projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove err parameter from alloc_skb()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / l2cap_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
ce5706bd 4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5d8868ff 5 Copyright (C) 2010 Google Inc.
590051de 6 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 7
8 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License version 2 as
12 published by the Free Software Foundation;
13
14 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
17 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 18 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
19 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 21 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22
8e87d142
YH		 23 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
24 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 25 SOFTWARE IS DISCLAIMED.
26*/
27
bb58f747 28/* Bluetooth L2CAP core. */
1da177e4 29
1da177e4
LT		 30#include <linux/module.h>
31
32#include <linux/types.h>
4fc268d2 33#include <linux/capability.h>
1da177e4
LT		 34#include <linux/errno.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sched.h>
37#include <linux/slab.h>
38#include <linux/poll.h>
39#include <linux/fcntl.h>
40#include <linux/init.h>
41#include <linux/interrupt.h>
42#include <linux/socket.h>
43#include <linux/skbuff.h>
1da177e4 44#include <linux/list.h>
be9d1227 45#include <linux/device.h>
aef7d97c
MH		 46#include <linux/debugfs.h>
47#include <linux/seq_file.h>
af05b30b 48#include <linux/uaccess.h>
fcc203c3 49#include <linux/crc16.h>
1da177e4
LT		 50#include <net/sock.h>
51
1da177e4
LT		 52#include <asm/unaligned.h>
53
54#include <net/bluetooth/bluetooth.h>
55#include <net/bluetooth/hci_core.h>
56#include <net/bluetooth/l2cap.h>
b501d6a1 57#include <net/bluetooth/smp.h>
1da177e4 58
eb939922 59bool disable_ertm;
f0709e03 60
47ec1dcd 61static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
50a147cd 62static u8 l2cap_fixed_chan[8] = { L2CAP_FC_L2CAP, };
1da177e4 63
b5ad8b7f
JB		 64static LIST_HEAD(chan_list);
65static DEFINE_RWLOCK(chan_list_lock);
1da177e4 66
1da177e4
LT		 67static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
68 u8 code, u8 ident, u16 dlen, void *data);
4519de9a
GP		 69static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
70 void *data);
710f9b0a 71static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
4519de9a
GP		 72static void l2cap_send_disconn_req(struct l2cap_conn *conn,
73 struct l2cap_chan *chan, int err);
1da177e4 74
0139418c 75/* ---- L2CAP channels ---- */
71ba0e56 76
baa7e1fa 77static struct l2cap_chan *__l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid)
0139418c 78{
3df91ea2 79 struct l2cap_chan *c;
3d57dc68 80
3df91ea2
AE		 81 list_for_each_entry(c, &conn->chan_l, list) {
82 if (c->dcid == cid)
83 return c;
0139418c 84 }
3df91ea2 85 return NULL;
0139418c
MH		 86}
87
baa7e1fa 88static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 89{
3df91ea2 90 struct l2cap_chan *c;
3d57dc68 91
3df91ea2
AE		 92 list_for_each_entry(c, &conn->chan_l, list) {
93 if (c->scid == cid)
94 return c;
0139418c 95 }
3df91ea2 96 return NULL;
0139418c
MH		 97}
98
99/* Find channel with given SCID.
100 * Returns locked socket */
baa7e1fa 101static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid)
0139418c 102{
48454079 103 struct l2cap_chan *c;
baa7e1fa 104
3df91ea2 105 mutex_lock(&conn->chan_lock);
baa7e1fa 106 c = __l2cap_get_chan_by_scid(conn, cid);
3df91ea2
AE		 107 mutex_unlock(&conn->chan_lock);
108
48454079 109 return c;
0139418c
MH		 110}
111
baa7e1fa 112static struct l2cap_chan *__l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 113{
3df91ea2 114 struct l2cap_chan *c;
3d57dc68 115
3df91ea2
AE		 116 list_for_each_entry(c, &conn->chan_l, list) {
117 if (c->ident == ident)
118 return c;
0139418c 119 }
3df91ea2 120 return NULL;
0139418c
MH		 121}
122
baa7e1fa 123static inline struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, u8 ident)
0139418c 124{
48454079 125 struct l2cap_chan *c;
baa7e1fa 126
3df91ea2 127 mutex_lock(&conn->chan_lock);
baa7e1fa 128 c = __l2cap_get_chan_by_ident(conn, ident);
3df91ea2
AE		 129 mutex_unlock(&conn->chan_lock);
130
48454079 131 return c;
0139418c
MH		 132}
133
23691d75 134static struct l2cap_chan *__l2cap_global_chan_by_addr(__le16 psm, bdaddr_t *src)
9e4425ff 135{
23691d75 136 struct l2cap_chan *c;
9e4425ff 137
23691d75
GP		 138 list_for_each_entry(c, &chan_list, global_l) {
139 if (c->sport == psm && !bacmp(&bt_sk(c->sk)->src, src))
250938cb 140 return c;
9e4425ff 141 }
250938cb 142 return NULL;
9e4425ff
GP		 143}
144
145int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
146{
73b2ec18
GP		 147 int err;
148
333055f2 149 write_lock(&chan_list_lock);
9e4425ff 150
23691d75 151 if (psm && __l2cap_global_chan_by_addr(psm, src)) {
73b2ec18
GP		 152 err = -EADDRINUSE;
153 goto done;
9e4425ff
GP		 154 }
155
73b2ec18
GP		 156 if (psm) {
157 chan->psm = psm;
158 chan->sport = psm;
159 err = 0;
160 } else {
161 u16 p;
162
163 err = -EINVAL;
164 for (p = 0x1001; p < 0x1100; p += 2)
23691d75 165 if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) {
73b2ec18
GP		 166 chan->psm = cpu_to_le16(p);
167 chan->sport = cpu_to_le16(p);
168 err = 0;
169 break;
170 }
171 }
9e4425ff 172
73b2ec18 173done:
333055f2 174 write_unlock(&chan_list_lock);
73b2ec18 175 return err;
9e4425ff
GP		 176}
177
178int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
179{
333055f2 180 write_lock(&chan_list_lock);
9e4425ff
GP		 181
182 chan->scid = scid;
183
333055f2 184 write_unlock(&chan_list_lock);
9e4425ff
GP		 185
186 return 0;
187}
188
baa7e1fa 189static u16 l2cap_alloc_cid(struct l2cap_conn *conn)
0139418c 190{
8db4dc46 191 u16 cid = L2CAP_CID_DYN_START;
0139418c 192
8db4dc46 193 for (; cid < L2CAP_CID_DYN_END; cid++) {
baa7e1fa 194 if (!__l2cap_get_chan_by_scid(conn, cid))
0139418c
MH		 195 return cid;
196 }
197
198 return 0;
199}
200
0e587be7 201static void __l2cap_state_change(struct l2cap_chan *chan, int state)
89bc500e 202{
42d2d87c 203 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
badaaa00
GP		 204 state_to_string(state));
205
89bc500e
GP		 206 chan->state = state;
207 chan->ops->state_change(chan->data, state);
208}
209
0e587be7
AE		 210static void l2cap_state_change(struct l2cap_chan *chan, int state)
211{
212 struct sock *sk = chan->sk;
213
214 lock_sock(sk);
215 __l2cap_state_change(chan, state);
216 release_sock(sk);
217}
218
2e0052e4
AE		 219static inline void __l2cap_chan_set_err(struct l2cap_chan *chan, int err)
220{
221 struct sock *sk = chan->sk;
222
223 sk->sk_err = err;
224}
225
226static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
227{
228 struct sock *sk = chan->sk;
229
230 lock_sock(sk);
231 __l2cap_chan_set_err(chan, err);
232 release_sock(sk);
233}
234
721c4181 235static void l2cap_chan_timeout(struct work_struct *work)
ab07801d 236{
721c4181
GP		 237 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
238 chan_timer.work);
3df91ea2 239 struct l2cap_conn *conn = chan->conn;
ab07801d
GP		 240 int reason;
241
e05dcc32 242 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
ab07801d 243
3df91ea2 244 mutex_lock(&conn->chan_lock);
6be36555 245 l2cap_chan_lock(chan);
ab07801d 246
89bc500e 247 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
ab07801d 248 reason = ECONNREFUSED;
89bc500e 249 else if (chan->state == BT_CONNECT &&
ab07801d
GP		 250 chan->sec_level != BT_SECURITY_SDP)
251 reason = ECONNREFUSED;
252 else
253 reason = ETIMEDOUT;
254
0f852724 255 l2cap_chan_close(chan, reason);
ab07801d 256
6be36555 257 l2cap_chan_unlock(chan);
ab07801d 258
ba3bd0ee 259 chan->ops->close(chan->data);
3df91ea2
AE		 260 mutex_unlock(&conn->chan_lock);
261
371fd835 262 l2cap_chan_put(chan);
ab07801d
GP		 263}
264
eef1d9b6 265struct l2cap_chan *l2cap_chan_create(void)
48454079
GP		 266{
267 struct l2cap_chan *chan;
268
269 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
270 if (!chan)
271 return NULL;
272
c03b355e
AE		 273 mutex_init(&chan->lock);
274
333055f2 275 write_lock(&chan_list_lock);
23691d75 276 list_add(&chan->global_l, &chan_list);
333055f2 277 write_unlock(&chan_list_lock);
23691d75 278
721c4181 279 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
ab07801d 280
89bc500e
GP		 281 chan->state = BT_OPEN;
282
71ba0e56
GP		 283 atomic_set(&chan->refcnt, 1);
284
eef1d9b6 285 BT_DBG("chan %p", chan);
abc545b8 286
48454079
GP		 287 return chan;
288}
289
23691d75 290void l2cap_chan_destroy(struct l2cap_chan *chan)
6ff5abbf 291{
333055f2 292 write_lock(&chan_list_lock);
23691d75 293 list_del(&chan->global_l);
333055f2 294 write_unlock(&chan_list_lock);
23691d75 295
371fd835 296 l2cap_chan_put(chan);
6ff5abbf
GP		 297}
298
bd4b1653
AE		 299void l2cap_chan_set_defaults(struct l2cap_chan *chan)
300{
301 chan->fcs = L2CAP_FCS_CRC16;
302 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
303 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
304 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
305 chan->sec_level = BT_SECURITY_LOW;
306
307 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
308}
309
14a28491 310static void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
0139418c 311{
af05b30b 312 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
097db76c 313 __le16_to_cpu(chan->psm), chan->dcid);
0139418c 314
9f5a0d7b 315 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 316
8c1d787b 317 chan->conn = conn;
0139418c 318
5491120e
AE		 319 switch (chan->chan_type) {
320 case L2CAP_CHAN_CONN_ORIENTED:
b62f328b
VT		 321 if (conn->hcon->type == LE_LINK) {
322 /* LE connection */
0c1bc5c6 323 chan->omtu = L2CAP_LE_DEFAULT_MTU;
fe4128e0
GP		 324 chan->scid = L2CAP_CID_LE_DATA;
325 chan->dcid = L2CAP_CID_LE_DATA;
b62f328b
VT		 326 } else {
327 /* Alloc CID for connection-oriented socket */
fe4128e0 328 chan->scid = l2cap_alloc_cid(conn);
0c1bc5c6 329 chan->omtu = L2CAP_DEFAULT_MTU;
b62f328b 330 }
5491120e
AE		 331 break;
332
333 case L2CAP_CHAN_CONN_LESS:
0139418c 334 /* Connectionless socket */
fe4128e0
GP		 335 chan->scid = L2CAP_CID_CONN_LESS;
336 chan->dcid = L2CAP_CID_CONN_LESS;
0c1bc5c6 337 chan->omtu = L2CAP_DEFAULT_MTU;
5491120e
AE		 338 break;
339
340 default:
0139418c 341 /* Raw socket can send/recv signalling messages only */
fe4128e0
GP		 342 chan->scid = L2CAP_CID_SIGNALING;
343 chan->dcid = L2CAP_CID_SIGNALING;
0c1bc5c6 344 chan->omtu = L2CAP_DEFAULT_MTU;
0139418c
MH		 345 }
346
8f7975b1
AE		 347 chan->local_id = L2CAP_BESTEFFORT_ID;
348 chan->local_stype = L2CAP_SERV_BESTEFFORT;
349 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
350 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
351 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
352 chan->local_flush_to = L2CAP_DEFAULT_FLUSH_TO;
353
371fd835 354 l2cap_chan_hold(chan);
baa7e1fa 355
3df91ea2 356 list_add(&chan->list, &conn->chan_l);
643162a8
AE		 357}
358
14a28491 359static void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
643162a8
AE		 360{
361 mutex_lock(&conn->chan_lock);
362 __l2cap_chan_add(conn, chan);
3df91ea2 363 mutex_unlock(&conn->chan_lock);
0139418c
MH		 364}
365
4519de9a 366static void l2cap_chan_del(struct l2cap_chan *chan, int err)
0139418c 367{
48454079 368 struct sock *sk = chan->sk;
8c1d787b 369 struct l2cap_conn *conn = chan->conn;
0139418c
MH		 370 struct sock *parent = bt_sk(sk)->parent;
371
c9b66675 372 __clear_chan_timer(chan);
0139418c 373
49208c9c 374 BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
0139418c 375
8e87d142 376 if (conn) {
baa7e1fa 377 /* Delete from channel list */
3df91ea2 378 list_del(&chan->list);
3d57dc68 379
371fd835 380 l2cap_chan_put(chan);
baa7e1fa 381
8c1d787b 382 chan->conn = NULL;
0139418c
MH		 383 hci_conn_put(conn->hcon);
384 }
385
6be36555
AE		 386 lock_sock(sk);
387
0e587be7 388 __l2cap_state_change(chan, BT_CLOSED);
0139418c
MH		 389 sock_set_flag(sk, SOCK_ZAPPED);
390
391 if (err)
2e0052e4 392 __l2cap_chan_set_err(chan, err);
0139418c
MH		 393
394 if (parent) {
395 bt_accept_unlink(sk);
396 parent->sk_data_ready(parent, 0);
397 } else
398 sk->sk_state_change(sk);
c13ffa62 399
6be36555
AE		 400 release_sock(sk);
401
c1360a1c
GP		 402 if (!(test_bit(CONF_OUTPUT_DONE, &chan->conf_state) &&
403 test_bit(CONF_INPUT_DONE, &chan->conf_state)))
6ff5abbf 404 return;
2ead70b8 405
58d35f87 406 skb_queue_purge(&chan->tx_q);
c13ffa62 407
0c1bc5c6 408 if (chan->mode == L2CAP_MODE_ERTM) {
c13ffa62
GP		 409 struct srej_list *l, *tmp;
410
1a09bcb9
GP		 411 __clear_retrans_timer(chan);
412 __clear_monitor_timer(chan);
413 __clear_ack_timer(chan);
c13ffa62 414
f1c6775b 415 skb_queue_purge(&chan->srej_q);
c13ffa62 416
39d5a3ee 417 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
c13ffa62
GP		 418 list_del(&l->list);
419 kfree(l);
420 }
421 }
0139418c
MH		 422}
423
4519de9a
GP		 424static void l2cap_chan_cleanup_listen(struct sock *parent)
425{
426 struct sock *sk;
427
428 BT_DBG("parent %p", parent);
429
430 /* Close not yet accepted channels */
0f852724 431 while ((sk = bt_accept_dequeue(parent, NULL))) {
ba3bd0ee 432 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3df91ea2 433
6be36555 434 l2cap_chan_lock(chan);
c9b66675 435 __clear_chan_timer(chan);
ba3bd0ee 436 l2cap_chan_close(chan, ECONNRESET);
6be36555 437 l2cap_chan_unlock(chan);
3df91ea2 438
ba3bd0ee 439 chan->ops->close(chan->data);
0f852724 440 }
4519de9a
GP		 441}
442
0f852724 443void l2cap_chan_close(struct l2cap_chan *chan, int reason)
4519de9a
GP		 444{
445 struct l2cap_conn *conn = chan->conn;
446 struct sock *sk = chan->sk;
447
e05dcc32
AE		 448 BT_DBG("chan %p state %s sk %p", chan,
449 state_to_string(chan->state), sk);
4519de9a 450
89bc500e 451 switch (chan->state) {
4519de9a 452 case BT_LISTEN:
6be36555 453 lock_sock(sk);
4519de9a 454 l2cap_chan_cleanup_listen(sk);
89bc500e 455
0e587be7 456 __l2cap_state_change(chan, BT_CLOSED);
89bc500e 457 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 458 release_sock(sk);
4519de9a
GP		 459 break;
460
461 case BT_CONNECTED:
462 case BT_CONFIG:
715ec005 463 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a 464 conn->hcon->type == ACL_LINK) {
c9b66675 465 __set_chan_timer(chan, sk->sk_sndtimeo);
4519de9a
GP		 466 l2cap_send_disconn_req(conn, chan, reason);
467 } else
468 l2cap_chan_del(chan, reason);
469 break;
470
471 case BT_CONNECT2:
715ec005 472 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED &&
4519de9a
GP		 473 conn->hcon->type == ACL_LINK) {
474 struct l2cap_conn_rsp rsp;
475 __u16 result;
476
477 if (bt_sk(sk)->defer_setup)
478 result = L2CAP_CR_SEC_BLOCK;
479 else
480 result = L2CAP_CR_BAD_PSM;
89bc500e 481 l2cap_state_change(chan, BT_DISCONN);
4519de9a
GP		 482
483 rsp.scid = cpu_to_le16(chan->dcid);
484 rsp.dcid = cpu_to_le16(chan->scid);
485 rsp.result = cpu_to_le16(result);
486 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
487 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
488 sizeof(rsp), &rsp);
489 }
490
491 l2cap_chan_del(chan, reason);
492 break;
493
494 case BT_CONNECT:
495 case BT_DISCONN:
496 l2cap_chan_del(chan, reason);
497 break;
498
499 default:
6be36555 500 lock_sock(sk);
4519de9a 501 sock_set_flag(sk, SOCK_ZAPPED);
6be36555 502 release_sock(sk);
4519de9a
GP		 503 break;
504 }
505}
506
4343478f 507static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
79d554a6 508{
715ec005 509 if (chan->chan_type == L2CAP_CHAN_RAW) {
4343478f 510 switch (chan->sec_level) {
8556edd3
JH		 511 case BT_SECURITY_HIGH:
512 return HCI_AT_DEDICATED_BONDING_MITM;
513 case BT_SECURITY_MEDIUM:
514 return HCI_AT_DEDICATED_BONDING;
515 default:
516 return HCI_AT_NO_BONDING;
517 }
fe4128e0 518 } else if (chan->psm == cpu_to_le16(0x0001)) {
4343478f
GP		 519 if (chan->sec_level == BT_SECURITY_LOW)
520 chan->sec_level = BT_SECURITY_SDP;
0684e5f9 521
4343478f 522 if (chan->sec_level == BT_SECURITY_HIGH)
8556edd3 523 return HCI_AT_NO_BONDING_MITM;
00ae4af9 524 else
8556edd3 525 return HCI_AT_NO_BONDING;
00ae4af9 526 } else {
4343478f 527 switch (chan->sec_level) {
00ae4af9 528 case BT_SECURITY_HIGH:
8556edd3 529 return HCI_AT_GENERAL_BONDING_MITM;
00ae4af9 530 case BT_SECURITY_MEDIUM:
8556edd3 531 return HCI_AT_GENERAL_BONDING;
00ae4af9 532 default:
8556edd3 533 return HCI_AT_NO_BONDING;
00ae4af9 534 }
0684e5f9 535 }
8556edd3
JH		 536}
537
538/* Service level security */
d45fc423 539int l2cap_chan_check_security(struct l2cap_chan *chan)
8556edd3 540{
8c1d787b 541 struct l2cap_conn *conn = chan->conn;
8556edd3
JH		 542 __u8 auth_type;
543
4343478f 544 auth_type = l2cap_get_auth_type(chan);
79d554a6 545
4343478f 546 return hci_conn_security(conn->hcon, chan->sec_level, auth_type);
79d554a6
MH		 547}
548
b5ad8b7f 549static u8 l2cap_get_ident(struct l2cap_conn *conn)
4e8402a3
MH		 550{
551 u8 id;
552
553 /* Get next available identificator.
554 * 1 - 128 are used by kernel.
555 * 129 - 199 are reserved.
556 * 200 - 254 are used by utilities like l2ping, etc.
557 */
558
333055f2 559 spin_lock(&conn->lock);
4e8402a3
MH		 560
561 if (++conn->tx_ident > 128)
562 conn->tx_ident = 1;
563
564 id = conn->tx_ident;
565
333055f2 566 spin_unlock(&conn->lock);
4e8402a3
MH		 567
568 return id;
569}
570
4519de9a 571static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
4e8402a3
MH		 572{
573 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
e702112f 574 u8 flags;
4e8402a3
MH		 575
576 BT_DBG("code 0x%2.2x", code);
577
578 if (!skb)
9a9c6a34 579 return;
4e8402a3 580
e702112f
AE		 581 if (lmp_no_flush_capable(conn->hcon->hdev))
582 flags = ACL_START_NO_FLUSH;
583 else
584 flags = ACL_START;
585
14b12d0b 586 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON;
5e59b791 587 skb->priority = HCI_PRIO_MAX;
14b12d0b 588
73d80deb
LAD		 589 hci_send_acl(conn->hchan, skb, flags);
590}
591
592static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
593{
594 struct hci_conn *hcon = chan->conn->hcon;
595 u16 flags;
596
597 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
598 skb->priority);
599
600 if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
601 lmp_no_flush_capable(hcon->hdev))
602 flags = ACL_START_NO_FLUSH;
603 else
604 flags = ACL_START;
14b12d0b 605
73d80deb
LAD		 606 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
607 hci_send_acl(chan->conn->hchan, skb, flags);
4e8402a3
MH		 608}
609
88843ab0 610static inline void l2cap_send_sframe(struct l2cap_chan *chan, u32 control)
1c2acffb
GP		 611{
612 struct sk_buff *skb;
613 struct l2cap_hdr *lh;
8c1d787b 614 struct l2cap_conn *conn = chan->conn;
e4ca6d98 615 int count, hlen;
fcc203c3 616
89bc500e 617 if (chan->state != BT_CONNECTED)
c13ffa62
GP		 618 return;
619
e4ca6d98
AE		 620 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
621 hlen = L2CAP_EXT_HDR_SIZE;
622 else
623 hlen = L2CAP_ENH_HDR_SIZE;
624
47d1ec61 625 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 626 hlen += L2CAP_FCS_SIZE;
1c2acffb 627
88843ab0 628 BT_DBG("chan %p, control 0x%8.8x", chan, control);
1c2acffb 629
fcc203c3 630 count = min_t(unsigned int, conn->mtu, hlen);
793c2f1c
AE		 631
632 control |= __set_sframe(chan);
1c2acffb 633
e2ab4353 634 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 635 control |= __set_ctrl_final(chan);
9e917af1 636
e2ab4353 637 if (test_and_clear_bit(CONN_SEND_PBIT, &chan->conn_state))
e3781735 638 control |= __set_ctrl_poll(chan);
f0946ccf 639
1c2acffb
GP		 640 skb = bt_skb_alloc(count, GFP_ATOMIC);
641 if (!skb)
9a9c6a34 642 return;
1c2acffb
GP		 643
644 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fcc203c3 645 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
fe4128e0 646 lh->cid = cpu_to_le16(chan->dcid);
88843ab0
AE		 647
648 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1c2acffb 649
47d1ec61 650 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 651 u16 fcs = crc16(0, (u8 *)lh, count - L2CAP_FCS_SIZE);
652 put_unaligned_le16(fcs, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3
GP		 653 }
654
73d80deb
LAD		 655 skb->priority = HCI_PRIO_MAX;
656 l2cap_do_send(chan, skb);
1c2acffb
GP		 657}
658
88843ab0 659static inline void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, u32 control)
7e743090 660{
e2ab4353 661 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 662 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 663 set_bit(CONN_RNR_SENT, &chan->conn_state);
1890d36b 664 } else
ab784b73 665 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
7e743090 666
0b209fae 667 control |= __set_reqseq(chan, chan->buffer_seq);
2ab25cdd 668
525cd185 669 l2cap_send_sframe(chan, control);
7e743090
GP		 670}
671
b4450035 672static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
e501d055 673{
c1360a1c 674 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
e501d055
AE		 675}
676
9b27f350
AE		 677static void l2cap_send_conn_req(struct l2cap_chan *chan)
678{
679 struct l2cap_conn *conn = chan->conn;
680 struct l2cap_conn_req req;
681
682 req.scid = cpu_to_le16(chan->scid);
683 req.psm = chan->psm;
684
685 chan->ident = l2cap_get_ident(conn);
686
687 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
688
689 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
690}
691
fc7f8a7e 692static void l2cap_do_start(struct l2cap_chan *chan)
79d554a6 693{
8c1d787b 694 struct l2cap_conn *conn = chan->conn;
79d554a6
MH		 695
696 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
984947dc
MH		 697 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
698 return;
699
d45fc423 700 if (l2cap_chan_check_security(chan) &&
9b27f350
AE		 701 __l2cap_no_conn_pending(chan))
702 l2cap_send_conn_req(chan);
79d554a6
MH		 703 } else {
704 struct l2cap_info_req req;
705 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
706
707 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
708 conn->info_ident = l2cap_get_ident(conn);
709
ba13ccd9 710 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 711
712 l2cap_send_cmd(conn, conn->info_ident,
713 L2CAP_INFO_REQ, sizeof(req), &req);
714 }
715}
716
cf6c2c0b
GP		 717static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
718{
719 u32 local_feat_mask = l2cap_feat_mask;
d1c4a17d 720 if (!disable_ertm)
cf6c2c0b
GP		 721 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
722
723 switch (mode) {
724 case L2CAP_MODE_ERTM:
725 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
726 case L2CAP_MODE_STREAMING:
727 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
728 default:
729 return 0x00;
730 }
731}
732
4519de9a 733static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct l2cap_chan *chan, int err)
22121fc9 734{
6be36555 735 struct sock *sk = chan->sk;
22121fc9
GP		 736 struct l2cap_disconn_req req;
737
c13ffa62
GP		 738 if (!conn)
739 return;
740
0c1bc5c6 741 if (chan->mode == L2CAP_MODE_ERTM) {
1a09bcb9
GP		 742 __clear_retrans_timer(chan);
743 __clear_monitor_timer(chan);
744 __clear_ack_timer(chan);
c13ffa62
GP		 745 }
746
fe4128e0
GP		 747 req.dcid = cpu_to_le16(chan->dcid);
748 req.scid = cpu_to_le16(chan->scid);
22121fc9
GP		 749 l2cap_send_cmd(conn, l2cap_get_ident(conn),
750 L2CAP_DISCONN_REQ, sizeof(req), &req);
c13ffa62 751
6be36555 752 lock_sock(sk);
0e587be7 753 __l2cap_state_change(chan, BT_DISCONN);
2e0052e4 754 __l2cap_chan_set_err(chan, err);
6be36555 755 release_sock(sk);
22121fc9
GP		 756}
757
1da177e4 758/* ---- L2CAP connections ---- */
4e8402a3
MH		 759static void l2cap_conn_start(struct l2cap_conn *conn)
760{
3df91ea2 761 struct l2cap_chan *chan, *tmp;
4e8402a3
MH		 762
763 BT_DBG("conn %p", conn);
764
3df91ea2 765 mutex_lock(&conn->chan_lock);
4e8402a3 766
3df91ea2 767 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
48454079 768 struct sock *sk = chan->sk;
baa7e1fa 769
6be36555 770 l2cap_chan_lock(chan);
4e8402a3 771
715ec005 772 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 773 l2cap_chan_unlock(chan);
79d554a6
MH		 774 continue;
775 }
776
89bc500e 777 if (chan->state == BT_CONNECT) {
d45fc423 778 if (!l2cap_chan_check_security(chan) ||
b4450035 779 !__l2cap_no_conn_pending(chan)) {
6be36555 780 l2cap_chan_unlock(chan);
47731de7
GP		 781 continue;
782 }
79d554a6 783
c1360a1c
GP		 784 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
785 && test_bit(CONF_STATE2_DEVICE,
786 &chan->conf_state)) {
89bc500e 787 l2cap_chan_close(chan, ECONNRESET);
6be36555 788 l2cap_chan_unlock(chan);
47731de7 789 continue;
b1235d79 790 }
47731de7 791
9b27f350 792 l2cap_send_conn_req(chan);
47731de7 793
89bc500e 794 } else if (chan->state == BT_CONNECT2) {
79d554a6 795 struct l2cap_conn_rsp rsp;
e9aeb2dd 796 char buf[128];
fe4128e0
GP		 797 rsp.scid = cpu_to_le16(chan->dcid);
798 rsp.dcid = cpu_to_le16(chan->scid);
79d554a6 799
d45fc423 800 if (l2cap_chan_check_security(chan)) {
6be36555 801 lock_sock(sk);
f66dc81f
MH		 802 if (bt_sk(sk)->defer_setup) {
803 struct sock *parent = bt_sk(sk)->parent;
804 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
805 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
05e9a2f6
IK		 806 if (parent)
807 parent->sk_data_ready(parent, 0);
f66dc81f
MH		 808
809 } else {
0e587be7 810 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 811 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
812 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
813 }
6be36555 814 release_sock(sk);
79d554a6
MH		 815 } else {
816 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
817 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
818 }
819
fc7f8a7e
GP		 820 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
821 sizeof(rsp), &rsp);
e9aeb2dd 822
c1360a1c 823 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
e9aeb2dd 824 rsp.result != L2CAP_CR_SUCCESS) {
6be36555 825 l2cap_chan_unlock(chan);
e9aeb2dd
GP		 826 continue;
827 }
828
c1360a1c 829 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 830 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 831 l2cap_build_conf_req(chan, buf), buf);
832 chan->num_conf_req++;
4e8402a3
MH		 833 }
834
6be36555 835 l2cap_chan_unlock(chan);
4e8402a3
MH		 836 }
837
3df91ea2 838 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 839}
840
b62f328b
VT		 841/* Find socket with cid and source bdaddr.
842 * Returns closest match, locked.
843 */
d9b88702
AE		 844static struct l2cap_chan *l2cap_global_chan_by_scid(int state, u16 cid,
845 bdaddr_t *src)
b62f328b 846{
23691d75 847 struct l2cap_chan *c, *c1 = NULL;
b62f328b 848
23691d75 849 read_lock(&chan_list_lock);
b62f328b 850
23691d75
GP		 851 list_for_each_entry(c, &chan_list, global_l) {
852 struct sock *sk = c->sk;
fe4128e0 853
89bc500e 854 if (state && c->state != state)
b62f328b
VT		 855 continue;
856
23691d75 857 if (c->scid == cid) {
b62f328b 858 /* Exact match. */
23691d75
GP		 859 if (!bacmp(&bt_sk(sk)->src, src)) {
860 read_unlock(&chan_list_lock);
861 return c;
862 }
b62f328b
VT		 863
864 /* Closest match */
865 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 866 c1 = c;
b62f328b
VT		 867 }
868 }
280f294f 869
23691d75 870 read_unlock(&chan_list_lock);
b62f328b 871
23691d75 872 return c1;
b62f328b
VT		 873}
874
875static void l2cap_le_conn_ready(struct l2cap_conn *conn)
876{
c916fbe4 877 struct sock *parent, *sk;
23691d75 878 struct l2cap_chan *chan, *pchan;
b62f328b
VT		 879
880 BT_DBG("");
881
882 /* Check if we have socket listening on cid */
23691d75 883 pchan = l2cap_global_chan_by_scid(BT_LISTEN, L2CAP_CID_LE_DATA,
b62f328b 884 conn->src);
23691d75 885 if (!pchan)
b62f328b
VT		 886 return;
887
23691d75
GP		 888 parent = pchan->sk;
889
aa2ac881 890 lock_sock(parent);
62f3a2cf 891
b62f328b
VT		 892 /* Check for backlog size */
893 if (sk_acceptq_is_full(parent)) {
894 BT_DBG("backlog full %d", parent->sk_ack_backlog);
895 goto clean;
896 }
897
80808e43
GP		 898 chan = pchan->ops->new_connection(pchan->data);
899 if (!chan)
b62f328b
VT		 900 goto clean;
901
80808e43 902 sk = chan->sk;
5d41ce1d 903
b62f328b
VT		 904 hci_conn_hold(conn->hcon);
905
b62f328b
VT		 906 bacpy(&bt_sk(sk)->src, conn->src);
907 bacpy(&bt_sk(sk)->dst, conn->dst);
908
d1010240
GP		 909 bt_accept_enqueue(parent, sk);
910
3d57dc68 911 l2cap_chan_add(conn, chan);
48454079 912
c9b66675 913 __set_chan_timer(chan, sk->sk_sndtimeo);
b62f328b 914
0e587be7 915 __l2cap_state_change(chan, BT_CONNECTED);
b62f328b
VT		 916 parent->sk_data_ready(parent, 0);
917
b62f328b 918clean:
aa2ac881 919 release_sock(parent);
b62f328b
VT		 920}
921
cf4cd009 922static void l2cap_chan_ready(struct l2cap_chan *chan)
f1cb9af5 923{
cf4cd009 924 struct sock *sk = chan->sk;
6be36555
AE		 925 struct sock *parent;
926
927 lock_sock(sk);
928
929 parent = bt_sk(sk)->parent;
f1cb9af5
VCG		 930
931 BT_DBG("sk %p, parent %p", sk, parent);
932
933 chan->conf_state = 0;
934 __clear_chan_timer(chan);
935
0e587be7 936 __l2cap_state_change(chan, BT_CONNECTED);
f1cb9af5
VCG		 937 sk->sk_state_change(sk);
938
939 if (parent)
940 parent->sk_data_ready(parent, 0);
6be36555
AE		 941
942 release_sock(sk);
f1cb9af5
VCG		 943}
944
4e8402a3
MH		 945static void l2cap_conn_ready(struct l2cap_conn *conn)
946{
48454079 947 struct l2cap_chan *chan;
4e8402a3 948
79d554a6 949 BT_DBG("conn %p", conn);
4e8402a3 950
b62f328b
VT		 951 if (!conn->hcon->out && conn->hcon->type == LE_LINK)
952 l2cap_le_conn_ready(conn);
953
160dc6ac
VCG		 954 if (conn->hcon->out && conn->hcon->type == LE_LINK)
955 smp_conn_security(conn, conn->hcon->pending_sec_level);
956
3df91ea2 957 mutex_lock(&conn->chan_lock);
4e8402a3 958
3df91ea2 959 list_for_each_entry(chan, &conn->chan_l, list) {
baa7e1fa 960
6be36555 961 l2cap_chan_lock(chan);
4e8402a3 962
63128451 963 if (conn->hcon->type == LE_LINK) {
b501d6a1 964 if (smp_conn_security(conn, chan->sec_level))
cf4cd009 965 l2cap_chan_ready(chan);
acd7d370 966
63128451 967 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
6be36555 968 struct sock *sk = chan->sk;
c9b66675 969 __clear_chan_timer(chan);
6be36555 970 lock_sock(sk);
0e587be7 971 __l2cap_state_change(chan, BT_CONNECTED);
79d554a6 972 sk->sk_state_change(sk);
6be36555 973 release_sock(sk);
b501d6a1 974
89bc500e 975 } else if (chan->state == BT_CONNECT)
fc7f8a7e 976 l2cap_do_start(chan);
4e8402a3 977
6be36555 978 l2cap_chan_unlock(chan);
4e8402a3 979 }
79d554a6 980
3df91ea2 981 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 982}
983
984/* Notify sockets that we cannot guaranty reliability anymore */
985static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
986{
48454079 987 struct l2cap_chan *chan;
4e8402a3
MH		 988
989 BT_DBG("conn %p", conn);
990
3df91ea2 991 mutex_lock(&conn->chan_lock);
4e8402a3 992
3df91ea2 993 list_for_each_entry(chan, &conn->chan_l, list) {
ecf61bdb 994 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
2e0052e4 995 __l2cap_chan_set_err(chan, err);
4e8402a3
MH		 996 }
997
3df91ea2 998 mutex_unlock(&conn->chan_lock);
4e8402a3
MH		 999}
1000
f878fcad 1001static void l2cap_info_timeout(struct work_struct *work)
4e8402a3 1002{
f878fcad 1003 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
030013d8 1004 info_timer.work);
4e8402a3 1005
984947dc 1006 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 1007 conn->info_ident = 0;
984947dc 1008
4e8402a3
MH		 1009 l2cap_conn_start(conn);
1010}
1011
5d3de7df
VCG		 1012static void l2cap_conn_del(struct hci_conn *hcon, int err)
1013{
1014 struct l2cap_conn *conn = hcon->l2cap_data;
1015 struct l2cap_chan *chan, *l;
5d3de7df
VCG		 1016
1017 if (!conn)
1018 return;
1019
1020 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
1021
1022 kfree_skb(conn->rx_skb);
1023
3df91ea2
AE		 1024 mutex_lock(&conn->chan_lock);
1025
5d3de7df
VCG		 1026 /* Kill channels */
1027 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
6be36555
AE		 1028 l2cap_chan_lock(chan);
1029
5d3de7df 1030 l2cap_chan_del(chan, err);
6be36555
AE		 1031
1032 l2cap_chan_unlock(chan);
1033
5d3de7df
VCG		 1034 chan->ops->close(chan->data);
1035 }
1036
3df91ea2
AE		 1037 mutex_unlock(&conn->chan_lock);
1038
73d80deb
LAD		 1039 hci_chan_del(conn->hchan);
1040
5d3de7df 1041 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
127074bf 1042 cancel_delayed_work_sync(&conn->info_timer);
5d3de7df 1043
51a8efd7 1044 if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) {
127074bf 1045 cancel_delayed_work_sync(&conn->security_timer);
8aab4757 1046 smp_chan_destroy(conn);
d26a2345 1047 }
5d3de7df
VCG		 1048
1049 hcon->l2cap_data = NULL;
1050 kfree(conn);
1051}
1052
6c9d42a1 1053static void security_timeout(struct work_struct *work)
5d3de7df 1054{
6c9d42a1
GP		 1055 struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1056 security_timer.work);
5d3de7df
VCG		 1057
1058 l2cap_conn_del(conn->hcon, ETIMEDOUT);
1059}
1060
1da177e4
LT		 1061static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1062{
0139418c 1063 struct l2cap_conn *conn = hcon->l2cap_data;
73d80deb 1064 struct hci_chan *hchan;
1da177e4 1065
0139418c 1066 if (conn || status)
1da177e4
LT		 1067 return conn;
1068
73d80deb
LAD		 1069 hchan = hci_chan_create(hcon);
1070 if (!hchan)
1071 return NULL;
1072
0139418c 1073 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
73d80deb
LAD		 1074 if (!conn) {
1075 hci_chan_del(hchan);
1da177e4 1076 return NULL;
73d80deb 1077 }
1da177e4
LT		 1078
1079 hcon->l2cap_data = conn;
1080 conn->hcon = hcon;
73d80deb 1081 conn->hchan = hchan;
1da177e4 1082
73d80deb 1083 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
0139418c 1084
acd7d370
VT		 1085 if (hcon->hdev->le_mtu && hcon->type == LE_LINK)
1086 conn->mtu = hcon->hdev->le_mtu;
1087 else
1088 conn->mtu = hcon->hdev->acl_mtu;
1089
1da177e4
LT		 1090 conn->src = &hcon->hdev->bdaddr;
1091 conn->dst = &hcon->dst;
1092
4e8402a3
MH		 1093 conn->feat_mask = 0;
1094
1da177e4 1095 spin_lock_init(&conn->lock);
3df91ea2 1096 mutex_init(&conn->chan_lock);
baa7e1fa
GP		 1097
1098 INIT_LIST_HEAD(&conn->chan_l);
1da177e4 1099
5d3de7df 1100 if (hcon->type == LE_LINK)
6c9d42a1 1101 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
5d3de7df 1102 else
030013d8 1103 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout);
45054dc1 1104
9f5a0d7b 1105 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM;
2950f21a 1106
1da177e4
LT		 1107 return conn;
1108}
1109
1da177e4 1110/* ---- Socket interface ---- */
1da177e4
LT		 1111
1112/* Find socket with psm and source bdaddr.
1113 * Returns closest match.
1114 */
23691d75 1115static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, bdaddr_t *src)
1da177e4 1116{
23691d75 1117 struct l2cap_chan *c, *c1 = NULL;
1da177e4 1118
23691d75 1119 read_lock(&chan_list_lock);
e0f0cb56 1120
23691d75
GP		 1121 list_for_each_entry(c, &chan_list, global_l) {
1122 struct sock *sk = c->sk;
fe4128e0 1123
89bc500e 1124 if (state && c->state != state)
1da177e4
LT		 1125 continue;
1126
23691d75 1127 if (c->psm == psm) {
1da177e4 1128 /* Exact match. */
23691d75 1129 if (!bacmp(&bt_sk(sk)->src, src)) {
a7567b20 1130 read_unlock(&chan_list_lock);
23691d75
GP		 1131 return c;
1132 }
1da177e4
LT		 1133
1134 /* Closest match */
1135 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
23691d75 1136 c1 = c;
1da177e4
LT		 1137 }
1138 }
1da177e4 1139
23691d75 1140 read_unlock(&chan_list_lock);
e0f0cb56 1141
23691d75 1142 return c1;
1da177e4
LT		 1143}
1144
cbe8fed4 1145int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, bdaddr_t *dst)
1da177e4 1146{
5d41ce1d 1147 struct sock *sk = chan->sk;
1da177e4 1148 bdaddr_t *src = &bt_sk(sk)->src;
1da177e4
LT		 1149 struct l2cap_conn *conn;
1150 struct hci_conn *hcon;
1151 struct hci_dev *hdev;
09ab6f4c 1152 __u8 auth_type;
44d0e48e 1153 int err;
1da177e4 1154
f29972de 1155 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
097db76c 1156 __le16_to_cpu(chan->psm));
1da177e4 1157
af05b30b
GP		 1158 hdev = hci_get_route(dst, src);
1159 if (!hdev)
1da177e4
LT		 1160 return -EHOSTUNREACH;
1161
09fd0de5 1162 hci_dev_lock(hdev);
1da177e4 1163
6be36555 1164 l2cap_chan_lock(chan);
03a00194
GP		 1165
1166 /* PSM must be odd and lsb of upper byte must be 0 */
1167 if ((__le16_to_cpu(psm) & 0x0101) != 0x0001 && !cid &&
1168 chan->chan_type != L2CAP_CHAN_RAW) {
1169 err = -EINVAL;
1170 goto done;
1171 }
1172
1173 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) {
1174 err = -EINVAL;
1175 goto done;
1176 }
1177
1178 switch (chan->mode) {
1179 case L2CAP_MODE_BASIC:
1180 break;
1181 case L2CAP_MODE_ERTM:
1182 case L2CAP_MODE_STREAMING:
1183 if (!disable_ertm)
1184 break;
1185 /* fall through */
1186 default:
1187 err = -ENOTSUPP;
1188 goto done;
1189 }
1190
6be36555
AE		 1191 lock_sock(sk);
1192
03a00194
GP		 1193 switch (sk->sk_state) {
1194 case BT_CONNECT:
1195 case BT_CONNECT2:
1196 case BT_CONFIG:
1197 /* Already connecting */
1198 err = 0;
6be36555 1199 release_sock(sk);
03a00194
GP		 1200 goto done;
1201
1202 case BT_CONNECTED:
1203 /* Already connected */
1204 err = -EISCONN;
6be36555 1205 release_sock(sk);
03a00194
GP		 1206 goto done;
1207
1208 case BT_OPEN:
1209 case BT_BOUND:
1210 /* Can connect */
1211 break;
1212
1213 default:
1214 err = -EBADFD;
6be36555 1215 release_sock(sk);
03a00194
GP		 1216 goto done;
1217 }
1218
1219 /* Set destination address and psm */
9219b2a0 1220 bacpy(&bt_sk(sk)->dst, dst);
6be36555
AE		 1221
1222 release_sock(sk);
1223
03a00194
GP		 1224 chan->psm = psm;
1225 chan->dcid = cid;
1da177e4 1226
4343478f 1227 auth_type = l2cap_get_auth_type(chan);
09ab6f4c 1228
fe4128e0 1229 if (chan->dcid == L2CAP_CID_LE_DATA)
acd7d370 1230 hcon = hci_connect(hdev, LE_LINK, dst,
4343478f 1231 chan->sec_level, auth_type);
acd7d370
VT		 1232 else
1233 hcon = hci_connect(hdev, ACL_LINK, dst,
4343478f 1234 chan->sec_level, auth_type);
acd7d370 1235
30e76272
VT		 1236 if (IS_ERR(hcon)) {
1237 err = PTR_ERR(hcon);
1da177e4 1238 goto done;
30e76272 1239 }
1da177e4
LT		 1240
1241 conn = l2cap_conn_add(hcon, 0);
1242 if (!conn) {
1243 hci_conn_put(hcon);
30e76272 1244 err = -ENOMEM;
1da177e4
LT		 1245 goto done;
1246 }
1247
1da177e4
LT		 1248 /* Update source addr of the socket */
1249 bacpy(src, conn->src);
1250
6be36555 1251 l2cap_chan_unlock(chan);
48454079 1252 l2cap_chan_add(conn, chan);
6be36555 1253 l2cap_chan_lock(chan);
48454079 1254
6be36555 1255 l2cap_state_change(chan, BT_CONNECT);
c9b66675 1256 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4
LT		 1257
1258 if (hcon->state == BT_CONNECTED) {
715ec005 1259 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
c9b66675 1260 __clear_chan_timer(chan);
d45fc423 1261 if (l2cap_chan_check_security(chan))
6be36555 1262 l2cap_state_change(chan, BT_CONNECTED);
79d554a6 1263 } else
fc7f8a7e 1264 l2cap_do_start(chan);
1da177e4
LT		 1265 }
1266
30e76272
VT		 1267 err = 0;
1268
1da177e4 1269done:
6be36555 1270 l2cap_chan_unlock(chan);
09fd0de5 1271 hci_dev_unlock(hdev);
1da177e4
LT		 1272 hci_dev_put(hdev);
1273 return err;
1274}
1275
dcba0dba 1276int __l2cap_wait_ack(struct sock *sk)
6161c038 1277{
8c1d787b 1278 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
6161c038
GP		 1279 DECLARE_WAITQUEUE(wait, current);
1280 int err = 0;
1281 int timeo = HZ/5;
1282
2b0b05dd 1283 add_wait_queue(sk_sleep(sk), &wait);
a71a0cf4
PH		 1284 set_current_state(TASK_INTERRUPTIBLE);
1285 while (chan->unacked_frames > 0 && chan->conn) {
6161c038
GP		 1286 if (!timeo)
1287 timeo = HZ/5;
1288
1289 if (signal_pending(current)) {
1290 err = sock_intr_errno(timeo);
1291 break;
1292 }
1293
1294 release_sock(sk);
1295 timeo = schedule_timeout(timeo);
1296 lock_sock(sk);
a71a0cf4 1297 set_current_state(TASK_INTERRUPTIBLE);
6161c038
GP		 1298
1299 err = sock_error(sk);
1300 if (err)
1301 break;
1302 }
1303 set_current_state(TASK_RUNNING);
2b0b05dd 1304 remove_wait_queue(sk_sleep(sk), &wait);
6161c038
GP		 1305 return err;
1306}
1307
721c4181 1308static void l2cap_monitor_timeout(struct work_struct *work)
e90bac06 1309{
721c4181
GP		 1310 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1311 monitor_timer.work);
e90bac06 1312
525cd185 1313 BT_DBG("chan %p", chan);
0e98958d 1314
6be36555
AE		 1315 l2cap_chan_lock(chan);
1316
2c03a7a4 1317 if (chan->retry_count >= chan->remote_max_tx) {
8c1d787b 1318 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
6be36555 1319 l2cap_chan_unlock(chan);
8d7e1c7f 1320 l2cap_chan_put(chan);
e90bac06
GP		 1321 return;
1322 }
1323
6a026610 1324 chan->retry_count++;
1a09bcb9 1325 __set_monitor_timer(chan);
e90bac06 1326
525cd185 1327 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555 1328 l2cap_chan_unlock(chan);
8d7e1c7f 1329 l2cap_chan_put(chan);
e90bac06
GP		 1330}
1331
721c4181 1332static void l2cap_retrans_timeout(struct work_struct *work)
e90bac06 1333{
721c4181
GP		 1334 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1335 retrans_timer.work);
e90bac06 1336
49208c9c 1337 BT_DBG("chan %p", chan);
0e98958d 1338
6be36555
AE		 1339 l2cap_chan_lock(chan);
1340
6a026610 1341 chan->retry_count = 1;
1a09bcb9 1342 __set_monitor_timer(chan);
e90bac06 1343
e2ab4353 1344 set_bit(CONN_WAIT_F, &chan->conn_state);
e90bac06 1345
525cd185 1346 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_POLL);
6be36555
AE		 1347
1348 l2cap_chan_unlock(chan);
8d7e1c7f 1349 l2cap_chan_put(chan);
e90bac06
GP		 1350}
1351
42e5c802 1352static void l2cap_drop_acked_frames(struct l2cap_chan *chan)
1da177e4 1353{
1c2acffb 1354 struct sk_buff *skb;
1da177e4 1355
58d35f87 1356 while ((skb = skb_peek(&chan->tx_q)) &&
6a026610 1357 chan->unacked_frames) {
42e5c802 1358 if (bt_cb(skb)->tx_seq == chan->expected_ack_seq)
1c2acffb 1359 break;
1da177e4 1360
58d35f87 1361 skb = skb_dequeue(&chan->tx_q);
1c2acffb 1362 kfree_skb(skb);
1da177e4 1363
6a026610 1364 chan->unacked_frames--;
1c2acffb 1365 }
1da177e4 1366
6a026610 1367 if (!chan->unacked_frames)
1a09bcb9 1368 __clear_retrans_timer(chan);
1c2acffb 1369}
1da177e4 1370
67c9e840 1371static void l2cap_streaming_send(struct l2cap_chan *chan)
6840ed07 1372{
ccbb84af 1373 struct sk_buff *skb;
88843ab0
AE		 1374 u32 control;
1375 u16 fcs;
6840ed07 1376
58d35f87 1377 while ((skb = skb_dequeue(&chan->tx_q))) {
88843ab0 1378 control = __get_control(chan, skb->data + L2CAP_HDR_SIZE);
fb45de7d 1379 control |= __set_txseq(chan, chan->next_tx_seq);
88843ab0 1380 __put_control(chan, control, skb->data + L2CAP_HDR_SIZE);
6840ed07 1381
47d1ec61 1382 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1383 fcs = crc16(0, (u8 *)skb->data,
1384 skb->len - L2CAP_FCS_SIZE);
1385 put_unaligned_le16(fcs,
1386 skb->data + skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1387 }
1388
4343478f 1389 l2cap_do_send(chan, skb);
6840ed07 1390
836be934 1391 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
6840ed07 1392 }
6840ed07
GP		 1393}
1394
fb45de7d 1395static void l2cap_retransmit_one_frame(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 1396{
8f17154f 1397 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1398 u16 fcs;
1399 u32 control;
8f17154f 1400
58d35f87 1401 skb = skb_peek(&chan->tx_q);
f11d676d
GP		 1402 if (!skb)
1403 return;
8f17154f 1404
d1726b6d 1405 while (bt_cb(skb)->tx_seq != tx_seq) {
58d35f87 1406 if (skb_queue_is_last(&chan->tx_q, skb))
f11d676d 1407 return;
8f17154f 1408
d1726b6d
SJ		 1409 skb = skb_queue_next(&chan->tx_q, skb);
1410 }
8f17154f 1411
2c03a7a4
GP		 1412 if (chan->remote_max_tx &&
1413 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1414 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
f11d676d
GP		 1415 return;
1416 }
1417
1418 tx_skb = skb_clone(skb, GFP_ATOMIC);
1419 bt_cb(skb)->retries++;
88843ab0
AE		 1420
1421 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1422 control &= __get_sar_mask(chan);
3cb123d1 1423
e2ab4353 1424 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1425 control |= __set_ctrl_final(chan);
95ffa978 1426
0b209fae 1427 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1428 control |= __set_txseq(chan, tx_seq);
3cb123d1 1429
88843ab0 1430 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
f11d676d 1431
47d1ec61 1432 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1433 fcs = crc16(0, (u8 *)tx_skb->data,
1434 tx_skb->len - L2CAP_FCS_SIZE);
1435 put_unaligned_le16(fcs,
1436 tx_skb->data + tx_skb->len - L2CAP_FCS_SIZE);
f11d676d
GP		 1437 }
1438
4343478f 1439 l2cap_do_send(chan, tx_skb);
8f17154f
GP		 1440}
1441
67c9e840 1442static int l2cap_ertm_send(struct l2cap_chan *chan)
1c2acffb
GP		 1443{
1444 struct sk_buff *skb, *tx_skb;
88843ab0
AE		 1445 u16 fcs;
1446 u32 control;
9a9c6a34 1447 int nsent = 0;
1c2acffb 1448
89bc500e 1449 if (chan->state != BT_CONNECTED)
c13ffa62 1450 return -ENOTCONN;
e90bac06 1451
58d35f87 1452 while ((skb = chan->tx_send_head) && (!l2cap_tx_window_full(chan))) {
1c2acffb 1453
2c03a7a4
GP		 1454 if (chan->remote_max_tx &&
1455 bt_cb(skb)->retries == chan->remote_max_tx) {
8c1d787b 1456 l2cap_send_disconn_req(chan->conn, chan, ECONNABORTED);
e90bac06
GP		 1457 break;
1458 }
1459
e420aba3
AE		 1460 tx_skb = skb_clone(skb, GFP_ATOMIC);
1461
e90bac06
GP		 1462 bt_cb(skb)->retries++;
1463
88843ab0 1464 control = __get_control(chan, tx_skb->data + L2CAP_HDR_SIZE);
7e0ef6ee 1465 control &= __get_sar_mask(chan);
95ffa978 1466
e2ab4353 1467 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
03f6715d 1468 control |= __set_ctrl_final(chan);
e2ab4353 1469
0b209fae 1470 control |= __set_reqseq(chan, chan->buffer_seq);
fb45de7d 1471 control |= __set_txseq(chan, chan->next_tx_seq);
1c2acffb 1472
88843ab0 1473 __put_control(chan, control, tx_skb->data + L2CAP_HDR_SIZE);
e90bac06 1474
47d1ec61 1475 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213
AE		 1476 fcs = crc16(0, (u8 *)skb->data,
1477 tx_skb->len - L2CAP_FCS_SIZE);
1478 put_unaligned_le16(fcs, skb->data +
1479 tx_skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 1480 }
1481
4343478f 1482 l2cap_do_send(chan, tx_skb);
9a9c6a34 1483
1a09bcb9 1484 __set_retrans_timer(chan);
1c2acffb 1485
42e5c802 1486 bt_cb(skb)->tx_seq = chan->next_tx_seq;
836be934
AE		 1487
1488 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1c2acffb 1489
8ed7a0ae 1490 if (bt_cb(skb)->retries == 1) {
6a026610 1491 chan->unacked_frames++;
930fa4ae
SJ		 1492
1493 if (!nsent++)
1494 __clear_ack_timer(chan);
8ed7a0ae 1495 }
23e9fde2 1496
6a026610 1497 chan->frames_sent++;
1c2acffb 1498
58d35f87
GP		 1499 if (skb_queue_is_last(&chan->tx_q, skb))
1500 chan->tx_send_head = NULL;
1c2acffb 1501 else
58d35f87 1502 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1c2acffb
GP		 1503 }
1504
9e917af1
GP		 1505 return nsent;
1506}
1507
525cd185 1508static int l2cap_retransmit_frames(struct l2cap_chan *chan)
dfc909be 1509{
dfc909be
GP		 1510 int ret;
1511
58d35f87
GP		 1512 if (!skb_queue_empty(&chan->tx_q))
1513 chan->tx_send_head = chan->tx_q.next;
dfc909be 1514
42e5c802 1515 chan->next_tx_seq = chan->expected_ack_seq;
525cd185 1516 ret = l2cap_ertm_send(chan);
dfc909be
GP		 1517 return ret;
1518}
1519
b17e73bb 1520static void __l2cap_send_ack(struct l2cap_chan *chan)
9e917af1 1521{
88843ab0 1522 u32 control = 0;
9e917af1 1523
0b209fae 1524 control |= __set_reqseq(chan, chan->buffer_seq);
9e917af1 1525
e2ab4353 1526 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 1527 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
e2ab4353 1528 set_bit(CONN_RNR_SENT, &chan->conn_state);
525cd185 1529 l2cap_send_sframe(chan, control);
9a9c6a34 1530 return;
9e917af1 1531 }
dfc909be 1532
525cd185 1533 if (l2cap_ertm_send(chan) > 0)
dfc909be
GP		 1534 return;
1535
ab784b73 1536 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 1537 l2cap_send_sframe(chan, control);
1c2acffb
GP		 1538}
1539
b17e73bb
SJ		 1540static void l2cap_send_ack(struct l2cap_chan *chan)
1541{
1542 __clear_ack_timer(chan);
1543 __l2cap_send_ack(chan);
1544}
1545
525cd185 1546static void l2cap_send_srejtail(struct l2cap_chan *chan)
99b0d4b7
GP		 1547{
1548 struct srej_list *tail;
88843ab0 1549 u32 control;
99b0d4b7 1550
ab784b73 1551 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
03f6715d 1552 control |= __set_ctrl_final(chan);
99b0d4b7 1553
39d5a3ee 1554 tail = list_entry((&chan->srej_l)->prev, struct srej_list, list);
0b209fae 1555 control |= __set_reqseq(chan, tail->tx_seq);
99b0d4b7 1556
525cd185 1557 l2cap_send_sframe(chan, control);
99b0d4b7
GP		 1558}
1559
04124681
GP		 1560static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
1561 struct msghdr *msg, int len,
1562 int count, struct sk_buff *skb)
1c2acffb 1563{
0952a57a 1564 struct l2cap_conn *conn = chan->conn;
1c2acffb 1565 struct sk_buff **frag;
90338947 1566 int sent = 0;
1da177e4 1567
59203a21 1568 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1c2acffb 1569 return -EFAULT;
1da177e4
LT		 1570
1571 sent += count;
1572 len -= count;
1573
1574 /* Continuation fragments (no L2CAP header) */
1575 frag = &skb_shinfo(skb)->frag_list;
1576 while (len) {
1577 count = min_t(unsigned int, conn->mtu, len);
1578
2f7719ce 1579 *frag = chan->ops->alloc_skb(chan, count,
90338947 1580 msg->msg_flags & MSG_DONTWAIT);
2f7719ce 1581
90338947
GP		 1582 if (IS_ERR(*frag))
1583 return PTR_ERR(*frag);
1c2acffb
GP		 1584 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1585 return -EFAULT;
1da177e4 1586
5e59b791
LAD		 1587 (*frag)->priority = skb->priority;
1588
1da177e4
LT		 1589 sent += count;
1590 len -= count;
1591
1592 frag = &(*frag)->next;
1593 }
1da177e4
LT		 1594
1595 return sent;
1c2acffb 1596}
1da177e4 1597
5e59b791
LAD		 1598static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
1599 struct msghdr *msg, size_t len,
1600 u32 priority)
1c2acffb 1601{
8c1d787b 1602 struct l2cap_conn *conn = chan->conn;
1c2acffb 1603 struct sk_buff *skb;
03a51213 1604 int err, count, hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE;
1c2acffb
GP		 1605 struct l2cap_hdr *lh;
1606
6d5922b0 1607 BT_DBG("chan %p len %d priority %u", chan, (int)len, priority);
1c2acffb
GP		 1608
1609 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1610
1611 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1612 msg->msg_flags & MSG_DONTWAIT);
1613 if (IS_ERR(skb))
1614 return skb;
1c2acffb 1615
5e59b791
LAD		 1616 skb->priority = priority;
1617
1c2acffb
GP		 1618 /* Create L2CAP header */
1619 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1620 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1621 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
097db76c 1622 put_unaligned(chan->psm, skb_put(skb, 2));
1c2acffb 1623
0952a57a 1624 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1625 if (unlikely(err < 0)) {
1626 kfree_skb(skb);
1627 return ERR_PTR(err);
1628 }
1629 return skb;
1630}
1631
5e59b791
LAD		 1632static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
1633 struct msghdr *msg, size_t len,
1634 u32 priority)
1c2acffb 1635{
8c1d787b 1636 struct l2cap_conn *conn = chan->conn;
1c2acffb
GP		 1637 struct sk_buff *skb;
1638 int err, count, hlen = L2CAP_HDR_SIZE;
1639 struct l2cap_hdr *lh;
1640
6d5922b0 1641 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb
GP		 1642
1643 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1644
1645 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1646 msg->msg_flags & MSG_DONTWAIT);
1647 if (IS_ERR(skb))
1648 return skb;
1c2acffb 1649
5e59b791
LAD		 1650 skb->priority = priority;
1651
1c2acffb
GP		 1652 /* Create L2CAP header */
1653 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1654 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb
GP		 1655 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1656
0952a57a 1657 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1658 if (unlikely(err < 0)) {
1659 kfree_skb(skb);
1660 return ERR_PTR(err);
1661 }
1662 return skb;
1663}
1664
ab0ff76d
LAD		 1665static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
1666 struct msghdr *msg, size_t len,
88843ab0 1667 u32 control, u16 sdulen)
1c2acffb 1668{
8c1d787b 1669 struct l2cap_conn *conn = chan->conn;
1c2acffb 1670 struct sk_buff *skb;
e4ca6d98 1671 int err, count, hlen;
1c2acffb
GP		 1672 struct l2cap_hdr *lh;
1673
6d5922b0 1674 BT_DBG("chan %p len %d", chan, (int)len);
1c2acffb 1675
0ee0d208
GP		 1676 if (!conn)
1677 return ERR_PTR(-ENOTCONN);
1678
e4ca6d98
AE		 1679 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1680 hlen = L2CAP_EXT_HDR_SIZE;
1681 else
1682 hlen = L2CAP_ENH_HDR_SIZE;
1683
c74e560c 1684 if (sdulen)
03a51213 1685 hlen += L2CAP_SDULEN_SIZE;
c74e560c 1686
47d1ec61 1687 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1688 hlen += L2CAP_FCS_SIZE;
fcc203c3 1689
1c2acffb 1690 count = min_t(unsigned int, (conn->mtu - hlen), len);
2f7719ce
AE		 1691
1692 skb = chan->ops->alloc_skb(chan, count + hlen,
90338947
GP		 1693 msg->msg_flags & MSG_DONTWAIT);
1694 if (IS_ERR(skb))
1695 return skb;
1c2acffb
GP		 1696
1697 /* Create L2CAP header */
1698 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
fe4128e0 1699 lh->cid = cpu_to_le16(chan->dcid);
1c2acffb 1700 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
88843ab0
AE		 1701
1702 __put_control(chan, control, skb_put(skb, __ctrl_size(chan)));
1703
c74e560c 1704 if (sdulen)
03a51213 1705 put_unaligned_le16(sdulen, skb_put(skb, L2CAP_SDULEN_SIZE));
1c2acffb 1706
0952a57a 1707 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
1c2acffb
GP		 1708 if (unlikely(err < 0)) {
1709 kfree_skb(skb);
1710 return ERR_PTR(err);
1711 }
e90bac06 1712
47d1ec61 1713 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 1714 put_unaligned_le16(0, skb_put(skb, L2CAP_FCS_SIZE));
fcc203c3 1715
e90bac06 1716 bt_cb(skb)->retries = 0;
1c2acffb 1717 return skb;
1da177e4
LT		 1718}
1719
67c9e840 1720static int l2cap_sar_segment_sdu(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
c74e560c 1721{
c74e560c
GP		 1722 struct sk_buff *skb;
1723 struct sk_buff_head sar_queue;
88843ab0 1724 u32 control;
c74e560c
GP		 1725 size_t size = 0;
1726
ff12fd64 1727 skb_queue_head_init(&sar_queue);
7e0ef6ee 1728 control = __set_ctrl_sar(chan, L2CAP_SAR_START);
47d1ec61 1729 skb = l2cap_create_iframe_pdu(chan, msg, chan->remote_mps, control, len);
c74e560c
GP		 1730 if (IS_ERR(skb))
1731 return PTR_ERR(skb);
1732
1733 __skb_queue_tail(&sar_queue, skb);
2c03a7a4
GP		 1734 len -= chan->remote_mps;
1735 size += chan->remote_mps;
c74e560c
GP		 1736
1737 while (len > 0) {
1738 size_t buflen;
1739
2c03a7a4 1740 if (len > chan->remote_mps) {
7e0ef6ee 1741 control = __set_ctrl_sar(chan, L2CAP_SAR_CONTINUE);
2c03a7a4 1742 buflen = chan->remote_mps;
c74e560c 1743 } else {
7e0ef6ee 1744 control = __set_ctrl_sar(chan, L2CAP_SAR_END);
c74e560c
GP		 1745 buflen = len;
1746 }
1747
47d1ec61 1748 skb = l2cap_create_iframe_pdu(chan, msg, buflen, control, 0);
c74e560c
GP		 1749 if (IS_ERR(skb)) {
1750 skb_queue_purge(&sar_queue);
1751 return PTR_ERR(skb);
1752 }
1753
1754 __skb_queue_tail(&sar_queue, skb);
1755 len -= buflen;
1756 size += buflen;
c74e560c 1757 }
58d35f87
GP		 1758 skb_queue_splice_tail(&sar_queue, &chan->tx_q);
1759 if (chan->tx_send_head == NULL)
1760 chan->tx_send_head = sar_queue.next;
c74e560c
GP		 1761
1762 return size;
1763}
1764
5e59b791
LAD		 1765int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
1766 u32 priority)
9a91a04a 1767{
9a91a04a 1768 struct sk_buff *skb;
88843ab0 1769 u32 control;
9a91a04a
GP		 1770 int err;
1771
1772 /* Connectionless channel */
715ec005 1773 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
5e59b791 1774 skb = l2cap_create_connless_pdu(chan, msg, len, priority);
9a91a04a
GP		 1775 if (IS_ERR(skb))
1776 return PTR_ERR(skb);
1777
1778 l2cap_do_send(chan, skb);
1779 return len;
1780 }
1781
1782 switch (chan->mode) {
1783 case L2CAP_MODE_BASIC:
1784 /* Check outgoing MTU */
1785 if (len > chan->omtu)
1786 return -EMSGSIZE;
1787
1788 /* Create a basic PDU */
5e59b791 1789 skb = l2cap_create_basic_pdu(chan, msg, len, priority);
9a91a04a
GP		 1790 if (IS_ERR(skb))
1791 return PTR_ERR(skb);
1792
1793 l2cap_do_send(chan, skb);
1794 err = len;
1795 break;
1796
1797 case L2CAP_MODE_ERTM:
1798 case L2CAP_MODE_STREAMING:
1799 /* Entire SDU fits into one PDU */
1800 if (len <= chan->remote_mps) {
7e0ef6ee 1801 control = __set_ctrl_sar(chan, L2CAP_SAR_UNSEGMENTED);
9a91a04a
GP		 1802 skb = l2cap_create_iframe_pdu(chan, msg, len, control,
1803 0);
1804 if (IS_ERR(skb))
1805 return PTR_ERR(skb);
1806
1807 __skb_queue_tail(&chan->tx_q, skb);
1808
1809 if (chan->tx_send_head == NULL)
1810 chan->tx_send_head = skb;
1811
1812 } else {
1813 /* Segment SDU into multiples PDUs */
1814 err = l2cap_sar_segment_sdu(chan, msg, len);
1815 if (err < 0)
1816 return err;
1817 }
1818
1819 if (chan->mode == L2CAP_MODE_STREAMING) {
1820 l2cap_streaming_send(chan);
1821 err = len;
1822 break;
1823 }
1824
e2ab4353
GP		 1825 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
1826 test_bit(CONN_WAIT_F, &chan->conn_state)) {
9a91a04a
GP		 1827 err = len;
1828 break;
1829 }
1830
1831 err = l2cap_ertm_send(chan);
1832 if (err >= 0)
1833 err = len;
1834
1835 break;
1836
1837 default:
1838 BT_DBG("bad state %1.1x", chan->mode);
1839 err = -EBADFD;
1840 }
1841
1842 return err;
1843}
1844
1da177e4
LT		 1845/* Copy frame to all raw sockets on that connection */
1846static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1847{
1da177e4 1848 struct sk_buff *nskb;
48454079 1849 struct l2cap_chan *chan;
1da177e4
LT		 1850
1851 BT_DBG("conn %p", conn);
1852
3df91ea2 1853 mutex_lock(&conn->chan_lock);
3d57dc68 1854
3df91ea2 1855 list_for_each_entry(chan, &conn->chan_l, list) {
48454079 1856 struct sock *sk = chan->sk;
715ec005 1857 if (chan->chan_type != L2CAP_CHAN_RAW)
1da177e4
LT		 1858 continue;
1859
1860 /* Don't send frame to the socket it came from */
1861 if (skb->sk == sk)
1862 continue;
af05b30b
GP		 1863 nskb = skb_clone(skb, GFP_ATOMIC);
1864 if (!nskb)
1da177e4
LT		 1865 continue;
1866
23070494 1867 if (chan->ops->recv(chan->data, nskb))
1da177e4
LT		 1868 kfree_skb(nskb);
1869 }
3d57dc68 1870
3df91ea2 1871 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 1872}
1873
1874/* ---- L2CAP signalling commands ---- */
1875static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1876 u8 code, u8 ident, u16 dlen, void *data)
1877{
1878 struct sk_buff *skb, **frag;
1879 struct l2cap_cmd_hdr *cmd;
1880 struct l2cap_hdr *lh;
1881 int len, count;
1882
af05b30b
GP		 1883 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
1884 conn, code, ident, dlen);
1da177e4
LT		 1885
1886 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1887 count = min_t(unsigned int, conn->mtu, len);
1888
1889 skb = bt_skb_alloc(count, GFP_ATOMIC);
1890 if (!skb)
1891 return NULL;
1892
1893 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
aca3192c 1894 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
3300d9a9
CT		 1895
1896 if (conn->hcon->type == LE_LINK)
1897 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING);
1898 else
1899 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
1da177e4
LT		 1900
1901 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1902 cmd->code = code;
1903 cmd->ident = ident;
aca3192c 1904 cmd->len = cpu_to_le16(dlen);
1da177e4
LT		 1905
1906 if (dlen) {
1907 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1908 memcpy(skb_put(skb, count), data, count);
1909 data += count;
1910 }
1911
1912 len -= skb->len;
1913
1914 /* Continuation fragments (no L2CAP header) */
1915 frag = &skb_shinfo(skb)->frag_list;
1916 while (len) {
1917 count = min_t(unsigned int, conn->mtu, len);
1918
1919 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1920 if (!*frag)
1921 goto fail;
1922
1923 memcpy(skb_put(*frag, count), data, count);
1924
1925 len -= count;
1926 data += count;
1927
1928 frag = &(*frag)->next;
1929 }
1930
1931 return skb;
1932
1933fail:
1934 kfree_skb(skb);
1935 return NULL;
1936}
1937
1938static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1939{
1940 struct l2cap_conf_opt *opt = *ptr;
1941 int len;
1942
1943 len = L2CAP_CONF_OPT_SIZE + opt->len;
1944 *ptr += len;
1945
1946 *type = opt->type;
1947 *olen = opt->len;
1948
1949 switch (opt->len) {
1950 case 1:
1951 *val = *((u8 *) opt->val);
1952 break;
1953
1954 case 2:
bfaaeb3e 1955 *val = get_unaligned_le16(opt->val);
1da177e4
LT		 1956 break;
1957
1958 case 4:
bfaaeb3e 1959 *val = get_unaligned_le32(opt->val);
1da177e4
LT		 1960 break;
1961
1962 default:
1963 *val = (unsigned long) opt->val;
1964 break;
1965 }
1966
1967 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1968 return len;
1969}
1970
1da177e4
LT		 1971static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1972{
1973 struct l2cap_conf_opt *opt = *ptr;
1974
1975 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1976
1977 opt->type = type;
1978 opt->len = len;
1979
1980 switch (len) {
1981 case 1:
1982 *((u8 *) opt->val) = val;
1983 break;
1984
1985 case 2:
4f8b691c 1986 put_unaligned_le16(val, opt->val);
1da177e4
LT		 1987 break;
1988
1989 case 4:
4f8b691c 1990 put_unaligned_le32(val, opt->val);
1da177e4
LT		 1991 break;
1992
1993 default:
1994 memcpy(opt->val, (void *) val, len);
1995 break;
1996 }
1997
1998 *ptr += L2CAP_CONF_OPT_SIZE + len;
1999}
2000
f89cef09
AE		 2001static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
2002{
2003 struct l2cap_conf_efs efs;
2004
1ec918ce 2005 switch (chan->mode) {
f89cef09
AE		 2006 case L2CAP_MODE_ERTM:
2007 efs.id = chan->local_id;
2008 efs.stype = chan->local_stype;
2009 efs.msdu = cpu_to_le16(chan->local_msdu);
2010 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2011 efs.acc_lat = cpu_to_le32(L2CAP_DEFAULT_ACC_LAT);
2012 efs.flush_to = cpu_to_le32(L2CAP_DEFAULT_FLUSH_TO);
2013 break;
2014
2015 case L2CAP_MODE_STREAMING:
2016 efs.id = 1;
2017 efs.stype = L2CAP_SERV_BESTEFFORT;
2018 efs.msdu = cpu_to_le16(chan->local_msdu);
2019 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
2020 efs.acc_lat = 0;
2021 efs.flush_to = 0;
2022 break;
2023
2024 default:
2025 return;
2026 }
2027
2028 l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
2029 (unsigned long) &efs);
2030}
2031
721c4181 2032static void l2cap_ack_timeout(struct work_struct *work)
c1b4f43b 2033{
721c4181
GP		 2034 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
2035 ack_timer.work);
c1b4f43b 2036
2fb9b3d4
GP		 2037 BT_DBG("chan %p", chan);
2038
6be36555
AE		 2039 l2cap_chan_lock(chan);
2040
b17e73bb 2041 __l2cap_send_ack(chan);
6be36555
AE		 2042
2043 l2cap_chan_unlock(chan);
09bfb2ee
SJ		 2044
2045 l2cap_chan_put(chan);
c1b4f43b
GP		 2046}
2047
525cd185 2048static inline void l2cap_ertm_init(struct l2cap_chan *chan)
0565c1c2 2049{
42e5c802 2050 chan->expected_ack_seq = 0;
6a026610 2051 chan->unacked_frames = 0;
42e5c802 2052 chan->buffer_seq = 0;
6a026610
GP		 2053 chan->num_acked = 0;
2054 chan->frames_sent = 0;
0565c1c2 2055
721c4181
GP		 2056 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
2057 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
2058 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
0565c1c2 2059
f1c6775b 2060 skb_queue_head_init(&chan->srej_q);
1890d36b 2061
39d5a3ee 2062 INIT_LIST_HEAD(&chan->srej_l);
0565c1c2
GP		 2063}
2064
f2fcfcd6
GP		 2065static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2066{
2067 switch (mode) {
2068 case L2CAP_MODE_STREAMING:
2069 case L2CAP_MODE_ERTM:
2070 if (l2cap_mode_supported(mode, remote_feat_mask))
2071 return mode;
2072 /* fall through */
2073 default:
2074 return L2CAP_MODE_BASIC;
2075 }
2076}
2077
6327eb98
AE		 2078static inline bool __l2cap_ews_supported(struct l2cap_chan *chan)
2079{
2080 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
2081}
2082
f89cef09
AE		 2083static inline bool __l2cap_efs_supported(struct l2cap_chan *chan)
2084{
2085 return enable_hs && chan->conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
2086}
2087
6327eb98
AE		 2088static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
2089{
2090 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
836be934 2091 __l2cap_ews_supported(chan)) {
6327eb98
AE		 2092 /* use extended control field */
2093 set_bit(FLAG_EXT_CTRL, &chan->flags);
836be934
AE		 2094 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
2095 } else {
6327eb98
AE		 2096 chan->tx_win = min_t(u16, chan->tx_win,
2097 L2CAP_DEFAULT_TX_WINDOW);
836be934
AE		 2098 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
2099 }
6327eb98
AE		 2100}
2101
710f9b0a 2102static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2103{
1da177e4 2104 struct l2cap_conf_req *req = data;
0c1bc5c6 2105 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
1da177e4 2106 void *ptr = req->data;
c8f79162 2107 u16 size;
1da177e4 2108
49208c9c 2109 BT_DBG("chan %p", chan);
1da177e4 2110
73ffa904 2111 if (chan->num_conf_req || chan->num_conf_rsp)
f2fcfcd6
GP		 2112 goto done;
2113
0c1bc5c6 2114 switch (chan->mode) {
f2fcfcd6
GP		 2115 case L2CAP_MODE_STREAMING:
2116 case L2CAP_MODE_ERTM:
c1360a1c 2117 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
85eb53c6 2118 break;
85eb53c6 2119
f89cef09
AE		 2120 if (__l2cap_efs_supported(chan))
2121 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2122
2ba13ed6 2123 /* fall through */
f2fcfcd6 2124 default:
8c1d787b 2125 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
f2fcfcd6
GP		 2126 break;
2127 }
2128
2129done:
0c1bc5c6
GP		 2130 if (chan->imtu != L2CAP_DEFAULT_MTU)
2131 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
7990681c 2132
0c1bc5c6 2133 switch (chan->mode) {
65c7c491 2134 case L2CAP_MODE_BASIC:
8c1d787b
GP		 2135 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2136 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
63406504
GP		 2137 break;
2138
62547752
GP		 2139 rfc.mode = L2CAP_MODE_BASIC;
2140 rfc.txwin_size = 0;
2141 rfc.max_transmit = 0;
2142 rfc.retrans_timeout = 0;
2143 rfc.monitor_timeout = 0;
2144 rfc.max_pdu_size = 0;
2145
63406504
GP		 2146 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2147 (unsigned long) &rfc);
65c7c491
MH		 2148 break;
2149
2150 case L2CAP_MODE_ERTM:
2151 rfc.mode = L2CAP_MODE_ERTM;
47d1ec61 2152 rfc.max_transmit = chan->max_tx;
f2fcfcd6
GP		 2153 rfc.retrans_timeout = 0;
2154 rfc.monitor_timeout = 0;
c8f79162
AE		 2155
2156 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2157 L2CAP_EXT_HDR_SIZE -
2158 L2CAP_SDULEN_SIZE -
2159 L2CAP_FCS_SIZE);
2160 rfc.max_pdu_size = cpu_to_le16(size);
f2fcfcd6 2161
6327eb98
AE		 2162 l2cap_txwin_setup(chan);
2163
2164 rfc.txwin_size = min_t(u16, chan->tx_win,
2165 L2CAP_DEFAULT_TX_WINDOW);
f2fcfcd6 2166
63406504
GP		 2167 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2168 (unsigned long) &rfc);
2169
f89cef09
AE		 2170 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2171 l2cap_add_opt_efs(&ptr, chan);
2172
8c1d787b 2173 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2174 break;
2175
47d1ec61 2176 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2177 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2178 chan->fcs = L2CAP_FCS_NONE;
2179 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2180 }
6327eb98
AE		 2181
2182 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2183 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2184 chan->tx_win);
f2fcfcd6
GP		 2185 break;
2186
2187 case L2CAP_MODE_STREAMING:
2188 rfc.mode = L2CAP_MODE_STREAMING;
2189 rfc.txwin_size = 0;
2190 rfc.max_transmit = 0;
2191 rfc.retrans_timeout = 0;
2192 rfc.monitor_timeout = 0;
c8f79162
AE		 2193
2194 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
2195 L2CAP_EXT_HDR_SIZE -
2196 L2CAP_SDULEN_SIZE -
2197 L2CAP_FCS_SIZE);
2198 rfc.max_pdu_size = cpu_to_le16(size);
65c7c491 2199
63406504
GP		 2200 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2201 (unsigned long) &rfc);
2202
f89cef09
AE		 2203 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
2204 l2cap_add_opt_efs(&ptr, chan);
2205
8c1d787b 2206 if (!(chan->conn->feat_mask & L2CAP_FEAT_FCS))
fcc203c3
GP		 2207 break;
2208
47d1ec61 2209 if (chan->fcs == L2CAP_FCS_NONE ||
c1360a1c 2210 test_bit(CONF_NO_FCS_RECV, &chan->conf_state)) {
47d1ec61
GP		 2211 chan->fcs = L2CAP_FCS_NONE;
2212 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, chan->fcs);
fcc203c3 2213 }
65c7c491
MH		 2214 break;
2215 }
1da177e4 2216
fe4128e0 2217 req->dcid = cpu_to_le16(chan->dcid);
aca3192c 2218 req->flags = cpu_to_le16(0);
1da177e4
LT		 2219
2220 return ptr - data;
2221}
2222
73ffa904 2223static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
1da177e4 2224{
5dee9e7c
MH		 2225 struct l2cap_conf_rsp *rsp = data;
2226 void *ptr = rsp->data;
73ffa904
GP		 2227 void *req = chan->conf_req;
2228 int len = chan->conf_len;
5dee9e7c
MH		 2229 int type, hint, olen;
2230 unsigned long val;
6464f35f 2231 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
42dceae2
AE		 2232 struct l2cap_conf_efs efs;
2233 u8 remote_efs = 0;
861d6882 2234 u16 mtu = L2CAP_DEFAULT_MTU;
5dee9e7c 2235 u16 result = L2CAP_CONF_SUCCESS;
c8f79162 2236 u16 size;
1da177e4 2237
73ffa904 2238 BT_DBG("chan %p", chan);
820ae1b8 2239
5dee9e7c
MH		 2240 while (len >= L2CAP_CONF_OPT_SIZE) {
2241 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
1da177e4 2242
589d2746 2243 hint = type & L2CAP_CONF_HINT;
47ec1dcd 2244 type &= L2CAP_CONF_MASK;
5dee9e7c
MH		 2245
2246 switch (type) {
2247 case L2CAP_CONF_MTU:
861d6882 2248 mtu = val;
5dee9e7c
MH		 2249 break;
2250
2251 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2252 chan->flush_to = val;
5dee9e7c
MH		 2253 break;
2254
2255 case L2CAP_CONF_QOS:
2256 break;
2257
6464f35f
MH		 2258 case L2CAP_CONF_RFC:
2259 if (olen == sizeof(rfc))
2260 memcpy(&rfc, (void *) val, olen);
2261 break;
2262
fcc203c3
GP		 2263 case L2CAP_CONF_FCS:
2264 if (val == L2CAP_FCS_NONE)
c1360a1c 2265 set_bit(CONF_NO_FCS_RECV, &chan->conf_state);
42dceae2 2266 break;
fcc203c3 2267
42dceae2
AE		 2268 case L2CAP_CONF_EFS:
2269 remote_efs = 1;
2270 if (olen == sizeof(efs))
2271 memcpy(&efs, (void *) val, olen);
fcc203c3
GP		 2272 break;
2273
6327eb98
AE		 2274 case L2CAP_CONF_EWS:
2275 if (!enable_hs)
2276 return -ECONNREFUSED;
fcc203c3 2277
6327eb98
AE		 2278 set_bit(FLAG_EXT_CTRL, &chan->flags);
2279 set_bit(CONF_EWS_RECV, &chan->conf_state);
836be934 2280 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
6327eb98 2281 chan->remote_tx_win = val;
fcc203c3
GP		 2282 break;
2283
5dee9e7c
MH		 2284 default:
2285 if (hint)
2286 break;
2287
2288 result = L2CAP_CONF_UNKNOWN;
2289 *((u8 *) ptr++) = type;
2290 break;
2291 }
2292 }
2293
73ffa904 2294 if (chan->num_conf_rsp || chan->num_conf_req > 1)
f2fcfcd6
GP		 2295 goto done;
2296
0c1bc5c6 2297 switch (chan->mode) {
f2fcfcd6
GP		 2298 case L2CAP_MODE_STREAMING:
2299 case L2CAP_MODE_ERTM:
c1360a1c 2300 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
0c1bc5c6 2301 chan->mode = l2cap_select_mode(rfc.mode,
8c1d787b 2302 chan->conn->feat_mask);
85eb53c6
GP		 2303 break;
2304 }
2305
42dceae2
AE		 2306 if (remote_efs) {
2307 if (__l2cap_efs_supported(chan))
2308 set_bit(FLAG_EFS_ENABLE, &chan->flags);
2309 else
2310 return -ECONNREFUSED;
2311 }
2312
0c1bc5c6 2313 if (chan->mode != rfc.mode)
f2fcfcd6 2314 return -ECONNREFUSED;
742e519b 2315
f2fcfcd6 2316 break;
f2fcfcd6
GP		 2317 }
2318
2319done:
0c1bc5c6 2320 if (chan->mode != rfc.mode) {
f2fcfcd6 2321 result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2322 rfc.mode = chan->mode;
f2fcfcd6 2323
73ffa904 2324 if (chan->num_conf_rsp == 1)
f2fcfcd6
GP		 2325 return -ECONNREFUSED;
2326
2327 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2328 sizeof(rfc), (unsigned long) &rfc);
2329 }
2330
5dee9e7c
MH		 2331 if (result == L2CAP_CONF_SUCCESS) {
2332 /* Configure output options and let the other side know
2333 * which ones we don't like. */
2334
f2fcfcd6
GP		 2335 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2336 result = L2CAP_CONF_UNACCEPT;
2337 else {
0c1bc5c6 2338 chan->omtu = mtu;
c1360a1c 2339 set_bit(CONF_MTU_DONE, &chan->conf_state);
f2fcfcd6 2340 }
0c1bc5c6 2341 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
6464f35f 2342
42dceae2
AE		 2343 if (remote_efs) {
2344 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2345 efs.stype != L2CAP_SERV_NOTRAFIC &&
2346 efs.stype != chan->local_stype) {
2347
2348 result = L2CAP_CONF_UNACCEPT;
2349
2350 if (chan->num_conf_req >= 1)
2351 return -ECONNREFUSED;
2352
2353 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
3e6b3b95 2354 sizeof(efs),
42dceae2 2355 (unsigned long) &efs);
0e8b207e 2356 } else {
3e6b3b95 2357 /* Send PENDING Conf Rsp */
0e8b207e
AE		 2358 result = L2CAP_CONF_PENDING;
2359 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
42dceae2
AE		 2360 }
2361 }
2362
f2fcfcd6
GP		 2363 switch (rfc.mode) {
2364 case L2CAP_MODE_BASIC:
47d1ec61 2365 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2366 set_bit(CONF_MODE_DONE, &chan->conf_state);
f2fcfcd6
GP		 2367 break;
2368
2369 case L2CAP_MODE_ERTM:
6327eb98
AE		 2370 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
2371 chan->remote_tx_win = rfc.txwin_size;
2372 else
2373 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
86b1b263 2374
2c03a7a4 2375 chan->remote_max_tx = rfc.max_transmit;
1c762159 2376
c8f79162
AE		 2377 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2378 chan->conn->mtu -
2379 L2CAP_EXT_HDR_SIZE -
2380 L2CAP_SDULEN_SIZE -
2381 L2CAP_FCS_SIZE);
2382 rfc.max_pdu_size = cpu_to_le16(size);
2383 chan->remote_mps = size;
f2fcfcd6 2384
10467e9e 2385 rfc.retrans_timeout =
4fd21a88 2386 __constant_cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
10467e9e 2387 rfc.monitor_timeout =
4fd21a88 2388 __constant_cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
f2fcfcd6 2389
c1360a1c 2390 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2391
2392 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2393 sizeof(rfc), (unsigned long) &rfc);
2394
42dceae2
AE		 2395 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2396 chan->remote_id = efs.id;
2397 chan->remote_stype = efs.stype;
2398 chan->remote_msdu = le16_to_cpu(efs.msdu);
2399 chan->remote_flush_to =
2400 le32_to_cpu(efs.flush_to);
2401 chan->remote_acc_lat =
2402 le32_to_cpu(efs.acc_lat);
2403 chan->remote_sdu_itime =
2404 le32_to_cpu(efs.sdu_itime);
2405 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2406 sizeof(efs), (unsigned long) &efs);
2407 }
f2fcfcd6
GP		 2408 break;
2409
2410 case L2CAP_MODE_STREAMING:
c8f79162
AE		 2411 size = min_t(u16, le16_to_cpu(rfc.max_pdu_size),
2412 chan->conn->mtu -
2413 L2CAP_EXT_HDR_SIZE -
2414 L2CAP_SDULEN_SIZE -
2415 L2CAP_FCS_SIZE);
2416 rfc.max_pdu_size = cpu_to_le16(size);
2417 chan->remote_mps = size;
f2fcfcd6 2418
c1360a1c 2419 set_bit(CONF_MODE_DONE, &chan->conf_state);
68ae6639
GP		 2420
2421 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2422 sizeof(rfc), (unsigned long) &rfc);
2423
f2fcfcd6
GP		 2424 break;
2425
2426 default:
5dee9e7c 2427 result = L2CAP_CONF_UNACCEPT;
5dee9e7c 2428
6464f35f 2429 memset(&rfc, 0, sizeof(rfc));
0c1bc5c6 2430 rfc.mode = chan->mode;
f2fcfcd6 2431 }
6464f35f 2432
f2fcfcd6 2433 if (result == L2CAP_CONF_SUCCESS)
c1360a1c 2434 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
f2fcfcd6 2435 }
fe4128e0 2436 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c
MH		 2437 rsp->result = cpu_to_le16(result);
2438 rsp->flags = cpu_to_le16(0x0000);
2439
2440 return ptr - data;
1da177e4
LT		 2441}
2442
b4450035 2443static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, void *data, u16 *result)
f2fcfcd6 2444{
f2fcfcd6
GP		 2445 struct l2cap_conf_req *req = data;
2446 void *ptr = req->data;
2447 int type, olen;
2448 unsigned long val;
36e999a8 2449 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
66af7aaf 2450 struct l2cap_conf_efs efs;
f2fcfcd6 2451
fe4128e0 2452 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
f2fcfcd6
GP		 2453
2454 while (len >= L2CAP_CONF_OPT_SIZE) {
2455 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2456
2457 switch (type) {
2458 case L2CAP_CONF_MTU:
2459 if (val < L2CAP_DEFAULT_MIN_MTU) {
2460 *result = L2CAP_CONF_UNACCEPT;
0c1bc5c6 2461 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
f2fcfcd6 2462 } else
0c1bc5c6
GP		 2463 chan->imtu = val;
2464 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
f2fcfcd6
GP		 2465 break;
2466
2467 case L2CAP_CONF_FLUSH_TO:
0c1bc5c6 2468 chan->flush_to = val;
f2fcfcd6 2469 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
0c1bc5c6 2470 2, chan->flush_to);
f2fcfcd6
GP		 2471 break;
2472
2473 case L2CAP_CONF_RFC:
2474 if (olen == sizeof(rfc))
2475 memcpy(&rfc, (void *)val, olen);
2476
c1360a1c 2477 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
0c1bc5c6 2478 rfc.mode != chan->mode)
f2fcfcd6
GP		 2479 return -ECONNREFUSED;
2480
47d1ec61 2481 chan->fcs = 0;
f2fcfcd6
GP		 2482
2483 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2484 sizeof(rfc), (unsigned long) &rfc);
2485 break;
6327eb98
AE		 2486
2487 case L2CAP_CONF_EWS:
2488 chan->tx_win = min_t(u16, val,
2489 L2CAP_DEFAULT_EXT_WINDOW);
3e6b3b95
GP		 2490 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
2491 chan->tx_win);
6327eb98 2492 break;
66af7aaf
AE		 2493
2494 case L2CAP_CONF_EFS:
2495 if (olen == sizeof(efs))
2496 memcpy(&efs, (void *)val, olen);
2497
2498 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
2499 efs.stype != L2CAP_SERV_NOTRAFIC &&
2500 efs.stype != chan->local_stype)
2501 return -ECONNREFUSED;
2502
2503 l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
2504 sizeof(efs), (unsigned long) &efs);
2505 break;
f2fcfcd6
GP		 2506 }
2507 }
2508
0c1bc5c6 2509 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
6c2ea7a8
GP		 2510 return -ECONNREFUSED;
2511
0c1bc5c6 2512 chan->mode = rfc.mode;
6c2ea7a8 2513
0e8b207e 2514 if (*result == L2CAP_CONF_SUCCESS || *result == L2CAP_CONF_PENDING) {
f2fcfcd6
GP		 2515 switch (rfc.mode) {
2516 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2517 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2518 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2519 chan->mps = le16_to_cpu(rfc.max_pdu_size);
66af7aaf
AE		 2520
2521 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
2522 chan->local_msdu = le16_to_cpu(efs.msdu);
2523 chan->local_sdu_itime =
2524 le32_to_cpu(efs.sdu_itime);
2525 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
2526 chan->local_flush_to =
2527 le32_to_cpu(efs.flush_to);
2528 }
f2fcfcd6 2529 break;
66af7aaf 2530
f2fcfcd6 2531 case L2CAP_MODE_STREAMING:
47d1ec61 2532 chan->mps = le16_to_cpu(rfc.max_pdu_size);
f2fcfcd6
GP		 2533 }
2534 }
2535
fe4128e0 2536 req->dcid = cpu_to_le16(chan->dcid);
f2fcfcd6
GP		 2537 req->flags = cpu_to_le16(0x0000);
2538
2539 return ptr - data;
2540}
2541
fe4128e0 2542static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data, u16 result, u16 flags)
1da177e4
LT		 2543{
2544 struct l2cap_conf_rsp *rsp = data;
2545 void *ptr = rsp->data;
1da177e4 2546
fe4128e0 2547 BT_DBG("chan %p", chan);
1da177e4 2548
fe4128e0 2549 rsp->scid = cpu_to_le16(chan->dcid);
5dee9e7c 2550 rsp->result = cpu_to_le16(result);
aca3192c 2551 rsp->flags = cpu_to_le16(flags);
1da177e4
LT		 2552
2553 return ptr - data;
2554}
2555
8c1d787b 2556void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
710f9b0a
GP		 2557{
2558 struct l2cap_conn_rsp rsp;
8c1d787b 2559 struct l2cap_conn *conn = chan->conn;
710f9b0a
GP		 2560 u8 buf[128];
2561
fe4128e0
GP		 2562 rsp.scid = cpu_to_le16(chan->dcid);
2563 rsp.dcid = cpu_to_le16(chan->scid);
710f9b0a
GP		 2564 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
2565 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
2566 l2cap_send_cmd(conn, chan->ident,
2567 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2568
c1360a1c 2569 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
710f9b0a
GP		 2570 return;
2571
710f9b0a
GP		 2572 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2573 l2cap_build_conf_req(chan, buf), buf);
2574 chan->num_conf_req++;
2575}
2576
47d1ec61 2577static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
7b1c0049 2578{
7b1c0049
GP		 2579 int type, olen;
2580 unsigned long val;
2581 struct l2cap_conf_rfc rfc;
2582
47d1ec61 2583 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
7b1c0049 2584
0c1bc5c6 2585 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
7b1c0049
GP		 2586 return;
2587
2588 while (len >= L2CAP_CONF_OPT_SIZE) {
2589 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2590
2591 switch (type) {
2592 case L2CAP_CONF_RFC:
2593 if (olen == sizeof(rfc))
2594 memcpy(&rfc, (void *)val, olen);
2595 goto done;
2596 }
2597 }
2598
36e999a8
MM		 2599 /* Use sane default values in case a misbehaving remote device
2600 * did not send an RFC option.
2601 */
2602 rfc.mode = chan->mode;
2603 rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO);
2604 rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO);
2605 rfc.max_pdu_size = cpu_to_le16(chan->imtu);
2606
2607 BT_ERR("Expected RFC option was not found, using defaults");
2608
7b1c0049
GP		 2609done:
2610 switch (rfc.mode) {
2611 case L2CAP_MODE_ERTM:
47d1ec61
GP		 2612 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2613 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2614 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2615 break;
2616 case L2CAP_MODE_STREAMING:
47d1ec61 2617 chan->mps = le16_to_cpu(rfc.max_pdu_size);
7b1c0049
GP		 2618 }
2619}
2620
4e8402a3
MH		 2621static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2622{
e2fd318e 2623 struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
4e8402a3 2624
e2fd318e 2625 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
4e8402a3
MH		 2626 return 0;
2627
2628 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2629 cmd->ident == conn->info_ident) {
17cd3f37 2630 cancel_delayed_work(&conn->info_timer);
984947dc
MH		 2631
2632 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 2633 conn->info_ident = 0;
984947dc 2634
4e8402a3
MH		 2635 l2cap_conn_start(conn);
2636 }
2637
2638 return 0;
2639}
2640
1da177e4
LT		 2641static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2642{
1da177e4
LT		 2643 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2644 struct l2cap_conn_rsp rsp;
23691d75 2645 struct l2cap_chan *chan = NULL, *pchan;
d793fe8c 2646 struct sock *parent, *sk = NULL;
e7c29cb1 2647 int result, status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2648
2649 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
e7c29cb1 2650 __le16 psm = req->psm;
1da177e4 2651
097db76c 2652 BT_DBG("psm 0x%2.2x scid 0x%4.4x", __le16_to_cpu(psm), scid);
1da177e4
LT		 2653
2654 /* Check if we have socket listening on psm */
23691d75
GP		 2655 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, conn->src);
2656 if (!pchan) {
1da177e4
LT		 2657 result = L2CAP_CR_BAD_PSM;
2658 goto sendresp;
2659 }
2660
23691d75
GP		 2661 parent = pchan->sk;
2662
3df91ea2 2663 mutex_lock(&conn->chan_lock);
aa2ac881 2664 lock_sock(parent);
e0f0cb56 2665
e7c29cb1
MH		 2666 /* Check if the ACL is secure enough (if not SDP) */
2667 if (psm != cpu_to_le16(0x0001) &&
2668 !hci_conn_check_link_mode(conn->hcon)) {
9f5a0d7b 2669 conn->disc_reason = HCI_ERROR_AUTH_FAILURE;
e7c29cb1
MH		 2670 result = L2CAP_CR_SEC_BLOCK;
2671 goto response;
2672 }
2673
1da177e4
LT		 2674 result = L2CAP_CR_NO_MEM;
2675
2676 /* Check for backlog size */
2677 if (sk_acceptq_is_full(parent)) {
8e87d142 2678 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1da177e4
LT		 2679 goto response;
2680 }
2681
80808e43
GP		 2682 chan = pchan->ops->new_connection(pchan->data);
2683 if (!chan)
1da177e4
LT		 2684 goto response;
2685
80808e43
GP		 2686 sk = chan->sk;
2687
1da177e4 2688 /* Check if we already have channel with that dcid */
baa7e1fa 2689 if (__l2cap_get_chan_by_dcid(conn, scid)) {
1da177e4 2690 sock_set_flag(sk, SOCK_ZAPPED);
ba3bd0ee 2691 chan->ops->close(chan->data);
1da177e4
LT		 2692 goto response;
2693 }
2694
2695 hci_conn_hold(conn->hcon);
2696
1da177e4
LT		 2697 bacpy(&bt_sk(sk)->src, conn->src);
2698 bacpy(&bt_sk(sk)->dst, conn->dst);
fe4128e0
GP		 2699 chan->psm = psm;
2700 chan->dcid = scid;
1da177e4 2701
d1010240
GP		 2702 bt_accept_enqueue(parent, sk);
2703
6be36555 2704 __l2cap_chan_add(conn, chan);
48454079 2705
fe4128e0 2706 dcid = chan->scid;
1da177e4 2707
c9b66675 2708 __set_chan_timer(chan, sk->sk_sndtimeo);
1da177e4 2709
fc7f8a7e 2710 chan->ident = cmd->ident;
1da177e4 2711
984947dc 2712 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
d45fc423 2713 if (l2cap_chan_check_security(chan)) {
f66dc81f 2714 if (bt_sk(sk)->defer_setup) {
0e587be7 2715 __l2cap_state_change(chan, BT_CONNECT2);
f66dc81f
MH		 2716 result = L2CAP_CR_PEND;
2717 status = L2CAP_CS_AUTHOR_PEND;
2718 parent->sk_data_ready(parent, 0);
2719 } else {
0e587be7 2720 __l2cap_state_change(chan, BT_CONFIG);
f66dc81f
MH		 2721 result = L2CAP_CR_SUCCESS;
2722 status = L2CAP_CS_NO_INFO;
2723 }
79d554a6 2724 } else {
0e587be7 2725 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2726 result = L2CAP_CR_PEND;
2727 status = L2CAP_CS_AUTHEN_PEND;
2728 }
2729 } else {
0e587be7 2730 __l2cap_state_change(chan, BT_CONNECT2);
79d554a6
MH		 2731 result = L2CAP_CR_PEND;
2732 status = L2CAP_CS_NO_INFO;
1da177e4
LT		 2733 }
2734
1da177e4 2735response:
aa2ac881 2736 release_sock(parent);
3df91ea2 2737 mutex_unlock(&conn->chan_lock);
1da177e4
LT		 2738
2739sendresp:
aca3192c
YH		 2740 rsp.scid = cpu_to_le16(scid);
2741 rsp.dcid = cpu_to_le16(dcid);
2742 rsp.result = cpu_to_le16(result);
2743 rsp.status = cpu_to_le16(status);
1da177e4 2744 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
79d554a6
MH		 2745
2746 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2747 struct l2cap_info_req info;
2748 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2749
2750 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2751 conn->info_ident = l2cap_get_ident(conn);
2752
ba13ccd9 2753 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT);
79d554a6
MH		 2754
2755 l2cap_send_cmd(conn, conn->info_ident,
2756 L2CAP_INFO_REQ, sizeof(info), &info);
2757 }
2758
c1360a1c 2759 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
e9aeb2dd
GP		 2760 result == L2CAP_CR_SUCCESS) {
2761 u8 buf[128];
c1360a1c 2762 set_bit(CONF_REQ_SENT, &chan->conf_state);
e9aeb2dd 2763 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2764 l2cap_build_conf_req(chan, buf), buf);
2765 chan->num_conf_req++;
e9aeb2dd
GP		 2766 }
2767
1da177e4
LT		 2768 return 0;
2769}
2770
2771static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2772{
2773 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2774 u16 scid, dcid, result, status;
48454079 2775 struct l2cap_chan *chan;
1da177e4 2776 u8 req[128];
3df91ea2 2777 int err;
1da177e4
LT		 2778
2779 scid = __le16_to_cpu(rsp->scid);
2780 dcid = __le16_to_cpu(rsp->dcid);
2781 result = __le16_to_cpu(rsp->result);
2782 status = __le16_to_cpu(rsp->status);
2783
1b009c98
AE		 2784 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
2785 dcid, scid, result, status);
1da177e4 2786
3df91ea2
AE		 2787 mutex_lock(&conn->chan_lock);
2788
1da177e4 2789 if (scid) {
3df91ea2
AE		 2790 chan = __l2cap_get_chan_by_scid(conn, scid);
2791 if (!chan) {
2792 err = -EFAULT;
2793 goto unlock;
2794 }
1da177e4 2795 } else {
3df91ea2
AE		 2796 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
2797 if (!chan) {
2798 err = -EFAULT;
2799 goto unlock;
2800 }
1da177e4
LT		 2801 }
2802
3df91ea2
AE		 2803 err = 0;
2804
6be36555 2805 l2cap_chan_lock(chan);
48454079 2806
1da177e4
LT		 2807 switch (result) {
2808 case L2CAP_CR_SUCCESS:
89bc500e 2809 l2cap_state_change(chan, BT_CONFIG);
fc7f8a7e 2810 chan->ident = 0;
fe4128e0 2811 chan->dcid = dcid;
c1360a1c 2812 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
6a8d3010 2813
c1360a1c 2814 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
e9aeb2dd
GP		 2815 break;
2816
1da177e4 2817 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2818 l2cap_build_conf_req(chan, req), req);
2819 chan->num_conf_req++;
1da177e4
LT		 2820 break;
2821
2822 case L2CAP_CR_PEND:
c1360a1c 2823 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1da177e4
LT		 2824 break;
2825
2826 default:
48454079 2827 l2cap_chan_del(chan, ECONNREFUSED);
1da177e4
LT		 2828 break;
2829 }
2830
6be36555 2831 l2cap_chan_unlock(chan);
3df91ea2
AE		 2832
2833unlock:
2834 mutex_unlock(&conn->chan_lock);
2835
2836 return err;
1da177e4
LT		 2837}
2838
47d1ec61 2839static inline void set_default_fcs(struct l2cap_chan *chan)
8c462b60
MM		 2840{
2841 /* FCS is enabled only in ERTM or streaming mode, if one or both
2842 * sides request it.
2843 */
0c1bc5c6 2844 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
47d1ec61 2845 chan->fcs = L2CAP_FCS_NONE;
c1360a1c 2846 else if (!test_bit(CONF_NO_FCS_RECV, &chan->conf_state))
47d1ec61 2847 chan->fcs = L2CAP_FCS_CRC16;
8c462b60
MM		 2848}
2849
88219a0f 2850static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
1da177e4
LT		 2851{
2852 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2853 u16 dcid, flags;
2854 u8 rsp[64];
48454079 2855 struct l2cap_chan *chan;
5dee9e7c 2856 int len;
1da177e4
LT		 2857
2858 dcid = __le16_to_cpu(req->dcid);
2859 flags = __le16_to_cpu(req->flags);
2860
2861 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2862
baa7e1fa 2863 chan = l2cap_get_chan_by_scid(conn, dcid);
48454079 2864 if (!chan)
1da177e4
LT		 2865 return -ENOENT;
2866
6be36555 2867 l2cap_chan_lock(chan);
48454079 2868
033b1142 2869 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) {
e2fd318e
IK		 2870 struct l2cap_cmd_rej_cid rej;
2871
2872 rej.reason = cpu_to_le16(L2CAP_REJ_INVALID_CID);
2873 rej.scid = cpu_to_le16(chan->scid);
2874 rej.dcid = cpu_to_le16(chan->dcid);
df6bd743 2875
df6bd743
GP		 2876 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
2877 sizeof(rej), &rej);
354f60a9 2878 goto unlock;
df6bd743 2879 }
354f60a9 2880
5dee9e7c 2881 /* Reject if config buffer is too small. */
88219a0f 2882 len = cmd_len - sizeof(*req);
7ac28817 2883 if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
5dee9e7c 2884 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2885 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c
MH		 2886 L2CAP_CONF_REJECT, flags), rsp);
2887 goto unlock;
2888 }
2889
2890 /* Store config. */
73ffa904
GP		 2891 memcpy(chan->conf_req + chan->conf_len, req->data, len);
2892 chan->conf_len += len;
1da177e4
LT		 2893
2894 if (flags & 0x0001) {
2895 /* Incomplete config. Send empty response. */
2896 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
fe4128e0 2897 l2cap_build_conf_rsp(chan, rsp,
5dee9e7c 2898 L2CAP_CONF_SUCCESS, 0x0001), rsp);
1da177e4
LT		 2899 goto unlock;
2900 }
2901
2902 /* Complete config. */
73ffa904 2903 len = l2cap_parse_conf_req(chan, rsp);
f2fcfcd6 2904 if (len < 0) {
e92c8e70 2905 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4 2906 goto unlock;
f2fcfcd6 2907 }
1da177e4 2908
5dee9e7c 2909 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
73ffa904 2910 chan->num_conf_rsp++;
5dee9e7c 2911
5dee9e7c 2912 /* Reset config buffer. */
73ffa904 2913 chan->conf_len = 0;
5dee9e7c 2914
c1360a1c 2915 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
876d9484
MH		 2916 goto unlock;
2917
c1360a1c 2918 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
47d1ec61 2919 set_default_fcs(chan);
fcc203c3 2920
89bc500e 2921 l2cap_state_change(chan, BT_CONNECTED);
e90bac06 2922
42e5c802
GP		 2923 chan->next_tx_seq = 0;
2924 chan->expected_tx_seq = 0;
58d35f87 2925 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 2926 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 2927 l2cap_ertm_init(chan);
0565c1c2 2928
cf4cd009 2929 l2cap_chan_ready(chan);
876d9484
MH		 2930 goto unlock;
2931 }
2932
c1360a1c 2933 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
79d554a6 2934 u8 buf[64];
1da177e4 2935 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
73ffa904
GP		 2936 l2cap_build_conf_req(chan, buf), buf);
2937 chan->num_conf_req++;
1da177e4
LT		 2938 }
2939
0e8b207e
AE		 2940 /* Got Conf Rsp PENDING from remote side and asume we sent
2941 Conf Rsp PENDING in the code above */
2942 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
2943 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2944
2945 /* check compatibility */
2946
2947 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
2948 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
2949
2950 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 2951 l2cap_build_conf_rsp(chan, rsp,
0e8b207e
AE		 2952 L2CAP_CONF_SUCCESS, 0x0000), rsp);
2953 }
2954
1da177e4 2955unlock:
6be36555 2956 l2cap_chan_unlock(chan);
1da177e4
LT		 2957 return 0;
2958}
2959
2960static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2961{
2962 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2963 u16 scid, flags, result;
48454079 2964 struct l2cap_chan *chan;
61386cba 2965 int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
1da177e4
LT		 2966
2967 scid = __le16_to_cpu(rsp->scid);
2968 flags = __le16_to_cpu(rsp->flags);
2969 result = __le16_to_cpu(rsp->result);
2970
61386cba
AE		 2971 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x len %d", scid, flags,
2972 result, len);
1da177e4 2973
baa7e1fa 2974 chan = l2cap_get_chan_by_scid(conn, scid);
48454079 2975 if (!chan)
1da177e4
LT		 2976 return 0;
2977
6be36555 2978 l2cap_chan_lock(chan);
48454079 2979
1da177e4
LT		 2980 switch (result) {
2981 case L2CAP_CONF_SUCCESS:
47d1ec61 2982 l2cap_conf_rfc_get(chan, rsp->data, len);
0e8b207e 2983 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
1da177e4
LT		 2984 break;
2985
0e8b207e
AE		 2986 case L2CAP_CONF_PENDING:
2987 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
2988
2989 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
2990 char buf[64];
2991
2992 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
2993 buf, &result);
2994 if (len < 0) {
2995 l2cap_send_disconn_req(conn, chan, ECONNRESET);
2996 goto done;
2997 }
2998
2999 /* check compatibility */
3000
3001 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3002 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3003
3004 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3e6b3b95 3005 l2cap_build_conf_rsp(chan, buf,
0e8b207e
AE		 3006 L2CAP_CONF_SUCCESS, 0x0000), buf);
3007 }
3008 goto done;
3009
1da177e4 3010 case L2CAP_CONF_UNACCEPT:
73ffa904 3011 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
f2fcfcd6
GP		 3012 char req[64];
3013
c2c77ec8 3014 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
e92c8e70 3015 l2cap_send_disconn_req(conn, chan, ECONNRESET);
c2c77ec8
AE		 3016 goto done;
3017 }
3018
f2fcfcd6
GP		 3019 /* throw out any old stored conf requests */
3020 result = L2CAP_CONF_SUCCESS;
b4450035
GP		 3021 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
3022 req, &result);
f2fcfcd6 3023 if (len < 0) {
e92c8e70 3024 l2cap_send_disconn_req(conn, chan, ECONNRESET);
f2fcfcd6
GP		 3025 goto done;
3026 }
3027
3028 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3029 L2CAP_CONF_REQ, len, req);
73ffa904 3030 chan->num_conf_req++;
f2fcfcd6
GP		 3031 if (result != L2CAP_CONF_SUCCESS)
3032 goto done;
3033 break;
1da177e4
LT		 3034 }
3035
8e87d142 3036 default:
6be36555 3037 l2cap_chan_set_err(chan, ECONNRESET);
2e0052e4 3038
ba13ccd9 3039 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
e92c8e70 3040 l2cap_send_disconn_req(conn, chan, ECONNRESET);
1da177e4
LT		 3041 goto done;
3042 }
3043
3044 if (flags & 0x01)
3045 goto done;
3046
c1360a1c 3047 set_bit(CONF_INPUT_DONE, &chan->conf_state);
1da177e4 3048
c1360a1c 3049 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
47d1ec61 3050 set_default_fcs(chan);
fcc203c3 3051
89bc500e 3052 l2cap_state_change(chan, BT_CONNECTED);
42e5c802
GP		 3053 chan->next_tx_seq = 0;
3054 chan->expected_tx_seq = 0;
58d35f87 3055 skb_queue_head_init(&chan->tx_q);
0c1bc5c6 3056 if (chan->mode == L2CAP_MODE_ERTM)
525cd185 3057 l2cap_ertm_init(chan);
0565c1c2 3058
cf4cd009 3059 l2cap_chan_ready(chan);
1da177e4
LT		 3060 }
3061
3062done:
6be36555 3063 l2cap_chan_unlock(chan);
1da177e4
LT		 3064 return 0;
3065}
3066
3067static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3068{
3069 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3070 struct l2cap_disconn_rsp rsp;
3071 u16 dcid, scid;
48454079 3072 struct l2cap_chan *chan;
1da177e4
LT		 3073 struct sock *sk;
3074
3075 scid = __le16_to_cpu(req->scid);
3076 dcid = __le16_to_cpu(req->dcid);
3077
3078 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3079
3df91ea2
AE		 3080 mutex_lock(&conn->chan_lock);
3081
3082 chan = __l2cap_get_chan_by_scid(conn, dcid);
3083 if (!chan) {
3084 mutex_unlock(&conn->chan_lock);
1da177e4 3085 return 0;
3df91ea2 3086 }
1da177e4 3087
6be36555
AE		 3088 l2cap_chan_lock(chan);
3089
48454079
GP		 3090 sk = chan->sk;
3091
fe4128e0
GP		 3092 rsp.dcid = cpu_to_le16(chan->scid);
3093 rsp.scid = cpu_to_le16(chan->dcid);
1da177e4
LT		 3094 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3095
6be36555 3096 lock_sock(sk);
1da177e4 3097 sk->sk_shutdown = SHUTDOWN_MASK;
6be36555 3098 release_sock(sk);
1da177e4 3099
48454079 3100 l2cap_chan_del(chan, ECONNRESET);
6be36555
AE		 3101
3102 l2cap_chan_unlock(chan);
1da177e4 3103
ba3bd0ee 3104 chan->ops->close(chan->data);
3df91ea2
AE		 3105
3106 mutex_unlock(&conn->chan_lock);
3107
1da177e4
LT		 3108 return 0;
3109}
3110
3111static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3112{
3113 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3114 u16 dcid, scid;
48454079 3115 struct l2cap_chan *chan;
1da177e4
LT		 3116
3117 scid = __le16_to_cpu(rsp->scid);
3118 dcid = __le16_to_cpu(rsp->dcid);
3119
3120 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3121
3df91ea2
AE		 3122 mutex_lock(&conn->chan_lock);
3123
3124 chan = __l2cap_get_chan_by_scid(conn, scid);
3125 if (!chan) {
3126 mutex_unlock(&conn->chan_lock);
1da177e4 3127 return 0;
3df91ea2 3128 }
1da177e4 3129
6be36555 3130 l2cap_chan_lock(chan);
48454079 3131
48454079 3132 l2cap_chan_del(chan, 0);
6be36555
AE		 3133
3134 l2cap_chan_unlock(chan);
1da177e4 3135
ba3bd0ee 3136 chan->ops->close(chan->data);
3df91ea2
AE		 3137
3138 mutex_unlock(&conn->chan_lock);
3139
1da177e4
LT		 3140 return 0;
3141}
3142
3143static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3144{
3145 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1da177e4
LT		 3146 u16 type;
3147
3148 type = __le16_to_cpu(req->type);
3149
3150 BT_DBG("type 0x%4.4x", type);
3151
f0709e03
MH		 3152 if (type == L2CAP_IT_FEAT_MASK) {
3153 u8 buf[8];
44dd46de 3154 u32 feat_mask = l2cap_feat_mask;
f0709e03
MH		 3155 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3156 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3157 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
d1c4a17d 3158 if (!disable_ertm)
fcc203c3
GP		 3159 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3160 | L2CAP_FEAT_FCS;
a5fd6f30 3161 if (enable_hs)
6327eb98
AE		 3162 feat_mask |= L2CAP_FEAT_EXT_FLOW
3163 | L2CAP_FEAT_EXT_WINDOW;
a5fd6f30 3164
1b7bf4ed 3165 put_unaligned_le32(feat_mask, rsp->data);
f0709e03
MH		 3166 l2cap_send_cmd(conn, cmd->ident,
3167 L2CAP_INFO_RSP, sizeof(buf), buf);
e1027a7c
MH		 3168 } else if (type == L2CAP_IT_FIXED_CHAN) {
3169 u8 buf[12];
3170 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
50a147cd
MM		 3171
3172 if (enable_hs)
3173 l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
3174 else
3175 l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
3176
e1027a7c
MH		 3177 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3178 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
c6337ea6 3179 memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
e1027a7c
MH		 3180 l2cap_send_cmd(conn, cmd->ident,
3181 L2CAP_INFO_RSP, sizeof(buf), buf);
f0709e03
MH		 3182 } else {
3183 struct l2cap_info_rsp rsp;
3184 rsp.type = cpu_to_le16(type);
3185 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3186 l2cap_send_cmd(conn, cmd->ident,
3187 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3188 }
1da177e4
LT		 3189
3190 return 0;
3191}
3192
3193static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3194{
3195 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3196 u16 type, result;
3197
3198 type = __le16_to_cpu(rsp->type);
3199 result = __le16_to_cpu(rsp->result);
3200
3201 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3202
e90165be
AE		 3203 /* L2CAP Info req/rsp are unbound to channels, add extra checks */
3204 if (cmd->ident != conn->info_ident ||
3205 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)
3206 return 0;
3207
17cd3f37 3208 cancel_delayed_work(&conn->info_timer);
4e8402a3 3209
adb08ede
VT		 3210 if (result != L2CAP_IR_SUCCESS) {
3211 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3212 conn->info_ident = 0;
3213
3214 l2cap_conn_start(conn);
3215
3216 return 0;
3217 }
3218
978c93b9
AE		 3219 switch (type) {
3220 case L2CAP_IT_FEAT_MASK:
83985319 3221 conn->feat_mask = get_unaligned_le32(rsp->data);
4e8402a3 3222
47ec1dcd 3223 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
e1027a7c
MH		 3224 struct l2cap_info_req req;
3225 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3226
3227 conn->info_ident = l2cap_get_ident(conn);
3228
3229 l2cap_send_cmd(conn, conn->info_ident,
3230 L2CAP_INFO_REQ, sizeof(req), &req);
3231 } else {
3232 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3233 conn->info_ident = 0;
3234
3235 l2cap_conn_start(conn);
3236 }
978c93b9
AE		 3237 break;
3238
3239 case L2CAP_IT_FIXED_CHAN:
3240 conn->fixed_chan_mask = rsp->data[0];
984947dc 3241 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
e1027a7c 3242 conn->info_ident = 0;
984947dc
MH		 3243
3244 l2cap_conn_start(conn);
978c93b9 3245 break;
984947dc 3246 }
4e8402a3 3247
1da177e4
LT		 3248 return 0;
3249}
3250
f94ff6ff
MM		 3251static inline int l2cap_create_channel_req(struct l2cap_conn *conn,
3252 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
3253 void *data)
3254{
3255 struct l2cap_create_chan_req *req = data;
3256 struct l2cap_create_chan_rsp rsp;
3257 u16 psm, scid;
3258
3259 if (cmd_len != sizeof(*req))
3260 return -EPROTO;
3261
3262 if (!enable_hs)
3263 return -EINVAL;
3264
3265 psm = le16_to_cpu(req->psm);
3266 scid = le16_to_cpu(req->scid);
3267
3268 BT_DBG("psm %d, scid %d, amp_id %d", psm, scid, req->amp_id);
3269
3270 /* Placeholder: Always reject */
3271 rsp.dcid = 0;
3272 rsp.scid = cpu_to_le16(scid);
8ce0c498
AE		 3273 rsp.result = __constant_cpu_to_le16(L2CAP_CR_NO_MEM);
3274 rsp.status = __constant_cpu_to_le16(L2CAP_CS_NO_INFO);
f94ff6ff
MM		 3275
3276 l2cap_send_cmd(conn, cmd->ident, L2CAP_CREATE_CHAN_RSP,
3277 sizeof(rsp), &rsp);
3278
3279 return 0;
3280}
3281
3282static inline int l2cap_create_channel_rsp(struct l2cap_conn *conn,
3283 struct l2cap_cmd_hdr *cmd, void *data)
3284{
3285 BT_DBG("conn %p", conn);
3286
3287 return l2cap_connect_rsp(conn, cmd, data);
3288}
3289
8d5a04a1
MM		 3290static void l2cap_send_move_chan_rsp(struct l2cap_conn *conn, u8 ident,
3291 u16 icid, u16 result)
3292{
3293 struct l2cap_move_chan_rsp rsp;
3294
3295 BT_DBG("icid %d, result %d", icid, result);
3296
3297 rsp.icid = cpu_to_le16(icid);
3298 rsp.result = cpu_to_le16(result);
3299
3300 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_RSP, sizeof(rsp), &rsp);
3301}
3302
3303static void l2cap_send_move_chan_cfm(struct l2cap_conn *conn,
3304 struct l2cap_chan *chan, u16 icid, u16 result)
3305{
3306 struct l2cap_move_chan_cfm cfm;
3307 u8 ident;
3308
3309 BT_DBG("icid %d, result %d", icid, result);
3310
3311 ident = l2cap_get_ident(conn);
3312 if (chan)
3313 chan->ident = ident;
3314
3315 cfm.icid = cpu_to_le16(icid);
3316 cfm.result = cpu_to_le16(result);
3317
3318 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM, sizeof(cfm), &cfm);
3319}
3320
3321static void l2cap_send_move_chan_cfm_rsp(struct l2cap_conn *conn, u8 ident,
3322 u16 icid)
3323{
3324 struct l2cap_move_chan_cfm_rsp rsp;
3325
3326 BT_DBG("icid %d", icid);
3327
3328 rsp.icid = cpu_to_le16(icid);
3329 l2cap_send_cmd(conn, ident, L2CAP_MOVE_CHAN_CFM_RSP, sizeof(rsp), &rsp);
3330}
3331
3332static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
3333 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3334{
3335 struct l2cap_move_chan_req *req = data;
3336 u16 icid = 0;
3337 u16 result = L2CAP_MR_NOT_ALLOWED;
3338
3339 if (cmd_len != sizeof(*req))
3340 return -EPROTO;
3341
3342 icid = le16_to_cpu(req->icid);
3343
3344 BT_DBG("icid %d, dest_amp_id %d", icid, req->dest_amp_id);
3345
3346 if (!enable_hs)
3347 return -EINVAL;
3348
3349 /* Placeholder: Always refuse */
3350 l2cap_send_move_chan_rsp(conn, cmd->ident, icid, result);
3351
3352 return 0;
3353}
3354
3355static inline int l2cap_move_channel_rsp(struct l2cap_conn *conn,
3356 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3357{
3358 struct l2cap_move_chan_rsp *rsp = data;
3359 u16 icid, result;
3360
3361 if (cmd_len != sizeof(*rsp))
3362 return -EPROTO;
3363
3364 icid = le16_to_cpu(rsp->icid);
3365 result = le16_to_cpu(rsp->result);
3366
3367 BT_DBG("icid %d, result %d", icid, result);
3368
3369 /* Placeholder: Always unconfirmed */
3370 l2cap_send_move_chan_cfm(conn, NULL, icid, L2CAP_MC_UNCONFIRMED);
3371
3372 return 0;
3373}
3374
3375static inline int l2cap_move_channel_confirm(struct l2cap_conn *conn,
3376 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3377{
3378 struct l2cap_move_chan_cfm *cfm = data;
3379 u16 icid, result;
3380
3381 if (cmd_len != sizeof(*cfm))
3382 return -EPROTO;
3383
3384 icid = le16_to_cpu(cfm->icid);
3385 result = le16_to_cpu(cfm->result);
3386
3387 BT_DBG("icid %d, result %d", icid, result);
3388
3389 l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
3390
3391 return 0;
3392}
3393
3394static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
3395 struct l2cap_cmd_hdr *cmd, u16 cmd_len, void *data)
3396{
3397 struct l2cap_move_chan_cfm_rsp *rsp = data;
3398 u16 icid;
3399
3400 if (cmd_len != sizeof(*rsp))
3401 return -EPROTO;
3402
3403 icid = le16_to_cpu(rsp->icid);
3404
3405 BT_DBG("icid %d", icid);
3406
3407 return 0;
3408}
3409
e2174ca4 3410static inline int l2cap_check_conn_param(u16 min, u16 max, u16 latency,
de73115a
CT		 3411 u16 to_multiplier)
3412{
3413 u16 max_latency;
3414
3415 if (min > max || min < 6 || max > 3200)
3416 return -EINVAL;
3417
3418 if (to_multiplier < 10 || to_multiplier > 3200)
3419 return -EINVAL;
3420
3421 if (max >= to_multiplier * 8)
3422 return -EINVAL;
3423
3424 max_latency = (to_multiplier * 8 / max) - 1;
3425 if (latency > 499 || latency > max_latency)
3426 return -EINVAL;
3427
3428 return 0;
3429}
3430
3431static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn,
3432 struct l2cap_cmd_hdr *cmd, u8 *data)
3433{
3434 struct hci_conn *hcon = conn->hcon;
3435 struct l2cap_conn_param_update_req *req;
3436 struct l2cap_conn_param_update_rsp rsp;
3437 u16 min, max, latency, to_multiplier, cmd_len;
2ce603eb 3438 int err;
de73115a
CT		 3439
3440 if (!(hcon->link_mode & HCI_LM_MASTER))
3441 return -EINVAL;
3442
3443 cmd_len = __le16_to_cpu(cmd->len);
3444 if (cmd_len != sizeof(struct l2cap_conn_param_update_req))
3445 return -EPROTO;
3446
3447 req = (struct l2cap_conn_param_update_req *) data;
e2174ca4
GP		 3448 min = __le16_to_cpu(req->min);
3449 max = __le16_to_cpu(req->max);
de73115a
CT		 3450 latency = __le16_to_cpu(req->latency);
3451 to_multiplier = __le16_to_cpu(req->to_multiplier);
3452
3453 BT_DBG("min 0x%4.4x max 0x%4.4x latency: 0x%4.4x Timeout: 0x%4.4x",
3454 min, max, latency, to_multiplier);
3455
3456 memset(&rsp, 0, sizeof(rsp));
2ce603eb
CT		 3457
3458 err = l2cap_check_conn_param(min, max, latency, to_multiplier);
3459 if (err)
de73115a
CT		 3460 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED);
3461 else
3462 rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_ACCEPTED);
3463
3464 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP,
3465 sizeof(rsp), &rsp);
3466
2ce603eb
CT		 3467 if (!err)
3468 hci_le_conn_update(hcon, min, max, latency, to_multiplier);
3469
de73115a
CT		 3470 return 0;
3471}
3472
3300d9a9
CT		 3473static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
3474 struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3475{
3476 int err = 0;
3477
3478 switch (cmd->code) {
3479 case L2CAP_COMMAND_REJ:
3480 l2cap_command_rej(conn, cmd, data);
3481 break;
3482
3483 case L2CAP_CONN_REQ:
3484 err = l2cap_connect_req(conn, cmd, data);
3485 break;
3486
3487 case L2CAP_CONN_RSP:
3488 err = l2cap_connect_rsp(conn, cmd, data);
3489 break;
3490
3491 case L2CAP_CONF_REQ:
3492 err = l2cap_config_req(conn, cmd, cmd_len, data);
3493 break;
3494
3495 case L2CAP_CONF_RSP:
3496 err = l2cap_config_rsp(conn, cmd, data);
3497 break;
3498
3499 case L2CAP_DISCONN_REQ:
3500 err = l2cap_disconnect_req(conn, cmd, data);
3501 break;
3502
3503 case L2CAP_DISCONN_RSP:
3504 err = l2cap_disconnect_rsp(conn, cmd, data);
3505 break;
3506
3507 case L2CAP_ECHO_REQ:
3508 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data);
3509 break;
3510
3511 case L2CAP_ECHO_RSP:
3512 break;
3513
3514 case L2CAP_INFO_REQ:
3515 err = l2cap_information_req(conn, cmd, data);
3516 break;
3517
3518 case L2CAP_INFO_RSP:
3519 err = l2cap_information_rsp(conn, cmd, data);
3520 break;
3521
f94ff6ff
MM		 3522 case L2CAP_CREATE_CHAN_REQ:
3523 err = l2cap_create_channel_req(conn, cmd, cmd_len, data);
3524 break;
3525
3526 case L2CAP_CREATE_CHAN_RSP:
3527 err = l2cap_create_channel_rsp(conn, cmd, data);
3528 break;
3529
8d5a04a1
MM		 3530 case L2CAP_MOVE_CHAN_REQ:
3531 err = l2cap_move_channel_req(conn, cmd, cmd_len, data);
3532 break;
3533
3534 case L2CAP_MOVE_CHAN_RSP:
3535 err = l2cap_move_channel_rsp(conn, cmd, cmd_len, data);
3536 break;
3537
3538 case L2CAP_MOVE_CHAN_CFM:
3539 err = l2cap_move_channel_confirm(conn, cmd, cmd_len, data);
3540 break;
3541
3542 case L2CAP_MOVE_CHAN_CFM_RSP:
3543 err = l2cap_move_channel_confirm_rsp(conn, cmd, cmd_len, data);
3544 break;
3545
3300d9a9
CT		 3546 default:
3547 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code);
3548 err = -EINVAL;
3549 break;
3550 }
3551
3552 return err;
3553}
3554
3555static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn,
3556 struct l2cap_cmd_hdr *cmd, u8 *data)
3557{
3558 switch (cmd->code) {
3559 case L2CAP_COMMAND_REJ:
3560 return 0;
3561
3562 case L2CAP_CONN_PARAM_UPDATE_REQ:
de73115a 3563 return l2cap_conn_param_update_req(conn, cmd, data);
3300d9a9
CT		 3564
3565 case L2CAP_CONN_PARAM_UPDATE_RSP:
3566 return 0;
3567
3568 default:
3569 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code);
3570 return -EINVAL;
3571 }
3572}
3573
3574static inline void l2cap_sig_channel(struct l2cap_conn *conn,
3575 struct sk_buff *skb)
1da177e4
LT		 3576{
3577 u8 *data = skb->data;
3578 int len = skb->len;
3579 struct l2cap_cmd_hdr cmd;
3300d9a9 3580 int err;
1da177e4
LT		 3581
3582 l2cap_raw_recv(conn, skb);
3583
3584 while (len >= L2CAP_CMD_HDR_SIZE) {
88219a0f 3585 u16 cmd_len;
1da177e4
LT		 3586 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3587 data += L2CAP_CMD_HDR_SIZE;
3588 len -= L2CAP_CMD_HDR_SIZE;
3589
88219a0f 3590 cmd_len = le16_to_cpu(cmd.len);
1da177e4 3591
88219a0f 3592 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
1da177e4 3593
88219a0f 3594 if (cmd_len > len || !cmd.ident) {
1da177e4
LT		 3595 BT_DBG("corrupted command");
3596 break;
3597 }
3598
3300d9a9
CT		 3599 if (conn->hcon->type == LE_LINK)
3600 err = l2cap_le_sig_cmd(conn, &cmd, data);
3601 else
3602 err = l2cap_bredr_sig_cmd(conn, &cmd, cmd_len, data);
1da177e4
LT		 3603
3604 if (err) {
e2fd318e 3605 struct l2cap_cmd_rej_unk rej;
2c6d1a2e
GP		 3606
3607 BT_ERR("Wrong link type (%d)", err);
1da177e4
LT		 3608
3609 /* FIXME: Map err to a valid reason */
e2fd318e 3610 rej.reason = cpu_to_le16(L2CAP_REJ_NOT_UNDERSTOOD);
1da177e4
LT		 3611 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3612 }
3613
88219a0f
AV		 3614 data += cmd_len;
3615 len -= cmd_len;
1da177e4
LT		 3616 }
3617
3618 kfree_skb(skb);
3619}
3620
47d1ec61 3621static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
fcc203c3
GP		 3622{
3623 u16 our_fcs, rcv_fcs;
e4ca6d98
AE		 3624 int hdr_size;
3625
3626 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3627 hdr_size = L2CAP_EXT_HDR_SIZE;
3628 else
3629 hdr_size = L2CAP_ENH_HDR_SIZE;
fcc203c3 3630
47d1ec61 3631 if (chan->fcs == L2CAP_FCS_CRC16) {
03a51213 3632 skb_trim(skb, skb->len - L2CAP_FCS_SIZE);
fcc203c3
GP		 3633 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3634 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3635
3636 if (our_fcs != rcv_fcs)
7a560e5c 3637 return -EBADMSG;
fcc203c3
GP		 3638 }
3639 return 0;
3640}
3641
525cd185 3642static inline void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
d5392c8f 3643{
88843ab0 3644 u32 control = 0;
d5392c8f 3645
6a026610 3646 chan->frames_sent = 0;
d5392c8f 3647
0b209fae 3648 control |= __set_reqseq(chan, chan->buffer_seq);
d5392c8f 3649
e2ab4353 3650 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
ab784b73 3651 control |= __set_ctrl_super(chan, L2CAP_SUPER_RNR);
525cd185 3652 l2cap_send_sframe(chan, control);
e2ab4353 3653 set_bit(CONN_RNR_SENT, &chan->conn_state);
d5392c8f
GP		 3654 }
3655
e2ab4353 3656 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
525cd185 3657 l2cap_retransmit_frames(chan);
d5392c8f 3658
525cd185 3659 l2cap_ertm_send(chan);
d5392c8f 3660
e2ab4353 3661 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
6a026610 3662 chan->frames_sent == 0) {
ab784b73 3663 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3664 l2cap_send_sframe(chan, control);
d5392c8f
GP		 3665 }
3666}
3667
fb45de7d 3668static int l2cap_add_to_srej_queue(struct l2cap_chan *chan, struct sk_buff *skb, u16 tx_seq, u8 sar)
8f17154f
GP		 3669{
3670 struct sk_buff *next_skb;
bfbacc11 3671 int tx_seq_offset, next_tx_seq_offset;
8f17154f
GP		 3672
3673 bt_cb(skb)->tx_seq = tx_seq;
3674 bt_cb(skb)->sar = sar;
3675
f1c6775b 3676 next_skb = skb_peek(&chan->srej_q);
8f17154f 3677
836be934 3678 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
bfbacc11 3679
039d9572 3680 while (next_skb) {
9b53350d
JPRV		 3681 if (bt_cb(next_skb)->tx_seq == tx_seq)
3682 return -EINVAL;
3683
836be934
AE		 3684 next_tx_seq_offset = __seq_offset(chan,
3685 bt_cb(next_skb)->tx_seq, chan->buffer_seq);
bfbacc11
JPRV		 3686
3687 if (next_tx_seq_offset > tx_seq_offset) {
f1c6775b 3688 __skb_queue_before(&chan->srej_q, next_skb, skb);
9b53350d 3689 return 0;
8f17154f
GP		 3690 }
3691
f1c6775b 3692 if (skb_queue_is_last(&chan->srej_q, next_skb))
039d9572
SJ		 3693 next_skb = NULL;
3694 else
3695 next_skb = skb_queue_next(&chan->srej_q, next_skb);
3696 }
8f17154f 3697
f1c6775b 3698 __skb_queue_tail(&chan->srej_q, skb);
9b53350d
JPRV		 3699
3700 return 0;
8f17154f
GP		 3701}
3702
84084a31
MM		 3703static void append_skb_frag(struct sk_buff *skb,
3704 struct sk_buff *new_frag, struct sk_buff **last_frag)
18778a63 3705{
84084a31
MM		 3706 /* skb->len reflects data in skb as well as all fragments
3707 * skb->data_len reflects only data in fragments
3708 */
3709 if (!skb_has_frag_list(skb))
3710 skb_shinfo(skb)->frag_list = new_frag;
3711
3712 new_frag->next = NULL;
3713
3714 (*last_frag)->next = new_frag;
3715 *last_frag = new_frag;
3716
3717 skb->len += new_frag->len;
3718 skb->data_len += new_frag->len;
3719 skb->truesize += new_frag->truesize;
3720}
3721
88843ab0 3722static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb, u32 control)
84084a31
MM		 3723{
3724 int err = -EINVAL;
18778a63 3725
7e0ef6ee
AE		 3726 switch (__get_ctrl_sar(chan, control)) {
3727 case L2CAP_SAR_UNSEGMENTED:
84084a31
MM		 3728 if (chan->sdu)
3729 break;
18778a63 3730
84084a31
MM		 3731 err = chan->ops->recv(chan->data, skb);
3732 break;
18778a63 3733
7e0ef6ee 3734 case L2CAP_SAR_START:
84084a31
MM		 3735 if (chan->sdu)
3736 break;
18778a63 3737
6f61fd47 3738 chan->sdu_len = get_unaligned_le16(skb->data);
03a51213 3739 skb_pull(skb, L2CAP_SDULEN_SIZE);
18778a63 3740
84084a31
MM		 3741 if (chan->sdu_len > chan->imtu) {
3742 err = -EMSGSIZE;
3743 break;
3744 }
1890d36b 3745
84084a31
MM		 3746 if (skb->len >= chan->sdu_len)
3747 break;
18778a63 3748
84084a31
MM		 3749 chan->sdu = skb;
3750 chan->sdu_last_frag = skb;
18778a63 3751
84084a31
MM		 3752 skb = NULL;
3753 err = 0;
18778a63
GP		 3754 break;
3755
7e0ef6ee 3756 case L2CAP_SAR_CONTINUE:
6f61fd47 3757 if (!chan->sdu)
84084a31 3758 break;
18778a63 3759
84084a31
MM		 3760 append_skb_frag(chan->sdu, skb,
3761 &chan->sdu_last_frag);
3762 skb = NULL;
18778a63 3763
84084a31
MM		 3764 if (chan->sdu->len >= chan->sdu_len)
3765 break;
4178ba46 3766
84084a31 3767 err = 0;
18778a63
GP		 3768 break;
3769
7e0ef6ee 3770 case L2CAP_SAR_END:
6f61fd47 3771 if (!chan->sdu)
84084a31 3772 break;
18778a63 3773
84084a31
MM		 3774 append_skb_frag(chan->sdu, skb,
3775 &chan->sdu_last_frag);
3776 skb = NULL;
4178ba46 3777
84084a31
MM		 3778 if (chan->sdu->len != chan->sdu_len)
3779 break;
18778a63 3780
84084a31 3781 err = chan->ops->recv(chan->data, chan->sdu);
1890d36b 3782
84084a31
MM		 3783 if (!err) {
3784 /* Reassembly complete */
3785 chan->sdu = NULL;
3786 chan->sdu_last_frag = NULL;
3787 chan->sdu_len = 0;
1890d36b 3788 }
18778a63
GP		 3789 break;
3790 }
3791
84084a31
MM		 3792 if (err) {
3793 kfree_skb(skb);
3794 kfree_skb(chan->sdu);
3795 chan->sdu = NULL;
3796 chan->sdu_last_frag = NULL;
3797 chan->sdu_len = 0;
3798 }
18778a63 3799
84084a31 3800 return err;
18778a63
GP		 3801}
3802
26f880d2 3803static void l2cap_ertm_enter_local_busy(struct l2cap_chan *chan)
712132eb 3804{
26f880d2 3805 BT_DBG("chan %p, Enter local busy", chan);
712132eb 3806
26f880d2
MM		 3807 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3808
77f918bc 3809 __set_ack_timer(chan);
26f880d2
MM		 3810}
3811
3812static void l2cap_ertm_exit_local_busy(struct l2cap_chan *chan)
3813{
88843ab0 3814 u32 control;
712132eb 3815
e2ab4353 3816 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
712132eb
GP		 3817 goto done;
3818
0b209fae 3819 control = __set_reqseq(chan, chan->buffer_seq);
e3781735 3820 control |= __set_ctrl_poll(chan);
ab784b73 3821 control |= __set_ctrl_super(chan, L2CAP_SUPER_RR);
525cd185 3822 l2cap_send_sframe(chan, control);
6a026610 3823 chan->retry_count = 1;
712132eb 3824
1a09bcb9
GP		 3825 __clear_retrans_timer(chan);
3826 __set_monitor_timer(chan);
712132eb 3827
e2ab4353 3828 set_bit(CONN_WAIT_F, &chan->conn_state);
712132eb
GP		 3829
3830done:
e2ab4353
GP		 3831 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
3832 clear_bit(CONN_RNR_SENT, &chan->conn_state);
712132eb 3833
49208c9c 3834 BT_DBG("chan %p, Exit local busy", chan);
712132eb
GP		 3835}
3836
e328140f 3837void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
1890d36b 3838{
e328140f
MM		 3839 if (chan->mode == L2CAP_MODE_ERTM) {
3840 if (busy)
3841 l2cap_ertm_enter_local_busy(chan);
3842 else
3843 l2cap_ertm_exit_local_busy(chan);
1890d36b 3844 }
1890d36b
GP		 3845}
3846
fb45de7d 3847static void l2cap_check_srej_gap(struct l2cap_chan *chan, u16 tx_seq)
8f17154f
GP		 3848{
3849 struct sk_buff *skb;
88843ab0 3850 u32 control;
8f17154f 3851
e328140f
MM		 3852 while ((skb = skb_peek(&chan->srej_q)) &&
3853 !test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3854 int err;
3855
8f17154f
GP		 3856 if (bt_cb(skb)->tx_seq != tx_seq)
3857 break;
3858
f1c6775b 3859 skb = skb_dequeue(&chan->srej_q);
7e0ef6ee 3860 control = __set_ctrl_sar(chan, bt_cb(skb)->sar);
84084a31 3861 err = l2cap_reassemble_sdu(chan, skb, control);
e328140f
MM		 3862
3863 if (err < 0) {
3864 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
3865 break;
3866 }
3867
836be934
AE		 3868 chan->buffer_seq_srej = __next_seq(chan, chan->buffer_seq_srej);
3869 tx_seq = __next_seq(chan, tx_seq);
8f17154f
GP		 3870 }
3871}
3872
fb45de7d 3873static void l2cap_resend_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3874{
8f17154f 3875 struct srej_list *l, *tmp;
88843ab0 3876 u32 control;
8f17154f 3877
39d5a3ee 3878 list_for_each_entry_safe(l, tmp, &chan->srej_l, list) {
8f17154f
GP		 3879 if (l->tx_seq == tx_seq) {
3880 list_del(&l->list);
3881 kfree(l);
3882 return;
3883 }
ab784b73 3884 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3885 control |= __set_reqseq(chan, l->tx_seq);
525cd185 3886 l2cap_send_sframe(chan, control);
8f17154f 3887 list_del(&l->list);
39d5a3ee 3888 list_add_tail(&l->list, &chan->srej_l);
8f17154f
GP		 3889 }
3890}
3891
aef89f21 3892static int l2cap_send_srejframe(struct l2cap_chan *chan, u16 tx_seq)
8f17154f 3893{
8f17154f 3894 struct srej_list *new;
88843ab0 3895 u32 control;
8f17154f 3896
42e5c802 3897 while (tx_seq != chan->expected_tx_seq) {
ab784b73 3898 control = __set_ctrl_super(chan, L2CAP_SUPER_SREJ);
0b209fae 3899 control |= __set_reqseq(chan, chan->expected_tx_seq);
525cd185 3900 l2cap_send_sframe(chan, control);
8f17154f
GP		 3901
3902 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
aef89f21
SJ		 3903 if (!new)
3904 return -ENOMEM;
3905
42e5c802 3906 new->tx_seq = chan->expected_tx_seq;
836be934
AE		 3907
3908 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
3909
39d5a3ee 3910 list_add_tail(&new->list, &chan->srej_l);
8f17154f 3911 }
836be934
AE		 3912
3913 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
aef89f21
SJ		 3914
3915 return 0;
8f17154f
GP		 3916}
3917
88843ab0 3918static inline int l2cap_data_channel_iframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
1c2acffb 3919{
fb45de7d 3920 u16 tx_seq = __get_txseq(chan, rx_control);
0b209fae 3921 u16 req_seq = __get_reqseq(chan, rx_control);
7e0ef6ee 3922 u8 sar = __get_ctrl_sar(chan, rx_control);
f6337c77 3923 int tx_seq_offset, expected_tx_seq_offset;
47d1ec61 3924 int num_to_ack = (chan->tx_win/6) + 1;
1c2acffb
GP		 3925 int err = 0;
3926
88843ab0 3927 BT_DBG("chan %p len %d tx_seq %d rx_control 0x%8.8x", chan, skb->len,
525cd185 3928 tx_seq, rx_control);
1c2acffb 3929
03f6715d 3930 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 3931 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 3932 __clear_monitor_timer(chan);
6a026610 3933 if (chan->unacked_frames > 0)
1a09bcb9 3934 __set_retrans_timer(chan);
e2ab4353 3935 clear_bit(CONN_WAIT_F, &chan->conn_state);
1d8f5d16
GP		 3936 }
3937
42e5c802
GP		 3938 chan->expected_ack_seq = req_seq;
3939 l2cap_drop_acked_frames(chan);
9f121a5a 3940
836be934 3941 tx_seq_offset = __seq_offset(chan, tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3942
3943 /* invalid tx_seq */
47d1ec61 3944 if (tx_seq_offset >= chan->tx_win) {
8c1d787b 3945 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
9b53350d
JPRV		 3946 goto drop;
3947 }
3948
77f918bc
SJ		 3949 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
3950 if (!test_bit(CONN_RNR_SENT, &chan->conn_state))
3951 l2cap_send_ack(chan);
1890d36b 3952 goto drop;
77f918bc 3953 }
1890d36b 3954
02f1b641
MM		 3955 if (tx_seq == chan->expected_tx_seq)
3956 goto expected;
3957
e2ab4353 3958 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
8f17154f 3959 struct srej_list *first;
30afb5b2 3960
39d5a3ee 3961 first = list_first_entry(&chan->srej_l,
8f17154f
GP		 3962 struct srej_list, list);
3963 if (tx_seq == first->tx_seq) {
42e5c802 3964 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
525cd185 3965 l2cap_check_srej_gap(chan, tx_seq);
8f17154f
GP		 3966
3967 list_del(&first->list);
3968 kfree(first);
3969
39d5a3ee 3970 if (list_empty(&chan->srej_l)) {
42e5c802 3971 chan->buffer_seq = chan->buffer_seq_srej;
e2ab4353 3972 clear_bit(CONN_SREJ_SENT, &chan->conn_state);
525cd185 3973 l2cap_send_ack(chan);
49208c9c 3974 BT_DBG("chan %p, Exit SREJ_SENT", chan);
8f17154f
GP		 3975 }
3976 } else {
3977 struct srej_list *l;
9b53350d
JPRV		 3978
3979 /* duplicated tx_seq */
42e5c802 3980 if (l2cap_add_to_srej_queue(chan, skb, tx_seq, sar) < 0)
9b53350d 3981 goto drop;
8f17154f 3982
39d5a3ee 3983 list_for_each_entry(l, &chan->srej_l, list) {
8f17154f 3984 if (l->tx_seq == tx_seq) {
525cd185 3985 l2cap_resend_srejframe(chan, tx_seq);
8f17154f
GP		 3986 return 0;
3987 }
3988 }
aef89f21
SJ		 3989
3990 err = l2cap_send_srejframe(chan, tx_seq);
3991 if (err < 0) {
3992 l2cap_send_disconn_req(chan->conn, chan, -err);
3993 return err;
3994 }
30afb5b2
GP		 3995 }
3996 } else {
836be934
AE		 3997 expected_tx_seq_offset = __seq_offset(chan,
3998 chan->expected_tx_seq, chan->buffer_seq);
9b53350d
JPRV		 3999
4000 /* duplicated tx_seq */
4001 if (tx_seq_offset < expected_tx_seq_offset)
4002 goto drop;
4003
e2ab4353 4004 set_bit(CONN_SREJ_SENT, &chan->conn_state);
1c2acffb 4005
49208c9c 4006 BT_DBG("chan %p, Enter SREJ", chan);
0e98958d 4007
39d5a3ee 4008 INIT_LIST_HEAD(&chan->srej_l);
42e5c802 4009 chan->buffer_seq_srej = chan->buffer_seq;
8f17154f 4010
f1c6775b 4011 __skb_queue_head_init(&chan->srej_q);
42e5c802 4012 l2cap_add_to_srej_queue(chan, skb, tx_seq, sar);
8f17154f 4013
0ef3ef0f
SJ		 4014 /* Set P-bit only if there are some I-frames to ack. */
4015 if (__clear_ack_timer(chan))
4016 set_bit(CONN_SEND_PBIT, &chan->conn_state);
ef54fd93 4017
aef89f21
SJ		 4018 err = l2cap_send_srejframe(chan, tx_seq);
4019 if (err < 0) {
4020 l2cap_send_disconn_req(chan->conn, chan, -err);
4021 return err;
4022 }
1c2acffb 4023 }
30afb5b2
GP		 4024 return 0;
4025
8f17154f 4026expected:
836be934 4027 chan->expected_tx_seq = __next_seq(chan, chan->expected_tx_seq);
8f17154f 4028
e2ab4353 4029 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
3b1a9f3f
GP		 4030 bt_cb(skb)->tx_seq = tx_seq;
4031 bt_cb(skb)->sar = sar;
f1c6775b 4032 __skb_queue_tail(&chan->srej_q, skb);
8f17154f
GP		 4033 return 0;
4034 }
4035
84084a31 4036 err = l2cap_reassemble_sdu(chan, skb, rx_control);
836be934
AE		 4037 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
4038
e328140f
MM		 4039 if (err < 0) {
4040 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
4041 return err;
4042 }
2ece3684 4043
03f6715d 4044 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4045 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4046 l2cap_retransmit_frames(chan);
4ec10d97
GP		 4047 }
4048
c1b4f43b 4049
6a026610
GP		 4050 chan->num_acked = (chan->num_acked + 1) % num_to_ack;
4051 if (chan->num_acked == num_to_ack - 1)
525cd185 4052 l2cap_send_ack(chan);
4d611e4d
GP		 4053 else
4054 __set_ack_timer(chan);
9e917af1 4055
8f17154f 4056 return 0;
9b53350d
JPRV		 4057
4058drop:
4059 kfree_skb(skb);
4060 return 0;
1c2acffb
GP		 4061}
4062
88843ab0 4063static inline void l2cap_data_channel_rrframe(struct l2cap_chan *chan, u32 rx_control)
1c2acffb 4064{
88843ab0 4065 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan,
0b209fae 4066 __get_reqseq(chan, rx_control), rx_control);
0e98958d 4067
0b209fae 4068 chan->expected_ack_seq = __get_reqseq(chan, rx_control);
42e5c802 4069 l2cap_drop_acked_frames(chan);
1c2acffb 4070
e3781735 4071 if (__is_ctrl_poll(chan, rx_control)) {
e2ab4353
GP		 4072 set_bit(CONN_SEND_FBIT, &chan->conn_state);
4073 if (test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
4074 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4075 (chan->unacked_frames > 0))
1a09bcb9 4076 __set_retrans_timer(chan);
05fbd89d 4077
e2ab4353 4078 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
525cd185 4079 l2cap_send_srejtail(chan);
05fbd89d 4080 } else {
525cd185 4081 l2cap_send_i_or_rr_or_rnr(chan);
05fbd89d 4082 }
1d8f5d16 4083
03f6715d 4084 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4085 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4ec10d97 4086
e2ab4353 4087 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4088 l2cap_retransmit_frames(chan);
2246b2f1 4089
e072745f 4090 } else {
e2ab4353 4091 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
6a026610 4092 (chan->unacked_frames > 0))
1a09bcb9 4093 __set_retrans_timer(chan);
1c2acffb 4094
e2ab4353
GP		 4095 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
4096 if (test_bit(CONN_SREJ_SENT, &chan->conn_state))
525cd185 4097 l2cap_send_ack(chan);
894718a6 4098 else
525cd185 4099 l2cap_ertm_send(chan);
e072745f
GP		 4100 }
4101}
2246b2f1 4102
88843ab0 4103static inline void l2cap_data_channel_rejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4104{
0b209fae 4105 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4106
88843ab0 4107 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4108
e2ab4353 4109 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
e072745f 4110
42e5c802
GP		 4111 chan->expected_ack_seq = tx_seq;
4112 l2cap_drop_acked_frames(chan);
e072745f 4113
03f6715d 4114 if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4115 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
525cd185 4116 l2cap_retransmit_frames(chan);
e072745f 4117 } else {
525cd185 4118 l2cap_retransmit_frames(chan);
30afb5b2 4119
e2ab4353
GP		 4120 if (test_bit(CONN_WAIT_F, &chan->conn_state))
4121 set_bit(CONN_REJ_ACT, &chan->conn_state);
e072745f
GP		 4122 }
4123}
88843ab0 4124static inline void l2cap_data_channel_srejframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4125{
0b209fae 4126 u16 tx_seq = __get_reqseq(chan, rx_control);
30afb5b2 4127
88843ab0 4128 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4129
e2ab4353 4130 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
2246b2f1 4131
e3781735 4132 if (__is_ctrl_poll(chan, rx_control)) {
42e5c802
GP		 4133 chan->expected_ack_seq = tx_seq;
4134 l2cap_drop_acked_frames(chan);
3cb123d1 4135
e2ab4353 4136 set_bit(CONN_SEND_FBIT, &chan->conn_state);
525cd185 4137 l2cap_retransmit_one_frame(chan, tx_seq);
dfc909be 4138
525cd185 4139 l2cap_ertm_send(chan);
dfc909be 4140
e2ab4353 4141 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4142 chan->srej_save_reqseq = tx_seq;
e2ab4353 4143 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4144 }
03f6715d 4145 } else if (__is_ctrl_final(chan, rx_control)) {
e2ab4353 4146 if (test_bit(CONN_SREJ_ACT, &chan->conn_state) &&
6a026610 4147 chan->srej_save_reqseq == tx_seq)
e2ab4353 4148 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
e072745f 4149 else
525cd185 4150 l2cap_retransmit_one_frame(chan, tx_seq);
e072745f 4151 } else {
525cd185 4152 l2cap_retransmit_one_frame(chan, tx_seq);
e2ab4353 4153 if (test_bit(CONN_WAIT_F, &chan->conn_state)) {
6a026610 4154 chan->srej_save_reqseq = tx_seq;
e2ab4353 4155 set_bit(CONN_SREJ_ACT, &chan->conn_state);
ef54fd93 4156 }
e072745f
GP		 4157 }
4158}
4159
88843ab0 4160static inline void l2cap_data_channel_rnrframe(struct l2cap_chan *chan, u32 rx_control)
e072745f 4161{
0b209fae 4162 u16 tx_seq = __get_reqseq(chan, rx_control);
e072745f 4163
88843ab0 4164 BT_DBG("chan %p, req_seq %d ctrl 0x%8.8x", chan, tx_seq, rx_control);
0e98958d 4165
e2ab4353 4166 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
42e5c802
GP		 4167 chan->expected_ack_seq = tx_seq;
4168 l2cap_drop_acked_frames(chan);
e072745f 4169
e3781735 4170 if (__is_ctrl_poll(chan, rx_control))
e2ab4353 4171 set_bit(CONN_SEND_FBIT, &chan->conn_state);
3cb123d1 4172
e2ab4353 4173 if (!test_bit(CONN_SREJ_SENT, &chan->conn_state)) {
1a09bcb9 4174 __clear_retrans_timer(chan);
e3781735 4175 if (__is_ctrl_poll(chan, rx_control))
525cd185 4176 l2cap_send_rr_or_rnr(chan, L2CAP_CTRL_FINAL);
99b0d4b7 4177 return;
e072745f 4178 }
99b0d4b7 4179
e3781735 4180 if (__is_ctrl_poll(chan, rx_control)) {
525cd185 4181 l2cap_send_srejtail(chan);
ab784b73
AE		 4182 } else {
4183 rx_control = __set_ctrl_super(chan, L2CAP_SUPER_RR);
4184 l2cap_send_sframe(chan, rx_control);
4185 }
e072745f
GP		 4186}
4187
88843ab0 4188static inline int l2cap_data_channel_sframe(struct l2cap_chan *chan, u32 rx_control, struct sk_buff *skb)
e072745f 4189{
88843ab0 4190 BT_DBG("chan %p rx_control 0x%8.8x len %d", chan, rx_control, skb->len);
e072745f 4191
03f6715d 4192 if (__is_ctrl_final(chan, rx_control) &&
e2ab4353 4193 test_bit(CONN_WAIT_F, &chan->conn_state)) {
1a09bcb9 4194 __clear_monitor_timer(chan);
6a026610 4195 if (chan->unacked_frames > 0)
1a09bcb9 4196 __set_retrans_timer(chan);
e2ab4353 4197 clear_bit(CONN_WAIT_F, &chan->conn_state);
e072745f
GP		 4198 }
4199
ab784b73
AE		 4200 switch (__get_ctrl_super(chan, rx_control)) {
4201 case L2CAP_SUPER_RR:
525cd185 4202 l2cap_data_channel_rrframe(chan, rx_control);
8f17154f
GP		 4203 break;
4204
ab784b73 4205 case L2CAP_SUPER_REJ:
525cd185 4206 l2cap_data_channel_rejframe(chan, rx_control);
e072745f 4207 break;
2246b2f1 4208
ab784b73 4209 case L2CAP_SUPER_SREJ:
525cd185 4210 l2cap_data_channel_srejframe(chan, rx_control);
e072745f
GP		 4211 break;
4212
ab784b73 4213 case L2CAP_SUPER_RNR:
525cd185 4214 l2cap_data_channel_rnrframe(chan, rx_control);
1c2acffb
GP		 4215 break;
4216 }
4217
faaebd19 4218 kfree_skb(skb);
1c2acffb
GP		 4219 return 0;
4220}
4221
cad8f1d0 4222static int l2cap_ertm_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
218bb9df 4223{
88843ab0 4224 u32 control;
0b209fae 4225 u16 req_seq;
218bb9df
GP		 4226 int len, next_tx_seq_offset, req_seq_offset;
4227
88843ab0
AE		 4228 control = __get_control(chan, skb->data);
4229 skb_pull(skb, __ctrl_size(chan));
218bb9df
GP		 4230 len = skb->len;
4231
4232 /*
4233 * We can just drop the corrupted I-frame here.
4234 * Receiver will miss it and start proper recovery
4235 * procedures and ask retransmission.
4236 */
47d1ec61 4237 if (l2cap_check_fcs(chan, skb))
218bb9df
GP		 4238 goto drop;
4239
793c2f1c 4240 if (__is_sar_start(chan, control) && !__is_sframe(chan, control))
03a51213 4241 len -= L2CAP_SDULEN_SIZE;
218bb9df 4242
47d1ec61 4243 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4244 len -= L2CAP_FCS_SIZE;
218bb9df 4245
47d1ec61 4246 if (len > chan->mps) {
8c1d787b 4247 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4248 goto drop;
4249 }
4250
0b209fae 4251 req_seq = __get_reqseq(chan, control);
218bb9df 4252
836be934
AE		 4253 req_seq_offset = __seq_offset(chan, req_seq, chan->expected_ack_seq);
4254
4255 next_tx_seq_offset = __seq_offset(chan, chan->next_tx_seq,
4256 chan->expected_ack_seq);
218bb9df
GP		 4257
4258 /* check for invalid req-seq */
4259 if (req_seq_offset > next_tx_seq_offset) {
8c1d787b 4260 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4261 goto drop;
4262 }
4263
793c2f1c 4264 if (!__is_sframe(chan, control)) {
218bb9df 4265 if (len < 0) {
8c1d787b 4266 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4267 goto drop;
4268 }
4269
525cd185 4270 l2cap_data_channel_iframe(chan, control, skb);
218bb9df
GP		 4271 } else {
4272 if (len != 0) {
4273 BT_ERR("%d", len);
8c1d787b 4274 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
218bb9df
GP		 4275 goto drop;
4276 }
4277
525cd185 4278 l2cap_data_channel_sframe(chan, control, skb);
218bb9df
GP		 4279 }
4280
4281 return 0;
4282
4283drop:
4284 kfree_skb(skb);
4285 return 0;
4286}
4287
1da177e4
LT		 4288static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4289{
48454079 4290 struct l2cap_chan *chan;
88843ab0 4291 u32 control;
fb45de7d 4292 u16 tx_seq;
218bb9df 4293 int len;
1da177e4 4294
baa7e1fa 4295 chan = l2cap_get_chan_by_scid(conn, cid);
48454079 4296 if (!chan) {
1da177e4 4297 BT_DBG("unknown cid 0x%4.4x", cid);
6be36555 4298 /* Drop packet and return */
3379013b 4299 kfree_skb(skb);
6be36555 4300 return 0;
1da177e4
LT		 4301 }
4302
6be36555 4303 l2cap_chan_lock(chan);
6840ed07 4304
49208c9c 4305 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4306
89bc500e 4307 if (chan->state != BT_CONNECTED)
1da177e4
LT		 4308 goto drop;
4309
0c1bc5c6 4310 switch (chan->mode) {
1c2acffb
GP		 4311 case L2CAP_MODE_BASIC:
4312 /* If socket recv buffers overflows we drop data here
4313 * which is *bad* because L2CAP has to be reliable.
4314 * But we don't have any other choice. L2CAP doesn't
4315 * provide flow control mechanism. */
1da177e4 4316
0c1bc5c6 4317 if (chan->imtu < skb->len)
1c2acffb 4318 goto drop;
1da177e4 4319
23070494 4320 if (!chan->ops->recv(chan->data, skb))
1c2acffb
GP		 4321 goto done;
4322 break;
4323
4324 case L2CAP_MODE_ERTM:
5ef8cb9e 4325 l2cap_ertm_data_rcv(chan, skb);
1c2acffb 4326
fcafde2e 4327 goto done;
1c2acffb 4328
6840ed07 4329 case L2CAP_MODE_STREAMING:
88843ab0
AE		 4330 control = __get_control(chan, skb->data);
4331 skb_pull(skb, __ctrl_size(chan));
6840ed07
GP		 4332 len = skb->len;
4333
47d1ec61 4334 if (l2cap_check_fcs(chan, skb))
26000089
GP		 4335 goto drop;
4336
7e0ef6ee 4337 if (__is_sar_start(chan, control))
03a51213 4338 len -= L2CAP_SDULEN_SIZE;
6840ed07 4339
47d1ec61 4340 if (chan->fcs == L2CAP_FCS_CRC16)
03a51213 4341 len -= L2CAP_FCS_SIZE;
fcc203c3 4342
793c2f1c 4343 if (len > chan->mps || len < 0 || __is_sframe(chan, control))
6840ed07
GP		 4344 goto drop;
4345
fb45de7d 4346 tx_seq = __get_txseq(chan, control);
6840ed07 4347
84084a31
MM		 4348 if (chan->expected_tx_seq != tx_seq) {
4349 /* Frame(s) missing - must discard partial SDU */
4350 kfree_skb(chan->sdu);
4351 chan->sdu = NULL;
4352 chan->sdu_last_frag = NULL;
4353 chan->sdu_len = 0;
6840ed07 4354
84084a31
MM		 4355 /* TODO: Notify userland of missing data */
4356 }
4357
836be934 4358 chan->expected_tx_seq = __next_seq(chan, tx_seq);
84084a31
MM		 4359
4360 if (l2cap_reassemble_sdu(chan, skb, control) == -EMSGSIZE)
4361 l2cap_send_disconn_req(chan->conn, chan, ECONNRESET);
6840ed07
GP		 4362
4363 goto done;
4364
1c2acffb 4365 default:
0c1bc5c6 4366 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
1c2acffb
GP		 4367 break;
4368 }
1da177e4
LT		 4369
4370drop:
4371 kfree_skb(skb);
4372
4373done:
6be36555 4374 l2cap_chan_unlock(chan);
0139418c 4375
1da177e4
LT		 4376 return 0;
4377}
4378
8e036fc3 4379static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
1da177e4 4380{
23691d75 4381 struct l2cap_chan *chan;
1da177e4 4382
23691d75
GP		 4383 chan = l2cap_global_chan_by_psm(0, psm, conn->src);
4384 if (!chan)
1da177e4
LT		 4385 goto drop;
4386
5b4cedaa 4387 BT_DBG("chan %p, len %d", chan, skb->len);
1da177e4 4388
89bc500e 4389 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
1da177e4
LT		 4390 goto drop;
4391
e13e21dc 4392 if (chan->imtu < skb->len)
1da177e4
LT		 4393 goto drop;
4394
23070494 4395 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4396 return 0;
1da177e4
LT		 4397
4398drop:
4399 kfree_skb(skb);
4400
1da177e4
LT		 4401 return 0;
4402}
4403
d9b88702
AE		 4404static inline int l2cap_att_channel(struct l2cap_conn *conn, u16 cid,
4405 struct sk_buff *skb)
9f69bda6 4406{
23691d75 4407 struct l2cap_chan *chan;
9f69bda6 4408
23691d75
GP		 4409 chan = l2cap_global_chan_by_scid(0, cid, conn->src);
4410 if (!chan)
9f69bda6
GP		 4411 goto drop;
4412
5b4cedaa 4413 BT_DBG("chan %p, len %d", chan, skb->len);
9f69bda6 4414
89bc500e 4415 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
9f69bda6
GP		 4416 goto drop;
4417
e13e21dc 4418 if (chan->imtu < skb->len)
9f69bda6
GP		 4419 goto drop;
4420
23070494 4421 if (!chan->ops->recv(chan->data, skb))
5b4cedaa 4422 return 0;
9f69bda6
GP		 4423
4424drop:
4425 kfree_skb(skb);
4426
9f69bda6
GP		 4427 return 0;
4428}
4429
1da177e4
LT		 4430static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4431{
4432 struct l2cap_hdr *lh = (void *) skb->data;
8e036fc3
AV		 4433 u16 cid, len;
4434 __le16 psm;
1da177e4
LT		 4435
4436 skb_pull(skb, L2CAP_HDR_SIZE);
4437 cid = __le16_to_cpu(lh->cid);
4438 len = __le16_to_cpu(lh->len);
4439
1c2acffb
GP		 4440 if (len != skb->len) {
4441 kfree_skb(skb);
4442 return;
4443 }
4444
1da177e4
LT		 4445 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4446
4447 switch (cid) {
3300d9a9 4448 case L2CAP_CID_LE_SIGNALING:
8db4dc46 4449 case L2CAP_CID_SIGNALING:
1da177e4
LT		 4450 l2cap_sig_channel(conn, skb);
4451 break;
4452
8db4dc46 4453 case L2CAP_CID_CONN_LESS:
097db76c 4454 psm = get_unaligned((__le16 *) skb->data);
1da177e4
LT		 4455 skb_pull(skb, 2);
4456 l2cap_conless_channel(conn, psm, skb);
4457 break;
4458
9f69bda6
GP		 4459 case L2CAP_CID_LE_DATA:
4460 l2cap_att_channel(conn, cid, skb);
4461 break;
4462
b501d6a1
AB		 4463 case L2CAP_CID_SMP:
4464 if (smp_sig_channel(conn, skb))
4465 l2cap_conn_del(conn->hcon, EACCES);
4466 break;
4467
1da177e4
LT		 4468 default:
4469 l2cap_data_channel(conn, cid, skb);
4470 break;
4471 }
4472}
4473
4474/* ---- L2CAP interface with lower layer (HCI) ---- */
4475
686ebf28 4476int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
1da177e4
LT		 4477{
4478 int exact = 0, lm1 = 0, lm2 = 0;
23691d75 4479 struct l2cap_chan *c;
1da177e4 4480
1da177e4
LT		 4481 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4482
4483 /* Find listening sockets and check their link_mode */
23691d75
GP		 4484 read_lock(&chan_list_lock);
4485 list_for_each_entry(c, &chan_list, global_l) {
4486 struct sock *sk = c->sk;
4343478f 4487
89bc500e 4488 if (c->state != BT_LISTEN)
1da177e4
LT		 4489 continue;
4490
4491 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
2af6b9d5 4492 lm1 |= HCI_LM_ACCEPT;
43bd0f32 4493 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5 4494 lm1 |= HCI_LM_MASTER;
1da177e4 4495 exact++;
2af6b9d5
MH		 4496 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4497 lm2 |= HCI_LM_ACCEPT;
43bd0f32 4498 if (test_bit(FLAG_ROLE_SWITCH, &c->flags))
2af6b9d5
MH		 4499 lm2 |= HCI_LM_MASTER;
4500 }
1da177e4 4501 }
23691d75 4502 read_unlock(&chan_list_lock);
1da177e4
LT		 4503
4504 return exact ? lm1 : lm2;
4505}
4506
686ebf28 4507int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1da177e4 4508{
0139418c
MH		 4509 struct l2cap_conn *conn;
4510
1da177e4
LT		 4511 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4512
1da177e4 4513 if (!status) {
1da177e4
LT		 4514 conn = l2cap_conn_add(hcon, status);
4515 if (conn)
4516 l2cap_conn_ready(conn);
0139418c 4517 } else
e175072f 4518 l2cap_conn_del(hcon, bt_to_errno(status));
1da177e4
LT		 4519
4520 return 0;
4521}
4522
686ebf28 4523int l2cap_disconn_ind(struct hci_conn *hcon)
2950f21a
MH		 4524{
4525 struct l2cap_conn *conn = hcon->l2cap_data;
4526
4527 BT_DBG("hcon %p", hcon);
4528
686ebf28 4529 if (!conn)
9f5a0d7b 4530 return HCI_ERROR_REMOTE_USER_TERM;
2950f21a
MH		 4531 return conn->disc_reason;
4532}
4533
686ebf28 4534int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
1da177e4
LT		 4535{
4536 BT_DBG("hcon %p reason %d", hcon, reason);
4537
e175072f 4538 l2cap_conn_del(hcon, bt_to_errno(reason));
1da177e4
LT		 4539 return 0;
4540}
4541
4343478f 4542static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
f62e4323 4543{
715ec005 4544 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
255c7601
MH		 4545 return;
4546
f62e4323 4547 if (encrypt == 0x00) {
4343478f 4548 if (chan->sec_level == BT_SECURITY_MEDIUM) {
ba13ccd9 4549 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
4343478f 4550 } else if (chan->sec_level == BT_SECURITY_HIGH)
0f852724 4551 l2cap_chan_close(chan, ECONNREFUSED);
f62e4323 4552 } else {
4343478f 4553 if (chan->sec_level == BT_SECURITY_MEDIUM)
c9b66675 4554 __clear_chan_timer(chan);
f62e4323
MH		 4555 }
4556}
4557
686ebf28 4558int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
1da177e4 4559{
0139418c 4560 struct l2cap_conn *conn = hcon->l2cap_data;
48454079 4561 struct l2cap_chan *chan;
1da177e4 4562
0139418c 4563 if (!conn)
1da177e4 4564 return 0;
0139418c 4565
1da177e4
LT		 4566 BT_DBG("conn %p", conn);
4567
160dc6ac
VCG		 4568 if (hcon->type == LE_LINK) {
4569 smp_distribute_keys(conn, 0);
17cd3f37 4570 cancel_delayed_work(&conn->security_timer);
160dc6ac
VCG		 4571 }
4572
3df91ea2 4573 mutex_lock(&conn->chan_lock);
1da177e4 4574
3df91ea2 4575 list_for_each_entry(chan, &conn->chan_l, list) {
6be36555 4576 l2cap_chan_lock(chan);
1da177e4 4577
f1cb9af5
VCG		 4578 BT_DBG("chan->scid %d", chan->scid);
4579
4580 if (chan->scid == L2CAP_CID_LE_DATA) {
4581 if (!status && encrypt) {
4582 chan->sec_level = hcon->sec_level;
cf4cd009 4583 l2cap_chan_ready(chan);
f1cb9af5
VCG		 4584 }
4585
6be36555 4586 l2cap_chan_unlock(chan);
f1cb9af5
VCG		 4587 continue;
4588 }
4589
c1360a1c 4590 if (test_bit(CONF_CONNECT_PEND, &chan->conf_state)) {
6be36555 4591 l2cap_chan_unlock(chan);
6a8d3010
MH		 4592 continue;
4593 }
4594
89bc500e
GP		 4595 if (!status && (chan->state == BT_CONNECTED ||
4596 chan->state == BT_CONFIG)) {
4343478f 4597 l2cap_check_encryption(chan, encrypt);
6be36555 4598 l2cap_chan_unlock(chan);
9719f8af
MH		 4599 continue;
4600 }
4601
89bc500e 4602 if (chan->state == BT_CONNECT) {
b1235d79 4603 if (!status) {
9b27f350 4604 l2cap_send_conn_req(chan);
b1235d79 4605 } else {
ba13ccd9 4606 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
b1235d79 4607 }
89bc500e 4608 } else if (chan->state == BT_CONNECT2) {
6be36555 4609 struct sock *sk = chan->sk;
b1235d79 4610 struct l2cap_conn_rsp rsp;
df3c3931 4611 __u16 res, stat;
1da177e4 4612
6be36555
AE		 4613 lock_sock(sk);
4614
b1235d79 4615 if (!status) {
df3c3931
JH		 4616 if (bt_sk(sk)->defer_setup) {
4617 struct sock *parent = bt_sk(sk)->parent;
4618 res = L2CAP_CR_PEND;
4619 stat = L2CAP_CS_AUTHOR_PEND;
05e9a2f6
IK		 4620 if (parent)
4621 parent->sk_data_ready(parent, 0);
df3c3931 4622 } else {
0e587be7 4623 __l2cap_state_change(chan, BT_CONFIG);
df3c3931
JH		 4624 res = L2CAP_CR_SUCCESS;
4625 stat = L2CAP_CS_NO_INFO;
4626 }
b1235d79 4627 } else {
0e587be7 4628 __l2cap_state_change(chan, BT_DISCONN);
ba13ccd9 4629 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
df3c3931
JH		 4630 res = L2CAP_CR_SEC_BLOCK;
4631 stat = L2CAP_CS_NO_INFO;
b1235d79
MH		 4632 }
4633
6be36555
AE		 4634 release_sock(sk);
4635
fe4128e0
GP		 4636 rsp.scid = cpu_to_le16(chan->dcid);
4637 rsp.dcid = cpu_to_le16(chan->scid);
df3c3931
JH		 4638 rsp.result = cpu_to_le16(res);
4639 rsp.status = cpu_to_le16(stat);
fc7f8a7e
GP		 4640 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
4641 sizeof(rsp), &rsp);
b1235d79 4642 }
1da177e4 4643
6be36555 4644 l2cap_chan_unlock(chan);
1da177e4
LT		 4645 }
4646
3df91ea2 4647 mutex_unlock(&conn->chan_lock);
b1235d79 4648
1da177e4
LT		 4649 return 0;
4650}
4651
686ebf28 4652int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
1da177e4
LT		 4653{
4654 struct l2cap_conn *conn = hcon->l2cap_data;
4655
5a08ecce
AE		 4656 if (!conn)
4657 conn = l2cap_conn_add(hcon, 0);
4658
4659 if (!conn)
1da177e4
LT		 4660 goto drop;
4661
4662 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4663
e702112f 4664 if (!(flags & ACL_CONT)) {
1da177e4 4665 struct l2cap_hdr *hdr;
48454079 4666 struct l2cap_chan *chan;
89794813 4667 u16 cid;
1da177e4
LT		 4668 int len;
4669
4670 if (conn->rx_len) {
4671 BT_ERR("Unexpected start frame (len %d)", skb->len);
4672 kfree_skb(conn->rx_skb);
4673 conn->rx_skb = NULL;
4674 conn->rx_len = 0;
4675 l2cap_conn_unreliable(conn, ECOMM);
4676 }
4677
aae7fe22
AE		 4678 /* Start fragment always begin with Basic L2CAP header */
4679 if (skb->len < L2CAP_HDR_SIZE) {
1da177e4
LT		 4680 BT_ERR("Frame is too short (len %d)", skb->len);
4681 l2cap_conn_unreliable(conn, ECOMM);
4682 goto drop;
4683 }
4684
4685 hdr = (struct l2cap_hdr *) skb->data;
4686 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
89794813 4687 cid = __le16_to_cpu(hdr->cid);
1da177e4
LT		 4688
4689 if (len == skb->len) {
4690 /* Complete frame received */
4691 l2cap_recv_frame(conn, skb);
4692 return 0;
4693 }
4694
4695 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4696
4697 if (skb->len > len) {
4698 BT_ERR("Frame is too long (len %d, expected len %d)",
4699 skb->len, len);
4700 l2cap_conn_unreliable(conn, ECOMM);
4701 goto drop;
4702 }
4703
baa7e1fa 4704 chan = l2cap_get_chan_by_scid(conn, cid);
89794813 4705
48454079
GP		 4706 if (chan && chan->sk) {
4707 struct sock *sk = chan->sk;
3df91ea2 4708 lock_sock(sk);
89794813 4709
0c1bc5c6 4710 if (chan->imtu < len - L2CAP_HDR_SIZE) {
48454079
GP		 4711 BT_ERR("Frame exceeding recv MTU (len %d, "
4712 "MTU %d)", len,
0c1bc5c6 4713 chan->imtu);
aa2ac881 4714 release_sock(sk);
48454079
GP		 4715 l2cap_conn_unreliable(conn, ECOMM);
4716 goto drop;
4717 }
aa2ac881 4718 release_sock(sk);
48454079 4719 }
89794813 4720
1da177e4 4721 /* Allocate skb for the complete frame (with header) */
af05b30b
GP		 4722 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4723 if (!conn->rx_skb)
1da177e4
LT		 4724 goto drop;
4725
d626f62b 4726 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4727 skb->len);
1da177e4
LT		 4728 conn->rx_len = len - skb->len;
4729 } else {
4730 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4731
4732 if (!conn->rx_len) {
4733 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4734 l2cap_conn_unreliable(conn, ECOMM);
4735 goto drop;
4736 }
4737
4738 if (skb->len > conn->rx_len) {
4739 BT_ERR("Fragment is too long (len %d, expected %d)",
4740 skb->len, conn->rx_len);
4741 kfree_skb(conn->rx_skb);
4742 conn->rx_skb = NULL;
4743 conn->rx_len = 0;
4744 l2cap_conn_unreliable(conn, ECOMM);
4745 goto drop;
4746 }
4747
d626f62b 4748 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
e1027a7c 4749 skb->len);
1da177e4
LT		 4750 conn->rx_len -= skb->len;
4751
4752 if (!conn->rx_len) {
4753 /* Complete frame received */
4754 l2cap_recv_frame(conn, conn->rx_skb);
4755 conn->rx_skb = NULL;
4756 }
4757 }
4758
4759drop:
4760 kfree_skb(skb);
4761 return 0;
4762}
4763
aef7d97c 4764static int l2cap_debugfs_show(struct seq_file *f, void *p)
1da177e4 4765{
23691d75 4766 struct l2cap_chan *c;
1da177e4 4767
333055f2 4768 read_lock(&chan_list_lock);
1da177e4 4769
23691d75
GP		 4770 list_for_each_entry(c, &chan_list, global_l) {
4771 struct sock *sk = c->sk;
101545f6 4772
903d343e 4773 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d %d\n",
aef7d97c
MH		 4774 batostr(&bt_sk(sk)->src),
4775 batostr(&bt_sk(sk)->dst),
89bc500e 4776 c->state, __le16_to_cpu(c->psm),
23691d75
GP		 4777 c->scid, c->dcid, c->imtu, c->omtu,
4778 c->sec_level, c->mode);
61e1b4b7 4779 }
1da177e4 4780
333055f2 4781 read_unlock(&chan_list_lock);
1da177e4 4782
aef7d97c 4783 return 0;
1da177e4
LT		 4784}
4785
aef7d97c
MH		 4786static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4787{
4788 return single_open(file, l2cap_debugfs_show, inode->i_private);
4789}
4790
4791static const struct file_operations l2cap_debugfs_fops = {
4792 .open = l2cap_debugfs_open,
4793 .read = seq_read,
4794 .llseek = seq_lseek,
4795 .release = single_release,
4796};
4797
4798static struct dentry *l2cap_debugfs;
1da177e4 4799
64274518 4800int __init l2cap_init(void)
1da177e4
LT		 4801{
4802 int err;
be9d1227 4803
bb58f747 4804 err = l2cap_init_sockets();
1da177e4
LT		 4805 if (err < 0)
4806 return err;
4807
aef7d97c
MH		 4808 if (bt_debugfs) {
4809 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4810 bt_debugfs, NULL, &l2cap_debugfs_fops);
4811 if (!l2cap_debugfs)
4812 BT_ERR("Failed to create L2CAP debug file");
4813 }
1da177e4 4814
1da177e4 4815 return 0;
1da177e4
LT		 4816}
4817
64274518 4818void l2cap_exit(void)
1da177e4 4819{
aef7d97c 4820 debugfs_remove(l2cap_debugfs);
bb58f747 4821 l2cap_cleanup_sockets();
1da177e4
LT		 4822}
4823
d1c4a17d
GP		 4824module_param(disable_ertm, bool, 0644);
4825MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
kernel source for telekom puls (alcatel/mediatek)