projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for returning the encryption key size
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
1da177e4
LT		 6
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
12
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21
8e87d142
YH		 22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 24 SOFTWARE IS DISCLAIMED.
25*/
26
bb58f747 27/* Bluetooth L2CAP core. */
1da177e4 28
1da177e4
LT		 29#include <linux/module.h>
30
31#include <linux/types.h>
4fc268d2 32#include <linux/capability.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/interrupt.h>
41#include <linux/socket.h>
42#include <linux/skbuff.h>
1da177e4 43#include <linux/list.h>
be9d1227 44#include <linux/device.h>
aef7d97c
MH		 45#include <linux/debugfs.h>
46#include <linux/seq_file.h>
af05b30b 47#include <linux/uaccess.h>
fcc203c3 48#include <linux/crc16.h>
1da177e4
LT		 49#include <net/sock.h>
50
51#include <asm/system.h>
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
bb58f747 59int disable_ertm;
f0709e03 60
47ec1dcd 61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
e1027a7c 62static u8 l2cap_fixed_chan[8] = { 0x02, };
1da177e4 63
b5ad8b7f
JB		 64static LIST_HEAD(chan_list);
65static DEFINE_RWLOCK(chan_list_lock);
1da177e4 66
1da177e4
LT		 67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 69static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
70 void *data);
710f9b0a 71static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 72static void l2cap_send_disconn_req(struct l2cap_conn *conn,
73 struct l2cap_chan *chan, int err);
1da177e4 74
218bb9df
GP		 75static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
76
0139418c 77/* ---- L2CAP channels ---- */
71ba0e56
GP		 78
79static inline void chan_hold(struct l2cap_chan *c)
80{
81 atomic_inc(&c->refcnt);
82}
83
84static inline void chan_put(struct l2cap_chan *c)
85{
86 if (atomic_dec_and_test(&c->refcnt))
87 kfree(c);
88}
89
baa7e1fa 90static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 91{
48454079 92 struct l2cap_chan *c;
baa7e1fa
GP		 93
94 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 95 if (c->dcid == cid)
baa7e1fa 96 return c;
0139418c 97 }
baa7e1fa
GP		 98 return NULL;
99
0139418c
MH		 100}
101
baa7e1fa 102static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 103{
48454079 104 struct l2cap_chan *c;
baa7e1fa
GP		 105
106 list_for_each_entry(c, &conn->chan_l, list) {
fe4128e0 107 if (c->scid == cid)
baa7e1fa 108 return c;
0139418c 109 }
baa7e1fa 110 return NULL;
0139418c
MH		 111}
112
113/* Find channel with given SCID.
114 * Returns locked socket */
baa7e1fa 115static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 116{
48454079 117 struct l2cap_chan *c;
baa7e1fa
GP		 118
119 read_lock(&conn->chan_lock);
120 c = __l2cap_get_chan_by_scid(conn, cid);
48454079
GP		 121 if (c)
122 bh_lock_sock(c->sk);
baa7e1fa 123 read_unlock(&conn->chan_lock);
48454079 124 return c;
0139418c
MH		 125}
126
baa7e1fa 127static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 128{
48454079 129 struct l2cap_chan *c;
baa7e1fa
GP		 130
131 list_for_each_entry(c, &conn->chan_l, list) {
fc7f8a7e 132 if (c->ident == ident)
baa7e1fa 133 return c;
0139418c 134 }
baa7e1fa 135 return NULL;
0139418c
MH		 136}
137
baa7e1fa 138static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 139{
48454079 140 struct l2cap_chan *c;
baa7e1fa
GP		 141
142 read_lock(&conn->chan_lock);
143 c = __l2cap_get_chan_by_ident(conn, ident);
48454079
GP		 144 if (c)
145 bh_lock_sock(c->sk);
baa7e1fa 146 read_unlock(&conn->chan_lock);
48454079 147 return c;
0139418c
MH		 148}
149
23691d75 150static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 151{
23691d75 152 struct l2cap_chan *c;
9e4425ff 153
23691d75
GP		 154 list_for_each_entry(c, &chan_list, global_l) {
155 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
9e4425ff
GP		 156 goto found;
157 }
158
23691d75 159 c = NULL;
9e4425ff 160found:
23691d75 161 return c;
9e4425ff
GP		 162}
163
164int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
165{
73b2ec18
GP		 166 int err;
167
23691d75 168 write_lock_bh(&chan_list_lock);
9e4425ff 169
23691d75 170 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 171 err = -EADDRINUSE;
172 goto done;
9e4425ff
GP		 173 }
174
73b2ec18
GP		 175 if (psm) {
176 chan->psm = psm;
177 chan->sport = psm;
178 err = 0;
179 } else {
180 u16 p;
181
182 err = -EINVAL;
183 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 184 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 185 chan->psm = cpu_to_le16(p);
186 chan->sport = cpu_to_le16(p);
187 err = 0;
188 break;
189 }
190 }
9e4425ff 191
73b2ec18 192done:
23691d75 193 write_unlock_bh(&chan_list_lock);
73b2ec18 194 return err;
9e4425ff
GP		 195}
196
197int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
198{
23691d75 199 write_lock_bh(&chan_list_lock);
9e4425ff
GP		 200
201 chan->scid = scid;
202
23691d75 203 write_unlock_bh(&chan_list_lock);
9e4425ff
GP		 204
205 return 0;
206}
207
baa7e1fa 208static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 209{
8db4dc46 210 u16 cid = L2CAP_CID_DYN_START;
0139418c 211
8db4dc46 212 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 213 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 214 return cid;
215 }
216
217 return 0;
218}
219
c9b66675 220static void l2cap_set_timer(struct l2cap_chan *chan, struct timer_list *timer, long timeout)
ab07801d 221{
774e5651 222 BT_DBG("chan %p state %d timeout %ld", chan->sk, chan->state, timeout);
89bc500e 223
942ecc9c 224 if (!mod_timer(timer, jiffies + msecs_to_jiffies(timeout)))
774e5651 225 chan_hold(chan);
ab07801d
GP		 226}
227
c9b66675 228static void l2cap_clear_timer(struct l2cap_chan *chan, struct timer_list *timer)
ab07801d 229{
774e5651 230 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d 231
774e5651
MM		 232 if (timer_pending(timer) && del_timer(timer))
233 chan_put(chan);
ab07801d
GP		 234}
235
89bc500e
GP		 236static void l2cap_state_change(struct l2cap_chan *chan, int state)
237{
238 chan->state = state;
239 chan->ops->state_change(chan->data, state);
240}
241
ab07801d
GP		 242static void l2cap_chan_timeout(unsigned long arg)
243{
244 struct l2cap_chan *chan = (struct l2cap_chan *) arg;
245 struct sock *sk = chan->sk;
246 int reason;
247
89bc500e 248 BT_DBG("chan %p state %d", chan, chan->state);
ab07801d
GP		 249
250 bh_lock_sock(sk);
251
252 if (sock_owned_by_user(sk)) {
253 /* sk is owned by user. Try again later */
c9b66675 254 __set_chan_timer(chan, HZ / 5);
ab07801d 255 bh_unlock_sock(sk);
71ba0e56 256 chan_put(chan);
ab07801d
GP		 257 return;
258 }
259
89bc500e 260 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 261 reason = ECONNREFUSED;
89bc500e 262 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 263 chan->sec_level != BT_SECURITY_SDP)
264 reason = ECONNREFUSED;
265 else
266 reason = ETIMEDOUT;
267
0f852724 268 l2cap_chan_close(chan, reason);
ab07801d
GP		 269
270 bh_unlock_sock(sk);
271
ba3bd0ee 272 chan->ops->close(chan->data);
71ba0e56 273 chan_put(chan);
ab07801d
GP		 274}
275
23691d75 276struct l2cap_chan *l2cap_chan_create(struct sock *sk)
48454079
GP		 277{
278 struct l2cap_chan *chan;
279
280 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
281 if (!chan)
282 return NULL;
283
284 chan->sk = sk;
285
23691d75
GP		 286 write_lock_bh(&chan_list_lock);
287 list_add(&chan->global_l, &chan_list);
288 write_unlock_bh(&chan_list_lock);
289
ab07801d
GP		 290 setup_timer(&chan->chan_timer, l2cap_chan_timeout, (unsigned long) chan);
291
89bc500e
GP		 292 chan->state = BT_OPEN;
293
71ba0e56
GP		 294 atomic_set(&chan->refcnt, 1);
295
48454079
GP		 296 return chan;
297}
298
23691d75 299void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 300{
23691d75
GP		 301 write_lock_bh(&chan_list_lock);
302 list_del(&chan->global_l);
303 write_unlock_bh(&chan_list_lock);
304
71ba0e56 305 chan_put(chan);
6ff5abbf
GP		 306}
307
48454079 308static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 309{
af05b30b 310 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
fe4128e0 311 chan->psm, chan->dcid);
0139418c 312
2950f21a
MH		 313 conn->disc_reason = 0x13;
314
8c1d787b 315 chan->conn = conn;
0139418c 316
715ec005 317 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
b62f328b
VT		 318 if (conn->hcon->type == LE_LINK) {
319 /* LE connection */
0c1bc5c6 320 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 321 chan->scid = L2CAP_CID_LE_DATA;
322 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 323 } else {
324 /* Alloc CID for connection-oriented socket */
fe4128e0 325 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 326 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 327 }
715ec005 328 } else if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
0139418c 329 /* Connectionless socket */
fe4128e0
GP		 330 chan->scid = L2CAP_CID_CONN_LESS;
331 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 332 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 333 } else {
334 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 335 chan->scid = L2CAP_CID_SIGNALING;
336 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 337 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 338 }
339
71ba0e56 340 chan_hold(chan);
baa7e1fa
GP		 341
342 list_add(&chan->list, &conn->chan_l);
0139418c
MH		 343}
344
8e87d142 345/* Delete channel.
0139418c 346 * Must be called on the locked socket. */
4519de9a 347static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 348{
48454079 349 struct sock *sk = chan->sk;
8c1d787b 350 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 351 struct sock *parent = bt_sk(sk)->parent;
352
c9b66675 353 __clear_chan_timer(chan);
0139418c 354
49208c9c 355 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 356
8e87d142 357 if (conn) {
baa7e1fa
GP		 358 /* Delete from channel list */
359 write_lock_bh(&conn->chan_lock);
360 list_del(&chan->list);
361 write_unlock_bh(&conn->chan_lock);
71ba0e56 362 chan_put(chan);
baa7e1fa 363
8c1d787b 364 chan->conn = NULL;
0139418c
MH		 365 hci_conn_put(conn->hcon);
366 }
367
89bc500e 368 l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 369 sock_set_flag(sk, SOCK_ZAPPED);
370
371 if (err)
372 sk->sk_err = err;
373
374 if (parent) {
375 bt_accept_unlink(sk);
376 parent->sk_data_ready(parent, 0);
377 } else
378 sk->sk_state_change(sk);
c13ffa62 379
c1360a1c
GP		 380 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
381 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 382 return;
2ead70b8 383
58d35f87 384 skb_queue_purge(&chan->tx_q);
c13ffa62 385
0c1bc5c6 386 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 387 struct srej_list *l, *tmp;
388
1a09bcb9
GP		 389 __clear_retrans_timer(chan);
390 __clear_monitor_timer(chan);
391 __clear_ack_timer(chan);
c13ffa62 392
f1c6775b 393 skb_queue_purge(&chan->srej_q);
c13ffa62 394
39d5a3ee 395 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 396 list_del(&l->list);
397 kfree(l);
398 }
399 }
0139418c
MH		 400}
401
4519de9a
GP		 402static void l2cap_chan_cleanup_listen(struct sock *parent)
403{
404 struct sock *sk;
405
406 BT_DBG("parent %p", parent);
407
408 /* Close not yet accepted channels */
0f852724 409 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 410 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
c9b66675 411 __clear_chan_timer(chan);
0f852724 412 lock_sock(sk);
ba3bd0ee 413 l2cap_chan_close(chan, ECONNRESET);
0f852724 414 release_sock(sk);
ba3bd0ee 415 chan->ops->close(chan->data);
0f852724 416 }
4519de9a
GP		 417}
418
0f852724 419void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 420{
421 struct l2cap_conn *conn = chan->conn;
422 struct sock *sk = chan->sk;
423
89bc500e 424 BT_DBG("chan %p state %d socket %p", chan, chan->state, sk->sk_socket);
4519de9a 425
89bc500e 426 switch (chan->state) {
4519de9a
GP		 427 case BT_LISTEN:
428 l2cap_chan_cleanup_listen(sk);
89bc500e
GP		 429
430 l2cap_state_change(chan, BT_CLOSED);
431 sock_set_flag(sk, SOCK_ZAPPED);
4519de9a
GP		 432 break;
433
434 case BT_CONNECTED:
435 case BT_CONFIG:
715ec005 436 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 437 conn->hcon->type == ACL_LINK) {
c9b66675
GP		 438 __clear_chan_timer(chan);
439 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 440 l2cap_send_disconn_req(conn, chan, reason);
441 } else
442 l2cap_chan_del(chan, reason);
443 break;
444
445 case BT_CONNECT2:
715ec005 446 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 447 conn->hcon->type == ACL_LINK) {
448 struct l2cap_conn_rsp rsp;
449 __u16 result;
450
451 if (bt_sk(sk)->defer_setup)
452 result = L2CAP_CR_SEC_BLOCK;
453 else
454 result = L2CAP_CR_BAD_PSM;
89bc500e 455 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 456
457 rsp.scid = cpu_to_le16(chan->dcid);
458 rsp.dcid = cpu_to_le16(chan->scid);
459 rsp.result = cpu_to_le16(result);
460 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
461 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
462 sizeof(rsp), &rsp);
463 }
464
465 l2cap_chan_del(chan, reason);
466 break;
467
468 case BT_CONNECT:
469 case BT_DISCONN:
470 l2cap_chan_del(chan, reason);
471 break;
472
473 default:
474 sock_set_flag(sk, SOCK_ZAPPED);
475 break;
476 }
477}
478
4343478f 479static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 480{
715ec005 481 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 482 switch (chan->sec_level) {
8556edd3
JH		 483 case BT_SECURITY_HIGH:
484 return HCI_AT_DEDICATED_BONDING_MITM;
485 case BT_SECURITY_MEDIUM:
486 return HCI_AT_DEDICATED_BONDING;
487 default:
488 return HCI_AT_NO_BONDING;
489 }
fe4128e0 490 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 491 if (chan->sec_level == BT_SECURITY_LOW)
492 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 493
4343478f 494 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 495 return HCI_AT_NO_BONDING_MITM;
00ae4af9 496 else
8556edd3 497 return HCI_AT_NO_BONDING;
00ae4af9 498 } else {
4343478f 499 switch (chan->sec_level) {
00ae4af9 500 case BT_SECURITY_HIGH:
8556edd3 501 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 502 case BT_SECURITY_MEDIUM:
8556edd3 503 return HCI_AT_GENERAL_BONDING;
00ae4af9 504 default:
8556edd3 505 return HCI_AT_NO_BONDING;
00ae4af9 506 }
0684e5f9 507 }
8556edd3
JH		 508}
509
510/* Service level security */
4343478f 511static inline int l2cap_check_security(struct l2cap_chan *chan)
8556edd3 512{
8c1d787b 513 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 514 __u8 auth_type;
515
4343478f 516 auth_type = l2cap_get_auth_type(chan);
79d554a6 517
4343478f 518 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 519}
520
b5ad8b7f 521static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 522{
523 u8 id;
524
525 /* Get next available identificator.
526 * 1 - 128 are used by kernel.
527 * 129 - 199 are reserved.
528 * 200 - 254 are used by utilities like l2ping, etc.
529 */
530
531 spin_lock_bh(&conn->lock);
532
533 if (++conn->tx_ident > 128)
534 conn->tx_ident = 1;
535
536 id = conn->tx_ident;
537
538 spin_unlock_bh(&conn->lock);
539
540 return id;
541}
542
4519de9a 543static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 544{
545 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 546 u8 flags;
4e8402a3
MH		 547
548 BT_DBG("code 0x%2.2x", code);
549
550 if (!skb)
9a9c6a34 551 return;
4e8402a3 552
e702112f
AE		 553 if (lmp_no_flush_capable(conn->hcon->hdev))
554 flags = ACL_START_NO_FLUSH;
555 else
556 flags = ACL_START;
557
14b12d0b
JG		 558 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
559
e702112f 560 hci_send_acl(conn->hcon, skb, flags);
4e8402a3
MH		 561}
562
525cd185 563static inline void l2cap_send_sframe(struct l2cap_chan *chan, u16 control)
1c2acffb
GP		 564{
565 struct sk_buff *skb;
566 struct l2cap_hdr *lh;
8c1d787b 567 struct l2cap_conn *conn = chan->conn;
fcc203c3 568 int count, hlen = L2CAP_HDR_SIZE + 2;
e702112f 569 u8 flags;
fcc203c3 570
89bc500e 571 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 572 return;
573
47d1ec61 574 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3 575 hlen += 2;
1c2acffb 576
49208c9c 577 BT_DBG("chan %p, control 0x%2.2x", chan, control);
1c2acffb 578
fcc203c3 579 count = min_t(unsigned int, conn->mtu, hlen);
1c2acffb
GP		 580 control |= L2CAP_CTRL_FRAME_TYPE;
581
e2ab4353 582 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
9e917af1 583 control |= L2CAP_CTRL_FINAL;
9e917af1 584
e2ab4353 585 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
f0946ccf 586 control |= L2CAP_CTRL_POLL;
f0946ccf 587
1c2acffb
GP		 588 skb = bt_skb_alloc(count, GFP_ATOMIC);
589 if (!skb)
9a9c6a34 590 return;
1c2acffb
GP		 591
592 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 593 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 594 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 595 put_unaligned_le16(control, skb_put(skb, 2));
596
47d1ec61 597 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 598 u16 fcs = crc16(0, (u8 *)lh, count - 2);
599 put_unaligned_le16(fcs, skb_put(skb, 2));
600 }
601
e702112f
AE		 602 if (lmp_no_flush_capable(conn->hcon->hdev))
603 flags = ACL_START_NO_FLUSH;
604 else
605 flags = ACL_START;
606
14b12d0b
JG		 607 bt_cb(skb)->force_active = chan->force_active;
608
8c1d787b 609 hci_send_acl(chan->conn->hcon, skb, flags);
1c2acffb
GP		 610}
611
525cd185 612static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u16 control)
7e743090 613{
e2ab4353 614 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
7e743090 615 control |= L2CAP_SUPER_RCV_NOT_READY;
e2ab4353 616 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 617 } else
7e743090
GP		 618 control |= L2CAP_SUPER_RCV_READY;
619
42e5c802 620 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
2ab25cdd 621
525cd185 622 l2cap_send_sframe(chan, control);
7e743090
GP		 623}
624
b4450035 625static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 626{
c1360a1c 627 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 628}
629
fc7f8a7e 630static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 631{
8c1d787b 632 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 633
634 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 635 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
636 return;
637
4343478f
GP		 638 if (l2cap_check_security(chan) &&
639 __l2cap_no_conn_pending(chan)) {
b1235d79 640 struct l2cap_conn_req req;
fe4128e0
GP		 641 req.scid = cpu_to_le16(chan->scid);
642 req.psm = chan->psm;
79d554a6 643
fc7f8a7e 644 chan->ident = l2cap_get_ident(conn);
c1360a1c 645 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
79d554a6 646
fc7f8a7e
GP		 647 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
648 sizeof(req), &req);
b1235d79 649 }
79d554a6
MH		 650 } else {
651 struct l2cap_info_req req;
652 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
653
654 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
655 conn->info_ident = l2cap_get_ident(conn);
656
657 mod_timer(&conn->info_timer, jiffies +
658 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
659
660 l2cap_send_cmd(conn, conn->info_ident,
661 L2CAP_INFO_REQ, sizeof(req), &req);
662 }
663}
664
cf6c2c0b
GP		 665static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
666{
667 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 668 if (!disable_ertm)
cf6c2c0b
GP		 669 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
670
671 switch (mode) {
672 case L2CAP_MODE_ERTM:
673 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
674 case L2CAP_MODE_STREAMING:
675 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
676 default:
677 return 0x00;
678 }
679}
680
4519de9a 681static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 682{
e92c8e70 683 struct sock *sk;
22121fc9
GP		 684 struct l2cap_disconn_req req;
685
c13ffa62
GP		 686 if (!conn)
687 return;
688
e92c8e70
GP		 689 sk = chan->sk;
690
0c1bc5c6 691 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 692 __clear_retrans_timer(chan);
693 __clear_monitor_timer(chan);
694 __clear_ack_timer(chan);
c13ffa62
GP		 695 }
696
fe4128e0
GP		 697 req.dcid = cpu_to_le16(chan->dcid);
698 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 699 l2cap_send_cmd(conn, l2cap_get_ident(conn),
700 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 701
89bc500e 702 l2cap_state_change(chan, BT_DISCONN);
9b108fc0 703 sk->sk_err = err;
22121fc9
GP		 704}
705
1da177e4 706/* ---- L2CAP connections ---- */
4e8402a3
MH		 707static void l2cap_conn_start(struct l2cap_conn *conn)
708{
820ffdb3 709 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 710
711 BT_DBG("conn %p", conn);
712
baa7e1fa 713 read_lock(&conn->chan_lock);
4e8402a3 714
820ffdb3 715 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 716 struct sock *sk = chan->sk;
baa7e1fa 717
4e8402a3
MH		 718 bh_lock_sock(sk);
719
715ec005 720 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
79d554a6
MH		 721 bh_unlock_sock(sk);
722 continue;
723 }
724
89bc500e 725 if (chan->state == BT_CONNECT) {
47731de7 726 struct l2cap_conn_req req;
79d554a6 727
4343478f 728 if (!l2cap_check_security(chan) ||
b4450035 729 !__l2cap_no_conn_pending(chan)) {
47731de7
GP		 730 bh_unlock_sock(sk);
731 continue;
732 }
79d554a6 733
c1360a1c
GP		 734 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
735 && test_bit(CONF_STATE2_DEVICE,
736 &chan->conf_state)) {
0f852724 737 /* l2cap_chan_close() calls list_del(chan)
820ffdb3 738 * so release the lock */
2461daac 739 read_unlock(&conn->chan_lock);
89bc500e 740 l2cap_chan_close(chan, ECONNRESET);
2461daac 741 read_lock(&conn->chan_lock);
47731de7
GP		 742 bh_unlock_sock(sk);
743 continue;
b1235d79 744 }
47731de7 745
fe4128e0
GP		 746 req.scid = cpu_to_le16(chan->scid);
747 req.psm = chan->psm;
47731de7 748
fc7f8a7e 749 chan->ident = l2cap_get_ident(conn);
c1360a1c 750 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
47731de7 751
fc7f8a7e
GP		 752 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ,
753 sizeof(req), &req);
47731de7 754
89bc500e 755 } else if (chan->state == BT_CONNECT2) {
79d554a6 756 struct l2cap_conn_rsp rsp;
e9aeb2dd 757 char buf[128];
fe4128e0
GP		 758 rsp.scid = cpu_to_le16(chan->dcid);
759 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 760
4343478f 761 if (l2cap_check_security(chan)) {
f66dc81f
MH		 762 if (bt_sk(sk)->defer_setup) {
763 struct sock *parent = bt_sk(sk)->parent;
764 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
765 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
766 parent->sk_data_ready(parent, 0);
767
768 } else {
89bc500e 769 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 770 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
771 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
772 }
79d554a6
MH		 773 } else {
774 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
775 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
776 }
777
fc7f8a7e
GP		 778 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
779 sizeof(rsp), &rsp);
e9aeb2dd 780
c1360a1c 781 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd
GP		 782 rsp.result != L2CAP_CR_SUCCESS) {
783 bh_unlock_sock(sk);
784 continue;
785 }
786
c1360a1c 787 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 788 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 789 l2cap_build_conf_req(chan, buf), buf);
790 chan->num_conf_req++;
4e8402a3
MH		 791 }
792
793 bh_unlock_sock(sk);
794 }
795
baa7e1fa 796 read_unlock(&conn->chan_lock);
4e8402a3
MH		 797}
798
b62f328b
VT		 799/* Find socket with cid and source bdaddr.
800 * Returns closest match, locked.
801 */
23691d75 802static struct l2cap_chan *l2cap_global_chan_by_scid(int state, __le16 cid, bdaddr_t *src)
b62f328b 803{
23691d75 804 struct l2cap_chan *c, *c1 = NULL;
b62f328b 805
23691d75 806 read_lock(&chan_list_lock);
b62f328b 807
23691d75
GP		 808 list_for_each_entry(c, &chan_list, global_l) {
809 struct sock *sk = c->sk;
fe4128e0 810
89bc500e 811 if (state && c->state != state)
b62f328b
VT		 812 continue;
813
23691d75 814 if (c->scid == cid) {
b62f328b 815 /* Exact match. */
23691d75
GP		 816 if (!bacmp(&bt_sk(sk)->src, src)) {
817 read_unlock(&chan_list_lock);
818 return c;
819 }
b62f328b
VT		 820
821 /* Closest match */
822 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 823 c1 = c;
b62f328b
VT		 824 }
825 }
280f294f 826
23691d75 827 read_unlock(&chan_list_lock);
b62f328b 828
23691d75 829 return c1;
b62f328b
VT		 830}
831
832static void l2cap_le_conn_ready(struct l2cap_conn *conn)
833{
c916fbe4 834 struct sock *parent, *sk;
23691d75 835 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 836
837 BT_DBG("");
838
839 /* Check if we have socket listening on cid */
23691d75 840 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 841 conn->src);
23691d75 842 if (!pchan)
b62f328b
VT		 843 return;
844
23691d75
GP		 845 parent = pchan->sk;
846
62f3a2cf
GP		 847 bh_lock_sock(parent);
848
b62f328b
VT		 849 /* Check for backlog size */
850 if (sk_acceptq_is_full(parent)) {
851 BT_DBG("backlog full %d", parent->sk_ack_backlog);
852 goto clean;
853 }
854
80808e43
GP		 855 chan = pchan->ops->new_connection(pchan->data);
856 if (!chan)
b62f328b
VT		 857 goto clean;
858
80808e43 859 sk = chan->sk;
5d41ce1d 860
baa7e1fa 861 write_lock_bh(&conn->chan_lock);
b62f328b
VT		 862
863 hci_conn_hold(conn->hcon);
864
b62f328b
VT		 865 bacpy(&bt_sk(sk)->src, conn->src);
866 bacpy(&bt_sk(sk)->dst, conn->dst);
867
d1010240
GP		 868 bt_accept_enqueue(parent, sk);
869
48454079
GP		 870 __l2cap_chan_add(conn, chan);
871
c9b66675 872 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 873
89bc500e 874 l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 875 parent->sk_data_ready(parent, 0);
876
baa7e1fa 877 write_unlock_bh(&conn->chan_lock);
b62f328b
VT		 878
879clean:
880 bh_unlock_sock(parent);
881}
882
f1cb9af5
VCG		 883static void l2cap_chan_ready(struct sock *sk)
884{
885 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
886 struct sock *parent = bt_sk(sk)->parent;
887
888 BT_DBG("sk %p, parent %p", sk, parent);
889
890 chan->conf_state = 0;
891 __clear_chan_timer(chan);
892
43f3dc41 893 l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 894 sk->sk_state_change(sk);
895
896 if (parent)
897 parent->sk_data_ready(parent, 0);
898}
899
4e8402a3
MH		 900static void l2cap_conn_ready(struct l2cap_conn *conn)
901{
48454079 902 struct l2cap_chan *chan;
4e8402a3 903
79d554a6 904 BT_DBG("conn %p", conn);
4e8402a3 905
b62f328b
VT		 906 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
907 l2cap_le_conn_ready(conn);
908
baa7e1fa 909 read_lock(&conn->chan_lock);
4e8402a3 910
baa7e1fa 911 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 912 struct sock *sk = chan->sk;
baa7e1fa 913
79d554a6 914 bh_lock_sock(sk);
4e8402a3 915
63128451 916 if (conn->hcon->type == LE_LINK) {
b501d6a1 917 if (smp_conn_security(conn, chan->sec_level))
f1cb9af5 918 l2cap_chan_ready(sk);
acd7d370 919
63128451 920 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 921 __clear_chan_timer(chan);
89bc500e 922 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 923 sk->sk_state_change(sk);
b501d6a1 924
89bc500e 925 } else if (chan->state == BT_CONNECT)
fc7f8a7e 926 l2cap_do_start(chan);
4e8402a3 927
79d554a6 928 bh_unlock_sock(sk);
4e8402a3 929 }
79d554a6 930
baa7e1fa 931 read_unlock(&conn->chan_lock);
4e8402a3
MH		 932}
933
934/* Notify sockets that we cannot guaranty reliability anymore */
935static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
936{
48454079 937 struct l2cap_chan *chan;
4e8402a3
MH		 938
939 BT_DBG("conn %p", conn);
940
baa7e1fa 941 read_lock(&conn->chan_lock);
4e8402a3 942
baa7e1fa 943 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 944 struct sock *sk = chan->sk;
baa7e1fa 945
4343478f 946 if (chan->force_reliable)
4e8402a3
MH		 947 sk->sk_err = err;
948 }
949
baa7e1fa 950 read_unlock(&conn->chan_lock);
4e8402a3
MH		 951}
952
953static void l2cap_info_timeout(unsigned long arg)
954{
955 struct l2cap_conn *conn = (void *) arg;
956
984947dc 957 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 958 conn->info_ident = 0;
984947dc 959
4e8402a3
MH		 960 l2cap_conn_start(conn);
961}
962
5d3de7df
VCG		 963static void l2cap_conn_del(struct hci_conn *hcon, int err)
964{
965 struct l2cap_conn *conn = hcon->l2cap_data;
966 struct l2cap_chan *chan, *l;
967 struct sock *sk;
968
969 if (!conn)
970 return;
971
972 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
973
974 kfree_skb(conn->rx_skb);
975
976 /* Kill channels */
977 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
978 sk = chan->sk;
979 bh_lock_sock(sk);
980 l2cap_chan_del(chan, err);
981 bh_unlock_sock(sk);
982 chan->ops->close(chan->data);
983 }
984
985 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
986 del_timer_sync(&conn->info_timer);
987
988 if (test_bit(HCI_CONN_ENCRYPT_PEND, &hcon->pend))
989 del_timer(&conn->security_timer);
990
991 hcon->l2cap_data = NULL;
992 kfree(conn);
993}
994
995static void security_timeout(unsigned long arg)
996{
997 struct l2cap_conn *conn = (void *) arg;
998
999 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1000}
1001
1da177e4
LT		 1002static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1003{
0139418c 1004 struct l2cap_conn *conn = hcon->l2cap_data;
1da177e4 1005
0139418c 1006 if (conn || status)
1da177e4
LT		 1007 return conn;
1008
0139418c
MH		 1009 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
1010 if (!conn)
1da177e4 1011 return NULL;
1da177e4
LT		 1012
1013 hcon->l2cap_data = conn;
1014 conn->hcon = hcon;
1015
0139418c
MH		 1016 BT_DBG("hcon %p conn %p", hcon, conn);
1017
acd7d370
VT		 1018 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1019 conn->mtu = hcon->hdev->le_mtu;
1020 else
1021 conn->mtu = hcon->hdev->acl_mtu;
1022
1da177e4
LT		 1023 conn->src = &hcon->hdev->bdaddr;
1024 conn->dst = &hcon->dst;
1025
4e8402a3
MH		 1026 conn->feat_mask = 0;
1027
1da177e4 1028 spin_lock_init(&conn->lock);
baa7e1fa
GP		 1029 rwlock_init(&conn->chan_lock);
1030
1031 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1032
5d3de7df
VCG		 1033 if (hcon->type == LE_LINK)
1034 setup_timer(&conn->security_timer, security_timeout,
1035 (unsigned long) conn);
1036 else
b62f328b 1037 setup_timer(&conn->info_timer, l2cap_info_timeout,
45054dc1
DY		 1038 (unsigned long) conn);
1039
2950f21a
MH		 1040 conn->disc_reason = 0x13;
1041
1da177e4
LT		 1042 return conn;
1043}
1044
48454079 1045static inline void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
1da177e4 1046{
baa7e1fa 1047 write_lock_bh(&conn->chan_lock);
48454079 1048 __l2cap_chan_add(conn, chan);
baa7e1fa 1049 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 1050}
1051
1da177e4 1052/* ---- Socket interface ---- */
1da177e4
LT		 1053
1054/* Find socket with psm and source bdaddr.
1055 * Returns closest match.
1056 */
23691d75 1057static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1058{
23691d75 1059 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1060
23691d75 1061 read_lock(&chan_list_lock);
e0f0cb56 1062
23691d75
GP		 1063 list_for_each_entry(c, &chan_list, global_l) {
1064 struct sock *sk = c->sk;
fe4128e0 1065
89bc500e 1066 if (state && c->state != state)
1da177e4
LT		 1067 continue;
1068
23691d75 1069 if (c->psm == psm) {
1da177e4 1070 /* Exact match. */
23691d75 1071 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1072 read_unlock(&chan_list_lock);
23691d75
GP		 1073 return c;
1074 }
1da177e4
LT		 1075
1076 /* Closest match */
1077 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1078 c1 = c;
1da177e4
LT		 1079 }
1080 }
1da177e4 1081
23691d75 1082 read_unlock(&chan_list_lock);
e0f0cb56 1083
23691d75 1084 return c1;
1da177e4
LT		 1085}
1086
77a74c7e 1087int l2cap_chan_connect(struct l2cap_chan *chan)
1da177e4 1088{
5d41ce1d 1089 struct sock *sk = chan->sk;
1da177e4
LT		 1090 bdaddr_t *src = &bt_sk(sk)->src;
1091 bdaddr_t *dst = &bt_sk(sk)->dst;
1092 struct l2cap_conn *conn;
1093 struct hci_conn *hcon;
1094 struct hci_dev *hdev;
09ab6f4c 1095 __u8 auth_type;
44d0e48e 1096 int err;
1da177e4 1097
f29972de 1098 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
fe4128e0 1099 chan->psm);
1da177e4 1100
af05b30b
GP		 1101 hdev = hci_get_route(dst, src);
1102 if (!hdev)
1da177e4
LT		 1103 return -EHOSTUNREACH;
1104
1105 hci_dev_lock_bh(hdev);
1106
4343478f 1107 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1108
fe4128e0 1109 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1110 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1111 chan->sec_level, auth_type);
acd7d370
VT		 1112 else
1113 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1114 chan->sec_level, auth_type);
acd7d370 1115
30e76272
VT		 1116 if (IS_ERR(hcon)) {
1117 err = PTR_ERR(hcon);
1da177e4 1118 goto done;
30e76272 1119 }
1da177e4
LT		 1120
1121 conn = l2cap_conn_add(hcon, 0);
1122 if (!conn) {
1123 hci_conn_put(hcon);
30e76272 1124 err = -ENOMEM;
1da177e4
LT		 1125 goto done;
1126 }
1127
1da177e4
LT		 1128 /* Update source addr of the socket */
1129 bacpy(src, conn->src);
1130
48454079
GP		 1131 l2cap_chan_add(conn, chan);
1132
89bc500e 1133 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1134 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1135
1136 if (hcon->state == BT_CONNECTED) {
715ec005 1137 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1138 __clear_chan_timer(chan);
4343478f 1139 if (l2cap_check_security(chan))
89bc500e 1140 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1141 } else
fc7f8a7e 1142 l2cap_do_start(chan);
1da177e4
LT		 1143 }
1144
30e76272
VT		 1145 err = 0;
1146
1da177e4
LT		 1147done:
1148 hci_dev_unlock_bh(hdev);
1149 hci_dev_put(hdev);
1150 return err;
1151}
1152
dcba0dba 1153int __l2cap_wait_ack(struct sock *sk)
6161c038 1154{
8c1d787b 1155 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1156 DECLARE_WAITQUEUE(wait, current);
1157 int err = 0;
1158 int timeo = HZ/5;
1159
2b0b05dd 1160 add_wait_queue(sk_sleep(sk), &wait);
8c1d787b 1161 while ((chan->unacked_frames > 0 && chan->conn)) {
6161c038
GP		 1162 set_current_state(TASK_INTERRUPTIBLE);
1163
1164 if (!timeo)
1165 timeo = HZ/5;
1166
1167 if (signal_pending(current)) {
1168 err = sock_intr_errno(timeo);
1169 break;
1170 }
1171
1172 release_sock(sk);
1173 timeo = schedule_timeout(timeo);
1174 lock_sock(sk);
1175
1176 err = sock_error(sk);
1177 if (err)
1178 break;
1179 }
1180 set_current_state(TASK_RUNNING);
2b0b05dd 1181 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1182 return err;
1183}
1184
e90bac06
GP		 1185static void l2cap_monitor_timeout(unsigned long arg)
1186{
525cd185
GP		 1187 struct l2cap_chan *chan = (void *) arg;
1188 struct sock *sk = chan->sk;
e90bac06 1189
525cd185 1190 BT_DBG("chan %p", chan);
0e98958d 1191
e686219a 1192 bh_lock_sock(sk);
2c03a7a4 1193 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1194 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
b13f5860 1195 bh_unlock_sock(sk);
e90bac06
GP		 1196 return;
1197 }
1198
6a026610 1199 chan->retry_count++;
1a09bcb9 1200 __set_monitor_timer(chan);
e90bac06 1201
525cd185 1202 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1203 bh_unlock_sock(sk);
e90bac06
GP		 1204}
1205
1206static void l2cap_retrans_timeout(unsigned long arg)
1207{
525cd185
GP		 1208 struct l2cap_chan *chan = (void *) arg;
1209 struct sock *sk = chan->sk;
e90bac06 1210
49208c9c 1211 BT_DBG("chan %p", chan);
0e98958d 1212
e686219a 1213 bh_lock_sock(sk);
6a026610 1214 chan->retry_count = 1;
1a09bcb9 1215 __set_monitor_timer(chan);
e90bac06 1216
e2ab4353 1217 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1218
525cd185 1219 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
e686219a 1220 bh_unlock_sock(sk);
e90bac06
GP		 1221}
1222
42e5c802 1223static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1224{
1c2acffb 1225 struct sk_buff *skb;
1da177e4 1226
58d35f87 1227 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1228 chan->unacked_frames) {
42e5c802 1229 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1230 break;
1da177e4 1231
58d35f87 1232 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1233 kfree_skb(skb);
1da177e4 1234
6a026610 1235 chan->unacked_frames--;
1c2acffb 1236 }
1da177e4 1237
6a026610 1238 if (!chan->unacked_frames)
1a09bcb9 1239 __clear_retrans_timer(chan);
1c2acffb 1240}
1da177e4 1241
4343478f 1242void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
1c2acffb 1243{
8c1d787b 1244 struct hci_conn *hcon = chan->conn->hcon;
e702112f 1245 u16 flags;
1c2acffb 1246
4343478f 1247 BT_DBG("chan %p, skb %p len %d", chan, skb, skb->len);
1da177e4 1248
4343478f 1249 if (!chan->flushable && lmp_no_flush_capable(hcon->hdev))
e702112f
AE		 1250 flags = ACL_START_NO_FLUSH;
1251 else
1252 flags = ACL_START;
1253
14b12d0b 1254 bt_cb(skb)->force_active = chan->force_active;
e702112f 1255 hci_send_acl(hcon, skb, flags);
1c2acffb
GP		 1256}
1257
42e5c802 1258void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1259{
ccbb84af 1260 struct sk_buff *skb;
fcc203c3 1261 u16 control, fcs;
6840ed07 1262
58d35f87 1263 while ((skb = skb_dequeue(&chan->tx_q))) {
ccbb84af 1264 control = get_unaligned_le16(skb->data + L2CAP_HDR_SIZE);
42e5c802 1265 control |= chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
ccbb84af 1266 put_unaligned_le16(control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1267
47d1ec61 1268 if (chan->fcs == L2CAP_FCS_CRC16) {
ccbb84af
GP		 1269 fcs = crc16(0, (u8 *)skb->data, skb->len - 2);
1270 put_unaligned_le16(fcs, skb->data + skb->len - 2);
fcc203c3
GP		 1271 }
1272
4343478f 1273 l2cap_do_send(chan, skb);
6840ed07 1274
42e5c802 1275 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
6840ed07 1276 }
6840ed07
GP		 1277}
1278
525cd185 1279static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 1280{
8f17154f
GP		 1281 struct sk_buff *skb, *tx_skb;
1282 u16 control, fcs;
8f17154f 1283
58d35f87 1284 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1285 if (!skb)
1286 return;
8f17154f 1287
f11d676d
GP		 1288 do {
1289 if (bt_cb(skb)->tx_seq == tx_seq)
8f17154f 1290 break;
8f17154f 1291
58d35f87 1292 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1293 return;
8f17154f 1294
58d35f87 1295 } while ((skb = skb_queue_next(&chan->tx_q, skb)));
8f17154f 1296
2c03a7a4
GP		 1297 if (chan->remote_max_tx &&
1298 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1299 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1300 return;
1301 }
1302
1303 tx_skb = skb_clone(skb, GFP_ATOMIC);
1304 bt_cb(skb)->retries++;
1305 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
a429b519 1306 control &= L2CAP_CTRL_SAR;
3cb123d1 1307
e2ab4353 1308 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
3cb123d1 1309 control |= L2CAP_CTRL_FINAL;
95ffa978 1310
42e5c802 1311 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
f11d676d 1312 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
3cb123d1 1313
f11d676d
GP		 1314 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1315
47d1ec61 1316 if (chan->fcs == L2CAP_FCS_CRC16) {
f11d676d
GP		 1317 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1318 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1319 }
1320
4343478f 1321 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1322}
1323
525cd185 1324int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1325{
1326 struct sk_buff *skb, *tx_skb;
fcc203c3 1327 u16 control, fcs;
9a9c6a34 1328 int nsent = 0;
1c2acffb 1329
89bc500e 1330 if (chan->state != BT_CONNECTED)
c13ffa62 1331 return -ENOTCONN;
e90bac06 1332
58d35f87 1333 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1334
2c03a7a4
GP		 1335 if (chan->remote_max_tx &&
1336 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1337 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1338 break;
1339 }
1340
e420aba3
AE		 1341 tx_skb = skb_clone(skb, GFP_ATOMIC);
1342
e90bac06
GP		 1343 bt_cb(skb)->retries++;
1344
1c2acffb 1345 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
95ffa978
GP		 1346 control &= L2CAP_CTRL_SAR;
1347
e2ab4353 1348 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
d5392c8f 1349 control |= L2CAP_CTRL_FINAL;
e2ab4353 1350
42e5c802
GP		 1351 control |= (chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1352 | (chan->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1c2acffb
GP		 1353 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1354
e90bac06 1355
47d1ec61 1356 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 1357 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1358 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1359 }
1360
4343478f 1361 l2cap_do_send(chan, tx_skb);
9a9c6a34 1362
1a09bcb9 1363 __set_retrans_timer(chan);
1c2acffb 1364
42e5c802
GP		 1365 bt_cb(skb)->tx_seq = chan->next_tx_seq;
1366 chan->next_tx_seq = (chan->next_tx_seq + 1) % 64;
1c2acffb 1367
23e9fde2 1368 if (bt_cb(skb)->retries == 1)
6a026610 1369 chan->unacked_frames++;
23e9fde2 1370
6a026610 1371 chan->frames_sent++;
1c2acffb 1372
58d35f87
GP		 1373 if (skb_queue_is_last(&chan->tx_q, skb))
1374 chan->tx_send_head = NULL;
1c2acffb 1375 else
58d35f87 1376 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
9e917af1
GP		 1377
1378 nsent++;
1c2acffb
GP		 1379 }
1380
9e917af1
GP		 1381 return nsent;
1382}
1383
525cd185 1384static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1385{
dfc909be
GP		 1386 int ret;
1387
58d35f87
GP		 1388 if (!skb_queue_empty(&chan->tx_q))
1389 chan->tx_send_head = chan->tx_q.next;
dfc909be 1390
42e5c802 1391 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1392 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1393 return ret;
1394}
1395
525cd185 1396static void l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1397{
9e917af1
GP		 1398 u16 control = 0;
1399
42e5c802 1400 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
9e917af1 1401
e2ab4353 1402 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
9e917af1 1403 control |= L2CAP_SUPER_RCV_NOT_READY;
e2ab4353 1404 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1405 l2cap_send_sframe(chan, control);
9a9c6a34 1406 return;
9e917af1 1407 }
dfc909be 1408
525cd185 1409 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1410 return;
1411
1412 control |= L2CAP_SUPER_RCV_READY;
525cd185 1413 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1414}
1415
525cd185 1416static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1417{
1418 struct srej_list *tail;
1419 u16 control;
1420
1421 control = L2CAP_SUPER_SELECT_REJECT;
1422 control |= L2CAP_CTRL_FINAL;
1423
39d5a3ee 1424 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
99b0d4b7
GP		 1425 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1426
525cd185 1427 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1428}
1429
1c2acffb
GP		 1430static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1431{
8c1d787b 1432 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1c2acffb
GP		 1433 struct sk_buff **frag;
1434 int err, sent = 0;
1da177e4 1435
59203a21 1436 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1437 return -EFAULT;
1da177e4
LT		 1438
1439 sent += count;
1440 len -= count;
1441
1442 /* Continuation fragments (no L2CAP header) */
1443 frag = &skb_shinfo(skb)->frag_list;
1444 while (len) {
1445 count = min_t(unsigned int, conn->mtu, len);
1446
1447 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1448 if (!*frag)
0175d629 1449 return err;
1c2acffb
GP		 1450 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1451 return -EFAULT;
1da177e4
LT		 1452
1453 sent += count;
1454 len -= count;
1455
1456 frag = &(*frag)->next;
1457 }
1da177e4
LT		 1458
1459 return sent;
1c2acffb 1460}
1da177e4 1461
fe4128e0 1462struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1463{
fe4128e0 1464 struct sock *sk = chan->sk;
8c1d787b 1465 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1466 struct sk_buff *skb;
1467 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1468 struct l2cap_hdr *lh;
1469
1470 BT_DBG("sk %p len %d", sk, (int)len);
1471
1472 count = min_t(unsigned int, (conn->mtu - hlen), len);
1473 skb = bt_skb_send_alloc(sk, count + hlen,
1474 msg->msg_flags & MSG_DONTWAIT, &err);
1475 if (!skb)
0175d629 1476 return ERR_PTR(err);
1c2acffb
GP		 1477
1478 /* Create L2CAP header */
1479 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1480 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1481 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
fe4128e0 1482 put_unaligned_le16(chan->psm, skb_put(skb, 2));
1c2acffb
GP		 1483
1484 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1485 if (unlikely(err < 0)) {
1486 kfree_skb(skb);
1487 return ERR_PTR(err);
1488 }
1489 return skb;
1490}
1491
fe4128e0 1492struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1c2acffb 1493{
fe4128e0 1494 struct sock *sk = chan->sk;
8c1d787b 1495 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1496 struct sk_buff *skb;
1497 int err, count, hlen = L2CAP_HDR_SIZE;
1498 struct l2cap_hdr *lh;
1499
1500 BT_DBG("sk %p len %d", sk, (int)len);
1501
1502 count = min_t(unsigned int, (conn->mtu - hlen), len);
1503 skb = bt_skb_send_alloc(sk, count + hlen,
1504 msg->msg_flags & MSG_DONTWAIT, &err);
1505 if (!skb)
0175d629 1506 return ERR_PTR(err);
1c2acffb
GP		 1507
1508 /* Create L2CAP header */
1509 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1510 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1511 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1512
1513 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1514 if (unlikely(err < 0)) {
1515 kfree_skb(skb);
1516 return ERR_PTR(err);
1517 }
1518 return skb;
1519}
1520
47d1ec61 1521struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1c2acffb 1522{
47d1ec61 1523 struct sock *sk = chan->sk;
8c1d787b 1524 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1525 struct sk_buff *skb;
1526 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1527 struct l2cap_hdr *lh;
1528
1529 BT_DBG("sk %p len %d", sk, (int)len);
1530
0ee0d208
GP		 1531 if (!conn)
1532 return ERR_PTR(-ENOTCONN);
1533
c74e560c
GP		 1534 if (sdulen)
1535 hlen += 2;
1536
47d1ec61 1537 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1538 hlen += 2;
1539
1c2acffb
GP		 1540 count = min_t(unsigned int, (conn->mtu - hlen), len);
1541 skb = bt_skb_send_alloc(sk, count + hlen,
1542 msg->msg_flags & MSG_DONTWAIT, &err);
1543 if (!skb)
0175d629 1544 return ERR_PTR(err);
1c2acffb
GP		 1545
1546 /* Create L2CAP header */
1547 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1548 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1549 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1550 put_unaligned_le16(control, skb_put(skb, 2));
c74e560c
GP		 1551 if (sdulen)
1552 put_unaligned_le16(sdulen, skb_put(skb, 2));
1c2acffb
GP		 1553
1554 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1555 if (unlikely(err < 0)) {
1556 kfree_skb(skb);
1557 return ERR_PTR(err);
1558 }
e90bac06 1559
47d1ec61 1560 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 1561 put_unaligned_le16(0, skb_put(skb, 2));
1562
e90bac06 1563 bt_cb(skb)->retries = 0;
1c2acffb 1564 return skb;
1da177e4
LT		 1565}
1566
2c03a7a4 1567int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1568{
c74e560c
GP		 1569 struct sk_buff *skb;
1570 struct sk_buff_head sar_queue;
1571 u16 control;
1572 size_t size = 0;
1573
ff12fd64 1574 skb_queue_head_init(&sar_queue);
c74e560c 1575 control = L2CAP_SDU_START;
47d1ec61 1576 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1577 if (IS_ERR(skb))
1578 return PTR_ERR(skb);
1579
1580 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1581 len -= chan->remote_mps;
1582 size += chan->remote_mps;
c74e560c
GP		 1583
1584 while (len > 0) {
1585 size_t buflen;
1586
2c03a7a4 1587 if (len > chan->remote_mps) {
44651b85 1588 control = L2CAP_SDU_CONTINUE;
2c03a7a4 1589 buflen = chan->remote_mps;
c74e560c 1590 } else {
44651b85 1591 control = L2CAP_SDU_END;
c74e560c
GP		 1592 buflen = len;
1593 }
1594
47d1ec61 1595 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1596 if (IS_ERR(skb)) {
1597 skb_queue_purge(&sar_queue);
1598 return PTR_ERR(skb);
1599 }
1600
1601 __skb_queue_tail(&sar_queue, skb);
1602 len -= buflen;
1603 size += buflen;
c74e560c 1604 }
58d35f87
GP		 1605 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1606 if (chan->tx_send_head == NULL)
1607 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1608
1609 return size;
1610}
1611
9a91a04a
GP		 1612int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
1613{
9a91a04a
GP		 1614 struct sk_buff *skb;
1615 u16 control;
1616 int err;
1617
1618 /* Connectionless channel */
715ec005 1619 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
9a91a04a
GP		 1620 skb = l2cap_create_connless_pdu(chan, msg, len);
1621 if (IS_ERR(skb))
1622 return PTR_ERR(skb);
1623
1624 l2cap_do_send(chan, skb);
1625 return len;
1626 }
1627
1628 switch (chan->mode) {
1629 case L2CAP_MODE_BASIC:
1630 /* Check outgoing MTU */
1631 if (len > chan->omtu)
1632 return -EMSGSIZE;
1633
1634 /* Create a basic PDU */
1635 skb = l2cap_create_basic_pdu(chan, msg, len);
1636 if (IS_ERR(skb))
1637 return PTR_ERR(skb);
1638
1639 l2cap_do_send(chan, skb);
1640 err = len;
1641 break;
1642
1643 case L2CAP_MODE_ERTM:
1644 case L2CAP_MODE_STREAMING:
1645 /* Entire SDU fits into one PDU */
1646 if (len <= chan->remote_mps) {
1647 control = L2CAP_SDU_UNSEGMENTED;
1648 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1649 0);
1650 if (IS_ERR(skb))
1651 return PTR_ERR(skb);
1652
1653 __skb_queue_tail(&chan->tx_q, skb);
1654
1655 if (chan->tx_send_head == NULL)
1656 chan->tx_send_head = skb;
1657
1658 } else {
1659 /* Segment SDU into multiples PDUs */
1660 err = l2cap_sar_segment_sdu(chan, msg, len);
1661 if (err < 0)
1662 return err;
1663 }
1664
1665 if (chan->mode == L2CAP_MODE_STREAMING) {
1666 l2cap_streaming_send(chan);
1667 err = len;
1668 break;
1669 }
1670
e2ab4353
GP		 1671 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1672 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1673 err = len;
1674 break;
1675 }
1676
1677 err = l2cap_ertm_send(chan);
1678 if (err >= 0)
1679 err = len;
1680
1681 break;
1682
1683 default:
1684 BT_DBG("bad state %1.1x", chan->mode);
1685 err = -EBADFD;
1686 }
1687
1688 return err;
1689}
1690
1da177e4
LT		 1691/* Copy frame to all raw sockets on that connection */
1692static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1693{
1da177e4 1694 struct sk_buff *nskb;
48454079 1695 struct l2cap_chan *chan;
1da177e4
LT		 1696
1697 BT_DBG("conn %p", conn);
1698
baa7e1fa
GP		 1699 read_lock(&conn->chan_lock);
1700 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1701 struct sock *sk = chan->sk;
715ec005 1702 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1703 continue;
1704
1705 /* Don't send frame to the socket it came from */
1706 if (skb->sk == sk)
1707 continue;
af05b30b
GP		 1708 nskb = skb_clone(skb, GFP_ATOMIC);
1709 if (!nskb)
1da177e4
LT		 1710 continue;
1711
23070494 1712 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1713 kfree_skb(nskb);
1714 }
baa7e1fa 1715 read_unlock(&conn->chan_lock);
1da177e4
LT		 1716}
1717
1718/* ---- L2CAP signalling commands ---- */
1719static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1720 u8 code, u8 ident, u16 dlen, void *data)
1721{
1722 struct sk_buff *skb, **frag;
1723 struct l2cap_cmd_hdr *cmd;
1724 struct l2cap_hdr *lh;
1725 int len, count;
1726
af05b30b
GP		 1727 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1728 conn, code, ident, dlen);
1da177e4
LT		 1729
1730 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1731 count = min_t(unsigned int, conn->mtu, len);
1732
1733 skb = bt_skb_alloc(count, GFP_ATOMIC);
1734 if (!skb)
1735 return NULL;
1736
1737 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1738 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1739
1740 if (conn->hcon->type == LE_LINK)
1741 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1742 else
1743 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1744
1745 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1746 cmd->code = code;
1747 cmd->ident = ident;
aca3192c 1748 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1749
1750 if (dlen) {
1751 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1752 memcpy(skb_put(skb, count), data, count);
1753 data += count;
1754 }
1755
1756 len -= skb->len;
1757
1758 /* Continuation fragments (no L2CAP header) */
1759 frag = &skb_shinfo(skb)->frag_list;
1760 while (len) {
1761 count = min_t(unsigned int, conn->mtu, len);
1762
1763 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1764 if (!*frag)
1765 goto fail;
1766
1767 memcpy(skb_put(*frag, count), data, count);
1768
1769 len -= count;
1770 data += count;
1771
1772 frag = &(*frag)->next;
1773 }
1774
1775 return skb;
1776
1777fail:
1778 kfree_skb(skb);
1779 return NULL;
1780}
1781
1782static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1783{
1784 struct l2cap_conf_opt *opt = *ptr;
1785 int len;
1786
1787 len = L2CAP_CONF_OPT_SIZE + opt->len;
1788 *ptr += len;
1789
1790 *type = opt->type;
1791 *olen = opt->len;
1792
1793 switch (opt->len) {
1794 case 1:
1795 *val = *((u8 *) opt->val);
1796 break;
1797
1798 case 2:
bfaaeb3e 1799 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1800 break;
1801
1802 case 4:
bfaaeb3e 1803 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1804 break;
1805
1806 default:
1807 *val = (unsigned long) opt->val;
1808 break;
1809 }
1810
1811 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1812 return len;
1813}
1814
1da177e4
LT		 1815static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1816{
1817 struct l2cap_conf_opt *opt = *ptr;
1818
1819 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1820
1821 opt->type = type;
1822 opt->len = len;
1823
1824 switch (len) {
1825 case 1:
1826 *((u8 *) opt->val) = val;
1827 break;
1828
1829 case 2:
4f8b691c 1830 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1831 break;
1832
1833 case 4:
4f8b691c 1834 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1835 break;
1836
1837 default:
1838 memcpy(opt->val, (void *) val, len);
1839 break;
1840 }
1841
1842 *ptr += L2CAP_CONF_OPT_SIZE + len;
1843}
1844
c1b4f43b
GP		 1845static void l2cap_ack_timeout(unsigned long arg)
1846{
525cd185 1847 struct l2cap_chan *chan = (void *) arg;
c1b4f43b 1848
525cd185
GP		 1849 bh_lock_sock(chan->sk);
1850 l2cap_send_ack(chan);
1851 bh_unlock_sock(chan->sk);
c1b4f43b
GP		 1852}
1853
525cd185 1854static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 1855{
525cd185
GP		 1856 struct sock *sk = chan->sk;
1857
42e5c802 1858 chan->expected_ack_seq = 0;
6a026610 1859 chan->unacked_frames = 0;
42e5c802 1860 chan->buffer_seq = 0;
6a026610
GP		 1861 chan->num_acked = 0;
1862 chan->frames_sent = 0;
0565c1c2 1863
e92c8e70
GP		 1864 setup_timer(&chan->retrans_timer, l2cap_retrans_timeout,
1865 (unsigned long) chan);
1866 setup_timer(&chan->monitor_timer, l2cap_monitor_timeout,
1867 (unsigned long) chan);
1868 setup_timer(&chan->ack_timer, l2cap_ack_timeout, (unsigned long) chan);
0565c1c2 1869
f1c6775b 1870 skb_queue_head_init(&chan->srej_q);
1890d36b 1871
39d5a3ee
GP		 1872 INIT_LIST_HEAD(&chan->srej_l);
1873
218bb9df
GP		 1874
1875 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
0565c1c2
GP		 1876}
1877
f2fcfcd6
GP		 1878static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
1879{
1880 switch (mode) {
1881 case L2CAP_MODE_STREAMING:
1882 case L2CAP_MODE_ERTM:
1883 if (l2cap_mode_supported(mode, remote_feat_mask))
1884 return mode;
1885 /* fall through */
1886 default:
1887 return L2CAP_MODE_BASIC;
1888 }
1889}
1890
710f9b0a 1891static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1892{
1da177e4 1893 struct l2cap_conf_req *req = data;
0c1bc5c6 1894 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4
LT		 1895 void *ptr = req->data;
1896
49208c9c 1897 BT_DBG("chan %p", chan);
1da177e4 1898
73ffa904 1899 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 1900 goto done;
1901
0c1bc5c6 1902 switch (chan->mode) {
f2fcfcd6
GP		 1903 case L2CAP_MODE_STREAMING:
1904 case L2CAP_MODE_ERTM:
c1360a1c 1905 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 1906 break;
85eb53c6 1907
2ba13ed6 1908 /* fall through */
f2fcfcd6 1909 default:
8c1d787b 1910 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 1911 break;
1912 }
1913
1914done:
0c1bc5c6
GP		 1915 if (chan->imtu != L2CAP_DEFAULT_MTU)
1916 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 1917
0c1bc5c6 1918 switch (chan->mode) {
65c7c491 1919 case L2CAP_MODE_BASIC:
8c1d787b
GP		 1920 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
1921 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 1922 break;
1923
62547752
GP		 1924 rfc.mode = L2CAP_MODE_BASIC;
1925 rfc.txwin_size = 0;
1926 rfc.max_transmit = 0;
1927 rfc.retrans_timeout = 0;
1928 rfc.monitor_timeout = 0;
1929 rfc.max_pdu_size = 0;
1930
63406504
GP		 1931 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1932 (unsigned long) &rfc);
65c7c491
MH		 1933 break;
1934
1935 case L2CAP_MODE_ERTM:
1936 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61
GP		 1937 rfc.txwin_size = chan->tx_win;
1938 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 1939 rfc.retrans_timeout = 0;
1940 rfc.monitor_timeout = 0;
c74e560c 1941 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1942 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1943 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
f2fcfcd6 1944
63406504
GP		 1945 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1946 (unsigned long) &rfc);
1947
8c1d787b 1948 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1949 break;
1950
47d1ec61 1951 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 1952 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 1953 chan->fcs = L2CAP_FCS_NONE;
1954 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1955 }
f2fcfcd6
GP		 1956 break;
1957
1958 case L2CAP_MODE_STREAMING:
1959 rfc.mode = L2CAP_MODE_STREAMING;
1960 rfc.txwin_size = 0;
1961 rfc.max_transmit = 0;
1962 rfc.retrans_timeout = 0;
1963 rfc.monitor_timeout = 0;
c74e560c 1964 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
8c1d787b
GP		 1965 if (L2CAP_DEFAULT_MAX_PDU_SIZE > chan->conn->mtu - 10)
1966 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
65c7c491 1967
63406504
GP		 1968 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
1969 (unsigned long) &rfc);
1970
8c1d787b 1971 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 1972 break;
1973
47d1ec61 1974 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 1975 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 1976 chan->fcs = L2CAP_FCS_NONE;
1977 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 1978 }
65c7c491
MH		 1979 break;
1980 }
1da177e4 1981
fe4128e0 1982 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 1983 req->flags = cpu_to_le16(0);
1da177e4
LT		 1984
1985 return ptr - data;
1986}
1987
73ffa904 1988static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 1989{
5dee9e7c
MH		 1990 struct l2cap_conf_rsp *rsp = data;
1991 void *ptr = rsp->data;
73ffa904
GP		 1992 void *req = chan->conf_req;
1993 int len = chan->conf_len;
5dee9e7c
MH		 1994 int type, hint, olen;
1995 unsigned long val;
6464f35f 1996 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
861d6882 1997 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 1998 u16 result = L2CAP_CONF_SUCCESS;
1da177e4 1999
73ffa904 2000 BT_DBG("chan %p", chan);
820ae1b8 2001
5dee9e7c
MH		 2002 while (len >= L2CAP_CONF_OPT_SIZE) {
2003 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2004
589d2746 2005 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2006 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2007
2008 switch (type) {
2009 case L2CAP_CONF_MTU:
861d6882 2010 mtu = val;
5dee9e7c
MH		 2011 break;
2012
2013 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2014 chan->flush_to = val;
5dee9e7c
MH		 2015 break;
2016
2017 case L2CAP_CONF_QOS:
2018 break;
2019
6464f35f
MH		 2020 case L2CAP_CONF_RFC:
2021 if (olen == sizeof(rfc))
2022 memcpy(&rfc, (void *) val, olen);
2023 break;
2024
fcc203c3
GP		 2025 case L2CAP_CONF_FCS:
2026 if (val == L2CAP_FCS_NONE)
c1360a1c 2027 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
fcc203c3
GP		 2028
2029 break;
2030
5dee9e7c
MH		 2031 default:
2032 if (hint)
2033 break;
2034
2035 result = L2CAP_CONF_UNKNOWN;
2036 *((u8 *) ptr++) = type;
2037 break;
2038 }
2039 }
2040
73ffa904 2041 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2042 goto done;
2043
0c1bc5c6 2044 switch (chan->mode) {
f2fcfcd6
GP		 2045 case L2CAP_MODE_STREAMING:
2046 case L2CAP_MODE_ERTM:
c1360a1c 2047 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2048 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2049 chan->conn->feat_mask);
85eb53c6
GP		 2050 break;
2051 }
2052
0c1bc5c6 2053 if (chan->mode != rfc.mode)
f2fcfcd6 2054 return -ECONNREFUSED;
742e519b 2055
f2fcfcd6 2056 break;
f2fcfcd6
GP		 2057 }
2058
2059done:
0c1bc5c6 2060 if (chan->mode != rfc.mode) {
f2fcfcd6 2061 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2062 rfc.mode = chan->mode;
f2fcfcd6 2063
73ffa904 2064 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2065 return -ECONNREFUSED;
2066
2067 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2068 sizeof(rfc), (unsigned long) &rfc);
2069 }
2070
2071
5dee9e7c
MH		 2072 if (result == L2CAP_CONF_SUCCESS) {
2073 /* Configure output options and let the other side know
2074 * which ones we don't like. */
2075
f2fcfcd6
GP		 2076 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2077 result = L2CAP_CONF_UNACCEPT;
2078 else {
0c1bc5c6 2079 chan->omtu = mtu;
c1360a1c 2080 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2081 }
0c1bc5c6 2082 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2083
f2fcfcd6
GP		 2084 switch (rfc.mode) {
2085 case L2CAP_MODE_BASIC:
47d1ec61 2086 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2087 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2088 break;
2089
2090 case L2CAP_MODE_ERTM:
2c03a7a4
GP		 2091 chan->remote_tx_win = rfc.txwin_size;
2092 chan->remote_max_tx = rfc.max_transmit;
86b1b263 2093
8c1d787b
GP		 2094 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2095 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2096
2c03a7a4 2097 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2098
10467e9e
GP		 2099 rfc.retrans_timeout =
2100 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2101 rfc.monitor_timeout =
2102 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2103
c1360a1c 2104 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2105
2106 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2107 sizeof(rfc), (unsigned long) &rfc);
2108
f2fcfcd6
GP		 2109 break;
2110
2111 case L2CAP_MODE_STREAMING:
8c1d787b
GP		 2112 if (le16_to_cpu(rfc.max_pdu_size) > chan->conn->mtu - 10)
2113 rfc.max_pdu_size = cpu_to_le16(chan->conn->mtu - 10);
1c762159 2114
2c03a7a4 2115 chan->remote_mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6 2116
c1360a1c 2117 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2118
2119 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2120 sizeof(rfc), (unsigned long) &rfc);
2121
f2fcfcd6
GP		 2122 break;
2123
2124 default:
5dee9e7c 2125 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2126
6464f35f 2127 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2128 rfc.mode = chan->mode;
f2fcfcd6 2129 }
6464f35f 2130
f2fcfcd6 2131 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2132 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2133 }
fe4128e0 2134 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2135 rsp->result = cpu_to_le16(result);
2136 rsp->flags = cpu_to_le16(0x0000);
2137
2138 return ptr - data;
1da177e4
LT		 2139}
2140
b4450035 2141static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2142{
f2fcfcd6
GP		 2143 struct l2cap_conf_req *req = data;
2144 void *ptr = req->data;
2145 int type, olen;
2146 unsigned long val;
2147 struct l2cap_conf_rfc rfc;
2148
fe4128e0 2149 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2150
2151 while (len >= L2CAP_CONF_OPT_SIZE) {
2152 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2153
2154 switch (type) {
2155 case L2CAP_CONF_MTU:
2156 if (val < L2CAP_DEFAULT_MIN_MTU) {
2157 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2158 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2159 } else
0c1bc5c6
GP		 2160 chan->imtu = val;
2161 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2162 break;
2163
2164 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2165 chan->flush_to = val;
f2fcfcd6 2166 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2167 2, chan->flush_to);
f2fcfcd6
GP		 2168 break;
2169
2170 case L2CAP_CONF_RFC:
2171 if (olen == sizeof(rfc))
2172 memcpy(&rfc, (void *)val, olen);
2173
c1360a1c 2174 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2175 rfc.mode != chan->mode)
f2fcfcd6
GP		 2176 return -ECONNREFUSED;
2177
47d1ec61 2178 chan->fcs = 0;
f2fcfcd6
GP		 2179
2180 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2181 sizeof(rfc), (unsigned long) &rfc);
2182 break;
2183 }
2184 }
2185
0c1bc5c6 2186 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2187 return -ECONNREFUSED;
2188
0c1bc5c6 2189 chan->mode = rfc.mode;
6c2ea7a8 2190
f2fcfcd6
GP		 2191 if (*result == L2CAP_CONF_SUCCESS) {
2192 switch (rfc.mode) {
2193 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2194 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2195 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2196 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2197 break;
2198 case L2CAP_MODE_STREAMING:
47d1ec61 2199 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2200 }
2201 }
2202
fe4128e0 2203 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2204 req->flags = cpu_to_le16(0x0000);
2205
2206 return ptr - data;
2207}
2208
fe4128e0 2209static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2210{
2211 struct l2cap_conf_rsp *rsp = data;
2212 void *ptr = rsp->data;
1da177e4 2213
fe4128e0 2214 BT_DBG("chan %p", chan);
1da177e4 2215
fe4128e0 2216 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2217 rsp->result = cpu_to_le16(result);
aca3192c 2218 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2219
2220 return ptr - data;
2221}
2222
8c1d787b 2223void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2224{
2225 struct l2cap_conn_rsp rsp;
8c1d787b 2226 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2227 u8 buf[128];
2228
fe4128e0
GP		 2229 rsp.scid = cpu_to_le16(chan->dcid);
2230 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2231 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2232 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2233 l2cap_send_cmd(conn, chan->ident,
2234 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2235
c1360a1c 2236 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2237 return;
2238
710f9b0a
GP		 2239 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2240 l2cap_build_conf_req(chan, buf), buf);
2241 chan->num_conf_req++;
2242}
2243
47d1ec61 2244static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2245{
7b1c0049
GP		 2246 int type, olen;
2247 unsigned long val;
2248 struct l2cap_conf_rfc rfc;
2249
47d1ec61 2250 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2251
0c1bc5c6 2252 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2253 return;
2254
2255 while (len >= L2CAP_CONF_OPT_SIZE) {
2256 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2257
2258 switch (type) {
2259 case L2CAP_CONF_RFC:
2260 if (olen == sizeof(rfc))
2261 memcpy(&rfc, (void *)val, olen);
2262 goto done;
2263 }
2264 }
2265
2266done:
2267 switch (rfc.mode) {
2268 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2269 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2270 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2271 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2272 break;
2273 case L2CAP_MODE_STREAMING:
47d1ec61 2274 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2275 }
2276}
2277
4e8402a3
MH		 2278static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2279{
2280 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2281
2282 if (rej->reason != 0x0000)
2283 return 0;
2284
2285 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2286 cmd->ident == conn->info_ident) {
4e8402a3 2287 del_timer(&conn->info_timer);
984947dc
MH		 2288
2289 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2290 conn->info_ident = 0;
984947dc 2291
4e8402a3
MH		 2292 l2cap_conn_start(conn);
2293 }
2294
2295 return 0;
2296}
2297
1da177e4
LT		 2298static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2299{
1da177e4
LT		 2300 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2301 struct l2cap_conn_rsp rsp;
23691d75 2302 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2303 struct sock *parent, *sk = NULL;
e7c29cb1 2304 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2305
2306 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2307 __le16 psm = req->psm;
1da177e4
LT		 2308
2309 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2310
2311 /* Check if we have socket listening on psm */
23691d75
GP		 2312 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2313 if (!pchan) {
1da177e4
LT		 2314 result = L2CAP_CR_BAD_PSM;
2315 goto sendresp;
2316 }
2317
23691d75
GP		 2318 parent = pchan->sk;
2319
e0f0cb56
GP		 2320 bh_lock_sock(parent);
2321
e7c29cb1
MH		 2322 /* Check if the ACL is secure enough (if not SDP) */
2323 if (psm != cpu_to_le16(0x0001) &&
2324 !hci_conn_check_link_mode(conn->hcon)) {
2950f21a 2325 conn->disc_reason = 0x05;
e7c29cb1
MH		 2326 result = L2CAP_CR_SEC_BLOCK;
2327 goto response;
2328 }
2329
1da177e4
LT		 2330 result = L2CAP_CR_NO_MEM;
2331
2332 /* Check for backlog size */
2333 if (sk_acceptq_is_full(parent)) {
8e87d142 2334 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2335 goto response;
2336 }
2337
80808e43
GP		 2338 chan = pchan->ops->new_connection(pchan->data);
2339 if (!chan)
1da177e4
LT		 2340 goto response;
2341
80808e43
GP		 2342 sk = chan->sk;
2343
baa7e1fa 2344 write_lock_bh(&conn->chan_lock);
1da177e4
LT		 2345
2346 /* Check if we already have channel with that dcid */
baa7e1fa
GP		 2347 if (__l2cap_get_chan_by_dcid(conn, scid)) {
2348 write_unlock_bh(&conn->chan_lock);
1da177e4 2349 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2350 chan->ops->close(chan->data);
1da177e4
LT		 2351 goto response;
2352 }
2353
2354 hci_conn_hold(conn->hcon);
2355
1da177e4
LT		 2356 bacpy(&bt_sk(sk)->src, conn->src);
2357 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2358 chan->psm = psm;
2359 chan->dcid = scid;
1da177e4 2360
d1010240
GP		 2361 bt_accept_enqueue(parent, sk);
2362
48454079
GP		 2363 __l2cap_chan_add(conn, chan);
2364
fe4128e0 2365 dcid = chan->scid;
1da177e4 2366
c9b66675 2367 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2368
fc7f8a7e 2369 chan->ident = cmd->ident;
1da177e4 2370
984947dc 2371 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
4343478f 2372 if (l2cap_check_security(chan)) {
f66dc81f 2373 if (bt_sk(sk)->defer_setup) {
89bc500e 2374 l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2375 result = L2CAP_CR_PEND;
2376 status = L2CAP_CS_AUTHOR_PEND;
2377 parent->sk_data_ready(parent, 0);
2378 } else {
89bc500e 2379 l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2380 result = L2CAP_CR_SUCCESS;
2381 status = L2CAP_CS_NO_INFO;
2382 }
79d554a6 2383 } else {
89bc500e 2384 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2385 result = L2CAP_CR_PEND;
2386 status = L2CAP_CS_AUTHEN_PEND;
2387 }
2388 } else {
89bc500e 2389 l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2390 result = L2CAP_CR_PEND;
2391 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2392 }
2393
baa7e1fa 2394 write_unlock_bh(&conn->chan_lock);
1da177e4
LT		 2395
2396response:
2397 bh_unlock_sock(parent);
2398
2399sendresp:
aca3192c
YH		 2400 rsp.scid = cpu_to_le16(scid);
2401 rsp.dcid = cpu_to_le16(dcid);
2402 rsp.result = cpu_to_le16(result);
2403 rsp.status = cpu_to_le16(status);
1da177e4 2404 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2405
2406 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2407 struct l2cap_info_req info;
2408 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2409
2410 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2411 conn->info_ident = l2cap_get_ident(conn);
2412
2413 mod_timer(&conn->info_timer, jiffies +
2414 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2415
2416 l2cap_send_cmd(conn, conn->info_ident,
2417 L2CAP_INFO_REQ, sizeof(info), &info);
2418 }
2419
c1360a1c 2420 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2421 result == L2CAP_CR_SUCCESS) {
2422 u8 buf[128];
c1360a1c 2423 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2424 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2425 l2cap_build_conf_req(chan, buf), buf);
2426 chan->num_conf_req++;
e9aeb2dd
GP		 2427 }
2428
1da177e4
LT		 2429 return 0;
2430}
2431
2432static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2433{
2434 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2435 u16 scid, dcid, result, status;
48454079 2436 struct l2cap_chan *chan;
1da177e4
LT		 2437 struct sock *sk;
2438 u8 req[128];
2439
2440 scid = __le16_to_cpu(rsp->scid);
2441 dcid = __le16_to_cpu(rsp->dcid);
2442 result = __le16_to_cpu(rsp->result);
2443 status = __le16_to_cpu(rsp->status);
2444
2445 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2446
2447 if (scid) {
baa7e1fa 2448 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2449 if (!chan)
57d3b22b 2450 return -EFAULT;
1da177e4 2451 } else {
baa7e1fa 2452 chan = l2cap_get_chan_by_ident(conn, cmd->ident);
48454079 2453 if (!chan)
57d3b22b 2454 return -EFAULT;
1da177e4
LT		 2455 }
2456
48454079
GP		 2457 sk = chan->sk;
2458
1da177e4
LT		 2459 switch (result) {
2460 case L2CAP_CR_SUCCESS:
89bc500e 2461 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2462 chan->ident = 0;
fe4128e0 2463 chan->dcid = dcid;
c1360a1c 2464 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2465
c1360a1c 2466 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2467 break;
2468
1da177e4 2469 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2470 l2cap_build_conf_req(chan, req), req);
2471 chan->num_conf_req++;
1da177e4
LT		 2472 break;
2473
2474 case L2CAP_CR_PEND:
c1360a1c 2475 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2476 break;
2477
2478 default:
a49184c2
AE		 2479 /* don't delete l2cap channel if sk is owned by user */
2480 if (sock_owned_by_user(sk)) {
89bc500e 2481 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2482 __clear_chan_timer(chan);
2483 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2484 break;
2485 }
2486
48454079 2487 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2488 break;
2489 }
2490
2491 bh_unlock_sock(sk);
2492 return 0;
2493}
2494
47d1ec61 2495static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2496{
2497 /* FCS is enabled only in ERTM or streaming mode, if one or both
2498 * sides request it.
2499 */
0c1bc5c6 2500 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2501 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2502 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2503 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2504}
2505
88219a0f 2506static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2507{
2508 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2509 u16 dcid, flags;
2510 u8 rsp[64];
48454079 2511 struct l2cap_chan *chan;
1da177e4 2512 struct sock *sk;
5dee9e7c 2513 int len;
1da177e4
LT		 2514
2515 dcid = __le16_to_cpu(req->dcid);
2516 flags = __le16_to_cpu(req->flags);
2517
2518 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2519
baa7e1fa 2520 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2521 if (!chan)
1da177e4
LT		 2522 return -ENOENT;
2523
48454079
GP		 2524 sk = chan->sk;
2525
89bc500e 2526 if (chan->state != BT_CONFIG) {
df6bd743
GP		 2527 struct l2cap_cmd_rej rej;
2528
2529 rej.reason = cpu_to_le16(0x0002);
2530 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2531 sizeof(rej), &rej);
354f60a9 2532 goto unlock;
df6bd743 2533 }
354f60a9 2534
5dee9e7c 2535 /* Reject if config buffer is too small. */
88219a0f 2536 len = cmd_len - sizeof(*req);
73ffa904 2537 if (chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2538 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2539 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2540 L2CAP_CONF_REJECT, flags), rsp);
2541 goto unlock;
2542 }
2543
2544 /* Store config. */
73ffa904
GP		 2545 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2546 chan->conf_len += len;
1da177e4
LT		 2547
2548 if (flags & 0x0001) {
2549 /* Incomplete config. Send empty response. */
2550 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2551 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2552 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2553 goto unlock;
2554 }
2555
2556 /* Complete config. */
73ffa904 2557 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2558 if (len < 0) {
e92c8e70 2559 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2560 goto unlock;
f2fcfcd6 2561 }
1da177e4 2562
5dee9e7c 2563 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2564 chan->num_conf_rsp++;
5dee9e7c 2565
5dee9e7c 2566 /* Reset config buffer. */
73ffa904 2567 chan->conf_len = 0;
5dee9e7c 2568
c1360a1c 2569 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2570 goto unlock;
2571
c1360a1c 2572 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2573 set_default_fcs(chan);
fcc203c3 2574
89bc500e 2575 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2576
42e5c802
GP		 2577 chan->next_tx_seq = 0;
2578 chan->expected_tx_seq = 0;
58d35f87 2579 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2580 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2581 l2cap_ertm_init(chan);
0565c1c2 2582
1da177e4 2583 l2cap_chan_ready(sk);
876d9484
MH		 2584 goto unlock;
2585 }
2586
c1360a1c 2587 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2588 u8 buf[64];
1da177e4 2589 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2590 l2cap_build_conf_req(chan, buf), buf);
2591 chan->num_conf_req++;
1da177e4
LT		 2592 }
2593
2594unlock:
2595 bh_unlock_sock(sk);
2596 return 0;
2597}
2598
2599static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2600{
2601 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2602 u16 scid, flags, result;
48454079 2603 struct l2cap_chan *chan;
1da177e4 2604 struct sock *sk;
7b1c0049 2605 int len = cmd->len - sizeof(*rsp);
1da177e4
LT		 2606
2607 scid = __le16_to_cpu(rsp->scid);
2608 flags = __le16_to_cpu(rsp->flags);
2609 result = __le16_to_cpu(rsp->result);
2610
af05b30b
GP		 2611 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2612 scid, flags, result);
1da177e4 2613
baa7e1fa 2614 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2615 if (!chan)
1da177e4
LT		 2616 return 0;
2617
48454079
GP		 2618 sk = chan->sk;
2619
1da177e4
LT		 2620 switch (result) {
2621 case L2CAP_CONF_SUCCESS:
47d1ec61 2622 l2cap_conf_rfc_get(chan, rsp->data, len);
1da177e4
LT		 2623 break;
2624
2625 case L2CAP_CONF_UNACCEPT:
73ffa904 2626 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 2627 char req[64];
2628
c2c77ec8 2629 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 2630 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 2631 goto done;
2632 }
2633
f2fcfcd6
GP		 2634 /* throw out any old stored conf requests */
2635 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 2636 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2637 req, &result);
f2fcfcd6 2638 if (len < 0) {
e92c8e70 2639 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 2640 goto done;
2641 }
2642
2643 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2644 L2CAP_CONF_REQ, len, req);
73ffa904 2645 chan->num_conf_req++;
f2fcfcd6
GP		 2646 if (result != L2CAP_CONF_SUCCESS)
2647 goto done;
2648 break;
1da177e4
LT		 2649 }
2650
8e87d142 2651 default:
b1235d79 2652 sk->sk_err = ECONNRESET;
c9b66675 2653 __set_chan_timer(chan, HZ * 5);
e92c8e70 2654 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 2655 goto done;
2656 }
2657
2658 if (flags & 0x01)
2659 goto done;
2660
c1360a1c 2661 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 2662
c1360a1c 2663 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 2664 set_default_fcs(chan);
fcc203c3 2665
89bc500e 2666 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 2667 chan->next_tx_seq = 0;
2668 chan->expected_tx_seq = 0;
58d35f87 2669 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2670 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2671 l2cap_ertm_init(chan);
0565c1c2 2672
1da177e4
LT		 2673 l2cap_chan_ready(sk);
2674 }
2675
2676done:
2677 bh_unlock_sock(sk);
2678 return 0;
2679}
2680
2681static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2682{
2683 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2684 struct l2cap_disconn_rsp rsp;
2685 u16 dcid, scid;
48454079 2686 struct l2cap_chan *chan;
1da177e4
LT		 2687 struct sock *sk;
2688
2689 scid = __le16_to_cpu(req->scid);
2690 dcid = __le16_to_cpu(req->dcid);
2691
2692 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2693
baa7e1fa 2694 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2695 if (!chan)
1da177e4
LT		 2696 return 0;
2697
48454079
GP		 2698 sk = chan->sk;
2699
fe4128e0
GP		 2700 rsp.dcid = cpu_to_le16(chan->scid);
2701 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 2702 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2703
2704 sk->sk_shutdown = SHUTDOWN_MASK;
2705
a49184c2
AE		 2706 /* don't delete l2cap channel if sk is owned by user */
2707 if (sock_owned_by_user(sk)) {
89bc500e 2708 l2cap_state_change(chan, BT_DISCONN);
c9b66675
GP		 2709 __clear_chan_timer(chan);
2710 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2711 bh_unlock_sock(sk);
2712 return 0;
2713 }
2714
48454079 2715 l2cap_chan_del(chan, ECONNRESET);
1da177e4
LT		 2716 bh_unlock_sock(sk);
2717
ba3bd0ee 2718 chan->ops->close(chan->data);
1da177e4
LT		 2719 return 0;
2720}
2721
2722static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2723{
2724 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2725 u16 dcid, scid;
48454079 2726 struct l2cap_chan *chan;
1da177e4
LT		 2727 struct sock *sk;
2728
2729 scid = __le16_to_cpu(rsp->scid);
2730 dcid = __le16_to_cpu(rsp->dcid);
2731
2732 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2733
baa7e1fa 2734 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2735 if (!chan)
1da177e4
LT		 2736 return 0;
2737
48454079
GP		 2738 sk = chan->sk;
2739
a49184c2
AE		 2740 /* don't delete l2cap channel if sk is owned by user */
2741 if (sock_owned_by_user(sk)) {
89bc500e 2742 l2cap_state_change(chan,BT_DISCONN);
c9b66675
GP		 2743 __clear_chan_timer(chan);
2744 __set_chan_timer(chan, HZ / 5);
a49184c2
AE		 2745 bh_unlock_sock(sk);
2746 return 0;
2747 }
2748
48454079 2749 l2cap_chan_del(chan, 0);
1da177e4
LT		 2750 bh_unlock_sock(sk);
2751
ba3bd0ee 2752 chan->ops->close(chan->data);
1da177e4
LT		 2753 return 0;
2754}
2755
2756static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2757{
2758 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 2759 u16 type;
2760
2761 type = __le16_to_cpu(req->type);
2762
2763 BT_DBG("type 0x%4.4x", type);
2764
f0709e03
MH		 2765 if (type == L2CAP_IT_FEAT_MASK) {
2766 u8 buf[8];
44dd46de 2767 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 2768 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2769 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2770 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 2771 if (!disable_ertm)
fcc203c3
GP		 2772 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2773 | L2CAP_FEAT_FCS;
1b7bf4ed 2774 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 2775 l2cap_send_cmd(conn, cmd->ident,
2776 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 2777 } else if (type == L2CAP_IT_FIXED_CHAN) {
2778 u8 buf[12];
2779 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2780 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2781 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2782 memcpy(buf + 4, l2cap_fixed_chan, 8);
2783 l2cap_send_cmd(conn, cmd->ident,
2784 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 2785 } else {
2786 struct l2cap_info_rsp rsp;
2787 rsp.type = cpu_to_le16(type);
2788 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2789 l2cap_send_cmd(conn, cmd->ident,
2790 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2791 }
1da177e4
LT		 2792
2793 return 0;
2794}
2795
2796static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2797{
2798 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2799 u16 type, result;
2800
2801 type = __le16_to_cpu(rsp->type);
2802 result = __le16_to_cpu(rsp->result);
2803
2804 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2805
e90165be
AE		 2806 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
2807 if (cmd->ident != conn->info_ident ||
2808 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
2809 return 0;
2810
4e8402a3
MH		 2811 del_timer(&conn->info_timer);
2812
adb08ede
VT		 2813 if (result != L2CAP_IR_SUCCESS) {
2814 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2815 conn->info_ident = 0;
2816
2817 l2cap_conn_start(conn);
2818
2819 return 0;
2820 }
2821
984947dc 2822 if (type == L2CAP_IT_FEAT_MASK) {
83985319 2823 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 2824
47ec1dcd 2825 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 2826 struct l2cap_info_req req;
2827 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2828
2829 conn->info_ident = l2cap_get_ident(conn);
2830
2831 l2cap_send_cmd(conn, conn->info_ident,
2832 L2CAP_INFO_REQ, sizeof(req), &req);
2833 } else {
2834 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2835 conn->info_ident = 0;
2836
2837 l2cap_conn_start(conn);
2838 }
2839 } else if (type == L2CAP_IT_FIXED_CHAN) {
984947dc 2840 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2841 conn->info_ident = 0;
984947dc
MH		 2842
2843 l2cap_conn_start(conn);
2844 }
4e8402a3 2845
1da177e4
LT		 2846 return 0;
2847}
2848
e2174ca4 2849static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 2850 u16 to_multiplier)
2851{
2852 u16 max_latency;
2853
2854 if (min > max || min < 6 || max > 3200)
2855 return -EINVAL;
2856
2857 if (to_multiplier < 10 || to_multiplier > 3200)
2858 return -EINVAL;
2859
2860 if (max >= to_multiplier * 8)
2861 return -EINVAL;
2862
2863 max_latency = (to_multiplier * 8 / max) - 1;
2864 if (latency > 499 || latency > max_latency)
2865 return -EINVAL;
2866
2867 return 0;
2868}
2869
2870static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
2871 struct l2cap_cmd_hdr *cmd, u8 *data)
2872{
2873 struct hci_conn *hcon = conn->hcon;
2874 struct l2cap_conn_param_update_req *req;
2875 struct l2cap_conn_param_update_rsp rsp;
2876 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 2877 int err;
de73115a
CT		 2878
2879 if (!(hcon->link_mode & HCI_LM_MASTER))
2880 return -EINVAL;
2881
2882 cmd_len = __le16_to_cpu(cmd->len);
2883 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
2884 return -EPROTO;
2885
2886 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 2887 min = __le16_to_cpu(req->min);
2888 max = __le16_to_cpu(req->max);
de73115a
CT		 2889 latency = __le16_to_cpu(req->latency);
2890 to_multiplier = __le16_to_cpu(req->to_multiplier);
2891
2892 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
2893 min, max, latency, to_multiplier);
2894
2895 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 2896
2897 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
2898 if (err)
de73115a
CT		 2899 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
2900 else
2901 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
2902
2903 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
2904 sizeof(rsp), &rsp);
2905
2ce603eb
CT		 2906 if (!err)
2907 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
2908
de73115a
CT		 2909 return 0;
2910}
2911
3300d9a9
CT		 2912static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
2913 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2914{
2915 int err = 0;
2916
2917 switch (cmd->code) {
2918 case L2CAP_COMMAND_REJ:
2919 l2cap_command_rej(conn, cmd, data);
2920 break;
2921
2922 case L2CAP_CONN_REQ:
2923 err = l2cap_connect_req(conn, cmd, data);
2924 break;
2925
2926 case L2CAP_CONN_RSP:
2927 err = l2cap_connect_rsp(conn, cmd, data);
2928 break;
2929
2930 case L2CAP_CONF_REQ:
2931 err = l2cap_config_req(conn, cmd, cmd_len, data);
2932 break;
2933
2934 case L2CAP_CONF_RSP:
2935 err = l2cap_config_rsp(conn, cmd, data);
2936 break;
2937
2938 case L2CAP_DISCONN_REQ:
2939 err = l2cap_disconnect_req(conn, cmd, data);
2940 break;
2941
2942 case L2CAP_DISCONN_RSP:
2943 err = l2cap_disconnect_rsp(conn, cmd, data);
2944 break;
2945
2946 case L2CAP_ECHO_REQ:
2947 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
2948 break;
2949
2950 case L2CAP_ECHO_RSP:
2951 break;
2952
2953 case L2CAP_INFO_REQ:
2954 err = l2cap_information_req(conn, cmd, data);
2955 break;
2956
2957 case L2CAP_INFO_RSP:
2958 err = l2cap_information_rsp(conn, cmd, data);
2959 break;
2960
2961 default:
2962 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
2963 err = -EINVAL;
2964 break;
2965 }
2966
2967 return err;
2968}
2969
2970static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
2971 struct l2cap_cmd_hdr *cmd, u8 *data)
2972{
2973 switch (cmd->code) {
2974 case L2CAP_COMMAND_REJ:
2975 return 0;
2976
2977 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 2978 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 2979
2980 case L2CAP_CONN_PARAM_UPDATE_RSP:
2981 return 0;
2982
2983 default:
2984 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
2985 return -EINVAL;
2986 }
2987}
2988
2989static inline void l2cap_sig_channel(struct l2cap_conn *conn,
2990 struct sk_buff *skb)
1da177e4
LT		 2991{
2992 u8 *data = skb->data;
2993 int len = skb->len;
2994 struct l2cap_cmd_hdr cmd;
3300d9a9 2995 int err;
1da177e4
LT		 2996
2997 l2cap_raw_recv(conn, skb);
2998
2999 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3000 u16 cmd_len;
1da177e4
LT		 3001 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3002 data += L2CAP_CMD_HDR_SIZE;
3003 len -= L2CAP_CMD_HDR_SIZE;
3004
88219a0f 3005 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3006
88219a0f 3007 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3008
88219a0f 3009 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3010 BT_DBG("corrupted command");
3011 break;
3012 }
3013
3300d9a9
CT		 3014 if (conn->hcon->type == LE_LINK)
3015 err = l2cap_le_sig_cmd(conn, &cmd, data);
3016 else
3017 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3018
3019 if (err) {
3020 struct l2cap_cmd_rej rej;
2c6d1a2e
GP		 3021
3022 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3023
3024 /* FIXME: Map err to a valid reason */
aca3192c 3025 rej.reason = cpu_to_le16(0);
1da177e4
LT		 3026 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3027 }
3028
88219a0f
AV		 3029 data += cmd_len;
3030 len -= cmd_len;
1da177e4
LT		 3031 }
3032
3033 kfree_skb(skb);
3034}
3035
47d1ec61 3036static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3037{
3038 u16 our_fcs, rcv_fcs;
3039 int hdr_size = L2CAP_HDR_SIZE + 2;
3040
47d1ec61 3041 if (chan->fcs == L2CAP_FCS_CRC16) {
fcc203c3
GP		 3042 skb_trim(skb, skb->len - 2);
3043 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3044 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3045
3046 if (our_fcs != rcv_fcs)
7a560e5c 3047 return -EBADMSG;
fcc203c3
GP		 3048 }
3049 return 0;
3050}
3051
525cd185 3052static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3053{
d5392c8f
GP		 3054 u16 control = 0;
3055
6a026610 3056 chan->frames_sent = 0;
d5392c8f 3057
42e5c802 3058 control |= chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
d5392c8f 3059
e2ab4353 3060 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
64988868 3061 control |= L2CAP_SUPER_RCV_NOT_READY;
525cd185 3062 l2cap_send_sframe(chan, control);
e2ab4353 3063 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3064 }
3065
e2ab4353 3066 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3067 l2cap_retransmit_frames(chan);
d5392c8f 3068
525cd185 3069 l2cap_ertm_send(chan);
d5392c8f 3070
e2ab4353 3071 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3072 chan->frames_sent == 0) {
d5392c8f 3073 control |= L2CAP_SUPER_RCV_READY;
525cd185 3074 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3075 }
3076}
3077
42e5c802 3078static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u8 tx_seq, u8 sar)
8f17154f
GP		 3079{
3080 struct sk_buff *next_skb;
bfbacc11 3081 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3082
3083 bt_cb(skb)->tx_seq = tx_seq;
3084 bt_cb(skb)->sar = sar;
3085
f1c6775b 3086 next_skb = skb_peek(&chan->srej_q);
8f17154f 3087 if (!next_skb) {
f1c6775b 3088 __skb_queue_tail(&chan->srej_q, skb);
9b53350d 3089 return 0;
8f17154f
GP		 3090 }
3091
42e5c802 3092 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
bfbacc11
JPRV		 3093 if (tx_seq_offset < 0)
3094 tx_seq_offset += 64;
3095
8f17154f 3096 do {
9b53350d
JPRV		 3097 if (bt_cb(next_skb)->tx_seq == tx_seq)
3098 return -EINVAL;
3099
bfbacc11 3100 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
42e5c802 3101 chan->buffer_seq) % 64;
bfbacc11
JPRV		 3102 if (next_tx_seq_offset < 0)
3103 next_tx_seq_offset += 64;
3104
3105 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3106 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3107 return 0;
8f17154f
GP		 3108 }
3109
f1c6775b 3110 if (skb_queue_is_last(&chan->srej_q, next_skb))
8f17154f
GP		 3111 break;
3112
f1c6775b 3113 } while ((next_skb = skb_queue_next(&chan->srej_q, next_skb)));
8f17154f 3114
f1c6775b 3115 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3116
3117 return 0;
8f17154f
GP		 3118}
3119
525cd185 3120static int l2cap_ertm_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
18778a63 3121{
18778a63 3122 struct sk_buff *_skb;
1890d36b 3123 int err;
18778a63
GP		 3124
3125 switch (control & L2CAP_CTRL_SAR) {
3126 case L2CAP_SDU_UNSEGMENTED:
e2ab4353 3127 if (test_bit(CONN_SAR_SDU, &chan->conn_state))
18778a63
GP		 3128 goto drop;
3129
23070494 3130 return chan->ops->recv(chan->data, skb);
18778a63
GP		 3131
3132 case L2CAP_SDU_START:
e2ab4353 3133 if (test_bit(CONN_SAR_SDU, &chan->conn_state))
18778a63
GP		 3134 goto drop;
3135
6f61fd47 3136 chan->sdu_len = get_unaligned_le16(skb->data);
18778a63 3137
0c1bc5c6 3138 if (chan->sdu_len > chan->imtu)
18778a63
GP		 3139 goto disconnect;
3140
6f61fd47
GP		 3141 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3142 if (!chan->sdu)
1890d36b
GP		 3143 return -ENOMEM;
3144
3145 /* pull sdu_len bytes only after alloc, because of Local Busy
3146 * condition we have to be sure that this will be executed
3147 * only once, i.e., when alloc does not fail */
3148 skb_pull(skb, 2);
18778a63 3149
6f61fd47 3150 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
18778a63 3151
e2ab4353 3152 set_bit(CONN_SAR_SDU, &chan->conn_state);
6f61fd47 3153 chan->partial_sdu_len = skb->len;
18778a63
GP		 3154 break;
3155
3156 case L2CAP_SDU_CONTINUE:
e2ab4353 3157 if (!test_bit(CONN_SAR_SDU, &chan->conn_state))
18778a63
GP		 3158 goto disconnect;
3159
6f61fd47 3160 if (!chan->sdu)
18778a63
GP		 3161 goto disconnect;
3162
6f61fd47
GP		 3163 chan->partial_sdu_len += skb->len;
3164 if (chan->partial_sdu_len > chan->sdu_len)
18778a63
GP		 3165 goto drop;
3166
6f61fd47 3167 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
4178ba46 3168
18778a63
GP		 3169 break;
3170
3171 case L2CAP_SDU_END:
e2ab4353 3172 if (!test_bit(CONN_SAR_SDU, &chan->conn_state))
18778a63
GP		 3173 goto disconnect;
3174
6f61fd47 3175 if (!chan->sdu)
18778a63
GP		 3176 goto disconnect;
3177
fadd192e 3178 chan->partial_sdu_len += skb->len;
18778a63 3179
fadd192e
MM		 3180 if (chan->partial_sdu_len > chan->imtu)
3181 goto drop;
18778a63 3182
fadd192e
MM		 3183 if (chan->partial_sdu_len != chan->sdu_len)
3184 goto drop;
4178ba46 3185
fadd192e 3186 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
18778a63 3187
6f61fd47 3188 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
1890d36b 3189 if (!_skb) {
1890d36b
GP		 3190 return -ENOMEM;
3191 }
3192
23070494 3193 err = chan->ops->recv(chan->data, _skb);
1890d36b 3194 if (err < 0) {
18778a63 3195 kfree_skb(_skb);
1890d36b
GP		 3196 return err;
3197 }
3198
e2ab4353 3199 clear_bit(CONN_SAR_SDU, &chan->conn_state);
18778a63 3200
6f61fd47 3201 kfree_skb(chan->sdu);
18778a63
GP		 3202 break;
3203 }
3204
3205 kfree_skb(skb);
1890d36b 3206 return 0;
18778a63
GP		 3207
3208drop:
6f61fd47
GP		 3209 kfree_skb(chan->sdu);
3210 chan->sdu = NULL;
18778a63
GP		 3211
3212disconnect:
8c1d787b 3213 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
18778a63
GP		 3214 kfree_skb(skb);
3215 return 0;
3216}
3217
26f880d2 3218static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3219{
712132eb 3220 u16 control;
712132eb 3221
26f880d2 3222 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3223
26f880d2
MM		 3224 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3225
3226 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3227 control |= L2CAP_SUPER_RCV_NOT_READY;
3228 l2cap_send_sframe(chan, control);
3229
3230 set_bit(CONN_RNR_SENT, &chan->conn_state);
3231
3232 __clear_ack_timer(chan);
3233}
3234
3235static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3236{
3237 u16 control;
712132eb 3238
e2ab4353 3239 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3240 goto done;
3241
42e5c802 3242 control = chan->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
712132eb 3243 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
525cd185 3244 l2cap_send_sframe(chan, control);
6a026610 3245 chan->retry_count = 1;
712132eb 3246
1a09bcb9
GP		 3247 __clear_retrans_timer(chan);
3248 __set_monitor_timer(chan);
712132eb 3249
e2ab4353 3250 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3251
3252done:
e2ab4353
GP		 3253 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3254 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3255
49208c9c 3256 BT_DBG("chan %p, Exit local busy", chan);
26f880d2
MM		 3257}
3258
e328140f
MM		 3259void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
3260{
3261 if (chan->mode == L2CAP_MODE_ERTM) {
3262 if (busy)
3263 l2cap_ertm_enter_local_busy(chan);
3264 else
3265 l2cap_ertm_exit_local_busy(chan);
3266 }
3267}
3268
525cd185 3269static int l2cap_streaming_reassembly_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u16 control)
c74e560c 3270{
c74e560c
GP		 3271 struct sk_buff *_skb;
3272 int err = -EINVAL;
3273
18778a63
GP		 3274 /*
3275 * TODO: We have to notify the userland if some data is lost with the
3276 * Streaming Mode.
3277 */
3278
c74e560c
GP		 3279 switch (control & L2CAP_CTRL_SAR) {
3280 case L2CAP_SDU_UNSEGMENTED:
e2ab4353 3281 if (test_bit(CONN_SAR_SDU, &chan->conn_state)) {
6f61fd47 3282 kfree_skb(chan->sdu);
c74e560c
GP		 3283 break;
3284 }
3285
23070494 3286 err = chan->ops->recv(chan->data, skb);
c74e560c
GP		 3287 if (!err)
3288 return 0;
3289
3290 break;
3291
3292 case L2CAP_SDU_START:
e2ab4353 3293 if (test_bit(CONN_SAR_SDU, &chan->conn_state)) {
6f61fd47 3294 kfree_skb(chan->sdu);
c74e560c
GP		 3295 break;
3296 }
3297
6f61fd47 3298 chan->sdu_len = get_unaligned_le16(skb->data);
c74e560c
GP		 3299 skb_pull(skb, 2);
3300
0c1bc5c6 3301 if (chan->sdu_len > chan->imtu) {
052897ca
GP		 3302 err = -EMSGSIZE;
3303 break;
3304 }
3305
6f61fd47
GP		 3306 chan->sdu = bt_skb_alloc(chan->sdu_len, GFP_ATOMIC);
3307 if (!chan->sdu) {
c74e560c
GP		 3308 err = -ENOMEM;
3309 break;
3310 }
3311
6f61fd47 3312 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3313
e2ab4353 3314 set_bit(CONN_SAR_SDU, &chan->conn_state);
6f61fd47 3315 chan->partial_sdu_len = skb->len;
c74e560c
GP		 3316 err = 0;
3317 break;
3318
3319 case L2CAP_SDU_CONTINUE:
e2ab4353 3320 if (!test_bit(CONN_SAR_SDU, &chan->conn_state))
c74e560c
GP		 3321 break;
3322
6f61fd47 3323 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3324
6f61fd47
GP		 3325 chan->partial_sdu_len += skb->len;
3326 if (chan->partial_sdu_len > chan->sdu_len)
3327 kfree_skb(chan->sdu);
c74e560c
GP		 3328 else
3329 err = 0;
3330
3331 break;
3332
3333 case L2CAP_SDU_END:
e2ab4353 3334 if (!test_bit(CONN_SAR_SDU, &chan->conn_state))
c74e560c
GP		 3335 break;
3336
6f61fd47 3337 memcpy(skb_put(chan->sdu, skb->len), skb->data, skb->len);
c74e560c 3338
e2ab4353 3339 clear_bit(CONN_SAR_SDU, &chan->conn_state);
6f61fd47 3340 chan->partial_sdu_len += skb->len;
c74e560c 3341
0c1bc5c6 3342 if (chan->partial_sdu_len > chan->imtu)
36f2fd58
GP		 3343 goto drop;
3344
6f61fd47
GP		 3345 if (chan->partial_sdu_len == chan->sdu_len) {
3346 _skb = skb_clone(chan->sdu, GFP_ATOMIC);
23070494 3347 err = chan->ops->recv(chan->data, _skb);
c74e560c
GP		 3348 if (err < 0)
3349 kfree_skb(_skb);
3350 }
c74e560c
GP		 3351 err = 0;
3352
36f2fd58 3353drop:
6f61fd47 3354 kfree_skb(chan->sdu);
c74e560c
GP		 3355 break;
3356 }
3357
3358 kfree_skb(skb);
3359 return err;
3360}
3361
525cd185 3362static void l2cap_check_srej_gap(struct l2cap_chan *chan, u8 tx_seq)
8f17154f
GP		 3363{
3364 struct sk_buff *skb;
afefdbc4 3365 u16 control;
8f17154f 3366
e328140f
MM		 3367 while ((skb = skb_peek(&chan->srej_q)) &&
3368 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3369 int err;
3370
8f17154f
GP		 3371 if (bt_cb(skb)->tx_seq != tx_seq)
3372 break;
3373
f1c6775b 3374 skb = skb_dequeue(&chan->srej_q);
afefdbc4 3375 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
e328140f
MM		 3376 err = l2cap_ertm_reassembly_sdu(chan, skb, control);
3377
3378 if (err < 0) {
3379 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3380 break;
3381 }
3382
42e5c802
GP		 3383 chan->buffer_seq_srej =
3384 (chan->buffer_seq_srej + 1) % 64;
8ff50ec0 3385 tx_seq = (tx_seq + 1) % 64;
8f17154f
GP		 3386 }
3387}
3388
525cd185 3389static void l2cap_resend_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3390{
8f17154f
GP		 3391 struct srej_list *l, *tmp;
3392 u16 control;
3393
39d5a3ee 3394 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3395 if (l->tx_seq == tx_seq) {
3396 list_del(&l->list);
3397 kfree(l);
3398 return;
3399 }
3400 control = L2CAP_SUPER_SELECT_REJECT;
3401 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3402 l2cap_send_sframe(chan, control);
8f17154f 3403 list_del(&l->list);
39d5a3ee 3404 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3405 }
3406}
3407
525cd185 3408static void l2cap_send_srejframe(struct l2cap_chan *chan, u8 tx_seq)
8f17154f 3409{
8f17154f
GP		 3410 struct srej_list *new;
3411 u16 control;
3412
42e5c802 3413 while (tx_seq != chan->expected_tx_seq) {
8f17154f 3414 control = L2CAP_SUPER_SELECT_REJECT;
42e5c802 3415 control |= chan->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
525cd185 3416 l2cap_send_sframe(chan, control);
8f17154f
GP		 3417
3418 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
42e5c802
GP		 3419 new->tx_seq = chan->expected_tx_seq;
3420 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
39d5a3ee 3421 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3422 }
42e5c802 3423 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f
GP		 3424}
3425
525cd185 3426static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
1c2acffb 3427{
1c2acffb 3428 u8 tx_seq = __get_txseq(rx_control);
9f121a5a 3429 u8 req_seq = __get_reqseq(rx_control);
8f17154f 3430 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
f6337c77 3431 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3432 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3433 int err = 0;
3434
525cd185
GP		 3435 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%4.4x", chan, skb->len,
3436 tx_seq, rx_control);
1c2acffb 3437
9b16dc65 3438 if (L2CAP_CTRL_FINAL & rx_control &&
e2ab4353 3439 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3440 __clear_monitor_timer(chan);
6a026610 3441 if (chan->unacked_frames > 0)
1a09bcb9 3442 __set_retrans_timer(chan);
e2ab4353 3443 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3444 }
3445
42e5c802
GP		 3446 chan->expected_ack_seq = req_seq;
3447 l2cap_drop_acked_frames(chan);
9f121a5a 3448
42e5c802 3449 tx_seq_offset = (tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3450 if (tx_seq_offset < 0)
3451 tx_seq_offset += 64;
3452
3453 /* invalid tx_seq */
47d1ec61 3454 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3455 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3456 goto drop;
3457 }
3458
e2ab4353 3459 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1890d36b
GP		 3460 goto drop;
3461
02f1b641
MM		 3462 if (tx_seq == chan->expected_tx_seq)
3463 goto expected;
3464
e2ab4353 3465 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3466 struct srej_list *first;
30afb5b2 3467
39d5a3ee 3468 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3469 struct srej_list, list);
3470 if (tx_seq == first->tx_seq) {
42e5c802 3471 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3472 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3473
3474 list_del(&first->list);
3475 kfree(first);
3476
39d5a3ee 3477 if (list_empty(&chan->srej_l)) {
42e5c802 3478 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3479 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3480 l2cap_send_ack(chan);
49208c9c 3481 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3482 }
3483 } else {
3484 struct srej_list *l;
9b53350d
JPRV		 3485
3486 /* duplicated tx_seq */
42e5c802 3487 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3488 goto drop;
8f17154f 3489
39d5a3ee 3490 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3491 if (l->tx_seq == tx_seq) {
525cd185 3492 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3493 return 0;
3494 }
3495 }
525cd185 3496 l2cap_send_srejframe(chan, tx_seq);
30afb5b2
GP		 3497 }
3498 } else {
9b53350d 3499 expected_tx_seq_offset =
42e5c802 3500 (chan->expected_tx_seq - chan->buffer_seq) % 64;
9b53350d
JPRV		 3501 if (expected_tx_seq_offset < 0)
3502 expected_tx_seq_offset += 64;
3503
3504 /* duplicated tx_seq */
3505 if (tx_seq_offset < expected_tx_seq_offset)
3506 goto drop;
3507
e2ab4353 3508 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 3509
49208c9c 3510 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 3511
39d5a3ee 3512 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 3513 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 3514
f1c6775b 3515 __skb_queue_head_init(&chan->srej_q);
42e5c802 3516 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 3517
e2ab4353 3518 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 3519
525cd185 3520 l2cap_send_srejframe(chan, tx_seq);
7fe9b298 3521
1a09bcb9 3522 __clear_ack_timer(chan);
1c2acffb 3523 }
30afb5b2
GP		 3524 return 0;
3525
8f17154f 3526expected:
42e5c802 3527 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
8f17154f 3528
e2ab4353 3529 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 3530 bt_cb(skb)->tx_seq = tx_seq;
3531 bt_cb(skb)->sar = sar;
f1c6775b 3532 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 3533 return 0;
3534 }
3535
fadd192e
MM		 3536 err = l2cap_ertm_reassembly_sdu(chan, skb, rx_control);
3537 chan->buffer_seq = (chan->buffer_seq + 1) % 64;
e328140f
MM		 3538 if (err < 0) {
3539 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3540 return err;
3541 }
2ece3684 3542
4ec10d97 3543 if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3544 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3545 l2cap_retransmit_frames(chan);
4ec10d97
GP		 3546 }
3547
1a09bcb9 3548 __set_ack_timer(chan);
c1b4f43b 3549
6a026610
GP		 3550 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
3551 if (chan->num_acked == num_to_ack - 1)
525cd185 3552 l2cap_send_ack(chan);
9e917af1 3553
8f17154f 3554 return 0;
9b53350d
JPRV		 3555
3556drop:
3557 kfree_skb(skb);
3558 return 0;
1c2acffb
GP		 3559}
3560
525cd185 3561static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u16 rx_control)
1c2acffb 3562{
49208c9c 3563 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, __get_reqseq(rx_control),
0e98958d
GP		 3564 rx_control);
3565
42e5c802
GP		 3566 chan->expected_ack_seq = __get_reqseq(rx_control);
3567 l2cap_drop_acked_frames(chan);
1c2acffb 3568
e072745f 3569 if (rx_control & L2CAP_CTRL_POLL) {
e2ab4353
GP		 3570 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3571 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3572 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3573 (chan->unacked_frames > 0))
1a09bcb9 3574 __set_retrans_timer(chan);
05fbd89d 3575
e2ab4353 3576 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 3577 l2cap_send_srejtail(chan);
05fbd89d 3578 } else {
525cd185 3579 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 3580 }
1d8f5d16 3581
e072745f 3582 } else if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3583 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 3584
e2ab4353 3585 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3586 l2cap_retransmit_frames(chan);
2246b2f1 3587
e072745f 3588 } else {
e2ab4353 3589 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 3590 (chan->unacked_frames > 0))
1a09bcb9 3591 __set_retrans_timer(chan);
1c2acffb 3592
e2ab4353
GP		 3593 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
3594 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 3595 l2cap_send_ack(chan);
894718a6 3596 else
525cd185 3597 l2cap_ertm_send(chan);
e072745f
GP		 3598 }
3599}
2246b2f1 3600
525cd185 3601static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3602{
e072745f 3603 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3604
525cd185 3605 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3606
e2ab4353 3607 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 3608
42e5c802
GP		 3609 chan->expected_ack_seq = tx_seq;
3610 l2cap_drop_acked_frames(chan);
e072745f
GP		 3611
3612 if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3613 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 3614 l2cap_retransmit_frames(chan);
e072745f 3615 } else {
525cd185 3616 l2cap_retransmit_frames(chan);
30afb5b2 3617
e2ab4353
GP		 3618 if (test_bit(CONN_WAIT_F, &chan->conn_state))
3619 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 3620 }
3621}
525cd185 3622static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3623{
e072745f 3624 u8 tx_seq = __get_reqseq(rx_control);
30afb5b2 3625
525cd185 3626 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3627
e2ab4353 3628 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 3629
e072745f 3630 if (rx_control & L2CAP_CTRL_POLL) {
42e5c802
GP		 3631 chan->expected_ack_seq = tx_seq;
3632 l2cap_drop_acked_frames(chan);
3cb123d1 3633
e2ab4353 3634 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 3635 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 3636
525cd185 3637 l2cap_ertm_send(chan);
dfc909be 3638
e2ab4353 3639 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3640 chan->srej_save_reqseq = tx_seq;
e2ab4353 3641 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3642 }
e072745f 3643 } else if (rx_control & L2CAP_CTRL_FINAL) {
e2ab4353 3644 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 3645 chan->srej_save_reqseq == tx_seq)
e2ab4353 3646 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 3647 else
525cd185 3648 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 3649 } else {
525cd185 3650 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 3651 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 3652 chan->srej_save_reqseq = tx_seq;
e2ab4353 3653 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 3654 }
e072745f
GP		 3655 }
3656}
3657
525cd185 3658static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u16 rx_control)
e072745f 3659{
e072745f
GP		 3660 u8 tx_seq = __get_reqseq(rx_control);
3661
525cd185 3662 BT_DBG("chan %p, req_seq %d ctrl 0x%4.4x", chan, tx_seq, rx_control);
0e98958d 3663
e2ab4353 3664 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 3665 chan->expected_ack_seq = tx_seq;
3666 l2cap_drop_acked_frames(chan);
e072745f 3667
3cb123d1 3668 if (rx_control & L2CAP_CTRL_POLL)
e2ab4353 3669 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 3670
e2ab4353 3671 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 3672 __clear_retrans_timer(chan);
a2e12a2a 3673 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3674 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 3675 return;
e072745f 3676 }
99b0d4b7
GP		 3677
3678 if (rx_control & L2CAP_CTRL_POLL)
525cd185 3679 l2cap_send_srejtail(chan);
99b0d4b7 3680 else
525cd185 3681 l2cap_send_sframe(chan, L2CAP_SUPER_RCV_READY);
e072745f
GP		 3682}
3683
525cd185 3684static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u16 rx_control, struct sk_buff *skb)
e072745f 3685{
525cd185 3686 BT_DBG("chan %p rx_control 0x%4.4x len %d", chan, rx_control, skb->len);
e072745f 3687
9b16dc65 3688 if (L2CAP_CTRL_FINAL & rx_control &&
e2ab4353 3689 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3690 __clear_monitor_timer(chan);
6a026610 3691 if (chan->unacked_frames > 0)
1a09bcb9 3692 __set_retrans_timer(chan);
e2ab4353 3693 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 3694 }
3695
3696 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3697 case L2CAP_SUPER_RCV_READY:
525cd185 3698 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 3699 break;
3700
e072745f 3701 case L2CAP_SUPER_REJECT:
525cd185 3702 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 3703 break;
2246b2f1 3704
e072745f 3705 case L2CAP_SUPER_SELECT_REJECT:
525cd185 3706 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 3707 break;
3708
3709 case L2CAP_SUPER_RCV_NOT_READY:
525cd185 3710 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 3711 break;
3712 }
3713
faaebd19 3714 kfree_skb(skb);
1c2acffb
GP		 3715 return 0;
3716}
3717
218bb9df
GP		 3718static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
3719{
525cd185 3720 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
218bb9df
GP		 3721 u16 control;
3722 u8 req_seq;
3723 int len, next_tx_seq_offset, req_seq_offset;
3724
3725 control = get_unaligned_le16(skb->data);
3726 skb_pull(skb, 2);
3727 len = skb->len;
3728
3729 /*
3730 * We can just drop the corrupted I-frame here.
3731 * Receiver will miss it and start proper recovery
3732 * procedures and ask retransmission.
3733 */
47d1ec61 3734 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 3735 goto drop;
3736
3737 if (__is_sar_start(control) && __is_iframe(control))
3738 len -= 2;
3739
47d1ec61 3740 if (chan->fcs == L2CAP_FCS_CRC16)
218bb9df
GP		 3741 len -= 2;
3742
47d1ec61 3743 if (len > chan->mps) {
8c1d787b 3744 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3745 goto drop;
3746 }
3747
3748 req_seq = __get_reqseq(control);
42e5c802 3749 req_seq_offset = (req_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3750 if (req_seq_offset < 0)
3751 req_seq_offset += 64;
3752
3753 next_tx_seq_offset =
42e5c802 3754 (chan->next_tx_seq - chan->expected_ack_seq) % 64;
218bb9df
GP		 3755 if (next_tx_seq_offset < 0)
3756 next_tx_seq_offset += 64;
3757
3758 /* check for invalid req-seq */
3759 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 3760 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3761 goto drop;
3762 }
3763
3764 if (__is_iframe(control)) {
3765 if (len < 0) {
8c1d787b 3766 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3767 goto drop;
3768 }
3769
525cd185 3770 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 3771 } else {
3772 if (len != 0) {
3773 BT_ERR("%d", len);
8c1d787b 3774 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 3775 goto drop;
3776 }
3777
525cd185 3778 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 3779 }
3780
3781 return 0;
3782
3783drop:
3784 kfree_skb(skb);
3785 return 0;
3786}
3787
1da177e4
LT		 3788static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3789{
48454079 3790 struct l2cap_chan *chan;
bf734843 3791 struct sock *sk = NULL;
51893f88 3792 u16 control;
218bb9df
GP		 3793 u8 tx_seq;
3794 int len;
1da177e4 3795
baa7e1fa 3796 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 3797 if (!chan) {
1da177e4
LT		 3798 BT_DBG("unknown cid 0x%4.4x", cid);
3799 goto drop;
3800 }
3801
48454079 3802 sk = chan->sk;
6840ed07 3803
49208c9c 3804 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 3805
89bc500e 3806 if (chan->state != BT_CONNECTED)
1da177e4
LT		 3807 goto drop;
3808
0c1bc5c6 3809 switch (chan->mode) {
1c2acffb
GP		 3810 case L2CAP_MODE_BASIC:
3811 /* If socket recv buffers overflows we drop data here
3812 * which is *bad* because L2CAP has to be reliable.
3813 * But we don't have any other choice. L2CAP doesn't
3814 * provide flow control mechanism. */
1da177e4 3815
0c1bc5c6 3816 if (chan->imtu < skb->len)
1c2acffb 3817 goto drop;
1da177e4 3818
23070494 3819 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 3820 goto done;
3821 break;
3822
3823 case L2CAP_MODE_ERTM:
218bb9df
GP		 3824 if (!sock_owned_by_user(sk)) {
3825 l2cap_ertm_data_rcv(sk, skb);
277ffbe3 3826 } else {
218bb9df 3827 if (sk_add_backlog(sk, skb))
277ffbe3 3828 goto drop;
277ffbe3 3829 }
1c2acffb 3830
fcafde2e 3831 goto done;
1c2acffb 3832
6840ed07
GP		 3833 case L2CAP_MODE_STREAMING:
3834 control = get_unaligned_le16(skb->data);
3835 skb_pull(skb, 2);
3836 len = skb->len;
3837
47d1ec61 3838 if (l2cap_check_fcs(chan, skb))
26000089
GP		 3839 goto drop;
3840
6840ed07
GP		 3841 if (__is_sar_start(control))
3842 len -= 2;
3843
47d1ec61 3844 if (chan->fcs == L2CAP_FCS_CRC16)
fcc203c3
GP		 3845 len -= 2;
3846
47d1ec61 3847 if (len > chan->mps || len < 0 || __is_sframe(control))
6840ed07
GP		 3848 goto drop;
3849
3850 tx_seq = __get_txseq(control);
3851
42e5c802
GP		 3852 if (chan->expected_tx_seq == tx_seq)
3853 chan->expected_tx_seq = (chan->expected_tx_seq + 1) % 64;
6840ed07 3854 else
42e5c802 3855 chan->expected_tx_seq = (tx_seq + 1) % 64;
6840ed07 3856
525cd185 3857 l2cap_streaming_reassembly_sdu(chan, skb, control);
6840ed07
GP		 3858
3859 goto done;
3860
1c2acffb 3861 default:
0c1bc5c6 3862 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 3863 break;
3864 }
1da177e4
LT		 3865
3866drop:
3867 kfree_skb(skb);
3868
3869done:
0139418c
MH		 3870 if (sk)
3871 bh_unlock_sock(sk);
3872
1da177e4
LT		 3873 return 0;
3874}
3875
8e036fc3 3876static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 3877{
6dcae1ea 3878 struct sock *sk = NULL;
23691d75 3879 struct l2cap_chan *chan;
1da177e4 3880
23691d75
GP		 3881 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
3882 if (!chan)
1da177e4
LT		 3883 goto drop;
3884
23691d75
GP		 3885 sk = chan->sk;
3886
e0f0cb56
GP		 3887 bh_lock_sock(sk);
3888
1da177e4
LT		 3889 BT_DBG("sk %p, len %d", sk, skb->len);
3890
89bc500e 3891 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 3892 goto drop;
3893
e13e21dc 3894 if (chan->imtu < skb->len)
1da177e4
LT		 3895 goto drop;
3896
23070494 3897 if (!chan->ops->recv(chan->data, skb))
1da177e4
LT		 3898 goto done;
3899
3900drop:
3901 kfree_skb(skb);
3902
3903done:
af05b30b
GP		 3904 if (sk)
3905 bh_unlock_sock(sk);
1da177e4
LT		 3906 return 0;
3907}
3908
9f69bda6
GP		 3909static inline int l2cap_att_channel(struct l2cap_conn *conn, __le16 cid, struct sk_buff *skb)
3910{
6dcae1ea 3911 struct sock *sk = NULL;
23691d75 3912 struct l2cap_chan *chan;
9f69bda6 3913
23691d75
GP		 3914 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
3915 if (!chan)
9f69bda6
GP		 3916 goto drop;
3917
23691d75
GP		 3918 sk = chan->sk;
3919
9f69bda6
GP		 3920 bh_lock_sock(sk);
3921
3922 BT_DBG("sk %p, len %d", sk, skb->len);
3923
89bc500e 3924 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 3925 goto drop;
3926
e13e21dc 3927 if (chan->imtu < skb->len)
9f69bda6
GP		 3928 goto drop;
3929
23070494 3930 if (!chan->ops->recv(chan->data, skb))
9f69bda6
GP		 3931 goto done;
3932
3933drop:
3934 kfree_skb(skb);
3935
3936done:
3937 if (sk)
3938 bh_unlock_sock(sk);
3939 return 0;
3940}
3941
1da177e4
LT		 3942static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3943{
3944 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 3945 u16 cid, len;
3946 __le16 psm;
1da177e4
LT		 3947
3948 skb_pull(skb, L2CAP_HDR_SIZE);
3949 cid = __le16_to_cpu(lh->cid);
3950 len = __le16_to_cpu(lh->len);
3951
1c2acffb
GP		 3952 if (len != skb->len) {
3953 kfree_skb(skb);
3954 return;
3955 }
3956
1da177e4
LT		 3957 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3958
3959 switch (cid) {
3300d9a9 3960 case L2CAP_CID_LE_SIGNALING:
8db4dc46 3961 case L2CAP_CID_SIGNALING:
1da177e4
LT		 3962 l2cap_sig_channel(conn, skb);
3963 break;
3964
8db4dc46 3965 case L2CAP_CID_CONN_LESS:
1b7bf4ed 3966 psm = get_unaligned_le16(skb->data);
1da177e4
LT		 3967 skb_pull(skb, 2);
3968 l2cap_conless_channel(conn, psm, skb);
3969 break;
3970
9f69bda6
GP		 3971 case L2CAP_CID_LE_DATA:
3972 l2cap_att_channel(conn, cid, skb);
3973 break;
3974
b501d6a1
AB		 3975 case L2CAP_CID_SMP:
3976 if (smp_sig_channel(conn, skb))
3977 l2cap_conn_del(conn->hcon, EACCES);
3978 break;
3979
1da177e4
LT		 3980 default:
3981 l2cap_data_channel(conn, cid, skb);
3982 break;
3983 }
3984}
3985
3986/* ---- L2CAP interface with lower layer (HCI) ---- */
3987
3988static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3989{
3990 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 3991 struct l2cap_chan *c;
1da177e4
LT		 3992
3993 if (type != ACL_LINK)
963cf687 3994 return -EINVAL;
1da177e4
LT		 3995
3996 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3997
3998 /* Find listening sockets and check their link_mode */
23691d75
GP		 3999 read_lock(&chan_list_lock);
4000 list_for_each_entry(c, &chan_list, global_l) {
4001 struct sock *sk = c->sk;
4343478f 4002
89bc500e 4003 if (c->state != BT_LISTEN)
1da177e4
LT		 4004 continue;
4005
4006 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4007 lm1 |= HCI_LM_ACCEPT;
23691d75 4008 if (c->role_switch)
2af6b9d5 4009 lm1 |= HCI_LM_MASTER;
1da177e4 4010 exact++;
2af6b9d5
MH		 4011 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4012 lm2 |= HCI_LM_ACCEPT;
23691d75 4013 if (c->role_switch)
2af6b9d5
MH		 4014 lm2 |= HCI_LM_MASTER;
4015 }
1da177e4 4016 }
23691d75 4017 read_unlock(&chan_list_lock);
1da177e4
LT		 4018
4019 return exact ? lm1 : lm2;
4020}
4021
4022static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4023{
0139418c
MH		 4024 struct l2cap_conn *conn;
4025
1da177e4
LT		 4026 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4027
acd7d370 4028 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4029 return -EINVAL;
1da177e4
LT		 4030
4031 if (!status) {
1da177e4
LT		 4032 conn = l2cap_conn_add(hcon, status);
4033 if (conn)
4034 l2cap_conn_ready(conn);
0139418c 4035 } else
e175072f 4036 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4037
4038 return 0;
4039}
4040
2950f21a
MH		 4041static int l2cap_disconn_ind(struct hci_conn *hcon)
4042{
4043 struct l2cap_conn *conn = hcon->l2cap_data;
4044
4045 BT_DBG("hcon %p", hcon);
4046
b5694506 4047 if ((hcon->type != ACL_LINK && hcon->type != LE_LINK) || !conn)
2950f21a
MH		 4048 return 0x13;
4049
4050 return conn->disc_reason;
4051}
4052
4053static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4054{
4055 BT_DBG("hcon %p reason %d", hcon, reason);
4056
acd7d370 4057 if (!(hcon->type == ACL_LINK || hcon->type == LE_LINK))
963cf687 4058 return -EINVAL;
1da177e4 4059
e175072f 4060 l2cap_conn_del(hcon, bt_to_errno(reason));
0139418c 4061
1da177e4
LT		 4062 return 0;
4063}
4064
4343478f 4065static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4066{
715ec005 4067 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4068 return;
4069
f62e4323 4070 if (encrypt == 0x00) {
4343478f 4071 if (chan->sec_level == BT_SECURITY_MEDIUM) {
c9b66675
GP		 4072 __clear_chan_timer(chan);
4073 __set_chan_timer(chan, HZ * 5);
4343478f 4074 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4075 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4076 } else {
4343478f 4077 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4078 __clear_chan_timer(chan);
f62e4323
MH		 4079 }
4080}
4081
8c1b2355 4082static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4083{
0139418c 4084 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4085 struct l2cap_chan *chan;
1da177e4 4086
0139418c 4087 if (!conn)
1da177e4 4088 return 0;
0139418c 4089
1da177e4
LT		 4090 BT_DBG("conn %p", conn);
4091
baa7e1fa 4092 read_lock(&conn->chan_lock);
1da177e4 4093
baa7e1fa 4094 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 4095 struct sock *sk = chan->sk;
baa7e1fa 4096
1da177e4
LT		 4097 bh_lock_sock(sk);
4098
f1cb9af5
VCG		 4099 BT_DBG("chan->scid %d", chan->scid);
4100
4101 if (chan->scid == L2CAP_CID_LE_DATA) {
4102 if (!status && encrypt) {
4103 chan->sec_level = hcon->sec_level;
5d3de7df 4104 del_timer(&conn->security_timer);
f1cb9af5 4105 l2cap_chan_ready(sk);
7034b911 4106 smp_distribute_keys(conn, 0);
f1cb9af5
VCG		 4107 }
4108
4109 bh_unlock_sock(sk);
4110 continue;
4111 }
4112
c1360a1c 4113 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6a8d3010
MH		 4114 bh_unlock_sock(sk);
4115 continue;
4116 }
4117
89bc500e
GP		 4118 if (!status && (chan->state == BT_CONNECTED ||
4119 chan->state == BT_CONFIG)) {
4343478f 4120 l2cap_check_encryption(chan, encrypt);
9719f8af
MH		 4121 bh_unlock_sock(sk);
4122 continue;
4123 }
4124
89bc500e 4125 if (chan->state == BT_CONNECT) {
b1235d79
MH		 4126 if (!status) {
4127 struct l2cap_conn_req req;
fe4128e0
GP		 4128 req.scid = cpu_to_le16(chan->scid);
4129 req.psm = chan->psm;
1da177e4 4130
fc7f8a7e 4131 chan->ident = l2cap_get_ident(conn);
c1360a1c 4132 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4 4133
fc7f8a7e 4134 l2cap_send_cmd(conn, chan->ident,
b1235d79
MH		 4135 L2CAP_CONN_REQ, sizeof(req), &req);
4136 } else {
c9b66675
GP		 4137 __clear_chan_timer(chan);
4138 __set_chan_timer(chan, HZ / 10);
b1235d79 4139 }
89bc500e 4140 } else if (chan->state == BT_CONNECT2) {
b1235d79 4141 struct l2cap_conn_rsp rsp;
df3c3931 4142 __u16 res, stat;
1da177e4 4143
b1235d79 4144 if (!status) {
df3c3931
JH		 4145 if (bt_sk(sk)->defer_setup) {
4146 struct sock *parent = bt_sk(sk)->parent;
4147 res = L2CAP_CR_PEND;
4148 stat = L2CAP_CS_AUTHOR_PEND;
4149 parent->sk_data_ready(parent, 0);
4150 } else {
05558911 4151 l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4152 res = L2CAP_CR_SUCCESS;
4153 stat = L2CAP_CS_NO_INFO;
4154 }
b1235d79 4155 } else {
89bc500e 4156 l2cap_state_change(chan, BT_DISCONN);
c9b66675 4157 __set_chan_timer(chan, HZ / 10);
df3c3931
JH		 4158 res = L2CAP_CR_SEC_BLOCK;
4159 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4160 }
4161
fe4128e0
GP		 4162 rsp.scid = cpu_to_le16(chan->dcid);
4163 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4164 rsp.result = cpu_to_le16(res);
4165 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4166 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4167 sizeof(rsp), &rsp);
b1235d79 4168 }
1da177e4
LT		 4169
4170 bh_unlock_sock(sk);
4171 }
4172
baa7e1fa 4173 read_unlock(&conn->chan_lock);
b1235d79 4174
1da177e4
LT		 4175 return 0;
4176}
4177
4178static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4179{
4180 struct l2cap_conn *conn = hcon->l2cap_data;
4181
5a08ecce
AE		 4182 if (!conn)
4183 conn = l2cap_conn_add(hcon, 0);
4184
4185 if (!conn)
1da177e4
LT		 4186 goto drop;
4187
4188 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4189
e702112f 4190 if (!(flags & ACL_CONT)) {
1da177e4 4191 struct l2cap_hdr *hdr;
48454079 4192 struct l2cap_chan *chan;
89794813 4193 u16 cid;
1da177e4
LT		 4194 int len;
4195
4196 if (conn->rx_len) {
4197 BT_ERR("Unexpected start frame (len %d)", skb->len);
4198 kfree_skb(conn->rx_skb);
4199 conn->rx_skb = NULL;
4200 conn->rx_len = 0;
4201 l2cap_conn_unreliable(conn, ECOMM);
4202 }
4203
aae7fe22
AE		 4204 /* Start fragment always begin with Basic L2CAP header */
4205 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4206 BT_ERR("Frame is too short (len %d)", skb->len);
4207 l2cap_conn_unreliable(conn, ECOMM);
4208 goto drop;
4209 }
4210
4211 hdr = (struct l2cap_hdr *) skb->data;
4212 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4213 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4214
4215 if (len == skb->len) {
4216 /* Complete frame received */
4217 l2cap_recv_frame(conn, skb);
4218 return 0;
4219 }
4220
4221 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4222
4223 if (skb->len > len) {
4224 BT_ERR("Frame is too long (len %d, expected len %d)",
4225 skb->len, len);
4226 l2cap_conn_unreliable(conn, ECOMM);
4227 goto drop;
4228 }
4229
baa7e1fa 4230 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4231
48454079
GP		 4232 if (chan && chan->sk) {
4233 struct sock *sk = chan->sk;
89794813 4234
0c1bc5c6 4235 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4236 BT_ERR("Frame exceeding recv MTU (len %d, "
4237 "MTU %d)", len,
0c1bc5c6 4238 chan->imtu);
48454079
GP		 4239 bh_unlock_sock(sk);
4240 l2cap_conn_unreliable(conn, ECOMM);
4241 goto drop;
4242 }
89794813 4243 bh_unlock_sock(sk);
48454079 4244 }
89794813 4245
1da177e4 4246 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4247 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4248 if (!conn->rx_skb)
1da177e4
LT		 4249 goto drop;
4250
d626f62b 4251 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4252 skb->len);
1da177e4
LT		 4253 conn->rx_len = len - skb->len;
4254 } else {
4255 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4256
4257 if (!conn->rx_len) {
4258 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4259 l2cap_conn_unreliable(conn, ECOMM);
4260 goto drop;
4261 }
4262
4263 if (skb->len > conn->rx_len) {
4264 BT_ERR("Fragment is too long (len %d, expected %d)",
4265 skb->len, conn->rx_len);
4266 kfree_skb(conn->rx_skb);
4267 conn->rx_skb = NULL;
4268 conn->rx_len = 0;
4269 l2cap_conn_unreliable(conn, ECOMM);
4270 goto drop;
4271 }
4272
d626f62b 4273 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4274 skb->len);
1da177e4
LT		 4275 conn->rx_len -= skb->len;
4276
4277 if (!conn->rx_len) {
4278 /* Complete frame received */
4279 l2cap_recv_frame(conn, conn->rx_skb);
4280 conn->rx_skb = NULL;
4281 }
4282 }
4283
4284drop:
4285 kfree_skb(skb);
4286 return 0;
4287}
4288
aef7d97c 4289static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4290{
23691d75 4291 struct l2cap_chan *c;
1da177e4 4292
23691d75 4293 read_lock_bh(&chan_list_lock);
1da177e4 4294
23691d75
GP		 4295 list_for_each_entry(c, &chan_list, global_l) {
4296 struct sock *sk = c->sk;
101545f6 4297
903d343e 4298 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4299 batostr(&bt_sk(sk)->src),
4300 batostr(&bt_sk(sk)->dst),
89bc500e 4301 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4302 c->scid, c->dcid, c->imtu, c->omtu,
4303 c->sec_level, c->mode);
05558911 4304}
1da177e4 4305
23691d75 4306 read_unlock_bh(&chan_list_lock);
1da177e4 4307
aef7d97c 4308 return 0;
1da177e4
LT		 4309}
4310
aef7d97c
MH		 4311static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4312{
4313 return single_open(file, l2cap_debugfs_show, inode->i_private);
4314}
4315
4316static const struct file_operations l2cap_debugfs_fops = {
4317 .open = l2cap_debugfs_open,
4318 .read = seq_read,
4319 .llseek = seq_lseek,
4320 .release = single_release,
4321};
4322
4323static struct dentry *l2cap_debugfs;
1da177e4 4324
1da177e4
LT		 4325static struct hci_proto l2cap_hci_proto = {
4326 .name = "L2CAP",
4327 .id = HCI_PROTO_L2CAP,
4328 .connect_ind = l2cap_connect_ind,
4329 .connect_cfm = l2cap_connect_cfm,
4330 .disconn_ind = l2cap_disconn_ind,
2950f21a 4331 .disconn_cfm = l2cap_disconn_cfm,
8c1b2355 4332 .security_cfm = l2cap_security_cfm,
1da177e4
LT		 4333 .recv_acldata = l2cap_recv_acldata
4334};
4335
64274518 4336int __init l2cap_init(void)
1da177e4
LT		 4337{
4338 int err;
be9d1227 4339
bb58f747 4340 err = l2cap_init_sockets();
1da177e4
LT		 4341 if (err < 0)
4342 return err;
4343
1da177e4
LT		 4344 err = hci_register_proto(&l2cap_hci_proto);
4345 if (err < 0) {
4346 BT_ERR("L2CAP protocol registration failed");
4347 bt_sock_unregister(BTPROTO_L2CAP);
4348 goto error;
4349 }
4350
aef7d97c
MH		 4351 if (bt_debugfs) {
4352 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4353 bt_debugfs, NULL, &l2cap_debugfs_fops);
4354 if (!l2cap_debugfs)
4355 BT_ERR("Failed to create L2CAP debug file");
4356 }
1da177e4 4357
1da177e4
LT		 4358 return 0;
4359
4360error:
bb58f747 4361 l2cap_cleanup_sockets();
1da177e4
LT		 4362 return err;
4363}
4364
64274518 4365void l2cap_exit(void)
1da177e4 4366{
aef7d97c 4367 debugfs_remove(l2cap_debugfs);
1da177e4 4368
1da177e4
LT		 4369 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4370 BT_ERR("L2CAP protocol unregistration failed");
4371
bb58f747 4372 l2cap_cleanup_sockets();
1da177e4
LT		 4373}
4374
d1c4a17d
GP		 4375module_param(disable_ertm, bool, 0644);
4376MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)