projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for creating HCI UART based AMP controllers
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
52#include <asm/system.h>
1da177e4
LT		 53#include <asm/unaligned.h>
54
55#include <net/bluetooth/bluetooth.h>
56#include <net/bluetooth/hci_core.h>
57#include <net/bluetooth/l2cap.h>
b501d6a1 58#include <net/bluetooth/smp.h>
1da177e4 59
eb939922 60bool disable_ertm;
f0709e03 61
47ec1dcd 62static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 63static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 64
b5ad8b7f
JB		 65static LIST_HEAD(chan_list);
66static DEFINE_RWLOCK(chan_list_lock);
1da177e4 67
1da177e4
LT		 68static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
69 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 70static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
71 void *data);
710f9b0a 72static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 73static void l2cap_send_disconn_req(struct l2cap_conn *conn,
74 struct l2cap_chan *chan, int err);
1da177e4 75
0139418c 76/* ---- L2CAP channels ---- */
71ba0e56 77
baa7e1fa 78static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 79{
3df91ea2 80 struct l2cap_chan *c;
3d57dc68 81
3df91ea2
AE		 82 list_for_each_entry(c, &conn->chan_l, list) {
83 if (c->dcid == cid)
84 return c;
0139418c 85 }
3df91ea2 86 return NULL;
0139418c
MH		 87}
88
baa7e1fa 89static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 90{
3df91ea2 91 struct l2cap_chan *c;
3d57dc68 92
3df91ea2
AE		 93 list_for_each_entry(c, &conn->chan_l, list) {
94 if (c->scid == cid)
95 return c;
0139418c 96 }
3df91ea2 97 return NULL;
0139418c
MH		 98}
99
100/* Find channel with given SCID.
101 * Returns locked socket */
baa7e1fa 102static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 103{
48454079 104 struct l2cap_chan *c;
baa7e1fa 105
3df91ea2 106 mutex_lock(&conn->chan_lock);
baa7e1fa 107 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 108 mutex_unlock(&conn->chan_lock);
109
48454079 110 return c;
0139418c
MH		 111}
112
baa7e1fa 113static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 114{
3df91ea2 115 struct l2cap_chan *c;
3d57dc68 116
3df91ea2
AE		 117 list_for_each_entry(c, &conn->chan_l, list) {
118 if (c->ident == ident)
119 return c;
0139418c 120 }
3df91ea2 121 return NULL;
0139418c
MH		 122}
123
baa7e1fa 124static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 125{
48454079 126 struct l2cap_chan *c;
baa7e1fa 127
3df91ea2 128 mutex_lock(&conn->chan_lock);
baa7e1fa 129 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 130 mutex_unlock(&conn->chan_lock);
131
48454079 132 return c;
0139418c
MH		 133}
134
23691d75 135static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 136{
23691d75 137 struct l2cap_chan *c;
9e4425ff 138
23691d75
GP		 139 list_for_each_entry(c, &chan_list, global_l) {
140 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 141 return c;
9e4425ff 142 }
250938cb 143 return NULL;
9e4425ff
GP		 144}
145
146int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
147{
73b2ec18
GP		 148 int err;
149
333055f2 150 write_lock(&chan_list_lock);
9e4425ff 151
23691d75 152 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 153 err = -EADDRINUSE;
154 goto done;
9e4425ff
GP		 155 }
156
73b2ec18
GP		 157 if (psm) {
158 chan->psm = psm;
159 chan->sport = psm;
160 err = 0;
161 } else {
162 u16 p;
163
164 err = -EINVAL;
165 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 166 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 167 chan->psm = cpu_to_le16(p);
168 chan->sport = cpu_to_le16(p);
169 err = 0;
170 break;
171 }
172 }
9e4425ff 173
73b2ec18 174done:
333055f2 175 write_unlock(&chan_list_lock);
73b2ec18 176 return err;
9e4425ff
GP		 177}
178
179int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
180{
333055f2 181 write_lock(&chan_list_lock);
9e4425ff
GP		 182
183 chan->scid = scid;
184
333055f2 185 write_unlock(&chan_list_lock);
9e4425ff
GP		 186
187 return 0;
188}
189
baa7e1fa 190static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 191{
8db4dc46 192 u16 cid = L2CAP_CID_DYN_START;
0139418c 193
8db4dc46 194 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 195 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 196 return cid;
197 }
198
199 return 0;
200}
201
0e587be7 202static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 203{
42d2d87c 204 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 205 state_to_string(state));
206
89bc500e
GP		 207 chan->state = state;
208 chan->ops->state_change(chan->data, state);
209}
210
0e587be7
AE		 211static void l2cap_state_change(struct l2cap_chan *chan, int state)
212{
213 struct sock *sk = chan->sk;
214
215 lock_sock(sk);
216 __l2cap_state_change(chan, state);
217 release_sock(sk);
218}
219
2e0052e4
AE		 220static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
221{
222 struct sock *sk = chan->sk;
223
224 sk->sk_err = err;
225}
226
227static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
228{
229 struct sock *sk = chan->sk;
230
231 lock_sock(sk);
232 __l2cap_chan_set_err(chan, err);
233 release_sock(sk);
234}
235
721c4181 236static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 237{
721c4181
GP		 238 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
239 chan_timer.work);
3df91ea2 240 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 241 int reason;
242
e05dcc32 243 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 244
3df91ea2 245 mutex_lock(&conn->chan_lock);
6be36555 246 l2cap_chan_lock(chan);
ab07801d 247
89bc500e 248 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 249 reason = ECONNREFUSED;
89bc500e 250 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 251 chan->sec_level != BT_SECURITY_SDP)
252 reason = ECONNREFUSED;
253 else
254 reason = ETIMEDOUT;
255
0f852724 256 l2cap_chan_close(chan, reason);
ab07801d 257
6be36555 258 l2cap_chan_unlock(chan);
ab07801d 259
ba3bd0ee 260 chan->ops->close(chan->data);
3df91ea2
AE		 261 mutex_unlock(&conn->chan_lock);
262
371fd835 263 l2cap_chan_put(chan);
ab07801d
GP		 264}
265
23691d75 266struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 267{
268 struct l2cap_chan *chan;
269
270 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
271 if (!chan)
272 return NULL;
273
c03b355e
AE		 274 mutex_init(&chan->lock);
275
48454079
GP		 276 chan->sk = sk;
277
333055f2 278 write_lock(&chan_list_lock);
23691d75 279 list_add(&chan->global_l, &chan_list);
333055f2 280 write_unlock(&chan_list_lock);
23691d75 281
721c4181 282 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 283
89bc500e
GP		 284 chan->state = BT_OPEN;
285
71ba0e56
GP		 286 atomic_set(&chan->refcnt, 1);
287
abc545b8
SJ		 288 BT_DBG("sk %p chan %p", sk, chan);
289
48454079
GP		 290 return chan;
291}
292
23691d75 293void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 294{
333055f2 295 write_lock(&chan_list_lock);
23691d75 296 list_del(&chan->global_l);
333055f2 297 write_unlock(&chan_list_lock);
23691d75 298
371fd835 299 l2cap_chan_put(chan);
6ff5abbf
GP		 300}
301
643162a8 302void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 303{
af05b30b 304 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 305 chan->psm, chan->dcid);
0139418c 306
9f5a0d7b 307 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 308
8c1d787b 309 chan->conn = conn;
0139418c 310
5491120e
AE		 311 switch (chan->chan_type) {
312 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 313 if (conn->hcon->type == LE_LINK) {
314 /* LE connection */
0c1bc5c6 315 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 316 chan->scid = L2CAP_CID_LE_DATA;
317 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 318 } else {
319 /* Alloc CID for connection-oriented socket */
fe4128e0 320 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 321 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 322 }
5491120e
AE		 323 break;
324
325 case L2CAP_CHAN_CONN_LESS:
0139418c 326 /* Connectionless socket */
fe4128e0
GP		 327 chan->scid = L2CAP_CID_CONN_LESS;
328 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 329 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 330 break;
331
332 default:
0139418c 333 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 334 chan->scid = L2CAP_CID_SIGNALING;
335 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 336 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 337 }
338
8f7975b1
AE		 339 chan->local_id = L2CAP_BESTEFFORT_ID;
340 chan->local_stype = L2CAP_SERV_BESTEFFORT;
341 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
342 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
343 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
344 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
345
371fd835 346 l2cap_chan_hold(chan);
baa7e1fa 347
3df91ea2 348 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 349}
350
351void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
352{
353 mutex_lock(&conn->chan_lock);
354 __l2cap_chan_add(conn, chan);
3df91ea2 355 mutex_unlock(&conn->chan_lock);
0139418c
MH		 356}
357
4519de9a 358static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 359{
48454079 360 struct sock *sk = chan->sk;
8c1d787b 361 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 362 struct sock *parent = bt_sk(sk)->parent;
363
c9b66675 364 __clear_chan_timer(chan);
0139418c 365
49208c9c 366 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 367
8e87d142 368 if (conn) {
baa7e1fa 369 /* Delete from channel list */
3df91ea2 370 list_del(&chan->list);
3d57dc68 371
371fd835 372 l2cap_chan_put(chan);
baa7e1fa 373
8c1d787b 374 chan->conn = NULL;
0139418c
MH		 375 hci_conn_put(conn->hcon);
376 }
377
6be36555
AE		 378 lock_sock(sk);
379
0e587be7 380 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 381 sock_set_flag(sk, SOCK_ZAPPED);
382
383 if (err)
2e0052e4 384 __l2cap_chan_set_err(chan, err);
0139418c
MH		 385
386 if (parent) {
387 bt_accept_unlink(sk);
388 parent->sk_data_ready(parent, 0);
389 } else
390 sk->sk_state_change(sk);
c13ffa62 391
6be36555
AE		 392 release_sock(sk);
393
c1360a1c
GP		 394 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
395 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 396 return;
2ead70b8 397
58d35f87 398 skb_queue_purge(&chan->tx_q);
c13ffa62 399
0c1bc5c6 400 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 401 struct srej_list *l, *tmp;
402
1a09bcb9
GP		 403 __clear_retrans_timer(chan);
404 __clear_monitor_timer(chan);
405 __clear_ack_timer(chan);
c13ffa62 406
f1c6775b 407 skb_queue_purge(&chan->srej_q);
c13ffa62 408
39d5a3ee 409 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 410 list_del(&l->list);
411 kfree(l);
412 }
413 }
0139418c
MH		 414}
415
4519de9a
GP		 416static void l2cap_chan_cleanup_listen(struct sock *parent)
417{
418 struct sock *sk;
419
420 BT_DBG("parent %p", parent);
421
422 /* Close not yet accepted channels */
0f852724 423 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 424 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 425
6be36555 426 l2cap_chan_lock(chan);
c9b66675 427 __clear_chan_timer(chan);
ba3bd0ee 428 l2cap_chan_close(chan, ECONNRESET);
6be36555 429 l2cap_chan_unlock(chan);
3df91ea2 430
ba3bd0ee 431 chan->ops->close(chan->data);
0f852724 432 }
4519de9a
GP		 433}
434
0f852724 435void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 436{
437 struct l2cap_conn *conn = chan->conn;
438 struct sock *sk = chan->sk;
439
e05dcc32
AE		 440 BT_DBG("chan %p state %s sk %p", chan,
441 state_to_string(chan->state), sk);
4519de9a 442
89bc500e 443 switch (chan->state) {
4519de9a 444 case BT_LISTEN:
6be36555 445 lock_sock(sk);
4519de9a 446 l2cap_chan_cleanup_listen(sk);
89bc500e 447
0e587be7 448 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 449 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 450 release_sock(sk);
4519de9a
GP		 451 break;
452
453 case BT_CONNECTED:
454 case BT_CONFIG:
715ec005 455 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 456 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 457 __clear_chan_timer(chan);
458 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 459 l2cap_send_disconn_req(conn, chan, reason);
460 } else
461 l2cap_chan_del(chan, reason);
462 break;
463
464 case BT_CONNECT2:
715ec005 465 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 466 conn->hcon->type == ACL_LINK) {
467 struct l2cap_conn_rsp rsp;
468 __u16 result;
469
470 if (bt_sk(sk)->defer_setup)
471 result = L2CAP_CR_SEC_BLOCK;
472 else
473 result = L2CAP_CR_BAD_PSM;
89bc500e 474 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 475
476 rsp.scid = cpu_to_le16(chan->dcid);
477 rsp.dcid = cpu_to_le16(chan->scid);
478 rsp.result = cpu_to_le16(result);
479 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
480 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
481 sizeof(rsp), &rsp);
482 }
483
484 l2cap_chan_del(chan, reason);
485 break;
486
487 case BT_CONNECT:
488 case BT_DISCONN:
489 l2cap_chan_del(chan, reason);
490 break;
491
492 default:
6be36555 493 lock_sock(sk);
4519de9a 494 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 495 release_sock(sk);
4519de9a
GP		 496 break;
497 }
498}
499
4343478f 500static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 501{
715ec005 502 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 503 switch (chan->sec_level) {
8556edd3
JH		 504 case BT_SECURITY_HIGH:
505 return HCI_AT_DEDICATED_BONDING_MITM;
506 case BT_SECURITY_MEDIUM:
507 return HCI_AT_DEDICATED_BONDING;
508 default:
509 return HCI_AT_NO_BONDING;
510 }
fe4128e0 511 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 512 if (chan->sec_level == BT_SECURITY_LOW)
513 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 514
4343478f 515 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 516 return HCI_AT_NO_BONDING_MITM;
00ae4af9 517 else
8556edd3 518 return HCI_AT_NO_BONDING;
00ae4af9 519 } else {
4343478f 520 switch (chan->sec_level) {
00ae4af9 521 case BT_SECURITY_HIGH:
8556edd3 522 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 523 case BT_SECURITY_MEDIUM:
8556edd3 524 return HCI_AT_GENERAL_BONDING;
00ae4af9 525 default:
8556edd3 526 return HCI_AT_NO_BONDING;
00ae4af9 527 }
0684e5f9 528 }
8556edd3
JH		 529}
530
531/* Service level security */
d45fc423 532int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 533{
8c1d787b 534 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 535 __u8 auth_type;
536
4343478f 537 auth_type = l2cap_get_auth_type(chan);
79d554a6 538
4343478f 539 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 540}
541
b5ad8b7f 542static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 543{
544 u8 id;
545
546 /* Get next available identificator.
547 * 1 - 128 are used by kernel.
548 * 129 - 199 are reserved.
549 * 200 - 254 are used by utilities like l2ping, etc.
550 */
551
333055f2 552 spin_lock(&conn->lock);
4e8402a3
MH		 553
554 if (++conn->tx_ident > 128)
555 conn->tx_ident = 1;
556
557 id = conn->tx_ident;
558
333055f2 559 spin_unlock(&conn->lock);
4e8402a3
MH		 560
561 return id;
562}
563
4519de9a 564static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 565{
566 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 567 u8 flags;
4e8402a3
MH		 568
569 BT_DBG("code 0x%2.2x", code);
570
571 if (!skb)
9a9c6a34 572 return;
4e8402a3 573
e702112f
AE		 574 if (lmp_no_flush_capable(conn->hcon->hdev))
575 flags = ACL_START_NO_FLUSH;
576 else
577 flags = ACL_START;
578
14b12d0b 579 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 580 skb->priority = HCI_PRIO_MAX;
14b12d0b 581
73d80deb
LAD		 582 hci_send_acl(conn->hchan, skb, flags);
583}
584
585static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
586{
587 struct hci_conn *hcon = chan->conn->hcon;
588 u16 flags;
589
590 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
591 skb->priority);
592
593 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
594 lmp_no_flush_capable(hcon->hdev))
595 flags = ACL_START_NO_FLUSH;
596 else
597 flags = ACL_START;
14b12d0b 598
73d80deb
LAD		 599 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
600 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 601}
602
88843ab0 603static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 604{
605 struct sk_buff *skb;
606 struct l2cap_hdr *lh;
8c1d787b 607 struct l2cap_conn *conn = chan->conn;
e4ca6d98 608 int count, hlen;
fcc203c3 609
89bc500e 610 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 611 return;
612
e4ca6d98
AE		 613 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
614 hlen = L2CAP_EXT_HDR_SIZE;
615 else
616 hlen = L2CAP_ENH_HDR_SIZE;
617
47d1ec61 618 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 619 hlen += L2CAP_FCS_SIZE;
1c2acffb 620
88843ab0 621 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 622
fcc203c3 623 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 624
625 control |= __set_sframe(chan);
1c2acffb 626
e2ab4353 627 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 628 control |= __set_ctrl_final(chan);
9e917af1 629
e2ab4353 630 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 631 control |= __set_ctrl_poll(chan);
f0946ccf 632
1c2acffb
GP		 633 skb = bt_skb_alloc(count, GFP_ATOMIC);
634 if (!skb)
9a9c6a34 635 return;
1c2acffb
GP		 636
637 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 638 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 639 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 640
641 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 642
47d1ec61 643 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 644 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
645 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 646 }
647
73d80deb
LAD		 648 skb->priority = HCI_PRIO_MAX;
649 l2cap_do_send(chan, skb);
1c2acffb
GP		 650}
651
88843ab0 652static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 653{
e2ab4353 654 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 655 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 656 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 657 } else
ab784b73 658 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 659
0b209fae 660 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 661
525cd185 662 l2cap_send_sframe(chan, control);
7e743090
GP		 663}
664
b4450035 665static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 666{
c1360a1c 667 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 668}
669
fc7f8a7e 670static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 671{
8c1d787b 672 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 673
674 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 675 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
676 return;
677
d45fc423 678 if (l2cap_chan_check_security(chan) &&
4343478f 679 __l2cap_no_conn_pending(chan)) {
b1235d79 680 struct l2cap_conn_req req;
fe4128e0
GP		 681 req.scid = cpu_to_le16(chan->scid);
682 req.psm = chan->psm;
79d554a6 683
fc7f8a7e 684 chan->ident = l2cap_get_ident(conn);
c1360a1c 685 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
79d554a6 686
fc7f8a7e
GP		 687 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
688 sizeof(req), &req);
b1235d79 689 }
79d554a6
MH		 690 } else {
691 struct l2cap_info_req req;
692 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
693
694 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
695 conn->info_ident = l2cap_get_ident(conn);
696
030013d8 697 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 698 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
699
700 l2cap_send_cmd(conn, conn->info_ident,
701 L2CAP_INFO_REQ, sizeof(req), &req);
702 }
703}
704
cf6c2c0b
GP		 705static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
706{
707 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 708 if (!disable_ertm)
cf6c2c0b
GP		 709 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
710
711 switch (mode) {
712 case L2CAP_MODE_ERTM:
713 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
714 case L2CAP_MODE_STREAMING:
715 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
716 default:
717 return 0x00;
718 }
719}
720
4519de9a 721static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 722{
6be36555 723 struct sock *sk = chan->sk;
22121fc9
GP		 724 struct l2cap_disconn_req req;
725
c13ffa62
GP		 726 if (!conn)
727 return;
728
0c1bc5c6 729 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 730 __clear_retrans_timer(chan);
731 __clear_monitor_timer(chan);
732 __clear_ack_timer(chan);
c13ffa62
GP		 733 }
734
fe4128e0
GP		 735 req.dcid = cpu_to_le16(chan->dcid);
736 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 737 l2cap_send_cmd(conn, l2cap_get_ident(conn),
738 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 739
6be36555 740 lock_sock(sk);
0e587be7 741 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 742 __l2cap_chan_set_err(chan, err);
6be36555 743 release_sock(sk);
22121fc9
GP		 744}
745
1da177e4 746/* ---- L2CAP connections ---- */
4e8402a3
MH		 747static void l2cap_conn_start(struct l2cap_conn *conn)
748{
3df91ea2 749 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 750
751 BT_DBG("conn %p", conn);
752
3df91ea2 753 mutex_lock(&conn->chan_lock);
4e8402a3 754
3df91ea2 755 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 756 struct sock *sk = chan->sk;
baa7e1fa 757
6be36555 758 l2cap_chan_lock(chan);
4e8402a3 759
715ec005 760 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 761 l2cap_chan_unlock(chan);
79d554a6
MH		 762 continue;
763 }
764
89bc500e 765 if (chan->state == BT_CONNECT) {
47731de7 766 struct l2cap_conn_req req;
79d554a6 767
d45fc423 768 if (!l2cap_chan_check_security(chan) ||
b4450035 769 !__l2cap_no_conn_pending(chan)) {
6be36555 770 l2cap_chan_unlock(chan);
47731de7
GP		 771 continue;
772 }
79d554a6 773
c1360a1c
GP		 774 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
775 && test_bit(CONF_STATE2_DEVICE,
776 &chan->conf_state)) {
89bc500e 777 l2cap_chan_close(chan, ECONNRESET);
6be36555 778 l2cap_chan_unlock(chan);
47731de7 779 continue;
b1235d79 780 }
47731de7 781
fe4128e0
GP		 782 req.scid = cpu_to_le16(chan->scid);
783 req.psm = chan->psm;
47731de7 784
fc7f8a7e 785 chan->ident = l2cap_get_ident(conn);
c1360a1c 786 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
47731de7 787
fc7f8a7e
GP		 788 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
789 sizeof(req), &req);
47731de7 790
89bc500e 791 } else if (chan->state == BT_CONNECT2) {
79d554a6 792 struct l2cap_conn_rsp rsp;
e9aeb2dd 793 char buf[128];
fe4128e0
GP		 794 rsp.scid = cpu_to_le16(chan->dcid);
795 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 796
d45fc423 797 if (l2cap_chan_check_security(chan)) {
6be36555 798 lock_sock(sk);
f66dc81f
MH		 799 if (bt_sk(sk)->defer_setup) {
800 struct sock *parent = bt_sk(sk)->parent;
801 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
802 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 803 if (parent)
804 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 805
806 } else {
0e587be7 807 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 808 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
809 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
810 }
6be36555 811 release_sock(sk);
79d554a6
MH		 812 } else {
813 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
814 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
815 }
816
fc7f8a7e
GP		 817 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
818 sizeof(rsp), &rsp);
e9aeb2dd 819
c1360a1c 820 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 821 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 822 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 823 continue;
824 }
825
c1360a1c 826 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 827 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 828 l2cap_build_conf_req(chan, buf), buf);
829 chan->num_conf_req++;
4e8402a3
MH		 830 }
831
6be36555 832 l2cap_chan_unlock(chan);
4e8402a3
MH		 833 }
834
3df91ea2 835 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 836}
837
b62f328b
VT		 838/* Find socket with cid and source bdaddr.
839 * Returns closest match, locked.
840 */
23691d75 841static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 842{
23691d75 843 struct l2cap_chan *c, *c1 = NULL;
b62f328b 844
23691d75 845 read_lock(&chan_list_lock);
b62f328b 846
23691d75
GP		 847 list_for_each_entry(c, &chan_list, global_l) {
848 struct sock *sk = c->sk;
fe4128e0 849
89bc500e 850 if (state && c->state != state)
b62f328b
VT		 851 continue;
852
23691d75 853 if (c->scid == cid) {
b62f328b 854 /* Exact match. */
23691d75
GP		 855 if (!bacmp(&bt_sk(sk)->src, src)) {
856 read_unlock(&chan_list_lock);
857 return c;
858 }
b62f328b
VT		 859
860 /* Closest match */
861 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 862 c1 = c;
b62f328b
VT		 863 }
864 }
280f294f 865
23691d75 866 read_unlock(&chan_list_lock);
b62f328b 867
23691d75 868 return c1;
b62f328b
VT		 869}
870
871static void l2cap_le_conn_ready(struct l2cap_conn *conn)
872{
c916fbe4 873 struct sock *parent, *sk;
23691d75 874 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 875
876 BT_DBG("");
877
878 /* Check if we have socket listening on cid */
23691d75 879 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 880 conn->src);
23691d75 881 if (!pchan)
b62f328b
VT		 882 return;
883
23691d75
GP		 884 parent = pchan->sk;
885
aa2ac881 886 lock_sock(parent);
62f3a2cf 887
b62f328b
VT		 888 /* Check for backlog size */
889 if (sk_acceptq_is_full(parent)) {
890 BT_DBG("backlog full %d", parent->sk_ack_backlog);
891 goto clean;
892 }
893
80808e43
GP		 894 chan = pchan->ops->new_connection(pchan->data);
895 if (!chan)
b62f328b
VT		 896 goto clean;
897
80808e43 898 sk = chan->sk;
5d41ce1d 899
b62f328b
VT		 900 hci_conn_hold(conn->hcon);
901
b62f328b
VT		 902 bacpy(&bt_sk(sk)->src, conn->src);
903 bacpy(&bt_sk(sk)->dst, conn->dst);
904
d1010240
GP		 905 bt_accept_enqueue(parent, sk);
906
3d57dc68 907 l2cap_chan_add(conn, chan);
48454079 908
c9b66675 909 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 910
0e587be7 911 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 912 parent->sk_data_ready(parent, 0);
913
b62f328b 914clean:
aa2ac881 915 release_sock(parent);
b62f328b
VT		 916}
917
cf4cd009 918static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 919{
cf4cd009 920 struct sock *sk = chan->sk;
6be36555
AE		 921 struct sock *parent;
922
923 lock_sock(sk);
924
925 parent = bt_sk(sk)->parent;
f1cb9af5
VCG		 926
927 BT_DBG("sk %p, parent %p", sk, parent);
928
929 chan->conf_state = 0;
930 __clear_chan_timer(chan);
931
0e587be7 932 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 933 sk->sk_state_change(sk);
934
935 if (parent)
936 parent->sk_data_ready(parent, 0);
6be36555
AE		 937
938 release_sock(sk);
f1cb9af5
VCG		 939}
940
4e8402a3
MH		 941static void l2cap_conn_ready(struct l2cap_conn *conn)
942{
48454079 943 struct l2cap_chan *chan;
4e8402a3 944
79d554a6 945 BT_DBG("conn %p", conn);
4e8402a3 946
b62f328b
VT		 947 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
948 l2cap_le_conn_ready(conn);
949
160dc6ac
VCG		 950 if (conn->hcon->out && conn->hcon->type == LE_LINK)
951 smp_conn_security(conn, conn->hcon->pending_sec_level);
952
3df91ea2 953 mutex_lock(&conn->chan_lock);
4e8402a3 954
3df91ea2 955 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 956
6be36555 957 l2cap_chan_lock(chan);
4e8402a3 958
63128451 959 if (conn->hcon->type == LE_LINK) {
b501d6a1 960 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 961 l2cap_chan_ready(chan);
acd7d370 962
63128451 963 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 964 struct sock *sk = chan->sk;
c9b66675 965 __clear_chan_timer(chan);
6be36555 966 lock_sock(sk);
0e587be7 967 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 968 sk->sk_state_change(sk);
6be36555 969 release_sock(sk);
b501d6a1 970
89bc500e 971 } else if (chan->state == BT_CONNECT)
fc7f8a7e 972 l2cap_do_start(chan);
4e8402a3 973
6be36555 974 l2cap_chan_unlock(chan);
4e8402a3 975 }
79d554a6 976
3df91ea2 977 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 978}
979
980/* Notify sockets that we cannot guaranty reliability anymore */
981static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
982{
48454079 983 struct l2cap_chan *chan;
4e8402a3
MH		 984
985 BT_DBG("conn %p", conn);
986
3df91ea2 987 mutex_lock(&conn->chan_lock);
4e8402a3 988
3df91ea2 989 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 990 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 991 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 992 }
993
3df91ea2 994 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 995}
996
f878fcad 997static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 998{
f878fcad 999 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1000 info_timer.work);
4e8402a3 1001
984947dc 1002 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1003 conn->info_ident = 0;
984947dc 1004
4e8402a3
MH		 1005 l2cap_conn_start(conn);
1006}
1007
5d3de7df
VCG		 1008static void l2cap_conn_del(struct hci_conn *hcon, int err)
1009{
1010 struct l2cap_conn *conn = hcon->l2cap_data;
1011 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1012
1013 if (!conn)
1014 return;
1015
1016 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1017
1018 kfree_skb(conn->rx_skb);
1019
3df91ea2
AE		 1020 mutex_lock(&conn->chan_lock);
1021
5d3de7df
VCG		 1022 /* Kill channels */
1023 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
6be36555
AE		 1024 l2cap_chan_lock(chan);
1025
5d3de7df 1026 l2cap_chan_del(chan, err);
6be36555
AE		 1027
1028 l2cap_chan_unlock(chan);
1029
5d3de7df
VCG		 1030 chan->ops->close(chan->data);
1031 }
1032
3df91ea2
AE		 1033 mutex_unlock(&conn->chan_lock);
1034
73d80deb
LAD		 1035 hci_chan_del(conn->hchan);
1036
5d3de7df 1037 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1038 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1039
51a8efd7 1040 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1041 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1042 smp_chan_destroy(conn);
d26a2345 1043 }
5d3de7df
VCG		 1044
1045 hcon->l2cap_data = NULL;
1046 kfree(conn);
1047}
1048
6c9d42a1 1049static void security_timeout(struct work_struct *work)
5d3de7df 1050{
6c9d42a1
GP		 1051 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1052 security_timer.work);
5d3de7df
VCG		 1053
1054 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1055}
1056
1da177e4
LT		 1057static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1058{
0139418c 1059 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1060 struct hci_chan *hchan;
1da177e4 1061
0139418c 1062 if (conn || status)
1da177e4
LT		 1063 return conn;
1064
73d80deb
LAD		 1065 hchan = hci_chan_create(hcon);
1066 if (!hchan)
1067 return NULL;
1068
0139418c 1069 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1070 if (!conn) {
1071 hci_chan_del(hchan);
1da177e4 1072 return NULL;
73d80deb 1073 }
1da177e4
LT		 1074
1075 hcon->l2cap_data = conn;
1076 conn->hcon = hcon;
73d80deb 1077 conn->hchan = hchan;
1da177e4 1078
73d80deb 1079 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1080
acd7d370
VT		 1081 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1082 conn->mtu = hcon->hdev->le_mtu;
1083 else
1084 conn->mtu = hcon->hdev->acl_mtu;
1085
1da177e4
LT		 1086 conn->src = &hcon->hdev->bdaddr;
1087 conn->dst = &hcon->dst;
1088
4e8402a3
MH		 1089 conn->feat_mask = 0;
1090
1da177e4 1091 spin_lock_init(&conn->lock);
3df91ea2 1092 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1093
1094 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1095
5d3de7df 1096 if (hcon->type == LE_LINK)
6c9d42a1 1097 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1098 else
030013d8 1099 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1100
9f5a0d7b 1101 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1102
1da177e4
LT		 1103 return conn;
1104}
1105
1da177e4 1106/* ---- Socket interface ---- */
1da177e4
LT		 1107
1108/* Find socket with psm and source bdaddr.
1109 * Returns closest match.
1110 */
23691d75 1111static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1112{
23691d75 1113 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1114
23691d75 1115 read_lock(&chan_list_lock);
e0f0cb56 1116
23691d75
GP		 1117 list_for_each_entry(c, &chan_list, global_l) {
1118 struct sock *sk = c->sk;
fe4128e0 1119
89bc500e 1120 if (state && c->state != state)
1da177e4
LT		 1121 continue;
1122
23691d75 1123 if (c->psm == psm) {
1da177e4 1124 /* Exact match. */
23691d75 1125 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1126 read_unlock(&chan_list_lock);
23691d75
GP		 1127 return c;
1128 }
1da177e4
LT		 1129
1130 /* Closest match */
1131 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1132 c1 = c;
1da177e4
LT		 1133 }
1134 }
1da177e4 1135
23691d75 1136 read_unlock(&chan_list_lock);
e0f0cb56 1137
23691d75 1138 return c1;
1da177e4
LT		 1139}
1140
cbe8fed4 1141int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1142{
5d41ce1d 1143 struct sock *sk = chan->sk;
1da177e4 1144 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1145 struct l2cap_conn *conn;
1146 struct hci_conn *hcon;
1147 struct hci_dev *hdev;
09ab6f4c 1148 __u8 auth_type;
44d0e48e 1149 int err;
1da177e4 1150
f29972de 1151 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1152 chan->psm);
1da177e4 1153
af05b30b
GP		 1154 hdev = hci_get_route(dst, src);
1155 if (!hdev)
1da177e4
LT		 1156 return -EHOSTUNREACH;
1157
09fd0de5 1158 hci_dev_lock(hdev);
1da177e4 1159
6be36555 1160 l2cap_chan_lock(chan);
03a00194
GP		 1161
1162 /* PSM must be odd and lsb of upper byte must be 0 */
1163 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1164 chan->chan_type != L2CAP_CHAN_RAW) {
1165 err = -EINVAL;
1166 goto done;
1167 }
1168
1169 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1170 err = -EINVAL;
1171 goto done;
1172 }
1173
1174 switch (chan->mode) {
1175 case L2CAP_MODE_BASIC:
1176 break;
1177 case L2CAP_MODE_ERTM:
1178 case L2CAP_MODE_STREAMING:
1179 if (!disable_ertm)
1180 break;
1181 /* fall through */
1182 default:
1183 err = -ENOTSUPP;
1184 goto done;
1185 }
1186
6be36555
AE		 1187 lock_sock(sk);
1188
03a00194
GP		 1189 switch (sk->sk_state) {
1190 case BT_CONNECT:
1191 case BT_CONNECT2:
1192 case BT_CONFIG:
1193 /* Already connecting */
1194 err = 0;
6be36555 1195 release_sock(sk);
03a00194
GP		 1196 goto done;
1197
1198 case BT_CONNECTED:
1199 /* Already connected */
1200 err = -EISCONN;
6be36555 1201 release_sock(sk);
03a00194
GP		 1202 goto done;
1203
1204 case BT_OPEN:
1205 case BT_BOUND:
1206 /* Can connect */
1207 break;
1208
1209 default:
1210 err = -EBADFD;
6be36555 1211 release_sock(sk);
03a00194
GP		 1212 goto done;
1213 }
1214
1215 /* Set destination address and psm */
9219b2a0 1216 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1217
1218 release_sock(sk);
1219
03a00194
GP		 1220 chan->psm = psm;
1221 chan->dcid = cid;
1da177e4 1222
4343478f 1223 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1224
fe4128e0 1225 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1226 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1227 chan->sec_level, auth_type);
acd7d370
VT		 1228 else
1229 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1230 chan->sec_level, auth_type);
acd7d370 1231
30e76272
VT		 1232 if (IS_ERR(hcon)) {
1233 err = PTR_ERR(hcon);
1da177e4 1234 goto done;
30e76272 1235 }
1da177e4
LT		 1236
1237 conn = l2cap_conn_add(hcon, 0);
1238 if (!conn) {
1239 hci_conn_put(hcon);
30e76272 1240 err = -ENOMEM;
1da177e4
LT		 1241 goto done;
1242 }
1243
1da177e4
LT		 1244 /* Update source addr of the socket */
1245 bacpy(src, conn->src);
1246
6be36555 1247 l2cap_chan_unlock(chan);
48454079 1248 l2cap_chan_add(conn, chan);
6be36555 1249 l2cap_chan_lock(chan);
48454079 1250
6be36555 1251 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1252 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1253
1254 if (hcon->state == BT_CONNECTED) {
715ec005 1255 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1256 __clear_chan_timer(chan);
d45fc423 1257 if (l2cap_chan_check_security(chan))
6be36555 1258 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1259 } else
fc7f8a7e 1260 l2cap_do_start(chan);
1da177e4
LT		 1261 }
1262
30e76272
VT		 1263 err = 0;
1264
1da177e4 1265done:
6be36555 1266 l2cap_chan_unlock(chan);
09fd0de5 1267 hci_dev_unlock(hdev);
1da177e4
LT		 1268 hci_dev_put(hdev);
1269 return err;
1270}
1271
dcba0dba 1272int __l2cap_wait_ack(struct sock *sk)
6161c038 1273{
8c1d787b 1274 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1275 DECLARE_WAITQUEUE(wait, current);
1276 int err = 0;
1277 int timeo = HZ/5;
1278
2b0b05dd 1279 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1280 set_current_state(TASK_INTERRUPTIBLE);
1281 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1282 if (!timeo)
1283 timeo = HZ/5;
1284
1285 if (signal_pending(current)) {
1286 err = sock_intr_errno(timeo);
1287 break;
1288 }
1289
1290 release_sock(sk);
1291 timeo = schedule_timeout(timeo);
1292 lock_sock(sk);
a71a0cf4 1293 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1294
1295 err = sock_error(sk);
1296 if (err)
1297 break;
1298 }
1299 set_current_state(TASK_RUNNING);
2b0b05dd 1300 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1301 return err;
1302}
1303
721c4181 1304static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1305{
721c4181
GP		 1306 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1307 monitor_timer.work);
e90bac06 1308
525cd185 1309 BT_DBG("chan %p", chan);
0e98958d 1310
6be36555
AE		 1311 l2cap_chan_lock(chan);
1312
2c03a7a4 1313 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1314 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1315 l2cap_chan_unlock(chan);
e90bac06
GP		 1316 return;
1317 }
1318
6a026610 1319 chan->retry_count++;
1a09bcb9 1320 __set_monitor_timer(chan);
e90bac06 1321
525cd185 1322 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1323 l2cap_chan_unlock(chan);
e90bac06
GP		 1324}
1325
721c4181 1326static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1327{
721c4181
GP		 1328 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1329 retrans_timer.work);
e90bac06 1330
49208c9c 1331 BT_DBG("chan %p", chan);
0e98958d 1332
6be36555
AE		 1333 l2cap_chan_lock(chan);
1334
6a026610 1335 chan->retry_count = 1;
1a09bcb9 1336 __set_monitor_timer(chan);
e90bac06 1337
e2ab4353 1338 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1339
525cd185 1340 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1341
1342 l2cap_chan_unlock(chan);
e90bac06
GP		 1343}
1344
42e5c802 1345static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1346{
1c2acffb 1347 struct sk_buff *skb;
1da177e4 1348
58d35f87 1349 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1350 chan->unacked_frames) {
42e5c802 1351 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1352 break;
1da177e4 1353
58d35f87 1354 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1355 kfree_skb(skb);
1da177e4 1356
6a026610 1357 chan->unacked_frames--;
1c2acffb 1358 }
1da177e4 1359
6a026610 1360 if (!chan->unacked_frames)
1a09bcb9 1361 __clear_retrans_timer(chan);
1c2acffb 1362}
1da177e4 1363
67c9e840 1364static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1365{
ccbb84af 1366 struct sk_buff *skb;
88843ab0
AE		 1367 u32 control;
1368 u16 fcs;
6840ed07 1369
58d35f87 1370 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1371 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1372 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1373 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1374
47d1ec61 1375 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1376 fcs = crc16(0, (u8 *)skb->data,
1377 skb->len - L2CAP_FCS_SIZE);
1378 put_unaligned_le16(fcs,
1379 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1380 }
1381
4343478f 1382 l2cap_do_send(chan, skb);
6840ed07 1383
836be934 1384 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1385 }
6840ed07
GP		 1386}
1387
fb45de7d 1388static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1389{
8f17154f 1390 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1391 u16 fcs;
1392 u32 control;
8f17154f 1393
58d35f87 1394 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1395 if (!skb)
1396 return;
8f17154f 1397
d1726b6d 1398 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1399 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1400 return;
8f17154f 1401
d1726b6d
SJ		 1402 skb = skb_queue_next(&chan->tx_q, skb);
1403 }
8f17154f 1404
2c03a7a4
GP		 1405 if (chan->remote_max_tx &&
1406 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1407 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1408 return;
1409 }
1410
1411 tx_skb = skb_clone(skb, GFP_ATOMIC);
1412 bt_cb(skb)->retries++;
88843ab0
AE		 1413
1414 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1415 control &= __get_sar_mask(chan);
3cb123d1 1416
e2ab4353 1417 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1418 control |= __set_ctrl_final(chan);
95ffa978 1419
0b209fae 1420 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1421 control |= __set_txseq(chan, tx_seq);
3cb123d1 1422
88843ab0 1423 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1424
47d1ec61 1425 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1426 fcs = crc16(0, (u8 *)tx_skb->data,
1427 tx_skb->len - L2CAP_FCS_SIZE);
1428 put_unaligned_le16(fcs,
1429 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1430 }
1431
4343478f 1432 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1433}
1434
67c9e840 1435static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1436{
1437 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1438 u16 fcs;
1439 u32 control;
9a9c6a34 1440 int nsent = 0;
1c2acffb 1441
89bc500e 1442 if (chan->state != BT_CONNECTED)
c13ffa62 1443 return -ENOTCONN;
e90bac06 1444
58d35f87 1445 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1446
2c03a7a4
GP		 1447 if (chan->remote_max_tx &&
1448 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1449 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1450 break;
1451 }
1452
e420aba3
AE		 1453 tx_skb = skb_clone(skb, GFP_ATOMIC);
1454
e90bac06
GP		 1455 bt_cb(skb)->retries++;
1456
88843ab0 1457 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1458 control &= __get_sar_mask(chan);
95ffa978 1459
e2ab4353 1460 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1461 control |= __set_ctrl_final(chan);
e2ab4353 1462
0b209fae 1463 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1464 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1465
88843ab0 1466 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1467
47d1ec61 1468 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1469 fcs = crc16(0, (u8 *)skb->data,
1470 tx_skb->len - L2CAP_FCS_SIZE);
1471 put_unaligned_le16(fcs, skb->data +
1472 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1473 }
1474
4343478f 1475 l2cap_do_send(chan, tx_skb);
9a9c6a34 1476
1a09bcb9 1477 __set_retrans_timer(chan);
1c2acffb 1478
42e5c802 1479 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1480
1481 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1482
8ed7a0ae 1483 if (bt_cb(skb)->retries == 1) {
6a026610 1484 chan->unacked_frames++;
930fa4ae
SJ		 1485
1486 if (!nsent++)
1487 __clear_ack_timer(chan);
8ed7a0ae 1488 }
23e9fde2 1489
6a026610 1490 chan->frames_sent++;
1c2acffb 1491
58d35f87
GP		 1492 if (skb_queue_is_last(&chan->tx_q, skb))
1493 chan->tx_send_head = NULL;
1c2acffb 1494 else
58d35f87 1495 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1496 }
1497
9e917af1
GP		 1498 return nsent;
1499}
1500
525cd185 1501static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1502{
dfc909be
GP		 1503 int ret;
1504
58d35f87
GP		 1505 if (!skb_queue_empty(&chan->tx_q))
1506 chan->tx_send_head = chan->tx_q.next;
dfc909be 1507
42e5c802 1508 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1509 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1510 return ret;
1511}
1512
b17e73bb 1513static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1514{
88843ab0 1515 u32 control = 0;
9e917af1 1516
0b209fae 1517 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1518
e2ab4353 1519 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1520 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1521 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1522 l2cap_send_sframe(chan, control);
9a9c6a34 1523 return;
9e917af1 1524 }
dfc909be 1525
525cd185 1526 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1527 return;
1528
ab784b73 1529 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1530 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1531}
1532
b17e73bb
SJ		 1533static void l2cap_send_ack(struct l2cap_chan *chan)
1534{
1535 __clear_ack_timer(chan);
1536 __l2cap_send_ack(chan);
1537}
1538
525cd185 1539static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1540{
1541 struct srej_list *tail;
88843ab0 1542 u32 control;
99b0d4b7 1543
ab784b73 1544 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1545 control |= __set_ctrl_final(chan);
99b0d4b7 1546
39d5a3ee 1547 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1548 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1549
525cd185 1550 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1551}
1552
0952a57a 1553static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1c2acffb 1554{
0952a57a 1555 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1556 struct sk_buff **frag;
1557 int err, sent = 0;
1da177e4 1558
59203a21 1559 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1560 return -EFAULT;
1da177e4
LT		 1561
1562 sent += count;
1563 len -= count;
1564
1565 /* Continuation fragments (no L2CAP header) */
1566 frag = &skb_shinfo(skb)->frag_list;
1567 while (len) {
1568 count = min_t(unsigned int, conn->mtu, len);
1569
2f7719ce
AE		 1570 *frag = chan->ops->alloc_skb(chan, count,
1571 msg->msg_flags & MSG_DONTWAIT, &err);
1572
1da177e4 1573 if (!*frag)
0175d629 1574 return err;
1c2acffb
GP		 1575 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1576 return -EFAULT;
1da177e4 1577
5e59b791
LAD		 1578 (*frag)->priority = skb->priority;
1579
1da177e4
LT		 1580 sent += count;
1581 len -= count;
1582
1583 frag = &(*frag)->next;
1584 }
1da177e4
LT		 1585
1586 return sent;
1c2acffb 1587}
1da177e4 1588
5e59b791
LAD		 1589static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1590 struct msghdr *msg, size_t len,
1591 u32 priority)
1c2acffb 1592{
8c1d787b 1593 struct l2cap_conn *conn = chan->conn;
1c2acffb 1594 struct sk_buff *skb;
03a51213 1595 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1596 struct l2cap_hdr *lh;
1597
6d5922b0 1598 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1599
1600 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1601
1602 skb = chan->ops->alloc_skb(chan, count + hlen,
1603 msg->msg_flags & MSG_DONTWAIT, &err);
1604
1c2acffb 1605 if (!skb)
0175d629 1606 return ERR_PTR(err);
1c2acffb 1607
5e59b791
LAD		 1608 skb->priority = priority;
1609
1c2acffb
GP		 1610 /* Create L2CAP header */
1611 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1612 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1613 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1614 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb 1615
0952a57a 1616 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1617 if (unlikely(err < 0)) {
1618 kfree_skb(skb);
1619 return ERR_PTR(err);
1620 }
1621 return skb;
1622}
1623
5e59b791
LAD		 1624static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1625 struct msghdr *msg, size_t len,
1626 u32 priority)
1c2acffb 1627{
8c1d787b 1628 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1629 struct sk_buff *skb;
1630 int err, count, hlen = L2CAP_HDR_SIZE;
1631 struct l2cap_hdr *lh;
1632
6d5922b0 1633 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1634
1635 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1636
1637 skb = chan->ops->alloc_skb(chan, count + hlen,
1638 msg->msg_flags & MSG_DONTWAIT, &err);
1639
1c2acffb 1640 if (!skb)
0175d629 1641 return ERR_PTR(err);
1c2acffb 1642
5e59b791
LAD		 1643 skb->priority = priority;
1644
1c2acffb
GP		 1645 /* Create L2CAP header */
1646 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1647 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1648 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1649
0952a57a 1650 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1651 if (unlikely(err < 0)) {
1652 kfree_skb(skb);
1653 return ERR_PTR(err);
1654 }
1655 return skb;
1656}
1657
ab0ff76d
LAD		 1658static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1659 struct msghdr *msg, size_t len,
88843ab0 1660 u32 control, u16 sdulen)
1c2acffb 1661{
8c1d787b 1662 struct l2cap_conn *conn = chan->conn;
1c2acffb 1663 struct sk_buff *skb;
e4ca6d98 1664 int err, count, hlen;
1c2acffb
GP		 1665 struct l2cap_hdr *lh;
1666
6d5922b0 1667 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1668
0ee0d208
GP		 1669 if (!conn)
1670 return ERR_PTR(-ENOTCONN);
1671
e4ca6d98
AE		 1672 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1673 hlen = L2CAP_EXT_HDR_SIZE;
1674 else
1675 hlen = L2CAP_ENH_HDR_SIZE;
1676
c74e560c 1677 if (sdulen)
03a51213 1678 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1679
47d1ec61 1680 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1681 hlen += L2CAP_FCS_SIZE;
fcc203c3 1682
1c2acffb 1683 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1684
1685 skb = chan->ops->alloc_skb(chan, count + hlen,
1686 msg->msg_flags & MSG_DONTWAIT, &err);
1687
1c2acffb 1688 if (!skb)
0175d629 1689 return ERR_PTR(err);
1c2acffb
GP		 1690
1691 /* Create L2CAP header */
1692 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1693 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1694 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1695
1696 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1697
c74e560c 1698 if (sdulen)
03a51213 1699 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1700
0952a57a 1701 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1702 if (unlikely(err < 0)) {
1703 kfree_skb(skb);
1704 return ERR_PTR(err);
1705 }
e90bac06 1706
47d1ec61 1707 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1708 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1709
e90bac06 1710 bt_cb(skb)->retries = 0;
1c2acffb 1711 return skb;
1da177e4
LT		 1712}
1713
67c9e840 1714static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1715{
c74e560c
GP		 1716 struct sk_buff *skb;
1717 struct sk_buff_head sar_queue;
88843ab0 1718 u32 control;
c74e560c
GP		 1719 size_t size = 0;
1720
ff12fd64 1721 skb_queue_head_init(&sar_queue);
7e0ef6ee 1722 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1723 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1724 if (IS_ERR(skb))
1725 return PTR_ERR(skb);
1726
1727 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1728 len -= chan->remote_mps;
1729 size += chan->remote_mps;
c74e560c
GP		 1730
1731 while (len > 0) {
1732 size_t buflen;
1733
2c03a7a4 1734 if (len > chan->remote_mps) {
7e0ef6ee 1735 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1736 buflen = chan->remote_mps;
c74e560c 1737 } else {
7e0ef6ee 1738 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1739 buflen = len;
1740 }
1741
47d1ec61 1742 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1743 if (IS_ERR(skb)) {
1744 skb_queue_purge(&sar_queue);
1745 return PTR_ERR(skb);
1746 }
1747
1748 __skb_queue_tail(&sar_queue, skb);
1749 len -= buflen;
1750 size += buflen;
c74e560c 1751 }
58d35f87
GP		 1752 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1753 if (chan->tx_send_head == NULL)
1754 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1755
1756 return size;
1757}
1758
5e59b791
LAD		 1759int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1760 u32 priority)
9a91a04a 1761{
9a91a04a 1762 struct sk_buff *skb;
88843ab0 1763 u32 control;
9a91a04a
GP		 1764 int err;
1765
1766 /* Connectionless channel */
715ec005 1767 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1768 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1769 if (IS_ERR(skb))
1770 return PTR_ERR(skb);
1771
1772 l2cap_do_send(chan, skb);
1773 return len;
1774 }
1775
1776 switch (chan->mode) {
1777 case L2CAP_MODE_BASIC:
1778 /* Check outgoing MTU */
1779 if (len > chan->omtu)
1780 return -EMSGSIZE;
1781
1782 /* Create a basic PDU */
5e59b791 1783 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1784 if (IS_ERR(skb))
1785 return PTR_ERR(skb);
1786
1787 l2cap_do_send(chan, skb);
1788 err = len;
1789 break;
1790
1791 case L2CAP_MODE_ERTM:
1792 case L2CAP_MODE_STREAMING:
1793 /* Entire SDU fits into one PDU */
1794 if (len <= chan->remote_mps) {
7e0ef6ee 1795 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1796 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1797 0);
1798 if (IS_ERR(skb))
1799 return PTR_ERR(skb);
1800
1801 __skb_queue_tail(&chan->tx_q, skb);
1802
1803 if (chan->tx_send_head == NULL)
1804 chan->tx_send_head = skb;
1805
1806 } else {
1807 /* Segment SDU into multiples PDUs */
1808 err = l2cap_sar_segment_sdu(chan, msg, len);
1809 if (err < 0)
1810 return err;
1811 }
1812
1813 if (chan->mode == L2CAP_MODE_STREAMING) {
1814 l2cap_streaming_send(chan);
1815 err = len;
1816 break;
1817 }
1818
e2ab4353
GP		 1819 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1820 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1821 err = len;
1822 break;
1823 }
1824
1825 err = l2cap_ertm_send(chan);
1826 if (err >= 0)
1827 err = len;
1828
1829 break;
1830
1831 default:
1832 BT_DBG("bad state %1.1x", chan->mode);
1833 err = -EBADFD;
1834 }
1835
1836 return err;
1837}
1838
1da177e4
LT		 1839/* Copy frame to all raw sockets on that connection */
1840static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1841{
1da177e4 1842 struct sk_buff *nskb;
48454079 1843 struct l2cap_chan *chan;
1da177e4
LT		 1844
1845 BT_DBG("conn %p", conn);
1846
3df91ea2 1847 mutex_lock(&conn->chan_lock);
3d57dc68 1848
3df91ea2 1849 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1850 struct sock *sk = chan->sk;
715ec005 1851 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1852 continue;
1853
1854 /* Don't send frame to the socket it came from */
1855 if (skb->sk == sk)
1856 continue;
af05b30b
GP		 1857 nskb = skb_clone(skb, GFP_ATOMIC);
1858 if (!nskb)
1da177e4
LT		 1859 continue;
1860
23070494 1861 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1862 kfree_skb(nskb);
1863 }
3d57dc68 1864
3df91ea2 1865 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1866}
1867
1868/* ---- L2CAP signalling commands ---- */
1869static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1870 u8 code, u8 ident, u16 dlen, void *data)
1871{
1872 struct sk_buff *skb, **frag;
1873 struct l2cap_cmd_hdr *cmd;
1874 struct l2cap_hdr *lh;
1875 int len, count;
1876
af05b30b
GP		 1877 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1878 conn, code, ident, dlen);
1da177e4
LT		 1879
1880 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1881 count = min_t(unsigned int, conn->mtu, len);
1882
1883 skb = bt_skb_alloc(count, GFP_ATOMIC);
1884 if (!skb)
1885 return NULL;
1886
1887 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1888 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1889
1890 if (conn->hcon->type == LE_LINK)
1891 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1892 else
1893 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1894
1895 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1896 cmd->code = code;
1897 cmd->ident = ident;
aca3192c 1898 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1899
1900 if (dlen) {
1901 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1902 memcpy(skb_put(skb, count), data, count);
1903 data += count;
1904 }
1905
1906 len -= skb->len;
1907
1908 /* Continuation fragments (no L2CAP header) */
1909 frag = &skb_shinfo(skb)->frag_list;
1910 while (len) {
1911 count = min_t(unsigned int, conn->mtu, len);
1912
1913 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1914 if (!*frag)
1915 goto fail;
1916
1917 memcpy(skb_put(*frag, count), data, count);
1918
1919 len -= count;
1920 data += count;
1921
1922 frag = &(*frag)->next;
1923 }
1924
1925 return skb;
1926
1927fail:
1928 kfree_skb(skb);
1929 return NULL;
1930}
1931
1932static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1933{
1934 struct l2cap_conf_opt *opt = *ptr;
1935 int len;
1936
1937 len = L2CAP_CONF_OPT_SIZE + opt->len;
1938 *ptr += len;
1939
1940 *type = opt->type;
1941 *olen = opt->len;
1942
1943 switch (opt->len) {
1944 case 1:
1945 *val = *((u8 *) opt->val);
1946 break;
1947
1948 case 2:
bfaaeb3e 1949 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1950 break;
1951
1952 case 4:
bfaaeb3e 1953 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1954 break;
1955
1956 default:
1957 *val = (unsigned long) opt->val;
1958 break;
1959 }
1960
1961 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1962 return len;
1963}
1964
1da177e4
LT		 1965static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1966{
1967 struct l2cap_conf_opt *opt = *ptr;
1968
1969 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1970
1971 opt->type = type;
1972 opt->len = len;
1973
1974 switch (len) {
1975 case 1:
1976 *((u8 *) opt->val) = val;
1977 break;
1978
1979 case 2:
4f8b691c 1980 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1981 break;
1982
1983 case 4:
4f8b691c 1984 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1985 break;
1986
1987 default:
1988 memcpy(opt->val, (void *) val, len);
1989 break;
1990 }
1991
1992 *ptr += L2CAP_CONF_OPT_SIZE + len;
1993}
1994
f89cef09
AE		 1995static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
1996{
1997 struct l2cap_conf_efs efs;
1998
1ec918ce 1999 switch (chan->mode) {
f89cef09
AE		 2000 case L2CAP_MODE_ERTM:
2001 efs.id = chan->local_id;
2002 efs.stype = chan->local_stype;
2003 efs.msdu = cpu_to_le16(chan->local_msdu);
2004 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2005 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2006 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2007 break;
2008
2009 case L2CAP_MODE_STREAMING:
2010 efs.id = 1;
2011 efs.stype = L2CAP_SERV_BESTEFFORT;
2012 efs.msdu = cpu_to_le16(chan->local_msdu);
2013 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2014 efs.acc_lat = 0;
2015 efs.flush_to = 0;
2016 break;
2017
2018 default:
2019 return;
2020 }
2021
2022 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2023 (unsigned long) &efs);
2024}
2025
721c4181 2026static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2027{
721c4181
GP		 2028 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2029 ack_timer.work);
c1b4f43b 2030
2fb9b3d4
GP		 2031 BT_DBG("chan %p", chan);
2032
6be36555
AE		 2033 l2cap_chan_lock(chan);
2034
b17e73bb 2035 __l2cap_send_ack(chan);
6be36555
AE		 2036
2037 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2038
2039 l2cap_chan_put(chan);
c1b4f43b
GP		 2040}
2041
525cd185 2042static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2043{
42e5c802 2044 chan->expected_ack_seq = 0;
6a026610 2045 chan->unacked_frames = 0;
42e5c802 2046 chan->buffer_seq = 0;
6a026610
GP		 2047 chan->num_acked = 0;
2048 chan->frames_sent = 0;
0565c1c2 2049
721c4181
GP		 2050 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2051 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2052 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2053
f1c6775b 2054 skb_queue_head_init(&chan->srej_q);
1890d36b 2055
39d5a3ee 2056 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2057}
2058
f2fcfcd6
GP		 2059static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2060{
2061 switch (mode) {
2062 case L2CAP_MODE_STREAMING:
2063 case L2CAP_MODE_ERTM:
2064 if (l2cap_mode_supported(mode, remote_feat_mask))
2065 return mode;
2066 /* fall through */
2067 default:
2068 return L2CAP_MODE_BASIC;
2069 }
2070}
2071
6327eb98
AE		 2072static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2073{
2074 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2075}
2076
f89cef09
AE		 2077static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2078{
2079 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2080}
2081
6327eb98
AE		 2082static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2083{
2084 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2085 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2086 /* use extended control field */
2087 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2088 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2089 } else {
6327eb98
AE		 2090 chan->tx_win = min_t(u16, chan->tx_win,
2091 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2092 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2093 }
6327eb98
AE		 2094}
2095
710f9b0a 2096static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2097{
1da177e4 2098 struct l2cap_conf_req *req = data;
0c1bc5c6 2099 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2100 void *ptr = req->data;
c8f79162 2101 u16 size;
1da177e4 2102
49208c9c 2103 BT_DBG("chan %p", chan);
1da177e4 2104
73ffa904 2105 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2106 goto done;
2107
0c1bc5c6 2108 switch (chan->mode) {
f2fcfcd6
GP		 2109 case L2CAP_MODE_STREAMING:
2110 case L2CAP_MODE_ERTM:
c1360a1c 2111 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2112 break;
85eb53c6 2113
f89cef09
AE		 2114 if (__l2cap_efs_supported(chan))
2115 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2116
2ba13ed6 2117 /* fall through */
f2fcfcd6 2118 default:
8c1d787b 2119 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2120 break;
2121 }
2122
2123done:
0c1bc5c6
GP		 2124 if (chan->imtu != L2CAP_DEFAULT_MTU)
2125 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2126
0c1bc5c6 2127 switch (chan->mode) {
65c7c491 2128 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2129 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2130 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2131 break;
2132
62547752
GP		 2133 rfc.mode = L2CAP_MODE_BASIC;
2134 rfc.txwin_size = 0;
2135 rfc.max_transmit = 0;
2136 rfc.retrans_timeout = 0;
2137 rfc.monitor_timeout = 0;
2138 rfc.max_pdu_size = 0;
2139
63406504
GP		 2140 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2141 (unsigned long) &rfc);
65c7c491
MH		 2142 break;
2143
2144 case L2CAP_MODE_ERTM:
2145 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2146 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2147 rfc.retrans_timeout = 0;
2148 rfc.monitor_timeout = 0;
c8f79162
AE		 2149
2150 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2151 L2CAP_EXT_HDR_SIZE -
2152 L2CAP_SDULEN_SIZE -
2153 L2CAP_FCS_SIZE);
2154 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2155
6327eb98
AE		 2156 l2cap_txwin_setup(chan);
2157
2158 rfc.txwin_size = min_t(u16, chan->tx_win,
2159 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2160
63406504
GP		 2161 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2162 (unsigned long) &rfc);
2163
f89cef09
AE		 2164 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2165 l2cap_add_opt_efs(&ptr, chan);
2166
8c1d787b 2167 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2168 break;
2169
47d1ec61 2170 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2171 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2172 chan->fcs = L2CAP_FCS_NONE;
2173 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2174 }
6327eb98
AE		 2175
2176 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2177 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2178 chan->tx_win);
f2fcfcd6
GP		 2179 break;
2180
2181 case L2CAP_MODE_STREAMING:
2182 rfc.mode = L2CAP_MODE_STREAMING;
2183 rfc.txwin_size = 0;
2184 rfc.max_transmit = 0;
2185 rfc.retrans_timeout = 0;
2186 rfc.monitor_timeout = 0;
c8f79162
AE		 2187
2188 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2189 L2CAP_EXT_HDR_SIZE -
2190 L2CAP_SDULEN_SIZE -
2191 L2CAP_FCS_SIZE);
2192 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2193
63406504
GP		 2194 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2195 (unsigned long) &rfc);
2196
f89cef09
AE		 2197 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2198 l2cap_add_opt_efs(&ptr, chan);
2199
8c1d787b 2200 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2201 break;
2202
47d1ec61 2203 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2204 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2205 chan->fcs = L2CAP_FCS_NONE;
2206 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2207 }
65c7c491
MH		 2208 break;
2209 }
1da177e4 2210
fe4128e0 2211 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2212 req->flags = cpu_to_le16(0);
1da177e4
LT		 2213
2214 return ptr - data;
2215}
2216
73ffa904 2217static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2218{
5dee9e7c
MH		 2219 struct l2cap_conf_rsp *rsp = data;
2220 void *ptr = rsp->data;
73ffa904
GP		 2221 void *req = chan->conf_req;
2222 int len = chan->conf_len;
5dee9e7c
MH		 2223 int type, hint, olen;
2224 unsigned long val;
6464f35f 2225 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2226 struct l2cap_conf_efs efs;
2227 u8 remote_efs = 0;
861d6882 2228 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2229 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2230 u16 size;
1da177e4 2231
73ffa904 2232 BT_DBG("chan %p", chan);
820ae1b8 2233
5dee9e7c
MH		 2234 while (len >= L2CAP_CONF_OPT_SIZE) {
2235 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2236
589d2746 2237 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2238 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2239
2240 switch (type) {
2241 case L2CAP_CONF_MTU:
861d6882 2242 mtu = val;
5dee9e7c
MH		 2243 break;
2244
2245 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2246 chan->flush_to = val;
5dee9e7c
MH		 2247 break;
2248
2249 case L2CAP_CONF_QOS:
2250 break;
2251
6464f35f
MH		 2252 case L2CAP_CONF_RFC:
2253 if (olen == sizeof(rfc))
2254 memcpy(&rfc, (void *) val, olen);
2255 break;
2256
fcc203c3
GP		 2257 case L2CAP_CONF_FCS:
2258 if (val == L2CAP_FCS_NONE)
c1360a1c 2259 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2260 break;
fcc203c3 2261
42dceae2
AE		 2262 case L2CAP_CONF_EFS:
2263 remote_efs = 1;
2264 if (olen == sizeof(efs))
2265 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2266 break;
2267
6327eb98
AE		 2268 case L2CAP_CONF_EWS:
2269 if (!enable_hs)
2270 return -ECONNREFUSED;
fcc203c3 2271
6327eb98
AE		 2272 set_bit(FLAG_EXT_CTRL, &chan->flags);
2273 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2274 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2275 chan->remote_tx_win = val;
fcc203c3
GP		 2276 break;
2277
5dee9e7c
MH		 2278 default:
2279 if (hint)
2280 break;
2281
2282 result = L2CAP_CONF_UNKNOWN;
2283 *((u8 *) ptr++) = type;
2284 break;
2285 }
2286 }
2287
73ffa904 2288 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2289 goto done;
2290
0c1bc5c6 2291 switch (chan->mode) {
f2fcfcd6
GP		 2292 case L2CAP_MODE_STREAMING:
2293 case L2CAP_MODE_ERTM:
c1360a1c 2294 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2295 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2296 chan->conn->feat_mask);
85eb53c6
GP		 2297 break;
2298 }
2299
42dceae2
AE		 2300 if (remote_efs) {
2301 if (__l2cap_efs_supported(chan))
2302 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2303 else
2304 return -ECONNREFUSED;
2305 }
2306
0c1bc5c6 2307 if (chan->mode != rfc.mode)
f2fcfcd6 2308 return -ECONNREFUSED;
742e519b 2309
f2fcfcd6 2310 break;
f2fcfcd6
GP		 2311 }
2312
2313done:
0c1bc5c6 2314 if (chan->mode != rfc.mode) {
f2fcfcd6 2315 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2316 rfc.mode = chan->mode;
f2fcfcd6 2317
73ffa904 2318 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2319 return -ECONNREFUSED;
2320
2321 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2322 sizeof(rfc), (unsigned long) &rfc);
2323 }
2324
5dee9e7c
MH		 2325 if (result == L2CAP_CONF_SUCCESS) {
2326 /* Configure output options and let the other side know
2327 * which ones we don't like. */
2328
f2fcfcd6
GP		 2329 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2330 result = L2CAP_CONF_UNACCEPT;
2331 else {
0c1bc5c6 2332 chan->omtu = mtu;
c1360a1c 2333 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2334 }
0c1bc5c6 2335 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2336
42dceae2
AE		 2337 if (remote_efs) {
2338 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2339 efs.stype != L2CAP_SERV_NOTRAFIC &&
2340 efs.stype != chan->local_stype) {
2341
2342 result = L2CAP_CONF_UNACCEPT;
2343
2344 if (chan->num_conf_req >= 1)
2345 return -ECONNREFUSED;
2346
2347 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2348 sizeof(efs),
42dceae2 2349 (unsigned long) &efs);
0e8b207e 2350 } else {
3e6b3b95 2351 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2352 result = L2CAP_CONF_PENDING;
2353 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2354 }
2355 }
2356
f2fcfcd6
GP		 2357 switch (rfc.mode) {
2358 case L2CAP_MODE_BASIC:
47d1ec61 2359 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2360 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2361 break;
2362
2363 case L2CAP_MODE_ERTM:
6327eb98
AE		 2364 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2365 chan->remote_tx_win = rfc.txwin_size;
2366 else
2367 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2368
2c03a7a4 2369 chan->remote_max_tx = rfc.max_transmit;
1c762159 2370
c8f79162
AE		 2371 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2372 chan->conn->mtu -
2373 L2CAP_EXT_HDR_SIZE -
2374 L2CAP_SDULEN_SIZE -
2375 L2CAP_FCS_SIZE);
2376 rfc.max_pdu_size = cpu_to_le16(size);
2377 chan->remote_mps = size;
f2fcfcd6 2378
10467e9e
GP		 2379 rfc.retrans_timeout =
2380 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2381 rfc.monitor_timeout =
2382 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2383
c1360a1c 2384 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2385
2386 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2387 sizeof(rfc), (unsigned long) &rfc);
2388
42dceae2
AE		 2389 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2390 chan->remote_id = efs.id;
2391 chan->remote_stype = efs.stype;
2392 chan->remote_msdu = le16_to_cpu(efs.msdu);
2393 chan->remote_flush_to =
2394 le32_to_cpu(efs.flush_to);
2395 chan->remote_acc_lat =
2396 le32_to_cpu(efs.acc_lat);
2397 chan->remote_sdu_itime =
2398 le32_to_cpu(efs.sdu_itime);
2399 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2400 sizeof(efs), (unsigned long) &efs);
2401 }
f2fcfcd6
GP		 2402 break;
2403
2404 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2405 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2406 chan->conn->mtu -
2407 L2CAP_EXT_HDR_SIZE -
2408 L2CAP_SDULEN_SIZE -
2409 L2CAP_FCS_SIZE);
2410 rfc.max_pdu_size = cpu_to_le16(size);
2411 chan->remote_mps = size;
f2fcfcd6 2412
c1360a1c 2413 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2414
2415 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2416 sizeof(rfc), (unsigned long) &rfc);
2417
f2fcfcd6
GP		 2418 break;
2419
2420 default:
5dee9e7c 2421 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2422
6464f35f 2423 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2424 rfc.mode = chan->mode;
f2fcfcd6 2425 }
6464f35f 2426
f2fcfcd6 2427 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2428 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2429 }
fe4128e0 2430 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2431 rsp->result = cpu_to_le16(result);
2432 rsp->flags = cpu_to_le16(0x0000);
2433
2434 return ptr - data;
1da177e4
LT		 2435}
2436
b4450035 2437static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2438{
f2fcfcd6
GP		 2439 struct l2cap_conf_req *req = data;
2440 void *ptr = req->data;
2441 int type, olen;
2442 unsigned long val;
36e999a8 2443 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2444 struct l2cap_conf_efs efs;
f2fcfcd6 2445
fe4128e0 2446 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2447
2448 while (len >= L2CAP_CONF_OPT_SIZE) {
2449 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2450
2451 switch (type) {
2452 case L2CAP_CONF_MTU:
2453 if (val < L2CAP_DEFAULT_MIN_MTU) {
2454 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2455 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2456 } else
0c1bc5c6
GP		 2457 chan->imtu = val;
2458 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2459 break;
2460
2461 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2462 chan->flush_to = val;
f2fcfcd6 2463 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2464 2, chan->flush_to);
f2fcfcd6
GP		 2465 break;
2466
2467 case L2CAP_CONF_RFC:
2468 if (olen == sizeof(rfc))
2469 memcpy(&rfc, (void *)val, olen);
2470
c1360a1c 2471 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2472 rfc.mode != chan->mode)
f2fcfcd6
GP		 2473 return -ECONNREFUSED;
2474
47d1ec61 2475 chan->fcs = 0;
f2fcfcd6
GP		 2476
2477 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2478 sizeof(rfc), (unsigned long) &rfc);
2479 break;
6327eb98
AE		 2480
2481 case L2CAP_CONF_EWS:
2482 chan->tx_win = min_t(u16, val,
2483 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2484 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2485 chan->tx_win);
6327eb98 2486 break;
66af7aaf
AE		 2487
2488 case L2CAP_CONF_EFS:
2489 if (olen == sizeof(efs))
2490 memcpy(&efs, (void *)val, olen);
2491
2492 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2493 efs.stype != L2CAP_SERV_NOTRAFIC &&
2494 efs.stype != chan->local_stype)
2495 return -ECONNREFUSED;
2496
2497 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2498 sizeof(efs), (unsigned long) &efs);
2499 break;
f2fcfcd6
GP		 2500 }
2501 }
2502
0c1bc5c6 2503 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2504 return -ECONNREFUSED;
2505
0c1bc5c6 2506 chan->mode = rfc.mode;
6c2ea7a8 2507
0e8b207e 2508 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2509 switch (rfc.mode) {
2510 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2511 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2512 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2513 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2514
2515 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2516 chan->local_msdu = le16_to_cpu(efs.msdu);
2517 chan->local_sdu_itime =
2518 le32_to_cpu(efs.sdu_itime);
2519 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2520 chan->local_flush_to =
2521 le32_to_cpu(efs.flush_to);
2522 }
f2fcfcd6 2523 break;
66af7aaf 2524
f2fcfcd6 2525 case L2CAP_MODE_STREAMING:
47d1ec61 2526 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2527 }
2528 }
2529
fe4128e0 2530 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2531 req->flags = cpu_to_le16(0x0000);
2532
2533 return ptr - data;
2534}
2535
fe4128e0 2536static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2537{
2538 struct l2cap_conf_rsp *rsp = data;
2539 void *ptr = rsp->data;
1da177e4 2540
fe4128e0 2541 BT_DBG("chan %p", chan);
1da177e4 2542
fe4128e0 2543 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2544 rsp->result = cpu_to_le16(result);
aca3192c 2545 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2546
2547 return ptr - data;
2548}
2549
8c1d787b 2550void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2551{
2552 struct l2cap_conn_rsp rsp;
8c1d787b 2553 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2554 u8 buf[128];
2555
fe4128e0
GP		 2556 rsp.scid = cpu_to_le16(chan->dcid);
2557 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2558 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2559 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2560 l2cap_send_cmd(conn, chan->ident,
2561 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2562
c1360a1c 2563 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2564 return;
2565
710f9b0a
GP		 2566 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2567 l2cap_build_conf_req(chan, buf), buf);
2568 chan->num_conf_req++;
2569}
2570
47d1ec61 2571static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2572{
7b1c0049
GP		 2573 int type, olen;
2574 unsigned long val;
2575 struct l2cap_conf_rfc rfc;
2576
47d1ec61 2577 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2578
0c1bc5c6 2579 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2580 return;
2581
2582 while (len >= L2CAP_CONF_OPT_SIZE) {
2583 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2584
2585 switch (type) {
2586 case L2CAP_CONF_RFC:
2587 if (olen == sizeof(rfc))
2588 memcpy(&rfc, (void *)val, olen);
2589 goto done;
2590 }
2591 }
2592
36e999a8
MM		 2593 /* Use sane default values in case a misbehaving remote device
2594 * did not send an RFC option.
2595 */
2596 rfc.mode = chan->mode;
2597 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2598 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2599 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2600
2601 BT_ERR("Expected RFC option was not found, using defaults");
2602
7b1c0049
GP		 2603done:
2604 switch (rfc.mode) {
2605 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2606 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2607 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2608 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2609 break;
2610 case L2CAP_MODE_STREAMING:
47d1ec61 2611 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2612 }
2613}
2614
4e8402a3
MH		 2615static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2616{
e2fd318e 2617 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2618
e2fd318e 2619 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2620 return 0;
2621
2622 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2623 cmd->ident == conn->info_ident) {
17cd3f37 2624 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2625
2626 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2627 conn->info_ident = 0;
984947dc 2628
4e8402a3
MH		 2629 l2cap_conn_start(conn);
2630 }
2631
2632 return 0;
2633}
2634
1da177e4
LT		 2635static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2636{
1da177e4
LT		 2637 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2638 struct l2cap_conn_rsp rsp;
23691d75 2639 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2640 struct sock *parent, *sk = NULL;
e7c29cb1 2641 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2642
2643 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2644 __le16 psm = req->psm;
1da177e4
LT		 2645
2646 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2647
2648 /* Check if we have socket listening on psm */
23691d75
GP		 2649 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2650 if (!pchan) {
1da177e4
LT		 2651 result = L2CAP_CR_BAD_PSM;
2652 goto sendresp;
2653 }
2654
23691d75
GP		 2655 parent = pchan->sk;
2656
3df91ea2 2657 mutex_lock(&conn->chan_lock);
aa2ac881 2658 lock_sock(parent);
e0f0cb56 2659
e7c29cb1
MH		 2660 /* Check if the ACL is secure enough (if not SDP) */
2661 if (psm != cpu_to_le16(0x0001) &&
2662 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2663 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2664 result = L2CAP_CR_SEC_BLOCK;
2665 goto response;
2666 }
2667
1da177e4
LT		 2668 result = L2CAP_CR_NO_MEM;
2669
2670 /* Check for backlog size */
2671 if (sk_acceptq_is_full(parent)) {
8e87d142 2672 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2673 goto response;
2674 }
2675
80808e43
GP		 2676 chan = pchan->ops->new_connection(pchan->data);
2677 if (!chan)
1da177e4
LT		 2678 goto response;
2679
80808e43
GP		 2680 sk = chan->sk;
2681
1da177e4 2682 /* Check if we already have channel with that dcid */
baa7e1fa 2683 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2684 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2685 chan->ops->close(chan->data);
1da177e4
LT		 2686 goto response;
2687 }
2688
2689 hci_conn_hold(conn->hcon);
2690
1da177e4
LT		 2691 bacpy(&bt_sk(sk)->src, conn->src);
2692 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2693 chan->psm = psm;
2694 chan->dcid = scid;
1da177e4 2695
d1010240
GP		 2696 bt_accept_enqueue(parent, sk);
2697
6be36555 2698 __l2cap_chan_add(conn, chan);
48454079 2699
fe4128e0 2700 dcid = chan->scid;
1da177e4 2701
c9b66675 2702 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2703
fc7f8a7e 2704 chan->ident = cmd->ident;
1da177e4 2705
984947dc 2706 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2707 if (l2cap_chan_check_security(chan)) {
f66dc81f 2708 if (bt_sk(sk)->defer_setup) {
0e587be7 2709 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2710 result = L2CAP_CR_PEND;
2711 status = L2CAP_CS_AUTHOR_PEND;
2712 parent->sk_data_ready(parent, 0);
2713 } else {
0e587be7 2714 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2715 result = L2CAP_CR_SUCCESS;
2716 status = L2CAP_CS_NO_INFO;
2717 }
79d554a6 2718 } else {
0e587be7 2719 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2720 result = L2CAP_CR_PEND;
2721 status = L2CAP_CS_AUTHEN_PEND;
2722 }
2723 } else {
0e587be7 2724 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2725 result = L2CAP_CR_PEND;
2726 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2727 }
2728
1da177e4 2729response:
aa2ac881 2730 release_sock(parent);
3df91ea2 2731 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2732
2733sendresp:
aca3192c
YH		 2734 rsp.scid = cpu_to_le16(scid);
2735 rsp.dcid = cpu_to_le16(dcid);
2736 rsp.result = cpu_to_le16(result);
2737 rsp.status = cpu_to_le16(status);
1da177e4 2738 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2739
2740 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2741 struct l2cap_info_req info;
2742 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2743
2744 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2745 conn->info_ident = l2cap_get_ident(conn);
2746
030013d8 2747 schedule_delayed_work(&conn->info_timer,
79d554a6
MH		 2748 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2749
2750 l2cap_send_cmd(conn, conn->info_ident,
2751 L2CAP_INFO_REQ, sizeof(info), &info);
2752 }
2753
c1360a1c 2754 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2755 result == L2CAP_CR_SUCCESS) {
2756 u8 buf[128];
c1360a1c 2757 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2758 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2759 l2cap_build_conf_req(chan, buf), buf);
2760 chan->num_conf_req++;
e9aeb2dd
GP		 2761 }
2762
1da177e4
LT		 2763 return 0;
2764}
2765
2766static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2767{
2768 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2769 u16 scid, dcid, result, status;
48454079 2770 struct l2cap_chan *chan;
1da177e4 2771 u8 req[128];
3df91ea2 2772 int err;
1da177e4
LT		 2773
2774 scid = __le16_to_cpu(rsp->scid);
2775 dcid = __le16_to_cpu(rsp->dcid);
2776 result = __le16_to_cpu(rsp->result);
2777 status = __le16_to_cpu(rsp->status);
2778
1b009c98
AE		 2779 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2780 dcid, scid, result, status);
1da177e4 2781
3df91ea2
AE		 2782 mutex_lock(&conn->chan_lock);
2783
1da177e4 2784 if (scid) {
3df91ea2
AE		 2785 chan = __l2cap_get_chan_by_scid(conn, scid);
2786 if (!chan) {
2787 err = -EFAULT;
2788 goto unlock;
2789 }
1da177e4 2790 } else {
3df91ea2
AE		 2791 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2792 if (!chan) {
2793 err = -EFAULT;
2794 goto unlock;
2795 }
1da177e4
LT		 2796 }
2797
3df91ea2
AE		 2798 err = 0;
2799
6be36555 2800 l2cap_chan_lock(chan);
48454079 2801
1da177e4
LT		 2802 switch (result) {
2803 case L2CAP_CR_SUCCESS:
89bc500e 2804 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2805 chan->ident = 0;
fe4128e0 2806 chan->dcid = dcid;
c1360a1c 2807 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2808
c1360a1c 2809 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2810 break;
2811
1da177e4 2812 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2813 l2cap_build_conf_req(chan, req), req);
2814 chan->num_conf_req++;
1da177e4
LT		 2815 break;
2816
2817 case L2CAP_CR_PEND:
c1360a1c 2818 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2819 break;
2820
2821 default:
48454079 2822 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2823 break;
2824 }
2825
6be36555 2826 l2cap_chan_unlock(chan);
3df91ea2
AE		 2827
2828unlock:
2829 mutex_unlock(&conn->chan_lock);
2830
2831 return err;
1da177e4
LT		 2832}
2833
47d1ec61 2834static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2835{
2836 /* FCS is enabled only in ERTM or streaming mode, if one or both
2837 * sides request it.
2838 */
0c1bc5c6 2839 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2840 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2841 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2842 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2843}
2844
88219a0f 2845static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2846{
2847 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2848 u16 dcid, flags;
2849 u8 rsp[64];
48454079 2850 struct l2cap_chan *chan;
5dee9e7c 2851 int len;
1da177e4
LT		 2852
2853 dcid = __le16_to_cpu(req->dcid);
2854 flags = __le16_to_cpu(req->flags);
2855
2856 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2857
baa7e1fa 2858 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2859 if (!chan)
1da177e4
LT		 2860 return -ENOENT;
2861
6be36555 2862 l2cap_chan_lock(chan);
48454079 2863
033b1142 2864 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2865 struct l2cap_cmd_rej_cid rej;
2866
2867 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2868 rej.scid = cpu_to_le16(chan->scid);
2869 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2870
df6bd743
GP		 2871 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2872 sizeof(rej), &rej);
354f60a9 2873 goto unlock;
df6bd743 2874 }
354f60a9 2875
5dee9e7c 2876 /* Reject if config buffer is too small. */
88219a0f 2877 len = cmd_len - sizeof(*req);
7ac28817 2878 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2879 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2880 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2881 L2CAP_CONF_REJECT, flags), rsp);
2882 goto unlock;
2883 }
2884
2885 /* Store config. */
73ffa904
GP		 2886 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2887 chan->conf_len += len;
1da177e4
LT		 2888
2889 if (flags & 0x0001) {
2890 /* Incomplete config. Send empty response. */
2891 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2892 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2893 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2894 goto unlock;
2895 }
2896
2897 /* Complete config. */
73ffa904 2898 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2899 if (len < 0) {
e92c8e70 2900 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2901 goto unlock;
f2fcfcd6 2902 }
1da177e4 2903
5dee9e7c 2904 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2905 chan->num_conf_rsp++;
5dee9e7c 2906
5dee9e7c 2907 /* Reset config buffer. */
73ffa904 2908 chan->conf_len = 0;
5dee9e7c 2909
c1360a1c 2910 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2911 goto unlock;
2912
c1360a1c 2913 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2914 set_default_fcs(chan);
fcc203c3 2915
89bc500e 2916 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2917
42e5c802
GP		 2918 chan->next_tx_seq = 0;
2919 chan->expected_tx_seq = 0;
58d35f87 2920 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2921 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2922 l2cap_ertm_init(chan);
0565c1c2 2923
cf4cd009 2924 l2cap_chan_ready(chan);
876d9484
MH		 2925 goto unlock;
2926 }
2927
c1360a1c 2928 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2929 u8 buf[64];
1da177e4 2930 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2931 l2cap_build_conf_req(chan, buf), buf);
2932 chan->num_conf_req++;
1da177e4
LT		 2933 }
2934
0e8b207e
AE		 2935 /* Got Conf Rsp PENDING from remote side and asume we sent
2936 Conf Rsp PENDING in the code above */
2937 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2938 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2939
2940 /* check compatibility */
2941
2942 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2943 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2944
2945 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2946 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2947 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2948 }
2949
1da177e4 2950unlock:
6be36555 2951 l2cap_chan_unlock(chan);
1da177e4
LT		 2952 return 0;
2953}
2954
2955static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2956{
2957 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2958 u16 scid, flags, result;
48454079 2959 struct l2cap_chan *chan;
7b1c0049 2960 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2961
2962 scid = __le16_to_cpu(rsp->scid);
2963 flags = __le16_to_cpu(rsp->flags);
2964 result = __le16_to_cpu(rsp->result);
2965
af05b30b
GP		 2966 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2967 scid, flags, result);
1da177e4 2968
baa7e1fa 2969 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2970 if (!chan)
1da177e4
LT		 2971 return 0;
2972
6be36555 2973 l2cap_chan_lock(chan);
48454079 2974
1da177e4
LT		 2975 switch (result) {
2976 case L2CAP_CONF_SUCCESS:
47d1ec61 2977 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2978 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2979 break;
2980
0e8b207e
AE		 2981 case L2CAP_CONF_PENDING:
2982 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2983
2984 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2985 char buf[64];
2986
2987 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2988 buf, &result);
2989 if (len < 0) {
2990 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2991 goto done;
2992 }
2993
2994 /* check compatibility */
2995
2996 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2997 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2998
2999 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3000 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3001 L2CAP_CONF_SUCCESS, 0x0000), buf);
3002 }
3003 goto done;
3004
1da177e4 3005 case L2CAP_CONF_UNACCEPT:
73ffa904 3006 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3007 char req[64];
3008
c2c77ec8 3009 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3010 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3011 goto done;
3012 }
3013
f2fcfcd6
GP		 3014 /* throw out any old stored conf requests */
3015 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3016 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3017 req, &result);
f2fcfcd6 3018 if (len < 0) {
e92c8e70 3019 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3020 goto done;
3021 }
3022
3023 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3024 L2CAP_CONF_REQ, len, req);
73ffa904 3025 chan->num_conf_req++;
f2fcfcd6
GP		 3026 if (result != L2CAP_CONF_SUCCESS)
3027 goto done;
3028 break;
1da177e4
LT		 3029 }
3030
8e87d142 3031 default:
6be36555 3032 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3033
b83ddfe2
AK		 3034 __set_chan_timer(chan,
3035 msecs_to_jiffies(L2CAP_DISC_REJ_TIMEOUT));
e92c8e70 3036 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3037 goto done;
3038 }
3039
3040 if (flags & 0x01)
3041 goto done;
3042
c1360a1c 3043 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3044
c1360a1c 3045 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3046 set_default_fcs(chan);
fcc203c3 3047
89bc500e 3048 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3049 chan->next_tx_seq = 0;
3050 chan->expected_tx_seq = 0;
58d35f87 3051 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3052 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3053 l2cap_ertm_init(chan);
0565c1c2 3054
cf4cd009 3055 l2cap_chan_ready(chan);
1da177e4
LT		 3056 }
3057
3058done:
6be36555 3059 l2cap_chan_unlock(chan);
1da177e4
LT		 3060 return 0;
3061}
3062
3063static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3064{
3065 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3066 struct l2cap_disconn_rsp rsp;
3067 u16 dcid, scid;
48454079 3068 struct l2cap_chan *chan;
1da177e4
LT		 3069 struct sock *sk;
3070
3071 scid = __le16_to_cpu(req->scid);
3072 dcid = __le16_to_cpu(req->dcid);
3073
3074 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3075
3df91ea2
AE		 3076 mutex_lock(&conn->chan_lock);
3077
3078 chan = __l2cap_get_chan_by_scid(conn, dcid);
3079 if (!chan) {
3080 mutex_unlock(&conn->chan_lock);
1da177e4 3081 return 0;
3df91ea2 3082 }
1da177e4 3083
6be36555
AE		 3084 l2cap_chan_lock(chan);
3085
48454079
GP		 3086 sk = chan->sk;
3087
fe4128e0
GP		 3088 rsp.dcid = cpu_to_le16(chan->scid);
3089 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3090 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3091
6be36555 3092 lock_sock(sk);
1da177e4 3093 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3094 release_sock(sk);
1da177e4 3095
48454079 3096 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3097
3098 l2cap_chan_unlock(chan);
1da177e4 3099
ba3bd0ee 3100 chan->ops->close(chan->data);
3df91ea2
AE		 3101
3102 mutex_unlock(&conn->chan_lock);
3103
1da177e4
LT		 3104 return 0;
3105}
3106
3107static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3108{
3109 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3110 u16 dcid, scid;
48454079 3111 struct l2cap_chan *chan;
1da177e4
LT		 3112
3113 scid = __le16_to_cpu(rsp->scid);
3114 dcid = __le16_to_cpu(rsp->dcid);
3115
3116 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3117
3df91ea2
AE		 3118 mutex_lock(&conn->chan_lock);
3119
3120 chan = __l2cap_get_chan_by_scid(conn, scid);
3121 if (!chan) {
3122 mutex_unlock(&conn->chan_lock);
1da177e4 3123 return 0;
3df91ea2 3124 }
1da177e4 3125
6be36555 3126 l2cap_chan_lock(chan);
48454079 3127
48454079 3128 l2cap_chan_del(chan, 0);
6be36555
AE		 3129
3130 l2cap_chan_unlock(chan);
1da177e4 3131
ba3bd0ee 3132 chan->ops->close(chan->data);
3df91ea2
AE		 3133
3134 mutex_unlock(&conn->chan_lock);
3135
1da177e4
LT		 3136 return 0;
3137}
3138
3139static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3140{
3141 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3142 u16 type;
3143
3144 type = __le16_to_cpu(req->type);
3145
3146 BT_DBG("type 0x%4.4x", type);
3147
f0709e03
MH		 3148 if (type == L2CAP_IT_FEAT_MASK) {
3149 u8 buf[8];
44dd46de 3150 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3151 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3152 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3153 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3154 if (!disable_ertm)
fcc203c3
GP		 3155 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3156 | L2CAP_FEAT_FCS;
a5fd6f30 3157 if (enable_hs)
6327eb98
AE		 3158 feat_mask |= L2CAP_FEAT_EXT_FLOW
3159 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3160
1b7bf4ed 3161 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3162 l2cap_send_cmd(conn, cmd->ident,
3163 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3164 } else if (type == L2CAP_IT_FIXED_CHAN) {
3165 u8 buf[12];
3166 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3167
3168 if (enable_hs)
3169 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3170 else
3171 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3172
e1027a7c
MH		 3173 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3174 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3175 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3176 l2cap_send_cmd(conn, cmd->ident,
3177 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3178 } else {
3179 struct l2cap_info_rsp rsp;
3180 rsp.type = cpu_to_le16(type);
3181 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3182 l2cap_send_cmd(conn, cmd->ident,
3183 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3184 }
1da177e4
LT		 3185
3186 return 0;
3187}
3188
3189static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3190{
3191 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3192 u16 type, result;
3193
3194 type = __le16_to_cpu(rsp->type);
3195 result = __le16_to_cpu(rsp->result);
3196
3197 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3198
e90165be
AE		 3199 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3200 if (cmd->ident != conn->info_ident ||
3201 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3202 return 0;
3203
17cd3f37 3204 cancel_delayed_work(&conn->info_timer);
4e8402a3 3205
adb08ede
VT		 3206 if (result != L2CAP_IR_SUCCESS) {
3207 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3208 conn->info_ident = 0;
3209
3210 l2cap_conn_start(conn);
3211
3212 return 0;
3213 }
3214
984947dc 3215 if (type == L2CAP_IT_FEAT_MASK) {
83985319 3216 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3217
47ec1dcd 3218 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3219 struct l2cap_info_req req;
3220 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3221
3222 conn->info_ident = l2cap_get_ident(conn);
3223
3224 l2cap_send_cmd(conn, conn->info_ident,
3225 L2CAP_INFO_REQ, sizeof(req), &req);
3226 } else {
3227 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3228 conn->info_ident = 0;
3229
3230 l2cap_conn_start(conn);
3231 }
3232 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 3233 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3234 conn->info_ident = 0;
984947dc
MH		 3235
3236 l2cap_conn_start(conn);
3237 }
4e8402a3 3238
1da177e4
LT		 3239 return 0;
3240}
3241
f94ff6ff
MM		 3242static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3243 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3244 void *data)
3245{
3246 struct l2cap_create_chan_req *req = data;
3247 struct l2cap_create_chan_rsp rsp;
3248 u16 psm, scid;
3249
3250 if (cmd_len != sizeof(*req))
3251 return -EPROTO;
3252
3253 if (!enable_hs)
3254 return -EINVAL;
3255
3256 psm = le16_to_cpu(req->psm);
3257 scid = le16_to_cpu(req->scid);
3258
3259 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3260
3261 /* Placeholder: Always reject */
3262 rsp.dcid = 0;
3263 rsp.scid = cpu_to_le16(scid);
3264 rsp.result = L2CAP_CR_NO_MEM;
3265 rsp.status = L2CAP_CS_NO_INFO;
3266
3267 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3268 sizeof(rsp), &rsp);
3269
3270 return 0;
3271}
3272
3273static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3274 struct l2cap_cmd_hdr *cmd, void *data)
3275{
3276 BT_DBG("conn %p", conn);
3277
3278 return l2cap_connect_rsp(conn, cmd, data);
3279}
3280
8d5a04a1
MM		 3281static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3282 u16 icid, u16 result)
3283{
3284 struct l2cap_move_chan_rsp rsp;
3285
3286 BT_DBG("icid %d, result %d", icid, result);
3287
3288 rsp.icid = cpu_to_le16(icid);
3289 rsp.result = cpu_to_le16(result);
3290
3291 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3292}
3293
3294static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3295 struct l2cap_chan *chan, u16 icid, u16 result)
3296{
3297 struct l2cap_move_chan_cfm cfm;
3298 u8 ident;
3299
3300 BT_DBG("icid %d, result %d", icid, result);
3301
3302 ident = l2cap_get_ident(conn);
3303 if (chan)
3304 chan->ident = ident;
3305
3306 cfm.icid = cpu_to_le16(icid);
3307 cfm.result = cpu_to_le16(result);
3308
3309 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3310}
3311
3312static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3313 u16 icid)
3314{
3315 struct l2cap_move_chan_cfm_rsp rsp;
3316
3317 BT_DBG("icid %d", icid);
3318
3319 rsp.icid = cpu_to_le16(icid);
3320 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3321}
3322
3323static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3324 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3325{
3326 struct l2cap_move_chan_req *req = data;
3327 u16 icid = 0;
3328 u16 result = L2CAP_MR_NOT_ALLOWED;
3329
3330 if (cmd_len != sizeof(*req))
3331 return -EPROTO;
3332
3333 icid = le16_to_cpu(req->icid);
3334
3335 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3336
3337 if (!enable_hs)
3338 return -EINVAL;
3339
3340 /* Placeholder: Always refuse */
3341 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3342
3343 return 0;
3344}
3345
3346static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3347 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3348{
3349 struct l2cap_move_chan_rsp *rsp = data;
3350 u16 icid, result;
3351
3352 if (cmd_len != sizeof(*rsp))
3353 return -EPROTO;
3354
3355 icid = le16_to_cpu(rsp->icid);
3356 result = le16_to_cpu(rsp->result);
3357
3358 BT_DBG("icid %d, result %d", icid, result);
3359
3360 /* Placeholder: Always unconfirmed */
3361 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3362
3363 return 0;
3364}
3365
3366static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3367 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3368{
3369 struct l2cap_move_chan_cfm *cfm = data;
3370 u16 icid, result;
3371
3372 if (cmd_len != sizeof(*cfm))
3373 return -EPROTO;
3374
3375 icid = le16_to_cpu(cfm->icid);
3376 result = le16_to_cpu(cfm->result);
3377
3378 BT_DBG("icid %d, result %d", icid, result);
3379
3380 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3381
3382 return 0;
3383}
3384
3385static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3386 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3387{
3388 struct l2cap_move_chan_cfm_rsp *rsp = data;
3389 u16 icid;
3390
3391 if (cmd_len != sizeof(*rsp))
3392 return -EPROTO;
3393
3394 icid = le16_to_cpu(rsp->icid);
3395
3396 BT_DBG("icid %d", icid);
3397
3398 return 0;
3399}
3400
e2174ca4 3401static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3402 u16 to_multiplier)
3403{
3404 u16 max_latency;
3405
3406 if (min > max || min < 6 || max > 3200)
3407 return -EINVAL;
3408
3409 if (to_multiplier < 10 || to_multiplier > 3200)
3410 return -EINVAL;
3411
3412 if (max >= to_multiplier * 8)
3413 return -EINVAL;
3414
3415 max_latency = (to_multiplier * 8 / max) - 1;
3416 if (latency > 499 || latency > max_latency)
3417 return -EINVAL;
3418
3419 return 0;
3420}
3421
3422static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3423 struct l2cap_cmd_hdr *cmd, u8 *data)
3424{
3425 struct hci_conn *hcon = conn->hcon;
3426 struct l2cap_conn_param_update_req *req;
3427 struct l2cap_conn_param_update_rsp rsp;
3428 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3429 int err;
de73115a
CT		 3430
3431 if (!(hcon->link_mode & HCI_LM_MASTER))
3432 return -EINVAL;
3433
3434 cmd_len = __le16_to_cpu(cmd->len);
3435 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3436 return -EPROTO;
3437
3438 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3439 min = __le16_to_cpu(req->min);
3440 max = __le16_to_cpu(req->max);
de73115a
CT		 3441 latency = __le16_to_cpu(req->latency);
3442 to_multiplier = __le16_to_cpu(req->to_multiplier);
3443
3444 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3445 min, max, latency, to_multiplier);
3446
3447 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3448
3449 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3450 if (err)
de73115a
CT		 3451 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3452 else
3453 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3454
3455 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3456 sizeof(rsp), &rsp);
3457
2ce603eb
CT		 3458 if (!err)
3459 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3460
de73115a
CT		 3461 return 0;
3462}
3463
3300d9a9
CT		 3464static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3465 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3466{
3467 int err = 0;
3468
3469 switch (cmd->code) {
3470 case L2CAP_COMMAND_REJ:
3471 l2cap_command_rej(conn, cmd, data);
3472 break;
3473
3474 case L2CAP_CONN_REQ:
3475 err = l2cap_connect_req(conn, cmd, data);
3476 break;
3477
3478 case L2CAP_CONN_RSP:
3479 err = l2cap_connect_rsp(conn, cmd, data);
3480 break;
3481
3482 case L2CAP_CONF_REQ:
3483 err = l2cap_config_req(conn, cmd, cmd_len, data);
3484 break;
3485
3486 case L2CAP_CONF_RSP:
3487 err = l2cap_config_rsp(conn, cmd, data);
3488 break;
3489
3490 case L2CAP_DISCONN_REQ:
3491 err = l2cap_disconnect_req(conn, cmd, data);
3492 break;
3493
3494 case L2CAP_DISCONN_RSP:
3495 err = l2cap_disconnect_rsp(conn, cmd, data);
3496 break;
3497
3498 case L2CAP_ECHO_REQ:
3499 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3500 break;
3501
3502 case L2CAP_ECHO_RSP:
3503 break;
3504
3505 case L2CAP_INFO_REQ:
3506 err = l2cap_information_req(conn, cmd, data);
3507 break;
3508
3509 case L2CAP_INFO_RSP:
3510 err = l2cap_information_rsp(conn, cmd, data);
3511 break;
3512
f94ff6ff
MM		 3513 case L2CAP_CREATE_CHAN_REQ:
3514 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3515 break;
3516
3517 case L2CAP_CREATE_CHAN_RSP:
3518 err = l2cap_create_channel_rsp(conn, cmd, data);
3519 break;
3520
8d5a04a1
MM		 3521 case L2CAP_MOVE_CHAN_REQ:
3522 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3523 break;
3524
3525 case L2CAP_MOVE_CHAN_RSP:
3526 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3527 break;
3528
3529 case L2CAP_MOVE_CHAN_CFM:
3530 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3531 break;
3532
3533 case L2CAP_MOVE_CHAN_CFM_RSP:
3534 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3535 break;
3536
3300d9a9
CT		 3537 default:
3538 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3539 err = -EINVAL;
3540 break;
3541 }
3542
3543 return err;
3544}
3545
3546static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3547 struct l2cap_cmd_hdr *cmd, u8 *data)
3548{
3549 switch (cmd->code) {
3550 case L2CAP_COMMAND_REJ:
3551 return 0;
3552
3553 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3554 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3555
3556 case L2CAP_CONN_PARAM_UPDATE_RSP:
3557 return 0;
3558
3559 default:
3560 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3561 return -EINVAL;
3562 }
3563}
3564
3565static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3566 struct sk_buff *skb)
1da177e4
LT		 3567{
3568 u8 *data = skb->data;
3569 int len = skb->len;
3570 struct l2cap_cmd_hdr cmd;
3300d9a9 3571 int err;
1da177e4
LT		 3572
3573 l2cap_raw_recv(conn, skb);
3574
3575 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3576 u16 cmd_len;
1da177e4
LT		 3577 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3578 data += L2CAP_CMD_HDR_SIZE;
3579 len -= L2CAP_CMD_HDR_SIZE;
3580
88219a0f 3581 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3582
88219a0f 3583 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3584
88219a0f 3585 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3586 BT_DBG("corrupted command");
3587 break;
3588 }
3589
3300d9a9
CT		 3590 if (conn->hcon->type == LE_LINK)
3591 err = l2cap_le_sig_cmd(conn, &cmd, data);
3592 else
3593 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3594
3595 if (err) {
e2fd318e 3596 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3597
3598 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3599
3600 /* FIXME: Map err to a valid reason */
e2fd318e 3601 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3602 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3603 }
3604
88219a0f
AV		 3605 data += cmd_len;
3606 len -= cmd_len;
1da177e4
LT		 3607 }
3608
3609 kfree_skb(skb);
3610}
3611
47d1ec61 3612static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3613{
3614 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3615 int hdr_size;
3616
3617 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3618 hdr_size = L2CAP_EXT_HDR_SIZE;
3619 else
3620 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3621
47d1ec61 3622 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3623 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3624 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3625 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3626
3627 if (our_fcs != rcv_fcs)
7a560e5c 3628 return -EBADMSG;
fcc203c3
GP		 3629 }
3630 return 0;
3631}
3632
525cd185 3633static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3634{
88843ab0 3635 u32 control = 0;
d5392c8f 3636
6a026610 3637 chan->frames_sent = 0;
d5392c8f 3638
0b209fae 3639 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3640
e2ab4353 3641 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3642 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3643 l2cap_send_sframe(chan, control);
e2ab4353 3644 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3645 }
3646
e2ab4353 3647 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3648 l2cap_retransmit_frames(chan);
d5392c8f 3649
525cd185 3650 l2cap_ertm_send(chan);
d5392c8f 3651
e2ab4353 3652 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3653 chan->frames_sent == 0) {
ab784b73 3654 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3655 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3656 }
3657}
3658
fb45de7d 3659static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3660{
3661 struct sk_buff *next_skb;
bfbacc11 3662 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3663
3664 bt_cb(skb)->tx_seq = tx_seq;
3665 bt_cb(skb)->sar = sar;
3666
f1c6775b 3667 next_skb = skb_peek(&chan->srej_q);
8f17154f 3668
836be934 3669 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3670
039d9572 3671 while (next_skb) {
9b53350d
JPRV		 3672 if (bt_cb(next_skb)->tx_seq == tx_seq)
3673 return -EINVAL;
3674
836be934
AE		 3675 next_tx_seq_offset = __seq_offset(chan,
3676 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3677
3678 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3679 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3680 return 0;
8f17154f
GP		 3681 }
3682
f1c6775b 3683 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3684 next_skb = NULL;
3685 else
3686 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3687 }
8f17154f 3688
f1c6775b 3689 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3690
3691 return 0;
8f17154f
GP		 3692}
3693
84084a31
MM		 3694static void append_skb_frag(struct sk_buff *skb,
3695 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3696{
84084a31
MM		 3697 /* skb->len reflects data in skb as well as all fragments
3698 * skb->data_len reflects only data in fragments
3699 */
3700 if (!skb_has_frag_list(skb))
3701 skb_shinfo(skb)->frag_list = new_frag;
3702
3703 new_frag->next = NULL;
3704
3705 (*last_frag)->next = new_frag;
3706 *last_frag = new_frag;
3707
3708 skb->len += new_frag->len;
3709 skb->data_len += new_frag->len;
3710 skb->truesize += new_frag->truesize;
3711}
3712
88843ab0 3713static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3714{
3715 int err = -EINVAL;
18778a63 3716
7e0ef6ee
AE		 3717 switch (__get_ctrl_sar(chan, control)) {
3718 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3719 if (chan->sdu)
3720 break;
18778a63 3721
84084a31
MM		 3722 err = chan->ops->recv(chan->data, skb);
3723 break;
18778a63 3724
7e0ef6ee 3725 case L2CAP_SAR_START:
84084a31
MM		 3726 if (chan->sdu)
3727 break;
18778a63 3728
6f61fd47 3729 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3730 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3731
84084a31
MM		 3732 if (chan->sdu_len > chan->imtu) {
3733 err = -EMSGSIZE;
3734 break;
3735 }
1890d36b 3736
84084a31
MM		 3737 if (skb->len >= chan->sdu_len)
3738 break;
18778a63 3739
84084a31
MM		 3740 chan->sdu = skb;
3741 chan->sdu_last_frag = skb;
18778a63 3742
84084a31
MM		 3743 skb = NULL;
3744 err = 0;
18778a63
GP		 3745 break;
3746
7e0ef6ee 3747 case L2CAP_SAR_CONTINUE:
6f61fd47 3748 if (!chan->sdu)
84084a31 3749 break;
18778a63 3750
84084a31
MM		 3751 append_skb_frag(chan->sdu, skb,
3752 &chan->sdu_last_frag);
3753 skb = NULL;
18778a63 3754
84084a31
MM		 3755 if (chan->sdu->len >= chan->sdu_len)
3756 break;
4178ba46 3757
84084a31 3758 err = 0;
18778a63
GP		 3759 break;
3760
7e0ef6ee 3761 case L2CAP_SAR_END:
6f61fd47 3762 if (!chan->sdu)
84084a31 3763 break;
18778a63 3764
84084a31
MM		 3765 append_skb_frag(chan->sdu, skb,
3766 &chan->sdu_last_frag);
3767 skb = NULL;
4178ba46 3768
84084a31
MM		 3769 if (chan->sdu->len != chan->sdu_len)
3770 break;
18778a63 3771
84084a31 3772 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3773
84084a31
MM		 3774 if (!err) {
3775 /* Reassembly complete */
3776 chan->sdu = NULL;
3777 chan->sdu_last_frag = NULL;
3778 chan->sdu_len = 0;
1890d36b 3779 }
18778a63
GP		 3780 break;
3781 }
3782
84084a31
MM		 3783 if (err) {
3784 kfree_skb(skb);
3785 kfree_skb(chan->sdu);
3786 chan->sdu = NULL;
3787 chan->sdu_last_frag = NULL;
3788 chan->sdu_len = 0;
3789 }
18778a63 3790
84084a31 3791 return err;
18778a63
GP		 3792}
3793
26f880d2 3794static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3795{
26f880d2 3796 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3797
26f880d2
MM		 3798 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3799
77f918bc 3800 __set_ack_timer(chan);
26f880d2
MM		 3801}
3802
3803static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3804{
88843ab0 3805 u32 control;
712132eb 3806
e2ab4353 3807 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3808 goto done;
3809
0b209fae 3810 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3811 control |= __set_ctrl_poll(chan);
ab784b73 3812 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3813 l2cap_send_sframe(chan, control);
6a026610 3814 chan->retry_count = 1;
712132eb 3815
1a09bcb9
GP		 3816 __clear_retrans_timer(chan);
3817 __set_monitor_timer(chan);
712132eb 3818
e2ab4353 3819 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3820
3821done:
e2ab4353
GP		 3822 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3823 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3824
49208c9c 3825 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3826}
3827
e328140f 3828void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3829{
e328140f
MM		 3830 if (chan->mode == L2CAP_MODE_ERTM) {
3831 if (busy)
3832 l2cap_ertm_enter_local_busy(chan);
3833 else
3834 l2cap_ertm_exit_local_busy(chan);
1890d36b 3835 }
1890d36b
GP		 3836}
3837
fb45de7d 3838static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3839{
3840 struct sk_buff *skb;
88843ab0 3841 u32 control;
8f17154f 3842
e328140f
MM		 3843 while ((skb = skb_peek(&chan->srej_q)) &&
3844 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3845 int err;
3846
8f17154f
GP		 3847 if (bt_cb(skb)->tx_seq != tx_seq)
3848 break;
3849
f1c6775b 3850 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3851 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3852 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3853
3854 if (err < 0) {
3855 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3856 break;
3857 }
3858
836be934
AE		 3859 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3860 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3861 }
3862}
3863
fb45de7d 3864static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3865{
8f17154f 3866 struct srej_list *l, *tmp;
88843ab0 3867 u32 control;
8f17154f 3868
39d5a3ee 3869 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3870 if (l->tx_seq == tx_seq) {
3871 list_del(&l->list);
3872 kfree(l);
3873 return;
3874 }
ab784b73 3875 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3876 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3877 l2cap_send_sframe(chan, control);
8f17154f 3878 list_del(&l->list);
39d5a3ee 3879 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3880 }
3881}
3882
aef89f21 3883static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3884{
8f17154f 3885 struct srej_list *new;
88843ab0 3886 u32 control;
8f17154f 3887
42e5c802 3888 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3889 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3890 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3891 l2cap_send_sframe(chan, control);
8f17154f
GP		 3892
3893 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3894 if (!new)
3895 return -ENOMEM;
3896
42e5c802 3897 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3898
3899 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3900
39d5a3ee 3901 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3902 }
836be934
AE		 3903
3904 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3905
3906 return 0;
8f17154f
GP		 3907}
3908
88843ab0 3909static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3910{
fb45de7d 3911 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3912 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3913 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3914 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3915 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3916 int err = 0;
3917
88843ab0 3918 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3919 tx_seq, rx_control);
1c2acffb 3920
03f6715d 3921 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3922 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3923 __clear_monitor_timer(chan);
6a026610 3924 if (chan->unacked_frames > 0)
1a09bcb9 3925 __set_retrans_timer(chan);
e2ab4353 3926 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3927 }
3928
42e5c802
GP		 3929 chan->expected_ack_seq = req_seq;
3930 l2cap_drop_acked_frames(chan);
9f121a5a 3931
836be934 3932 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3933
3934 /* invalid tx_seq */
47d1ec61 3935 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3936 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3937 goto drop;
3938 }
3939
77f918bc
SJ		 3940 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3941 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3942 l2cap_send_ack(chan);
1890d36b 3943 goto drop;
77f918bc 3944 }
1890d36b 3945
02f1b641
MM		 3946 if (tx_seq == chan->expected_tx_seq)
3947 goto expected;
3948
e2ab4353 3949 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3950 struct srej_list *first;
30afb5b2 3951
39d5a3ee 3952 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3953 struct srej_list, list);
3954 if (tx_seq == first->tx_seq) {
42e5c802 3955 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3956 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3957
3958 list_del(&first->list);
3959 kfree(first);
3960
39d5a3ee 3961 if (list_empty(&chan->srej_l)) {
42e5c802 3962 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3963 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3964 l2cap_send_ack(chan);
49208c9c 3965 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3966 }
3967 } else {
3968 struct srej_list *l;
9b53350d
JPRV		 3969
3970 /* duplicated tx_seq */
42e5c802 3971 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3972 goto drop;
8f17154f 3973
39d5a3ee 3974 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3975 if (l->tx_seq == tx_seq) {
525cd185 3976 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3977 return 0;
3978 }
3979 }
aef89f21
SJ		 3980
3981 err = l2cap_send_srejframe(chan, tx_seq);
3982 if (err < 0) {
3983 l2cap_send_disconn_req(chan->conn, chan, -err);
3984 return err;
3985 }
30afb5b2
GP		 3986 }
3987 } else {
836be934
AE		 3988 expected_tx_seq_offset = __seq_offset(chan,
3989 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3990
3991 /* duplicated tx_seq */
3992 if (tx_seq_offset < expected_tx_seq_offset)
3993 goto drop;
3994
e2ab4353 3995 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3996
49208c9c 3997 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3998
39d5a3ee 3999 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4000 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4001
f1c6775b 4002 __skb_queue_head_init(&chan->srej_q);
42e5c802 4003 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4004
0ef3ef0f
SJ		 4005 /* Set P-bit only if there are some I-frames to ack. */
4006 if (__clear_ack_timer(chan))
4007 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4008
aef89f21
SJ		 4009 err = l2cap_send_srejframe(chan, tx_seq);
4010 if (err < 0) {
4011 l2cap_send_disconn_req(chan->conn, chan, -err);
4012 return err;
4013 }
1c2acffb 4014 }
30afb5b2
GP		 4015 return 0;
4016
8f17154f 4017expected:
836be934 4018 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4019
e2ab4353 4020 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 4021 bt_cb(skb)->tx_seq = tx_seq;
4022 bt_cb(skb)->sar = sar;
f1c6775b 4023 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4024 return 0;
4025 }
4026
84084a31 4027 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4028 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4029
e328140f
MM		 4030 if (err < 0) {
4031 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4032 return err;
4033 }
2ece3684 4034
03f6715d 4035 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4036 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4037 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4038 }
4039
c1b4f43b 4040
6a026610
GP		 4041 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4042 if (chan->num_acked == num_to_ack - 1)
525cd185 4043 l2cap_send_ack(chan);
4d611e4d
GP		 4044 else
4045 __set_ack_timer(chan);
9e917af1 4046
8f17154f 4047 return 0;
9b53350d
JPRV		 4048
4049drop:
4050 kfree_skb(skb);
4051 return 0;
1c2acffb
GP		 4052}
4053
88843ab0 4054static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4055{
88843ab0 4056 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4057 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4058
0b209fae 4059 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4060 l2cap_drop_acked_frames(chan);
1c2acffb 4061
e3781735 4062 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4063 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4064 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4065 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4066 (chan->unacked_frames > 0))
1a09bcb9 4067 __set_retrans_timer(chan);
05fbd89d 4068
e2ab4353 4069 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4070 l2cap_send_srejtail(chan);
05fbd89d 4071 } else {
525cd185 4072 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4073 }
1d8f5d16 4074
03f6715d 4075 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4076 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4077
e2ab4353 4078 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4079 l2cap_retransmit_frames(chan);
2246b2f1 4080
e072745f 4081 } else {
e2ab4353 4082 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4083 (chan->unacked_frames > 0))
1a09bcb9 4084 __set_retrans_timer(chan);
1c2acffb 4085
e2ab4353
GP		 4086 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4087 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4088 l2cap_send_ack(chan);
894718a6 4089 else
525cd185 4090 l2cap_ertm_send(chan);
e072745f
GP		 4091 }
4092}
2246b2f1 4093
88843ab0 4094static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4095{
0b209fae 4096 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4097
88843ab0 4098 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4099
e2ab4353 4100 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4101
42e5c802
GP		 4102 chan->expected_ack_seq = tx_seq;
4103 l2cap_drop_acked_frames(chan);
e072745f 4104
03f6715d 4105 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4106 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4107 l2cap_retransmit_frames(chan);
e072745f 4108 } else {
525cd185 4109 l2cap_retransmit_frames(chan);
30afb5b2 4110
e2ab4353
GP		 4111 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4112 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4113 }
4114}
88843ab0 4115static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4116{
0b209fae 4117 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4118
88843ab0 4119 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4120
e2ab4353 4121 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4122
e3781735 4123 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4124 chan->expected_ack_seq = tx_seq;
4125 l2cap_drop_acked_frames(chan);
3cb123d1 4126
e2ab4353 4127 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4128 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4129
525cd185 4130 l2cap_ertm_send(chan);
dfc909be 4131
e2ab4353 4132 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4133 chan->srej_save_reqseq = tx_seq;
e2ab4353 4134 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4135 }
03f6715d 4136 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4137 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4138 chan->srej_save_reqseq == tx_seq)
e2ab4353 4139 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4140 else
525cd185 4141 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4142 } else {
525cd185 4143 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4144 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4145 chan->srej_save_reqseq = tx_seq;
e2ab4353 4146 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4147 }
e072745f
GP		 4148 }
4149}
4150
88843ab0 4151static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4152{
0b209fae 4153 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4154
88843ab0 4155 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4156
e2ab4353 4157 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4158 chan->expected_ack_seq = tx_seq;
4159 l2cap_drop_acked_frames(chan);
e072745f 4160
e3781735 4161 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4162 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4163
e2ab4353 4164 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4165 __clear_retrans_timer(chan);
e3781735 4166 if (__is_ctrl_poll(chan, rx_control))
525cd185 4167 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4168 return;
e072745f 4169 }
99b0d4b7 4170
e3781735 4171 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4172 l2cap_send_srejtail(chan);
ab784b73
AE		 4173 } else {
4174 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4175 l2cap_send_sframe(chan, rx_control);
4176 }
e072745f
GP		 4177}
4178
88843ab0 4179static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4180{
88843ab0 4181 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4182
03f6715d 4183 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4184 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4185 __clear_monitor_timer(chan);
6a026610 4186 if (chan->unacked_frames > 0)
1a09bcb9 4187 __set_retrans_timer(chan);
e2ab4353 4188 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4189 }
4190
ab784b73
AE		 4191 switch (__get_ctrl_super(chan, rx_control)) {
4192 case L2CAP_SUPER_RR:
525cd185 4193 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4194 break;
4195
ab784b73 4196 case L2CAP_SUPER_REJ:
525cd185 4197 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4198 break;
2246b2f1 4199
ab784b73 4200 case L2CAP_SUPER_SREJ:
525cd185 4201 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4202 break;
4203
ab784b73 4204 case L2CAP_SUPER_RNR:
525cd185 4205 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4206 break;
4207 }
4208
faaebd19 4209 kfree_skb(skb);
1c2acffb
GP		 4210 return 0;
4211}
4212
cad8f1d0 4213static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4214{
88843ab0 4215 u32 control;
0b209fae 4216 u16 req_seq;
218bb9df
GP		 4217 int len, next_tx_seq_offset, req_seq_offset;
4218
88843ab0
AE		 4219 control = __get_control(chan, skb->data);
4220 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4221 len = skb->len;
4222
4223 /*
4224 * We can just drop the corrupted I-frame here.
4225 * Receiver will miss it and start proper recovery
4226 * procedures and ask retransmission.
4227 */
47d1ec61 4228 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4229 goto drop;
4230
793c2f1c 4231 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4232 len -= L2CAP_SDULEN_SIZE;
218bb9df 4233
47d1ec61 4234 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4235 len -= L2CAP_FCS_SIZE;
218bb9df 4236
47d1ec61 4237 if (len > chan->mps) {
8c1d787b 4238 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4239 goto drop;
4240 }
4241
0b209fae 4242 req_seq = __get_reqseq(chan, control);
218bb9df 4243
836be934
AE		 4244 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4245
4246 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4247 chan->expected_ack_seq);
218bb9df
GP		 4248
4249 /* check for invalid req-seq */
4250 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4251 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4252 goto drop;
4253 }
4254
793c2f1c 4255 if (!__is_sframe(chan, control)) {
218bb9df 4256 if (len < 0) {
8c1d787b 4257 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4258 goto drop;
4259 }
4260
525cd185 4261 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4262 } else {
4263 if (len != 0) {
4264 BT_ERR("%d", len);
8c1d787b 4265 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4266 goto drop;
4267 }
4268
525cd185 4269 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4270 }
4271
4272 return 0;
4273
4274drop:
4275 kfree_skb(skb);
4276 return 0;
4277}
4278
1da177e4
LT		 4279static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4280{
48454079 4281 struct l2cap_chan *chan;
88843ab0 4282 u32 control;
fb45de7d 4283 u16 tx_seq;
218bb9df 4284 int len;
1da177e4 4285
baa7e1fa 4286 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4287 if (!chan) {
1da177e4 4288 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555
AE		 4289 /* Drop packet and return */
4290 kfree(skb);
4291 return 0;
1da177e4
LT		 4292 }
4293
6be36555 4294 l2cap_chan_lock(chan);
6840ed07 4295
49208c9c 4296 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4297
89bc500e 4298 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4299 goto drop;
4300
0c1bc5c6 4301 switch (chan->mode) {
1c2acffb
GP		 4302 case L2CAP_MODE_BASIC:
4303 /* If socket recv buffers overflows we drop data here
4304 * which is *bad* because L2CAP has to be reliable.
4305 * But we don't have any other choice. L2CAP doesn't
4306 * provide flow control mechanism. */
1da177e4 4307
0c1bc5c6 4308 if (chan->imtu < skb->len)
1c2acffb 4309 goto drop;
1da177e4 4310
23070494 4311 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4312 goto done;
4313 break;
4314
4315 case L2CAP_MODE_ERTM:
5ef8cb9e 4316 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4317
fcafde2e 4318 goto done;
1c2acffb 4319
6840ed07 4320 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4321 control = __get_control(chan, skb->data);
4322 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4323 len = skb->len;
4324
47d1ec61 4325 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4326 goto drop;
4327
7e0ef6ee 4328 if (__is_sar_start(chan, control))
03a51213 4329 len -= L2CAP_SDULEN_SIZE;
6840ed07 4330
47d1ec61 4331 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4332 len -= L2CAP_FCS_SIZE;
fcc203c3 4333
793c2f1c 4334 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4335 goto drop;
4336
fb45de7d 4337 tx_seq = __get_txseq(chan, control);
6840ed07 4338
84084a31
MM		 4339 if (chan->expected_tx_seq != tx_seq) {
4340 /* Frame(s) missing - must discard partial SDU */
4341 kfree_skb(chan->sdu);
4342 chan->sdu = NULL;
4343 chan->sdu_last_frag = NULL;
4344 chan->sdu_len = 0;
6840ed07 4345
84084a31
MM		 4346 /* TODO: Notify userland of missing data */
4347 }
4348
836be934 4349 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4350
4351 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4352 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4353
4354 goto done;
4355
1c2acffb 4356 default:
0c1bc5c6 4357 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4358 break;
4359 }
1da177e4
LT		 4360
4361drop:
4362 kfree_skb(skb);
4363
4364done:
6be36555 4365 l2cap_chan_unlock(chan);
0139418c 4366
1da177e4
LT		 4367 return 0;
4368}
4369
8e036fc3 4370static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4371{
6dcae1ea 4372 struct sock *sk = NULL;
23691d75 4373 struct l2cap_chan *chan;
1da177e4 4374
23691d75
GP		 4375 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4376 if (!chan)
1da177e4
LT		 4377 goto drop;
4378
23691d75
GP		 4379 sk = chan->sk;
4380
aa2ac881 4381 lock_sock(sk);
e0f0cb56 4382
1da177e4
LT		 4383 BT_DBG("sk %p, len %d", sk, skb->len);
4384
89bc500e 4385 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4386 goto drop;
4387
e13e21dc 4388 if (chan->imtu < skb->len)
1da177e4
LT		 4389 goto drop;
4390
23070494 4391 if (!chan->ops->recv(chan->data, skb))
1da177e4
LT		 4392 goto done;
4393
4394drop:
4395 kfree_skb(skb);
4396
4397done:
af05b30b 4398 if (sk)
aa2ac881 4399 release_sock(sk);
1da177e4
LT		 4400 return 0;
4401}
4402
9f69bda6
GP		 4403static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
4404{
6dcae1ea 4405 struct sock *sk = NULL;
23691d75 4406 struct l2cap_chan *chan;
9f69bda6 4407
23691d75
GP		 4408 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4409 if (!chan)
9f69bda6
GP		 4410 goto drop;
4411
23691d75
GP		 4412 sk = chan->sk;
4413
aa2ac881 4414 lock_sock(sk);
9f69bda6
GP		 4415
4416 BT_DBG("sk %p, len %d", sk, skb->len);
4417
89bc500e 4418 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4419 goto drop;
4420
e13e21dc 4421 if (chan->imtu < skb->len)
9f69bda6
GP		 4422 goto drop;
4423
23070494 4424 if (!chan->ops->recv(chan->data, skb))
9f69bda6
GP		 4425 goto done;
4426
4427drop:
4428 kfree_skb(skb);
4429
4430done:
4431 if (sk)
aa2ac881 4432 release_sock(sk);
9f69bda6
GP		 4433 return 0;
4434}
4435
1da177e4
LT		 4436static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4437{
4438 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4439 u16 cid, len;
4440 __le16 psm;
1da177e4
LT		 4441
4442 skb_pull(skb, L2CAP_HDR_SIZE);
4443 cid = __le16_to_cpu(lh->cid);
4444 len = __le16_to_cpu(lh->len);
4445
1c2acffb
GP		 4446 if (len != skb->len) {
4447 kfree_skb(skb);
4448 return;
4449 }
4450
1da177e4
LT		 4451 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4452
4453 switch (cid) {
3300d9a9 4454 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4455 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4456 l2cap_sig_channel(conn, skb);
4457 break;
4458
8db4dc46 4459 case L2CAP_CID_CONN_LESS:
1b7bf4ed 4460 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 4461 skb_pull(skb, 2);
4462 l2cap_conless_channel(conn, psm, skb);
4463 break;
4464
9f69bda6
GP		 4465 case L2CAP_CID_LE_DATA:
4466 l2cap_att_channel(conn, cid, skb);
4467 break;
4468
b501d6a1
AB		 4469 case L2CAP_CID_SMP:
4470 if (smp_sig_channel(conn, skb))
4471 l2cap_conn_del(conn->hcon, EACCES);
4472 break;
4473
1da177e4
LT		 4474 default:
4475 l2cap_data_channel(conn, cid, skb);
4476 break;
4477 }
4478}
4479
4480/* ---- L2CAP interface with lower layer (HCI) ---- */
4481
686ebf28 4482int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4483{
4484 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4485 struct l2cap_chan *c;
1da177e4 4486
1da177e4
LT		 4487 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4488
4489 /* Find listening sockets and check their link_mode */
23691d75
GP		 4490 read_lock(&chan_list_lock);
4491 list_for_each_entry(c, &chan_list, global_l) {
4492 struct sock *sk = c->sk;
4343478f 4493
89bc500e 4494 if (c->state != BT_LISTEN)
1da177e4
LT		 4495 continue;
4496
4497 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4498 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4499 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4500 lm1 |= HCI_LM_MASTER;
1da177e4 4501 exact++;
2af6b9d5
MH		 4502 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4503 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4504 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4505 lm2 |= HCI_LM_MASTER;
4506 }
1da177e4 4507 }
23691d75 4508 read_unlock(&chan_list_lock);
1da177e4
LT		 4509
4510 return exact ? lm1 : lm2;
4511}
4512
686ebf28 4513int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4514{
0139418c
MH		 4515 struct l2cap_conn *conn;
4516
1da177e4
LT		 4517 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4518
1da177e4 4519 if (!status) {
1da177e4
LT		 4520 conn = l2cap_conn_add(hcon, status);
4521 if (conn)
4522 l2cap_conn_ready(conn);
0139418c 4523 } else
e175072f 4524 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4525
4526 return 0;
4527}
4528
686ebf28 4529int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4530{
4531 struct l2cap_conn *conn = hcon->l2cap_data;
4532
4533 BT_DBG("hcon %p", hcon);
4534
686ebf28 4535 if (!conn)
9f5a0d7b 4536 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4537 return conn->disc_reason;
4538}
4539
686ebf28 4540int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4541{
4542 BT_DBG("hcon %p reason %d", hcon, reason);
4543
e175072f 4544 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4545 return 0;
4546}
4547
4343478f 4548static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4549{
715ec005 4550 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4551 return;
4552
f62e4323 4553 if (encrypt == 0x00) {
4343478f 4554 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675 4555 __clear_chan_timer(chan);
b83ddfe2
AK		 4556 __set_chan_timer(chan,
4557 msecs_to_jiffies(L2CAP_ENC_TIMEOUT));
4343478f 4558 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4559 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4560 } else {
4343478f 4561 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4562 __clear_chan_timer(chan);
f62e4323
MH		 4563 }
4564}
4565
686ebf28 4566int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4567{
0139418c 4568 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4569 struct l2cap_chan *chan;
1da177e4 4570
0139418c 4571 if (!conn)
1da177e4 4572 return 0;
0139418c 4573
1da177e4
LT		 4574 BT_DBG("conn %p", conn);
4575
160dc6ac
VCG		 4576 if (hcon->type == LE_LINK) {
4577 smp_distribute_keys(conn, 0);
17cd3f37 4578 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4579 }
4580
3df91ea2 4581 mutex_lock(&conn->chan_lock);
1da177e4 4582
3df91ea2 4583 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 4584 l2cap_chan_lock(chan);
1da177e4 4585
f1cb9af5
VCG		 4586 BT_DBG("chan->scid %d", chan->scid);
4587
4588 if (chan->scid == L2CAP_CID_LE_DATA) {
4589 if (!status && encrypt) {
4590 chan->sec_level = hcon->sec_level;
cf4cd009 4591 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4592 }
4593
6be36555 4594 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 4595 continue;
4596 }
4597
c1360a1c 4598 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 4599 l2cap_chan_unlock(chan);
6a8d3010
MH		 4600 continue;
4601 }
4602
89bc500e
GP		 4603 if (!status && (chan->state == BT_CONNECTED ||
4604 chan->state == BT_CONFIG)) {
4343478f 4605 l2cap_check_encryption(chan, encrypt);
6be36555 4606 l2cap_chan_unlock(chan);
9719f8af
MH		 4607 continue;
4608 }
4609
89bc500e 4610 if (chan->state == BT_CONNECT) {
b1235d79
MH		 4611 if (!status) {
4612 struct l2cap_conn_req req;
fe4128e0
GP		 4613 req.scid = cpu_to_le16(chan->scid);
4614 req.psm = chan->psm;
1da177e4 4615
fc7f8a7e 4616 chan->ident = l2cap_get_ident(conn);
c1360a1c 4617 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4 4618
fc7f8a7e 4619 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4620 L2CAP_CONN_REQ, sizeof(req), &req);
4621 } else {
c9b66675 4622 __clear_chan_timer(chan);
b83ddfe2
AK		 4623 __set_chan_timer(chan,
4624 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
b1235d79 4625 }
89bc500e 4626 } else if (chan->state == BT_CONNECT2) {
6be36555 4627 struct sock *sk = chan->sk;
b1235d79 4628 struct l2cap_conn_rsp rsp;
df3c3931 4629 __u16 res, stat;
1da177e4 4630
6be36555
AE		 4631 lock_sock(sk);
4632
b1235d79 4633 if (!status) {
df3c3931
JH		 4634 if (bt_sk(sk)->defer_setup) {
4635 struct sock *parent = bt_sk(sk)->parent;
4636 res = L2CAP_CR_PEND;
4637 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4638 if (parent)
4639 parent->sk_data_ready(parent, 0);
df3c3931 4640 } else {
0e587be7 4641 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4642 res = L2CAP_CR_SUCCESS;
4643 stat = L2CAP_CS_NO_INFO;
4644 }
b1235d79 4645 } else {
0e587be7 4646 __l2cap_state_change(chan, BT_DISCONN);
b83ddfe2
AK		 4647 __set_chan_timer(chan,
4648 msecs_to_jiffies(L2CAP_DISC_TIMEOUT));
df3c3931
JH		 4649 res = L2CAP_CR_SEC_BLOCK;
4650 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4651 }
4652
6be36555
AE		 4653 release_sock(sk);
4654
fe4128e0
GP		 4655 rsp.scid = cpu_to_le16(chan->dcid);
4656 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4657 rsp.result = cpu_to_le16(res);
4658 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4659 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4660 sizeof(rsp), &rsp);
b1235d79 4661 }
1da177e4 4662
6be36555 4663 l2cap_chan_unlock(chan);
1da177e4
LT		 4664 }
4665
3df91ea2 4666 mutex_unlock(&conn->chan_lock);
b1235d79 4667
1da177e4
LT		 4668 return 0;
4669}
4670
686ebf28 4671int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4672{
4673 struct l2cap_conn *conn = hcon->l2cap_data;
4674
5a08ecce
AE		 4675 if (!conn)
4676 conn = l2cap_conn_add(hcon, 0);
4677
4678 if (!conn)
1da177e4
LT		 4679 goto drop;
4680
4681 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4682
e702112f 4683 if (!(flags & ACL_CONT)) {
1da177e4 4684 struct l2cap_hdr *hdr;
48454079 4685 struct l2cap_chan *chan;
89794813 4686 u16 cid;
1da177e4
LT		 4687 int len;
4688
4689 if (conn->rx_len) {
4690 BT_ERR("Unexpected start frame (len %d)", skb->len);
4691 kfree_skb(conn->rx_skb);
4692 conn->rx_skb = NULL;
4693 conn->rx_len = 0;
4694 l2cap_conn_unreliable(conn, ECOMM);
4695 }
4696
aae7fe22
AE		 4697 /* Start fragment always begin with Basic L2CAP header */
4698 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4699 BT_ERR("Frame is too short (len %d)", skb->len);
4700 l2cap_conn_unreliable(conn, ECOMM);
4701 goto drop;
4702 }
4703
4704 hdr = (struct l2cap_hdr *) skb->data;
4705 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4706 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4707
4708 if (len == skb->len) {
4709 /* Complete frame received */
4710 l2cap_recv_frame(conn, skb);
4711 return 0;
4712 }
4713
4714 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4715
4716 if (skb->len > len) {
4717 BT_ERR("Frame is too long (len %d, expected len %d)",
4718 skb->len, len);
4719 l2cap_conn_unreliable(conn, ECOMM);
4720 goto drop;
4721 }
4722
baa7e1fa 4723 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4724
48454079
GP		 4725 if (chan && chan->sk) {
4726 struct sock *sk = chan->sk;
3df91ea2 4727 lock_sock(sk);
89794813 4728
0c1bc5c6 4729 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4730 BT_ERR("Frame exceeding recv MTU (len %d, "
4731 "MTU %d)", len,
0c1bc5c6 4732 chan->imtu);
aa2ac881 4733 release_sock(sk);
48454079
GP		 4734 l2cap_conn_unreliable(conn, ECOMM);
4735 goto drop;
4736 }
aa2ac881 4737 release_sock(sk);
48454079 4738 }
89794813 4739
1da177e4 4740 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4741 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4742 if (!conn->rx_skb)
1da177e4
LT		 4743 goto drop;
4744
d626f62b 4745 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4746 skb->len);
1da177e4
LT		 4747 conn->rx_len = len - skb->len;
4748 } else {
4749 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4750
4751 if (!conn->rx_len) {
4752 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4753 l2cap_conn_unreliable(conn, ECOMM);
4754 goto drop;
4755 }
4756
4757 if (skb->len > conn->rx_len) {
4758 BT_ERR("Fragment is too long (len %d, expected %d)",
4759 skb->len, conn->rx_len);
4760 kfree_skb(conn->rx_skb);
4761 conn->rx_skb = NULL;
4762 conn->rx_len = 0;
4763 l2cap_conn_unreliable(conn, ECOMM);
4764 goto drop;
4765 }
4766
d626f62b 4767 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4768 skb->len);
1da177e4
LT		 4769 conn->rx_len -= skb->len;
4770
4771 if (!conn->rx_len) {
4772 /* Complete frame received */
4773 l2cap_recv_frame(conn, conn->rx_skb);
4774 conn->rx_skb = NULL;
4775 }
4776 }
4777
4778drop:
4779 kfree_skb(skb);
4780 return 0;
4781}
4782
aef7d97c 4783static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4784{
23691d75 4785 struct l2cap_chan *c;
1da177e4 4786
333055f2 4787 read_lock(&chan_list_lock);
1da177e4 4788
23691d75
GP		 4789 list_for_each_entry(c, &chan_list, global_l) {
4790 struct sock *sk = c->sk;
101545f6 4791
903d343e 4792 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4793 batostr(&bt_sk(sk)->src),
4794 batostr(&bt_sk(sk)->dst),
89bc500e 4795 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4796 c->scid, c->dcid, c->imtu, c->omtu,
4797 c->sec_level, c->mode);
61e1b4b7 4798 }
1da177e4 4799
333055f2 4800 read_unlock(&chan_list_lock);
1da177e4 4801
aef7d97c 4802 return 0;
1da177e4
LT		 4803}
4804
aef7d97c
MH		 4805static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4806{
4807 return single_open(file, l2cap_debugfs_show, inode->i_private);
4808}
4809
4810static const struct file_operations l2cap_debugfs_fops = {
4811 .open = l2cap_debugfs_open,
4812 .read = seq_read,
4813 .llseek = seq_lseek,
4814 .release = single_release,
4815};
4816
4817static struct dentry *l2cap_debugfs;
1da177e4 4818
64274518 4819int __init l2cap_init(void)
1da177e4
LT		 4820{
4821 int err;
be9d1227 4822
bb58f747 4823 err = l2cap_init_sockets();
1da177e4
LT		 4824 if (err < 0)
4825 return err;
4826
aef7d97c
MH		 4827 if (bt_debugfs) {
4828 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4829 bt_debugfs, NULL, &l2cap_debugfs_fops);
4830 if (!l2cap_debugfs)
4831 BT_ERR("Failed to create L2CAP debug file");
4832 }
1da177e4 4833
1da177e4 4834 return 0;
1da177e4
LT		 4835}
4836
64274518 4837void l2cap_exit(void)
1da177e4 4838{
aef7d97c 4839 debugfs_remove(l2cap_debugfs);
bb58f747 4840 l2cap_cleanup_sockets();
1da177e4
LT		 4841}
4842
d1c4a17d
GP		 4843module_param(disable_ertm, bool, 0644);
4844MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)