 case L2CAP_SDU_UNSEGMENTED:
525cd185 3013 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
18778a63
GP		 3014 goto drop;
3015
224f8af0 3016 return sock_queue_rcv_skb(chan->sk, skb);
18778a63
GP		 3017
3018 case L2CAP_SDU_START:
525cd185 3019 if (chan->conn_state & L2CAP_CONN_SAR_SDU)
18778a63
GP		 3020 goto drop;
3021
6f61fd47 3022 chan->sdu_len = get_unaligned_le16(skb->data);
18778a63 3023
0c1bc5c6 3024 if (chan->sdu_len > chan->imtu)
18778a63
GP		 3025 goto disconnect;
3026
6f61fd47
GP		 3027 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3028 if (!chan->sdu)
1890d36b
GP		 3029 return -ENOMEM;
3030
3031 /* pull sdu_len bytes only after alloc, because of Local Busy
3032 * condition we have to be sure that this will be executed
3033 * only once, i.e., when alloc does not fail */
3034 skb_pull(skb, 2);
18778a63 3035
6f61fd47 3036 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
18778a63 3037
525cd185 3038 chan->conn_state |= L2CAP_CONN_SAR_SDU;
6f61fd47 3039 chan->partial_sdu_len = skb->len;
18778a63
GP		 3040 break;
3041
3042 case L2CAP_SDU_CONTINUE:
525cd185 3043 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
18778a63
GP		 3044 goto disconnect;
3045
6f61fd47 3046 if (!chan->sdu)
18778a63
GP		 3047 goto disconnect;
3048
6f61fd47
GP		 3049 chan->partial_sdu_len += skb->len;
3050 if (chan->partial_sdu_len > chan->sdu_len)
18778a63
GP		 3051 goto drop;
3052
6f61fd47 3053 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
4178ba46 3054
18778a63
GP		 3055 break;
3056
3057 case L2CAP_SDU_END:
525cd185 3058 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
18778a63
GP		 3059 goto disconnect;
3060
6f61fd47 3061 if (!chan->sdu)
18778a63
GP		 3062 goto disconnect;
3063
525cd185 3064 if (!(chan->conn_state & L2CAP_CONN_SAR_RETRY)) {
6f61fd47 3065 chan->partial_sdu_len += skb->len;
18778a63 3066
0c1bc5c6 3067 if (chan->partial_sdu_len > chan->imtu)
1890d36b 3068 goto drop;
18778a63 3069
6f61fd47 3070 if (chan->partial_sdu_len != chan->sdu_len)
1890d36b 3071 goto drop;
4178ba46 3072
6f61fd47 3073 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
1890d36b 3074 }
18778a63 3075
6f61fd47 3076 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
1890d36b 3077 if (!_skb) {
525cd185 3078 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
1890d36b
GP		 3079 return -ENOMEM;
3080 }
3081
525cd185 3082 err = sock_queue_rcv_skb(chan->sk, _skb);
1890d36b 3083 if (err < 0) {
18778a63 3084 kfree_skb(_skb);
525cd185 3085 chan->conn_state |= L2CAP_CONN_SAR_RETRY;
1890d36b
GP		 3086 return err;
3087 }
3088
525cd185
GP		 3089 chan->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3090 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
18778a63 3091
6f61fd47 3092 kfree_skb(chan->sdu);
18778a63
GP		 3093 break;
3094 }
3095
3096 kfree_skb(skb);
1890d36b 3097 return 0;
18778a63
GP		 3098
3099drop:
6f61fd47
GP		 3100 kfree_skb(chan->sdu);
3101 chan->sdu = NULL;
18778a63
GP		 3102
3103disconnect:
8c1d787b 3104 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
18778a63
GP		 3105 kfree_skb(skb);
3106 return 0;
3107}
3108
525cd185 3109static int l2cap_try_push_rx_skb(struct l2cap_chan *chan)
712132eb 3110{
712132eb
GP		 3111 struct sk_buff *skb;
3112 u16 control;
3113 int err;
3114
f1c6775b 3115 while ((skb = skb_dequeue(&chan->busy_q))) {
712132eb 3116 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
525cd185 3117 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
712132eb 3118 if (err < 0) {
f1c6775b 3119 skb_queue_head(&chan->busy_q, skb);
712132eb
GP		 3120 return -EBUSY;
3121 }
3122
42e5c802 3123 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
712132eb
GP		 3124 }
3125
525cd185 3126 if (!(chan->conn_state & L2CAP_CONN_RNR_SENT))
712132eb
GP		 3127 goto done;
3128
42e5c802 3129 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
712132eb 3130 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
525cd185 3131 l2cap_send_sframe(chan, control);
6a026610 3132 chan->retry_count = 1;
712132eb 3133
e92c8e70 3134 del_timer(&chan->retrans_timer);
712132eb
GP		 3135 __mod_monitor_timer();
3136
525cd185 3137 chan->conn_state |= L2CAP_CONN_WAIT_F;
712132eb
GP		 3138
3139done:
525cd185
GP		 3140 chan->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3141 chan->conn_state &= ~L2CAP_CONN_RNR_SENT;
712132eb 3142
49208c9c 3143 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3144
3145 return 0;
3146}
3147
1890d36b
GP		 3148static void l2cap_busy_work(struct work_struct *work)
3149{
3150 DECLARE_WAITQUEUE(wait, current);
311bb895
GP		 3151 struct l2cap_chan *chan =
3152 container_of(work, struct l2cap_chan, busy_work);
3153 struct sock *sk = chan->sk;
1890d36b
GP		 3154 int n_tries = 0, timeo = HZ/5, err;
3155 struct sk_buff *skb;
1890d36b
GP		 3156
3157 lock_sock(sk);
3158
2b0b05dd 3159 add_wait_queue(sk_sleep(sk), &wait);
311bb895 3160 while ((skb = skb_peek(&chan->busy_q))) {
1890d36b
GP		 3161 set_current_state(TASK_INTERRUPTIBLE);
3162
3163 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3164 err = -EBUSY;
8c1d787b 3165 l2cap_send_disconn_req(chan->conn, chan, EBUSY);
712132eb 3166 break;
1890d36b
GP		 3167 }
3168
3169 if (!timeo)
3170 timeo = HZ/5;
3171
3172 if (signal_pending(current)) {
3173 err = sock_intr_errno(timeo);
712132eb 3174 break;
1890d36b
GP		 3175 }
3176
3177 release_sock(sk);
3178 timeo = schedule_timeout(timeo);
3179 lock_sock(sk);
3180
3181 err = sock_error(sk);
3182 if (err)
712132eb 3183 break;
1890d36b 3184
311bb895 3185 if (l2cap_try_push_rx_skb(chan) == 0)
1890d36b
GP		 3186 break;
3187 }
3188
1890d36b 3189 set_current_state(TASK_RUNNING);
2b0b05dd 3190 remove_wait_queue(sk_sleep(sk), &wait);
1890d36b
GP		 3191
3192 release_sock(sk);
3193}
3194
525cd185 3195static int l2cap_push_rx_skb(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
1890d36b 3196{
1890d36b
GP		 3197 int sctrl, err;
3198
525cd185 3199 if (chan->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1890d36b 3200 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
f1c6775b 3201 __skb_queue_tail(&chan->busy_q, skb);
525cd185 3202 return l2cap_try_push_rx_skb(chan);
712132eb
GP		 3203
3204
1890d36b
GP		 3205 }
3206
525cd185 3207 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
1890d36b 3208 if (err >= 0) {
42e5c802 3209 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
1890d36b
GP		 3210 return err;
3211 }
3212
3213 /* Busy Condition */
311bb895 3214 BT_DBG("chan %p, Enter local busy", chan);
0e98958d 3215
525cd185 3216 chan->conn_state |= L2CAP_CONN_LOCAL_BUSY;
1890d36b 3217 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
f1c6775b 3218 __skb_queue_tail(&chan->busy_q, skb);
1890d36b 3219
42e5c802 3220 sctrl = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1890d36b 3221 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
525cd185 3222 l2cap_send_sframe(chan, sctrl);
1890d36b 3223
525cd185 3224 chan->conn_state |= L2CAP_CONN_RNR_SENT;
1890d36b 3225
e92c8e70 3226 del_timer(&chan->ack_timer);
7fe9b298 3227
311bb895 3228 queue_work(_busy_wq, &chan->busy_work);
1890d36b
GP		 3229
3230 return err;
3231}
3232
525cd185 3233static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
c74e560c 3234{
c74e560c
GP		 3235 struct sk_buff *_skb;
3236 int err = -EINVAL;
3237
18778a63
GP		 3238 /*
3239 * TODO: We have to notify the userland if some data is lost with the
3240 * Streaming Mode.
3241 */
3242
c74e560c
GP		 3243 switch (control & L2CAP_CTRL_SAR) {
3244 case L2CAP_SDU_UNSEGMENTED:
525cd185 3245 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
6f61fd47 3246 kfree_skb(chan->sdu);
c74e560c
GP		 3247 break;
3248 }
3249
525cd185 3250 err = sock_queue_rcv_skb(chan->sk, skb);
c74e560c
GP		 3251 if (!err)
3252 return 0;
3253
3254 break;
3255
3256 case L2CAP_SDU_START:
525cd185 3257 if (chan->conn_state & L2CAP_CONN_SAR_SDU) {
6f61fd47 3258 kfree_skb(chan->sdu);
c74e560c
GP		 3259 break;
3260 }
3261
6f61fd47 3262 chan->sdu_len = get_unaligned_le16(skb->data);
c74e560c
GP		 3263 skb_pull(skb, 2);
3264
0c1bc5c6 3265 if (chan->sdu_len > chan->imtu) {
052897ca
GP		 3266 err = -EMSGSIZE;
3267 break;
3268 }
3269
6f61fd47
GP		 3270 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3271 if (!chan->sdu) {
c74e560c
GP		 3272 err = -ENOMEM;
3273 break;
3274 }
3275
6f61fd47 3276 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3277
525cd185 3278 chan->conn_state |= L2CAP_CONN_SAR_SDU;
6f61fd47 3279 chan->partial_sdu_len = skb->len;
c74e560c
GP		 3280 err = 0;
3281 break;
3282
3283 case L2CAP_SDU_CONTINUE:
525cd185 3284 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
c74e560c
GP		 3285 break;
3286
6f61fd47 3287 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3288
6f61fd47
GP		 3289 chan->partial_sdu_len += skb->len;
3290 if (chan->partial_sdu_len > chan->sdu_len)
3291 kfree_skb(chan->sdu);
c74e560c
GP		 3292 else
3293 err = 0;
3294
3295 break;
3296
3297 case L2CAP_SDU_END:
525cd185 3298 if (!(chan->conn_state & L2CAP_CONN_SAR_SDU))
c74e560c
GP		 3299 break;
3300
6f61fd47 3301 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3302
525cd185 3303 chan->conn_state &= ~L2CAP_CONN_SAR_SDU;
6f61fd47 3304 chan->partial_sdu_len += skb->len;
c74e560c 3305
0c1bc5c6 3306 if (chan->partial_sdu_len > chan->imtu)
36f2fd58
GP		 3307 goto drop;
3308
6f61fd47
GP		 3309 if (chan->partial_sdu_len == chan->sdu_len) {
3310 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
525cd185 3311 err = sock_queue_rcv_skb(chan->sk, _skb);
c74e560c
GP		 3312 if (err < 0)
3313 kfree_skb(_skb);
3314 }
c74e560c
GP		 3315 err = 0;
3316
36f2fd58 3317drop:
6f61fd47 3318 kfree_skb(chan->sdu);
c74e560c
GP		 3319 break;
3320 }
3321
3322 kfree_skb(skb);
3323 return err;
3324}
3325
525cd185 3326static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
8f17154f
GP		 3327{
3328 struct sk_buff *skb;
afefdbc4 3329 u16 control;
8f17154f 3330
f1c6775b 3331 while ((skb = skb_peek(&chan->srej_q))) {
8f17154f
GP		 3332 if (bt_cb(skb)->tx_seq != tx_seq)
3333 break;
3334
f1c6775b 3335 skb = skb_dequeue(&chan->srej_q);
afefdbc4 3336 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
525cd185 3337 l2cap_ertm_reassembly_sdu(chan, skb, control);
42e5c802
GP		 3338 chan->buffer_seq_srej =
3339 (chan->buffer_seq_srej + 1) % 64;
8ff50ec0 3340 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3341 }
3342}
3343
525cd185 3344static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3345{
8f17154f
GP		 3346 struct srej_list *l, *tmp;
3347 u16 control;
3348
39d5a3ee 3349 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3350 if (l->tx_seq == tx_seq) {
3351 list_del(&l->list);
3352 kfree(l);
3353 return;
3354 }
3355 control = L2CAP_SUPER_SELECT_REJECT;
3356 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3357 l2cap_send_sframe(chan, control);
8f17154f 3358 list_del(&l->list);
39d5a3ee 3359 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3360 }
3361}
3362
525cd185 3363static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3364{
8f17154f
GP		 3365 struct srej_list *new;
3366 u16 control;
3367
42e5c802 3368 while (tx_seq != chan->expected_tx_seq) {
8f17154f 3369 control = L2CAP_SUPER_SELECT_REJECT;
42e5c802 3370 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3371 l2cap_send_sframe(chan, control);
8f17154f
GP		 3372
3373 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
42e5c802
GP		 3374 new->tx_seq = chan->expected_tx_seq;
3375 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
39d5a3ee 3376 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3377 }
42e5c802 3378 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f
GP		 3379}
3380
525cd185 3381static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
1c2acffb 3382{
1c2acffb 3383 u8 tx_seq = __get_txseq(rx_control);
9f121a5a 3384 u8 req_seq = __get_reqseq(rx_control);
8f17154f 3385 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
f6337c77 3386 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3387 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3388 int err = 0;
3389
525cd185
GP		 3390 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3391 tx_seq, rx_control);
1c2acffb 3392
9b16dc65 3393 if (L2CAP_CTRL_FINAL & rx_control &&
525cd185 3394 chan->conn_state & L2CAP_CONN_WAIT_F) {
e92c8e70 3395 del_timer(&chan->monitor_timer);
6a026610 3396 if (chan->unacked_frames > 0)
1d8f5d16 3397 __mod_retrans_timer();
525cd185 3398 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
1d8f5d16
GP		 3399 }
3400
42e5c802
GP		 3401 chan->expected_ack_seq = req_seq;
3402 l2cap_drop_acked_frames(chan);
9f121a5a 3403
42e5c802 3404 if (tx_seq == chan->expected_tx_seq)
8f17154f 3405 goto expected;
1c2acffb 3406
42e5c802 3407 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3408 if (tx_seq_offset < 0)
3409 tx_seq_offset += 64;
3410
3411 /* invalid tx_seq */
47d1ec61 3412 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3413 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3414 goto drop;
3415 }
3416
525cd185 3417 if (chan->conn_state == L2CAP_CONN_LOCAL_BUSY)
1890d36b
GP		 3418 goto drop;
3419
525cd185 3420 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
8f17154f 3421 struct srej_list *first;
30afb5b2 3422
39d5a3ee 3423 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3424 struct srej_list, list);
3425 if (tx_seq == first->tx_seq) {
42e5c802 3426 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3427 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3428
3429 list_del(&first->list);
3430 kfree(first);
3431
39d5a3ee 3432 if (list_empty(&chan->srej_l)) {
42e5c802 3433 chan->buffer_seq = chan->buffer_seq_srej;
525cd185
GP		 3434 chan->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3435 l2cap_send_ack(chan);
49208c9c 3436 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3437 }
3438 } else {
3439 struct srej_list *l;
9b53350d
JPRV		 3440
3441 /* duplicated tx_seq */
42e5c802 3442 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3443 goto drop;
8f17154f 3444
39d5a3ee 3445 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3446 if (l->tx_seq == tx_seq) {
525cd185 3447 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3448 return 0;
3449 }
3450 }
525cd185 3451 l2cap_send_srejframe(chan, tx_seq);
30afb5b2
GP		 3452 }
3453 } else {
9b53350d 3454 expected_tx_seq_offset =
42e5c802 3455 (chan->expected_tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3456 if (expected_tx_seq_offset < 0)
3457 expected_tx_seq_offset += 64;
3458
3459 /* duplicated tx_seq */
3460 if (tx_seq_offset < expected_tx_seq_offset)
3461 goto drop;
3462
525cd185 3463 chan->conn_state |= L2CAP_CONN_SREJ_SENT;
1c2acffb 3464
49208c9c 3465 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3466
39d5a3ee 3467 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3468 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3469
f1c6775b
GP		 3470 __skb_queue_head_init(&chan->srej_q);
3471 __skb_queue_head_init(&chan->busy_q);
42e5c802 3472 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3473
525cd185 3474 chan->conn_state |= L2CAP_CONN_SEND_PBIT;
ef54fd93 3475
525cd185 3476 l2cap_send_srejframe(chan, tx_seq);
7fe9b298 3477
e92c8e70 3478 del_timer(&chan->ack_timer);
1c2acffb 3479 }
30afb5b2
GP		 3480 return 0;
3481
8f17154f 3482expected:
42e5c802 3483 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f 3484
525cd185 3485 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3b1a9f3f
GP		 3486 bt_cb(skb)->tx_seq = tx_seq;
3487 bt_cb(skb)->sar = sar;
f1c6775b 3488 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3489 return 0;
3490 }
3491
525cd185 3492 err = l2cap_push_rx_skb(chan, skb, rx_control);
2ece3684
GP		 3493 if (err < 0)
3494 return 0;
3495
4ec10d97 3496 if (rx_control & L2CAP_CTRL_FINAL) {
525cd185
GP		 3497 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3498 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be 3499 else
525cd185 3500 l2cap_retransmit_frames(chan);
4ec10d97
GP		 3501 }
3502
c1b4f43b
GP		 3503 __mod_ack_timer();
3504
6a026610
GP		 3505 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3506 if (chan->num_acked == num_to_ack - 1)
525cd185 3507 l2cap_send_ack(chan);
9e917af1 3508
8f17154f 3509 return 0;
9b53350d
JPRV		 3510
3511drop:
3512 kfree_skb(skb);
3513 return 0;
1c2acffb
GP		 3514}
3515
525cd185 3516static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
1c2acffb 3517{
49208c9c 3518 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
0e98958d
GP		 3519 rx_control);
3520
42e5c802
GP		 3521 chan->expected_ack_seq = __get_reqseq(rx_control);
3522 l2cap_drop_acked_frames(chan);
1c2acffb 3523
e072745f 3524 if (rx_control & L2CAP_CTRL_POLL) {
525cd185
GP		 3525 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3526 if (chan->conn_state & L2CAP_CONN_SREJ_SENT) {
3527 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
6a026610 3528 (chan->unacked_frames > 0))
05fbd89d
GP		 3529 __mod_retrans_timer();
3530
525cd185
GP		 3531 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3532 l2cap_send_srejtail(chan);
05fbd89d 3533 } else {
525cd185 3534 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 3535 }
1d8f5d16 3536
e072745f 3537 } else if (rx_control & L2CAP_CTRL_FINAL) {
525cd185 3538 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4ec10d97 3539
525cd185
GP		 3540 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3541 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be 3542 else
525cd185 3543 l2cap_retransmit_frames(chan);
2246b2f1 3544
e072745f 3545 } else {
525cd185 3546 if ((chan->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
6a026610 3547 (chan->unacked_frames > 0))
e072745f 3548 __mod_retrans_timer();
1c2acffb 3549
525cd185
GP		 3550 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3551 if (chan->conn_state & L2CAP_CONN_SREJ_SENT)
3552 l2cap_send_ack(chan);
894718a6 3553 else
525cd185 3554 l2cap_ertm_send(chan);
e072745f
GP		 3555 }
3556}
2246b2f1 3557
525cd185 3558static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3559{
e072745f 3560 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3561
525cd185 3562 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3563
525cd185 3564 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
e072745f 3565
42e5c802
GP		 3566 chan->expected_ack_seq = tx_seq;
3567 l2cap_drop_acked_frames(chan);
e072745f
GP		 3568
3569 if (rx_control & L2CAP_CTRL_FINAL) {
525cd185
GP		 3570 if (chan->conn_state & L2CAP_CONN_REJ_ACT)
3571 chan->conn_state &= ~L2CAP_CONN_REJ_ACT;
dfc909be 3572 else
525cd185 3573 l2cap_retransmit_frames(chan);
e072745f 3574 } else {
525cd185 3575 l2cap_retransmit_frames(chan);
30afb5b2 3576
525cd185
GP		 3577 if (chan->conn_state & L2CAP_CONN_WAIT_F)
3578 chan->conn_state |= L2CAP_CONN_REJ_ACT;
e072745f
GP		 3579 }
3580}
525cd185 3581static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3582{
e072745f 3583 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3584
525cd185 3585 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3586
525cd185 3587 chan->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
2246b2f1 3588
e072745f 3589 if (rx_control & L2CAP_CTRL_POLL) {
42e5c802
GP		 3590 chan->expected_ack_seq = tx_seq;
3591 l2cap_drop_acked_frames(chan);
3cb123d1 3592
525cd185
GP		 3593 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3594 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 3595
525cd185 3596 l2cap_ertm_send(chan);
dfc909be 3597
525cd185 3598 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
6a026610 3599 chan->srej_save_reqseq = tx_seq;
525cd185 3600 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3601 }
e072745f 3602 } else if (rx_control & L2CAP_CTRL_FINAL) {
525cd185 3603 if ((chan->conn_state & L2CAP_CONN_SREJ_ACT) &&
6a026610 3604 chan->srej_save_reqseq == tx_seq)
525cd185 3605 chan->conn_state &= ~L2CAP_CONN_SREJ_ACT;
e072745f 3606 else
525cd185 3607 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 3608 } else {
525cd185
GP		 3609 l2cap_retransmit_one_frame(chan, tx_seq);
3610 if (chan->conn_state & L2CAP_CONN_WAIT_F) {
6a026610 3611 chan->srej_save_reqseq = tx_seq;
525cd185 3612 chan->conn_state |= L2CAP_CONN_SREJ_ACT;
ef54fd93 3613 }
e072745f
GP		 3614 }
3615}
3616
525cd185 3617static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3618{
e072745f
GP		 3619 u8 tx_seq = __get_reqseq(rx_control);
3620
525cd185 3621 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3622
525cd185 3623 chan->conn_state |= L2CAP_CONN_REMOTE_BUSY;
42e5c802
GP		 3624 chan->expected_ack_seq = tx_seq;
3625 l2cap_drop_acked_frames(chan);
e072745f 3626
3cb123d1 3627 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3628 chan->conn_state |= L2CAP_CONN_SEND_FBIT;
3cb123d1 3629
525cd185 3630 if (!(chan->conn_state & L2CAP_CONN_SREJ_SENT)) {
e92c8e70 3631 del_timer(&chan->retrans_timer);
a2e12a2a 3632 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3633 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 3634 return;
e072745f 3635 }
99b0d4b7
GP		 3636
3637 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3638 l2cap_send_srejtail(chan);
99b0d4b7 3639 else
525cd185 3640 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
e072745f
GP		 3641}
3642
525cd185 3643static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
e072745f 3644{
525cd185 3645 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
e072745f 3646
9b16dc65 3647 if (L2CAP_CTRL_FINAL & rx_control &&
525cd185 3648 chan->conn_state & L2CAP_CONN_WAIT_F) {
e92c8e70 3649 del_timer(&chan->monitor_timer);
6a026610 3650 if (chan->unacked_frames > 0)
e072745f 3651 __mod_retrans_timer();
525cd185 3652 chan->conn_state &= ~L2CAP_CONN_WAIT_F;
e072745f
GP		 3653 }
3654
3655 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3656 case L2CAP_SUPER_RCV_READY:
525cd185 3657 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 3658 break;
3659
e072745f 3660 case L2CAP_SUPER_REJECT:
525cd185 3661 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 3662 break;
2246b2f1 3663
e072745f 3664 case L2CAP_SUPER_SELECT_REJECT:
525cd185 3665 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 3666 break;
3667
3668 case L2CAP_SUPER_RCV_NOT_READY:
525cd185 3669 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 3670 break;
3671 }
3672
faaebd19 3673 kfree_skb(skb);
1c2acffb
GP		 3674 return 0;
3675}
3676
218bb9df
GP		 3677static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3678{
525cd185 3679 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
218bb9df
GP		 3680 u16 control;
3681 u8 req_seq;
3682 int len, next_tx_seq_offset, req_seq_offset;
3683
3684 control = get_unaligned_le16(skb->data);
3685 skb_pull(skb, 2);
3686 len = skb->len;
3687
3688 /*
3689 * We can just drop the corrupted I-frame here.
3690 * Receiver will miss it and start proper recovery
3691 * procedures and ask retransmission.
3692 */
47d1ec61 3693 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 3694 goto drop;
3695
3696 if (__is_sar_start(control) && __is_iframe(control))
3697 len -= 2;
3698
47d1ec61 3699 if (chan->fcs == L2CAP_FCS_CRC16)
218bb9df
GP		 3700 len -= 2;
3701
47d1ec61 3702 if (len > chan->mps) {
8c1d787b 3703 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3704 goto drop;
3705 }
3706
3707 req_seq = __get_reqseq(control);
42e5c802 3708 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3709 if (req_seq_offset < 0)
3710 req_seq_offset += 64;
3711
3712 next_tx_seq_offset =
42e5c802 3713 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3714 if (next_tx_seq_offset < 0)
3715 next_tx_seq_offset += 64;
3716
3717 /* check for invalid req-seq */
3718 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 3719 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3720 goto drop;
3721 }
3722
3723 if (__is_iframe(control)) {
3724 if (len < 0) {
8c1d787b 3725 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3726 goto drop;
3727 }
3728
525cd185 3729 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 3730 } else {
3731 if (len != 0) {
3732 BT_ERR("%d", len);
8c1d787b 3733 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3734 goto drop;
3735 }
3736
525cd185 3737 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 3738 }
3739
3740 return 0;
3741
3742drop:
3743 kfree_skb(skb);
3744 return 0;
3745}
3746
1da177e4
LT		 3747static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3748{
48454079 3749 struct l2cap_chan *chan;
bf734843 3750 struct sock *sk = NULL;
51893f88 3751 u16 control;
218bb9df
GP		 3752 u8 tx_seq;
3753 int len;
1da177e4 3754
baa7e1fa 3755 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 3756 if (!chan) {
1da177e4
LT		 3757 BT_DBG("unknown cid 0x%4.4x", cid);
3758 goto drop;
3759 }
3760
48454079 3761 sk = chan->sk;
6840ed07 3762
49208c9c 3763 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4
LT		 3764
3765 if (sk->sk_state != BT_CONNECTED)
3766 goto drop;
3767
0c1bc5c6 3768 switch (chan->mode) {
1c2acffb
GP		 3769 case L2CAP_MODE_BASIC:
3770 /* If socket recv buffers overflows we drop data here
3771 * which is *bad* because L2CAP has to be reliable.
3772 * But we don't have any other choice. L2CAP doesn't
3773 * provide flow control mechanism. */
1da177e4 3774
0c1bc5c6 3775 if (chan->imtu < skb->len)
1c2acffb 3776 goto drop;
1da177e4 3777
1c2acffb
GP		 3778 if (!sock_queue_rcv_skb(sk, skb))
3779 goto done;
3780 break;
3781
3782 case L2CAP_MODE_ERTM:
218bb9df
GP		 3783 if (!sock_owned_by_user(sk)) {
3784 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3785 } else {
218bb9df 3786 if (sk_add_backlog(sk, skb))
277ffbe3 3787 goto drop;
277ffbe3 3788 }
1c2acffb 3789
fcafde2e 3790 goto done;
1c2acffb 3791
6840ed07
GP		 3792 case L2CAP_MODE_STREAMING:
3793 control = get_unaligned_le16(skb->data);
3794 skb_pull(skb, 2);
3795 len = skb->len;
3796
47d1ec61 3797 if (l2cap_check_fcs(chan, skb))
26000089
GP		 3798 goto drop;
3799
6840ed07
GP		 3800 if (__is_sar_start(control))
3801 len -= 2;
3802
47d1ec61 3803 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 3804 len -= 2;
3805
47d1ec61 3806 if (len > chan->mps || len < 0 || __is_sframe(control))
6840ed07
GP		 3807 goto drop;
3808
3809 tx_seq = __get_txseq(control);
3810
42e5c802
GP		 3811 if (chan->expected_tx_seq == tx_seq)
3812 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
6840ed07 3813 else
42e5c802 3814 chan->expected_tx_seq = (tx_seq + 1) % 64;
6840ed07 3815
525cd185 3816 l2cap_streaming_reassembly_sdu(chan, skb, control);
6840ed07
GP		 3817
3818 goto done;
3819
1c2acffb 3820 default:
0c1bc5c6 3821 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 3822 break;
3823 }
1da177e4
LT		 3824
3825drop:
3826 kfree_skb(skb);
3827
3828done:
0139418c
MH		 3829 if (sk)
3830 bh_unlock_sock(sk);
3831
1da177e4
LT		 3832 return 0;
3833}
3834
8e036fc3 3835static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 3836{
6dcae1ea 3837 struct sock *sk = NULL;
23691d75 3838 struct l2cap_chan *chan;
1da177e4 3839
23691d75
GP		 3840 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3841 if (!chan)
1da177e4
LT		 3842 goto drop;
3843
23691d75
GP		 3844 sk = chan->sk;
3845
e0f0cb56
GP		 3846 bh_lock_sock(sk);
3847
1da177e4
LT		 3848 BT_DBG("sk %p, len %d", sk, skb->len);
3849
3850 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3851 goto drop;
3852
0c1bc5c6 3853 if (l2cap_pi(sk)->chan->imtu < skb->len)
1da177e4
LT		 3854 goto drop;
3855
3856 if (!sock_queue_rcv_skb(sk, skb))
3857 goto done;
3858
3859drop:
3860 kfree_skb(skb);
3861
3862done:
af05b30b
GP		 3863 if (sk)
3864 bh_unlock_sock(sk);
1da177e4
LT		 3865 return 0;
3866}
3867
9f69bda6
GP		 3868static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3869{
6dcae1ea 3870 struct sock *sk = NULL;
23691d75 3871 struct l2cap_chan *chan;
9f69bda6 3872
23691d75
GP		 3873 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3874 if (!chan)
9f69bda6
GP		 3875 goto drop;
3876
23691d75
GP		 3877 sk = chan->sk;
3878
9f69bda6
GP		 3879 bh_lock_sock(sk);
3880
3881 BT_DBG("sk %p, len %d", sk, skb->len);
3882
3883 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3884 goto drop;
3885
0c1bc5c6 3886 if (l2cap_pi(sk)->chan->imtu < skb->len)
9f69bda6
GP		 3887 goto drop;
3888
3889 if (!sock_queue_rcv_skb(sk, skb))
3890 goto done;
3891
3892drop:
3893 kfree_skb(skb);
3894
3895done:
3896 if (sk)
3897 bh_unlock_sock(sk);
3898 return 0;
3899}
3900
1da177e4
LT		 3901static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3902{
3903 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3904 u16 cid, len;
3905 __le16 psm;
1da177e4
LT		 3906
3907 skb_pull(skb, L2CAP_HDR_SIZE);
3908 cid = __le16_to_cpu(lh->cid);
3909 len = __le16_to_cpu(lh->len);
3910
1c2acffb
GP		 3911 if (len != skb->len) {
3912 kfree_skb(skb);
3913 return;
3914 }
3915
1da177e4
LT		 3916 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3917
3918 switch (cid) {
3300d9a9 3919 case L2CAP_CID_LE_SIGNALING:
8db4dc46 3920 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3921 l2cap_sig_channel(conn, skb);
3922 break;
3923
8db4dc46 3924 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3925 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3926 skb_pull(skb, 2);
3927 l2cap_conless_channel(conn, psm, skb);
3928 break;
3929
9f69bda6
GP		 3930 case L2CAP_CID_LE_DATA:
3931 l2cap_att_channel(conn, cid, skb);
3932 break;
3933
1da177e4
LT		 3934 default:
3935 l2cap_data_channel(conn, cid, skb);
3936 break;
3937 }
3938}
3939
3940/* ---- L2CAP interface with lower layer (HCI) ---- */
3941
3942static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3943{
3944 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 3945 struct l2cap_chan *c;
1da177e4
LT		 3946
3947 if (type != ACL_LINK)
963cf687 3948 return -EINVAL;
1da177e4
LT		 3949
3950 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3951
3952 /* Find listening sockets and check their link_mode */
23691d75
GP		 3953 read_lock(&chan_list_lock);
3954 list_for_each_entry(c, &chan_list, global_l) {
3955 struct sock *sk = c->sk;
4343478f 3956
1da177e4
LT		 3957 if (sk->sk_state != BT_LISTEN)
3958 continue;
3959
3960 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 3961 lm1 |= HCI_LM_ACCEPT;
23691d75 3962 if (c->role_switch)
2af6b9d5 3963 lm1 |= HCI_LM_MASTER;
1da177e4 3964 exact++;
2af6b9d5
MH		 3965 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3966 lm2 |= HCI_LM_ACCEPT;
23691d75 3967 if (c->role_switch)
2af6b9d5
MH		 3968 lm2 |= HCI_LM_MASTER;
3969 }
1da177e4 3970 }
23691d75 3971 read_unlock(&chan_list_lock);
1da177e4
LT		 3972
3973 return exact ? lm1 : lm2;
3974}
3975
3976static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3977{
0139418c
MH		 3978 struct l2cap_conn *conn;
3979
1da177e4
LT		 3980 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3981
acd7d370 3982 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 3983 return -EINVAL;
1da177e4
LT		 3984
3985 if (!status) {
1da177e4
LT		 3986 conn = l2cap_conn_add(hcon, status);
3987 if (conn)
3988 l2cap_conn_ready(conn);
0139418c 3989 } else
1da177e4
LT		 3990 l2cap_conn_del(hcon, bt_err(status));
3991
3992 return 0;
3993}
3994
2950f21a
MH		 3995static int l2cap_disconn_ind(struct hci_conn *hcon)
3996{
3997 struct l2cap_conn *conn = hcon->l2cap_data;
3998
3999 BT_DBG("hcon %p", hcon);
4000
4001 if (hcon->type != ACL_LINK || !conn)
4002 return 0x13;
4003
4004 return conn->disc_reason;
4005}
4006
4007static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4008{
4009 BT_DBG("hcon %p reason %d", hcon, reason);
4010
acd7d370 4011 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4012 return -EINVAL;
1da177e4
LT		 4013
4014 l2cap_conn_del(hcon, bt_err(reason));
0139418c 4015
1da177e4
LT		 4016 return 0;
4017}
4018
4343478f 4019static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4020{
4343478f
GP		 4021 struct sock *sk = chan->sk;
4022
bd3c9e25 4023 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
255c7601
MH		 4024 return;
4025
f62e4323 4026 if (encrypt == 0x00) {
4343478f 4027 if (chan->sec_level == BT_SECURITY_MEDIUM) {
f62e4323
MH		 4028 l2cap_sock_clear_timer(sk);
4029 l2cap_sock_set_timer(sk, HZ * 5);
4343478f 4030 } else if (chan->sec_level == BT_SECURITY_HIGH)
4519de9a 4031 __l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4032 } else {
4343478f 4033 if (chan->sec_level == BT_SECURITY_MEDIUM)
f62e4323
MH		 4034 l2cap_sock_clear_timer(sk);
4035 }
4036}
4037
8c1b2355 4038static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4039{
0139418c 4040 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4041 struct l2cap_chan *chan;
1da177e4 4042
0139418c 4043 if (!conn)
1da177e4 4044 return 0;
0139418c 4045
1da177e4
LT		 4046 BT_DBG("conn %p", conn);
4047
baa7e1fa 4048 read_lock(&conn->chan_lock);
1da177e4 4049
baa7e1fa 4050 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4051 struct sock *sk = chan->sk;
baa7e1fa 4052
1da177e4
LT		 4053 bh_lock_sock(sk);
4054
b4450035 4055 if (chan->conf_state & L2CAP_CONF_CONNECT_PEND) {
6a8d3010
MH		 4056 bh_unlock_sock(sk);
4057 continue;
4058 }
4059
f62e4323 4060 if (!status && (sk->sk_state == BT_CONNECTED ||
8c1b2355 4061 sk->sk_state == BT_CONFIG)) {
4343478f 4062 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4063 bh_unlock_sock(sk);
4064 continue;
4065 }
4066
b1235d79
MH		 4067 if (sk->sk_state == BT_CONNECT) {
4068 if (!status) {
4069 struct l2cap_conn_req req;
fe4128e0
GP		 4070 req.scid = cpu_to_le16(chan->scid);
4071 req.psm = chan->psm;
1da177e4 4072
fc7f8a7e 4073 chan->ident = l2cap_get_ident(conn);
b4450035 4074 chan->conf_state |= L2CAP_CONF_CONNECT_PEND;
1da177e4 4075
fc7f8a7e 4076 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4077 L2CAP_CONN_REQ, sizeof(req), &req);
4078 } else {
4079 l2cap_sock_clear_timer(sk);
4080 l2cap_sock_set_timer(sk, HZ / 10);
4081 }
4082 } else if (sk->sk_state == BT_CONNECT2) {
4083 struct l2cap_conn_rsp rsp;
4084 __u16 result;
1da177e4 4085
b1235d79
MH		 4086 if (!status) {
4087 sk->sk_state = BT_CONFIG;
4088 result = L2CAP_CR_SUCCESS;
4089 } else {
4090 sk->sk_state = BT_DISCONN;
4091 l2cap_sock_set_timer(sk, HZ / 10);
4092 result = L2CAP_CR_SEC_BLOCK;
4093 }
4094
fe4128e0
GP		 4095 rsp.scid = cpu_to_le16(chan->dcid);
4096 rsp.dcid = cpu_to_le16(chan->scid);
b1235d79 4097 rsp.result = cpu_to_le16(result);
e7c29cb1 4098 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
fc7f8a7e
GP		 4099 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4100 sizeof(rsp), &rsp);
b1235d79 4101 }
1da177e4
LT		 4102
4103 bh_unlock_sock(sk);
4104 }
4105
baa7e1fa 4106 read_unlock(&conn->chan_lock);
b1235d79 4107
1da177e4
LT		 4108 return 0;
4109}
4110
4111static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4112{
4113 struct l2cap_conn *conn = hcon->l2cap_data;
4114
5a08ecce
AE		 4115 if (!conn)
4116 conn = l2cap_conn_add(hcon, 0);
4117
4118 if (!conn)
1da177e4
LT		 4119 goto drop;
4120
4121 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4122
e702112f 4123 if (!(flags & ACL_CONT)) {
1da177e4 4124 struct l2cap_hdr *hdr;
48454079 4125 struct l2cap_chan *chan;
89794813 4126 u16 cid;
1da177e4
LT		 4127 int len;
4128
4129 if (conn->rx_len) {
4130 BT_ERR("Unexpected start frame (len %d)", skb->len);
4131 kfree_skb(conn->rx_skb);
4132 conn->rx_skb = NULL;
4133 conn->rx_len = 0;
4134 l2cap_conn_unreliable(conn, ECOMM);
4135 }
4136
aae7fe22
AE		 4137 /* Start fragment always begin with Basic L2CAP header */
4138 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4139 BT_ERR("Frame is too short (len %d)", skb->len);
4140 l2cap_conn_unreliable(conn, ECOMM);
4141 goto drop;
4142 }
4143
4144 hdr = (struct l2cap_hdr *) skb->data;
4145 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4146 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4147
4148 if (len == skb->len) {
4149 /* Complete frame received */
4150 l2cap_recv_frame(conn, skb);
4151 return 0;
4152 }
4153
4154 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4155
4156 if (skb->len > len) {
4157 BT_ERR("Frame is too long (len %d, expected len %d)",
4158 skb->len, len);
4159 l2cap_conn_unreliable(conn, ECOMM);
4160 goto drop;
4161 }
4162
baa7e1fa 4163 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4164
48454079
GP		 4165 if (chan && chan->sk) {
4166 struct sock *sk = chan->sk;
89794813 4167
0c1bc5c6 4168 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4169 BT_ERR("Frame exceeding recv MTU (len %d, "
4170 "MTU %d)", len,
0c1bc5c6 4171 chan->imtu);
48454079
GP		 4172 bh_unlock_sock(sk);
4173 l2cap_conn_unreliable(conn, ECOMM);
4174 goto drop;
4175 }
89794813 4176 bh_unlock_sock(sk);
48454079 4177 }
89794813 4178
1da177e4 4179 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4180 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4181 if (!conn->rx_skb)
1da177e4
LT		 4182 goto drop;
4183
d626f62b 4184 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4185 skb->len);
1da177e4
LT		 4186 conn->rx_len = len - skb->len;
4187 } else {
4188 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4189
4190 if (!conn->rx_len) {
4191 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4192 l2cap_conn_unreliable(conn, ECOMM);
4193 goto drop;
4194 }
4195
4196 if (skb->len > conn->rx_len) {
4197 BT_ERR("Fragment is too long (len %d, expected %d)",
4198 skb->len, conn->rx_len);
4199 kfree_skb(conn->rx_skb);
4200 conn->rx_skb = NULL;
4201 conn->rx_len = 0;
4202 l2cap_conn_unreliable(conn, ECOMM);
4203 goto drop;
4204 }
4205
d626f62b 4206 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4207 skb->len);
1da177e4
LT		 4208 conn->rx_len -= skb->len;
4209
4210 if (!conn->rx_len) {
4211 /* Complete frame received */
4212 l2cap_recv_frame(conn, conn->rx_skb);
4213 conn->rx_skb = NULL;
4214 }
4215 }
4216
4217drop:
4218 kfree_skb(skb);
4219 return 0;
4220}
4221
aef7d97c 4222static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4223{
23691d75 4224 struct l2cap_chan *c;
1da177e4 4225
23691d75 4226 read_lock_bh(&chan_list_lock);
1da177e4 4227
23691d75
GP		 4228 list_for_each_entry(c, &chan_list, global_l) {
4229 struct sock *sk = c->sk;
101545f6 4230
903d343e 4231 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4232 batostr(&bt_sk(sk)->src),
4233 batostr(&bt_sk(sk)->dst),
23691d75
GP		 4234 sk->sk_state, __le16_to_cpu(c->psm),
4235 c->scid, c->dcid, c->imtu, c->omtu,
4236 c->sec_level, c->mode);
be9d1227 4237 }
1da177e4 4238
23691d75 4239 read_unlock_bh(&chan_list_lock);
1da177e4 4240
aef7d97c 4241 return 0;
1da177e4
LT		 4242}
4243
aef7d97c
MH		 4244static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4245{
4246 return single_open(file, l2cap_debugfs_show, inode->i_private);
4247}
4248
4249static const struct file_operations l2cap_debugfs_fops = {
4250 .open = l2cap_debugfs_open,
4251 .read = seq_read,
4252 .llseek = seq_lseek,
4253 .release = single_release,
4254};
4255
4256static struct dentry *l2cap_debugfs;
1da177e4 4257
1da177e4
LT		 4258static struct hci_proto l2cap_hci_proto = {
4259 .name = "L2CAP",
4260 .id = HCI_PROTO_L2CAP,
4261 .connect_ind = l2cap_connect_ind,
4262 .connect_cfm = l2cap_connect_cfm,
4263 .disconn_ind = l2cap_disconn_ind,
2950f21a 4264 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 4265 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 4266 .recv_acldata = l2cap_recv_acldata
4267};
4268
64274518 4269int __init l2cap_init(void)
1da177e4
LT		 4270{
4271 int err;
be9d1227 4272
bb58f747 4273 err = l2cap_init_sockets();
1da177e4
LT		 4274 if (err < 0)
4275 return err;
4276
1890d36b 4277 _busy_wq = create_singlethread_workqueue("l2cap");
b78d7b4f 4278 if (!_busy_wq) {
bb58f747 4279 err = -ENOMEM;
1da177e4
LT		 4280 goto error;
4281 }
4282
4283 err = hci_register_proto(&l2cap_hci_proto);
4284 if (err < 0) {
4285 BT_ERR("L2CAP protocol registration failed");
4286 bt_sock_unregister(BTPROTO_L2CAP);
4287 goto error;
4288 }
4289
aef7d97c
MH		 4290 if (bt_debugfs) {
4291 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4292 bt_debugfs, NULL, &l2cap_debugfs_fops);
4293 if (!l2cap_debugfs)
4294 BT_ERR("Failed to create L2CAP debug file");
4295 }
1da177e4 4296
1da177e4
LT		 4297 return 0;
4298
4299error:
b78d7b4f 4300 destroy_workqueue(_busy_wq);
bb58f747 4301 l2cap_cleanup_sockets();
1da177e4
LT		 4302 return err;
4303}
4304
64274518 4305void l2cap_exit(void)
1da177e4 4306{
aef7d97c 4307 debugfs_remove(l2cap_debugfs);
1da177e4 4308
1890d36b
GP		 4309 flush_workqueue(_busy_wq);
4310 destroy_workqueue(_busy_wq);
4311
1da177e4
LT		 4312 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4313 BT_ERR("L2CAP protocol unregistration failed");
4314
bb58f747 4315 l2cap_cleanup_sockets();
1da177e4
LT		 4316}
4317
d1c4a17d
GP		 4318module_param(disable_ertm, bool, 0644);
4319MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)