projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix extra conversion to __le32
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
eb939922 59bool disable_ertm;
f0709e03 60
47ec1dcd 61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 62static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 63
b5ad8b7f
JB		 64static LIST_HEAD(chan_list);
65static DEFINE_RWLOCK(chan_list_lock);
1da177e4 66
1da177e4
LT		 67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 69static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
70 void *data);
710f9b0a 71static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 72static void l2cap_send_disconn_req(struct l2cap_conn *conn,
73 struct l2cap_chan *chan, int err);
1da177e4 74
0139418c 75/* ---- L2CAP channels ---- */
71ba0e56 76
baa7e1fa 77static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 78{
3df91ea2 79 struct l2cap_chan *c;
3d57dc68 80
3df91ea2
AE		 81 list_for_each_entry(c, &conn->chan_l, list) {
82 if (c->dcid == cid)
83 return c;
0139418c 84 }
3df91ea2 85 return NULL;
0139418c
MH		 86}
87
baa7e1fa 88static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 89{
3df91ea2 90 struct l2cap_chan *c;
3d57dc68 91
3df91ea2
AE		 92 list_for_each_entry(c, &conn->chan_l, list) {
93 if (c->scid == cid)
94 return c;
0139418c 95 }
3df91ea2 96 return NULL;
0139418c
MH		 97}
98
99/* Find channel with given SCID.
100 * Returns locked socket */
baa7e1fa 101static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 102{
48454079 103 struct l2cap_chan *c;
baa7e1fa 104
3df91ea2 105 mutex_lock(&conn->chan_lock);
baa7e1fa 106 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 107 mutex_unlock(&conn->chan_lock);
108
48454079 109 return c;
0139418c
MH		 110}
111
baa7e1fa 112static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 113{
3df91ea2 114 struct l2cap_chan *c;
3d57dc68 115
3df91ea2
AE		 116 list_for_each_entry(c, &conn->chan_l, list) {
117 if (c->ident == ident)
118 return c;
0139418c 119 }
3df91ea2 120 return NULL;
0139418c
MH		 121}
122
baa7e1fa 123static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 124{
48454079 125 struct l2cap_chan *c;
baa7e1fa 126
3df91ea2 127 mutex_lock(&conn->chan_lock);
baa7e1fa 128 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 129 mutex_unlock(&conn->chan_lock);
130
48454079 131 return c;
0139418c
MH		 132}
133
23691d75 134static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 135{
23691d75 136 struct l2cap_chan *c;
9e4425ff 137
23691d75
GP		 138 list_for_each_entry(c, &chan_list, global_l) {
139 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 140 return c;
9e4425ff 141 }
250938cb 142 return NULL;
9e4425ff
GP		 143}
144
145int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
146{
73b2ec18
GP		 147 int err;
148
333055f2 149 write_lock(&chan_list_lock);
9e4425ff 150
23691d75 151 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 152 err = -EADDRINUSE;
153 goto done;
9e4425ff
GP		 154 }
155
73b2ec18
GP		 156 if (psm) {
157 chan->psm = psm;
158 chan->sport = psm;
159 err = 0;
160 } else {
161 u16 p;
162
163 err = -EINVAL;
164 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 165 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 166 chan->psm = cpu_to_le16(p);
167 chan->sport = cpu_to_le16(p);
168 err = 0;
169 break;
170 }
171 }
9e4425ff 172
73b2ec18 173done:
333055f2 174 write_unlock(&chan_list_lock);
73b2ec18 175 return err;
9e4425ff
GP		 176}
177
178int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
179{
333055f2 180 write_lock(&chan_list_lock);
9e4425ff
GP		 181
182 chan->scid = scid;
183
333055f2 184 write_unlock(&chan_list_lock);
9e4425ff
GP		 185
186 return 0;
187}
188
baa7e1fa 189static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 190{
8db4dc46 191 u16 cid = L2CAP_CID_DYN_START;
0139418c 192
8db4dc46 193 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 194 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 195 return cid;
196 }
197
198 return 0;
199}
200
0e587be7 201static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 202{
42d2d87c 203 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 204 state_to_string(state));
205
89bc500e
GP		 206 chan->state = state;
207 chan->ops->state_change(chan->data, state);
208}
209
0e587be7
AE		 210static void l2cap_state_change(struct l2cap_chan *chan, int state)
211{
212 struct sock *sk = chan->sk;
213
214 lock_sock(sk);
215 __l2cap_state_change(chan, state);
216 release_sock(sk);
217}
218
2e0052e4
AE		 219static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
220{
221 struct sock *sk = chan->sk;
222
223 sk->sk_err = err;
224}
225
226static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
227{
228 struct sock *sk = chan->sk;
229
230 lock_sock(sk);
231 __l2cap_chan_set_err(chan, err);
232 release_sock(sk);
233}
234
721c4181 235static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 236{
721c4181
GP		 237 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
238 chan_timer.work);
3df91ea2 239 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 240 int reason;
241
e05dcc32 242 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 243
3df91ea2 244 mutex_lock(&conn->chan_lock);
6be36555 245 l2cap_chan_lock(chan);
ab07801d 246
89bc500e 247 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 248 reason = ECONNREFUSED;
89bc500e 249 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 250 chan->sec_level != BT_SECURITY_SDP)
251 reason = ECONNREFUSED;
252 else
253 reason = ETIMEDOUT;
254
0f852724 255 l2cap_chan_close(chan, reason);
ab07801d 256
6be36555 257 l2cap_chan_unlock(chan);
ab07801d 258
ba3bd0ee 259 chan->ops->close(chan->data);
3df91ea2
AE		 260 mutex_unlock(&conn->chan_lock);
261
371fd835 262 l2cap_chan_put(chan);
ab07801d
GP		 263}
264
23691d75 265struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 266{
267 struct l2cap_chan *chan;
268
269 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
270 if (!chan)
271 return NULL;
272
c03b355e
AE		 273 mutex_init(&chan->lock);
274
48454079
GP		 275 chan->sk = sk;
276
333055f2 277 write_lock(&chan_list_lock);
23691d75 278 list_add(&chan->global_l, &chan_list);
333055f2 279 write_unlock(&chan_list_lock);
23691d75 280
721c4181 281 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 282
89bc500e
GP		 283 chan->state = BT_OPEN;
284
71ba0e56
GP		 285 atomic_set(&chan->refcnt, 1);
286
abc545b8
SJ		 287 BT_DBG("sk %p chan %p", sk, chan);
288
48454079
GP		 289 return chan;
290}
291
23691d75 292void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 293{
333055f2 294 write_lock(&chan_list_lock);
23691d75 295 list_del(&chan->global_l);
333055f2 296 write_unlock(&chan_list_lock);
23691d75 297
371fd835 298 l2cap_chan_put(chan);
6ff5abbf
GP		 299}
300
643162a8 301void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 302{
af05b30b 303 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 304 chan->psm, chan->dcid);
0139418c 305
9f5a0d7b 306 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 307
8c1d787b 308 chan->conn = conn;
0139418c 309
5491120e
AE		 310 switch (chan->chan_type) {
311 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 312 if (conn->hcon->type == LE_LINK) {
313 /* LE connection */
0c1bc5c6 314 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 315 chan->scid = L2CAP_CID_LE_DATA;
316 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 317 } else {
318 /* Alloc CID for connection-oriented socket */
fe4128e0 319 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 320 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 321 }
5491120e
AE		 322 break;
323
324 case L2CAP_CHAN_CONN_LESS:
0139418c 325 /* Connectionless socket */
fe4128e0
GP		 326 chan->scid = L2CAP_CID_CONN_LESS;
327 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 328 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 329 break;
330
331 default:
0139418c 332 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 333 chan->scid = L2CAP_CID_SIGNALING;
334 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 335 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 336 }
337
8f7975b1
AE		 338 chan->local_id = L2CAP_BESTEFFORT_ID;
339 chan->local_stype = L2CAP_SERV_BESTEFFORT;
340 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
341 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
342 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
343 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
344
371fd835 345 l2cap_chan_hold(chan);
baa7e1fa 346
3df91ea2 347 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 348}
349
350void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
351{
352 mutex_lock(&conn->chan_lock);
353 __l2cap_chan_add(conn, chan);
3df91ea2 354 mutex_unlock(&conn->chan_lock);
0139418c
MH		 355}
356
4519de9a 357static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 358{
48454079 359 struct sock *sk = chan->sk;
8c1d787b 360 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 361 struct sock *parent = bt_sk(sk)->parent;
362
c9b66675 363 __clear_chan_timer(chan);
0139418c 364
49208c9c 365 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 366
8e87d142 367 if (conn) {
baa7e1fa 368 /* Delete from channel list */
3df91ea2 369 list_del(&chan->list);
3d57dc68 370
371fd835 371 l2cap_chan_put(chan);
baa7e1fa 372
8c1d787b 373 chan->conn = NULL;
0139418c
MH		 374 hci_conn_put(conn->hcon);
375 }
376
6be36555
AE		 377 lock_sock(sk);
378
0e587be7 379 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 380 sock_set_flag(sk, SOCK_ZAPPED);
381
382 if (err)
2e0052e4 383 __l2cap_chan_set_err(chan, err);
0139418c
MH		 384
385 if (parent) {
386 bt_accept_unlink(sk);
387 parent->sk_data_ready(parent, 0);
388 } else
389 sk->sk_state_change(sk);
c13ffa62 390
6be36555
AE		 391 release_sock(sk);
392
c1360a1c
GP		 393 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
394 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 395 return;
2ead70b8 396
58d35f87 397 skb_queue_purge(&chan->tx_q);
c13ffa62 398
0c1bc5c6 399 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 400 struct srej_list *l, *tmp;
401
1a09bcb9
GP		 402 __clear_retrans_timer(chan);
403 __clear_monitor_timer(chan);
404 __clear_ack_timer(chan);
c13ffa62 405
f1c6775b 406 skb_queue_purge(&chan->srej_q);
c13ffa62 407
39d5a3ee 408 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 409 list_del(&l->list);
410 kfree(l);
411 }
412 }
0139418c
MH		 413}
414
4519de9a
GP		 415static void l2cap_chan_cleanup_listen(struct sock *parent)
416{
417 struct sock *sk;
418
419 BT_DBG("parent %p", parent);
420
421 /* Close not yet accepted channels */
0f852724 422 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 423 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 424
6be36555 425 l2cap_chan_lock(chan);
c9b66675 426 __clear_chan_timer(chan);
ba3bd0ee 427 l2cap_chan_close(chan, ECONNRESET);
6be36555 428 l2cap_chan_unlock(chan);
3df91ea2 429
ba3bd0ee 430 chan->ops->close(chan->data);
0f852724 431 }
4519de9a
GP		 432}
433
0f852724 434void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 435{
436 struct l2cap_conn *conn = chan->conn;
437 struct sock *sk = chan->sk;
438
e05dcc32
AE		 439 BT_DBG("chan %p state %s sk %p", chan,
440 state_to_string(chan->state), sk);
4519de9a 441
89bc500e 442 switch (chan->state) {
4519de9a 443 case BT_LISTEN:
6be36555 444 lock_sock(sk);
4519de9a 445 l2cap_chan_cleanup_listen(sk);
89bc500e 446
0e587be7 447 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 448 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 449 release_sock(sk);
4519de9a
GP		 450 break;
451
452 case BT_CONNECTED:
453 case BT_CONFIG:
715ec005 454 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 455 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 456 __clear_chan_timer(chan);
457 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 458 l2cap_send_disconn_req(conn, chan, reason);
459 } else
460 l2cap_chan_del(chan, reason);
461 break;
462
463 case BT_CONNECT2:
715ec005 464 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 465 conn->hcon->type == ACL_LINK) {
466 struct l2cap_conn_rsp rsp;
467 __u16 result;
468
469 if (bt_sk(sk)->defer_setup)
470 result = L2CAP_CR_SEC_BLOCK;
471 else
472 result = L2CAP_CR_BAD_PSM;
89bc500e 473 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 474
475 rsp.scid = cpu_to_le16(chan->dcid);
476 rsp.dcid = cpu_to_le16(chan->scid);
477 rsp.result = cpu_to_le16(result);
478 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
479 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
480 sizeof(rsp), &rsp);
481 }
482
483 l2cap_chan_del(chan, reason);
484 break;
485
486 case BT_CONNECT:
487 case BT_DISCONN:
488 l2cap_chan_del(chan, reason);
489 break;
490
491 default:
6be36555 492 lock_sock(sk);
4519de9a 493 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 494 release_sock(sk);
4519de9a
GP		 495 break;
496 }
497}
498
4343478f 499static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 500{
715ec005 501 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 502 switch (chan->sec_level) {
8556edd3
JH		 503 case BT_SECURITY_HIGH:
504 return HCI_AT_DEDICATED_BONDING_MITM;
505 case BT_SECURITY_MEDIUM:
506 return HCI_AT_DEDICATED_BONDING;
507 default:
508 return HCI_AT_NO_BONDING;
509 }
fe4128e0 510 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 511 if (chan->sec_level == BT_SECURITY_LOW)
512 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 513
4343478f 514 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 515 return HCI_AT_NO_BONDING_MITM;
00ae4af9 516 else
8556edd3 517 return HCI_AT_NO_BONDING;
00ae4af9 518 } else {
4343478f 519 switch (chan->sec_level) {
00ae4af9 520 case BT_SECURITY_HIGH:
8556edd3 521 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 522 case BT_SECURITY_MEDIUM:
8556edd3 523 return HCI_AT_GENERAL_BONDING;
00ae4af9 524 default:
8556edd3 525 return HCI_AT_NO_BONDING;
00ae4af9 526 }
0684e5f9 527 }
8556edd3
JH		 528}
529
530/* Service level security */
d45fc423 531int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 532{
8c1d787b 533 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 534 __u8 auth_type;
535
4343478f 536 auth_type = l2cap_get_auth_type(chan);
79d554a6 537
4343478f 538 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 539}
540
b5ad8b7f 541static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 542{
543 u8 id;
544
545 /* Get next available identificator.
546 * 1 - 128 are used by kernel.
547 * 129 - 199 are reserved.
548 * 200 - 254 are used by utilities like l2ping, etc.
549 */
550
333055f2 551 spin_lock(&conn->lock);
4e8402a3
MH		 552
553 if (++conn->tx_ident > 128)
554 conn->tx_ident = 1;
555
556 id = conn->tx_ident;
557
333055f2 558 spin_unlock(&conn->lock);
4e8402a3
MH		 559
560 return id;
561}
562
4519de9a 563static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 564{
565 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 566 u8 flags;
4e8402a3
MH		 567
568 BT_DBG("code 0x%2.2x", code);
569
570 if (!skb)
9a9c6a34 571 return;
4e8402a3 572
e702112f
AE		 573 if (lmp_no_flush_capable(conn->hcon->hdev))
574 flags = ACL_START_NO_FLUSH;
575 else
576 flags = ACL_START;
577
14b12d0b 578 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 579 skb->priority = HCI_PRIO_MAX;
14b12d0b 580
73d80deb
LAD		 581 hci_send_acl(conn->hchan, skb, flags);
582}
583
584static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
585{
586 struct hci_conn *hcon = chan->conn->hcon;
587 u16 flags;
588
589 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
590 skb->priority);
591
592 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
593 lmp_no_flush_capable(hcon->hdev))
594 flags = ACL_START_NO_FLUSH;
595 else
596 flags = ACL_START;
14b12d0b 597
73d80deb
LAD		 598 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
599 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 600}
601
88843ab0 602static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 603{
604 struct sk_buff *skb;
605 struct l2cap_hdr *lh;
8c1d787b 606 struct l2cap_conn *conn = chan->conn;
e4ca6d98 607 int count, hlen;
fcc203c3 608
89bc500e 609 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 610 return;
611
e4ca6d98
AE		 612 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
613 hlen = L2CAP_EXT_HDR_SIZE;
614 else
615 hlen = L2CAP_ENH_HDR_SIZE;
616
47d1ec61 617 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 618 hlen += L2CAP_FCS_SIZE;
1c2acffb 619
88843ab0 620 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 621
fcc203c3 622 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 623
624 control |= __set_sframe(chan);
1c2acffb 625
e2ab4353 626 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 627 control |= __set_ctrl_final(chan);
9e917af1 628
e2ab4353 629 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 630 control |= __set_ctrl_poll(chan);
f0946ccf 631
1c2acffb
GP		 632 skb = bt_skb_alloc(count, GFP_ATOMIC);
633 if (!skb)
9a9c6a34 634 return;
1c2acffb
GP		 635
636 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 637 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 638 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 639
640 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 641
47d1ec61 642 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 643 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
644 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 645 }
646
73d80deb
LAD		 647 skb->priority = HCI_PRIO_MAX;
648 l2cap_do_send(chan, skb);
1c2acffb
GP		 649}
650
88843ab0 651static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 652{
e2ab4353 653 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 654 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 655 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 656 } else
ab784b73 657 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 658
0b209fae 659 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 660
525cd185 661 l2cap_send_sframe(chan, control);
7e743090
GP		 662}
663
b4450035 664static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 665{
c1360a1c 666 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 667}
668
9b27f350
AE		 669static void l2cap_send_conn_req(struct l2cap_chan *chan)
670{
671 struct l2cap_conn *conn = chan->conn;
672 struct l2cap_conn_req req;
673
674 req.scid = cpu_to_le16(chan->scid);
675 req.psm = chan->psm;
676
677 chan->ident = l2cap_get_ident(conn);
678
679 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
680
681 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
682}
683
fc7f8a7e 684static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 685{
8c1d787b 686 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 687
688 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 689 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
690 return;
691
d45fc423 692 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 693 __l2cap_no_conn_pending(chan))
694 l2cap_send_conn_req(chan);
79d554a6
MH		 695 } else {
696 struct l2cap_info_req req;
697 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
698
699 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
700 conn->info_ident = l2cap_get_ident(conn);
701
ba13ccd9 702 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 703
704 l2cap_send_cmd(conn, conn->info_ident,
705 L2CAP_INFO_REQ, sizeof(req), &req);
706 }
707}
708
cf6c2c0b
GP		 709static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
710{
711 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 712 if (!disable_ertm)
cf6c2c0b
GP		 713 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
714
715 switch (mode) {
716 case L2CAP_MODE_ERTM:
717 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
718 case L2CAP_MODE_STREAMING:
719 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
720 default:
721 return 0x00;
722 }
723}
724
4519de9a 725static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 726{
6be36555 727 struct sock *sk = chan->sk;
22121fc9
GP		 728 struct l2cap_disconn_req req;
729
c13ffa62
GP		 730 if (!conn)
731 return;
732
0c1bc5c6 733 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 734 __clear_retrans_timer(chan);
735 __clear_monitor_timer(chan);
736 __clear_ack_timer(chan);
c13ffa62
GP		 737 }
738
fe4128e0
GP		 739 req.dcid = cpu_to_le16(chan->dcid);
740 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 741 l2cap_send_cmd(conn, l2cap_get_ident(conn),
742 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 743
6be36555 744 lock_sock(sk);
0e587be7 745 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 746 __l2cap_chan_set_err(chan, err);
6be36555 747 release_sock(sk);
22121fc9
GP		 748}
749
1da177e4 750/* ---- L2CAP connections ---- */
4e8402a3
MH		 751static void l2cap_conn_start(struct l2cap_conn *conn)
752{
3df91ea2 753 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 754
755 BT_DBG("conn %p", conn);
756
3df91ea2 757 mutex_lock(&conn->chan_lock);
4e8402a3 758
3df91ea2 759 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 760 struct sock *sk = chan->sk;
baa7e1fa 761
6be36555 762 l2cap_chan_lock(chan);
4e8402a3 763
715ec005 764 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 765 l2cap_chan_unlock(chan);
79d554a6
MH		 766 continue;
767 }
768
89bc500e 769 if (chan->state == BT_CONNECT) {
d45fc423 770 if (!l2cap_chan_check_security(chan) ||
b4450035 771 !__l2cap_no_conn_pending(chan)) {
6be36555 772 l2cap_chan_unlock(chan);
47731de7
GP		 773 continue;
774 }
79d554a6 775
c1360a1c
GP		 776 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
777 && test_bit(CONF_STATE2_DEVICE,
778 &chan->conf_state)) {
89bc500e 779 l2cap_chan_close(chan, ECONNRESET);
6be36555 780 l2cap_chan_unlock(chan);
47731de7 781 continue;
b1235d79 782 }
47731de7 783
9b27f350 784 l2cap_send_conn_req(chan);
47731de7 785
89bc500e 786 } else if (chan->state == BT_CONNECT2) {
79d554a6 787 struct l2cap_conn_rsp rsp;
e9aeb2dd 788 char buf[128];
fe4128e0
GP		 789 rsp.scid = cpu_to_le16(chan->dcid);
790 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 791
d45fc423 792 if (l2cap_chan_check_security(chan)) {
6be36555 793 lock_sock(sk);
f66dc81f
MH		 794 if (bt_sk(sk)->defer_setup) {
795 struct sock *parent = bt_sk(sk)->parent;
796 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
797 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 798 if (parent)
799 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 800
801 } else {
0e587be7 802 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 803 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
804 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
805 }
6be36555 806 release_sock(sk);
79d554a6
MH		 807 } else {
808 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
809 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
810 }
811
fc7f8a7e
GP		 812 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
813 sizeof(rsp), &rsp);
e9aeb2dd 814
c1360a1c 815 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 816 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 817 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 818 continue;
819 }
820
c1360a1c 821 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 822 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 823 l2cap_build_conf_req(chan, buf), buf);
824 chan->num_conf_req++;
4e8402a3
MH		 825 }
826
6be36555 827 l2cap_chan_unlock(chan);
4e8402a3
MH		 828 }
829
3df91ea2 830 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 831}
832
b62f328b
VT		 833/* Find socket with cid and source bdaddr.
834 * Returns closest match, locked.
835 */
23691d75 836static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 837{
23691d75 838 struct l2cap_chan *c, *c1 = NULL;
b62f328b 839
23691d75 840 read_lock(&chan_list_lock);
b62f328b 841
23691d75
GP		 842 list_for_each_entry(c, &chan_list, global_l) {
843 struct sock *sk = c->sk;
fe4128e0 844
89bc500e 845 if (state && c->state != state)
b62f328b
VT		 846 continue;
847
23691d75 848 if (c->scid == cid) {
b62f328b 849 /* Exact match. */
23691d75
GP		 850 if (!bacmp(&bt_sk(sk)->src, src)) {
851 read_unlock(&chan_list_lock);
852 return c;
853 }
b62f328b
VT		 854
855 /* Closest match */
856 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 857 c1 = c;
b62f328b
VT		 858 }
859 }
280f294f 860
23691d75 861 read_unlock(&chan_list_lock);
b62f328b 862
23691d75 863 return c1;
b62f328b
VT		 864}
865
866static void l2cap_le_conn_ready(struct l2cap_conn *conn)
867{
c916fbe4 868 struct sock *parent, *sk;
23691d75 869 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 870
871 BT_DBG("");
872
873 /* Check if we have socket listening on cid */
23691d75 874 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 875 conn->src);
23691d75 876 if (!pchan)
b62f328b
VT		 877 return;
878
23691d75
GP		 879 parent = pchan->sk;
880
aa2ac881 881 lock_sock(parent);
62f3a2cf 882
b62f328b
VT		 883 /* Check for backlog size */
884 if (sk_acceptq_is_full(parent)) {
885 BT_DBG("backlog full %d", parent->sk_ack_backlog);
886 goto clean;
887 }
888
80808e43
GP		 889 chan = pchan->ops->new_connection(pchan->data);
890 if (!chan)
b62f328b
VT		 891 goto clean;
892
80808e43 893 sk = chan->sk;
5d41ce1d 894
b62f328b
VT		 895 hci_conn_hold(conn->hcon);
896
b62f328b
VT		 897 bacpy(&bt_sk(sk)->src, conn->src);
898 bacpy(&bt_sk(sk)->dst, conn->dst);
899
d1010240
GP		 900 bt_accept_enqueue(parent, sk);
901
3d57dc68 902 l2cap_chan_add(conn, chan);
48454079 903
c9b66675 904 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 905
0e587be7 906 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 907 parent->sk_data_ready(parent, 0);
908
b62f328b 909clean:
aa2ac881 910 release_sock(parent);
b62f328b
VT		 911}
912
cf4cd009 913static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 914{
cf4cd009 915 struct sock *sk = chan->sk;
6be36555
AE		 916 struct sock *parent;
917
918 lock_sock(sk);
919
920 parent = bt_sk(sk)->parent;
f1cb9af5
VCG		 921
922 BT_DBG("sk %p, parent %p", sk, parent);
923
924 chan->conf_state = 0;
925 __clear_chan_timer(chan);
926
0e587be7 927 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 928 sk->sk_state_change(sk);
929
930 if (parent)
931 parent->sk_data_ready(parent, 0);
6be36555
AE		 932
933 release_sock(sk);
f1cb9af5
VCG		 934}
935
4e8402a3
MH		 936static void l2cap_conn_ready(struct l2cap_conn *conn)
937{
48454079 938 struct l2cap_chan *chan;
4e8402a3 939
79d554a6 940 BT_DBG("conn %p", conn);
4e8402a3 941
b62f328b
VT		 942 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
943 l2cap_le_conn_ready(conn);
944
160dc6ac
VCG		 945 if (conn->hcon->out && conn->hcon->type == LE_LINK)
946 smp_conn_security(conn, conn->hcon->pending_sec_level);
947
3df91ea2 948 mutex_lock(&conn->chan_lock);
4e8402a3 949
3df91ea2 950 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 951
6be36555 952 l2cap_chan_lock(chan);
4e8402a3 953
63128451 954 if (conn->hcon->type == LE_LINK) {
b501d6a1 955 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 956 l2cap_chan_ready(chan);
acd7d370 957
63128451 958 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 959 struct sock *sk = chan->sk;
c9b66675 960 __clear_chan_timer(chan);
6be36555 961 lock_sock(sk);
0e587be7 962 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 963 sk->sk_state_change(sk);
6be36555 964 release_sock(sk);
b501d6a1 965
89bc500e 966 } else if (chan->state == BT_CONNECT)
fc7f8a7e 967 l2cap_do_start(chan);
4e8402a3 968
6be36555 969 l2cap_chan_unlock(chan);
4e8402a3 970 }
79d554a6 971
3df91ea2 972 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 973}
974
975/* Notify sockets that we cannot guaranty reliability anymore */
976static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
977{
48454079 978 struct l2cap_chan *chan;
4e8402a3
MH		 979
980 BT_DBG("conn %p", conn);
981
3df91ea2 982 mutex_lock(&conn->chan_lock);
4e8402a3 983
3df91ea2 984 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 985 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 986 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 987 }
988
3df91ea2 989 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 990}
991
f878fcad 992static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 993{
f878fcad 994 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 995 info_timer.work);
4e8402a3 996
984947dc 997 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 998 conn->info_ident = 0;
984947dc 999
4e8402a3
MH		 1000 l2cap_conn_start(conn);
1001}
1002
5d3de7df
VCG		 1003static void l2cap_conn_del(struct hci_conn *hcon, int err)
1004{
1005 struct l2cap_conn *conn = hcon->l2cap_data;
1006 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1007
1008 if (!conn)
1009 return;
1010
1011 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1012
1013 kfree_skb(conn->rx_skb);
1014
3df91ea2
AE		 1015 mutex_lock(&conn->chan_lock);
1016
5d3de7df
VCG		 1017 /* Kill channels */
1018 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
6be36555
AE		 1019 l2cap_chan_lock(chan);
1020
5d3de7df 1021 l2cap_chan_del(chan, err);
6be36555
AE		 1022
1023 l2cap_chan_unlock(chan);
1024
5d3de7df
VCG		 1025 chan->ops->close(chan->data);
1026 }
1027
3df91ea2
AE		 1028 mutex_unlock(&conn->chan_lock);
1029
73d80deb
LAD		 1030 hci_chan_del(conn->hchan);
1031
5d3de7df 1032 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1033 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1034
51a8efd7 1035 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1036 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1037 smp_chan_destroy(conn);
d26a2345 1038 }
5d3de7df
VCG		 1039
1040 hcon->l2cap_data = NULL;
1041 kfree(conn);
1042}
1043
6c9d42a1 1044static void security_timeout(struct work_struct *work)
5d3de7df 1045{
6c9d42a1
GP		 1046 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1047 security_timer.work);
5d3de7df
VCG		 1048
1049 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1050}
1051
1da177e4
LT		 1052static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1053{
0139418c 1054 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1055 struct hci_chan *hchan;
1da177e4 1056
0139418c 1057 if (conn || status)
1da177e4
LT		 1058 return conn;
1059
73d80deb
LAD		 1060 hchan = hci_chan_create(hcon);
1061 if (!hchan)
1062 return NULL;
1063
0139418c 1064 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1065 if (!conn) {
1066 hci_chan_del(hchan);
1da177e4 1067 return NULL;
73d80deb 1068 }
1da177e4
LT		 1069
1070 hcon->l2cap_data = conn;
1071 conn->hcon = hcon;
73d80deb 1072 conn->hchan = hchan;
1da177e4 1073
73d80deb 1074 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1075
acd7d370
VT		 1076 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1077 conn->mtu = hcon->hdev->le_mtu;
1078 else
1079 conn->mtu = hcon->hdev->acl_mtu;
1080
1da177e4
LT		 1081 conn->src = &hcon->hdev->bdaddr;
1082 conn->dst = &hcon->dst;
1083
4e8402a3
MH		 1084 conn->feat_mask = 0;
1085
1da177e4 1086 spin_lock_init(&conn->lock);
3df91ea2 1087 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1088
1089 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1090
5d3de7df 1091 if (hcon->type == LE_LINK)
6c9d42a1 1092 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1093 else
030013d8 1094 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1095
9f5a0d7b 1096 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1097
1da177e4
LT		 1098 return conn;
1099}
1100
1da177e4 1101/* ---- Socket interface ---- */
1da177e4
LT		 1102
1103/* Find socket with psm and source bdaddr.
1104 * Returns closest match.
1105 */
23691d75 1106static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1107{
23691d75 1108 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1109
23691d75 1110 read_lock(&chan_list_lock);
e0f0cb56 1111
23691d75
GP		 1112 list_for_each_entry(c, &chan_list, global_l) {
1113 struct sock *sk = c->sk;
fe4128e0 1114
89bc500e 1115 if (state && c->state != state)
1da177e4
LT		 1116 continue;
1117
23691d75 1118 if (c->psm == psm) {
1da177e4 1119 /* Exact match. */
23691d75 1120 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1121 read_unlock(&chan_list_lock);
23691d75
GP		 1122 return c;
1123 }
1da177e4
LT		 1124
1125 /* Closest match */
1126 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1127 c1 = c;
1da177e4
LT		 1128 }
1129 }
1da177e4 1130
23691d75 1131 read_unlock(&chan_list_lock);
e0f0cb56 1132
23691d75 1133 return c1;
1da177e4
LT		 1134}
1135
cbe8fed4 1136int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1137{
5d41ce1d 1138 struct sock *sk = chan->sk;
1da177e4 1139 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1140 struct l2cap_conn *conn;
1141 struct hci_conn *hcon;
1142 struct hci_dev *hdev;
09ab6f4c 1143 __u8 auth_type;
44d0e48e 1144 int err;
1da177e4 1145
f29972de 1146 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1147 chan->psm);
1da177e4 1148
af05b30b
GP		 1149 hdev = hci_get_route(dst, src);
1150 if (!hdev)
1da177e4
LT		 1151 return -EHOSTUNREACH;
1152
09fd0de5 1153 hci_dev_lock(hdev);
1da177e4 1154
6be36555 1155 l2cap_chan_lock(chan);
03a00194
GP		 1156
1157 /* PSM must be odd and lsb of upper byte must be 0 */
1158 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1159 chan->chan_type != L2CAP_CHAN_RAW) {
1160 err = -EINVAL;
1161 goto done;
1162 }
1163
1164 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1165 err = -EINVAL;
1166 goto done;
1167 }
1168
1169 switch (chan->mode) {
1170 case L2CAP_MODE_BASIC:
1171 break;
1172 case L2CAP_MODE_ERTM:
1173 case L2CAP_MODE_STREAMING:
1174 if (!disable_ertm)
1175 break;
1176 /* fall through */
1177 default:
1178 err = -ENOTSUPP;
1179 goto done;
1180 }
1181
6be36555
AE		 1182 lock_sock(sk);
1183
03a00194
GP		 1184 switch (sk->sk_state) {
1185 case BT_CONNECT:
1186 case BT_CONNECT2:
1187 case BT_CONFIG:
1188 /* Already connecting */
1189 err = 0;
6be36555 1190 release_sock(sk);
03a00194
GP		 1191 goto done;
1192
1193 case BT_CONNECTED:
1194 /* Already connected */
1195 err = -EISCONN;
6be36555 1196 release_sock(sk);
03a00194
GP		 1197 goto done;
1198
1199 case BT_OPEN:
1200 case BT_BOUND:
1201 /* Can connect */
1202 break;
1203
1204 default:
1205 err = -EBADFD;
6be36555 1206 release_sock(sk);
03a00194
GP		 1207 goto done;
1208 }
1209
1210 /* Set destination address and psm */
9219b2a0 1211 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1212
1213 release_sock(sk);
1214
03a00194
GP		 1215 chan->psm = psm;
1216 chan->dcid = cid;
1da177e4 1217
4343478f 1218 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1219
fe4128e0 1220 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1221 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1222 chan->sec_level, auth_type);
acd7d370
VT		 1223 else
1224 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1225 chan->sec_level, auth_type);
acd7d370 1226
30e76272
VT		 1227 if (IS_ERR(hcon)) {
1228 err = PTR_ERR(hcon);
1da177e4 1229 goto done;
30e76272 1230 }
1da177e4
LT		 1231
1232 conn = l2cap_conn_add(hcon, 0);
1233 if (!conn) {
1234 hci_conn_put(hcon);
30e76272 1235 err = -ENOMEM;
1da177e4
LT		 1236 goto done;
1237 }
1238
1da177e4
LT		 1239 /* Update source addr of the socket */
1240 bacpy(src, conn->src);
1241
6be36555 1242 l2cap_chan_unlock(chan);
48454079 1243 l2cap_chan_add(conn, chan);
6be36555 1244 l2cap_chan_lock(chan);
48454079 1245
6be36555 1246 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1247 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1248
1249 if (hcon->state == BT_CONNECTED) {
715ec005 1250 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1251 __clear_chan_timer(chan);
d45fc423 1252 if (l2cap_chan_check_security(chan))
6be36555 1253 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1254 } else
fc7f8a7e 1255 l2cap_do_start(chan);
1da177e4
LT		 1256 }
1257
30e76272
VT		 1258 err = 0;
1259
1da177e4 1260done:
6be36555 1261 l2cap_chan_unlock(chan);
09fd0de5 1262 hci_dev_unlock(hdev);
1da177e4
LT		 1263 hci_dev_put(hdev);
1264 return err;
1265}
1266
dcba0dba 1267int __l2cap_wait_ack(struct sock *sk)
6161c038 1268{
8c1d787b 1269 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1270 DECLARE_WAITQUEUE(wait, current);
1271 int err = 0;
1272 int timeo = HZ/5;
1273
2b0b05dd 1274 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1275 set_current_state(TASK_INTERRUPTIBLE);
1276 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1277 if (!timeo)
1278 timeo = HZ/5;
1279
1280 if (signal_pending(current)) {
1281 err = sock_intr_errno(timeo);
1282 break;
1283 }
1284
1285 release_sock(sk);
1286 timeo = schedule_timeout(timeo);
1287 lock_sock(sk);
a71a0cf4 1288 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1289
1290 err = sock_error(sk);
1291 if (err)
1292 break;
1293 }
1294 set_current_state(TASK_RUNNING);
2b0b05dd 1295 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1296 return err;
1297}
1298
721c4181 1299static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1300{
721c4181
GP		 1301 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1302 monitor_timer.work);
e90bac06 1303
525cd185 1304 BT_DBG("chan %p", chan);
0e98958d 1305
6be36555
AE		 1306 l2cap_chan_lock(chan);
1307
2c03a7a4 1308 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1309 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1310 l2cap_chan_unlock(chan);
8d7e1c7f 1311 l2cap_chan_put(chan);
e90bac06
GP		 1312 return;
1313 }
1314
6a026610 1315 chan->retry_count++;
1a09bcb9 1316 __set_monitor_timer(chan);
e90bac06 1317
525cd185 1318 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1319 l2cap_chan_unlock(chan);
8d7e1c7f 1320 l2cap_chan_put(chan);
e90bac06
GP		 1321}
1322
721c4181 1323static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1324{
721c4181
GP		 1325 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1326 retrans_timer.work);
e90bac06 1327
49208c9c 1328 BT_DBG("chan %p", chan);
0e98958d 1329
6be36555
AE		 1330 l2cap_chan_lock(chan);
1331
6a026610 1332 chan->retry_count = 1;
1a09bcb9 1333 __set_monitor_timer(chan);
e90bac06 1334
e2ab4353 1335 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1336
525cd185 1337 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1338
1339 l2cap_chan_unlock(chan);
8d7e1c7f 1340 l2cap_chan_put(chan);
e90bac06
GP		 1341}
1342
42e5c802 1343static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1344{
1c2acffb 1345 struct sk_buff *skb;
1da177e4 1346
58d35f87 1347 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1348 chan->unacked_frames) {
42e5c802 1349 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1350 break;
1da177e4 1351
58d35f87 1352 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1353 kfree_skb(skb);
1da177e4 1354
6a026610 1355 chan->unacked_frames--;
1c2acffb 1356 }
1da177e4 1357
6a026610 1358 if (!chan->unacked_frames)
1a09bcb9 1359 __clear_retrans_timer(chan);
1c2acffb 1360}
1da177e4 1361
67c9e840 1362static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1363{
ccbb84af 1364 struct sk_buff *skb;
88843ab0
AE		 1365 u32 control;
1366 u16 fcs;
6840ed07 1367
58d35f87 1368 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1369 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1370 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1371 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1372
47d1ec61 1373 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1374 fcs = crc16(0, (u8 *)skb->data,
1375 skb->len - L2CAP_FCS_SIZE);
1376 put_unaligned_le16(fcs,
1377 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1378 }
1379
4343478f 1380 l2cap_do_send(chan, skb);
6840ed07 1381
836be934 1382 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1383 }
6840ed07
GP		 1384}
1385
fb45de7d 1386static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1387{
8f17154f 1388 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1389 u16 fcs;
1390 u32 control;
8f17154f 1391
58d35f87 1392 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1393 if (!skb)
1394 return;
8f17154f 1395
d1726b6d 1396 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1397 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1398 return;
8f17154f 1399
d1726b6d
SJ		 1400 skb = skb_queue_next(&chan->tx_q, skb);
1401 }
8f17154f 1402
2c03a7a4
GP		 1403 if (chan->remote_max_tx &&
1404 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1405 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1406 return;
1407 }
1408
1409 tx_skb = skb_clone(skb, GFP_ATOMIC);
1410 bt_cb(skb)->retries++;
88843ab0
AE		 1411
1412 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1413 control &= __get_sar_mask(chan);
3cb123d1 1414
e2ab4353 1415 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1416 control |= __set_ctrl_final(chan);
95ffa978 1417
0b209fae 1418 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1419 control |= __set_txseq(chan, tx_seq);
3cb123d1 1420
88843ab0 1421 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1422
47d1ec61 1423 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1424 fcs = crc16(0, (u8 *)tx_skb->data,
1425 tx_skb->len - L2CAP_FCS_SIZE);
1426 put_unaligned_le16(fcs,
1427 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1428 }
1429
4343478f 1430 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1431}
1432
67c9e840 1433static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1434{
1435 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1436 u16 fcs;
1437 u32 control;
9a9c6a34 1438 int nsent = 0;
1c2acffb 1439
89bc500e 1440 if (chan->state != BT_CONNECTED)
c13ffa62 1441 return -ENOTCONN;
e90bac06 1442
58d35f87 1443 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1444
2c03a7a4
GP		 1445 if (chan->remote_max_tx &&
1446 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1447 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1448 break;
1449 }
1450
e420aba3
AE		 1451 tx_skb = skb_clone(skb, GFP_ATOMIC);
1452
e90bac06
GP		 1453 bt_cb(skb)->retries++;
1454
88843ab0 1455 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1456 control &= __get_sar_mask(chan);
95ffa978 1457
e2ab4353 1458 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1459 control |= __set_ctrl_final(chan);
e2ab4353 1460
0b209fae 1461 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1462 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1463
88843ab0 1464 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1465
47d1ec61 1466 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1467 fcs = crc16(0, (u8 *)skb->data,
1468 tx_skb->len - L2CAP_FCS_SIZE);
1469 put_unaligned_le16(fcs, skb->data +
1470 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1471 }
1472
4343478f 1473 l2cap_do_send(chan, tx_skb);
9a9c6a34 1474
1a09bcb9 1475 __set_retrans_timer(chan);
1c2acffb 1476
42e5c802 1477 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1478
1479 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1480
8ed7a0ae 1481 if (bt_cb(skb)->retries == 1) {
6a026610 1482 chan->unacked_frames++;
930fa4ae
SJ		 1483
1484 if (!nsent++)
1485 __clear_ack_timer(chan);
8ed7a0ae 1486 }
23e9fde2 1487
6a026610 1488 chan->frames_sent++;
1c2acffb 1489
58d35f87
GP		 1490 if (skb_queue_is_last(&chan->tx_q, skb))
1491 chan->tx_send_head = NULL;
1c2acffb 1492 else
58d35f87 1493 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1494 }
1495
9e917af1
GP		 1496 return nsent;
1497}
1498
525cd185 1499static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1500{
dfc909be
GP		 1501 int ret;
1502
58d35f87
GP		 1503 if (!skb_queue_empty(&chan->tx_q))
1504 chan->tx_send_head = chan->tx_q.next;
dfc909be 1505
42e5c802 1506 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1507 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1508 return ret;
1509}
1510
b17e73bb 1511static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1512{
88843ab0 1513 u32 control = 0;
9e917af1 1514
0b209fae 1515 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1516
e2ab4353 1517 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1518 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1519 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1520 l2cap_send_sframe(chan, control);
9a9c6a34 1521 return;
9e917af1 1522 }
dfc909be 1523
525cd185 1524 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1525 return;
1526
ab784b73 1527 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1528 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1529}
1530
b17e73bb
SJ		 1531static void l2cap_send_ack(struct l2cap_chan *chan)
1532{
1533 __clear_ack_timer(chan);
1534 __l2cap_send_ack(chan);
1535}
1536
525cd185 1537static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1538{
1539 struct srej_list *tail;
88843ab0 1540 u32 control;
99b0d4b7 1541
ab784b73 1542 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1543 control |= __set_ctrl_final(chan);
99b0d4b7 1544
39d5a3ee 1545 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1546 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1547
525cd185 1548 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1549}
1550
04124681
GP		 1551static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1552 struct msghdr *msg, int len,
1553 int count, struct sk_buff *skb)
1c2acffb 1554{
0952a57a 1555 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1556 struct sk_buff **frag;
1557 int err, sent = 0;
1da177e4 1558
59203a21 1559 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1560 return -EFAULT;
1da177e4
LT		 1561
1562 sent += count;
1563 len -= count;
1564
1565 /* Continuation fragments (no L2CAP header) */
1566 frag = &skb_shinfo(skb)->frag_list;
1567 while (len) {
1568 count = min_t(unsigned int, conn->mtu, len);
1569
2f7719ce 1570 *frag = chan->ops->alloc_skb(chan, count,
04124681
GP		 1571 msg->msg_flags & MSG_DONTWAIT,
1572 &err);
2f7719ce 1573
1da177e4 1574 if (!*frag)
0175d629 1575 return err;
1c2acffb
GP		 1576 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1577 return -EFAULT;
1da177e4 1578
5e59b791
LAD		 1579 (*frag)->priority = skb->priority;
1580
1da177e4
LT		 1581 sent += count;
1582 len -= count;
1583
1584 frag = &(*frag)->next;
1585 }
1da177e4
LT		 1586
1587 return sent;
1c2acffb 1588}
1da177e4 1589
5e59b791
LAD		 1590static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1591 struct msghdr *msg, size_t len,
1592 u32 priority)
1c2acffb 1593{
8c1d787b 1594 struct l2cap_conn *conn = chan->conn;
1c2acffb 1595 struct sk_buff *skb;
03a51213 1596 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1597 struct l2cap_hdr *lh;
1598
6d5922b0 1599 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1600
1601 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1602
1603 skb = chan->ops->alloc_skb(chan, count + hlen,
04124681 1604 msg->msg_flags & MSG_DONTWAIT, &err);
2f7719ce 1605
1c2acffb 1606 if (!skb)
0175d629 1607 return ERR_PTR(err);
1c2acffb 1608
5e59b791
LAD		 1609 skb->priority = priority;
1610
1c2acffb
GP		 1611 /* Create L2CAP header */
1612 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1613 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1614 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1615 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb 1616
0952a57a 1617 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1618 if (unlikely(err < 0)) {
1619 kfree_skb(skb);
1620 return ERR_PTR(err);
1621 }
1622 return skb;
1623}
1624
5e59b791
LAD		 1625static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1626 struct msghdr *msg, size_t len,
1627 u32 priority)
1c2acffb 1628{
8c1d787b 1629 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1630 struct sk_buff *skb;
1631 int err, count, hlen = L2CAP_HDR_SIZE;
1632 struct l2cap_hdr *lh;
1633
6d5922b0 1634 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1635
1636 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1637
1638 skb = chan->ops->alloc_skb(chan, count + hlen,
04124681 1639 msg->msg_flags & MSG_DONTWAIT, &err);
2f7719ce 1640
1c2acffb 1641 if (!skb)
0175d629 1642 return ERR_PTR(err);
1c2acffb 1643
5e59b791
LAD		 1644 skb->priority = priority;
1645
1c2acffb
GP		 1646 /* Create L2CAP header */
1647 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1648 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1649 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1650
0952a57a 1651 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1652 if (unlikely(err < 0)) {
1653 kfree_skb(skb);
1654 return ERR_PTR(err);
1655 }
1656 return skb;
1657}
1658
ab0ff76d
LAD		 1659static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1660 struct msghdr *msg, size_t len,
88843ab0 1661 u32 control, u16 sdulen)
1c2acffb 1662{
8c1d787b 1663 struct l2cap_conn *conn = chan->conn;
1c2acffb 1664 struct sk_buff *skb;
e4ca6d98 1665 int err, count, hlen;
1c2acffb
GP		 1666 struct l2cap_hdr *lh;
1667
6d5922b0 1668 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1669
0ee0d208
GP		 1670 if (!conn)
1671 return ERR_PTR(-ENOTCONN);
1672
e4ca6d98
AE		 1673 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1674 hlen = L2CAP_EXT_HDR_SIZE;
1675 else
1676 hlen = L2CAP_ENH_HDR_SIZE;
1677
c74e560c 1678 if (sdulen)
03a51213 1679 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1680
47d1ec61 1681 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1682 hlen += L2CAP_FCS_SIZE;
fcc203c3 1683
1c2acffb 1684 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1685
1686 skb = chan->ops->alloc_skb(chan, count + hlen,
1687 msg->msg_flags & MSG_DONTWAIT, &err);
1688
1c2acffb 1689 if (!skb)
0175d629 1690 return ERR_PTR(err);
1c2acffb
GP		 1691
1692 /* Create L2CAP header */
1693 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1694 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1695 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1696
1697 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1698
c74e560c 1699 if (sdulen)
03a51213 1700 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1701
0952a57a 1702 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1703 if (unlikely(err < 0)) {
1704 kfree_skb(skb);
1705 return ERR_PTR(err);
1706 }
e90bac06 1707
47d1ec61 1708 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1709 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1710
e90bac06 1711 bt_cb(skb)->retries = 0;
1c2acffb 1712 return skb;
1da177e4
LT		 1713}
1714
67c9e840 1715static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1716{
c74e560c
GP		 1717 struct sk_buff *skb;
1718 struct sk_buff_head sar_queue;
88843ab0 1719 u32 control;
c74e560c
GP		 1720 size_t size = 0;
1721
ff12fd64 1722 skb_queue_head_init(&sar_queue);
7e0ef6ee 1723 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1724 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1725 if (IS_ERR(skb))
1726 return PTR_ERR(skb);
1727
1728 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1729 len -= chan->remote_mps;
1730 size += chan->remote_mps;
c74e560c
GP		 1731
1732 while (len > 0) {
1733 size_t buflen;
1734
2c03a7a4 1735 if (len > chan->remote_mps) {
7e0ef6ee 1736 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1737 buflen = chan->remote_mps;
c74e560c 1738 } else {
7e0ef6ee 1739 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1740 buflen = len;
1741 }
1742
47d1ec61 1743 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1744 if (IS_ERR(skb)) {
1745 skb_queue_purge(&sar_queue);
1746 return PTR_ERR(skb);
1747 }
1748
1749 __skb_queue_tail(&sar_queue, skb);
1750 len -= buflen;
1751 size += buflen;
c74e560c 1752 }
58d35f87
GP		 1753 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1754 if (chan->tx_send_head == NULL)
1755 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1756
1757 return size;
1758}
1759
5e59b791
LAD		 1760int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1761 u32 priority)
9a91a04a 1762{
9a91a04a 1763 struct sk_buff *skb;
88843ab0 1764 u32 control;
9a91a04a
GP		 1765 int err;
1766
1767 /* Connectionless channel */
715ec005 1768 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1769 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1770 if (IS_ERR(skb))
1771 return PTR_ERR(skb);
1772
1773 l2cap_do_send(chan, skb);
1774 return len;
1775 }
1776
1777 switch (chan->mode) {
1778 case L2CAP_MODE_BASIC:
1779 /* Check outgoing MTU */
1780 if (len > chan->omtu)
1781 return -EMSGSIZE;
1782
1783 /* Create a basic PDU */
5e59b791 1784 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1785 if (IS_ERR(skb))
1786 return PTR_ERR(skb);
1787
1788 l2cap_do_send(chan, skb);
1789 err = len;
1790 break;
1791
1792 case L2CAP_MODE_ERTM:
1793 case L2CAP_MODE_STREAMING:
1794 /* Entire SDU fits into one PDU */
1795 if (len <= chan->remote_mps) {
7e0ef6ee 1796 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1797 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1798 0);
1799 if (IS_ERR(skb))
1800 return PTR_ERR(skb);
1801
1802 __skb_queue_tail(&chan->tx_q, skb);
1803
1804 if (chan->tx_send_head == NULL)
1805 chan->tx_send_head = skb;
1806
1807 } else {
1808 /* Segment SDU into multiples PDUs */
1809 err = l2cap_sar_segment_sdu(chan, msg, len);
1810 if (err < 0)
1811 return err;
1812 }
1813
1814 if (chan->mode == L2CAP_MODE_STREAMING) {
1815 l2cap_streaming_send(chan);
1816 err = len;
1817 break;
1818 }
1819
e2ab4353
GP		 1820 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1821 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1822 err = len;
1823 break;
1824 }
1825
1826 err = l2cap_ertm_send(chan);
1827 if (err >= 0)
1828 err = len;
1829
1830 break;
1831
1832 default:
1833 BT_DBG("bad state %1.1x", chan->mode);
1834 err = -EBADFD;
1835 }
1836
1837 return err;
1838}
1839
1da177e4
LT		 1840/* Copy frame to all raw sockets on that connection */
1841static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1842{
1da177e4 1843 struct sk_buff *nskb;
48454079 1844 struct l2cap_chan *chan;
1da177e4
LT		 1845
1846 BT_DBG("conn %p", conn);
1847
3df91ea2 1848 mutex_lock(&conn->chan_lock);
3d57dc68 1849
3df91ea2 1850 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1851 struct sock *sk = chan->sk;
715ec005 1852 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1853 continue;
1854
1855 /* Don't send frame to the socket it came from */
1856 if (skb->sk == sk)
1857 continue;
af05b30b
GP		 1858 nskb = skb_clone(skb, GFP_ATOMIC);
1859 if (!nskb)
1da177e4
LT		 1860 continue;
1861
23070494 1862 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1863 kfree_skb(nskb);
1864 }
3d57dc68 1865
3df91ea2 1866 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1867}
1868
1869/* ---- L2CAP signalling commands ---- */
1870static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1871 u8 code, u8 ident, u16 dlen, void *data)
1872{
1873 struct sk_buff *skb, **frag;
1874 struct l2cap_cmd_hdr *cmd;
1875 struct l2cap_hdr *lh;
1876 int len, count;
1877
af05b30b
GP		 1878 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1879 conn, code, ident, dlen);
1da177e4
LT		 1880
1881 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1882 count = min_t(unsigned int, conn->mtu, len);
1883
1884 skb = bt_skb_alloc(count, GFP_ATOMIC);
1885 if (!skb)
1886 return NULL;
1887
1888 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1889 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1890
1891 if (conn->hcon->type == LE_LINK)
1892 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1893 else
1894 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1895
1896 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1897 cmd->code = code;
1898 cmd->ident = ident;
aca3192c 1899 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1900
1901 if (dlen) {
1902 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1903 memcpy(skb_put(skb, count), data, count);
1904 data += count;
1905 }
1906
1907 len -= skb->len;
1908
1909 /* Continuation fragments (no L2CAP header) */
1910 frag = &skb_shinfo(skb)->frag_list;
1911 while (len) {
1912 count = min_t(unsigned int, conn->mtu, len);
1913
1914 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1915 if (!*frag)
1916 goto fail;
1917
1918 memcpy(skb_put(*frag, count), data, count);
1919
1920 len -= count;
1921 data += count;
1922
1923 frag = &(*frag)->next;
1924 }
1925
1926 return skb;
1927
1928fail:
1929 kfree_skb(skb);
1930 return NULL;
1931}
1932
1933static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1934{
1935 struct l2cap_conf_opt *opt = *ptr;
1936 int len;
1937
1938 len = L2CAP_CONF_OPT_SIZE + opt->len;
1939 *ptr += len;
1940
1941 *type = opt->type;
1942 *olen = opt->len;
1943
1944 switch (opt->len) {
1945 case 1:
1946 *val = *((u8 *) opt->val);
1947 break;
1948
1949 case 2:
bfaaeb3e 1950 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1951 break;
1952
1953 case 4:
bfaaeb3e 1954 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1955 break;
1956
1957 default:
1958 *val = (unsigned long) opt->val;
1959 break;
1960 }
1961
1962 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1963 return len;
1964}
1965
1da177e4
LT		 1966static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1967{
1968 struct l2cap_conf_opt *opt = *ptr;
1969
1970 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1971
1972 opt->type = type;
1973 opt->len = len;
1974
1975 switch (len) {
1976 case 1:
1977 *((u8 *) opt->val) = val;
1978 break;
1979
1980 case 2:
4f8b691c 1981 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1982 break;
1983
1984 case 4:
4f8b691c 1985 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1986 break;
1987
1988 default:
1989 memcpy(opt->val, (void *) val, len);
1990 break;
1991 }
1992
1993 *ptr += L2CAP_CONF_OPT_SIZE + len;
1994}
1995
f89cef09
AE		 1996static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
1997{
1998 struct l2cap_conf_efs efs;
1999
1ec918ce 2000 switch (chan->mode) {
f89cef09
AE		 2001 case L2CAP_MODE_ERTM:
2002 efs.id = chan->local_id;
2003 efs.stype = chan->local_stype;
2004 efs.msdu = cpu_to_le16(chan->local_msdu);
2005 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2006 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2007 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2008 break;
2009
2010 case L2CAP_MODE_STREAMING:
2011 efs.id = 1;
2012 efs.stype = L2CAP_SERV_BESTEFFORT;
2013 efs.msdu = cpu_to_le16(chan->local_msdu);
2014 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2015 efs.acc_lat = 0;
2016 efs.flush_to = 0;
2017 break;
2018
2019 default:
2020 return;
2021 }
2022
2023 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2024 (unsigned long) &efs);
2025}
2026
721c4181 2027static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2028{
721c4181
GP		 2029 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2030 ack_timer.work);
c1b4f43b 2031
2fb9b3d4
GP		 2032 BT_DBG("chan %p", chan);
2033
6be36555
AE		 2034 l2cap_chan_lock(chan);
2035
b17e73bb 2036 __l2cap_send_ack(chan);
6be36555
AE		 2037
2038 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2039
2040 l2cap_chan_put(chan);
c1b4f43b
GP		 2041}
2042
525cd185 2043static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2044{
42e5c802 2045 chan->expected_ack_seq = 0;
6a026610 2046 chan->unacked_frames = 0;
42e5c802 2047 chan->buffer_seq = 0;
6a026610
GP		 2048 chan->num_acked = 0;
2049 chan->frames_sent = 0;
0565c1c2 2050
721c4181
GP		 2051 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2052 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2053 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2054
f1c6775b 2055 skb_queue_head_init(&chan->srej_q);
1890d36b 2056
39d5a3ee 2057 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2058}
2059
f2fcfcd6
GP		 2060static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2061{
2062 switch (mode) {
2063 case L2CAP_MODE_STREAMING:
2064 case L2CAP_MODE_ERTM:
2065 if (l2cap_mode_supported(mode, remote_feat_mask))
2066 return mode;
2067 /* fall through */
2068 default:
2069 return L2CAP_MODE_BASIC;
2070 }
2071}
2072
6327eb98
AE		 2073static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2074{
2075 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2076}
2077
f89cef09
AE		 2078static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2079{
2080 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2081}
2082
6327eb98
AE		 2083static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2084{
2085 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2086 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2087 /* use extended control field */
2088 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2089 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2090 } else {
6327eb98
AE		 2091 chan->tx_win = min_t(u16, chan->tx_win,
2092 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2093 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2094 }
6327eb98
AE		 2095}
2096
710f9b0a 2097static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2098{
1da177e4 2099 struct l2cap_conf_req *req = data;
0c1bc5c6 2100 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2101 void *ptr = req->data;
c8f79162 2102 u16 size;
1da177e4 2103
49208c9c 2104 BT_DBG("chan %p", chan);
1da177e4 2105
73ffa904 2106 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2107 goto done;
2108
0c1bc5c6 2109 switch (chan->mode) {
f2fcfcd6
GP		 2110 case L2CAP_MODE_STREAMING:
2111 case L2CAP_MODE_ERTM:
c1360a1c 2112 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2113 break;
85eb53c6 2114
f89cef09
AE		 2115 if (__l2cap_efs_supported(chan))
2116 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2117
2ba13ed6 2118 /* fall through */
f2fcfcd6 2119 default:
8c1d787b 2120 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2121 break;
2122 }
2123
2124done:
0c1bc5c6
GP		 2125 if (chan->imtu != L2CAP_DEFAULT_MTU)
2126 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2127
0c1bc5c6 2128 switch (chan->mode) {
65c7c491 2129 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2130 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2131 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2132 break;
2133
62547752
GP		 2134 rfc.mode = L2CAP_MODE_BASIC;
2135 rfc.txwin_size = 0;
2136 rfc.max_transmit = 0;
2137 rfc.retrans_timeout = 0;
2138 rfc.monitor_timeout = 0;
2139 rfc.max_pdu_size = 0;
2140
63406504
GP		 2141 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2142 (unsigned long) &rfc);
65c7c491
MH		 2143 break;
2144
2145 case L2CAP_MODE_ERTM:
2146 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2147 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2148 rfc.retrans_timeout = 0;
2149 rfc.monitor_timeout = 0;
c8f79162
AE		 2150
2151 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2152 L2CAP_EXT_HDR_SIZE -
2153 L2CAP_SDULEN_SIZE -
2154 L2CAP_FCS_SIZE);
2155 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2156
6327eb98
AE		 2157 l2cap_txwin_setup(chan);
2158
2159 rfc.txwin_size = min_t(u16, chan->tx_win,
2160 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2161
63406504
GP		 2162 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2163 (unsigned long) &rfc);
2164
f89cef09
AE		 2165 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2166 l2cap_add_opt_efs(&ptr, chan);
2167
8c1d787b 2168 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2169 break;
2170
47d1ec61 2171 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2172 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2173 chan->fcs = L2CAP_FCS_NONE;
2174 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2175 }
6327eb98
AE		 2176
2177 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2178 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2179 chan->tx_win);
f2fcfcd6
GP		 2180 break;
2181
2182 case L2CAP_MODE_STREAMING:
2183 rfc.mode = L2CAP_MODE_STREAMING;
2184 rfc.txwin_size = 0;
2185 rfc.max_transmit = 0;
2186 rfc.retrans_timeout = 0;
2187 rfc.monitor_timeout = 0;
c8f79162
AE		 2188
2189 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2190 L2CAP_EXT_HDR_SIZE -
2191 L2CAP_SDULEN_SIZE -
2192 L2CAP_FCS_SIZE);
2193 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2194
63406504
GP		 2195 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2196 (unsigned long) &rfc);
2197
f89cef09
AE		 2198 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2199 l2cap_add_opt_efs(&ptr, chan);
2200
8c1d787b 2201 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2202 break;
2203
47d1ec61 2204 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2205 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2206 chan->fcs = L2CAP_FCS_NONE;
2207 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2208 }
65c7c491
MH		 2209 break;
2210 }
1da177e4 2211
fe4128e0 2212 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2213 req->flags = cpu_to_le16(0);
1da177e4
LT		 2214
2215 return ptr - data;
2216}
2217
73ffa904 2218static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2219{
5dee9e7c
MH		 2220 struct l2cap_conf_rsp *rsp = data;
2221 void *ptr = rsp->data;
73ffa904
GP		 2222 void *req = chan->conf_req;
2223 int len = chan->conf_len;
5dee9e7c
MH		 2224 int type, hint, olen;
2225 unsigned long val;
6464f35f 2226 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2227 struct l2cap_conf_efs efs;
2228 u8 remote_efs = 0;
861d6882 2229 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2230 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2231 u16 size;
1da177e4 2232
73ffa904 2233 BT_DBG("chan %p", chan);
820ae1b8 2234
5dee9e7c
MH		 2235 while (len >= L2CAP_CONF_OPT_SIZE) {
2236 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2237
589d2746 2238 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2239 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2240
2241 switch (type) {
2242 case L2CAP_CONF_MTU:
861d6882 2243 mtu = val;
5dee9e7c
MH		 2244 break;
2245
2246 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2247 chan->flush_to = val;
5dee9e7c
MH		 2248 break;
2249
2250 case L2CAP_CONF_QOS:
2251 break;
2252
6464f35f
MH		 2253 case L2CAP_CONF_RFC:
2254 if (olen == sizeof(rfc))
2255 memcpy(&rfc, (void *) val, olen);
2256 break;
2257
fcc203c3
GP		 2258 case L2CAP_CONF_FCS:
2259 if (val == L2CAP_FCS_NONE)
c1360a1c 2260 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2261 break;
fcc203c3 2262
42dceae2
AE		 2263 case L2CAP_CONF_EFS:
2264 remote_efs = 1;
2265 if (olen == sizeof(efs))
2266 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2267 break;
2268
6327eb98
AE		 2269 case L2CAP_CONF_EWS:
2270 if (!enable_hs)
2271 return -ECONNREFUSED;
fcc203c3 2272
6327eb98
AE		 2273 set_bit(FLAG_EXT_CTRL, &chan->flags);
2274 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2275 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2276 chan->remote_tx_win = val;
fcc203c3
GP		 2277 break;
2278
5dee9e7c
MH		 2279 default:
2280 if (hint)
2281 break;
2282
2283 result = L2CAP_CONF_UNKNOWN;
2284 *((u8 *) ptr++) = type;
2285 break;
2286 }
2287 }
2288
73ffa904 2289 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2290 goto done;
2291
0c1bc5c6 2292 switch (chan->mode) {
f2fcfcd6
GP		 2293 case L2CAP_MODE_STREAMING:
2294 case L2CAP_MODE_ERTM:
c1360a1c 2295 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2296 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2297 chan->conn->feat_mask);
85eb53c6
GP		 2298 break;
2299 }
2300
42dceae2
AE		 2301 if (remote_efs) {
2302 if (__l2cap_efs_supported(chan))
2303 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2304 else
2305 return -ECONNREFUSED;
2306 }
2307
0c1bc5c6 2308 if (chan->mode != rfc.mode)
f2fcfcd6 2309 return -ECONNREFUSED;
742e519b 2310
f2fcfcd6 2311 break;
f2fcfcd6
GP		 2312 }
2313
2314done:
0c1bc5c6 2315 if (chan->mode != rfc.mode) {
f2fcfcd6 2316 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2317 rfc.mode = chan->mode;
f2fcfcd6 2318
73ffa904 2319 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2320 return -ECONNREFUSED;
2321
2322 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2323 sizeof(rfc), (unsigned long) &rfc);
2324 }
2325
5dee9e7c
MH		 2326 if (result == L2CAP_CONF_SUCCESS) {
2327 /* Configure output options and let the other side know
2328 * which ones we don't like. */
2329
f2fcfcd6
GP		 2330 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2331 result = L2CAP_CONF_UNACCEPT;
2332 else {
0c1bc5c6 2333 chan->omtu = mtu;
c1360a1c 2334 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2335 }
0c1bc5c6 2336 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2337
42dceae2
AE		 2338 if (remote_efs) {
2339 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2340 efs.stype != L2CAP_SERV_NOTRAFIC &&
2341 efs.stype != chan->local_stype) {
2342
2343 result = L2CAP_CONF_UNACCEPT;
2344
2345 if (chan->num_conf_req >= 1)
2346 return -ECONNREFUSED;
2347
2348 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2349 sizeof(efs),
42dceae2 2350 (unsigned long) &efs);
0e8b207e 2351 } else {
3e6b3b95 2352 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2353 result = L2CAP_CONF_PENDING;
2354 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2355 }
2356 }
2357
f2fcfcd6
GP		 2358 switch (rfc.mode) {
2359 case L2CAP_MODE_BASIC:
47d1ec61 2360 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2361 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2362 break;
2363
2364 case L2CAP_MODE_ERTM:
6327eb98
AE		 2365 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2366 chan->remote_tx_win = rfc.txwin_size;
2367 else
2368 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2369
2c03a7a4 2370 chan->remote_max_tx = rfc.max_transmit;
1c762159 2371
c8f79162
AE		 2372 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2373 chan->conn->mtu -
2374 L2CAP_EXT_HDR_SIZE -
2375 L2CAP_SDULEN_SIZE -
2376 L2CAP_FCS_SIZE);
2377 rfc.max_pdu_size = cpu_to_le16(size);
2378 chan->remote_mps = size;
f2fcfcd6 2379
10467e9e
GP		 2380 rfc.retrans_timeout =
2381 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2382 rfc.monitor_timeout =
2383 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2384
c1360a1c 2385 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2386
2387 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2388 sizeof(rfc), (unsigned long) &rfc);
2389
42dceae2
AE		 2390 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2391 chan->remote_id = efs.id;
2392 chan->remote_stype = efs.stype;
2393 chan->remote_msdu = le16_to_cpu(efs.msdu);
2394 chan->remote_flush_to =
2395 le32_to_cpu(efs.flush_to);
2396 chan->remote_acc_lat =
2397 le32_to_cpu(efs.acc_lat);
2398 chan->remote_sdu_itime =
2399 le32_to_cpu(efs.sdu_itime);
2400 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2401 sizeof(efs), (unsigned long) &efs);
2402 }
f2fcfcd6
GP		 2403 break;
2404
2405 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2406 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2407 chan->conn->mtu -
2408 L2CAP_EXT_HDR_SIZE -
2409 L2CAP_SDULEN_SIZE -
2410 L2CAP_FCS_SIZE);
2411 rfc.max_pdu_size = cpu_to_le16(size);
2412 chan->remote_mps = size;
f2fcfcd6 2413
c1360a1c 2414 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2415
2416 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2417 sizeof(rfc), (unsigned long) &rfc);
2418
f2fcfcd6
GP		 2419 break;
2420
2421 default:
5dee9e7c 2422 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2423
6464f35f 2424 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2425 rfc.mode = chan->mode;
f2fcfcd6 2426 }
6464f35f 2427
f2fcfcd6 2428 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2429 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2430 }
fe4128e0 2431 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2432 rsp->result = cpu_to_le16(result);
2433 rsp->flags = cpu_to_le16(0x0000);
2434
2435 return ptr - data;
1da177e4
LT		 2436}
2437
b4450035 2438static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2439{
f2fcfcd6
GP		 2440 struct l2cap_conf_req *req = data;
2441 void *ptr = req->data;
2442 int type, olen;
2443 unsigned long val;
36e999a8 2444 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2445 struct l2cap_conf_efs efs;
f2fcfcd6 2446
fe4128e0 2447 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2448
2449 while (len >= L2CAP_CONF_OPT_SIZE) {
2450 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2451
2452 switch (type) {
2453 case L2CAP_CONF_MTU:
2454 if (val < L2CAP_DEFAULT_MIN_MTU) {
2455 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2456 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2457 } else
0c1bc5c6
GP		 2458 chan->imtu = val;
2459 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2460 break;
2461
2462 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2463 chan->flush_to = val;
f2fcfcd6 2464 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2465 2, chan->flush_to);
f2fcfcd6
GP		 2466 break;
2467
2468 case L2CAP_CONF_RFC:
2469 if (olen == sizeof(rfc))
2470 memcpy(&rfc, (void *)val, olen);
2471
c1360a1c 2472 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2473 rfc.mode != chan->mode)
f2fcfcd6
GP		 2474 return -ECONNREFUSED;
2475
47d1ec61 2476 chan->fcs = 0;
f2fcfcd6
GP		 2477
2478 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2479 sizeof(rfc), (unsigned long) &rfc);
2480 break;
6327eb98
AE		 2481
2482 case L2CAP_CONF_EWS:
2483 chan->tx_win = min_t(u16, val,
2484 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2485 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2486 chan->tx_win);
6327eb98 2487 break;
66af7aaf
AE		 2488
2489 case L2CAP_CONF_EFS:
2490 if (olen == sizeof(efs))
2491 memcpy(&efs, (void *)val, olen);
2492
2493 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2494 efs.stype != L2CAP_SERV_NOTRAFIC &&
2495 efs.stype != chan->local_stype)
2496 return -ECONNREFUSED;
2497
2498 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2499 sizeof(efs), (unsigned long) &efs);
2500 break;
f2fcfcd6
GP		 2501 }
2502 }
2503
0c1bc5c6 2504 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2505 return -ECONNREFUSED;
2506
0c1bc5c6 2507 chan->mode = rfc.mode;
6c2ea7a8 2508
0e8b207e 2509 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2510 switch (rfc.mode) {
2511 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2512 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2513 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2514 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2515
2516 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2517 chan->local_msdu = le16_to_cpu(efs.msdu);
2518 chan->local_sdu_itime =
2519 le32_to_cpu(efs.sdu_itime);
2520 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2521 chan->local_flush_to =
2522 le32_to_cpu(efs.flush_to);
2523 }
f2fcfcd6 2524 break;
66af7aaf 2525
f2fcfcd6 2526 case L2CAP_MODE_STREAMING:
47d1ec61 2527 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2528 }
2529 }
2530
fe4128e0 2531 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2532 req->flags = cpu_to_le16(0x0000);
2533
2534 return ptr - data;
2535}
2536
fe4128e0 2537static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2538{
2539 struct l2cap_conf_rsp *rsp = data;
2540 void *ptr = rsp->data;
1da177e4 2541
fe4128e0 2542 BT_DBG("chan %p", chan);
1da177e4 2543
fe4128e0 2544 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2545 rsp->result = cpu_to_le16(result);
aca3192c 2546 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2547
2548 return ptr - data;
2549}
2550
8c1d787b 2551void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2552{
2553 struct l2cap_conn_rsp rsp;
8c1d787b 2554 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2555 u8 buf[128];
2556
fe4128e0
GP		 2557 rsp.scid = cpu_to_le16(chan->dcid);
2558 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2559 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2560 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2561 l2cap_send_cmd(conn, chan->ident,
2562 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2563
c1360a1c 2564 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2565 return;
2566
710f9b0a
GP		 2567 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2568 l2cap_build_conf_req(chan, buf), buf);
2569 chan->num_conf_req++;
2570}
2571
47d1ec61 2572static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2573{
7b1c0049
GP		 2574 int type, olen;
2575 unsigned long val;
2576 struct l2cap_conf_rfc rfc;
2577
47d1ec61 2578 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2579
0c1bc5c6 2580 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2581 return;
2582
2583 while (len >= L2CAP_CONF_OPT_SIZE) {
2584 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2585
2586 switch (type) {
2587 case L2CAP_CONF_RFC:
2588 if (olen == sizeof(rfc))
2589 memcpy(&rfc, (void *)val, olen);
2590 goto done;
2591 }
2592 }
2593
36e999a8
MM		 2594 /* Use sane default values in case a misbehaving remote device
2595 * did not send an RFC option.
2596 */
2597 rfc.mode = chan->mode;
2598 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2599 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2600 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2601
2602 BT_ERR("Expected RFC option was not found, using defaults");
2603
7b1c0049
GP		 2604done:
2605 switch (rfc.mode) {
2606 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2607 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2608 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2609 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2610 break;
2611 case L2CAP_MODE_STREAMING:
47d1ec61 2612 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2613 }
2614}
2615
4e8402a3
MH		 2616static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2617{
e2fd318e 2618 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2619
e2fd318e 2620 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2621 return 0;
2622
2623 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2624 cmd->ident == conn->info_ident) {
17cd3f37 2625 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2626
2627 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2628 conn->info_ident = 0;
984947dc 2629
4e8402a3
MH		 2630 l2cap_conn_start(conn);
2631 }
2632
2633 return 0;
2634}
2635
1da177e4
LT		 2636static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2637{
1da177e4
LT		 2638 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2639 struct l2cap_conn_rsp rsp;
23691d75 2640 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2641 struct sock *parent, *sk = NULL;
e7c29cb1 2642 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2643
2644 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2645 __le16 psm = req->psm;
1da177e4
LT		 2646
2647 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2648
2649 /* Check if we have socket listening on psm */
23691d75
GP		 2650 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2651 if (!pchan) {
1da177e4
LT		 2652 result = L2CAP_CR_BAD_PSM;
2653 goto sendresp;
2654 }
2655
23691d75
GP		 2656 parent = pchan->sk;
2657
3df91ea2 2658 mutex_lock(&conn->chan_lock);
aa2ac881 2659 lock_sock(parent);
e0f0cb56 2660
e7c29cb1
MH		 2661 /* Check if the ACL is secure enough (if not SDP) */
2662 if (psm != cpu_to_le16(0x0001) &&
2663 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2664 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2665 result = L2CAP_CR_SEC_BLOCK;
2666 goto response;
2667 }
2668
1da177e4
LT		 2669 result = L2CAP_CR_NO_MEM;
2670
2671 /* Check for backlog size */
2672 if (sk_acceptq_is_full(parent)) {
8e87d142 2673 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2674 goto response;
2675 }
2676
80808e43
GP		 2677 chan = pchan->ops->new_connection(pchan->data);
2678 if (!chan)
1da177e4
LT		 2679 goto response;
2680
80808e43
GP		 2681 sk = chan->sk;
2682
1da177e4 2683 /* Check if we already have channel with that dcid */
baa7e1fa 2684 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2685 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2686 chan->ops->close(chan->data);
1da177e4
LT		 2687 goto response;
2688 }
2689
2690 hci_conn_hold(conn->hcon);
2691
1da177e4
LT		 2692 bacpy(&bt_sk(sk)->src, conn->src);
2693 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2694 chan->psm = psm;
2695 chan->dcid = scid;
1da177e4 2696
d1010240
GP		 2697 bt_accept_enqueue(parent, sk);
2698
6be36555 2699 __l2cap_chan_add(conn, chan);
48454079 2700
fe4128e0 2701 dcid = chan->scid;
1da177e4 2702
c9b66675 2703 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2704
fc7f8a7e 2705 chan->ident = cmd->ident;
1da177e4 2706
984947dc 2707 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2708 if (l2cap_chan_check_security(chan)) {
f66dc81f 2709 if (bt_sk(sk)->defer_setup) {
0e587be7 2710 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2711 result = L2CAP_CR_PEND;
2712 status = L2CAP_CS_AUTHOR_PEND;
2713 parent->sk_data_ready(parent, 0);
2714 } else {
0e587be7 2715 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2716 result = L2CAP_CR_SUCCESS;
2717 status = L2CAP_CS_NO_INFO;
2718 }
79d554a6 2719 } else {
0e587be7 2720 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2721 result = L2CAP_CR_PEND;
2722 status = L2CAP_CS_AUTHEN_PEND;
2723 }
2724 } else {
0e587be7 2725 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2726 result = L2CAP_CR_PEND;
2727 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2728 }
2729
1da177e4 2730response:
aa2ac881 2731 release_sock(parent);
3df91ea2 2732 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2733
2734sendresp:
aca3192c
YH		 2735 rsp.scid = cpu_to_le16(scid);
2736 rsp.dcid = cpu_to_le16(dcid);
2737 rsp.result = cpu_to_le16(result);
2738 rsp.status = cpu_to_le16(status);
1da177e4 2739 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2740
2741 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2742 struct l2cap_info_req info;
2743 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2744
2745 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2746 conn->info_ident = l2cap_get_ident(conn);
2747
ba13ccd9 2748 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 2749
2750 l2cap_send_cmd(conn, conn->info_ident,
2751 L2CAP_INFO_REQ, sizeof(info), &info);
2752 }
2753
c1360a1c 2754 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2755 result == L2CAP_CR_SUCCESS) {
2756 u8 buf[128];
c1360a1c 2757 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2758 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2759 l2cap_build_conf_req(chan, buf), buf);
2760 chan->num_conf_req++;
e9aeb2dd
GP		 2761 }
2762
1da177e4
LT		 2763 return 0;
2764}
2765
2766static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2767{
2768 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2769 u16 scid, dcid, result, status;
48454079 2770 struct l2cap_chan *chan;
1da177e4 2771 u8 req[128];
3df91ea2 2772 int err;
1da177e4
LT		 2773
2774 scid = __le16_to_cpu(rsp->scid);
2775 dcid = __le16_to_cpu(rsp->dcid);
2776 result = __le16_to_cpu(rsp->result);
2777 status = __le16_to_cpu(rsp->status);
2778
1b009c98
AE		 2779 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2780 dcid, scid, result, status);
1da177e4 2781
3df91ea2
AE		 2782 mutex_lock(&conn->chan_lock);
2783
1da177e4 2784 if (scid) {
3df91ea2
AE		 2785 chan = __l2cap_get_chan_by_scid(conn, scid);
2786 if (!chan) {
2787 err = -EFAULT;
2788 goto unlock;
2789 }
1da177e4 2790 } else {
3df91ea2
AE		 2791 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2792 if (!chan) {
2793 err = -EFAULT;
2794 goto unlock;
2795 }
1da177e4
LT		 2796 }
2797
3df91ea2
AE		 2798 err = 0;
2799
6be36555 2800 l2cap_chan_lock(chan);
48454079 2801
1da177e4
LT		 2802 switch (result) {
2803 case L2CAP_CR_SUCCESS:
89bc500e 2804 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2805 chan->ident = 0;
fe4128e0 2806 chan->dcid = dcid;
c1360a1c 2807 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2808
c1360a1c 2809 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2810 break;
2811
1da177e4 2812 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2813 l2cap_build_conf_req(chan, req), req);
2814 chan->num_conf_req++;
1da177e4
LT		 2815 break;
2816
2817 case L2CAP_CR_PEND:
c1360a1c 2818 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2819 break;
2820
2821 default:
48454079 2822 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2823 break;
2824 }
2825
6be36555 2826 l2cap_chan_unlock(chan);
3df91ea2
AE		 2827
2828unlock:
2829 mutex_unlock(&conn->chan_lock);
2830
2831 return err;
1da177e4
LT		 2832}
2833
47d1ec61 2834static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2835{
2836 /* FCS is enabled only in ERTM or streaming mode, if one or both
2837 * sides request it.
2838 */
0c1bc5c6 2839 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2840 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2841 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2842 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2843}
2844
88219a0f 2845static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2846{
2847 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2848 u16 dcid, flags;
2849 u8 rsp[64];
48454079 2850 struct l2cap_chan *chan;
5dee9e7c 2851 int len;
1da177e4
LT		 2852
2853 dcid = __le16_to_cpu(req->dcid);
2854 flags = __le16_to_cpu(req->flags);
2855
2856 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2857
baa7e1fa 2858 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2859 if (!chan)
1da177e4
LT		 2860 return -ENOENT;
2861
6be36555 2862 l2cap_chan_lock(chan);
48454079 2863
033b1142 2864 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2865 struct l2cap_cmd_rej_cid rej;
2866
2867 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2868 rej.scid = cpu_to_le16(chan->scid);
2869 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2870
df6bd743
GP		 2871 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2872 sizeof(rej), &rej);
354f60a9 2873 goto unlock;
df6bd743 2874 }
354f60a9 2875
5dee9e7c 2876 /* Reject if config buffer is too small. */
88219a0f 2877 len = cmd_len - sizeof(*req);
7ac28817 2878 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2879 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2880 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2881 L2CAP_CONF_REJECT, flags), rsp);
2882 goto unlock;
2883 }
2884
2885 /* Store config. */
73ffa904
GP		 2886 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2887 chan->conf_len += len;
1da177e4
LT		 2888
2889 if (flags & 0x0001) {
2890 /* Incomplete config. Send empty response. */
2891 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2892 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2893 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2894 goto unlock;
2895 }
2896
2897 /* Complete config. */
73ffa904 2898 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2899 if (len < 0) {
e92c8e70 2900 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2901 goto unlock;
f2fcfcd6 2902 }
1da177e4 2903
5dee9e7c 2904 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2905 chan->num_conf_rsp++;
5dee9e7c 2906
5dee9e7c 2907 /* Reset config buffer. */
73ffa904 2908 chan->conf_len = 0;
5dee9e7c 2909
c1360a1c 2910 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2911 goto unlock;
2912
c1360a1c 2913 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2914 set_default_fcs(chan);
fcc203c3 2915
89bc500e 2916 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2917
42e5c802
GP		 2918 chan->next_tx_seq = 0;
2919 chan->expected_tx_seq = 0;
58d35f87 2920 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2921 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2922 l2cap_ertm_init(chan);
0565c1c2 2923
cf4cd009 2924 l2cap_chan_ready(chan);
876d9484
MH		 2925 goto unlock;
2926 }
2927
c1360a1c 2928 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2929 u8 buf[64];
1da177e4 2930 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2931 l2cap_build_conf_req(chan, buf), buf);
2932 chan->num_conf_req++;
1da177e4
LT		 2933 }
2934
0e8b207e
AE		 2935 /* Got Conf Rsp PENDING from remote side and asume we sent
2936 Conf Rsp PENDING in the code above */
2937 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2938 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2939
2940 /* check compatibility */
2941
2942 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2943 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2944
2945 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2946 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2947 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2948 }
2949
1da177e4 2950unlock:
6be36555 2951 l2cap_chan_unlock(chan);
1da177e4
LT		 2952 return 0;
2953}
2954
2955static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2956{
2957 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2958 u16 scid, flags, result;
48454079 2959 struct l2cap_chan *chan;
7b1c0049 2960 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2961
2962 scid = __le16_to_cpu(rsp->scid);
2963 flags = __le16_to_cpu(rsp->flags);
2964 result = __le16_to_cpu(rsp->result);
2965
af05b30b
GP		 2966 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2967 scid, flags, result);
1da177e4 2968
baa7e1fa 2969 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2970 if (!chan)
1da177e4
LT		 2971 return 0;
2972
6be36555 2973 l2cap_chan_lock(chan);
48454079 2974
1da177e4
LT		 2975 switch (result) {
2976 case L2CAP_CONF_SUCCESS:
47d1ec61 2977 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2978 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2979 break;
2980
0e8b207e
AE		 2981 case L2CAP_CONF_PENDING:
2982 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2983
2984 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2985 char buf[64];
2986
2987 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2988 buf, &result);
2989 if (len < 0) {
2990 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2991 goto done;
2992 }
2993
2994 /* check compatibility */
2995
2996 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2997 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2998
2999 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3000 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3001 L2CAP_CONF_SUCCESS, 0x0000), buf);
3002 }
3003 goto done;
3004
1da177e4 3005 case L2CAP_CONF_UNACCEPT:
73ffa904 3006 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3007 char req[64];
3008
c2c77ec8 3009 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3010 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3011 goto done;
3012 }
3013
f2fcfcd6
GP		 3014 /* throw out any old stored conf requests */
3015 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3016 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3017 req, &result);
f2fcfcd6 3018 if (len < 0) {
e92c8e70 3019 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3020 goto done;
3021 }
3022
3023 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3024 L2CAP_CONF_REQ, len, req);
73ffa904 3025 chan->num_conf_req++;
f2fcfcd6
GP		 3026 if (result != L2CAP_CONF_SUCCESS)
3027 goto done;
3028 break;
1da177e4
LT		 3029 }
3030
8e87d142 3031 default:
6be36555 3032 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3033
ba13ccd9 3034 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3035 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3036 goto done;
3037 }
3038
3039 if (flags & 0x01)
3040 goto done;
3041
c1360a1c 3042 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3043
c1360a1c 3044 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3045 set_default_fcs(chan);
fcc203c3 3046
89bc500e 3047 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3048 chan->next_tx_seq = 0;
3049 chan->expected_tx_seq = 0;
58d35f87 3050 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3051 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3052 l2cap_ertm_init(chan);
0565c1c2 3053
cf4cd009 3054 l2cap_chan_ready(chan);
1da177e4
LT		 3055 }
3056
3057done:
6be36555 3058 l2cap_chan_unlock(chan);
1da177e4
LT		 3059 return 0;
3060}
3061
3062static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3063{
3064 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3065 struct l2cap_disconn_rsp rsp;
3066 u16 dcid, scid;
48454079 3067 struct l2cap_chan *chan;
1da177e4
LT		 3068 struct sock *sk;
3069
3070 scid = __le16_to_cpu(req->scid);
3071 dcid = __le16_to_cpu(req->dcid);
3072
3073 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3074
3df91ea2
AE		 3075 mutex_lock(&conn->chan_lock);
3076
3077 chan = __l2cap_get_chan_by_scid(conn, dcid);
3078 if (!chan) {
3079 mutex_unlock(&conn->chan_lock);
1da177e4 3080 return 0;
3df91ea2 3081 }
1da177e4 3082
6be36555
AE		 3083 l2cap_chan_lock(chan);
3084
48454079
GP		 3085 sk = chan->sk;
3086
fe4128e0
GP		 3087 rsp.dcid = cpu_to_le16(chan->scid);
3088 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3089 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3090
6be36555 3091 lock_sock(sk);
1da177e4 3092 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3093 release_sock(sk);
1da177e4 3094
48454079 3095 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3096
3097 l2cap_chan_unlock(chan);
1da177e4 3098
ba3bd0ee 3099 chan->ops->close(chan->data);
3df91ea2
AE		 3100
3101 mutex_unlock(&conn->chan_lock);
3102
1da177e4
LT		 3103 return 0;
3104}
3105
3106static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3107{
3108 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3109 u16 dcid, scid;
48454079 3110 struct l2cap_chan *chan;
1da177e4
LT		 3111
3112 scid = __le16_to_cpu(rsp->scid);
3113 dcid = __le16_to_cpu(rsp->dcid);
3114
3115 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3116
3df91ea2
AE		 3117 mutex_lock(&conn->chan_lock);
3118
3119 chan = __l2cap_get_chan_by_scid(conn, scid);
3120 if (!chan) {
3121 mutex_unlock(&conn->chan_lock);
1da177e4 3122 return 0;
3df91ea2 3123 }
1da177e4 3124
6be36555 3125 l2cap_chan_lock(chan);
48454079 3126
48454079 3127 l2cap_chan_del(chan, 0);
6be36555
AE		 3128
3129 l2cap_chan_unlock(chan);
1da177e4 3130
ba3bd0ee 3131 chan->ops->close(chan->data);
3df91ea2
AE		 3132
3133 mutex_unlock(&conn->chan_lock);
3134
1da177e4
LT		 3135 return 0;
3136}
3137
3138static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3139{
3140 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3141 u16 type;
3142
3143 type = __le16_to_cpu(req->type);
3144
3145 BT_DBG("type 0x%4.4x", type);
3146
f0709e03
MH		 3147 if (type == L2CAP_IT_FEAT_MASK) {
3148 u8 buf[8];
44dd46de 3149 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3150 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3151 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3152 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3153 if (!disable_ertm)
fcc203c3
GP		 3154 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3155 | L2CAP_FEAT_FCS;
a5fd6f30 3156 if (enable_hs)
6327eb98
AE		 3157 feat_mask |= L2CAP_FEAT_EXT_FLOW
3158 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3159
1b7bf4ed 3160 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3161 l2cap_send_cmd(conn, cmd->ident,
3162 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3163 } else if (type == L2CAP_IT_FIXED_CHAN) {
3164 u8 buf[12];
3165 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3166
3167 if (enable_hs)
3168 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3169 else
3170 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3171
e1027a7c
MH		 3172 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3173 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3174 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3175 l2cap_send_cmd(conn, cmd->ident,
3176 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3177 } else {
3178 struct l2cap_info_rsp rsp;
3179 rsp.type = cpu_to_le16(type);
3180 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3181 l2cap_send_cmd(conn, cmd->ident,
3182 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3183 }
1da177e4
LT		 3184
3185 return 0;
3186}
3187
3188static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3189{
3190 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3191 u16 type, result;
3192
3193 type = __le16_to_cpu(rsp->type);
3194 result = __le16_to_cpu(rsp->result);
3195
3196 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3197
e90165be
AE		 3198 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3199 if (cmd->ident != conn->info_ident ||
3200 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3201 return 0;
3202
17cd3f37 3203 cancel_delayed_work(&conn->info_timer);
4e8402a3 3204
adb08ede
VT		 3205 if (result != L2CAP_IR_SUCCESS) {
3206 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3207 conn->info_ident = 0;
3208
3209 l2cap_conn_start(conn);
3210
3211 return 0;
3212 }
3213
978c93b9
AE		 3214 switch (type) {
3215 case L2CAP_IT_FEAT_MASK:
83985319 3216 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3217
47ec1dcd 3218 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3219 struct l2cap_info_req req;
3220 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3221
3222 conn->info_ident = l2cap_get_ident(conn);
3223
3224 l2cap_send_cmd(conn, conn->info_ident,
3225 L2CAP_INFO_REQ, sizeof(req), &req);
3226 } else {
3227 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3228 conn->info_ident = 0;
3229
3230 l2cap_conn_start(conn);
3231 }
978c93b9
AE		 3232 break;
3233
3234 case L2CAP_IT_FIXED_CHAN:
3235 conn->fixed_chan_mask = rsp->data[0];
984947dc 3236 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3237 conn->info_ident = 0;
984947dc
MH		 3238
3239 l2cap_conn_start(conn);
978c93b9 3240 break;
984947dc 3241 }
4e8402a3 3242
1da177e4
LT		 3243 return 0;
3244}
3245
f94ff6ff
MM		 3246static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3247 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3248 void *data)
3249{
3250 struct l2cap_create_chan_req *req = data;
3251 struct l2cap_create_chan_rsp rsp;
3252 u16 psm, scid;
3253
3254 if (cmd_len != sizeof(*req))
3255 return -EPROTO;
3256
3257 if (!enable_hs)
3258 return -EINVAL;
3259
3260 psm = le16_to_cpu(req->psm);
3261 scid = le16_to_cpu(req->scid);
3262
3263 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3264
3265 /* Placeholder: Always reject */
3266 rsp.dcid = 0;
3267 rsp.scid = cpu_to_le16(scid);
3268 rsp.result = L2CAP_CR_NO_MEM;
3269 rsp.status = L2CAP_CS_NO_INFO;
3270
3271 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3272 sizeof(rsp), &rsp);
3273
3274 return 0;
3275}
3276
3277static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3278 struct l2cap_cmd_hdr *cmd, void *data)
3279{
3280 BT_DBG("conn %p", conn);
3281
3282 return l2cap_connect_rsp(conn, cmd, data);
3283}
3284
8d5a04a1
MM		 3285static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3286 u16 icid, u16 result)
3287{
3288 struct l2cap_move_chan_rsp rsp;
3289
3290 BT_DBG("icid %d, result %d", icid, result);
3291
3292 rsp.icid = cpu_to_le16(icid);
3293 rsp.result = cpu_to_le16(result);
3294
3295 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3296}
3297
3298static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3299 struct l2cap_chan *chan, u16 icid, u16 result)
3300{
3301 struct l2cap_move_chan_cfm cfm;
3302 u8 ident;
3303
3304 BT_DBG("icid %d, result %d", icid, result);
3305
3306 ident = l2cap_get_ident(conn);
3307 if (chan)
3308 chan->ident = ident;
3309
3310 cfm.icid = cpu_to_le16(icid);
3311 cfm.result = cpu_to_le16(result);
3312
3313 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3314}
3315
3316static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3317 u16 icid)
3318{
3319 struct l2cap_move_chan_cfm_rsp rsp;
3320
3321 BT_DBG("icid %d", icid);
3322
3323 rsp.icid = cpu_to_le16(icid);
3324 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3325}
3326
3327static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3328 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3329{
3330 struct l2cap_move_chan_req *req = data;
3331 u16 icid = 0;
3332 u16 result = L2CAP_MR_NOT_ALLOWED;
3333
3334 if (cmd_len != sizeof(*req))
3335 return -EPROTO;
3336
3337 icid = le16_to_cpu(req->icid);
3338
3339 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3340
3341 if (!enable_hs)
3342 return -EINVAL;
3343
3344 /* Placeholder: Always refuse */
3345 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3346
3347 return 0;
3348}
3349
3350static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3351 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3352{
3353 struct l2cap_move_chan_rsp *rsp = data;
3354 u16 icid, result;
3355
3356 if (cmd_len != sizeof(*rsp))
3357 return -EPROTO;
3358
3359 icid = le16_to_cpu(rsp->icid);
3360 result = le16_to_cpu(rsp->result);
3361
3362 BT_DBG("icid %d, result %d", icid, result);
3363
3364 /* Placeholder: Always unconfirmed */
3365 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3366
3367 return 0;
3368}
3369
3370static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3371 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3372{
3373 struct l2cap_move_chan_cfm *cfm = data;
3374 u16 icid, result;
3375
3376 if (cmd_len != sizeof(*cfm))
3377 return -EPROTO;
3378
3379 icid = le16_to_cpu(cfm->icid);
3380 result = le16_to_cpu(cfm->result);
3381
3382 BT_DBG("icid %d, result %d", icid, result);
3383
3384 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3385
3386 return 0;
3387}
3388
3389static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3390 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3391{
3392 struct l2cap_move_chan_cfm_rsp *rsp = data;
3393 u16 icid;
3394
3395 if (cmd_len != sizeof(*rsp))
3396 return -EPROTO;
3397
3398 icid = le16_to_cpu(rsp->icid);
3399
3400 BT_DBG("icid %d", icid);
3401
3402 return 0;
3403}
3404
e2174ca4 3405static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3406 u16 to_multiplier)
3407{
3408 u16 max_latency;
3409
3410 if (min > max || min < 6 || max > 3200)
3411 return -EINVAL;
3412
3413 if (to_multiplier < 10 || to_multiplier > 3200)
3414 return -EINVAL;
3415
3416 if (max >= to_multiplier * 8)
3417 return -EINVAL;
3418
3419 max_latency = (to_multiplier * 8 / max) - 1;
3420 if (latency > 499 || latency > max_latency)
3421 return -EINVAL;
3422
3423 return 0;
3424}
3425
3426static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3427 struct l2cap_cmd_hdr *cmd, u8 *data)
3428{
3429 struct hci_conn *hcon = conn->hcon;
3430 struct l2cap_conn_param_update_req *req;
3431 struct l2cap_conn_param_update_rsp rsp;
3432 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3433 int err;
de73115a
CT		 3434
3435 if (!(hcon->link_mode & HCI_LM_MASTER))
3436 return -EINVAL;
3437
3438 cmd_len = __le16_to_cpu(cmd->len);
3439 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3440 return -EPROTO;
3441
3442 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3443 min = __le16_to_cpu(req->min);
3444 max = __le16_to_cpu(req->max);
de73115a
CT		 3445 latency = __le16_to_cpu(req->latency);
3446 to_multiplier = __le16_to_cpu(req->to_multiplier);
3447
3448 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3449 min, max, latency, to_multiplier);
3450
3451 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3452
3453 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3454 if (err)
de73115a
CT		 3455 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3456 else
3457 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3458
3459 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3460 sizeof(rsp), &rsp);
3461
2ce603eb
CT		 3462 if (!err)
3463 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3464
de73115a
CT		 3465 return 0;
3466}
3467
3300d9a9
CT		 3468static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3469 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3470{
3471 int err = 0;
3472
3473 switch (cmd->code) {
3474 case L2CAP_COMMAND_REJ:
3475 l2cap_command_rej(conn, cmd, data);
3476 break;
3477
3478 case L2CAP_CONN_REQ:
3479 err = l2cap_connect_req(conn, cmd, data);
3480 break;
3481
3482 case L2CAP_CONN_RSP:
3483 err = l2cap_connect_rsp(conn, cmd, data);
3484 break;
3485
3486 case L2CAP_CONF_REQ:
3487 err = l2cap_config_req(conn, cmd, cmd_len, data);
3488 break;
3489
3490 case L2CAP_CONF_RSP:
3491 err = l2cap_config_rsp(conn, cmd, data);
3492 break;
3493
3494 case L2CAP_DISCONN_REQ:
3495 err = l2cap_disconnect_req(conn, cmd, data);
3496 break;
3497
3498 case L2CAP_DISCONN_RSP:
3499 err = l2cap_disconnect_rsp(conn, cmd, data);
3500 break;
3501
3502 case L2CAP_ECHO_REQ:
3503 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3504 break;
3505
3506 case L2CAP_ECHO_RSP:
3507 break;
3508
3509 case L2CAP_INFO_REQ:
3510 err = l2cap_information_req(conn, cmd, data);
3511 break;
3512
3513 case L2CAP_INFO_RSP:
3514 err = l2cap_information_rsp(conn, cmd, data);
3515 break;
3516
f94ff6ff
MM		 3517 case L2CAP_CREATE_CHAN_REQ:
3518 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3519 break;
3520
3521 case L2CAP_CREATE_CHAN_RSP:
3522 err = l2cap_create_channel_rsp(conn, cmd, data);
3523 break;
3524
8d5a04a1
MM		 3525 case L2CAP_MOVE_CHAN_REQ:
3526 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3527 break;
3528
3529 case L2CAP_MOVE_CHAN_RSP:
3530 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3531 break;
3532
3533 case L2CAP_MOVE_CHAN_CFM:
3534 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3535 break;
3536
3537 case L2CAP_MOVE_CHAN_CFM_RSP:
3538 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3539 break;
3540
3300d9a9
CT		 3541 default:
3542 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3543 err = -EINVAL;
3544 break;
3545 }
3546
3547 return err;
3548}
3549
3550static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3551 struct l2cap_cmd_hdr *cmd, u8 *data)
3552{
3553 switch (cmd->code) {
3554 case L2CAP_COMMAND_REJ:
3555 return 0;
3556
3557 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3558 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3559
3560 case L2CAP_CONN_PARAM_UPDATE_RSP:
3561 return 0;
3562
3563 default:
3564 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3565 return -EINVAL;
3566 }
3567}
3568
3569static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3570 struct sk_buff *skb)
1da177e4
LT		 3571{
3572 u8 *data = skb->data;
3573 int len = skb->len;
3574 struct l2cap_cmd_hdr cmd;
3300d9a9 3575 int err;
1da177e4
LT		 3576
3577 l2cap_raw_recv(conn, skb);
3578
3579 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3580 u16 cmd_len;
1da177e4
LT		 3581 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3582 data += L2CAP_CMD_HDR_SIZE;
3583 len -= L2CAP_CMD_HDR_SIZE;
3584
88219a0f 3585 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3586
88219a0f 3587 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3588
88219a0f 3589 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3590 BT_DBG("corrupted command");
3591 break;
3592 }
3593
3300d9a9
CT		 3594 if (conn->hcon->type == LE_LINK)
3595 err = l2cap_le_sig_cmd(conn, &cmd, data);
3596 else
3597 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3598
3599 if (err) {
e2fd318e 3600 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3601
3602 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3603
3604 /* FIXME: Map err to a valid reason */
e2fd318e 3605 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3606 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3607 }
3608
88219a0f
AV		 3609 data += cmd_len;
3610 len -= cmd_len;
1da177e4
LT		 3611 }
3612
3613 kfree_skb(skb);
3614}
3615
47d1ec61 3616static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3617{
3618 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3619 int hdr_size;
3620
3621 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3622 hdr_size = L2CAP_EXT_HDR_SIZE;
3623 else
3624 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3625
47d1ec61 3626 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3627 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3628 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3629 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3630
3631 if (our_fcs != rcv_fcs)
7a560e5c 3632 return -EBADMSG;
fcc203c3
GP		 3633 }
3634 return 0;
3635}
3636
525cd185 3637static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3638{
88843ab0 3639 u32 control = 0;
d5392c8f 3640
6a026610 3641 chan->frames_sent = 0;
d5392c8f 3642
0b209fae 3643 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3644
e2ab4353 3645 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3646 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3647 l2cap_send_sframe(chan, control);
e2ab4353 3648 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3649 }
3650
e2ab4353 3651 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3652 l2cap_retransmit_frames(chan);
d5392c8f 3653
525cd185 3654 l2cap_ertm_send(chan);
d5392c8f 3655
e2ab4353 3656 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3657 chan->frames_sent == 0) {
ab784b73 3658 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3659 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3660 }
3661}
3662
fb45de7d 3663static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3664{
3665 struct sk_buff *next_skb;
bfbacc11 3666 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3667
3668 bt_cb(skb)->tx_seq = tx_seq;
3669 bt_cb(skb)->sar = sar;
3670
f1c6775b 3671 next_skb = skb_peek(&chan->srej_q);
8f17154f 3672
836be934 3673 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3674
039d9572 3675 while (next_skb) {
9b53350d
JPRV		 3676 if (bt_cb(next_skb)->tx_seq == tx_seq)
3677 return -EINVAL;
3678
836be934
AE		 3679 next_tx_seq_offset = __seq_offset(chan,
3680 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3681
3682 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3683 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3684 return 0;
8f17154f
GP		 3685 }
3686
f1c6775b 3687 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3688 next_skb = NULL;
3689 else
3690 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3691 }
8f17154f 3692
f1c6775b 3693 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3694
3695 return 0;
8f17154f
GP		 3696}
3697
84084a31
MM		 3698static void append_skb_frag(struct sk_buff *skb,
3699 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3700{
84084a31
MM		 3701 /* skb->len reflects data in skb as well as all fragments
3702 * skb->data_len reflects only data in fragments
3703 */
3704 if (!skb_has_frag_list(skb))
3705 skb_shinfo(skb)->frag_list = new_frag;
3706
3707 new_frag->next = NULL;
3708
3709 (*last_frag)->next = new_frag;
3710 *last_frag = new_frag;
3711
3712 skb->len += new_frag->len;
3713 skb->data_len += new_frag->len;
3714 skb->truesize += new_frag->truesize;
3715}
3716
88843ab0 3717static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3718{
3719 int err = -EINVAL;
18778a63 3720
7e0ef6ee
AE		 3721 switch (__get_ctrl_sar(chan, control)) {
3722 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3723 if (chan->sdu)
3724 break;
18778a63 3725
84084a31
MM		 3726 err = chan->ops->recv(chan->data, skb);
3727 break;
18778a63 3728
7e0ef6ee 3729 case L2CAP_SAR_START:
84084a31
MM		 3730 if (chan->sdu)
3731 break;
18778a63 3732
6f61fd47 3733 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3734 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3735
84084a31
MM		 3736 if (chan->sdu_len > chan->imtu) {
3737 err = -EMSGSIZE;
3738 break;
3739 }
1890d36b 3740
84084a31
MM		 3741 if (skb->len >= chan->sdu_len)
3742 break;
18778a63 3743
84084a31
MM		 3744 chan->sdu = skb;
3745 chan->sdu_last_frag = skb;
18778a63 3746
84084a31
MM		 3747 skb = NULL;
3748 err = 0;
18778a63
GP		 3749 break;
3750
7e0ef6ee 3751 case L2CAP_SAR_CONTINUE:
6f61fd47 3752 if (!chan->sdu)
84084a31 3753 break;
18778a63 3754
84084a31
MM		 3755 append_skb_frag(chan->sdu, skb,
3756 &chan->sdu_last_frag);
3757 skb = NULL;
18778a63 3758
84084a31
MM		 3759 if (chan->sdu->len >= chan->sdu_len)
3760 break;
4178ba46 3761
84084a31 3762 err = 0;
18778a63
GP		 3763 break;
3764
7e0ef6ee 3765 case L2CAP_SAR_END:
6f61fd47 3766 if (!chan->sdu)
84084a31 3767 break;
18778a63 3768
84084a31
MM		 3769 append_skb_frag(chan->sdu, skb,
3770 &chan->sdu_last_frag);
3771 skb = NULL;
4178ba46 3772
84084a31
MM		 3773 if (chan->sdu->len != chan->sdu_len)
3774 break;
18778a63 3775
84084a31 3776 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3777
84084a31
MM		 3778 if (!err) {
3779 /* Reassembly complete */
3780 chan->sdu = NULL;
3781 chan->sdu_last_frag = NULL;
3782 chan->sdu_len = 0;
1890d36b 3783 }
18778a63
GP		 3784 break;
3785 }
3786
84084a31
MM		 3787 if (err) {
3788 kfree_skb(skb);
3789 kfree_skb(chan->sdu);
3790 chan->sdu = NULL;
3791 chan->sdu_last_frag = NULL;
3792 chan->sdu_len = 0;
3793 }
18778a63 3794
84084a31 3795 return err;
18778a63
GP		 3796}
3797
26f880d2 3798static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3799{
26f880d2 3800 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3801
26f880d2
MM		 3802 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3803
77f918bc 3804 __set_ack_timer(chan);
26f880d2
MM		 3805}
3806
3807static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3808{
88843ab0 3809 u32 control;
712132eb 3810
e2ab4353 3811 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3812 goto done;
3813
0b209fae 3814 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3815 control |= __set_ctrl_poll(chan);
ab784b73 3816 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3817 l2cap_send_sframe(chan, control);
6a026610 3818 chan->retry_count = 1;
712132eb 3819
1a09bcb9
GP		 3820 __clear_retrans_timer(chan);
3821 __set_monitor_timer(chan);
712132eb 3822
e2ab4353 3823 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3824
3825done:
e2ab4353
GP		 3826 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3827 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3828
49208c9c 3829 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3830}
3831
e328140f 3832void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3833{
e328140f
MM		 3834 if (chan->mode == L2CAP_MODE_ERTM) {
3835 if (busy)
3836 l2cap_ertm_enter_local_busy(chan);
3837 else
3838 l2cap_ertm_exit_local_busy(chan);
1890d36b 3839 }
1890d36b
GP		 3840}
3841
fb45de7d 3842static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3843{
3844 struct sk_buff *skb;
88843ab0 3845 u32 control;
8f17154f 3846
e328140f
MM		 3847 while ((skb = skb_peek(&chan->srej_q)) &&
3848 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3849 int err;
3850
8f17154f
GP		 3851 if (bt_cb(skb)->tx_seq != tx_seq)
3852 break;
3853
f1c6775b 3854 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3855 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3856 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3857
3858 if (err < 0) {
3859 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3860 break;
3861 }
3862
836be934
AE		 3863 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3864 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3865 }
3866}
3867
fb45de7d 3868static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3869{
8f17154f 3870 struct srej_list *l, *tmp;
88843ab0 3871 u32 control;
8f17154f 3872
39d5a3ee 3873 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3874 if (l->tx_seq == tx_seq) {
3875 list_del(&l->list);
3876 kfree(l);
3877 return;
3878 }
ab784b73 3879 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3880 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3881 l2cap_send_sframe(chan, control);
8f17154f 3882 list_del(&l->list);
39d5a3ee 3883 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3884 }
3885}
3886
aef89f21 3887static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3888{
8f17154f 3889 struct srej_list *new;
88843ab0 3890 u32 control;
8f17154f 3891
42e5c802 3892 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3893 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3894 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3895 l2cap_send_sframe(chan, control);
8f17154f
GP		 3896
3897 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3898 if (!new)
3899 return -ENOMEM;
3900
42e5c802 3901 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3902
3903 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3904
39d5a3ee 3905 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3906 }
836be934
AE		 3907
3908 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3909
3910 return 0;
8f17154f
GP		 3911}
3912
88843ab0 3913static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3914{
fb45de7d 3915 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3916 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3917 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3918 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3919 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3920 int err = 0;
3921
88843ab0 3922 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3923 tx_seq, rx_control);
1c2acffb 3924
03f6715d 3925 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3926 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3927 __clear_monitor_timer(chan);
6a026610 3928 if (chan->unacked_frames > 0)
1a09bcb9 3929 __set_retrans_timer(chan);
e2ab4353 3930 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3931 }
3932
42e5c802
GP		 3933 chan->expected_ack_seq = req_seq;
3934 l2cap_drop_acked_frames(chan);
9f121a5a 3935
836be934 3936 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3937
3938 /* invalid tx_seq */
47d1ec61 3939 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3940 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3941 goto drop;
3942 }
3943
77f918bc
SJ		 3944 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3945 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3946 l2cap_send_ack(chan);
1890d36b 3947 goto drop;
77f918bc 3948 }
1890d36b 3949
02f1b641
MM		 3950 if (tx_seq == chan->expected_tx_seq)
3951 goto expected;
3952
e2ab4353 3953 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3954 struct srej_list *first;
30afb5b2 3955
39d5a3ee 3956 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3957 struct srej_list, list);
3958 if (tx_seq == first->tx_seq) {
42e5c802 3959 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3960 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3961
3962 list_del(&first->list);
3963 kfree(first);
3964
39d5a3ee 3965 if (list_empty(&chan->srej_l)) {
42e5c802 3966 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3967 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3968 l2cap_send_ack(chan);
49208c9c 3969 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3970 }
3971 } else {
3972 struct srej_list *l;
9b53350d
JPRV		 3973
3974 /* duplicated tx_seq */
42e5c802 3975 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3976 goto drop;
8f17154f 3977
39d5a3ee 3978 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3979 if (l->tx_seq == tx_seq) {
525cd185 3980 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3981 return 0;
3982 }
3983 }
aef89f21
SJ		 3984
3985 err = l2cap_send_srejframe(chan, tx_seq);
3986 if (err < 0) {
3987 l2cap_send_disconn_req(chan->conn, chan, -err);
3988 return err;
3989 }
30afb5b2
GP		 3990 }
3991 } else {
836be934
AE		 3992 expected_tx_seq_offset = __seq_offset(chan,
3993 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3994
3995 /* duplicated tx_seq */
3996 if (tx_seq_offset < expected_tx_seq_offset)
3997 goto drop;
3998
e2ab4353 3999 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 4000
49208c9c 4001 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4002
39d5a3ee 4003 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4004 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4005
f1c6775b 4006 __skb_queue_head_init(&chan->srej_q);
42e5c802 4007 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4008
0ef3ef0f
SJ		 4009 /* Set P-bit only if there are some I-frames to ack. */
4010 if (__clear_ack_timer(chan))
4011 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4012
aef89f21
SJ		 4013 err = l2cap_send_srejframe(chan, tx_seq);
4014 if (err < 0) {
4015 l2cap_send_disconn_req(chan->conn, chan, -err);
4016 return err;
4017 }
1c2acffb 4018 }
30afb5b2
GP		 4019 return 0;
4020
8f17154f 4021expected:
836be934 4022 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4023
e2ab4353 4024 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 4025 bt_cb(skb)->tx_seq = tx_seq;
4026 bt_cb(skb)->sar = sar;
f1c6775b 4027 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4028 return 0;
4029 }
4030
84084a31 4031 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4032 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4033
e328140f
MM		 4034 if (err < 0) {
4035 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4036 return err;
4037 }
2ece3684 4038
03f6715d 4039 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4040 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4041 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4042 }
4043
c1b4f43b 4044
6a026610
GP		 4045 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4046 if (chan->num_acked == num_to_ack - 1)
525cd185 4047 l2cap_send_ack(chan);
4d611e4d
GP		 4048 else
4049 __set_ack_timer(chan);
9e917af1 4050
8f17154f 4051 return 0;
9b53350d
JPRV		 4052
4053drop:
4054 kfree_skb(skb);
4055 return 0;
1c2acffb
GP		 4056}
4057
88843ab0 4058static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4059{
88843ab0 4060 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4061 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4062
0b209fae 4063 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4064 l2cap_drop_acked_frames(chan);
1c2acffb 4065
e3781735 4066 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4067 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4068 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4069 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4070 (chan->unacked_frames > 0))
1a09bcb9 4071 __set_retrans_timer(chan);
05fbd89d 4072
e2ab4353 4073 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4074 l2cap_send_srejtail(chan);
05fbd89d 4075 } else {
525cd185 4076 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4077 }
1d8f5d16 4078
03f6715d 4079 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4080 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4081
e2ab4353 4082 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4083 l2cap_retransmit_frames(chan);
2246b2f1 4084
e072745f 4085 } else {
e2ab4353 4086 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4087 (chan->unacked_frames > 0))
1a09bcb9 4088 __set_retrans_timer(chan);
1c2acffb 4089
e2ab4353
GP		 4090 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4091 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4092 l2cap_send_ack(chan);
894718a6 4093 else
525cd185 4094 l2cap_ertm_send(chan);
e072745f
GP		 4095 }
4096}
2246b2f1 4097
88843ab0 4098static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4099{
0b209fae 4100 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4101
88843ab0 4102 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4103
e2ab4353 4104 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4105
42e5c802
GP		 4106 chan->expected_ack_seq = tx_seq;
4107 l2cap_drop_acked_frames(chan);
e072745f 4108
03f6715d 4109 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4110 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4111 l2cap_retransmit_frames(chan);
e072745f 4112 } else {
525cd185 4113 l2cap_retransmit_frames(chan);
30afb5b2 4114
e2ab4353
GP		 4115 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4116 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4117 }
4118}
88843ab0 4119static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4120{
0b209fae 4121 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4122
88843ab0 4123 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4124
e2ab4353 4125 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4126
e3781735 4127 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4128 chan->expected_ack_seq = tx_seq;
4129 l2cap_drop_acked_frames(chan);
3cb123d1 4130
e2ab4353 4131 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4132 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4133
525cd185 4134 l2cap_ertm_send(chan);
dfc909be 4135
e2ab4353 4136 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4137 chan->srej_save_reqseq = tx_seq;
e2ab4353 4138 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4139 }
03f6715d 4140 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4141 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4142 chan->srej_save_reqseq == tx_seq)
e2ab4353 4143 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4144 else
525cd185 4145 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4146 } else {
525cd185 4147 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4148 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4149 chan->srej_save_reqseq = tx_seq;
e2ab4353 4150 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4151 }
e072745f
GP		 4152 }
4153}
4154
88843ab0 4155static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4156{
0b209fae 4157 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4158
88843ab0 4159 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4160
e2ab4353 4161 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4162 chan->expected_ack_seq = tx_seq;
4163 l2cap_drop_acked_frames(chan);
e072745f 4164
e3781735 4165 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4166 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4167
e2ab4353 4168 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4169 __clear_retrans_timer(chan);
e3781735 4170 if (__is_ctrl_poll(chan, rx_control))
525cd185 4171 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4172 return;
e072745f 4173 }
99b0d4b7 4174
e3781735 4175 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4176 l2cap_send_srejtail(chan);
ab784b73
AE		 4177 } else {
4178 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4179 l2cap_send_sframe(chan, rx_control);
4180 }
e072745f
GP		 4181}
4182
88843ab0 4183static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4184{
88843ab0 4185 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4186
03f6715d 4187 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4188 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4189 __clear_monitor_timer(chan);
6a026610 4190 if (chan->unacked_frames > 0)
1a09bcb9 4191 __set_retrans_timer(chan);
e2ab4353 4192 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4193 }
4194
ab784b73
AE		 4195 switch (__get_ctrl_super(chan, rx_control)) {
4196 case L2CAP_SUPER_RR:
525cd185 4197 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4198 break;
4199
ab784b73 4200 case L2CAP_SUPER_REJ:
525cd185 4201 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4202 break;
2246b2f1 4203
ab784b73 4204 case L2CAP_SUPER_SREJ:
525cd185 4205 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4206 break;
4207
ab784b73 4208 case L2CAP_SUPER_RNR:
525cd185 4209 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4210 break;
4211 }
4212
faaebd19 4213 kfree_skb(skb);
1c2acffb
GP		 4214 return 0;
4215}
4216
cad8f1d0 4217static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4218{
88843ab0 4219 u32 control;
0b209fae 4220 u16 req_seq;
218bb9df
GP		 4221 int len, next_tx_seq_offset, req_seq_offset;
4222
88843ab0
AE		 4223 control = __get_control(chan, skb->data);
4224 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4225 len = skb->len;
4226
4227 /*
4228 * We can just drop the corrupted I-frame here.
4229 * Receiver will miss it and start proper recovery
4230 * procedures and ask retransmission.
4231 */
47d1ec61 4232 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4233 goto drop;
4234
793c2f1c 4235 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4236 len -= L2CAP_SDULEN_SIZE;
218bb9df 4237
47d1ec61 4238 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4239 len -= L2CAP_FCS_SIZE;
218bb9df 4240
47d1ec61 4241 if (len > chan->mps) {
8c1d787b 4242 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4243 goto drop;
4244 }
4245
0b209fae 4246 req_seq = __get_reqseq(chan, control);
218bb9df 4247
836be934
AE		 4248 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4249
4250 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4251 chan->expected_ack_seq);
218bb9df
GP		 4252
4253 /* check for invalid req-seq */
4254 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4255 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4256 goto drop;
4257 }
4258
793c2f1c 4259 if (!__is_sframe(chan, control)) {
218bb9df 4260 if (len < 0) {
8c1d787b 4261 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4262 goto drop;
4263 }
4264
525cd185 4265 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4266 } else {
4267 if (len != 0) {
4268 BT_ERR("%d", len);
8c1d787b 4269 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4270 goto drop;
4271 }
4272
525cd185 4273 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4274 }
4275
4276 return 0;
4277
4278drop:
4279 kfree_skb(skb);
4280 return 0;
4281}
4282
1da177e4
LT		 4283static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4284{
48454079 4285 struct l2cap_chan *chan;
88843ab0 4286 u32 control;
fb45de7d 4287 u16 tx_seq;
218bb9df 4288 int len;
1da177e4 4289
baa7e1fa 4290 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4291 if (!chan) {
1da177e4 4292 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4293 /* Drop packet and return */
3379013b 4294 kfree_skb(skb);
6be36555 4295 return 0;
1da177e4
LT		 4296 }
4297
6be36555 4298 l2cap_chan_lock(chan);
6840ed07 4299
49208c9c 4300 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4301
89bc500e 4302 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4303 goto drop;
4304
0c1bc5c6 4305 switch (chan->mode) {
1c2acffb
GP		 4306 case L2CAP_MODE_BASIC:
4307 /* If socket recv buffers overflows we drop data here
4308 * which is *bad* because L2CAP has to be reliable.
4309 * But we don't have any other choice. L2CAP doesn't
4310 * provide flow control mechanism. */
1da177e4 4311
0c1bc5c6 4312 if (chan->imtu < skb->len)
1c2acffb 4313 goto drop;
1da177e4 4314
23070494 4315 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4316 goto done;
4317 break;
4318
4319 case L2CAP_MODE_ERTM:
5ef8cb9e 4320 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4321
fcafde2e 4322 goto done;
1c2acffb 4323
6840ed07 4324 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4325 control = __get_control(chan, skb->data);
4326 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4327 len = skb->len;
4328
47d1ec61 4329 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4330 goto drop;
4331
7e0ef6ee 4332 if (__is_sar_start(chan, control))
03a51213 4333 len -= L2CAP_SDULEN_SIZE;
6840ed07 4334
47d1ec61 4335 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4336 len -= L2CAP_FCS_SIZE;
fcc203c3 4337
793c2f1c 4338 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4339 goto drop;
4340
fb45de7d 4341 tx_seq = __get_txseq(chan, control);
6840ed07 4342
84084a31
MM		 4343 if (chan->expected_tx_seq != tx_seq) {
4344 /* Frame(s) missing - must discard partial SDU */
4345 kfree_skb(chan->sdu);
4346 chan->sdu = NULL;
4347 chan->sdu_last_frag = NULL;
4348 chan->sdu_len = 0;
6840ed07 4349
84084a31
MM		 4350 /* TODO: Notify userland of missing data */
4351 }
4352
836be934 4353 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4354
4355 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4356 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4357
4358 goto done;
4359
1c2acffb 4360 default:
0c1bc5c6 4361 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4362 break;
4363 }
1da177e4
LT		 4364
4365drop:
4366 kfree_skb(skb);
4367
4368done:
6be36555 4369 l2cap_chan_unlock(chan);
0139418c 4370
1da177e4
LT		 4371 return 0;
4372}
4373
8e036fc3 4374static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4375{
23691d75 4376 struct l2cap_chan *chan;
1da177e4 4377
23691d75
GP		 4378 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4379 if (!chan)
1da177e4
LT		 4380 goto drop;
4381
5b4cedaa 4382 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4383
89bc500e 4384 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4385 goto drop;
4386
e13e21dc 4387 if (chan->imtu < skb->len)
1da177e4
LT		 4388 goto drop;
4389
23070494 4390 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4391 return 0;
1da177e4
LT		 4392
4393drop:
4394 kfree_skb(skb);
4395
1da177e4
LT		 4396 return 0;
4397}
4398
9f69bda6
GP		 4399static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
4400{
23691d75 4401 struct l2cap_chan *chan;
9f69bda6 4402
23691d75
GP		 4403 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4404 if (!chan)
9f69bda6
GP		 4405 goto drop;
4406
5b4cedaa 4407 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 4408
89bc500e 4409 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4410 goto drop;
4411
e13e21dc 4412 if (chan->imtu < skb->len)
9f69bda6
GP		 4413 goto drop;
4414
23070494 4415 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4416 return 0;
9f69bda6
GP		 4417
4418drop:
4419 kfree_skb(skb);
4420
9f69bda6
GP		 4421 return 0;
4422}
4423
1da177e4
LT		 4424static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4425{
4426 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4427 u16 cid, len;
4428 __le16 psm;
1da177e4
LT		 4429
4430 skb_pull(skb, L2CAP_HDR_SIZE);
4431 cid = __le16_to_cpu(lh->cid);
4432 len = __le16_to_cpu(lh->len);
4433
1c2acffb
GP		 4434 if (len != skb->len) {
4435 kfree_skb(skb);
4436 return;
4437 }
4438
1da177e4
LT		 4439 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4440
4441 switch (cid) {
3300d9a9 4442 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4443 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4444 l2cap_sig_channel(conn, skb);
4445 break;
4446
8db4dc46 4447 case L2CAP_CID_CONN_LESS:
1b7bf4ed 4448 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 4449 skb_pull(skb, 2);
4450 l2cap_conless_channel(conn, psm, skb);
4451 break;
4452
9f69bda6
GP		 4453 case L2CAP_CID_LE_DATA:
4454 l2cap_att_channel(conn, cid, skb);
4455 break;
4456
b501d6a1
AB		 4457 case L2CAP_CID_SMP:
4458 if (smp_sig_channel(conn, skb))
4459 l2cap_conn_del(conn->hcon, EACCES);
4460 break;
4461
1da177e4
LT		 4462 default:
4463 l2cap_data_channel(conn, cid, skb);
4464 break;
4465 }
4466}
4467
4468/* ---- L2CAP interface with lower layer (HCI) ---- */
4469
686ebf28 4470int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4471{
4472 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4473 struct l2cap_chan *c;
1da177e4 4474
1da177e4
LT		 4475 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4476
4477 /* Find listening sockets and check their link_mode */
23691d75
GP		 4478 read_lock(&chan_list_lock);
4479 list_for_each_entry(c, &chan_list, global_l) {
4480 struct sock *sk = c->sk;
4343478f 4481
89bc500e 4482 if (c->state != BT_LISTEN)
1da177e4
LT		 4483 continue;
4484
4485 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4486 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4487 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4488 lm1 |= HCI_LM_MASTER;
1da177e4 4489 exact++;
2af6b9d5
MH		 4490 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4491 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4492 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4493 lm2 |= HCI_LM_MASTER;
4494 }
1da177e4 4495 }
23691d75 4496 read_unlock(&chan_list_lock);
1da177e4
LT		 4497
4498 return exact ? lm1 : lm2;
4499}
4500
686ebf28 4501int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4502{
0139418c
MH		 4503 struct l2cap_conn *conn;
4504
1da177e4
LT		 4505 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4506
1da177e4 4507 if (!status) {
1da177e4
LT		 4508 conn = l2cap_conn_add(hcon, status);
4509 if (conn)
4510 l2cap_conn_ready(conn);
0139418c 4511 } else
e175072f 4512 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4513
4514 return 0;
4515}
4516
686ebf28 4517int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4518{
4519 struct l2cap_conn *conn = hcon->l2cap_data;
4520
4521 BT_DBG("hcon %p", hcon);
4522
686ebf28 4523 if (!conn)
9f5a0d7b 4524 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4525 return conn->disc_reason;
4526}
4527
686ebf28 4528int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4529{
4530 BT_DBG("hcon %p reason %d", hcon, reason);
4531
e175072f 4532 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4533 return 0;
4534}
4535
4343478f 4536static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4537{
715ec005 4538 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4539 return;
4540
f62e4323 4541 if (encrypt == 0x00) {
4343478f 4542 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675 4543 __clear_chan_timer(chan);
ba13ccd9 4544 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 4545 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4546 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4547 } else {
4343478f 4548 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4549 __clear_chan_timer(chan);
f62e4323
MH		 4550 }
4551}
4552
686ebf28 4553int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4554{
0139418c 4555 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4556 struct l2cap_chan *chan;
1da177e4 4557
0139418c 4558 if (!conn)
1da177e4 4559 return 0;
0139418c 4560
1da177e4
LT		 4561 BT_DBG("conn %p", conn);
4562
160dc6ac
VCG		 4563 if (hcon->type == LE_LINK) {
4564 smp_distribute_keys(conn, 0);
17cd3f37 4565 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4566 }
4567
3df91ea2 4568 mutex_lock(&conn->chan_lock);
1da177e4 4569
3df91ea2 4570 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 4571 l2cap_chan_lock(chan);
1da177e4 4572
f1cb9af5
VCG		 4573 BT_DBG("chan->scid %d", chan->scid);
4574
4575 if (chan->scid == L2CAP_CID_LE_DATA) {
4576 if (!status && encrypt) {
4577 chan->sec_level = hcon->sec_level;
cf4cd009 4578 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4579 }
4580
6be36555 4581 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 4582 continue;
4583 }
4584
c1360a1c 4585 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 4586 l2cap_chan_unlock(chan);
6a8d3010
MH		 4587 continue;
4588 }
4589
89bc500e
GP		 4590 if (!status && (chan->state == BT_CONNECTED ||
4591 chan->state == BT_CONFIG)) {
4343478f 4592 l2cap_check_encryption(chan, encrypt);
6be36555 4593 l2cap_chan_unlock(chan);
9719f8af
MH		 4594 continue;
4595 }
4596
89bc500e 4597 if (chan->state == BT_CONNECT) {
b1235d79 4598 if (!status) {
9b27f350 4599 l2cap_send_conn_req(chan);
b1235d79 4600 } else {
c9b66675 4601 __clear_chan_timer(chan);
ba13ccd9 4602 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 4603 }
89bc500e 4604 } else if (chan->state == BT_CONNECT2) {
6be36555 4605 struct sock *sk = chan->sk;
b1235d79 4606 struct l2cap_conn_rsp rsp;
df3c3931 4607 __u16 res, stat;
1da177e4 4608
6be36555
AE		 4609 lock_sock(sk);
4610
b1235d79 4611 if (!status) {
df3c3931
JH		 4612 if (bt_sk(sk)->defer_setup) {
4613 struct sock *parent = bt_sk(sk)->parent;
4614 res = L2CAP_CR_PEND;
4615 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4616 if (parent)
4617 parent->sk_data_ready(parent, 0);
df3c3931 4618 } else {
0e587be7 4619 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4620 res = L2CAP_CR_SUCCESS;
4621 stat = L2CAP_CS_NO_INFO;
4622 }
b1235d79 4623 } else {
0e587be7 4624 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 4625 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 4626 res = L2CAP_CR_SEC_BLOCK;
4627 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4628 }
4629
6be36555
AE		 4630 release_sock(sk);
4631
fe4128e0
GP		 4632 rsp.scid = cpu_to_le16(chan->dcid);
4633 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4634 rsp.result = cpu_to_le16(res);
4635 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4636 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4637 sizeof(rsp), &rsp);
b1235d79 4638 }
1da177e4 4639
6be36555 4640 l2cap_chan_unlock(chan);
1da177e4
LT		 4641 }
4642
3df91ea2 4643 mutex_unlock(&conn->chan_lock);
b1235d79 4644
1da177e4
LT		 4645 return 0;
4646}
4647
686ebf28 4648int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4649{
4650 struct l2cap_conn *conn = hcon->l2cap_data;
4651
5a08ecce
AE		 4652 if (!conn)
4653 conn = l2cap_conn_add(hcon, 0);
4654
4655 if (!conn)
1da177e4
LT		 4656 goto drop;
4657
4658 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4659
e702112f 4660 if (!(flags & ACL_CONT)) {
1da177e4 4661 struct l2cap_hdr *hdr;
48454079 4662 struct l2cap_chan *chan;
89794813 4663 u16 cid;
1da177e4
LT		 4664 int len;
4665
4666 if (conn->rx_len) {
4667 BT_ERR("Unexpected start frame (len %d)", skb->len);
4668 kfree_skb(conn->rx_skb);
4669 conn->rx_skb = NULL;
4670 conn->rx_len = 0;
4671 l2cap_conn_unreliable(conn, ECOMM);
4672 }
4673
aae7fe22
AE		 4674 /* Start fragment always begin with Basic L2CAP header */
4675 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4676 BT_ERR("Frame is too short (len %d)", skb->len);
4677 l2cap_conn_unreliable(conn, ECOMM);
4678 goto drop;
4679 }
4680
4681 hdr = (struct l2cap_hdr *) skb->data;
4682 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4683 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4684
4685 if (len == skb->len) {
4686 /* Complete frame received */
4687 l2cap_recv_frame(conn, skb);
4688 return 0;
4689 }
4690
4691 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4692
4693 if (skb->len > len) {
4694 BT_ERR("Frame is too long (len %d, expected len %d)",
4695 skb->len, len);
4696 l2cap_conn_unreliable(conn, ECOMM);
4697 goto drop;
4698 }
4699
baa7e1fa 4700 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4701
48454079
GP		 4702 if (chan && chan->sk) {
4703 struct sock *sk = chan->sk;
3df91ea2 4704 lock_sock(sk);
89794813 4705
0c1bc5c6 4706 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4707 BT_ERR("Frame exceeding recv MTU (len %d, "
4708 "MTU %d)", len,
0c1bc5c6 4709 chan->imtu);
aa2ac881 4710 release_sock(sk);
48454079
GP		 4711 l2cap_conn_unreliable(conn, ECOMM);
4712 goto drop;
4713 }
aa2ac881 4714 release_sock(sk);
48454079 4715 }
89794813 4716
1da177e4 4717 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4718 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4719 if (!conn->rx_skb)
1da177e4
LT		 4720 goto drop;
4721
d626f62b 4722 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4723 skb->len);
1da177e4
LT		 4724 conn->rx_len = len - skb->len;
4725 } else {
4726 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4727
4728 if (!conn->rx_len) {
4729 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4730 l2cap_conn_unreliable(conn, ECOMM);
4731 goto drop;
4732 }
4733
4734 if (skb->len > conn->rx_len) {
4735 BT_ERR("Fragment is too long (len %d, expected %d)",
4736 skb->len, conn->rx_len);
4737 kfree_skb(conn->rx_skb);
4738 conn->rx_skb = NULL;
4739 conn->rx_len = 0;
4740 l2cap_conn_unreliable(conn, ECOMM);
4741 goto drop;
4742 }
4743
d626f62b 4744 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4745 skb->len);
1da177e4
LT		 4746 conn->rx_len -= skb->len;
4747
4748 if (!conn->rx_len) {
4749 /* Complete frame received */
4750 l2cap_recv_frame(conn, conn->rx_skb);
4751 conn->rx_skb = NULL;
4752 }
4753 }
4754
4755drop:
4756 kfree_skb(skb);
4757 return 0;
4758}
4759
aef7d97c 4760static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4761{
23691d75 4762 struct l2cap_chan *c;
1da177e4 4763
333055f2 4764 read_lock(&chan_list_lock);
1da177e4 4765
23691d75
GP		 4766 list_for_each_entry(c, &chan_list, global_l) {
4767 struct sock *sk = c->sk;
101545f6 4768
903d343e 4769 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4770 batostr(&bt_sk(sk)->src),
4771 batostr(&bt_sk(sk)->dst),
89bc500e 4772 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4773 c->scid, c->dcid, c->imtu, c->omtu,
4774 c->sec_level, c->mode);
61e1b4b7 4775 }
1da177e4 4776
333055f2 4777 read_unlock(&chan_list_lock);
1da177e4 4778
aef7d97c 4779 return 0;
1da177e4
LT		 4780}
4781
aef7d97c
MH		 4782static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4783{
4784 return single_open(file, l2cap_debugfs_show, inode->i_private);
4785}
4786
4787static const struct file_operations l2cap_debugfs_fops = {
4788 .open = l2cap_debugfs_open,
4789 .read = seq_read,
4790 .llseek = seq_lseek,
4791 .release = single_release,
4792};
4793
4794static struct dentry *l2cap_debugfs;
1da177e4 4795
64274518 4796int __init l2cap_init(void)
1da177e4
LT		 4797{
4798 int err;
be9d1227 4799
bb58f747 4800 err = l2cap_init_sockets();
1da177e4
LT		 4801 if (err < 0)
4802 return err;
4803
aef7d97c
MH		 4804 if (bt_debugfs) {
4805 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4806 bt_debugfs, NULL, &l2cap_debugfs_fops);
4807 if (!l2cap_debugfs)
4808 BT_ERR("Failed to create L2CAP debug file");
4809 }
1da177e4 4810
1da177e4 4811 return 0;
1da177e4
LT		 4812}
4813
64274518 4814void l2cap_exit(void)
1da177e4 4815{
aef7d97c 4816 debugfs_remove(l2cap_debugfs);
bb58f747 4817 l2cap_cleanup_sockets();
1da177e4
LT		 4818}
4819
d1c4a17d
GP		 4820module_param(disable_ertm, bool, 0644);
4821MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)