projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: EFS: definitions and headers
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
bb58f747 59int disable_ertm;
a5fd6f30 60int enable_hs;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 63static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
218bb9df
GP		 76static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
77
0139418c 78/* ---- L2CAP channels ---- */
71ba0e56
GP		 79
80static inline void chan_hold(struct l2cap_chan *c)
81{
82 atomic_inc(&c->refcnt);
83}
84
85static inline void chan_put(struct l2cap_chan *c)
86{
87 if (atomic_dec_and_test(&c->refcnt))
88 kfree(c);
89}
90
baa7e1fa 91static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 92{
48454079 93 struct l2cap_chan *c;
baa7e1fa
GP		 94
95 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 96 if (c->dcid == cid)
baa7e1fa 97 return c;
0139418c 98 }
baa7e1fa
GP		 99 return NULL;
100
0139418c
MH		 101}
102
baa7e1fa 103static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 104{
48454079 105 struct l2cap_chan *c;
baa7e1fa
GP		 106
107 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 108 if (c->scid == cid)
baa7e1fa 109 return c;
0139418c 110 }
baa7e1fa 111 return NULL;
0139418c
MH		 112}
113
114/* Find channel with given SCID.
115 * Returns locked socket */
baa7e1fa 116static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 117{
48454079 118 struct l2cap_chan *c;
baa7e1fa
GP		 119
120 read_lock(&conn->chan_lock);
121 c = __l2cap_get_chan_by_scid(conn, cid);
48454079
GP		 122 if (c)
123 bh_lock_sock(c->sk);
baa7e1fa 124 read_unlock(&conn->chan_lock);
48454079 125 return c;
0139418c
MH		 126}
127
baa7e1fa 128static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 129{
48454079 130 struct l2cap_chan *c;
baa7e1fa
GP		 131
132 list_for_each_entry(c, &conn->chan_l, list) {
fc7f8a7e 133 if (c->ident == ident)
baa7e1fa 134 return c;
0139418c 135 }
baa7e1fa 136 return NULL;
0139418c
MH		 137}
138
baa7e1fa 139static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 140{
48454079 141 struct l2cap_chan *c;
baa7e1fa
GP		 142
143 read_lock(&conn->chan_lock);
144 c = __l2cap_get_chan_by_ident(conn, ident);
48454079
GP		 145 if (c)
146 bh_lock_sock(c->sk);
baa7e1fa 147 read_unlock(&conn->chan_lock);
48454079 148 return c;
0139418c
MH		 149}
150
23691d75 151static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 152{
23691d75 153 struct l2cap_chan *c;
9e4425ff 154
23691d75
GP		 155 list_for_each_entry(c, &chan_list, global_l) {
156 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
9e4425ff
GP		 157 goto found;
158 }
159
23691d75 160 c = NULL;
9e4425ff 161found:
23691d75 162 return c;
9e4425ff
GP		 163}
164
165int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
166{
73b2ec18
GP		 167 int err;
168
23691d75 169 write_lock_bh(&chan_list_lock);
9e4425ff 170
23691d75 171 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 172 err = -EADDRINUSE;
173 goto done;
9e4425ff
GP		 174 }
175
73b2ec18
GP		 176 if (psm) {
177 chan->psm = psm;
178 chan->sport = psm;
179 err = 0;
180 } else {
181 u16 p;
182
183 err = -EINVAL;
184 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 185 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 186 chan->psm = cpu_to_le16(p);
187 chan->sport = cpu_to_le16(p);
188 err = 0;
189 break;
190 }
191 }
9e4425ff 192
73b2ec18 193done:
23691d75 194 write_unlock_bh(&chan_list_lock);
73b2ec18 195 return err;
9e4425ff
GP		 196}
197
198int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
199{
23691d75 200 write_lock_bh(&chan_list_lock);
9e4425ff
GP		 201
202 chan->scid = scid;
203
23691d75 204 write_unlock_bh(&chan_list_lock);
9e4425ff
GP		 205
206 return 0;
207}
208
baa7e1fa 209static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 210{
8db4dc46 211 u16 cid = L2CAP_CID_DYN_START;
0139418c 212
8db4dc46 213 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 214 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 215 return cid;
216 }
217
218 return 0;
219}
220
c9b66675 221static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout)
ab07801d 222{
774e5651 223 BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout);
89bc500e 224
942ecc9c 225 if (!mod_timer(timer, jiffies + msecs_to_jiffies(timeout)))
774e5651 226 chan_hold(chan);
ab07801d
GP		 227}
228
c9b66675 229static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer)
ab07801d 230{
774e5651 231 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d 232
774e5651
MM		 233 if (timer_pending(timer) && del_timer(timer))
234 chan_put(chan);
ab07801d
GP		 235}
236
89bc500e
GP		 237static void l2cap_state_change(struct l2cap_chan *chan, int state)
238{
239 chan->state = state;
240 chan->ops->state_change(chan->data, state);
241}
242
ab07801d
GP		 243static void l2cap_chan_timeout(unsigned long arg)
244{
245 struct l2cap_chan *chan = (struct l2cap_chan *) arg;
246 struct sock *sk = chan->sk;
247 int reason;
248
89bc500e 249 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d
GP		 250
251 bh_lock_sock(sk);
252
253 if (sock_owned_by_user(sk)) {
254 /* sk is owned by user. Try again later */
c9b66675 255 __set_chan_timer(chan, HZ / 5);
ab07801d 256 bh_unlock_sock(sk);
71ba0e56 257 chan_put(chan);
ab07801d
GP		 258 return;
259 }
260
89bc500e 261 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 262 reason = ECONNREFUSED;
89bc500e 263 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 264 chan->sec_level != BT_SECURITY_SDP)
265 reason = ECONNREFUSED;
266 else
267 reason = ETIMEDOUT;
268
0f852724 269 l2cap_chan_close(chan, reason);
ab07801d
GP		 270
271 bh_unlock_sock(sk);
272
ba3bd0ee 273 chan->ops->close(chan->data);
71ba0e56 274 chan_put(chan);
ab07801d
GP		 275}
276
23691d75 277struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 278{
279 struct l2cap_chan *chan;
280
281 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
282 if (!chan)
283 return NULL;
284
285 chan->sk = sk;
286
23691d75
GP		 287 write_lock_bh(&chan_list_lock);
288 list_add(&chan->global_l, &chan_list);
289 write_unlock_bh(&chan_list_lock);
290
ab07801d
GP		 291 setup_timer(&chan->chan_timer, l2cap_chan_timeout, (unsigned long) chan);
292
89bc500e
GP		 293 chan->state = BT_OPEN;
294
71ba0e56
GP		 295 atomic_set(&chan->refcnt, 1);
296
48454079
GP		 297 return chan;
298}
299
23691d75 300void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 301{
23691d75
GP		 302 write_lock_bh(&chan_list_lock);
303 list_del(&chan->global_l);
304 write_unlock_bh(&chan_list_lock);
305
71ba0e56 306 chan_put(chan);
6ff5abbf
GP		 307}
308
48454079 309static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 310{
af05b30b 311 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 312 chan->psm, chan->dcid);
0139418c 313
2950f21a
MH		 314 conn->disc_reason = 0x13;
315
8c1d787b 316 chan->conn = conn;
0139418c 317
715ec005 318 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
b62f328b
VT		 319 if (conn->hcon->type == LE_LINK) {
320 /* LE connection */
0c1bc5c6 321 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 322 chan->scid = L2CAP_CID_LE_DATA;
323 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 324 } else {
325 /* Alloc CID for connection-oriented socket */
fe4128e0 326 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 327 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 328 }
715ec005 329 } else if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
0139418c 330 /* Connectionless socket */
fe4128e0
GP		 331 chan->scid = L2CAP_CID_CONN_LESS;
332 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 333 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 334 } else {
335 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 336 chan->scid = L2CAP_CID_SIGNALING;
337 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 338 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 339 }
340
71ba0e56 341 chan_hold(chan);
baa7e1fa
GP		 342
343 list_add(&chan->list, &conn->chan_l);
0139418c
MH		 344}
345
8e87d142 346/* Delete channel.
0139418c 347 * Must be called on the locked socket. */
4519de9a 348static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 349{
48454079 350 struct sock *sk = chan->sk;
8c1d787b 351 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 352 struct sock *parent = bt_sk(sk)->parent;
353
c9b66675 354 __clear_chan_timer(chan);
0139418c 355
49208c9c 356 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 357
8e87d142 358 if (conn) {
baa7e1fa
GP		 359 /* Delete from channel list */
360 write_lock_bh(&conn->chan_lock);
361 list_del(&chan->list);
362 write_unlock_bh(&conn->chan_lock);
71ba0e56 363 chan_put(chan);
baa7e1fa 364
8c1d787b 365 chan->conn = NULL;
0139418c
MH		 366 hci_conn_put(conn->hcon);
367 }
368
89bc500e 369 l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 370 sock_set_flag(sk, SOCK_ZAPPED);
371
372 if (err)
373 sk->sk_err = err;
374
375 if (parent) {
376 bt_accept_unlink(sk);
377 parent->sk_data_ready(parent, 0);
378 } else
379 sk->sk_state_change(sk);
c13ffa62 380
c1360a1c
GP		 381 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
382 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 383 return;
2ead70b8 384
58d35f87 385 skb_queue_purge(&chan->tx_q);
c13ffa62 386
0c1bc5c6 387 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 388 struct srej_list *l, *tmp;
389
1a09bcb9
GP		 390 __clear_retrans_timer(chan);
391 __clear_monitor_timer(chan);
392 __clear_ack_timer(chan);
c13ffa62 393
f1c6775b 394 skb_queue_purge(&chan->srej_q);
c13ffa62 395
39d5a3ee 396 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 397 list_del(&l->list);
398 kfree(l);
399 }
400 }
0139418c
MH		 401}
402
4519de9a
GP		 403static void l2cap_chan_cleanup_listen(struct sock *parent)
404{
405 struct sock *sk;
406
407 BT_DBG("parent %p", parent);
408
409 /* Close not yet accepted channels */
0f852724 410 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 411 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
c9b66675 412 __clear_chan_timer(chan);
0f852724 413 lock_sock(sk);
ba3bd0ee 414 l2cap_chan_close(chan, ECONNRESET);
0f852724 415 release_sock(sk);
ba3bd0ee 416 chan->ops->close(chan->data);
0f852724 417 }
4519de9a
GP		 418}
419
0f852724 420void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 421{
422 struct l2cap_conn *conn = chan->conn;
423 struct sock *sk = chan->sk;
424
89bc500e 425 BT_DBG("chan %p state %d socket %p", chan, chan->state, sk->sk_socket);
4519de9a 426
89bc500e 427 switch (chan->state) {
4519de9a
GP		 428 case BT_LISTEN:
429 l2cap_chan_cleanup_listen(sk);
89bc500e
GP		 430
431 l2cap_state_change(chan, BT_CLOSED);
432 sock_set_flag(sk, SOCK_ZAPPED);
4519de9a
GP		 433 break;
434
435 case BT_CONNECTED:
436 case BT_CONFIG:
715ec005 437 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 438 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 439 __clear_chan_timer(chan);
440 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 441 l2cap_send_disconn_req(conn, chan, reason);
442 } else
443 l2cap_chan_del(chan, reason);
444 break;
445
446 case BT_CONNECT2:
715ec005 447 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 448 conn->hcon->type == ACL_LINK) {
449 struct l2cap_conn_rsp rsp;
450 __u16 result;
451
452 if (bt_sk(sk)->defer_setup)
453 result = L2CAP_CR_SEC_BLOCK;
454 else
455 result = L2CAP_CR_BAD_PSM;
89bc500e 456 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 457
458 rsp.scid = cpu_to_le16(chan->dcid);
459 rsp.dcid = cpu_to_le16(chan->scid);
460 rsp.result = cpu_to_le16(result);
461 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
462 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
463 sizeof(rsp), &rsp);
464 }
465
466 l2cap_chan_del(chan, reason);
467 break;
468
469 case BT_CONNECT:
470 case BT_DISCONN:
471 l2cap_chan_del(chan, reason);
472 break;
473
474 default:
475 sock_set_flag(sk, SOCK_ZAPPED);
476 break;
477 }
478}
479
4343478f 480static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 481{
715ec005 482 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 483 switch (chan->sec_level) {
8556edd3
JH		 484 case BT_SECURITY_HIGH:
485 return HCI_AT_DEDICATED_BONDING_MITM;
486 case BT_SECURITY_MEDIUM:
487 return HCI_AT_DEDICATED_BONDING;
488 default:
489 return HCI_AT_NO_BONDING;
490 }
fe4128e0 491 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 492 if (chan->sec_level == BT_SECURITY_LOW)
493 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 494
4343478f 495 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 496 return HCI_AT_NO_BONDING_MITM;
00ae4af9 497 else
8556edd3 498 return HCI_AT_NO_BONDING;
00ae4af9 499 } else {
4343478f 500 switch (chan->sec_level) {
00ae4af9 501 case BT_SECURITY_HIGH:
8556edd3 502 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 503 case BT_SECURITY_MEDIUM:
8556edd3 504 return HCI_AT_GENERAL_BONDING;
00ae4af9 505 default:
8556edd3 506 return HCI_AT_NO_BONDING;
00ae4af9 507 }
0684e5f9 508 }
8556edd3
JH		 509}
510
511/* Service level security */
4343478f 512static inline int l2cap_check_security(struct l2cap_chan *chan)
8556edd3 513{
8c1d787b 514 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 515 __u8 auth_type;
516
4343478f 517 auth_type = l2cap_get_auth_type(chan);
79d554a6 518
4343478f 519 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 520}
521
b5ad8b7f 522static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 523{
524 u8 id;
525
526 /* Get next available identificator.
527 * 1 - 128 are used by kernel.
528 * 129 - 199 are reserved.
529 * 200 - 254 are used by utilities like l2ping, etc.
530 */
531
532 spin_lock_bh(&conn->lock);
533
534 if (++conn->tx_ident > 128)
535 conn->tx_ident = 1;
536
537 id = conn->tx_ident;
538
539 spin_unlock_bh(&conn->lock);
540
541 return id;
542}
543
4519de9a 544static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 545{
546 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 547 u8 flags;
4e8402a3
MH		 548
549 BT_DBG("code 0x%2.2x", code);
550
551 if (!skb)
9a9c6a34 552 return;
4e8402a3 553
e702112f
AE		 554 if (lmp_no_flush_capable(conn->hcon->hdev))
555 flags = ACL_START_NO_FLUSH;
556 else
557 flags = ACL_START;
558
14b12d0b
JG		 559 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
560
e702112f 561 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 562}
563
525cd185 564static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
1c2acffb
GP		 565{
566 struct sk_buff *skb;
567 struct l2cap_hdr *lh;
8c1d787b 568 struct l2cap_conn *conn = chan->conn;
e4ca6d98 569 int count, hlen;
e702112f 570 u8 flags;
fcc203c3 571
89bc500e 572 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 573 return;
574
e4ca6d98
AE		 575 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
576 hlen = L2CAP_EXT_HDR_SIZE;
577 else
578 hlen = L2CAP_ENH_HDR_SIZE;
579
47d1ec61 580 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3 581 hlen += 2;
1c2acffb 582
49208c9c 583 BT_DBG("chan %p, control 0x%2.2x", chan, control);
1c2acffb 584
fcc203c3 585 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 586
587 control |= __set_sframe(chan);
1c2acffb 588
e2ab4353 589 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 590 control |= __set_ctrl_final(chan);
9e917af1 591
e2ab4353 592 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 593 control |= __set_ctrl_poll(chan);
f0946ccf 594
1c2acffb
GP		 595 skb = bt_skb_alloc(count, GFP_ATOMIC);
596 if (!skb)
9a9c6a34 597 return;
1c2acffb
GP		 598
599 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 600 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 601 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 602 put_unaligned_le16(control, skb_put(skb, 2));
603
47d1ec61 604 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 605 u16 fcs = crc16(0, (u8 *)lh, count - 2);
606 put_unaligned_le16(fcs, skb_put(skb, 2));
607 }
608
e702112f
AE		 609 if (lmp_no_flush_capable(conn->hcon->hdev))
610 flags = ACL_START_NO_FLUSH;
611 else
612 flags = ACL_START;
613
15770b1a 614 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
14b12d0b 615
8c1d787b 616 hci_send_acl(chan->conn->hcon, skb, flags);
1c2acffb
GP		 617}
618
525cd185 619static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
7e743090 620{
e2ab4353 621 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 622 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 623 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 624 } else
ab784b73 625 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 626
0b209fae 627 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 628
525cd185 629 l2cap_send_sframe(chan, control);
7e743090
GP		 630}
631
b4450035 632static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 633{
c1360a1c 634 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 635}
636
fc7f8a7e 637static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 638{
8c1d787b 639 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 640
641 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 642 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
643 return;
644
4343478f
GP		 645 if (l2cap_check_security(chan) &&
646 __l2cap_no_conn_pending(chan)) {
b1235d79 647 struct l2cap_conn_req req;
fe4128e0
GP		 648 req.scid = cpu_to_le16(chan->scid);
649 req.psm = chan->psm;
79d554a6 650
fc7f8a7e 651 chan->ident = l2cap_get_ident(conn);
c1360a1c 652 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
79d554a6 653
fc7f8a7e
GP		 654 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
655 sizeof(req), &req);
b1235d79 656 }
79d554a6
MH		 657 } else {
658 struct l2cap_info_req req;
659 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
660
661 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
662 conn->info_ident = l2cap_get_ident(conn);
663
664 mod_timer(&conn->info_timer, jiffies +
665 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
666
667 l2cap_send_cmd(conn, conn->info_ident,
668 L2CAP_INFO_REQ, sizeof(req), &req);
669 }
670}
671
cf6c2c0b
GP		 672static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
673{
674 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 675 if (!disable_ertm)
cf6c2c0b
GP		 676 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
677
678 switch (mode) {
679 case L2CAP_MODE_ERTM:
680 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
681 case L2CAP_MODE_STREAMING:
682 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
683 default:
684 return 0x00;
685 }
686}
687
4519de9a 688static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 689{
e92c8e70 690 struct sock *sk;
22121fc9
GP		 691 struct l2cap_disconn_req req;
692
c13ffa62
GP		 693 if (!conn)
694 return;
695
e92c8e70
GP		 696 sk = chan->sk;
697
0c1bc5c6 698 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 699 __clear_retrans_timer(chan);
700 __clear_monitor_timer(chan);
701 __clear_ack_timer(chan);
c13ffa62
GP		 702 }
703
fe4128e0
GP		 704 req.dcid = cpu_to_le16(chan->dcid);
705 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 706 l2cap_send_cmd(conn, l2cap_get_ident(conn),
707 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 708
89bc500e 709 l2cap_state_change(chan, BT_DISCONN);
9b108fc0 710 sk->sk_err = err;
22121fc9
GP		 711}
712
1da177e4 713/* ---- L2CAP connections ---- */
4e8402a3
MH		 714static void l2cap_conn_start(struct l2cap_conn *conn)
715{
820ffdb3 716 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 717
718 BT_DBG("conn %p", conn);
719
baa7e1fa 720 read_lock(&conn->chan_lock);
4e8402a3 721
820ffdb3 722 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 723 struct sock *sk = chan->sk;
baa7e1fa 724
4e8402a3
MH		 725 bh_lock_sock(sk);
726
715ec005 727 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
79d554a6
MH		 728 bh_unlock_sock(sk);
729 continue;
730 }
731
89bc500e 732 if (chan->state == BT_CONNECT) {
47731de7 733 struct l2cap_conn_req req;
79d554a6 734
4343478f 735 if (!l2cap_check_security(chan) ||
b4450035 736 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 737 bh_unlock_sock(sk);
738 continue;
739 }
79d554a6 740
c1360a1c
GP		 741 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
742 && test_bit(CONF_STATE2_DEVICE,
743 &chan->conf_state)) {
0f852724 744 /* l2cap_chan_close() calls list_del(chan)
820ffdb3 745 * so release the lock */
2461daac 746 read_unlock(&conn->chan_lock);
89bc500e 747 l2cap_chan_close(chan, ECONNRESET);
2461daac 748 read_lock(&conn->chan_lock);
47731de7
GP		 749 bh_unlock_sock(sk);
750 continue;
b1235d79 751 }
47731de7 752
fe4128e0
GP		 753 req.scid = cpu_to_le16(chan->scid);
754 req.psm = chan->psm;
47731de7 755
fc7f8a7e 756 chan->ident = l2cap_get_ident(conn);
c1360a1c 757 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
47731de7 758
fc7f8a7e
GP		 759 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
760 sizeof(req), &req);
47731de7 761
89bc500e 762 } else if (chan->state == BT_CONNECT2) {
79d554a6 763 struct l2cap_conn_rsp rsp;
e9aeb2dd 764 char buf[128];
fe4128e0
GP		 765 rsp.scid = cpu_to_le16(chan->dcid);
766 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 767
4343478f 768 if (l2cap_check_security(chan)) {
f66dc81f
MH		 769 if (bt_sk(sk)->defer_setup) {
770 struct sock *parent = bt_sk(sk)->parent;
771 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
772 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 773 if (parent)
774 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 775
776 } else {
89bc500e 777 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 778 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
779 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
780 }
79d554a6
MH		 781 } else {
782 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
783 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
784 }
785
fc7f8a7e
GP		 786 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
787 sizeof(rsp), &rsp);
e9aeb2dd 788
c1360a1c 789 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd
GP		 790 rsp.result != L2CAP_CR_SUCCESS) {
791 bh_unlock_sock(sk);
792 continue;
793 }
794
c1360a1c 795 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 796 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 797 l2cap_build_conf_req(chan, buf), buf);
798 chan->num_conf_req++;
4e8402a3
MH		 799 }
800
801 bh_unlock_sock(sk);
802 }
803
baa7e1fa 804 read_unlock(&conn->chan_lock);
4e8402a3
MH		 805}
806
b62f328b
VT		 807/* Find socket with cid and source bdaddr.
808 * Returns closest match, locked.
809 */
23691d75 810static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 811{
23691d75 812 struct l2cap_chan *c, *c1 = NULL;
b62f328b 813
23691d75 814 read_lock(&chan_list_lock);
b62f328b 815
23691d75
GP		 816 list_for_each_entry(c, &chan_list, global_l) {
817 struct sock *sk = c->sk;
fe4128e0 818
89bc500e 819 if (state && c->state != state)
b62f328b
VT		 820 continue;
821
23691d75 822 if (c->scid == cid) {
b62f328b 823 /* Exact match. */
23691d75
GP		 824 if (!bacmp(&bt_sk(sk)->src, src)) {
825 read_unlock(&chan_list_lock);
826 return c;
827 }
b62f328b
VT		 828
829 /* Closest match */
830 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 831 c1 = c;
b62f328b
VT		 832 }
833 }
280f294f 834
23691d75 835 read_unlock(&chan_list_lock);
b62f328b 836
23691d75 837 return c1;
b62f328b
VT		 838}
839
840static void l2cap_le_conn_ready(struct l2cap_conn *conn)
841{
c916fbe4 842 struct sock *parent, *sk;
23691d75 843 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 844
845 BT_DBG("");
846
847 /* Check if we have socket listening on cid */
23691d75 848 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 849 conn->src);
23691d75 850 if (!pchan)
b62f328b
VT		 851 return;
852
23691d75
GP		 853 parent = pchan->sk;
854
62f3a2cf
GP		 855 bh_lock_sock(parent);
856
b62f328b
VT		 857 /* Check for backlog size */
858 if (sk_acceptq_is_full(parent)) {
859 BT_DBG("backlog full %d", parent->sk_ack_backlog);
860 goto clean;
861 }
862
80808e43
GP		 863 chan = pchan->ops->new_connection(pchan->data);
864 if (!chan)
b62f328b
VT		 865 goto clean;
866
80808e43 867 sk = chan->sk;
5d41ce1d 868
baa7e1fa 869 write_lock_bh(&conn->chan_lock);
b62f328b
VT		 870
871 hci_conn_hold(conn->hcon);
872
b62f328b
VT		 873 bacpy(&bt_sk(sk)->src, conn->src);
874 bacpy(&bt_sk(sk)->dst, conn->dst);
875
d1010240
GP		 876 bt_accept_enqueue(parent, sk);
877
48454079
GP		 878 __l2cap_chan_add(conn, chan);
879
c9b66675 880 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 881
89bc500e 882 l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 883 parent->sk_data_ready(parent, 0);
884
baa7e1fa 885 write_unlock_bh(&conn->chan_lock);
b62f328b
VT		 886
887clean:
888 bh_unlock_sock(parent);
889}
890
f1cb9af5
VCG		 891static void l2cap_chan_ready(struct sock *sk)
892{
893 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
894 struct sock *parent = bt_sk(sk)->parent;
895
896 BT_DBG("sk %p, parent %p", sk, parent);
897
898 chan->conf_state = 0;
899 __clear_chan_timer(chan);
900
43f3dc41 901 l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 902 sk->sk_state_change(sk);
903
904 if (parent)
905 parent->sk_data_ready(parent, 0);
906}
907
4e8402a3
MH		 908static void l2cap_conn_ready(struct l2cap_conn *conn)
909{
48454079 910 struct l2cap_chan *chan;
4e8402a3 911
79d554a6 912 BT_DBG("conn %p", conn);
4e8402a3 913
b62f328b
VT		 914 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
915 l2cap_le_conn_ready(conn);
916
160dc6ac
VCG		 917 if (conn->hcon->out && conn->hcon->type == LE_LINK)
918 smp_conn_security(conn, conn->hcon->pending_sec_level);
919
baa7e1fa 920 read_lock(&conn->chan_lock);
4e8402a3 921
baa7e1fa 922 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 923 struct sock *sk = chan->sk;
baa7e1fa 924
79d554a6 925 bh_lock_sock(sk);
4e8402a3 926
63128451 927 if (conn->hcon->type == LE_LINK) {
b501d6a1 928 if (smp_conn_security(conn, chan->sec_level))
f1cb9af5 929 l2cap_chan_ready(sk);
acd7d370 930
63128451 931 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 932 __clear_chan_timer(chan);
89bc500e 933 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 934 sk->sk_state_change(sk);
b501d6a1 935
89bc500e 936 } else if (chan->state == BT_CONNECT)
fc7f8a7e 937 l2cap_do_start(chan);
4e8402a3 938
79d554a6 939 bh_unlock_sock(sk);
4e8402a3 940 }
79d554a6 941
baa7e1fa 942 read_unlock(&conn->chan_lock);
4e8402a3
MH		 943}
944
945/* Notify sockets that we cannot guaranty reliability anymore */
946static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
947{
48454079 948 struct l2cap_chan *chan;
4e8402a3
MH		 949
950 BT_DBG("conn %p", conn);
951
baa7e1fa 952 read_lock(&conn->chan_lock);
4e8402a3 953
baa7e1fa 954 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 955 struct sock *sk = chan->sk;
baa7e1fa 956
ecf61bdb 957 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
4e8402a3
MH		 958 sk->sk_err = err;
959 }
960
baa7e1fa 961 read_unlock(&conn->chan_lock);
4e8402a3
MH		 962}
963
964static void l2cap_info_timeout(unsigned long arg)
965{
966 struct l2cap_conn *conn = (void *) arg;
967
984947dc 968 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 969 conn->info_ident = 0;
984947dc 970
4e8402a3
MH		 971 l2cap_conn_start(conn);
972}
973
5d3de7df
VCG		 974static void l2cap_conn_del(struct hci_conn *hcon, int err)
975{
976 struct l2cap_conn *conn = hcon->l2cap_data;
977 struct l2cap_chan *chan, *l;
978 struct sock *sk;
979
980 if (!conn)
981 return;
982
983 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
984
985 kfree_skb(conn->rx_skb);
986
987 /* Kill channels */
988 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
989 sk = chan->sk;
990 bh_lock_sock(sk);
991 l2cap_chan_del(chan, err);
992 bh_unlock_sock(sk);
993 chan->ops->close(chan->data);
994 }
995
996 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
997 del_timer_sync(&conn->info_timer);
998
d26a2345 999 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->pend)) {
5d3de7df 1000 del_timer(&conn->security_timer);
8aab4757 1001 smp_chan_destroy(conn);
d26a2345 1002 }
5d3de7df
VCG		 1003
1004 hcon->l2cap_data = NULL;
1005 kfree(conn);
1006}
1007
1008static void security_timeout(unsigned long arg)
1009{
1010 struct l2cap_conn *conn = (void *) arg;
1011
1012 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1013}
1014
1da177e4
LT		 1015static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1016{
0139418c 1017 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 1018
0139418c 1019 if (conn || status)
1da177e4
LT		 1020 return conn;
1021
0139418c
MH		 1022 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
1023 if (!conn)
1da177e4 1024 return NULL;
1da177e4
LT		 1025
1026 hcon->l2cap_data = conn;
1027 conn->hcon = hcon;
1028
0139418c
MH		 1029 BT_DBG("hcon %p conn %p", hcon, conn);
1030
acd7d370
VT		 1031 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1032 conn->mtu = hcon->hdev->le_mtu;
1033 else
1034 conn->mtu = hcon->hdev->acl_mtu;
1035
1da177e4
LT		 1036 conn->src = &hcon->hdev->bdaddr;
1037 conn->dst = &hcon->dst;
1038
4e8402a3
MH		 1039 conn->feat_mask = 0;
1040
1da177e4 1041 spin_lock_init(&conn->lock);
baa7e1fa
GP		 1042 rwlock_init(&conn->chan_lock);
1043
1044 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1045
5d3de7df
VCG		 1046 if (hcon->type == LE_LINK)
1047 setup_timer(&conn->security_timer, security_timeout,
1048 (unsigned long) conn);
1049 else
b62f328b 1050 setup_timer(&conn->info_timer, l2cap_info_timeout,
45054dc1
DY		 1051 (unsigned long) conn);
1052
2950f21a
MH		 1053 conn->disc_reason = 0x13;
1054
1da177e4
LT		 1055 return conn;
1056}
1057
48454079 1058static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1da177e4 1059{
baa7e1fa 1060 write_lock_bh(&conn->chan_lock);
48454079 1061 __l2cap_chan_add(conn, chan);
baa7e1fa 1062 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 1063}
1064
1da177e4 1065/* ---- Socket interface ---- */
1da177e4
LT		 1066
1067/* Find socket with psm and source bdaddr.
1068 * Returns closest match.
1069 */
23691d75 1070static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1071{
23691d75 1072 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1073
23691d75 1074 read_lock(&chan_list_lock);
e0f0cb56 1075
23691d75
GP		 1076 list_for_each_entry(c, &chan_list, global_l) {
1077 struct sock *sk = c->sk;
fe4128e0 1078
89bc500e 1079 if (state && c->state != state)
1da177e4
LT		 1080 continue;
1081
23691d75 1082 if (c->psm == psm) {
1da177e4 1083 /* Exact match. */
23691d75 1084 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1085 read_unlock(&chan_list_lock);
23691d75
GP		 1086 return c;
1087 }
1da177e4
LT		 1088
1089 /* Closest match */
1090 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1091 c1 = c;
1da177e4
LT		 1092 }
1093 }
1da177e4 1094
23691d75 1095 read_unlock(&chan_list_lock);
e0f0cb56 1096
23691d75 1097 return c1;
1da177e4
LT		 1098}
1099
77a74c7e 1100int l2cap_chan_connect(struct l2cap_chan *chan)
1da177e4 1101{
5d41ce1d 1102 struct sock *sk = chan->sk;
1da177e4
LT		 1103 bdaddr_t *src = &bt_sk(sk)->src;
1104 bdaddr_t *dst = &bt_sk(sk)->dst;
1105 struct l2cap_conn *conn;
1106 struct hci_conn *hcon;
1107 struct hci_dev *hdev;
09ab6f4c 1108 __u8 auth_type;
44d0e48e 1109 int err;
1da177e4 1110
f29972de 1111 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1112 chan->psm);
1da177e4 1113
af05b30b
GP		 1114 hdev = hci_get_route(dst, src);
1115 if (!hdev)
1da177e4
LT		 1116 return -EHOSTUNREACH;
1117
1118 hci_dev_lock_bh(hdev);
1119
4343478f 1120 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1121
fe4128e0 1122 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1123 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1124 chan->sec_level, auth_type);
acd7d370
VT		 1125 else
1126 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1127 chan->sec_level, auth_type);
acd7d370 1128
30e76272
VT		 1129 if (IS_ERR(hcon)) {
1130 err = PTR_ERR(hcon);
1da177e4 1131 goto done;
30e76272 1132 }
1da177e4
LT		 1133
1134 conn = l2cap_conn_add(hcon, 0);
1135 if (!conn) {
1136 hci_conn_put(hcon);
30e76272 1137 err = -ENOMEM;
1da177e4
LT		 1138 goto done;
1139 }
1140
1da177e4
LT		 1141 /* Update source addr of the socket */
1142 bacpy(src, conn->src);
1143
48454079
GP		 1144 l2cap_chan_add(conn, chan);
1145
89bc500e 1146 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1147 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1148
1149 if (hcon->state == BT_CONNECTED) {
715ec005 1150 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1151 __clear_chan_timer(chan);
4343478f 1152 if (l2cap_check_security(chan))
89bc500e 1153 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1154 } else
fc7f8a7e 1155 l2cap_do_start(chan);
1da177e4
LT		 1156 }
1157
30e76272
VT		 1158 err = 0;
1159
1da177e4
LT		 1160done:
1161 hci_dev_unlock_bh(hdev);
1162 hci_dev_put(hdev);
1163 return err;
1164}
1165
dcba0dba 1166int __l2cap_wait_ack(struct sock *sk)
6161c038 1167{
8c1d787b 1168 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1169 DECLARE_WAITQUEUE(wait, current);
1170 int err = 0;
1171 int timeo = HZ/5;
1172
2b0b05dd 1173 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1174 set_current_state(TASK_INTERRUPTIBLE);
1175 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1176 if (!timeo)
1177 timeo = HZ/5;
1178
1179 if (signal_pending(current)) {
1180 err = sock_intr_errno(timeo);
1181 break;
1182 }
1183
1184 release_sock(sk);
1185 timeo = schedule_timeout(timeo);
1186 lock_sock(sk);
a71a0cf4 1187 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1188
1189 err = sock_error(sk);
1190 if (err)
1191 break;
1192 }
1193 set_current_state(TASK_RUNNING);
2b0b05dd 1194 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1195 return err;
1196}
1197
e90bac06
GP		 1198static void l2cap_monitor_timeout(unsigned long arg)
1199{
525cd185
GP		 1200 struct l2cap_chan *chan = (void *) arg;
1201 struct sock *sk = chan->sk;
e90bac06 1202
525cd185 1203 BT_DBG("chan %p", chan);
0e98958d 1204
e686219a 1205 bh_lock_sock(sk);
2c03a7a4 1206 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1207 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
b13f5860 1208 bh_unlock_sock(sk);
e90bac06
GP		 1209 return;
1210 }
1211
6a026610 1212 chan->retry_count++;
1a09bcb9 1213 __set_monitor_timer(chan);
e90bac06 1214
525cd185 1215 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1216 bh_unlock_sock(sk);
e90bac06
GP		 1217}
1218
1219static void l2cap_retrans_timeout(unsigned long arg)
1220{
525cd185
GP		 1221 struct l2cap_chan *chan = (void *) arg;
1222 struct sock *sk = chan->sk;
e90bac06 1223
49208c9c 1224 BT_DBG("chan %p", chan);
0e98958d 1225
e686219a 1226 bh_lock_sock(sk);
6a026610 1227 chan->retry_count = 1;
1a09bcb9 1228 __set_monitor_timer(chan);
e90bac06 1229
e2ab4353 1230 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1231
525cd185 1232 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1233 bh_unlock_sock(sk);
e90bac06
GP		 1234}
1235
42e5c802 1236static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1237{
1c2acffb 1238 struct sk_buff *skb;
1da177e4 1239
58d35f87 1240 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1241 chan->unacked_frames) {
42e5c802 1242 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1243 break;
1da177e4 1244
58d35f87 1245 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1246 kfree_skb(skb);
1da177e4 1247
6a026610 1248 chan->unacked_frames--;
1c2acffb 1249 }
1da177e4 1250
6a026610 1251 if (!chan->unacked_frames)
1a09bcb9 1252 __clear_retrans_timer(chan);
1c2acffb 1253}
1da177e4 1254
67c9e840 1255static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1c2acffb 1256{
8c1d787b 1257 struct hci_conn *hcon = chan->conn->hcon;
e702112f 1258 u16 flags;
1c2acffb 1259
4343478f 1260 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1da177e4 1261
d57b0e8b
AE		 1262 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
1263 lmp_no_flush_capable(hcon->hdev))
e702112f
AE		 1264 flags = ACL_START_NO_FLUSH;
1265 else
1266 flags = ACL_START;
1267
15770b1a 1268 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
e702112f 1269 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1270}
1271
67c9e840 1272static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1273{
ccbb84af 1274 struct sk_buff *skb;
fcc203c3 1275 u16 control, fcs;
6840ed07 1276
58d35f87 1277 while ((skb = skb_dequeue(&chan->tx_q))) {
ccbb84af 1278 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
fb45de7d 1279 control |= __set_txseq(chan, chan->next_tx_seq);
ccbb84af 1280 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1281
47d1ec61 1282 if (chan->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1283 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1284 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1285 }
1286
4343478f 1287 l2cap_do_send(chan, skb);
6840ed07 1288
42e5c802 1289 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
6840ed07 1290 }
6840ed07
GP		 1291}
1292
fb45de7d 1293static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1294{
8f17154f
GP		 1295 struct sk_buff *skb, *tx_skb;
1296 u16 control, fcs;
8f17154f 1297
58d35f87 1298 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1299 if (!skb)
1300 return;
8f17154f 1301
f11d676d
GP		 1302 do {
1303 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1304 break;
8f17154f 1305
58d35f87 1306 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1307 return;
8f17154f 1308
58d35f87 1309 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
8f17154f 1310
2c03a7a4
GP		 1311 if (chan->remote_max_tx &&
1312 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1313 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1314 return;
1315 }
1316
1317 tx_skb = skb_clone(skb, GFP_ATOMIC);
1318 bt_cb(skb)->retries++;
1319 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1320 control &= __get_sar_mask(chan);
3cb123d1 1321
e2ab4353 1322 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1323 control |= __set_ctrl_final(chan);
95ffa978 1324
0b209fae 1325 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1326 control |= __set_txseq(chan, tx_seq);
3cb123d1 1327
f11d676d
GP		 1328 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1329
47d1ec61 1330 if (chan->fcs == L2CAP_FCS_CRC16) {
f11d676d
GP		 1331 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1332 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1333 }
1334
4343478f 1335 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1336}
1337
67c9e840 1338static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1339{
1340 struct sk_buff *skb, *tx_skb;
fcc203c3 1341 u16 control, fcs;
9a9c6a34 1342 int nsent = 0;
1c2acffb 1343
89bc500e 1344 if (chan->state != BT_CONNECTED)
c13ffa62 1345 return -ENOTCONN;
e90bac06 1346
58d35f87 1347 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1348
2c03a7a4
GP		 1349 if (chan->remote_max_tx &&
1350 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1351 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1352 break;
1353 }
1354
e420aba3
AE		 1355 tx_skb = skb_clone(skb, GFP_ATOMIC);
1356
e90bac06
GP		 1357 bt_cb(skb)->retries++;
1358
1c2acffb 1359 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1360 control &= __get_sar_mask(chan);
95ffa978 1361
e2ab4353 1362 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1363 control |= __set_ctrl_final(chan);
e2ab4353 1364
0b209fae 1365 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1366 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb
GP		 1367 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1368
e90bac06 1369
47d1ec61 1370 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1371 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1372 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1373 }
1374
4343478f 1375 l2cap_do_send(chan, tx_skb);
9a9c6a34 1376
1a09bcb9 1377 __set_retrans_timer(chan);
1c2acffb 1378
42e5c802
GP		 1379 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1380 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1c2acffb 1381
23e9fde2 1382 if (bt_cb(skb)->retries == 1)
6a026610 1383 chan->unacked_frames++;
23e9fde2 1384
6a026610 1385 chan->frames_sent++;
1c2acffb 1386
58d35f87
GP		 1387 if (skb_queue_is_last(&chan->tx_q, skb))
1388 chan->tx_send_head = NULL;
1c2acffb 1389 else
58d35f87 1390 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
9e917af1
GP		 1391
1392 nsent++;
1c2acffb
GP		 1393 }
1394
9e917af1
GP		 1395 return nsent;
1396}
1397
525cd185 1398static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1399{
dfc909be
GP		 1400 int ret;
1401
58d35f87
GP		 1402 if (!skb_queue_empty(&chan->tx_q))
1403 chan->tx_send_head = chan->tx_q.next;
dfc909be 1404
42e5c802 1405 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1406 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1407 return ret;
1408}
1409
525cd185 1410static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1411{
9e917af1
GP		 1412 u16 control = 0;
1413
0b209fae 1414 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1415
e2ab4353 1416 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1417 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1418 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1419 l2cap_send_sframe(chan, control);
9a9c6a34 1420 return;
9e917af1 1421 }
dfc909be 1422
525cd185 1423 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1424 return;
1425
ab784b73 1426 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1427 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1428}
1429
525cd185 1430static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1431{
1432 struct srej_list *tail;
1433 u16 control;
1434
ab784b73 1435 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1436 control |= __set_ctrl_final(chan);
99b0d4b7 1437
39d5a3ee 1438 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1439 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1440
525cd185 1441 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1442}
1443
1c2acffb
GP		 1444static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1445{
8c1d787b 1446 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1c2acffb
GP		 1447 struct sk_buff **frag;
1448 int err, sent = 0;
1da177e4 1449
59203a21 1450 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1451 return -EFAULT;
1da177e4
LT		 1452
1453 sent += count;
1454 len -= count;
1455
1456 /* Continuation fragments (no L2CAP header) */
1457 frag = &skb_shinfo(skb)->frag_list;
1458 while (len) {
1459 count = min_t(unsigned int, conn->mtu, len);
1460
1461 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1462 if (!*frag)
0175d629 1463 return err;
1c2acffb
GP		 1464 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1465 return -EFAULT;
1da177e4
LT		 1466
1467 sent += count;
1468 len -= count;
1469
1470 frag = &(*frag)->next;
1471 }
1da177e4
LT		 1472
1473 return sent;
1c2acffb 1474}
1da177e4 1475
67c9e840 1476static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1477{
fe4128e0 1478 struct sock *sk = chan->sk;
8c1d787b 1479 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1480 struct sk_buff *skb;
1481 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1482 struct l2cap_hdr *lh;
1483
1484 BT_DBG("sk %p len %d", sk, (int)len);
1485
1486 count = min_t(unsigned int, (conn->mtu - hlen), len);
1487 skb = bt_skb_send_alloc(sk, count + hlen,
1488 msg->msg_flags & MSG_DONTWAIT, &err);
1489 if (!skb)
0175d629 1490 return ERR_PTR(err);
1c2acffb
GP		 1491
1492 /* Create L2CAP header */
1493 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1494 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1495 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1496 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb
GP		 1497
1498 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1499 if (unlikely(err < 0)) {
1500 kfree_skb(skb);
1501 return ERR_PTR(err);
1502 }
1503 return skb;
1504}
1505
67c9e840 1506static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1507{
fe4128e0 1508 struct sock *sk = chan->sk;
8c1d787b 1509 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1510 struct sk_buff *skb;
1511 int err, count, hlen = L2CAP_HDR_SIZE;
1512 struct l2cap_hdr *lh;
1513
1514 BT_DBG("sk %p len %d", sk, (int)len);
1515
1516 count = min_t(unsigned int, (conn->mtu - hlen), len);
1517 skb = bt_skb_send_alloc(sk, count + hlen,
1518 msg->msg_flags & MSG_DONTWAIT, &err);
1519 if (!skb)
0175d629 1520 return ERR_PTR(err);
1c2acffb
GP		 1521
1522 /* Create L2CAP header */
1523 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1524 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1525 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1526
1527 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1528 if (unlikely(err < 0)) {
1529 kfree_skb(skb);
1530 return ERR_PTR(err);
1531 }
1532 return skb;
1533}
1534
ab0ff76d
LAD		 1535static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1536 struct msghdr *msg, size_t len,
1537 u16 control, u16 sdulen)
1c2acffb 1538{
47d1ec61 1539 struct sock *sk = chan->sk;
8c1d787b 1540 struct l2cap_conn *conn = chan->conn;
1c2acffb 1541 struct sk_buff *skb;
e4ca6d98 1542 int err, count, hlen;
1c2acffb
GP		 1543 struct l2cap_hdr *lh;
1544
1545 BT_DBG("sk %p len %d", sk, (int)len);
1546
0ee0d208
GP		 1547 if (!conn)
1548 return ERR_PTR(-ENOTCONN);
1549
e4ca6d98
AE		 1550 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1551 hlen = L2CAP_EXT_HDR_SIZE;
1552 else
1553 hlen = L2CAP_ENH_HDR_SIZE;
1554
c74e560c
GP		 1555 if (sdulen)
1556 hlen += 2;
1557
47d1ec61 1558 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1559 hlen += 2;
1560
1c2acffb
GP		 1561 count = min_t(unsigned int, (conn->mtu - hlen), len);
1562 skb = bt_skb_send_alloc(sk, count + hlen,
1563 msg->msg_flags & MSG_DONTWAIT, &err);
1564 if (!skb)
0175d629 1565 return ERR_PTR(err);
1c2acffb
GP		 1566
1567 /* Create L2CAP header */
1568 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1569 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1570 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1571 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1572 if (sdulen)
1573 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1574
1575 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1576 if (unlikely(err < 0)) {
1577 kfree_skb(skb);
1578 return ERR_PTR(err);
1579 }
e90bac06 1580
47d1ec61 1581 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1582 put_unaligned_le16(0, skb_put(skb, 2));
1583
e90bac06 1584 bt_cb(skb)->retries = 0;
1c2acffb 1585 return skb;
1da177e4
LT		 1586}
1587
67c9e840 1588static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1589{
c74e560c
GP		 1590 struct sk_buff *skb;
1591 struct sk_buff_head sar_queue;
1592 u16 control;
1593 size_t size = 0;
1594
ff12fd64 1595 skb_queue_head_init(&sar_queue);
7e0ef6ee 1596 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1597 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1598 if (IS_ERR(skb))
1599 return PTR_ERR(skb);
1600
1601 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1602 len -= chan->remote_mps;
1603 size += chan->remote_mps;
c74e560c
GP		 1604
1605 while (len > 0) {
1606 size_t buflen;
1607
2c03a7a4 1608 if (len > chan->remote_mps) {
7e0ef6ee 1609 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1610 buflen = chan->remote_mps;
c74e560c 1611 } else {
7e0ef6ee 1612 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1613 buflen = len;
1614 }
1615
47d1ec61 1616 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1617 if (IS_ERR(skb)) {
1618 skb_queue_purge(&sar_queue);
1619 return PTR_ERR(skb);
1620 }
1621
1622 __skb_queue_tail(&sar_queue, skb);
1623 len -= buflen;
1624 size += buflen;
c74e560c 1625 }
58d35f87
GP		 1626 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1627 if (chan->tx_send_head == NULL)
1628 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1629
1630 return size;
1631}
1632
9a91a04a
GP		 1633int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1634{
9a91a04a
GP		 1635 struct sk_buff *skb;
1636 u16 control;
1637 int err;
1638
1639 /* Connectionless channel */
715ec005 1640 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
9a91a04a
GP		 1641 skb = l2cap_create_connless_pdu(chan, msg, len);
1642 if (IS_ERR(skb))
1643 return PTR_ERR(skb);
1644
1645 l2cap_do_send(chan, skb);
1646 return len;
1647 }
1648
1649 switch (chan->mode) {
1650 case L2CAP_MODE_BASIC:
1651 /* Check outgoing MTU */
1652 if (len > chan->omtu)
1653 return -EMSGSIZE;
1654
1655 /* Create a basic PDU */
1656 skb = l2cap_create_basic_pdu(chan, msg, len);
1657 if (IS_ERR(skb))
1658 return PTR_ERR(skb);
1659
1660 l2cap_do_send(chan, skb);
1661 err = len;
1662 break;
1663
1664 case L2CAP_MODE_ERTM:
1665 case L2CAP_MODE_STREAMING:
1666 /* Entire SDU fits into one PDU */
1667 if (len <= chan->remote_mps) {
7e0ef6ee 1668 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1669 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1670 0);
1671 if (IS_ERR(skb))
1672 return PTR_ERR(skb);
1673
1674 __skb_queue_tail(&chan->tx_q, skb);
1675
1676 if (chan->tx_send_head == NULL)
1677 chan->tx_send_head = skb;
1678
1679 } else {
1680 /* Segment SDU into multiples PDUs */
1681 err = l2cap_sar_segment_sdu(chan, msg, len);
1682 if (err < 0)
1683 return err;
1684 }
1685
1686 if (chan->mode == L2CAP_MODE_STREAMING) {
1687 l2cap_streaming_send(chan);
1688 err = len;
1689 break;
1690 }
1691
e2ab4353
GP		 1692 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1693 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1694 err = len;
1695 break;
1696 }
1697
1698 err = l2cap_ertm_send(chan);
1699 if (err >= 0)
1700 err = len;
1701
1702 break;
1703
1704 default:
1705 BT_DBG("bad state %1.1x", chan->mode);
1706 err = -EBADFD;
1707 }
1708
1709 return err;
1710}
1711
1da177e4
LT		 1712/* Copy frame to all raw sockets on that connection */
1713static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1714{
1da177e4 1715 struct sk_buff *nskb;
48454079 1716 struct l2cap_chan *chan;
1da177e4
LT		 1717
1718 BT_DBG("conn %p", conn);
1719
baa7e1fa
GP		 1720 read_lock(&conn->chan_lock);
1721 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1722 struct sock *sk = chan->sk;
715ec005 1723 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1724 continue;
1725
1726 /* Don't send frame to the socket it came from */
1727 if (skb->sk == sk)
1728 continue;
af05b30b
GP		 1729 nskb = skb_clone(skb, GFP_ATOMIC);
1730 if (!nskb)
1da177e4
LT		 1731 continue;
1732
23070494 1733 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1734 kfree_skb(nskb);
1735 }
baa7e1fa 1736 read_unlock(&conn->chan_lock);
1da177e4
LT		 1737}
1738
1739/* ---- L2CAP signalling commands ---- */
1740static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1741 u8 code, u8 ident, u16 dlen, void *data)
1742{
1743 struct sk_buff *skb, **frag;
1744 struct l2cap_cmd_hdr *cmd;
1745 struct l2cap_hdr *lh;
1746 int len, count;
1747
af05b30b
GP		 1748 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1749 conn, code, ident, dlen);
1da177e4
LT		 1750
1751 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1752 count = min_t(unsigned int, conn->mtu, len);
1753
1754 skb = bt_skb_alloc(count, GFP_ATOMIC);
1755 if (!skb)
1756 return NULL;
1757
1758 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1759 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1760
1761 if (conn->hcon->type == LE_LINK)
1762 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1763 else
1764 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1765
1766 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1767 cmd->code = code;
1768 cmd->ident = ident;
aca3192c 1769 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1770
1771 if (dlen) {
1772 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1773 memcpy(skb_put(skb, count), data, count);
1774 data += count;
1775 }
1776
1777 len -= skb->len;
1778
1779 /* Continuation fragments (no L2CAP header) */
1780 frag = &skb_shinfo(skb)->frag_list;
1781 while (len) {
1782 count = min_t(unsigned int, conn->mtu, len);
1783
1784 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1785 if (!*frag)
1786 goto fail;
1787
1788 memcpy(skb_put(*frag, count), data, count);
1789
1790 len -= count;
1791 data += count;
1792
1793 frag = &(*frag)->next;
1794 }
1795
1796 return skb;
1797
1798fail:
1799 kfree_skb(skb);
1800 return NULL;
1801}
1802
1803static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1804{
1805 struct l2cap_conf_opt *opt = *ptr;
1806 int len;
1807
1808 len = L2CAP_CONF_OPT_SIZE + opt->len;
1809 *ptr += len;
1810
1811 *type = opt->type;
1812 *olen = opt->len;
1813
1814 switch (opt->len) {
1815 case 1:
1816 *val = *((u8 *) opt->val);
1817 break;
1818
1819 case 2:
bfaaeb3e 1820 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1821 break;
1822
1823 case 4:
bfaaeb3e 1824 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1825 break;
1826
1827 default:
1828 *val = (unsigned long) opt->val;
1829 break;
1830 }
1831
1832 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1833 return len;
1834}
1835
1da177e4
LT		 1836static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1837{
1838 struct l2cap_conf_opt *opt = *ptr;
1839
1840 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1841
1842 opt->type = type;
1843 opt->len = len;
1844
1845 switch (len) {
1846 case 1:
1847 *((u8 *) opt->val) = val;
1848 break;
1849
1850 case 2:
4f8b691c 1851 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1852 break;
1853
1854 case 4:
4f8b691c 1855 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1856 break;
1857
1858 default:
1859 memcpy(opt->val, (void *) val, len);
1860 break;
1861 }
1862
1863 *ptr += L2CAP_CONF_OPT_SIZE + len;
1864}
1865
c1b4f43b
GP		 1866static void l2cap_ack_timeout(unsigned long arg)
1867{
525cd185 1868 struct l2cap_chan *chan = (void *) arg;
c1b4f43b 1869
525cd185
GP		 1870 bh_lock_sock(chan->sk);
1871 l2cap_send_ack(chan);
1872 bh_unlock_sock(chan->sk);
c1b4f43b
GP		 1873}
1874
525cd185 1875static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 1876{
525cd185
GP		 1877 struct sock *sk = chan->sk;
1878
42e5c802 1879 chan->expected_ack_seq = 0;
6a026610 1880 chan->unacked_frames = 0;
42e5c802 1881 chan->buffer_seq = 0;
6a026610
GP		 1882 chan->num_acked = 0;
1883 chan->frames_sent = 0;
0565c1c2 1884
e92c8e70
GP		 1885 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1886 (unsigned long) chan);
1887 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1888 (unsigned long) chan);
1889 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
0565c1c2 1890
f1c6775b 1891 skb_queue_head_init(&chan->srej_q);
1890d36b 1892
39d5a3ee
GP		 1893 INIT_LIST_HEAD(&chan->srej_l);
1894
218bb9df
GP		 1895
1896 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1897}
1898
f2fcfcd6
GP		 1899static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1900{
1901 switch (mode) {
1902 case L2CAP_MODE_STREAMING:
1903 case L2CAP_MODE_ERTM:
1904 if (l2cap_mode_supported(mode, remote_feat_mask))
1905 return mode;
1906 /* fall through */
1907 default:
1908 return L2CAP_MODE_BASIC;
1909 }
1910}
1911
6327eb98
AE		 1912static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
1913{
1914 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
1915}
1916
1917static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
1918{
1919 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
1920 __l2cap_ews_supported(chan))
1921 /* use extended control field */
1922 set_bit(FLAG_EXT_CTRL, &chan->flags);
1923 else
1924 chan->tx_win = min_t(u16, chan->tx_win,
1925 L2CAP_DEFAULT_TX_WINDOW);
1926}
1927
710f9b0a 1928static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1929{
1da177e4 1930 struct l2cap_conf_req *req = data;
0c1bc5c6 1931 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4
LT		 1932 void *ptr = req->data;
1933
49208c9c 1934 BT_DBG("chan %p", chan);
1da177e4 1935
73ffa904 1936 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 1937 goto done;
1938
0c1bc5c6 1939 switch (chan->mode) {
f2fcfcd6
GP		 1940 case L2CAP_MODE_STREAMING:
1941 case L2CAP_MODE_ERTM:
c1360a1c 1942 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 1943 break;
85eb53c6 1944
2ba13ed6 1945 /* fall through */
f2fcfcd6 1946 default:
8c1d787b 1947 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 1948 break;
1949 }
1950
1951done:
0c1bc5c6
GP		 1952 if (chan->imtu != L2CAP_DEFAULT_MTU)
1953 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 1954
0c1bc5c6 1955 switch (chan->mode) {
65c7c491 1956 case L2CAP_MODE_BASIC:
8c1d787b
GP		 1957 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1958 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 1959 break;
1960
62547752
GP		 1961 rfc.mode = L2CAP_MODE_BASIC;
1962 rfc.txwin_size = 0;
1963 rfc.max_transmit = 0;
1964 rfc.retrans_timeout = 0;
1965 rfc.monitor_timeout = 0;
1966 rfc.max_pdu_size = 0;
1967
63406504
GP		 1968 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1969 (unsigned long) &rfc);
65c7c491
MH		 1970 break;
1971
1972 case L2CAP_MODE_ERTM:
1973 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 1974 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 1975 rfc.retrans_timeout = 0;
1976 rfc.monitor_timeout = 0;
c74e560c 1977 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1978 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1979 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
f2fcfcd6 1980
6327eb98
AE		 1981 l2cap_txwin_setup(chan);
1982
1983 rfc.txwin_size = min_t(u16, chan->tx_win,
1984 L2CAP_DEFAULT_TX_WINDOW);
1985
63406504
GP		 1986 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1987 (unsigned long) &rfc);
1988
8c1d787b 1989 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1990 break;
1991
47d1ec61 1992 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 1993 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 1994 chan->fcs = L2CAP_FCS_NONE;
1995 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1996 }
6327eb98
AE		 1997
1998 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1999 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2000 chan->tx_win);
f2fcfcd6
GP		 2001 break;
2002
2003 case L2CAP_MODE_STREAMING:
2004 rfc.mode = L2CAP_MODE_STREAMING;
2005 rfc.txwin_size = 0;
2006 rfc.max_transmit = 0;
2007 rfc.retrans_timeout = 0;
2008 rfc.monitor_timeout = 0;
c74e560c 2009 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 2010 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
2011 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
65c7c491 2012
63406504
GP		 2013 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2014 (unsigned long) &rfc);
2015
8c1d787b 2016 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2017 break;
2018
47d1ec61 2019 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2020 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2021 chan->fcs = L2CAP_FCS_NONE;
2022 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2023 }
65c7c491
MH		 2024 break;
2025 }
1da177e4 2026
fe4128e0 2027 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2028 req->flags = cpu_to_le16(0);
1da177e4
LT		 2029
2030 return ptr - data;
2031}
2032
73ffa904 2033static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2034{
5dee9e7c
MH		 2035 struct l2cap_conf_rsp *rsp = data;
2036 void *ptr = rsp->data;
73ffa904
GP		 2037 void *req = chan->conf_req;
2038 int len = chan->conf_len;
5dee9e7c
MH		 2039 int type, hint, olen;
2040 unsigned long val;
6464f35f 2041 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 2042 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2043 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 2044
73ffa904 2045 BT_DBG("chan %p", chan);
820ae1b8 2046
5dee9e7c
MH		 2047 while (len >= L2CAP_CONF_OPT_SIZE) {
2048 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2049
589d2746 2050 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2051 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2052
2053 switch (type) {
2054 case L2CAP_CONF_MTU:
861d6882 2055 mtu = val;
5dee9e7c
MH		 2056 break;
2057
2058 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2059 chan->flush_to = val;
5dee9e7c
MH		 2060 break;
2061
2062 case L2CAP_CONF_QOS:
2063 break;
2064
6464f35f
MH		 2065 case L2CAP_CONF_RFC:
2066 if (olen == sizeof(rfc))
2067 memcpy(&rfc, (void *) val, olen);
2068 break;
2069
fcc203c3
GP		 2070 case L2CAP_CONF_FCS:
2071 if (val == L2CAP_FCS_NONE)
c1360a1c 2072 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
fcc203c3
GP		 2073
2074 break;
2075
6327eb98
AE		 2076 case L2CAP_CONF_EWS:
2077 if (!enable_hs)
2078 return -ECONNREFUSED;
2079
2080 set_bit(FLAG_EXT_CTRL, &chan->flags);
2081 set_bit(CONF_EWS_RECV, &chan->conf_state);
2082 chan->remote_tx_win = val;
2083 break;
2084
5dee9e7c
MH		 2085 default:
2086 if (hint)
2087 break;
2088
2089 result = L2CAP_CONF_UNKNOWN;
2090 *((u8 *) ptr++) = type;
2091 break;
2092 }
2093 }
2094
73ffa904 2095 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2096 goto done;
2097
0c1bc5c6 2098 switch (chan->mode) {
f2fcfcd6
GP		 2099 case L2CAP_MODE_STREAMING:
2100 case L2CAP_MODE_ERTM:
c1360a1c 2101 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2102 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2103 chan->conn->feat_mask);
85eb53c6
GP		 2104 break;
2105 }
2106
0c1bc5c6 2107 if (chan->mode != rfc.mode)
f2fcfcd6 2108 return -ECONNREFUSED;
742e519b 2109
f2fcfcd6 2110 break;
f2fcfcd6
GP		 2111 }
2112
2113done:
0c1bc5c6 2114 if (chan->mode != rfc.mode) {
f2fcfcd6 2115 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2116 rfc.mode = chan->mode;
f2fcfcd6 2117
73ffa904 2118 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2119 return -ECONNREFUSED;
2120
2121 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2122 sizeof(rfc), (unsigned long) &rfc);
2123 }
2124
2125
5dee9e7c
MH		 2126 if (result == L2CAP_CONF_SUCCESS) {
2127 /* Configure output options and let the other side know
2128 * which ones we don't like. */
2129
f2fcfcd6
GP		 2130 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2131 result = L2CAP_CONF_UNACCEPT;
2132 else {
0c1bc5c6 2133 chan->omtu = mtu;
c1360a1c 2134 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2135 }
0c1bc5c6 2136 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2137
f2fcfcd6
GP		 2138 switch (rfc.mode) {
2139 case L2CAP_MODE_BASIC:
47d1ec61 2140 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2141 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2142 break;
2143
2144 case L2CAP_MODE_ERTM:
6327eb98
AE		 2145 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2146 chan->remote_tx_win = rfc.txwin_size;
2147 else
2148 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2149
2c03a7a4 2150 chan->remote_max_tx = rfc.max_transmit;
86b1b263 2151
8c1d787b
GP		 2152 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2153 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2154
2c03a7a4 2155 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2156
10467e9e
GP		 2157 rfc.retrans_timeout =
2158 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2159 rfc.monitor_timeout =
2160 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2161
c1360a1c 2162 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2163
2164 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2165 sizeof(rfc), (unsigned long) &rfc);
2166
f2fcfcd6
GP		 2167 break;
2168
2169 case L2CAP_MODE_STREAMING:
8c1d787b
GP		 2170 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2171 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2172
2c03a7a4 2173 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2174
c1360a1c 2175 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2176
2177 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2178 sizeof(rfc), (unsigned long) &rfc);
2179
f2fcfcd6
GP		 2180 break;
2181
2182 default:
5dee9e7c 2183 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2184
6464f35f 2185 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2186 rfc.mode = chan->mode;
f2fcfcd6 2187 }
6464f35f 2188
f2fcfcd6 2189 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2190 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2191 }
fe4128e0 2192 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2193 rsp->result = cpu_to_le16(result);
2194 rsp->flags = cpu_to_le16(0x0000);
2195
2196 return ptr - data;
1da177e4
LT		 2197}
2198
b4450035 2199static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2200{
f2fcfcd6
GP		 2201 struct l2cap_conf_req *req = data;
2202 void *ptr = req->data;
2203 int type, olen;
2204 unsigned long val;
2205 struct l2cap_conf_rfc rfc;
2206
fe4128e0 2207 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2208
2209 while (len >= L2CAP_CONF_OPT_SIZE) {
2210 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2211
2212 switch (type) {
2213 case L2CAP_CONF_MTU:
2214 if (val < L2CAP_DEFAULT_MIN_MTU) {
2215 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2216 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2217 } else
0c1bc5c6
GP		 2218 chan->imtu = val;
2219 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2220 break;
2221
2222 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2223 chan->flush_to = val;
f2fcfcd6 2224 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2225 2, chan->flush_to);
f2fcfcd6
GP		 2226 break;
2227
2228 case L2CAP_CONF_RFC:
2229 if (olen == sizeof(rfc))
2230 memcpy(&rfc, (void *)val, olen);
2231
c1360a1c 2232 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2233 rfc.mode != chan->mode)
f2fcfcd6
GP		 2234 return -ECONNREFUSED;
2235
47d1ec61 2236 chan->fcs = 0;
f2fcfcd6
GP		 2237
2238 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2239 sizeof(rfc), (unsigned long) &rfc);
2240 break;
6327eb98
AE		 2241
2242 case L2CAP_CONF_EWS:
2243 chan->tx_win = min_t(u16, val,
2244 L2CAP_DEFAULT_EXT_WINDOW);
2245 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS,
2246 2, chan->tx_win);
2247 break;
f2fcfcd6
GP		 2248 }
2249 }
2250
0c1bc5c6 2251 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2252 return -ECONNREFUSED;
2253
0c1bc5c6 2254 chan->mode = rfc.mode;
6c2ea7a8 2255
f2fcfcd6
GP		 2256 if (*result == L2CAP_CONF_SUCCESS) {
2257 switch (rfc.mode) {
2258 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2259 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2260 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2261 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2262 break;
2263 case L2CAP_MODE_STREAMING:
47d1ec61 2264 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2265 }
2266 }
2267
fe4128e0 2268 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2269 req->flags = cpu_to_le16(0x0000);
2270
2271 return ptr - data;
2272}
2273
fe4128e0 2274static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2275{
2276 struct l2cap_conf_rsp *rsp = data;
2277 void *ptr = rsp->data;
1da177e4 2278
fe4128e0 2279 BT_DBG("chan %p", chan);
1da177e4 2280
fe4128e0 2281 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2282 rsp->result = cpu_to_le16(result);
aca3192c 2283 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2284
2285 return ptr - data;
2286}
2287
8c1d787b 2288void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2289{
2290 struct l2cap_conn_rsp rsp;
8c1d787b 2291 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2292 u8 buf[128];
2293
fe4128e0
GP		 2294 rsp.scid = cpu_to_le16(chan->dcid);
2295 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2296 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2297 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2298 l2cap_send_cmd(conn, chan->ident,
2299 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2300
c1360a1c 2301 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2302 return;
2303
710f9b0a
GP		 2304 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2305 l2cap_build_conf_req(chan, buf), buf);
2306 chan->num_conf_req++;
2307}
2308
47d1ec61 2309static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2310{
7b1c0049
GP		 2311 int type, olen;
2312 unsigned long val;
2313 struct l2cap_conf_rfc rfc;
2314
47d1ec61 2315 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2316
0c1bc5c6 2317 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2318 return;
2319
2320 while (len >= L2CAP_CONF_OPT_SIZE) {
2321 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2322
2323 switch (type) {
2324 case L2CAP_CONF_RFC:
2325 if (olen == sizeof(rfc))
2326 memcpy(&rfc, (void *)val, olen);
2327 goto done;
2328 }
2329 }
2330
2331done:
2332 switch (rfc.mode) {
2333 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2334 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2335 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2336 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2337 break;
2338 case L2CAP_MODE_STREAMING:
47d1ec61 2339 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2340 }
2341}
2342
4e8402a3
MH		 2343static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2344{
e2fd318e 2345 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2346
e2fd318e 2347 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2348 return 0;
2349
2350 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2351 cmd->ident == conn->info_ident) {
4e8402a3 2352 del_timer(&conn->info_timer);
984947dc
MH		 2353
2354 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2355 conn->info_ident = 0;
984947dc 2356
4e8402a3
MH		 2357 l2cap_conn_start(conn);
2358 }
2359
2360 return 0;
2361}
2362
1da177e4
LT		 2363static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2364{
1da177e4
LT		 2365 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2366 struct l2cap_conn_rsp rsp;
23691d75 2367 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2368 struct sock *parent, *sk = NULL;
e7c29cb1 2369 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2370
2371 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2372 __le16 psm = req->psm;
1da177e4
LT		 2373
2374 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2375
2376 /* Check if we have socket listening on psm */
23691d75
GP		 2377 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2378 if (!pchan) {
1da177e4
LT		 2379 result = L2CAP_CR_BAD_PSM;
2380 goto sendresp;
2381 }
2382
23691d75
GP		 2383 parent = pchan->sk;
2384
e0f0cb56
GP		 2385 bh_lock_sock(parent);
2386
e7c29cb1
MH		 2387 /* Check if the ACL is secure enough (if not SDP) */
2388 if (psm != cpu_to_le16(0x0001) &&
2389 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2390 conn->disc_reason = 0x05;
e7c29cb1
MH		 2391 result = L2CAP_CR_SEC_BLOCK;
2392 goto response;
2393 }
2394
1da177e4
LT		 2395 result = L2CAP_CR_NO_MEM;
2396
2397 /* Check for backlog size */
2398 if (sk_acceptq_is_full(parent)) {
8e87d142 2399 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2400 goto response;
2401 }
2402
80808e43
GP		 2403 chan = pchan->ops->new_connection(pchan->data);
2404 if (!chan)
1da177e4
LT		 2405 goto response;
2406
80808e43
GP		 2407 sk = chan->sk;
2408
baa7e1fa 2409 write_lock_bh(&conn->chan_lock);
1da177e4
LT		 2410
2411 /* Check if we already have channel with that dcid */
baa7e1fa
GP		 2412 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2413 write_unlock_bh(&conn->chan_lock);
1da177e4 2414 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2415 chan->ops->close(chan->data);
1da177e4
LT		 2416 goto response;
2417 }
2418
2419 hci_conn_hold(conn->hcon);
2420
1da177e4
LT		 2421 bacpy(&bt_sk(sk)->src, conn->src);
2422 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2423 chan->psm = psm;
2424 chan->dcid = scid;
1da177e4 2425
d1010240
GP		 2426 bt_accept_enqueue(parent, sk);
2427
48454079
GP		 2428 __l2cap_chan_add(conn, chan);
2429
fe4128e0 2430 dcid = chan->scid;
1da177e4 2431
c9b66675 2432 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2433
fc7f8a7e 2434 chan->ident = cmd->ident;
1da177e4 2435
984947dc 2436 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
4343478f 2437 if (l2cap_check_security(chan)) {
f66dc81f 2438 if (bt_sk(sk)->defer_setup) {
89bc500e 2439 l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2440 result = L2CAP_CR_PEND;
2441 status = L2CAP_CS_AUTHOR_PEND;
2442 parent->sk_data_ready(parent, 0);
2443 } else {
89bc500e 2444 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2445 result = L2CAP_CR_SUCCESS;
2446 status = L2CAP_CS_NO_INFO;
2447 }
79d554a6 2448 } else {
89bc500e 2449 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2450 result = L2CAP_CR_PEND;
2451 status = L2CAP_CS_AUTHEN_PEND;
2452 }
2453 } else {
89bc500e 2454 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2455 result = L2CAP_CR_PEND;
2456 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2457 }
2458
baa7e1fa 2459 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2460
2461response:
2462 bh_unlock_sock(parent);
2463
2464sendresp:
aca3192c
YH		 2465 rsp.scid = cpu_to_le16(scid);
2466 rsp.dcid = cpu_to_le16(dcid);
2467 rsp.result = cpu_to_le16(result);
2468 rsp.status = cpu_to_le16(status);
1da177e4 2469 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2470
2471 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2472 struct l2cap_info_req info;
2473 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2474
2475 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2476 conn->info_ident = l2cap_get_ident(conn);
2477
2478 mod_timer(&conn->info_timer, jiffies +
2479 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2480
2481 l2cap_send_cmd(conn, conn->info_ident,
2482 L2CAP_INFO_REQ, sizeof(info), &info);
2483 }
2484
c1360a1c 2485 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2486 result == L2CAP_CR_SUCCESS) {
2487 u8 buf[128];
c1360a1c 2488 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2489 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2490 l2cap_build_conf_req(chan, buf), buf);
2491 chan->num_conf_req++;
e9aeb2dd
GP		 2492 }
2493
1da177e4
LT		 2494 return 0;
2495}
2496
2497static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2498{
2499 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2500 u16 scid, dcid, result, status;
48454079 2501 struct l2cap_chan *chan;
1da177e4
LT		 2502 struct sock *sk;
2503 u8 req[128];
2504
2505 scid = __le16_to_cpu(rsp->scid);
2506 dcid = __le16_to_cpu(rsp->dcid);
2507 result = __le16_to_cpu(rsp->result);
2508 status = __le16_to_cpu(rsp->status);
2509
2510 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2511
2512 if (scid) {
baa7e1fa 2513 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2514 if (!chan)
57d3b22b 2515 return -EFAULT;
1da177e4 2516 } else {
baa7e1fa 2517 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
48454079 2518 if (!chan)
57d3b22b 2519 return -EFAULT;
1da177e4
LT		 2520 }
2521
48454079
GP		 2522 sk = chan->sk;
2523
1da177e4
LT		 2524 switch (result) {
2525 case L2CAP_CR_SUCCESS:
89bc500e 2526 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2527 chan->ident = 0;
fe4128e0 2528 chan->dcid = dcid;
c1360a1c 2529 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2530
c1360a1c 2531 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2532 break;
2533
1da177e4 2534 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2535 l2cap_build_conf_req(chan, req), req);
2536 chan->num_conf_req++;
1da177e4
LT		 2537 break;
2538
2539 case L2CAP_CR_PEND:
c1360a1c 2540 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2541 break;
2542
2543 default:
a49184c2
AE		 2544 /* don't delete l2cap channel if sk is owned by user */
2545 if (sock_owned_by_user(sk)) {
89bc500e 2546 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2547 __clear_chan_timer(chan);
2548 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2549 break;
2550 }
2551
48454079 2552 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2553 break;
2554 }
2555
2556 bh_unlock_sock(sk);
2557 return 0;
2558}
2559
47d1ec61 2560static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2561{
2562 /* FCS is enabled only in ERTM or streaming mode, if one or both
2563 * sides request it.
2564 */
0c1bc5c6 2565 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2566 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2567 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2568 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2569}
2570
88219a0f 2571static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2572{
2573 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2574 u16 dcid, flags;
2575 u8 rsp[64];
48454079 2576 struct l2cap_chan *chan;
1da177e4 2577 struct sock *sk;
5dee9e7c 2578 int len;
1da177e4
LT		 2579
2580 dcid = __le16_to_cpu(req->dcid);
2581 flags = __le16_to_cpu(req->flags);
2582
2583 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2584
baa7e1fa 2585 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2586 if (!chan)
1da177e4
LT		 2587 return -ENOENT;
2588
48454079
GP		 2589 sk = chan->sk;
2590
033b1142 2591 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2592 struct l2cap_cmd_rej_cid rej;
2593
2594 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2595 rej.scid = cpu_to_le16(chan->scid);
2596 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2597
df6bd743
GP		 2598 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2599 sizeof(rej), &rej);
354f60a9 2600 goto unlock;
df6bd743 2601 }
354f60a9 2602
5dee9e7c 2603 /* Reject if config buffer is too small. */
88219a0f 2604 len = cmd_len - sizeof(*req);
7ac28817 2605 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2606 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2607 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2608 L2CAP_CONF_REJECT, flags), rsp);
2609 goto unlock;
2610 }
2611
2612 /* Store config. */
73ffa904
GP		 2613 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2614 chan->conf_len += len;
1da177e4
LT		 2615
2616 if (flags & 0x0001) {
2617 /* Incomplete config. Send empty response. */
2618 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2619 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2620 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2621 goto unlock;
2622 }
2623
2624 /* Complete config. */
73ffa904 2625 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2626 if (len < 0) {
e92c8e70 2627 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2628 goto unlock;
f2fcfcd6 2629 }
1da177e4 2630
5dee9e7c 2631 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2632 chan->num_conf_rsp++;
5dee9e7c 2633
5dee9e7c 2634 /* Reset config buffer. */
73ffa904 2635 chan->conf_len = 0;
5dee9e7c 2636
c1360a1c 2637 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2638 goto unlock;
2639
c1360a1c 2640 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2641 set_default_fcs(chan);
fcc203c3 2642
89bc500e 2643 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2644
42e5c802
GP		 2645 chan->next_tx_seq = 0;
2646 chan->expected_tx_seq = 0;
58d35f87 2647 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2648 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2649 l2cap_ertm_init(chan);
0565c1c2 2650
1da177e4 2651 l2cap_chan_ready(sk);
876d9484
MH		 2652 goto unlock;
2653 }
2654
c1360a1c 2655 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2656 u8 buf[64];
1da177e4 2657 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2658 l2cap_build_conf_req(chan, buf), buf);
2659 chan->num_conf_req++;
1da177e4
LT		 2660 }
2661
2662unlock:
2663 bh_unlock_sock(sk);
2664 return 0;
2665}
2666
2667static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2668{
2669 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2670 u16 scid, flags, result;
48454079 2671 struct l2cap_chan *chan;
1da177e4 2672 struct sock *sk;
7b1c0049 2673 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2674
2675 scid = __le16_to_cpu(rsp->scid);
2676 flags = __le16_to_cpu(rsp->flags);
2677 result = __le16_to_cpu(rsp->result);
2678
af05b30b
GP		 2679 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2680 scid, flags, result);
1da177e4 2681
baa7e1fa 2682 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2683 if (!chan)
1da177e4
LT		 2684 return 0;
2685
48454079
GP		 2686 sk = chan->sk;
2687
1da177e4
LT		 2688 switch (result) {
2689 case L2CAP_CONF_SUCCESS:
47d1ec61 2690 l2cap_conf_rfc_get(chan, rsp->data, len);
1da177e4
LT		 2691 break;
2692
2693 case L2CAP_CONF_UNACCEPT:
73ffa904 2694 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2695 char req[64];
2696
c2c77ec8 2697 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2698 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2699 goto done;
2700 }
2701
f2fcfcd6
GP		 2702 /* throw out any old stored conf requests */
2703 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2704 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2705 req, &result);
f2fcfcd6 2706 if (len < 0) {
e92c8e70 2707 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2708 goto done;
2709 }
2710
2711 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2712 L2CAP_CONF_REQ, len, req);
73ffa904 2713 chan->num_conf_req++;
f2fcfcd6
GP		 2714 if (result != L2CAP_CONF_SUCCESS)
2715 goto done;
2716 break;
1da177e4
LT		 2717 }
2718
8e87d142 2719 default:
b1235d79 2720 sk->sk_err = ECONNRESET;
c9b66675 2721 __set_chan_timer(chan, HZ * 5);
e92c8e70 2722 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 2723 goto done;
2724 }
2725
2726 if (flags & 0x01)
2727 goto done;
2728
c1360a1c 2729 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 2730
c1360a1c 2731 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 2732 set_default_fcs(chan);
fcc203c3 2733
89bc500e 2734 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 2735 chan->next_tx_seq = 0;
2736 chan->expected_tx_seq = 0;
58d35f87 2737 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2738 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2739 l2cap_ertm_init(chan);
0565c1c2 2740
1da177e4
LT		 2741 l2cap_chan_ready(sk);
2742 }
2743
2744done:
2745 bh_unlock_sock(sk);
2746 return 0;
2747}
2748
2749static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2750{
2751 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2752 struct l2cap_disconn_rsp rsp;
2753 u16 dcid, scid;
48454079 2754 struct l2cap_chan *chan;
1da177e4
LT		 2755 struct sock *sk;
2756
2757 scid = __le16_to_cpu(req->scid);
2758 dcid = __le16_to_cpu(req->dcid);
2759
2760 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2761
baa7e1fa 2762 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2763 if (!chan)
1da177e4
LT		 2764 return 0;
2765
48454079
GP		 2766 sk = chan->sk;
2767
fe4128e0
GP		 2768 rsp.dcid = cpu_to_le16(chan->scid);
2769 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 2770 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2771
2772 sk->sk_shutdown = SHUTDOWN_MASK;
2773
a49184c2
AE		 2774 /* don't delete l2cap channel if sk is owned by user */
2775 if (sock_owned_by_user(sk)) {
89bc500e 2776 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2777 __clear_chan_timer(chan);
2778 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2779 bh_unlock_sock(sk);
2780 return 0;
2781 }
2782
48454079 2783 l2cap_chan_del(chan, ECONNRESET);
1da177e4
LT		 2784 bh_unlock_sock(sk);
2785
ba3bd0ee 2786 chan->ops->close(chan->data);
1da177e4
LT		 2787 return 0;
2788}
2789
2790static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2791{
2792 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2793 u16 dcid, scid;
48454079 2794 struct l2cap_chan *chan;
1da177e4
LT		 2795 struct sock *sk;
2796
2797 scid = __le16_to_cpu(rsp->scid);
2798 dcid = __le16_to_cpu(rsp->dcid);
2799
2800 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2801
baa7e1fa 2802 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2803 if (!chan)
1da177e4
LT		 2804 return 0;
2805
48454079
GP		 2806 sk = chan->sk;
2807
a49184c2
AE		 2808 /* don't delete l2cap channel if sk is owned by user */
2809 if (sock_owned_by_user(sk)) {
89bc500e 2810 l2cap_state_change(chan,BT_DISCONN);
c9b66675
GP		 2811 __clear_chan_timer(chan);
2812 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2813 bh_unlock_sock(sk);
2814 return 0;
2815 }
2816
48454079 2817 l2cap_chan_del(chan, 0);
1da177e4
LT		 2818 bh_unlock_sock(sk);
2819
ba3bd0ee 2820 chan->ops->close(chan->data);
1da177e4
LT		 2821 return 0;
2822}
2823
2824static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2825{
2826 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2827 u16 type;
2828
2829 type = __le16_to_cpu(req->type);
2830
2831 BT_DBG("type 0x%4.4x", type);
2832
f0709e03
MH		 2833 if (type == L2CAP_IT_FEAT_MASK) {
2834 u8 buf[8];
44dd46de 2835 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2836 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2837 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2838 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2839 if (!disable_ertm)
fcc203c3
GP		 2840 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2841 | L2CAP_FEAT_FCS;
a5fd6f30 2842 if (enable_hs)
6327eb98
AE		 2843 feat_mask |= L2CAP_FEAT_EXT_FLOW
2844 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 2845
1b7bf4ed 2846 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2847 l2cap_send_cmd(conn, cmd->ident,
2848 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2849 } else if (type == L2CAP_IT_FIXED_CHAN) {
2850 u8 buf[12];
2851 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2852 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2853 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2854 memcpy(buf + 4, l2cap_fixed_chan, 8);
2855 l2cap_send_cmd(conn, cmd->ident,
2856 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2857 } else {
2858 struct l2cap_info_rsp rsp;
2859 rsp.type = cpu_to_le16(type);
2860 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2861 l2cap_send_cmd(conn, cmd->ident,
2862 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2863 }
1da177e4
LT		 2864
2865 return 0;
2866}
2867
2868static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2869{
2870 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2871 u16 type, result;
2872
2873 type = __le16_to_cpu(rsp->type);
2874 result = __le16_to_cpu(rsp->result);
2875
2876 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2877
e90165be
AE		 2878 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2879 if (cmd->ident != conn->info_ident ||
2880 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2881 return 0;
2882
4e8402a3
MH		 2883 del_timer(&conn->info_timer);
2884
adb08ede
VT		 2885 if (result != L2CAP_IR_SUCCESS) {
2886 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2887 conn->info_ident = 0;
2888
2889 l2cap_conn_start(conn);
2890
2891 return 0;
2892 }
2893
984947dc 2894 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2895 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2896
47ec1dcd 2897 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2898 struct l2cap_info_req req;
2899 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2900
2901 conn->info_ident = l2cap_get_ident(conn);
2902
2903 l2cap_send_cmd(conn, conn->info_ident,
2904 L2CAP_INFO_REQ, sizeof(req), &req);
2905 } else {
2906 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2907 conn->info_ident = 0;
2908
2909 l2cap_conn_start(conn);
2910 }
2911 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2912 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2913 conn->info_ident = 0;
984947dc
MH		 2914
2915 l2cap_conn_start(conn);
2916 }
4e8402a3 2917
1da177e4
LT		 2918 return 0;
2919}
2920
e2174ca4 2921static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 2922 u16 to_multiplier)
2923{
2924 u16 max_latency;
2925
2926 if (min > max || min < 6 || max > 3200)
2927 return -EINVAL;
2928
2929 if (to_multiplier < 10 || to_multiplier > 3200)
2930 return -EINVAL;
2931
2932 if (max >= to_multiplier * 8)
2933 return -EINVAL;
2934
2935 max_latency = (to_multiplier * 8 / max) - 1;
2936 if (latency > 499 || latency > max_latency)
2937 return -EINVAL;
2938
2939 return 0;
2940}
2941
2942static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2943 struct l2cap_cmd_hdr *cmd, u8 *data)
2944{
2945 struct hci_conn *hcon = conn->hcon;
2946 struct l2cap_conn_param_update_req *req;
2947 struct l2cap_conn_param_update_rsp rsp;
2948 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 2949 int err;
de73115a
CT		 2950
2951 if (!(hcon->link_mode & HCI_LM_MASTER))
2952 return -EINVAL;
2953
2954 cmd_len = __le16_to_cpu(cmd->len);
2955 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2956 return -EPROTO;
2957
2958 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 2959 min = __le16_to_cpu(req->min);
2960 max = __le16_to_cpu(req->max);
de73115a
CT		 2961 latency = __le16_to_cpu(req->latency);
2962 to_multiplier = __le16_to_cpu(req->to_multiplier);
2963
2964 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2965 min, max, latency, to_multiplier);
2966
2967 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 2968
2969 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2970 if (err)
de73115a
CT		 2971 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2972 else
2973 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2974
2975 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2976 sizeof(rsp), &rsp);
2977
2ce603eb
CT		 2978 if (!err)
2979 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2980
de73115a
CT		 2981 return 0;
2982}
2983
3300d9a9
CT		 2984static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2985 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2986{
2987 int err = 0;
2988
2989 switch (cmd->code) {
2990 case L2CAP_COMMAND_REJ:
2991 l2cap_command_rej(conn, cmd, data);
2992 break;
2993
2994 case L2CAP_CONN_REQ:
2995 err = l2cap_connect_req(conn, cmd, data);
2996 break;
2997
2998 case L2CAP_CONN_RSP:
2999 err = l2cap_connect_rsp(conn, cmd, data);
3000 break;
3001
3002 case L2CAP_CONF_REQ:
3003 err = l2cap_config_req(conn, cmd, cmd_len, data);
3004 break;
3005
3006 case L2CAP_CONF_RSP:
3007 err = l2cap_config_rsp(conn, cmd, data);
3008 break;
3009
3010 case L2CAP_DISCONN_REQ:
3011 err = l2cap_disconnect_req(conn, cmd, data);
3012 break;
3013
3014 case L2CAP_DISCONN_RSP:
3015 err = l2cap_disconnect_rsp(conn, cmd, data);
3016 break;
3017
3018 case L2CAP_ECHO_REQ:
3019 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3020 break;
3021
3022 case L2CAP_ECHO_RSP:
3023 break;
3024
3025 case L2CAP_INFO_REQ:
3026 err = l2cap_information_req(conn, cmd, data);
3027 break;
3028
3029 case L2CAP_INFO_RSP:
3030 err = l2cap_information_rsp(conn, cmd, data);
3031 break;
3032
3033 default:
3034 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3035 err = -EINVAL;
3036 break;
3037 }
3038
3039 return err;
3040}
3041
3042static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3043 struct l2cap_cmd_hdr *cmd, u8 *data)
3044{
3045 switch (cmd->code) {
3046 case L2CAP_COMMAND_REJ:
3047 return 0;
3048
3049 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3050 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3051
3052 case L2CAP_CONN_PARAM_UPDATE_RSP:
3053 return 0;
3054
3055 default:
3056 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3057 return -EINVAL;
3058 }
3059}
3060
3061static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3062 struct sk_buff *skb)
1da177e4
LT		 3063{
3064 u8 *data = skb->data;
3065 int len = skb->len;
3066 struct l2cap_cmd_hdr cmd;
3300d9a9 3067 int err;
1da177e4
LT		 3068
3069 l2cap_raw_recv(conn, skb);
3070
3071 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3072 u16 cmd_len;
1da177e4
LT		 3073 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3074 data += L2CAP_CMD_HDR_SIZE;
3075 len -= L2CAP_CMD_HDR_SIZE;
3076
88219a0f 3077 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3078
88219a0f 3079 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3080
88219a0f 3081 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3082 BT_DBG("corrupted command");
3083 break;
3084 }
3085
3300d9a9
CT		 3086 if (conn->hcon->type == LE_LINK)
3087 err = l2cap_le_sig_cmd(conn, &cmd, data);
3088 else
3089 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3090
3091 if (err) {
e2fd318e 3092 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3093
3094 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3095
3096 /* FIXME: Map err to a valid reason */
e2fd318e 3097 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3098 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3099 }
3100
88219a0f
AV		 3101 data += cmd_len;
3102 len -= cmd_len;
1da177e4
LT		 3103 }
3104
3105 kfree_skb(skb);
3106}
3107
47d1ec61 3108static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3109{
3110 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3111 int hdr_size;
3112
3113 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3114 hdr_size = L2CAP_EXT_HDR_SIZE;
3115 else
3116 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3117
47d1ec61 3118 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 3119 skb_trim(skb, skb->len - 2);
3120 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3121 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3122
3123 if (our_fcs != rcv_fcs)
7a560e5c 3124 return -EBADMSG;
fcc203c3
GP		 3125 }
3126 return 0;
3127}
3128
525cd185 3129static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3130{
d5392c8f
GP		 3131 u16 control = 0;
3132
6a026610 3133 chan->frames_sent = 0;
d5392c8f 3134
0b209fae 3135 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3136
e2ab4353 3137 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3138 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3139 l2cap_send_sframe(chan, control);
e2ab4353 3140 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3141 }
3142
e2ab4353 3143 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3144 l2cap_retransmit_frames(chan);
d5392c8f 3145
525cd185 3146 l2cap_ertm_send(chan);
d5392c8f 3147
e2ab4353 3148 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3149 chan->frames_sent == 0) {
ab784b73 3150 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3151 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3152 }
3153}
3154
fb45de7d 3155static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3156{
3157 struct sk_buff *next_skb;
bfbacc11 3158 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3159
3160 bt_cb(skb)->tx_seq = tx_seq;
3161 bt_cb(skb)->sar = sar;
3162
f1c6775b 3163 next_skb = skb_peek(&chan->srej_q);
8f17154f 3164 if (!next_skb) {
f1c6775b 3165 __skb_queue_tail(&chan->srej_q, skb);
9b53350d 3166 return 0;
8f17154f
GP		 3167 }
3168
42e5c802 3169 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
bfbacc11
JPRV		 3170 if (tx_seq_offset < 0)
3171 tx_seq_offset += 64;
3172
8f17154f 3173 do {
9b53350d
JPRV		 3174 if (bt_cb(next_skb)->tx_seq == tx_seq)
3175 return -EINVAL;
3176
bfbacc11 3177 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
42e5c802 3178 chan->buffer_seq) % 64;
bfbacc11
JPRV		 3179 if (next_tx_seq_offset < 0)
3180 next_tx_seq_offset += 64;
3181
3182 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3183 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3184 return 0;
8f17154f
GP		 3185 }
3186
f1c6775b 3187 if (skb_queue_is_last(&chan->srej_q, next_skb))
8f17154f
GP		 3188 break;
3189
f1c6775b 3190 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
8f17154f 3191
f1c6775b 3192 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3193
3194 return 0;
8f17154f
GP		 3195}
3196
84084a31
MM		 3197static void append_skb_frag(struct sk_buff *skb,
3198 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3199{
84084a31
MM		 3200 /* skb->len reflects data in skb as well as all fragments
3201 * skb->data_len reflects only data in fragments
3202 */
3203 if (!skb_has_frag_list(skb))
3204 skb_shinfo(skb)->frag_list = new_frag;
3205
3206 new_frag->next = NULL;
3207
3208 (*last_frag)->next = new_frag;
3209 *last_frag = new_frag;
3210
3211 skb->len += new_frag->len;
3212 skb->data_len += new_frag->len;
3213 skb->truesize += new_frag->truesize;
3214}
3215
3216static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
3217{
3218 int err = -EINVAL;
18778a63 3219
7e0ef6ee
AE		 3220 switch (__get_ctrl_sar(chan, control)) {
3221 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3222 if (chan->sdu)
3223 break;
18778a63 3224
84084a31
MM		 3225 err = chan->ops->recv(chan->data, skb);
3226 break;
18778a63 3227
7e0ef6ee 3228 case L2CAP_SAR_START:
84084a31
MM		 3229 if (chan->sdu)
3230 break;
18778a63 3231
6f61fd47 3232 chan->sdu_len = get_unaligned_le16(skb->data);
84084a31 3233 skb_pull(skb, 2);
18778a63 3234
84084a31
MM		 3235 if (chan->sdu_len > chan->imtu) {
3236 err = -EMSGSIZE;
3237 break;
3238 }
1890d36b 3239
84084a31
MM		 3240 if (skb->len >= chan->sdu_len)
3241 break;
18778a63 3242
84084a31
MM		 3243 chan->sdu = skb;
3244 chan->sdu_last_frag = skb;
18778a63 3245
84084a31
MM		 3246 skb = NULL;
3247 err = 0;
18778a63
GP		 3248 break;
3249
7e0ef6ee 3250 case L2CAP_SAR_CONTINUE:
6f61fd47 3251 if (!chan->sdu)
84084a31 3252 break;
18778a63 3253
84084a31
MM		 3254 append_skb_frag(chan->sdu, skb,
3255 &chan->sdu_last_frag);
3256 skb = NULL;
18778a63 3257
84084a31
MM		 3258 if (chan->sdu->len >= chan->sdu_len)
3259 break;
4178ba46 3260
84084a31 3261 err = 0;
18778a63
GP		 3262 break;
3263
7e0ef6ee 3264 case L2CAP_SAR_END:
6f61fd47 3265 if (!chan->sdu)
84084a31 3266 break;
18778a63 3267
84084a31
MM		 3268 append_skb_frag(chan->sdu, skb,
3269 &chan->sdu_last_frag);
3270 skb = NULL;
4178ba46 3271
84084a31
MM		 3272 if (chan->sdu->len != chan->sdu_len)
3273 break;
18778a63 3274
84084a31 3275 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3276
84084a31
MM		 3277 if (!err) {
3278 /* Reassembly complete */
3279 chan->sdu = NULL;
3280 chan->sdu_last_frag = NULL;
3281 chan->sdu_len = 0;
1890d36b 3282 }
18778a63
GP		 3283 break;
3284 }
3285
84084a31
MM		 3286 if (err) {
3287 kfree_skb(skb);
3288 kfree_skb(chan->sdu);
3289 chan->sdu = NULL;
3290 chan->sdu_last_frag = NULL;
3291 chan->sdu_len = 0;
3292 }
18778a63 3293
84084a31 3294 return err;
18778a63
GP		 3295}
3296
26f880d2 3297static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3298{
712132eb 3299 u16 control;
712132eb 3300
26f880d2 3301 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3302
26f880d2
MM		 3303 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3304
0b209fae 3305 control = __set_reqseq(chan, chan->buffer_seq);
ab784b73 3306 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
26f880d2
MM		 3307 l2cap_send_sframe(chan, control);
3308
3309 set_bit(CONN_RNR_SENT, &chan->conn_state);
3310
3311 __clear_ack_timer(chan);
3312}
3313
3314static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3315{
3316 u16 control;
712132eb 3317
e2ab4353 3318 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3319 goto done;
3320
0b209fae 3321 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3322 control |= __set_ctrl_poll(chan);
ab784b73 3323 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3324 l2cap_send_sframe(chan, control);
6a026610 3325 chan->retry_count = 1;
712132eb 3326
1a09bcb9
GP		 3327 __clear_retrans_timer(chan);
3328 __set_monitor_timer(chan);
712132eb 3329
e2ab4353 3330 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3331
3332done:
e2ab4353
GP		 3333 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3334 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3335
49208c9c 3336 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3337}
3338
e328140f 3339void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3340{
e328140f
MM		 3341 if (chan->mode == L2CAP_MODE_ERTM) {
3342 if (busy)
3343 l2cap_ertm_enter_local_busy(chan);
3344 else
3345 l2cap_ertm_exit_local_busy(chan);
1890d36b 3346 }
1890d36b
GP		 3347}
3348
fb45de7d 3349static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3350{
3351 struct sk_buff *skb;
afefdbc4 3352 u16 control;
8f17154f 3353
e328140f
MM		 3354 while ((skb = skb_peek(&chan->srej_q)) &&
3355 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3356 int err;
3357
8f17154f
GP		 3358 if (bt_cb(skb)->tx_seq != tx_seq)
3359 break;
3360
f1c6775b 3361 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3362 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3363 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3364
3365 if (err < 0) {
3366 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3367 break;
3368 }
3369
42e5c802
GP		 3370 chan->buffer_seq_srej =
3371 (chan->buffer_seq_srej + 1) % 64;
8ff50ec0 3372 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3373 }
3374}
3375
fb45de7d 3376static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3377{
8f17154f
GP		 3378 struct srej_list *l, *tmp;
3379 u16 control;
3380
39d5a3ee 3381 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3382 if (l->tx_seq == tx_seq) {
3383 list_del(&l->list);
3384 kfree(l);
3385 return;
3386 }
ab784b73 3387 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3388 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3389 l2cap_send_sframe(chan, control);
8f17154f 3390 list_del(&l->list);
39d5a3ee 3391 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3392 }
3393}
3394
fb45de7d 3395static void l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3396{
8f17154f
GP		 3397 struct srej_list *new;
3398 u16 control;
3399
42e5c802 3400 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3401 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3402 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3403 l2cap_send_sframe(chan, control);
8f17154f
GP		 3404
3405 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
42e5c802
GP		 3406 new->tx_seq = chan->expected_tx_seq;
3407 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
39d5a3ee 3408 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3409 }
42e5c802 3410 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f
GP		 3411}
3412
525cd185 3413static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
1c2acffb 3414{
fb45de7d 3415 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3416 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3417 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3418 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3419 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3420 int err = 0;
3421
525cd185
GP		 3422 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3423 tx_seq, rx_control);
1c2acffb 3424
03f6715d 3425 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3426 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3427 __clear_monitor_timer(chan);
6a026610 3428 if (chan->unacked_frames > 0)
1a09bcb9 3429 __set_retrans_timer(chan);
e2ab4353 3430 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3431 }
3432
42e5c802
GP		 3433 chan->expected_ack_seq = req_seq;
3434 l2cap_drop_acked_frames(chan);
9f121a5a 3435
42e5c802 3436 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3437 if (tx_seq_offset < 0)
3438 tx_seq_offset += 64;
3439
3440 /* invalid tx_seq */
47d1ec61 3441 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3442 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3443 goto drop;
3444 }
3445
e2ab4353 3446 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1890d36b
GP		 3447 goto drop;
3448
02f1b641
MM		 3449 if (tx_seq == chan->expected_tx_seq)
3450 goto expected;
3451
e2ab4353 3452 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3453 struct srej_list *first;
30afb5b2 3454
39d5a3ee 3455 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3456 struct srej_list, list);
3457 if (tx_seq == first->tx_seq) {
42e5c802 3458 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3459 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3460
3461 list_del(&first->list);
3462 kfree(first);
3463
39d5a3ee 3464 if (list_empty(&chan->srej_l)) {
42e5c802 3465 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3466 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3467 l2cap_send_ack(chan);
49208c9c 3468 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3469 }
3470 } else {
3471 struct srej_list *l;
9b53350d
JPRV		 3472
3473 /* duplicated tx_seq */
42e5c802 3474 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3475 goto drop;
8f17154f 3476
39d5a3ee 3477 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3478 if (l->tx_seq == tx_seq) {
525cd185 3479 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3480 return 0;
3481 }
3482 }
525cd185 3483 l2cap_send_srejframe(chan, tx_seq);
30afb5b2
GP		 3484 }
3485 } else {
9b53350d 3486 expected_tx_seq_offset =
42e5c802 3487 (chan->expected_tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3488 if (expected_tx_seq_offset < 0)
3489 expected_tx_seq_offset += 64;
3490
3491 /* duplicated tx_seq */
3492 if (tx_seq_offset < expected_tx_seq_offset)
3493 goto drop;
3494
e2ab4353 3495 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3496
49208c9c 3497 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3498
39d5a3ee 3499 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3500 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3501
f1c6775b 3502 __skb_queue_head_init(&chan->srej_q);
42e5c802 3503 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3504
e2ab4353 3505 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 3506
525cd185 3507 l2cap_send_srejframe(chan, tx_seq);
7fe9b298 3508
1a09bcb9 3509 __clear_ack_timer(chan);
1c2acffb 3510 }
30afb5b2
GP		 3511 return 0;
3512
8f17154f 3513expected:
42e5c802 3514 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f 3515
e2ab4353 3516 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 3517 bt_cb(skb)->tx_seq = tx_seq;
3518 bt_cb(skb)->sar = sar;
f1c6775b 3519 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3520 return 0;
3521 }
3522
84084a31 3523 err = l2cap_reassemble_sdu(chan, skb, rx_control);
fadd192e 3524 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
e328140f
MM		 3525 if (err < 0) {
3526 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3527 return err;
3528 }
2ece3684 3529
03f6715d 3530 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3531 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3532 l2cap_retransmit_frames(chan);
4ec10d97
GP		 3533 }
3534
1a09bcb9 3535 __set_ack_timer(chan);
c1b4f43b 3536
6a026610
GP		 3537 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3538 if (chan->num_acked == num_to_ack - 1)
525cd185 3539 l2cap_send_ack(chan);
9e917af1 3540
8f17154f 3541 return 0;
9b53350d
JPRV		 3542
3543drop:
3544 kfree_skb(skb);
3545 return 0;
1c2acffb
GP		 3546}
3547
525cd185 3548static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
1c2acffb 3549{
0b209fae
AE		 3550 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan,
3551 __get_reqseq(chan, rx_control), rx_control);
0e98958d 3552
0b209fae 3553 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 3554 l2cap_drop_acked_frames(chan);
1c2acffb 3555
e3781735 3556 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 3557 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3558 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3559 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3560 (chan->unacked_frames > 0))
1a09bcb9 3561 __set_retrans_timer(chan);
05fbd89d 3562
e2ab4353 3563 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 3564 l2cap_send_srejtail(chan);
05fbd89d 3565 } else {
525cd185 3566 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 3567 }
1d8f5d16 3568
03f6715d 3569 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3570 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 3571
e2ab4353 3572 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3573 l2cap_retransmit_frames(chan);
2246b2f1 3574
e072745f 3575 } else {
e2ab4353 3576 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3577 (chan->unacked_frames > 0))
1a09bcb9 3578 __set_retrans_timer(chan);
1c2acffb 3579
e2ab4353
GP		 3580 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
3581 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 3582 l2cap_send_ack(chan);
894718a6 3583 else
525cd185 3584 l2cap_ertm_send(chan);
e072745f
GP		 3585 }
3586}
2246b2f1 3587
525cd185 3588static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3589{
0b209fae 3590 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 3591
525cd185 3592 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3593
e2ab4353 3594 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 3595
42e5c802
GP		 3596 chan->expected_ack_seq = tx_seq;
3597 l2cap_drop_acked_frames(chan);
e072745f 3598
03f6715d 3599 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3600 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3601 l2cap_retransmit_frames(chan);
e072745f 3602 } else {
525cd185 3603 l2cap_retransmit_frames(chan);
30afb5b2 3604
e2ab4353
GP		 3605 if (test_bit(CONN_WAIT_F, &chan->conn_state))
3606 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 3607 }
3608}
525cd185 3609static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3610{
0b209fae 3611 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 3612
525cd185 3613 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3614
e2ab4353 3615 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 3616
e3781735 3617 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 3618 chan->expected_ack_seq = tx_seq;
3619 l2cap_drop_acked_frames(chan);
3cb123d1 3620
e2ab4353 3621 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 3622 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 3623
525cd185 3624 l2cap_ertm_send(chan);
dfc909be 3625
e2ab4353 3626 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3627 chan->srej_save_reqseq = tx_seq;
e2ab4353 3628 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3629 }
03f6715d 3630 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 3631 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 3632 chan->srej_save_reqseq == tx_seq)
e2ab4353 3633 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 3634 else
525cd185 3635 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 3636 } else {
525cd185 3637 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 3638 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3639 chan->srej_save_reqseq = tx_seq;
e2ab4353 3640 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3641 }
e072745f
GP		 3642 }
3643}
3644
525cd185 3645static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3646{
0b209fae 3647 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 3648
525cd185 3649 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3650
e2ab4353 3651 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 3652 chan->expected_ack_seq = tx_seq;
3653 l2cap_drop_acked_frames(chan);
e072745f 3654
e3781735 3655 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 3656 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 3657
e2ab4353 3658 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 3659 __clear_retrans_timer(chan);
e3781735 3660 if (__is_ctrl_poll(chan, rx_control))
525cd185 3661 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 3662 return;
e072745f 3663 }
99b0d4b7 3664
e3781735 3665 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 3666 l2cap_send_srejtail(chan);
ab784b73
AE		 3667 } else {
3668 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
3669 l2cap_send_sframe(chan, rx_control);
3670 }
e072745f
GP		 3671}
3672
525cd185 3673static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
e072745f 3674{
525cd185 3675 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
e072745f 3676
03f6715d 3677 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3678 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3679 __clear_monitor_timer(chan);
6a026610 3680 if (chan->unacked_frames > 0)
1a09bcb9 3681 __set_retrans_timer(chan);
e2ab4353 3682 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 3683 }
3684
ab784b73
AE		 3685 switch (__get_ctrl_super(chan, rx_control)) {
3686 case L2CAP_SUPER_RR:
525cd185 3687 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 3688 break;
3689
ab784b73 3690 case L2CAP_SUPER_REJ:
525cd185 3691 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 3692 break;
2246b2f1 3693
ab784b73 3694 case L2CAP_SUPER_SREJ:
525cd185 3695 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 3696 break;
3697
ab784b73 3698 case L2CAP_SUPER_RNR:
525cd185 3699 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 3700 break;
3701 }
3702
faaebd19 3703 kfree_skb(skb);
1c2acffb
GP		 3704 return 0;
3705}
3706
218bb9df
GP		 3707static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3708{
525cd185 3709 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
218bb9df 3710 u16 control;
0b209fae 3711 u16 req_seq;
218bb9df
GP		 3712 int len, next_tx_seq_offset, req_seq_offset;
3713
3714 control = get_unaligned_le16(skb->data);
3715 skb_pull(skb, 2);
3716 len = skb->len;
3717
3718 /*
3719 * We can just drop the corrupted I-frame here.
3720 * Receiver will miss it and start proper recovery
3721 * procedures and ask retransmission.
3722 */
47d1ec61 3723 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 3724 goto drop;
3725
793c2f1c 3726 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
218bb9df
GP		 3727 len -= 2;
3728
47d1ec61 3729 if (chan->fcs == L2CAP_FCS_CRC16)
218bb9df
GP		 3730 len -= 2;
3731
47d1ec61 3732 if (len > chan->mps) {
8c1d787b 3733 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3734 goto drop;
3735 }
3736
0b209fae 3737 req_seq = __get_reqseq(chan, control);
42e5c802 3738 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3739 if (req_seq_offset < 0)
3740 req_seq_offset += 64;
3741
3742 next_tx_seq_offset =
42e5c802 3743 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3744 if (next_tx_seq_offset < 0)
3745 next_tx_seq_offset += 64;
3746
3747 /* check for invalid req-seq */
3748 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 3749 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3750 goto drop;
3751 }
3752
793c2f1c 3753 if (!__is_sframe(chan, control)) {
218bb9df 3754 if (len < 0) {
8c1d787b 3755 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3756 goto drop;
3757 }
3758
525cd185 3759 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 3760 } else {
3761 if (len != 0) {
3762 BT_ERR("%d", len);
8c1d787b 3763 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3764 goto drop;
3765 }
3766
525cd185 3767 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 3768 }
3769
3770 return 0;
3771
3772drop:
3773 kfree_skb(skb);
3774 return 0;
3775}
3776
1da177e4
LT		 3777static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3778{
48454079 3779 struct l2cap_chan *chan;
bf734843 3780 struct sock *sk = NULL;
51893f88 3781 u16 control;
fb45de7d 3782 u16 tx_seq;
218bb9df 3783 int len;
1da177e4 3784
baa7e1fa 3785 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 3786 if (!chan) {
1da177e4
LT		 3787 BT_DBG("unknown cid 0x%4.4x", cid);
3788 goto drop;
3789 }
3790
48454079 3791 sk = chan->sk;
6840ed07 3792
49208c9c 3793 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 3794
89bc500e 3795 if (chan->state != BT_CONNECTED)
1da177e4
LT		 3796 goto drop;
3797
0c1bc5c6 3798 switch (chan->mode) {
1c2acffb
GP		 3799 case L2CAP_MODE_BASIC:
3800 /* If socket recv buffers overflows we drop data here
3801 * which is *bad* because L2CAP has to be reliable.
3802 * But we don't have any other choice. L2CAP doesn't
3803 * provide flow control mechanism. */
1da177e4 3804
0c1bc5c6 3805 if (chan->imtu < skb->len)
1c2acffb 3806 goto drop;
1da177e4 3807
23070494 3808 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 3809 goto done;
3810 break;
3811
3812 case L2CAP_MODE_ERTM:
218bb9df
GP		 3813 if (!sock_owned_by_user(sk)) {
3814 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3815 } else {
218bb9df 3816 if (sk_add_backlog(sk, skb))
277ffbe3 3817 goto drop;
277ffbe3 3818 }
1c2acffb 3819
fcafde2e 3820 goto done;
1c2acffb 3821
6840ed07
GP		 3822 case L2CAP_MODE_STREAMING:
3823 control = get_unaligned_le16(skb->data);
3824 skb_pull(skb, 2);
3825 len = skb->len;
3826
47d1ec61 3827 if (l2cap_check_fcs(chan, skb))
26000089
GP		 3828 goto drop;
3829
7e0ef6ee 3830 if (__is_sar_start(chan, control))
6840ed07
GP		 3831 len -= 2;
3832
47d1ec61 3833 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 3834 len -= 2;
3835
793c2f1c 3836 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 3837 goto drop;
3838
fb45de7d 3839 tx_seq = __get_txseq(chan, control);
6840ed07 3840
84084a31
MM		 3841 if (chan->expected_tx_seq != tx_seq) {
3842 /* Frame(s) missing - must discard partial SDU */
3843 kfree_skb(chan->sdu);
3844 chan->sdu = NULL;
3845 chan->sdu_last_frag = NULL;
3846 chan->sdu_len = 0;
6840ed07 3847
84084a31
MM		 3848 /* TODO: Notify userland of missing data */
3849 }
3850
3851 chan->expected_tx_seq = (tx_seq + 1) % 64;
3852
3853 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
3854 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 3855
3856 goto done;
3857
1c2acffb 3858 default:
0c1bc5c6 3859 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 3860 break;
3861 }
1da177e4
LT		 3862
3863drop:
3864 kfree_skb(skb);
3865
3866done:
0139418c
MH		 3867 if (sk)
3868 bh_unlock_sock(sk);
3869
1da177e4
LT		 3870 return 0;
3871}
3872
8e036fc3 3873static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 3874{
6dcae1ea 3875 struct sock *sk = NULL;
23691d75 3876 struct l2cap_chan *chan;
1da177e4 3877
23691d75
GP		 3878 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3879 if (!chan)
1da177e4
LT		 3880 goto drop;
3881
23691d75
GP		 3882 sk = chan->sk;
3883
e0f0cb56
GP		 3884 bh_lock_sock(sk);
3885
1da177e4
LT		 3886 BT_DBG("sk %p, len %d", sk, skb->len);
3887
89bc500e 3888 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 3889 goto drop;
3890
e13e21dc 3891 if (chan->imtu < skb->len)
1da177e4
LT		 3892 goto drop;
3893
23070494 3894 if (!chan->ops->recv(chan->data, skb))
1da177e4
LT		 3895 goto done;
3896
3897drop:
3898 kfree_skb(skb);
3899
3900done:
af05b30b
GP		 3901 if (sk)
3902 bh_unlock_sock(sk);
1da177e4
LT		 3903 return 0;
3904}
3905
9f69bda6
GP		 3906static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3907{
6dcae1ea 3908 struct sock *sk = NULL;
23691d75 3909 struct l2cap_chan *chan;
9f69bda6 3910
23691d75
GP		 3911 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3912 if (!chan)
9f69bda6
GP		 3913 goto drop;
3914
23691d75
GP		 3915 sk = chan->sk;
3916
9f69bda6
GP		 3917 bh_lock_sock(sk);
3918
3919 BT_DBG("sk %p, len %d", sk, skb->len);
3920
89bc500e 3921 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 3922 goto drop;
3923
e13e21dc 3924 if (chan->imtu < skb->len)
9f69bda6
GP		 3925 goto drop;
3926
23070494 3927 if (!chan->ops->recv(chan->data, skb))
9f69bda6
GP		 3928 goto done;
3929
3930drop:
3931 kfree_skb(skb);
3932
3933done:
3934 if (sk)
3935 bh_unlock_sock(sk);
3936 return 0;
3937}
3938
1da177e4
LT		 3939static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3940{
3941 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3942 u16 cid, len;
3943 __le16 psm;
1da177e4
LT		 3944
3945 skb_pull(skb, L2CAP_HDR_SIZE);
3946 cid = __le16_to_cpu(lh->cid);
3947 len = __le16_to_cpu(lh->len);
3948
1c2acffb
GP		 3949 if (len != skb->len) {
3950 kfree_skb(skb);
3951 return;
3952 }
3953
1da177e4
LT		 3954 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3955
3956 switch (cid) {
3300d9a9 3957 case L2CAP_CID_LE_SIGNALING:
8db4dc46 3958 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3959 l2cap_sig_channel(conn, skb);
3960 break;
3961
8db4dc46 3962 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3963 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3964 skb_pull(skb, 2);
3965 l2cap_conless_channel(conn, psm, skb);
3966 break;
3967
9f69bda6
GP		 3968 case L2CAP_CID_LE_DATA:
3969 l2cap_att_channel(conn, cid, skb);
3970 break;
3971
b501d6a1
AB		 3972 case L2CAP_CID_SMP:
3973 if (smp_sig_channel(conn, skb))
3974 l2cap_conn_del(conn->hcon, EACCES);
3975 break;
3976
1da177e4
LT		 3977 default:
3978 l2cap_data_channel(conn, cid, skb);
3979 break;
3980 }
3981}
3982
3983/* ---- L2CAP interface with lower layer (HCI) ---- */
3984
3985static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3986{
3987 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 3988 struct l2cap_chan *c;
1da177e4
LT		 3989
3990 if (type != ACL_LINK)
963cf687 3991 return -EINVAL;
1da177e4
LT		 3992
3993 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3994
3995 /* Find listening sockets and check their link_mode */
23691d75
GP		 3996 read_lock(&chan_list_lock);
3997 list_for_each_entry(c, &chan_list, global_l) {
3998 struct sock *sk = c->sk;
4343478f 3999
89bc500e 4000 if (c->state != BT_LISTEN)
1da177e4
LT		 4001 continue;
4002
4003 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4004 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4005 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4006 lm1 |= HCI_LM_MASTER;
1da177e4 4007 exact++;
2af6b9d5
MH		 4008 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4009 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4010 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4011 lm2 |= HCI_LM_MASTER;
4012 }
1da177e4 4013 }
23691d75 4014 read_unlock(&chan_list_lock);
1da177e4
LT		 4015
4016 return exact ? lm1 : lm2;
4017}
4018
4019static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4020{
0139418c
MH		 4021 struct l2cap_conn *conn;
4022
1da177e4
LT		 4023 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4024
acd7d370 4025 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4026 return -EINVAL;
1da177e4
LT		 4027
4028 if (!status) {
1da177e4
LT		 4029 conn = l2cap_conn_add(hcon, status);
4030 if (conn)
4031 l2cap_conn_ready(conn);
0139418c 4032 } else
e175072f 4033 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4034
4035 return 0;
4036}
4037
2950f21a
MH		 4038static int l2cap_disconn_ind(struct hci_conn *hcon)
4039{
4040 struct l2cap_conn *conn = hcon->l2cap_data;
4041
4042 BT_DBG("hcon %p", hcon);
4043
b5694506 4044 if ((hcon->type != ACL_LINK && hcon->type != LE_LINK) || !conn)
2950f21a
MH		 4045 return 0x13;
4046
4047 return conn->disc_reason;
4048}
4049
4050static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4051{
4052 BT_DBG("hcon %p reason %d", hcon, reason);
4053
acd7d370 4054 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4055 return -EINVAL;
1da177e4 4056
e175072f 4057 l2cap_conn_del(hcon, bt_to_errno(reason));
0139418c 4058
1da177e4
LT		 4059 return 0;
4060}
4061
4343478f 4062static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4063{
715ec005 4064 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4065 return;
4066
f62e4323 4067 if (encrypt == 0x00) {
4343478f 4068 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675
GP		 4069 __clear_chan_timer(chan);
4070 __set_chan_timer(chan, HZ * 5);
4343478f 4071 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4072 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4073 } else {
4343478f 4074 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4075 __clear_chan_timer(chan);
f62e4323
MH		 4076 }
4077}
4078
8c1b2355 4079static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4080{
0139418c 4081 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4082 struct l2cap_chan *chan;
1da177e4 4083
0139418c 4084 if (!conn)
1da177e4 4085 return 0;
0139418c 4086
1da177e4
LT		 4087 BT_DBG("conn %p", conn);
4088
160dc6ac
VCG		 4089 if (hcon->type == LE_LINK) {
4090 smp_distribute_keys(conn, 0);
4091 del_timer(&conn->security_timer);
4092 }
4093
baa7e1fa 4094 read_lock(&conn->chan_lock);
1da177e4 4095
baa7e1fa 4096 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4097 struct sock *sk = chan->sk;
baa7e1fa 4098
1da177e4
LT		 4099 bh_lock_sock(sk);
4100
f1cb9af5
VCG		 4101 BT_DBG("chan->scid %d", chan->scid);
4102
4103 if (chan->scid == L2CAP_CID_LE_DATA) {
4104 if (!status && encrypt) {
4105 chan->sec_level = hcon->sec_level;
4106 l2cap_chan_ready(sk);
4107 }
4108
4109 bh_unlock_sock(sk);
4110 continue;
4111 }
4112
c1360a1c 4113 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6a8d3010
MH		 4114 bh_unlock_sock(sk);
4115 continue;
4116 }
4117
89bc500e
GP		 4118 if (!status && (chan->state == BT_CONNECTED ||
4119 chan->state == BT_CONFIG)) {
4343478f 4120 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4121 bh_unlock_sock(sk);
4122 continue;
4123 }
4124
89bc500e 4125 if (chan->state == BT_CONNECT) {
b1235d79
MH		 4126 if (!status) {
4127 struct l2cap_conn_req req;
fe4128e0
GP		 4128 req.scid = cpu_to_le16(chan->scid);
4129 req.psm = chan->psm;
1da177e4 4130
fc7f8a7e 4131 chan->ident = l2cap_get_ident(conn);
c1360a1c 4132 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4 4133
fc7f8a7e 4134 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4135 L2CAP_CONN_REQ, sizeof(req), &req);
4136 } else {
c9b66675
GP		 4137 __clear_chan_timer(chan);
4138 __set_chan_timer(chan, HZ / 10);
b1235d79 4139 }
89bc500e 4140 } else if (chan->state == BT_CONNECT2) {
b1235d79 4141 struct l2cap_conn_rsp rsp;
df3c3931 4142 __u16 res, stat;
1da177e4 4143
b1235d79 4144 if (!status) {
df3c3931
JH		 4145 if (bt_sk(sk)->defer_setup) {
4146 struct sock *parent = bt_sk(sk)->parent;
4147 res = L2CAP_CR_PEND;
4148 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4149 if (parent)
4150 parent->sk_data_ready(parent, 0);
df3c3931 4151 } else {
05558911 4152 l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4153 res = L2CAP_CR_SUCCESS;
4154 stat = L2CAP_CS_NO_INFO;
4155 }
b1235d79 4156 } else {
89bc500e 4157 l2cap_state_change(chan, BT_DISCONN);
c9b66675 4158 __set_chan_timer(chan, HZ / 10);
df3c3931
JH		 4159 res = L2CAP_CR_SEC_BLOCK;
4160 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4161 }
4162
fe4128e0
GP		 4163 rsp.scid = cpu_to_le16(chan->dcid);
4164 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4165 rsp.result = cpu_to_le16(res);
4166 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4167 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4168 sizeof(rsp), &rsp);
b1235d79 4169 }
1da177e4
LT		 4170
4171 bh_unlock_sock(sk);
4172 }
4173
baa7e1fa 4174 read_unlock(&conn->chan_lock);
b1235d79 4175
1da177e4
LT		 4176 return 0;
4177}
4178
4179static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4180{
4181 struct l2cap_conn *conn = hcon->l2cap_data;
4182
5a08ecce
AE		 4183 if (!conn)
4184 conn = l2cap_conn_add(hcon, 0);
4185
4186 if (!conn)
1da177e4
LT		 4187 goto drop;
4188
4189 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4190
e702112f 4191 if (!(flags & ACL_CONT)) {
1da177e4 4192 struct l2cap_hdr *hdr;
48454079 4193 struct l2cap_chan *chan;
89794813 4194 u16 cid;
1da177e4
LT		 4195 int len;
4196
4197 if (conn->rx_len) {
4198 BT_ERR("Unexpected start frame (len %d)", skb->len);
4199 kfree_skb(conn->rx_skb);
4200 conn->rx_skb = NULL;
4201 conn->rx_len = 0;
4202 l2cap_conn_unreliable(conn, ECOMM);
4203 }
4204
aae7fe22
AE		 4205 /* Start fragment always begin with Basic L2CAP header */
4206 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4207 BT_ERR("Frame is too short (len %d)", skb->len);
4208 l2cap_conn_unreliable(conn, ECOMM);
4209 goto drop;
4210 }
4211
4212 hdr = (struct l2cap_hdr *) skb->data;
4213 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4214 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4215
4216 if (len == skb->len) {
4217 /* Complete frame received */
4218 l2cap_recv_frame(conn, skb);
4219 return 0;
4220 }
4221
4222 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4223
4224 if (skb->len > len) {
4225 BT_ERR("Frame is too long (len %d, expected len %d)",
4226 skb->len, len);
4227 l2cap_conn_unreliable(conn, ECOMM);
4228 goto drop;
4229 }
4230
baa7e1fa 4231 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4232
48454079
GP		 4233 if (chan && chan->sk) {
4234 struct sock *sk = chan->sk;
89794813 4235
0c1bc5c6 4236 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4237 BT_ERR("Frame exceeding recv MTU (len %d, "
4238 "MTU %d)", len,
0c1bc5c6 4239 chan->imtu);
48454079
GP		 4240 bh_unlock_sock(sk);
4241 l2cap_conn_unreliable(conn, ECOMM);
4242 goto drop;
4243 }
89794813 4244 bh_unlock_sock(sk);
48454079 4245 }
89794813 4246
1da177e4 4247 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4248 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4249 if (!conn->rx_skb)
1da177e4
LT		 4250 goto drop;
4251
d626f62b 4252 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4253 skb->len);
1da177e4
LT		 4254 conn->rx_len = len - skb->len;
4255 } else {
4256 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4257
4258 if (!conn->rx_len) {
4259 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4260 l2cap_conn_unreliable(conn, ECOMM);
4261 goto drop;
4262 }
4263
4264 if (skb->len > conn->rx_len) {
4265 BT_ERR("Fragment is too long (len %d, expected %d)",
4266 skb->len, conn->rx_len);
4267 kfree_skb(conn->rx_skb);
4268 conn->rx_skb = NULL;
4269 conn->rx_len = 0;
4270 l2cap_conn_unreliable(conn, ECOMM);
4271 goto drop;
4272 }
4273
d626f62b 4274 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4275 skb->len);
1da177e4
LT		 4276 conn->rx_len -= skb->len;
4277
4278 if (!conn->rx_len) {
4279 /* Complete frame received */
4280 l2cap_recv_frame(conn, conn->rx_skb);
4281 conn->rx_skb = NULL;
4282 }
4283 }
4284
4285drop:
4286 kfree_skb(skb);
4287 return 0;
4288}
4289
aef7d97c 4290static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4291{
23691d75 4292 struct l2cap_chan *c;
1da177e4 4293
23691d75 4294 read_lock_bh(&chan_list_lock);
1da177e4 4295
23691d75
GP		 4296 list_for_each_entry(c, &chan_list, global_l) {
4297 struct sock *sk = c->sk;
101545f6 4298
903d343e 4299 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4300 batostr(&bt_sk(sk)->src),
4301 batostr(&bt_sk(sk)->dst),
89bc500e 4302 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4303 c->scid, c->dcid, c->imtu, c->omtu,
4304 c->sec_level, c->mode);
05558911 4305}
1da177e4 4306
23691d75 4307 read_unlock_bh(&chan_list_lock);
1da177e4 4308
aef7d97c 4309 return 0;
1da177e4
LT		 4310}
4311
aef7d97c
MH		 4312static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4313{
4314 return single_open(file, l2cap_debugfs_show, inode->i_private);
4315}
4316
4317static const struct file_operations l2cap_debugfs_fops = {
4318 .open = l2cap_debugfs_open,
4319 .read = seq_read,
4320 .llseek = seq_lseek,
4321 .release = single_release,
4322};
4323
4324static struct dentry *l2cap_debugfs;
1da177e4 4325
1da177e4
LT		 4326static struct hci_proto l2cap_hci_proto = {
4327 .name = "L2CAP",
4328 .id = HCI_PROTO_L2CAP,
4329 .connect_ind = l2cap_connect_ind,
4330 .connect_cfm = l2cap_connect_cfm,
4331 .disconn_ind = l2cap_disconn_ind,
2950f21a 4332 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 4333 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 4334 .recv_acldata = l2cap_recv_acldata
4335};
4336
64274518 4337int __init l2cap_init(void)
1da177e4
LT		 4338{
4339 int err;
be9d1227 4340
bb58f747 4341 err = l2cap_init_sockets();
1da177e4
LT		 4342 if (err < 0)
4343 return err;
4344
1da177e4
LT		 4345 err = hci_register_proto(&l2cap_hci_proto);
4346 if (err < 0) {
4347 BT_ERR("L2CAP protocol registration failed");
4348 bt_sock_unregister(BTPROTO_L2CAP);
4349 goto error;
4350 }
4351
aef7d97c
MH		 4352 if (bt_debugfs) {
4353 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4354 bt_debugfs, NULL, &l2cap_debugfs_fops);
4355 if (!l2cap_debugfs)
4356 BT_ERR("Failed to create L2CAP debug file");
4357 }
1da177e4 4358
1da177e4
LT		 4359 return 0;
4360
4361error:
bb58f747 4362 l2cap_cleanup_sockets();
1da177e4
LT		 4363 return err;
4364}
4365
64274518 4366void l2cap_exit(void)
1da177e4 4367{
aef7d97c 4368 debugfs_remove(l2cap_debugfs);
1da177e4 4369
1da177e4
LT		 4370 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4371 BT_ERR("L2CAP protocol unregistration failed");
4372
bb58f747 4373 l2cap_cleanup_sockets();
1da177e4
LT		 4374}
4375
d1c4a17d
GP		 4376module_param(disable_ertm, bool, 0644);
4377MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
a5fd6f30
AE		 4378
4379module_param(enable_hs, bool, 0644);
4380MODULE_PARM_DESC(enable_hs, "Enable High Speed");
kernel source for telekom puls (alcatel/mediatek)